1.38k likes | 2.45k Views
Internal Auditing for Banks & Financial Institutions. Presenter: Altaf Noor Ali Chartered Accountant. 1 st Session: 9.30 - 1.30 pm Internal Audit. Personal Introductions Group Activity: The Right Questions Basic concepts What are threats to banks? Fraud Profiles
E N D
Internal Auditingfor Banks & Financial Institutions Presenter: Altaf Noor Ali Chartered Accountant
1st Session: 9.30 - 1.30 pmInternal Audit • Personal Introductions • Group Activity: The Right Questions • Basic concepts • What are threats to banks? Fraud Profiles • Internal Audit: Specimen Disclosures in Annual Reports of a Commercial Bank • ‘External’ & ‘Internal’ Audit: Related? • Training and Continuing Education
Last Session tommorowAdministration, Process & Standards • Organisation of Internal Audit Function • Role of Audit Committee in Annual Audit Plan. • Reports to Audit Committee: Audit Rating, Risk Evaluation, Issues, Responses & Follow-up • What are major human-related issues in an audit? • Fraud prevention, detection and investigation activities: Is this a job of internal audit? • Code of Ethics for Professional Accountant • Auditing Standards at 1-1-06: Closer look • International Audit Framework: From IAPC to IAASB and Contemporary Issues • Ten Practical Steps for Improving Internal Audit • Evaluation [5.00 - 5.30]
Your Presenter’s approach to this session. Knowledge is Power,gain as much of it as you can,and remember…. its deficiency is your constraint. And I PROMISE to present what I know in an interesting manner! Key: How can you benefit most from this session? ‘Ask, simplify, understand, remember, and apply’.
Tell us about yourself… Lets know each other well. Tell us: • Your Name • Your position, department & bank • Time period in present position • Your most important function Feel free to express yourself in a way we understand.
Group Activity: Internal Audit The Questions in Your MindDuration: 5 minutes Write questions that you have in your mind at this point of time relating to this session… the ones for which you are here to seek an answer. Example: Is internal audit mandatory?
Internal Audit: Key Questions> • What is the role of internal audit in the present scheme of corporate governance? What is mentioned about it in the annual reports? • Chief Internal Auditor reports to the audit committee of the board. Many members in this committee do not have understanding of this function. What can be done about it? • What is the utility of internal audit function in a financial institution? • There are different frameworks for approaching internal controls, such as COSO [usa], COCO [canada], and Turnbull [uk]. How should one go about reconciling its requirements given the foreign reporting? Similarly, banks have risk assessment and internal control units whose areas of work are common and confusing. What can be done? • What do you recommend should be done to improve the effectiveness of internal audit function?
Internal Audit: > Key Questions • What indicators are available to the management to evaluate the effectiveness and efficiency of this function? • Do you think internal auditors have the desired training and skills to go beyond routine checking? • Internal auditors toil to get the audit observation to a reportable stage. However, audit observations are not taken that seriously. Follow-up mechanism is weak or non-existent; implementation slow. Why is it so? • How should an auditor go about assessing the ‘non-financial’ risk in a financial institution? • Going by the track record, why so many things go wrong in banks. Why banks are so vulnerable?
Internal Audit: >> Key Questions • How can internal audit function ‘add value’ to the financial institution to justify investment in this function? • Why are internal auditors found doing things which are not exactly our ‘ core activity’? • What are the major technical, admin, and human-related issues in an internal audit department? • What should an auditor do to cope with the pressures on completing an assignment? Specifically, should there be a single final report or interim reports consolidated in a final report? • What are the characteristics of successful internal auditors?
Internal Audit: >>> Key Questions • What can internal auditors do in individual capacity to educate and improve their skill base? How should they respond to the gap between theory and its application in a commercial setting? Tell us about the current auditing standards and specially use of software in audits of financial institutions? • What is ‘internal risk assessment framework. Are you going to discuss how to fill it, in this session? • Do internal auditor have good career paths? • For all practical purposes, the ceo determines the career of cia. However, the reporting of cia is to the audit committee. How this conflict can be resolved or managed? • How do you think the participants should evaluate the ‘return-on-training’ for this program? Or, is it, for God sake, tell me… where am I right now?
Auditors: Traditional Weak Areas • Clear objectives, understanding and commitment from the top • Operational information and training • Assessing operational environments and operations • Audit documentation and referencing • Provision for continuous training • Communication skills • Clout in the organisation
‘Internal Audit’: Evolution> • The Evolution of Business • Agriculture Age • Industrial Age: The Rise of Mass Manufacturing…and Corporate Sector • The Rise of Service Sector: Banking, Financial, Insurance • The Electronic/Information/Digital Age • The Code of Corporate Governance
‘Internal Audit’: > Recent Happenings • Prudential Regulation G-1 [16-7-05]: Rotation of External Auditors to be changed after every five years • External Auditors: Separate report on internal controls from 31-12-06 • Requirement of paid-up capital. [at 3-2-07 Listed Commercial Banks = 22, Investment Banks =11, Leasing companies = 19, Others= 10] • Meltdown of Islamic Investment Bank, Crescent Standard Investment Bank Ltd, etc [taken over by secp] • Separate risk management structure • Recent flurry of arrivals and acquisitions • Union Bank taken over • Picic due diligence continues • Barclays Bank – arrival of new player • Future of relatively small and regional banks
External Audit Report on Internal ControlSBP Circular The requirement is that the external auditor will provide a separate report to the shareholders of Banks and financial institutions on internal control. The will be applicable to financial statements from 1.1.06
Financial services in Pakistan:Major trends in last 5 years • Privatisation and down sizing • Central bank management • Dominance of Consumer Financing • E-banking and plastic money • Advent of open-ended funds • Islamic banking • Active involvement in Stock Exchanges • Banking spreads and bank charges
Major Stakeholders in a Bank • Investors • Employees • Depositors • Clients extended banking services • Lenders • Central Board of Revenue • Regulators [also known as banking supervisors] • Have I skipped any significant stakeholder? like a general physician…
Tell me:How is a bank different from other commercial entities?
Banks: How are they different? • Bearer Securities>> Banks hold custody of large amounts of monetary items, like cash, whose security is critical. The liquidity characteristics of these items make banks vulnerable to misappropriation and fraud. • Leverage>> Banks operate with very high leverage (the ratio of capital to total assets is low). This makes banks’ vulnerable to adverse economic events and increases the risk of failure. • Change in Fair Value>> Bank have assets that can rapidly change in value and whose value is often difficult to determine. A relatively small decrease in asset values may have a significant effect on their capital and potentially on their regulatory solvency. • Credibility>> Banks generally derive a significant amount of their funding from short-term deposits. A loss of confidence by depositors in a bank’s solvency may quickly result in a liquidity crisis.
>Banks: How are they different? • Transaction Volume>> Engage in a large volume and variety of transactions whose value may be significant. This ordinarily requires complex accounting and internal control systems and widespread use of information technology (IT). • Decentralisation>> Ordinarily operate through networks of branches and departments that are geographically dispersed. This mandates a greater decentralization of authority and dispersal of accounting and control functions, with consequential difficulties in maintaining uniform operating practices and accounting systems, particularly when the branch network transcends national boundaries. • Electronic>> Transactions can often be directly initiated and completed by the customer without human contact, for example, over the Internet or through automatic teller machines. • Third Party>> Fiduciary duties in respect of the assets they hold that belong to other persons like lockers. This may give rise to liabilities for breach of trust.
>>Banks: How are they different? • Memo Transactions>> Assume significant commitments without any initial transfer of funds other than, in some cases, the payment of fees. These commitments may involve only memorandum accounting entries. Consequently their existence may be difficult to detect. • Highly Regulated>> They are regulated by governmental authorities, whose regulatory requirements often influence the accounting principles that banks follow. Non-compliance with regulatory requirements, for example, capital adequacy requirements, could have implications for the bank’s financial statements or the disclosures. • Clearing System Access>> They generally have exclusive access to clearing and settlement systems for checks, fund transfers, foreign exchange transactions, etc. • International Settlements>>They are an integral part of, or are linked to, national and international settlement systems and consequently could pose a systemic risk to the countries in which they operate.
Lets talk about………………internal audit?……………internal auditor?………internal audit deptt.? Some basic concepts…
Internal Audit A corporate function responsible for evaluating an entity's financial, operational, procedural and other aspects [by its own employees].Keywords: FOPO[Can a bank outsource its internal audit function?]
Internal Auditor The person who does internal auditing for a living and a career.The ‘Human Face’ of internal audit function of an entity.
Internal Audit Deptt. The official base of internal auditors. (in other words, the official place to look for internal auditors).
Name…internal audit = functionPerson……internal auditor = humanPlace…internal audit deptt. = venue Recap of basic concepts…
Tell me: What is ‘Basle Committee on Banking Supervision’?
Basle Committee on Banking Supervision The de-facto standard setting body for central and their supervised commercial banks. Any idea about what is Basle-I and Basle-II?
Image Issue Internal Auditors
Internal Auditors: Public Compliments - Shikwa • They have limited understanding of business issues. They believe everything to be done by the book. Commercial compulsions do not exist for them. • They seem to be in a perpetual state of urgency. • They expect your full attention at their convenience. • They waste a lot of your time by not doing their homework. Sometimes they ask stupid questions. • The worst part is that they doubt integrity of everyone. • They are mainly introvert in nature. They hardly ever make friends.
Internal Auditors: Public Compliments – The Ultimate • They are Post-Mortem Generals. • The corporate internal audits are full of OSDs (Officers on Special Duty); it’s a permanent resting place for all those who could not do anything sensible elsewhere. • My wife was an internal auditor before wedding; since then all her observations have been about me! • If you are so good, how come Code had to bring you into existence through legislation and that too for listed companies only?
Internal Auditors: Jawab-e-Shikwa • We are your colleagues, with a difficult task to do. Why not be open with us? Do you have something to hide? • You handle us properly and we can be your messangers in conveying to the management your operational and human issues/problems. Feel free to discuss any business matter! • We at Audit Deptt. are severely understaffed. The Management would not take any chances with understaffing which hampers revenue growth, but we confess being seen often as an item of expenditure. • We need to gain quantum knowledge in a very limited time, and in the process of learning we feel free to ask any question rather than not understanding it.
Internal Auditors: Jawab-e-Shikwa Ultimate • You may be honest but is that inscribed on your forehead? • Who do you think the management remembers first as an expert in case of a fraud? • We have been effective by preventing many peoples from having wrong ideas. If management is more comfortable paying for fraud than foot our bill, its their problem. We were always a utility. • We know that you see us as a necessary evil in a corporate set-up but you can’t wish us away! • In the end you need to see that we are trained but humans…
AccountabilityThe liability of a board of directors to shareholders and stakeholders for corporate performance and actions.Should the concept of accountability be any different for banks and financial institutions?
Example of AccountabilityAnnual Report An official document/report presented annually by all publicly listed companies to its shareholders by law. It contains decisions, representations, data and information on different aspects.It also contains financial results and overall performance of the previous fiscal year and comments on future.
Where Annual Report is presented?Annual General MeetingA company gathering, usually held after the end of each financial year, at which shareholders and management discuss the previous year and the outlook for the future, directors are elected and other shareholder concerns are addressed.
Tell me: What is the most important term used in auditing?Starts with ‘r’ ends with ‘k’
Risk-based Auditing ApproachAn approach [method] that questions and responds to the question: what is the risk involved in a particular audit subject e.g process, procedure, disclosure, non-disclosure.What is a relatively less understood but critical term in auditing? NFI
Audit CommitteeAn Audit Committee is a sub-committee of Board of Directors responsible for over-seeing the matters relating to external and internal auditors. It owes its existence to the Code.Is CEO a member of Audit Committee?There should be atleast one Finance Expert in Audit Committee. T/F
External AuditorsA person or a firm of chartered accountants appointed by the shareholders in Annual General Meeting to audit the financial statements of an entity for the current year.External auditors can also be appointed as internal auditors. T/F