The audit of international commercial banks
Proposed replacement for IAPS 1006 'The Audit of International Commercial Banks'
"The Audit of International Commercial Banks" may be viewed on IFAC's Website at www.ifac.org and downloaded free of charge.
Comments from the Association of Chartered Certified Accountants
January 2001
Executive Summary
The Association of Chartered Certified Accountants (ACCA) is pleased to have the opportunity to comment on the proposed International Auditing Practice Statement The Audit of International Commercial Banks (the proposed IAPS) issued by the International Auditing Practices Committee (IAPC) of the International Federation of Accountants (IFAC).ACCA is the largest global professional accountancy body, with 250,000 members and students in 160 countries. ACCA's headquarters are in London and it has 28 staffed offices around the world. The ACCA syllabus has been recognised by the United Nations as providing the basis for a global accountancy qualification. ACCA's mission is to provide quality professional opportunities to people of ability and application, to be a leader in the development of the global accountancy profession, to promote the highest ethical and governance standards and to work in the public interest.
ACCA welcomes the proposed IAPS as a timely update of the existing IAPS issued in 1990. The inclusion of new material on risk management in advance of changes to International Standards on Auditing is a bold and successful step and we particularly welcome the inclusion of new material on fraud.
The public interest in banks is very much focused on their financial stability. We are concerned, therefore, that the proposed IAPS gives very little guidance on the assessment of going concern. We also suggest that it would be appropriate for the proposed IAPS to recognise the importance of independence issues for auditors of banks and to provide specific guidance on this and other matters to be considered for communication to those charged with governance.
1 General Comments
Need for, and timing of, updating1.1 We welcome the updating of IAPS 1006 'The Audit of International Commercial Banks' (IAS 1006) to reflect changes over the last decade in auditing pronouncements and in the commercial environment in which banks operate. We note that IAPS 1004 'The Relationship Between Bank Supervisors and External Auditors' (IAPS 1004) (issued July 1989) is of a similar age to IAPS 1006 (issued February 1990) and is, we believe, in similar need of updating. We regret, therefore, that IAPC has not been able to issue proposed updates to both documents simultaneously, as that would have enabled interested parties to comment, in a holistic way, on both aspects of the work of external auditors of banks.
> Going concern
1.2 The public interest in banks is very much concerned with their financial stability. Arguably, therefore, the going concern aspect of an audit is of the utmost importance. In recognition of this, we strongly recommend the inclusion of specific guidance on the assessment of going concern for banks as, currently, the proposed IAPS provides no specific guidance at all on going concern. We would also like to see improved guidance on management representations, both in connection with going concern and with other aspects of the audit process.
Independence and communication with those charged with governance
1.3 The proposed IAPS does not make any reference to principal auditor independence or communication of audit matters with those charged with governance. Given the importance of these matters and the considerable industry-specific considerations which arise, we strongly recommend their inclusion in the final document.
Introduction of the business risk approach to auditing
1.4 We note that, in section 4 of the proposed IAPS which deals with planning the audit, mention is made of obtaining a sufficient knowledge of the businesses governance structure, and gaining an understanding of risk management. We also note that the appendices include considerable material on business risk issues.
There is a danger that this update to IAPS 1006 is moving ahead of the International Standards on Auditing (ISAs) which are currently in issue. In particular, the business risk approach to auditing seems to underlie much of the guidance in the proposed IAPS, whereas this approach has not yet been incorporated in ISAs.
We have examined the guidance in the light of this factor and are satisfied, however, that the new material does not detract from the document's ability to amplify and interpret the extant ISAs.
One effect of the move towards business risk is that the proposed IAPS does not, in our view, provide enough guidance on substantive audit techniques. We would like to see the appendices extended to include practical guidance on appropriate techniques, such as circularisations to confirm open positions.
Fraud and money laundering
1.5 We welcome the inclusion of new guidance on fraudulent activities (paragraph 4.11) and money laundering (paragraph 4.12). Auditors are in the front line of the defence of the public interest in such matters and it is entirely right that IAPC emphasises the risks associated with banks in this regard. We would, however, like to see expansion of the guidance on money laundering in the appendices. The appendix dealing with risks and issues in respect of fraud mentions money laundering but does not expand on the issues, except to provide a brief mention of 'depositors' camouflage'.
Considering the work of risk management
1.6 Paragraph 4.23 refers to the impact on an audit of a risk management unit. We would like to see further guidance over and above that which is provided, which merely states that the auditor considers whether reliance is to be placed on its work. ISA 610 'Considering the Work of Internal Auditing' does not currently refer to risk management, but it would seem appropriate for an ISA to do so in future. If it is accepted that the proposed IAPS is able to provide guidance in advance of extant ISAs, it would be an ideal opportunity to incorporate guidance on this very important potential source of audit reliance.
Title
1.7 The title of the proposed document remains as 'The Audit of International Commercial Banks'. However, we note that the content has changed so that both the international and commercial references in the title are now no longer fully appropriate. Because of this, and to make the title consistent with that of IAPS 1004, we suggest that the title of the proposed IAPS is amended to the simpler 'The Audit of Banks'.
Status of the proposed IAPS
1.8 Although the 'Preface to International Standards on Auditing and Related Services' sets out the authority of IAPSs, it has been usual to provide further confirmation of that in the text of individual IPASs. The status of the proposed IAPS would be clarified by the inclusion of similar wording to that in the introduction to the proposed IAPS 'Auditing Derivative Financial Instruments', which states that: 'The extent to which any of the audit procedures described in this Statement may be appropriate in a particular case requires the exercise of the auditor's judgment in the light of the requirements of the ISAs and the circumstances of the entity'.
Terms used to refer to the use of computers
1.9 The existing IAPS 1006 refers to computer information systems (CIS) and electronic funds transfer (EFT) systems. The proposed IAPS introduces the term 'IT systems'. This term was not used in the recent revisions of guidance on CIS environments and it seems incongruous to introduce it purely for the purpose of the revision of IAPS 1006.
The Basle Committee on Banking Supervision
1.10 We note that observers from the Basle Committee have been present at the IAPC Bank Audit Sub-committee. This involvement is entirely appropriate and provides a further degree of authority to this guidance. We welcome the references made in the proposed IAPS to material issued by the Basle Committee (for example the policy paper mentioned in paragraph 4.22). However, we would prefer to see references to such material collected in one place in the document to further facilitate access to it to and to aid users' understanding of the range of material. This reference might conveniently be placed in a glossary.
Glossary and extent of explanation
1.11 The proposed IAPS uses many terms which could be unfamiliar to readers without knowledge of the banking industry. We suggest that the document would be improved by the inclusion of a glossary. Glossaries are present in other IAPSs, notably IAPS 1004 and the proposed IAPS 'Auditing Derivative Financial Instruments'. The glossary would be an appropriate place to give details of the Basle Committee on Banking Supervision (the Basle Committee).
Although we recognise that it is not designed to be a textbook, we nevertheless believe that the value of the proposed IAPS would be enhanced if additional material was included on key banking concepts and terminology. In this regard we would suggest dealing with:
- capital adequacy (tier 1 & tier 2) including
the concept of credit conversion factors, the protection of depositors
and its importance to banks in remaining a going concern
- key limit types and structures (such as: global
/ local / mismatch / VAR / duration)
- hedging techniques (specific and portfolio) and
the key accounting aspects associated with their use
- mark to market accounting
- provisioning techniques (dynamic or periodic);
of particular relevance is the rationale for their use and the impact
which this could have on the work performed by auditors
- house trading compared to client execution,
together with fiduciary obligations
and
- the concept of backdating transactions to obtain good value and the possible impact on the financial statements.
Prose and presentation
1.12 We welcome the many minor improvements in the prose, as these contribute to the clarity of the proposed IAPS. The change to remove the exclusive use of the male pronoun brings the document into a more appropriate modern business style of writing. The attention to detail evident in the main body of the proposed IAPS does not, however, appear to have been fully implemented in the new appendices, which require further work to remove typographical errors and inconsistencies in structure, layout and punctuation. We suggest that the reader's understanding of key products and processes would be improved if structured risk maps were provided.
2. Specific Comments
2.1 We believe that Section 4 'Planning the Audit' should draw attention to a further important characteristic of the bank audit. Auditors are often placed under extreme time pressure to complete their work so as to enable the financial statements to be released soon after the balance sheet date. The brief mention, at paragraph 4.35, of 'required reporting dates' should be expanded to explain the impact on co-ordinating the work and earlier sections should include appropriate guidance on the timing of audit procedures in such circumstances.2.2 The international nature of banks often gives rise to the need for financial statements to be presented in compliance with more than one form of generally accepted accounting principles (GAAP). The most common circumstance is where non-US financial statements are restated in accordance with US GAAP. This feature of the industry should at least be mentioned, even if it is felt that the proposed IAPS is not an appropriate place to provide additional guidance.
2.3 We welcome the inclusion, in paragraph 4.34, of reference to the guidance material issued by the Basle Committee. However, this section deals with only regulatory considerations and we suggest that the reference ought more properly to be made in a general section, such as an extended glossary. As the guidance refers to the website of the Bank for International Settlements, we suggest that its URL is reproduced.
2.4 A general change has been made in the prose to use 'that' in defining clauses, instead of 'which'. While the choice between these two words in such a construction is ordinarily a matter of writer's preference, the change in paragraph 6.2 is inappropriate, as it is a direct quotation from ISA 500 'Audit Evidence'. Furthermore, the text relating to 'Presentations and Disclosure' should not have a comma after the word 'applicable'.
2.5 At paragraph 6.7, we note that a bullet point relating to bullion which is present in the existing IAPS 1006 has been deleted, as has later detailed guidance. As bullion is more likely to feature in bank audits than other audits, we see no reason to remove this from the most appropriate guidance document for auditors.
2.6 We welcome the inclusion of guidance on off-balance sheet financial instruments. We consider that a reference to the proposed IAPS 'Auditing Derivative Financial Instruments' would be useful in this section. Although it provides guidance from the perspective of the end user, rather than an issuing or dealing bank, much of the guidance in it is of general application.
2.7 We welcome the new reference, at paragraph 7.3, to ISA 700 'The Auditor's Report on Financial Statements' (ISA 700). However, we also note that material dealing with hidden reserves in the existing IAPS 1006 has been deleted. This may have been done to remove the specific instruction that: 'where the existence of hidden reserves is not disclosed in the financial statements, the auditor should disclose this fact in his audit report'. Because of their importance, we suggest that it would be appropriate to mention hidden reserves as an example in paragraph 7.4. However, it is correct that the specific instruction, as set out above, should be excluded, as it is incompatible with the proper exercise of auditors' judgement under ISA 700.
2.8 We consider that auditors would be able to form a better overall view if Appendix 1 was to set out and explain the key process steps. For example, for loans and advances these might be:
- Initiation
- Approval
- Drawdown
- Repayment
- Accounting
- Review
and
- Impaired asset management.
2.9 The substantive procedures section in Appendix 1B 'Loans and Advances' mentions 'sample selection of exposure file reviews'. The IFAC 'Glossary of Terms' defines audit sampling as: 'the application of audit procedures to less than 100% of items within an account balance or class of transactions such that all sampling units have a chance of selection'. It is clear from the list of selection criteria that accounts are selected judgementally and the use of the word 'sample' is, therefore, inappropriate.
2.10 The substantive procedures section in Appendix 1B 'Loans and Advances' contains a list of characteristics which 'may indicate a need for a more detailed review'; one of these is a 'qualified audit report'. This should more properly be termed a 'modified report', as referred to in paragraph 29 of ISA 700, as an emphasis of matter relating to going concern uncertainty should prompt a more detailed review.
2.11 The table at the beginning of Appendix 5 'Risks and Issues in Respect of Fraud' is a useful summary, but the material following it is neither wholly in the order of the table nor cross-referenced to it. In view of the potential importance of this material, we would encourage its expansion to provide further information and guidance.