Bank Audit Internal Audit Internal audit is an
Bank Audit
Internal Audit • Internal audit is an independent, objective assurance activity and can give valuable insight in providing assurance that major business risks are being managed appropriately and the risk management and internal control framework is operating effectively
Four Phases of Internal Audit • Traditional Audit – Verification of Accounts • Conventional Audit – Compliance of Regulation • Modern Audit – Technology Help • Risk Audit – Going Beyond Audit Boundaries
Internal Audit Functions • Critical evaluation of internal controls, performing GAP analysis and suggesting areas for strengthening • Constructive review of business operations by keeping the organisation's business needs in focus • Identification and recommendation of areas for cost reduction, revenue optimisation and improvement in operational efficiency
Internal Audit Functions • Critical evaluation of systems and procedures and adherence to Standard Operating Procedures • Review of Information Technology (IT) controls and Business Continuity Plan • Identification, assessments and control of risks • Review of compliances with the various regulatory provisions and operations manuals • Review of adherence to the corporate governance requirements
Internal Audit Objectives • Facilitate achievement of business objectives • Optimum utilisation of resources • Evaluate internal controls, systems and procedures • Safeguarding of assets • Identification, assessment and control of risks • Facilitating corporate governance code compliance • Reporting independently to the audit committee • Reviewing compliance with policies, procedures, laws and regulations • Increasing reliability of financial statements
Internal Audit In Practice • Developing a strategic role for internal audit • Defining the work • Establishing arrangements (co-sourcing, out-sourcing) • Transforming the function • Creating the conditions for use of audit committees • Helping in transforming ideas into operation • Improving audit quality, efficiency and cost-effectiveness
Scope of Internal Audit Work • Matching expectations and resources • Range of banking activities • Strategic and annual audit plans • Internal audit development plans • Audit risk assessment • Resource implications and the skills needed • Auditing bank performance
Bank Audit • Participative Auditing • Governance Auditing • Branch Auditing (including ATM Audits)
Non Involvement of Internal Audit • Setting risk appetite • Taking decision on risk response • Implementing risk response • Taking accountability of risk management
Traditional Approach to Internal Audit • Accounts oriented • Transaction focused • Passive detection • Compliance oriented • Routine areas of audit • Manual checking • Time consuming
Modern Internal Audit • Developing role of internal audit (traditional, conventional, leading edge and off-the-edge auditing) • Approaches to audit work • Moving from inspection to providing a risk-focused service to the board • Enhancing the audit function and adding value
Risk Assessment through Internal Audit • Enterprise-wide Risk Management (ERM) is a structured, consistent and continuous process across the whole organisation for identifying, assessing, deciding on responses to and reporting on opportunities and threats that affect the achievement of its objectives. • Responsibility of ERM is with the Board of Directors.
Role of Enterprise Resource Planning • Facilitating and identification of key risks • Evaluating and reporting of key risks • Consolidating risks across the organisation • Developing and maintaining the ERM framework • Providing assurance to management • Providing assurance to the Board on the effectiveness of risk management
Resources Needed for Conducting Internal Audit • Information for Decision Making • Information Technology (IT) • Information System (IS) • Information System Development • Assessment of Risks and its Management • Business Continuity Plan • Disaster Recovery Plan • Hardware, Software and Network audits
Contemporary Approach to Internal Audit • Business orientation • Process orientation • Value creation • Real time detection • Prevention orientation • Risk based audit • Technology orientation • Time and cost efficient
Risk Based Audit
Risk Identification • Establish objectives • Classification of objectives • Identify strategies • Identify operational objectives • Stating compliance requirement • Reporting risks
Risk Assessment • Identify risk likely to have an impact • Likelihood of risk • Measure the impact of risk
Risk Evaluation • Responses to risk • Evaluate risk to be avoided • Evaluate risk to be accepted • Risk reducing procedures • Risk sharing procedures
Risk Monitoring • Evaluate implementation of strategies • Monitor risk responses
Internal Audit Documentation
- Slides: 22