AUDIT-OF-BANKS-Revised-Handouts (1).pdf

Transcript

AUDIT OF BANK
Handouts b. Foreign banks and branches or subsidiaries of foreign
banks, regardless of unimpaired capital; and
BANGKO SENTRAL NG PILIPINAS c. Banks, trust department of qualified banks and other trust
- The Bangko Sentral ng Pilipinas (BSP) is the central bank of entities with additional derivatives authority, pursuant to
the Republic of the Philippines. Section 613 regardless of classification, category and capital
- It was established on July 3, 1993 pursuant to the provisions position.
of the 1987 Philippine Constitution and the New Central Bank
Act of 1993. 2. CATEGORY B
- The BSP enjoys fiscal and administrative autonomy from the a. Thrift Banks
National Government in the pursuit of its mandated b. Quasi-Banks
responsibilities. c. Trust department of qualified banks and other trust entities;
d. National Coop Banks; and
RESPONSIBILITIES OF BSP e. Non-Banking Financial Institutions with quasi-banking
- To provide policy directions in the areas of money, banking, functions
and credit;
- To supervise the operations of the banks and to exercise 3. CATEGORY C
such regulatory and examination powers as provided under a. Rural Banks
Republic Act No. 11211 (The New Central Bank, as amended) b. Non-Stock Savings and Loans Associations
and other pertinent laws over the quasi-banking operations of c. Local Cooperative Banks; and
non-banking institutions; and d. Pawnshops
- To exercise regulatory and examination power over money
system businesses, credit granting businesses, and payment ACCREDITATION OF EXTERNAL AUDITORS FOR BANKS
system operators. GENERAL REQUIREMENTS
- Its primary objective is to maintain price stability conducive to 1. BOA accreditation & PIC - At least 5 years of audit
a balance and sustainable growth of the economy and experience
employment. 2. Auditor’s independence
- The auditor or any of the auditor's immediate family not have
COVERED ENTITIES or committed to acquire any direct or indirect financial interest
1. CATEGORY A in the covered institutions.
a. Universal Banks / Commercial Banks
- Auditor doesn’t have outstanding loans or any credit Banks refers to entities licensed by the BSP that are
accommodations or arranged for the extensions of credit or to engaged in the lending of funds obtained in the form of
renew an extension of credit with the covered institution deposits (Gen. Banking Law of 2000)
(except credit card obligations and fully secured auto/housing
loans which are not past due) at the time of signing the CLASSIFICATION OF BANKS
engagement and during the engagement.
- The covered institution’s CEO, CFO, Chief Accounting 1. Universal Banks: These banks offer a full range of
Officer, or comptroller shall not be previously employed by the financial services, including investment banking,
external auditor during 1 year preceding the date of initiation of commercial banking, and other financial services. They
audit. can operate both locally and internationally.
3. Category A auditors- established adequate Quality 2. Commercial Banks: Focus primarily on providing
Assurance procedures. business and personal banking services, such as
accepting deposits, granting loans, and offering credit
SPECIFIC REQUIREMENTS facilities. They serve a broad clientele, including
1. At least 5 years experience in external audits. individuals and businesses.
2. Experience required as an associate, partner, lead partner, 3. Thrift Banks: These are savings and loan institutions
concurring partner or auditor-in-charge. that primarily focus on accepting savings deposits and
3. a. CATEGORY A- At Least 5 years corporate clients with providing home loans. They cater to retail customers
total assets of at least P50M each. and small businesses.
b. CATEGORY B- At Least 3 years corporate clients with total 4. Rural Banks: Serve rural areas and agricultural
assets of at least P25M each. communities. They focus on providing financial
c. CATEGORY C- At Least 3 years corporate clients with total services to support local economic development, such
assets of at least P5M each. as agricultural loans and savings accounts.
5. Cooperative Banks: Owned and operated by their
BANK members, these banks offer banking services similar to
Bank is a type of financial institution whose principal activity commercial banks but are community-focused and
is the taking of deposits and borrowing for the purpose of aimed at supporting the economic activities of their
lending and investing and that is recognized as a bank by the members.
Bangko Sentral ng Pilipinas (Philippine Auditing 6. Islamic Banks: Operate according to Islamic law
Practice Statement 1006) (Sharia), which prohibits earning interest. They offer
financial products that comply with Sharia principles,
 such as profit-sharing investments and interest-free - Exclusive access to clearing and settlement systems.
loans. - Linked to national and international settlement systems.
7. Digital Banks: Operate primarily online and use - Issue and trade in complex financial instruments.
technology to offer banking services. They typically
have lower operating costs and offer services such as AUDIT OBJECTIVE OF THE BANK FS
digital payments and online account management, According to PSA 200, the objective of an audit of
often with minimal physical branches. financial statements is to enable the auditor to express an
opinion whether the financial statements are prepared, in all
material aspects, in accordance with the generally accepted
CHARACTERISTICS OF BANKS accounting principles.
- Custody of large amounts of monetary items and other liquid
assets. OBTAINING KNOWLEDGE OF THE BUSINESS
- Engaged in transactions that transcends multiple places or a. The bank’s corporate governance structure;
jurisdictions. b. The economic and regulatory environment in which the
- Holding assets that can rapidly change in value or whose bank operates; and
value is often difficult to determine. c. the market conditions existing in each of the significant
- Derive significant amounts of funding from Short Term sectors in which the bank operates.
deposits.
- Fiduciary duties respect the assets they hold on behalf of BANK RISKS
other persons or entities. a. Country Risk: The risk that foreign customers or
- Engaged in a large volume and variety of transactions with counterparties might fail to meet their obligations due to
significant values, complex accounting and Internal Control economic, political, or social issues in their home country.
systems & dependance on Internal Control. b. Credit Risk: The risk that a borrower or counterparty will
- Operate through networks of branches and departments that not be able to repay a loan or fulfill other financial obligations
are geographically dispersed. in full and on time.
- Transactions that can often be directly initiated & completed c. Currency Risk: The risk of financial loss due to fluctuations
by the customer without intervention of the bank. in exchange rates between currencies.
- Assume significant commitments without any initial transfer d. Fiduciary Risk: The risk that a financial institution or
of resources. individual will fail to act in the best interest of their clients,
- Stringent government regulations (BSP) possibly leading to financial losses.
- Customer relationships that the auditor may have with the
bank might affect the auditor’s independence.
e. Interest Rate Risk: The risk of loss due to changes in - Auditor’s report contents, including any special-purpose
interest rates, which can affect the value of investments and reports.
financial instruments. - Communication requirements with BSP and regulatory
f. Legal and Documentary Risk: The risk that legal authorities.
documents or contracts may be invalid, unenforceable, or - BSP’s access to auditor’s working papers and bank’s
improperly executed, leading to disputes or financial losses. consent.
g. Liquidity Risk: The risk that an entity may not be able to
meet its short-term financial obligations due to an inability to AUDIT PLANNING
convert assets into cash quickly. In audit planning, the auditor obtains detailed knowledge about
h. Modeling Risk: The risk of errors or inaccuracies in the client's business and industry to:
financial models used for decision-making, which can lead to Understand the transactions and events affecting the
incorrect conclusions and financial losses. financial statements
i. Operational Risk: The risk of loss resulting from inadequate Early identification of the potential problems that might
or failed internal processes, people, systems, or external be encountered in the audit
events. Develop an overall audit plan
j. Price Risk: The risk of financial loss due to changes in the
market price of assets, such as stocks, bonds, or commodities. OBTAINING KNOWLEDGE OF THE BUSINESS
k. Regulatory Risk: The risk of financial loss or operational On obtaining a knowledge of the bank’s business, the auditor
impact due to changes in laws, regulations, or regulatory should understand:
policies. the bank’s corporate governance structure
the economic and regulatory environment in which the
ACCEPTING AN ENGAGEMENT bank operates
PSA 210 Summary: the market conditions where the bank operates.
- Engagement Letter: Confirms auditor’s acceptance, audit
objective and scope, responsibilities, and report form.
- Unique Bank Characteristics: Auditor must assess their and
their assistants' skills, focusing on:
- Expertise in banking and IT systems.
- Resources for domestic and international locations.
- Additional Considerations:
- Specialized accounting principles (laws, BSP, regulatory
authorities, industry practice).
FRAUD RISK FACTORS POLICIES, PROCEDURES AND CONTROLS TO DEFER
AND TO RECOGNIZE AND REPORT MONEY LAUNDERING
ACTIVITIES
- A requirement to obtain customer identification (know your
client, KYC Procedure)
- Staff screening
- A requirement to know the purpose for which an account is to
be used.
- The maintenance of transaction records.
- The reporting to the authorities of suspicious transactions or
of all transactions of a particular type, for example, cash
transactions over a certain amount.
- The education of staff to assist them in identifying suspicious
transactions.

UNDERSTANDING THE RISK MANAGEMENT PROCESS
- Oversight and involvement in the control process by those
charged with governance
- Identification, measurement and monitoring of risks
- Control activities
- Monitoring Activities
- Reliable information system

DEVELOPMENT OF AN OVERALL AUDIT PLAN
In developing an overall plan for the audit of the financial
statements of a bank,the auditor gives particular attention to:
a. the complexity of the transactions by the bank -
banks typically involve in complex activities, which is
difficult for an auditor to understand its implications
b. the assessment of audit risk
Three components of audit risk are:
 inherent risk - the risk that material serious decline in profitability level
misstatements occur rates of interest being paid are higher than normal
control risk - the risk that the bank’s internal market rates
control does not prevent or detect
misstatements INTERNAL CONTROL
detection risk - the risk that the auditor will not The Basel Committee on Banking Supervision provides
detect material misstatements a policy framework for evaluating banks' internal
c. the assessment of materiality control systems. This framework is used by banking
d. Involvement of other auditors - As a result of the complex supervisors to assess and discuss the internal controls
activities in most banks, it is necessary for the auditor to use of individual banks.
the work of other auditors in many of the locations where the
bank operates Management Responsibilities: Management is
PSA 600, “Using the Work of Another Auditor”, the responsible for maintaining an adequate accounting
auditor should: system and internal controls.This includes selecting
a. considers the independence and competence and applying appropriate accounting policies and
of those auditors safeguarding the entity's assets.
b. considers whether the accounting principles to
be applied are clearly communicated Auditor's Role: The auditor must understand the
c. performs procedures to obtain sufficient accounting and internal control systems to plan the
appropriate audit evidence that the work audit effectively.This understanding helps the auditor
performed by the other auditor is adequate assess risks (inherent and control risks) and determine
e. Related party transactions - The auditor remains alert for the appropriate audit procedures.
related party transactions during the audit, particularly in the
lending and investment activities IDENTIFYING, DOCUMENTING AND TESTING CONTROL
f. Going concern considerations PROCEDURES
PSA 570, “Going Concern”guides the auditor on assessing the
appropriateness of management's use of the going concern (1) Objectives of Internal Controls (PSA 400):
assumption
The following events may raise significant doubt about the - Transactions are executed in accordance with
bank's ability to continue as a going concern management’s general or specific authorization.
rapid increase in derivative trading - All transactions and other events are promptly
significant decreases in deposits recorded at the correct amount, in the appropriate
 amounts and in the proper accounting period so as to
permit preparation of financial statements in (4) IT and EFT system
accordance with accepted principle generally accepted
in the Philippines. The use of IT and EFT systems significantly impacts how
- Access to assets is permitted only in accordance with auditors assess a bank’s accounting and internal controls.
management's authorization. PSA 400, PSA 401, and PAPS 1008 guide auditors in
- Recorded assets are compared with the existing evaluating IT controls, including system development, access,
assets at reasonable intervals and appropriate action is data entry, network security, and contingency planning. For
taken regarding any differences. EFT systems, auditors focus on pre-transaction controls and
post-transaction reconciliations, using reports from service
Auditors consider these objectives to ensure that internal organizations as needed, as guided by PSA 402.
controls effectively support accurate financial reporting. In
banking, a critical internal control objective is ensuring that the (5) When designing an audit plan to assess a bank's
bank meets its regulatory and fiduciary duties, particularly reconciliation controls, the auditor should:
regarding trustee activities. 1. Focus on the documentation, testing, and evaluation of
reconciliation controls due to the numerous accounts
(2) Governance and Decentralization: Responsibility for and frequent reconciliations, and utilize the internal
internal control lies with those in governance roles, auditor's work.
overseeing bank operations.Due to the decentralized 2. Audit reconciliations effectively at year-end if they are
nature of banks, where decision-making and prepared timely and control procedures are deemed
transaction authority are distributed across various effective.
levels, there is a need for a formal system of 3. Ensure that items are not improperly transferred to
delegation. This involves clearly identifying who can non-reconciliation accounts.
authorize transactions and the procedures for granting
such authorizations. Inherent Limitation of Internal Control
PSA 400 outlines that while auditors identify, document, and
(3) Authorization Controls: The auditor ensures that test internal controls, they must recognize the inherent
transactions follow the bank's rules, particularly for limitations of these controls. Even if inherent and control risks
loans, by checking that credit assessments are done are assessed as low, auditors still need to perform substantive
before funds are released. The auditor also verifies that procedures for material account balances and transactions.
transaction limits are respected and any breaches are
promptly reported to management.
CONSIDERING THE INFLUENCE OF ENVIRONMENTAL assess the appropriateness of the accounting
FACTORS treatment they have been given.
When assessing internal control effectiveness, auditors 3. Inquiry and Confirmation
consider the operating environment, including: Include asking knowledgeable people both inside
The bank's organizational structure and delegation of and outside the business for information.
authority. Confirmation consists of the response to an inquiry to
Management supervision quality. verify data contained in the accounting records. The
Internal auditing effectiveness. auditor inquiries and confirms in order to:
Risk management and compliance systems. obtain evidence of the operation of internal
Skills and integrity of key personnel. controls;
Inspection by supervisory authorities. obtain evidence of the recognition by the bank’s
customers and counterparties of amounts,
Performing Substantive Tests terms and conditions of certain transactions;
Internal Control Nature, Timing, and Extent and
obtain information not directly available from the
Strong Less extensive bank’s accounting records.
4. Computation
Weak More extensive
Consists of carrying out independent computations or
verifying the arithmetical accuracy of source
1. Observation documents and accounting records.
Consists of looking at processes or procedures being 5. Analytical Procedures
performed by others. Consist of the analysis of significant ratios and trends
2. Inspection including the resulting investigation of fluctuations and
Consists of investigating through reports, records, or relationships that are inconsistent with other pertinent
physical assets. The auditor investigate in order to: data or deviate from expected amounts.
be satisfied as to the physical existence of
material negotiable assets that the bank holds; COMPLETING THE AUDIT
and obtain the necessary understanding of the 1. Identifying subsequent events that may affect the
terms and conditions of agreements (including financial statements under audit
master agreements) that are significant - for the audit purpose the auditor is only concerned with those
individually or in the aggregate in order to: events that occur subsequent to the financial statement date,
consider their enforceability; and but before the date of the auditors report.
Types of subsequent event -has acknowledge that it has fulfilled its responsibility for the
1. Requiring adjustment preparation and presentation of financial statements
2. Requiring disclosure - has approved the financial statements.
Procedure to identify subsequent events
a. Inquiring management as to the occurrence of subsequent 4. Wrap up Procedure
events. - are those procedures done at the end of the audit that
b. Reviewing procedures management has established to generally cannot be performed before the audit work is
ensure that subsequent events are identified completed. These include:
c. Reading the minutes of board of directors and stockholders a. Final analytical procedure
meetings after the financial statement date b. Evaluation of the bank ability to continue as going concern
d. Reading the latest available subsequent interim financial c. Evaluating audit findings and obtaining client's approval for
statements as well as management report such as budgets the proposed adjusting entries.
and forecast
e. Inquiring of the entity's lawyers concerning litigation, claims, ISSUING A REPORT
and assessment In expressing an opinion on the bank’s financial statements,
the auditor:
2. Identifying litigation and claims - Adheres to legal, regulatory, and industry practices
- Litigation and claims involving the bank may have a material - Assesses if foreign branch and subsidiary accounts
effect on the financial statements. It is the management align with Philippine GAAP for consolidated financial
responsibility to adopt policies and procedures that will identify, statements as it is crucial for banks due to varying local
evaluate, and account for litigation and claims as a basis for banking regulations, which can cause significant
the preparation of financial statements in conformity with the differences in accounting practices.
applicable financial framework. Bank financial statements are influenced by BSP
Procedure to identify litigation and claims regulations, which can differ from GAAP. When a bank
a. Inquiry of management prepares a single set of statements under both frameworks,
b. Reading minutes of meeting and correspondence with an unqualified opinion requires compliance with both. If only
lawyers one framework is followed, the auditor expresses an
c. Reviewing legal expense account opinion accordingly. If RAP is used instead of GAAP, the
auditor emphasizes this in the report.
3. Written management Representation Banks often include additional information in annual reports
PSA 580 requires an auditor to obtain sufficient appropriate alongside audited financial statements. This can include
evidence that the entity's management: risk-adjusted capital and other stability-related details. PSA
 720 provides guidance on auditing this additional prior notice. Common examples include
information. checking accounts.
Savings - a bank account where funds are
UNIQUE ACCOUNTS: deposited to earn interest over time, but
1. Cash in Vault - is a critical account in banks that withdrawals may be less frequent and
represents the physical cash held by the bank in its sometimes subject to restrictions.
branches and ATMs. Time Deposit - A time deposit is a bank
2. Cash in ATM - any cash held in, held for use in, in account where money is locked in for a fixed
transit to, or otherwise designated for use in, period, earning interest until the term ends.
automated teller machines or similar devices. 4. Loan loss reserves - are a financial provision set
3. Deposits aside by a lender to cover potential losses from loans
Demand - is a type of bank account where that may not be repaid in full.
funds can be withdrawn at any time without 5. Trust Accounts - A trust account is a legal
arrangement in which a trustee maintains and
manages assets on behalf of a beneficiary.
 NAME OF THE BANK
AUDIT PROGRAM FOR CASH IN ATM

Audit Objectives:
1. To establish the actual existence of cash in Automated Teller Machine (ATM) in the custody of the accountable officer.
2. To determine that all accountable officers/employees are adequately/properly bonded.
3. To determine adequacy of insurance coverage for actual cash on hand.
4. To ascertain the accuracy of the ATM cash balance appearing in the general ledger.

Audit Assertions: Presentation and Disclosure (PD), Existence or Occurrence (EO), Rights and Obligations (RO), Completeness
and Cutoff (CC), Accuracy and Valuation (AV)

Audit Procedures:
Activities WP Ref Date Done by

1. Cause the production of all cash by serving the cash production notice in the
ATM Cash Count Sheet (CCS) (Annex A) at the time of count. Require the
Accountable Officer (AO) to acknowledge the notice by signing the appropriate
portion provided therein.

2. Obtain from the Accountable Officer the ATM reading before the retrieval of
the cassettes from the ATM.

3. Count the bills by piece, in the presence of the AO by cassette (cassettes are
marked from A to D). Tally the count against the machine reading. Analyze the
difference, if there is any.

4. After the count, required the AO to accomplish and sign the certification in the
CCS in the presence of two responsible persons, whose signatures shall
likewise be affixed on the appropriate spaces.

5. Secure the following documents from the AO for reconciliation of cash counted
against CIV Summary/Cash Transfer Slip of the day prior to the date of count:
 a. ATM machine reading at the time of count
b. Accountant’s ATM logbook
c. ATM Balance Register
d. Bond of the AO

6. Establish and compare the cash counted with the GL balance, as follows:
a. Reconcile the previous day’s balance using the working day prior to the
date of reconciliation as the Beginning Balance.
b. Compute for the balance of Accountability.
c. Trace to logbook the replenishment and retrievals, and withdrawals to
NAS Terminal Activity Report.
d. Compare the amount established against general ledger and ATM
Balance Register. Account for the difference if there is any.
e. In case of shortage or overage, require recording in the books.
Booking should be made not later than the following day after the
transaction date.

Prepared by: Reviewed by:
___________________________ ___________________________

REFERENCES:

Auditing Standards and Practices Council - Philippine Auditing Practice Statement 1006: AUDITS OF FINANCIAL STATEMENTS OF
BANKS

Auditing Theory: A guide in Understanding the Philippine Standards on Audting (Salosagcol, Tiu and Hermosilla, 2021)