Internal/External Audits - World Bank

www1.worldbank.org

Internal/External Audits - World Bank

Presentation TopicsInternal Audit, Corporate Governanceand ControlsThe Role of External Audit in BankingSupervisionCurrent Trends2


Internal Audit, CorporateGovernance and ControlsEffective internal control is a foundationof safe and sound banking organizations• Board of Directors and Senior Mgmt. areresponsible for effective internal controlsInternal audit provides Directors &Mgmt. with vital information on• Control effectiveness & operational efficiency• Efforts may contribute to control certificationsunder Sarbanes-Oxley and FDICIA Sec. 1123


Internal Audit, CorporateGovernance and ControlsDirect lines of communication andreporting are needed to Audit Committee• Audit committee should approve scope of IAactivities, provide needed funding & oversight• Prompt follow-up by Mgmt. of audit findings4


Internal Audit, CorporateGovernance and ControlsPrimary Responsibility (SCARE)• Safeguarding of Assets• Compliance with policies, plans, procedures,laws and regulations• Accomplishment of established objectives andgoals for operations or programs• Reliability and integrity of financialinformation• Economical and efficient use of resources5


US Internal Control StandardsCOSO - Internal audit is part of ongoingmonitoring of the internal control systemCOSO provides reasonable assurancebased on the following objectives:• Effectiveness and efficiency of operations• Reliability of financial reporting• Compliance with laws and regulations6


US Internal Control StandardsCOSO framework identifies five elementsof a system of internal control• Control environment• Risk Assessments• Control Activities• Information and Communication• Monitoring7


FDICIA 112 Requirements forManagementApplies to banks with assets over $500MManagement assessment of internalcontrols over financial reporting– management must state its responsibility forestablishing and maintaining an adequate internalcontrol structure and procedures for financialreporting and– annually assess the effectiveness of the internalcontrol structure and procedures for financialreporting8


FDICIA 112 Requirements forManagementManagement assessment of internalcontrols over insider loans and dividendrestrictionsRequires mgmt to obtain an externalauditOther requirements• Affects composition of bank audit committees• Requires reports to supervisor9


Sarbanes-Oxley Act of 2002Impact on Internal AuditManagement assessment of internalcontrols• extends the FDICIA 112 managementassessment to all publicly traded companies– Applies to both domestic and foreign companieslisted on US stock exchanges• publicly traded banks with assets of $500 millionor more have applied this approach underFDICIA section 112 for past ten years10


Sarbanes-Oxley Act of 2002Other Impacts on Internal AuditQuarterly certification by CEO/CFO onsignificant changes in internal controls• Now includes concept of disclosure controls• Includes risk disclosures and other disclosures(such as MD&A)• Management will be including this in its reviewof control adequacy, hence the internal auditor’srole may expand in this area11


Sarbanes-Oxley Act of 2002Impact on Internal AuditAn auditor cannot provide certain services to an auditclient:• Bookkeeping or other accounting records/financial statementsservices• Financial information system design & implementation• Appraisal or valuation services• Actuarial services; legal & expert services unrelated to the audit• Internal audit outsourcing services• Management functions or human resources• Broker or dealer, investment adviser, or investment banking services• Any other service prohibited by the new public oversight boardAudit committee may approve services in certain cases12


Bank Audit RequirementsCurrent bank audit requirements• First 3 years after FDIC insurance• Newly-chartered national banks• Banks subject to SEC reporting requirements• Banks and bank holding companies (BHCs)with assets over $500 million or that are SECregistrantsMost U.S. banks have independent audits13


Role of External Auditors inBanking SupervisionSupervisors must understand theresponsibility assumed by the auditor• Management has primary responsibility for financialstatements, not the auditors• Auditors do not have responsibility to detect allfraud and violations of law or regulations• Under current rules, auditors may not be required toreport certain problems14


Role of External Auditors inBanking SupervisionExternal auditors seek to providereasonable assurance that financialstatements are free of materialmisstatements by doing the following:• Collect a sample of evidence that supportsfinancial statement amounts and disclosures• Assess the accounting principles used,significant mgmt. estimates, & F/S presentation• Assess the internal control structure15


Roles and Responsibilities of internaland external audit and examinationsAttributesInternalAuditExternalAuditExaminersWorksfor:Board ofDirectorsBankRegulatoryAgencyReportsto:Varies…Boardof DirectorsAuditcommittee/Board of DirectorsRegulatoryAgencies16


Roles and Responsibilities of internaland external audit and examinationsAttributesInternalAuditExternalAuditExaminersPrincipalObjective :Describe theeffectiveness ofinternal controlAttest financialstatements fairlypresent financialpositionRate the safetyand soundness ofbankPrincipalworkproduct:Internal AuditReportAudit OpinionExaminationReport17


Roles and Responsibilities of internaland external audit and examinationsAttributesInternalAuditExternalAuditExaminersFollow up:Written responseto audit reportReviewmanagement letterat next on siteResponse frommanagement, orimposeenforcementactionTimefocus: Ongoing Past Future18


FDICIA 112 Requirements forExternal AuditAuditor attestation on managementassessment of internal controlsAuditor must adhere to all independencerequirements of the SEC19


Sarbanes-Oxley Act of 2002Impact on External AuditExtends the FDICIA 112 attestation to allpublicly traded companiesNew independence rules• Sec. 201. Prohibits 8-types of non-audit Services• Sec. 202. Requires audit committee preapprovalof all other non-audit services• Sec. 203. Requires audit partner rotation every5-years20


Sarbanes-Oxley Act of 2002Impact on External AuditNew independence rules (Con’t(Con’t)• Sec. 204. Requires auditor to provide auditcommittees a report on– all critical accounting policies and– alternative accounting treatments• Sec. 206. Requires a 1-year “cooling off” periodfor auditors seeking employment as CEO, CFO,Chief Accounting Officer, or Controller of aclient21


Basel Committee FocusGoing ForwardEnhancinginternationalaccounting andauditingstandards andpractices22


Basel Committee ActivitiesExternal Audit projects, with IAASB• Enhanced bank external audit guidance– IAPS 1004 - Relationship of bank management,auditors and supervisors– IAPS 1006 -- Audits of commercial banksInternal Audit projects• Final Basel IA guidance (August 2001) andSurvey (2002) of audit practices23


SummaryInternal Audit, Corporate Governanceand ControlsThe Role of External Audit in BankingSupervisionCurrent Trends24

More magazines by this user
Similar magazines