BANK AUDIT DOCUMENTATION WITH REFERENCE TO SQC Gopi
BANK AUDIT DOCUMENTATION – WITH REFERENCE TO SQC Gopi. K Varma & Varma gopi@varmaandvarma. com
Complying with SAs relevant to the audit. SA 200 è è To obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud or error, thereby enabling the auditor to express an opinion on whether the financial statements are prepared, in all material respects, in accordance with an applicable financial reporting framework; and (b) To report on the financial statements, and communicate as required by the SAs, in accordance with the auditor’s findings. 2
Overall objectives of the auditor SA 200 è To obtain reasonable assurance, the auditor shall obtain sufficient appropriate audit evidence to reduce audit risk to an acceptably low level and thereby enable the auditor to draw reasonable conclusions on which to base the auditor’s opinion 3
Overall objectives of the auditor SA 200 è è è The auditor shall comply with all SAs relevant to the audit. An SA is relevant to the audit when the SA is in effect and the circumstances addressed by the SA exist. The auditor shall not represent compliance with SAs in the auditor’s report unless the auditor has complied with the requirements of this SA and all other SAs relevant to the audit 4
Overall objectives of the auditor SA 200 è è The auditor shall have an understanding of the entire text of an SA, including its application and other explanatory material, to understand its objectives and to apply its requirements properly. The auditor shall not represent compliance with SAs in the auditor’s report unless the auditor has complied with the requirements of this SA and all other SAs relevant to the audit 5
Nature and Purposes of Audit Documentation(SA 230) Evidence for the basis for a conclusion that audit objective is achieved Planning and performing the audit in accordance with SAs and applicable laws and regulations. Supervision and discharge of review responsibilities Making the engagement team accountable for their work. Retaining a record of matters of continuing significance Enabling the conduct of quality control reviews and inspections (SQC-1) and Enabling the conduct of external inspections in accordance with applicable legal, regulatory or other requirements. 6
Scope of SAs è - Applicable: whenever an independent audit is carried out whether or not profit oriented irrespective of the size and legal form When such an examination is conducted with a view to express an opinion Also Applicable to other related functions of the auditor
Compliance with SA è è è Duty of the members of the Institute to ensure compliance If not been able to comply the member should draw attention to the material departure there from. Mandatory under Companies Act (Section 143 (10)).
STRUCTURE OF ENGAGEMENT STANDARDS ISSUED BY AASB Chartered Accountants Act, 1949, Code of Ethics and other relevant pronouncements of the ICAI Standards on Quality Control (SQCs) Services covered by the pronouncements of AASB Assurance Services Related Services Framework for Assurance Engagements Audits and reviews of historical financial information Standards on Auditing (SAs)100 - 999 Assurance Engagements other than audits or reviews of historical financial information Standards on Review Engagements (SREs) 2000 - 2699 Standards on Assurance Engagements (SAEs)3000 - 3699 Standards on Related Services (SRSs)4000 - 4699
SQC 1 + 9 è è è è è Standard On Quality Control – 1 General Principles and Responsibilities (SA) - 9 Risk Assessments and Response to Assessed Risks (SA)- 6 Audit Evidence (SA) – 11 Using work of Others (SA) – 3 Audit conclusions and Reporting (SA)-5 Specialized Areas (SA)– 3 Standards on review engagements (SRE) – 2 Assurance Engagements other than audits or reviews of Historical Financial Information(SAE) - 2 Standards on related services (SRS) - 2
SQC 1 -Quality Control for Firms that Perform Audits and Reviews of Historical Financial Information, and Other Assurance and Related Services Engagements. è è è contains extensive requirements in relation to establishment and maintenance of a system of quality control in the audit firms as well as even for sole practitioners mandatory from April 1, 2009 Applied to all services covered by the Engagement Standards (audit/review) 11
System of Quality Control All firms to have system of quality control that provides reasonable assurance that: è Firm & personnel comply with professional standards, regulatory & legal requirements è Reports issued by partners are appropriate in the circumstances. 12
Definitions è è è è Engagement documentation (work performed, result obtained & conclusions reached – assembled for each engagement in engagement file ) Engagement partner Engagement quality control reviewer Engagement team Firm Inspection 13
Elements of system of quality control firms quality control system should include POLICIES AND PROCEDURES, addressing each of the 6 elements è The policies and procedures should be documented and communicated to firms’ personnel. è The 14
6 Elements of SQC 1. 2. 3. 4. 5. 6. Leadership responsibilities for QC Ethical requirements (firm policies) Client acceptance (based on integrity & application of fundamental ethical principles) continuance. Human resources Engagement performance (Supervision, Review, Consultation, Engagement QC review, Engagement documentation- policies) Monitoring (of policies & Procedures) 15
I. Leadership Responsibilities for Quality within the firm § § § Firm to design policies/ procedures To promote internal culture: Require CEO/ managing partner to assume ultimate responsibility for QC Leadership to recognise that business strategy is subject to quality and accordingly : § Assign management responsibilities appropriately § HR policies to demonstrate firm’s QC commitment § Sufficient resources for development, documentation & support of QC policies & procedures Person delegated the QC responsibility by CEO/ Managing partner to have sufficient appropriate experience & ability, & necessary authority to assume responsibility
II. Ethical Requirements § § Establish policies & procedures - reasonable assurance Firm & personnel comply with relevant ethical requirements Fundamental ethical principles: § Integrity § Objectivity § Professional competence & due care § Confidentiality § Professional behavior Ethical requirements enshrine Independence Contd. /…
Independence § Establish policies & procedures - reasonable assurance that § Maintenance of independence by relevant personnel § Firm notified of breaches of independence requirements § Policies & procedures should enable: § Communication of independence requirements to personnel & others § Identification & evaluation of circumstances/ relationships threatening independence § Take appropriate action for elimination/ reduction of threats/ withdrawal from engagement § Resolution of breaches of independence Contd. /…
Contd. /… è Policies/ procedures should require: Maintenance of independence of personnel § Engagement partners to provide firm with relevant information about client § Prompt notification of threats to independence § Accumulation & communication of relevant to appropriate personnel Breach of independence § All subjected to independence to promptly notify breach of independence § Prompt communication of identified breaches
Contd. /… § § Annual written confirmation as to compliance with independence requirements Familiarity threat: § Created § by using same senior personnel on assurance engagements Create policies & procedures: § Criteria for need for safeguards to reduce familiarity threat § Audit of FS of listed entities – rotation of engagement partner
III. § Establish policies/ procedures - reasonable assurance that clients are accepted/ continued only where: § § § Client Acceptance & Continuance § Client integrity has been considered & no information to conclude that client lacks integrity Firm competent to perform engagement – capability, time & resources Can comply with ethical requirements Document how issues were resolved Contd. /….
Withdrawal from Engagement Policies to address following issues: § Discussion with appropriate level of management & those charged with governance § If withdrawal necessary, discuss with management & those charged with governance § Professional/ regulatory requirement to: § Not to withdraw, or § Report withdrawal from engagement and/ or client relationship § Documentation of significant issues, consultations, conclusions, basis for conclusions
IV. § § Human Resources Establish policies/ procedures - reasonable assurance: § Sufficient personnel with capabilities, competence & commitment to ethical principles § Enable firm/ partners to issue reports appropriate in circumstances Issues to be addressed by HR policies: § Recruitment § Performance evaluation § Capabilities § Competence §Career development §Promotion §Compensation §Estimation of personnel needs
Assignment of Engagement Teams § § Responsibility for each engagement to be assigned to engagement partner. Policies/ procedures to ensure that: § Identity & role of engagement partner communicated to key personnel of client management & those charged with governance. § Engagement partner is capable & competent & has time & authority for engagement. § Responsibility of engagement partner clearly defined & communicated to him/ her. Assign appropriate staff Assessment of staff capability & competence Contd. /….
V. Engagement Performance Establish policies/ procedures - reasonable assurance: § Compliance with professional standards § Compliance with laws/ regulations § Consultation (internally/externally)– as per firm’s policies and procedures § Difference of opinion between Engagement partner and Review partner § Engagement partner issues reports appropriate in the circumstances § Engagement quality control review – on a timely manner
VI. § § Monitoring Policies & procedures - reasonable assurance that QC policies/ procedures are: § Relevant § Adequate § Operating effectively § Complied with in practice Involves on going consideration & evaluation of QC system, includes periodic inspection of completed assignments.
contd. /…. . § Communicate results of monitoring to engagement partners, CEO, managing partner & other appropriate individuals at least annually § Communication to include: § A description of the monitoring procedures performed. § The conclusions drawn from the monitoring procedures. § Where relevant, a description of systemic, repetitive or other significant deficiencies and of the actions taken to resolve or amend those deficiencies. Contd. /…
Documentation è è è Policies/ procedures for documentation to provide evidence of operation of each element of QC system Form & content – factors to consider size of the firm and the number of offices. degree of authority both personnel and offices have. nature and complexity of the firm’s practice and organization. Retention Time period sufficient to permit evaluation of firm’s compliance with QC system. Longer period, if required by law Engagement Documentation specimen. docx
DOCUMENTATION – Pre-commencement Work 29
Pre-commencement Work è è è è è Appointment letter Compliance with Companies Act (qualifications) Communication to previous Auditor by Regd. AD Audit Planning and pre audit briefing Pre audit discussion with Branch Manager Engagement Letter under (SA 210) Overview of relevant Banking terminology and schemes Guidance note on audit of banks by ICAI would provide valuable guidance. Long Form Audit Report- reporting requirments 30
Understanding the Banking Business 31
Banking business è Special Features of Banking Business ( events, transactions , practices and regulatory norms etc). è Special audit considerations in bank branch audits è Important Circulars of RBI…… è Internal controls in banks è Additional Controls for Computerised Environment è Accounting System and Standards applicable è Formats of Financial Statements ( as per schedule III section 29 of Banking Regulation Act , 1949) 32
Sources for information Bank’s annual report to shareholders Internal financial management reports Previous year audit working papers Discussion with bank Branch Manager Letters seeking Information from Branch Manager è Bank policy and procedures manual è RBI circulars è Previous and current audit reports (concurrent , internal , revenue, inspection, RBI AFI) è è è 33
Use To develop an overall audit plan To decide on critical areas To identify areas of special audit consideration To evaluate the reasonableness of accounting estimates è To evaluate Management representations è To make judgments regarding the appropriateness of accounting policies and disclosures è è 34
Guidance on documentation 35
Letter seeking information è è è Organizational chart of bank and bank branch , along with name of head of department. Authority and responsibility of each officer in the bank Special feature of each banking product Areas where work has been outsourced to outsiders Copies of last year annual accounts and current year quarterly/half yearly accounts Details of concurrent/other audits /inspections. 36
Letter seeking information è Information about top borrowers H. O instructions for closing of accounts Details of software used by bank List of reports generated by the software Accounting policy followed by the bank è Prelim information format. doc è è 37
Documentation of Internal controls in bank branch è è System of supervision / checking of work of one staff member by another staff member, irrespective of the nature of work System of job rotation The financial and administrative powers of officials are fixed /communicated to all persons concerned System for periodic reporting by Branch managers to their controlling authority on compliance of the laid down systems and procedures. 38
Documentation of Internal controls in bank branch è è è System for reporting to controlling authority of exceedings of delegated powers System for Periodical balancing of books and records System for expeditious reporting of lost security forms to controlling authority Currency, and security forms are in joint custody of at least two officials and periodically verified. System for Periodic inspections/ concurrent audit/ other audits System regarding operation of inoperative accounts 39
Documentation of Controls for Computerised Environment è è è The system maintains a record of all log-ins and log-outs System of posting transaction is to a inoperative account, like requirement of a supervisory password The system check on whether the amount to be withdrawn is within the drawing power. System alerts (eg: the balance in a lien account falls below the lien amount) Whether transaction permitted in an inoperative account 40
Documentation of Controls for Computerised Environment è è è Access to the system is available only between stipulated hours and specified days only. Individual users can access only specified directories and files Exception situations such as (eg: limit excess, reactivating dormant accounts) handled only with a valid supervisory level password. User timeout. Once the end-of-the-day process is over, the ledgers cannot be opened without a supervisory level password 41
Materiality (SA 320) è è Materiality for financial statements as a whole Determination of materiality levels (Eg: With reference to: Operating profit/net profit Gross/Net NPA è è è Fixed as Percentage of , or absolute figure Projection of individual errors H. O. instructions 42
Guidelines for documentation è è May be recorded on paper or on electronic or other media. Timely audit documentation to be concurrent enhance the quality of the audit Facilitate evidence. è è effective review and evaluation of audit Documentation prepared after the audit work is likely to be less accurate than done while performing audit. Record all aspects of the audit, in a single document, with cross references to supporting working papers. (Summary of observations) 43
Engagement documentation Assembly of the Final Audit File è è è The final audit file is to assembled ordinarily within 60 days of the date of the auditor's report. (Only) Administrative changes may, be made during the final assembly process (like deleting or discarding superseded documentation, Sorting, collating and cross referencing working papers , Signing off on completion checklists relating to the file assembly process and documenting audit evidence obtained, discussed and agreed before the date of the auditor's report) The retention period for audit engagements ordinarily is not less than seven years from the date of the auditor's report 44
Examples of documentation 45
Examples of audit documentation è è è Audit programme and Checklists. Obtaining basic information regarding advances Prelim information format. doc Analytical review. Summary of observations Letters of confirmation and representation. Correspondence (including e-mail) concerning significant matters. 46
Examples of audit documentation è The nature, timing, and extent of the audit procedures performed along with audit objective that is sought to be satisfied è Specific items or matters tested è Who performed /reviewed the audit work and the date such work was completed (name/date and signature) è Evidence of direction, control and supervision by the engagement partner. 47
Examples of audit documentation è è Understanding the software being used Obtain necessary reports including exceptional reports from the software Review of Statement on large advances prepared by Branch (advances > 5% of total advances or Rs. 2 cr, whichever is lower) Observations noted on review of other auditors reports 48
Examples of audit documentation Document the verification of advances disbursed during the period -W. r. to sanction terms by approp. Authority /Bank’s policy guidelines è Brief about Legal opinion obtained è Status of execution of necessary documents for loans disbursed during the audit period è Extent of verification è Check list of advances verified è 49
Examples of audit documentation è è è è Note on scrutiny of ledger accounts Checking DP Computation Physical verification of security/ stock Bank’s system of documenting physical verification of customer site Note on financial position revealed in BS Information available in public domain, if necessary Dependency on 1 or 2 major customers 50
Examples of audit documentation Industries with stress: - Real estate, Retail, Automobiles, Etc…… è Large Unfunded exposures – esp LC - frequent devolvement of LC– serious threat è Test check RBI guidelines for acceptance of LC/BG followed v Reporting of excess sanction to higher authorities è 51
ICAI GN on Bank Audit è è è Read and refer GN Gives Illustrative checklists on audit considerations in CIS environment/Engagement letter/Planning document, LFAR check list, etc Gives summary of RBI circulars 52
LFAR – a tool for planning and documentation è è è Introduced by RBI to overcome the shortfall in Statutory Audit Report to communicate lacunae in operations and internal control system. Introduced by RBI for in 1985 The reporting format last amended in 2003 53
LFAR – a tool for planning and documentation è è è LFAR is questionnaire prescribed by RBI for reporting on systemic deficiencies, on the internal control systems of various operations of the Bank. Main Statutory Audit Report(SAR) and LFAR are two independent unrelated reports. LFAR is a report for the limited use of management and the regulator(RBI). 54
LFAR – a tool for planning and documentation è è è Comments/qualifications in LFAR not to be related to main report or vice versa- Avoid cross referencing. Any adverse comment in the LFAR may not necessarily lead to a qualification in the Main Audit Report. However, if there any observations in LFAR which impact the true and fair view, it should be reported in the main audit report also. 55
LFAR – a tool for planning and documentation è è è Branch LFARs are reviewed and consolidated by the SCA and draft the LFAR for the Bank as a whole. Discuss the contents of the report with the Branch head to avoid any factual errors Extent of verification, method of sampling, limitations on information made available, management representations obtained etc. , should be detailed in the report. 56
LFAR – a tool for planning and documentation è The questions in LFAR are only indicative and not exhaustive. è The LFAR questionnaire should be answered in clear, concise, and meaningful manner – objectivity. è Avoid making vague or general comments. Give specific instances of deficiencies. 57
LFAR – a tool for planning and documentation è è è Avoid ‘yes’ or ‘no’ answers Finalise statutory report and LFAR simultaneously. The branch level reporting should be sufficiently detailed and quantified to enable expeditious consolidation. 58
LFAR – a tool for planning and documentation Precautions to be taken: è Have adequate back papers in your files with required representations è LFAR to be signed by the branch head too. 59
LFAR – a tool for planning and documentation è LFAR questionnaire helps the auditor to gain a good understanding of : ü Internal control systems and procedures of the Bank ü Instructions issued by controlling authorities ü Organisation structure and delegated authority of the bank ü Closing instructions issued by HO 60
LFAR – a tool for planning and documentation è è è It would be advisable to also review, the LFAR of the previous year and reports if any RBI AFI, Inspections, concurrent audit etc. Call for the relevant information from the Branch in advance. The compilation of answers to LFAR questions during the course of audit will effectively complement the audit process. 61
Broad Structure of LFAR è The broad structure of LFAR consists of questions on four sets of areas as under: A. Assets 1. 2. 3. 4. 5. 6. Cash Balances with RBI, SBI and other banks Money at call and short notice. Investments Advances Other Assets 62
Broad Structure of LFAR è B. Liabilities 1. Deposits 2. Other liabilities 3. Contingent liabilities C. Profit & Loss Account D. General 1. Books and records 2. Reconciliation of control and subsidiary records 3. Inter branch accounts 4. Audits/Inspections 5. Frauds 6. Miscellaneous E. Additional particulars for Specialised branches. 63
THANK YOU gopi@varmaandvarma. com 65
- Slides: 65