Basel 3 April 2013

681 views

Published on

Basel iii Compliance Professionals Association (BiiiCPA)
http://www.basel-iii-association.com

The Basel iii Compliance Professionals Association (BiiiCPA) is the largest association of Basel iii Professionals in the world. It is a business unit of the Basel ii Compliance Professionals Association (BCPA), which is also the largest association of Basel ii Professionals in the world.

Receive (at no cost) the New Member Orientation newsletters:
http://www.basel-iii-association.com/New_Member_Orientation_Newsletters.html

Subscribe to Receive (at no cost) Basel II / Basel III Related News, Alerts, Opportunities, Updates, our Monthly Newsletter and Limited Time Offers for our Basel II / Basel III Training and Certification Programs:
http://forms.aweber.com/form/42/1586130642.htm

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
681
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
7
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Basel 3 April 2013

  1. 1. P a g e | 1Basel iii Compliance ProfessionalsAssociation (BiiiCPA)1200G Street NW Suite 800Washington, DC 20005-6705USA Tel:202-449-9750Web: www.basel-iii-association.comDear Member,TodayI willstart withthejobdescriptionthatmademy day: BaselII/ III and SolvencyIIrisk specialist, Mandarin Speaking!!!Basel III Risk Specialist - Mandarin Speaking Leading GlobalInvestment Bank, LondonALeading Global Investment Bank isExpanding the Regulatory RiskFunctionwiththe hire of a Basel III Risk Specialist for their LondonGroup.- Basel III RegulatoryRisk Specialist- LeadingGlobal Investment Bank- Mandarin Speaking- London, UK- 50,000+ Excellent Bonus BenefitsAsakeymember oftheriskgroup you will becommunicatingextensivelywith senior management on a global scaleincludingdirect contact withseniormanagement in Hong Kong and Shanghai and will thereforerequireMandarinspeakingskillsat business level proficiency.An expert in regulatoryframeworks,you will have practicalunderstandingof Basel II/ III and knowledgeof SolvencyII ICAAP isalsohighly preferred.Basel iii ComplianceProfessionalsAssociation (BiiiCPA)www.basel-iii-association.com
  2. 2. P a g e | 2This is a mid-level position withinthe group and will requirea minimumof 3 years industry experiencewithin theLondon and/ or InternationalFinancial Markets.It is never toolate tolearnMandarin. Is lookseasy!Amazingjobdescription…Just one slight problem withthisjob description:You cannot haveknowledgeof SolvencyII ICAAP … simplybecausethere isnothing likea Solvency II ICAAP… perhapstheymean SolvencyII ORSA(OwnRiskandSolvencyAssessment, thePillar 2 document).It remindsme another job description, where theyrequired 5+ years ofBasel III experience. Provided that BaselIII wasendorsed at theend of2010,theycould hire someoneafter 2015…Another development:Auditors… it is your turn tosuffer the consequencesof the crisis…Accordingtothe BIS, The recent financial crisisnot onlyrevealedweaknessesin risk management, control and governanceprocessesatbanks,but alsohighlightedthe need toimprove thequalityof externalauditsof banks.Basel iii ComplianceProfessionalsAssociation (BiiiCPA)www.basel-iii-association.com
  3. 3. P a g e | 3Giventhecentralrolebanksplayincontributingtofinancial stability, andthereforethe need for market confidencein the qualityof external auditsof banks financial statements,the BaselCommitteeisissuingforconsultationthis guidanceon external auditsof banks.This document describes,through sixteen principlesand explanatoryguidance,supervisoryexpectationsregarding audit qualityand how thatrelatestotheexternal auditors work in abank.External auditsof banksTherecent financial crisisnot only revealedweaknessesin risk management, controland governance processesat banks, but alsohighlighted theneed to improvethequalityof external auditsof banks.Given the central role banksplayincontributingtofinancial stability, andthereforethe need for market confidenceinthequalityof external auditsof banksfinancial statements,the BaselCommitteeis issuingfor consultationthis guidanceonexternal auditsof banks.This document describes,through sixteen principlesand explanatoryguidance,supervisoryexpectationsregarding audit qualityand how thatrelatestotheexternal auditors work in a bank.Implementation of the principlesand the explanatoryguidanceisexpectedto improve thequalityof bank auditsand enhancetheeffectivenessof prudential supervisionwhichis an important element offinancial stability.This document setsout supervisoryexpectationsof how:Basel iii ComplianceProfessionalsAssociation (BiiiCPA)www.basel-iii-association.com
  4. 4. P a g e | 4- externalauditorscandischargetheirresponsibilitiesmoreeffectively;- audit committeescan contribute toaudit qualityin their oversight oftheexternal audit;- an effectiverelationship betweenthe external auditor and thesupervisor, whichallowsgreater mutual understandingabout therespectiverolesand responsibilitiesof supervisorsand externalauditors, can lead toregular communication of mutually usefulinformation;and- regular and effective dialogue between the banking supervisoryauthorities and relevant audit oversight bodies can enhance thequalityof bank audits.This document enhancesand supersedestheCommitteesguidanceTherelationship betweenbanking supervisorsand banks external auditors(2002) and External audit qualityand banking supervision (2008).In addition tothe proposedguidance, theCommitteeispublishingalettertothe InternationalAuditing andAssurance StandardsBoard(IAASB) on areaswhereit believesInternational StandardsonAuditingcould be enhanced.Serving asan observer on the Basel Committeegroup that developed therevisedguidance,theIAASBprovided helpful and meaningful input tothiseffort.Commentson the proposalsshouldbe submittedby Friday 21June2013bye-mail to: baselcommittee@bis.org.Alternatively, commentsmay be sent bypost to: Secretariat of the BaselCommitteeon BankingSupervision, Bank for InternationalSettlements,CH-4002Basel, Switzerland.Basel iii ComplianceProfessionalsAssociation (BiiiCPA)www.basel-iii-association.com
  5. 5. P a g e | 5All commentsmay bepublishedon thewebsiteof the Bank forInternational Settlementsunlessa comment contributor specificallyrequestsconfidential treatment.External auditsof banks1. Executive summary1.Therecent financial crisisnot onlyrevealed weaknessesin riskmanagement, control and governanceprocessesat banks, but alsohighlighted theneed to improve thequalityof external auditsof banks.Giventhecentralrolebanksplayincontributingtofinancialstability, andthereforethe need for market confidencein thequalityof external auditsof banks‟financial statements,the BaselCommitteeon BankingSupervision (theCommittee) is issuingthis document on external auditsof banks.It forms part of theCommittee‟scommitment to help improve auditqualityat banks.Thisdocument enhancesand replacesTherelationship betweenbankingsupervisorsand banks‟external auditors(January2002) and Externalaudit qualityand banking supervision (December 2008).2.Implementationof the 16principlesand observation of theexplanatoryguidancein thisdocument are expectedtoimprove the qualityof bankauditsand enhancetheeffectivenessof prudential supervision, whichwillthen contributetofinancial stability.Throughtheseprinciplesand explanatoryguidance, the documentdescribessupervisoryexpectationsregardingaudit qualityand how thatrelatestotheexternal auditor‟sworkin a bank.This document specificallysetsout supervisoryexpectationsof how:Basel iii ComplianceProfessionalsAssociation (BiiiCPA)www.basel-iii-association.com
  6. 6. P a g e | 6(a)external auditorscan discharge their responsibilitiesmore effectively;(b)audit committeescan contribute toaudit qualityin their oversight oftheexternal audit;(c)an effectiverelationshipbetweenthe external auditor and thesupervisor,whichallowsgreater mutual understandingabout therespectiverolesand responsibilitiesof supervisorsand externalauditors,can lead toregular communication of mutuallyusefulinformation;and(d)regular and effective dialogue between the banking supervisoryauthorities and the relevant audit oversight bodies can enhance thequalityof bank audits.3. Thedocument alsonotestheCommittee‟scontinued commitment toworkthrough international bodies toenhanceaudit quality.2. Introduction, application, structure and the Committee‟sinternational engagementIntroduction4.Thebankingsectorisuniqueamongsectorsof theeconomy becauseitplays a central role in contributing to thefinancial stabilityof and theprovision of financial resourcesto the economy.This sector includesmajor global banksthat are systemicallyimportantbanks(SIBs), the failure of one or moreof whichcould triggera globalfinancial crisis.In addition, bankshavea uniqueoperatingmodel.5.Supervisorsare primarilyconcerned withmaintainingthestability ofthebanking system and fostering thesafetyand soundnessof individualBasel iii ComplianceProfessionalsAssociation (BiiiCPA)www.basel-iii-association.com
  7. 7. P a g e | 7banksin order tomaintain market confidenceand protect theinterestsofdepositors.Consequently, toenhancethe effectivenessof supervision, supervisorshavea keen interest in the qualitywithwhichexternal auditorsperformbank audits.Buildingeffectiverelationshipswith external auditorscan alsoenhancebankingsupervision.6.An external auditor plansand performs the audit of a bank‟sfinancialstatementstoobtain reasonableassuranceabout whetherthefinancialstatementsasa wholeare free from material misstatements,whetherduetofraud or error, and are prepared, in all material respects,in accordancewith an applicablefinancial reportingframework.In many ways, thesupervisor and the external auditor havecomplementaryconcernsregarding thesamematters.For example, theaudit of financial statementsmay help identifyweaknessesin internal controlsrelatingtofinancial reportingat a bankwhichmay, therefore,inform supervisoryeffortsin this area andcontributeto a safeand sound bankingsystem.7.Although the focusof thisdocument ison the qualityof the auditperformed by the external auditor, an audit in accordancewithinternationallyaccepted auditing standardsis conducted on thepremisethat the management and, whereappropriate, those chargedwithgovernancehave acknowledgedcertain responsibilitiesthat arefundamental to the conduct of the audit.Theaudit of the financial statementsdoesnot relieve management orthosechargedwithgovernanceof their responsibilities.8.TheBasel Committee on Banking Supervision‟sCore PrinciplesforEffectiveBanking Supervision (September 2012,Core Principles)provideBasel iii ComplianceProfessionalsAssociation (BiiiCPA)www.basel-iii-association.com
  8. 8. P a g e | 8a framework of minimum standardsfor sound supervisorypracticesandare considereduniversallyapplicable.Core Principle27 focuseson prudential regulationsand requirementsforbanksin relation to financial reportingand external audits.This guidanceset out in this document is consistent with Core Principle27.9.Theapplicationand thestructure of each section in this document aredescribedbelow,followedby an outlineof the keyinternationalrelationshipsbetweenthe Committeeand other groupsrelevant toexternal auditing.Application10.This document appliesto the followingentitiessubject toa statutoryaudit:- all banks, includingthosewithin a bankinggroup;- holdingcompanies whosesubsidiariesarepredominantlybanks;and- holding companiessubject toprudential supervision whosesubsidiariesare predominantlybanks.All of thesestructuresarereferredtoasbanksorbankingorganisationsinthisdocument.11.Theimplementation of the principlesset forth in this documentshould be proportionateto thesize, complexity, structure, economicsignificanceand riskprofile of the bank and thegroup (if any) towhichitbelongs.TheCommitteerecognisesthat some countrieshavefound it appropriatetoadopt legal frameworksand standards(eg for listedfirms), aswell asBasel iii ComplianceProfessionalsAssociation (BiiiCPA)www.basel-iii-association.com
  9. 9. P a g e | 9accountingand auditingstandards, whichmay be more extensiveandprescriptivethantheprinciplesandexplanatoryguidancesetforthherein.Such frameworksand standardstend tobe particularlyrelevant for largeror publicly traded banks or financial institutions.12.This document hasbeen preparedwiththefull awarenessthatsignificant differencesexist in national institutional, legislativeandregulatoryframeworksamongst jurisdictions,including accountingandauditingstandards,supervisorytechniquesand institutional corporategovernancestructures.Supervisorsshouldclearlycommunicatetherecommendationscontainedherein tothebanks theysuperviseand their respectiveexternalauditors,andarticulatethemeasuresbanksandexternalauditorsshouldundertaketomeet thesebest practices,wherepossible.13.Theprinciplesset out in thisdocument should be applied inaccordancewiththenational legislationand corporate governancestructuresapplicablein each country.14.Thefollowingtermsareused in thisdocument, withthe meaningsspecified:- Financial statement audit –An audit of a bank‟sfinancial statementsbyan external auditor in accordancewithinternationallyacceptedauditingstandards.- Statutoryaudit –An audit carried out tocomply withtherequirementsof particular legislationor regulations.In some jurisdictions,thismay includeonlythe financial statementaudit.In other jurisdictions,thismay alsoincludeextended reportingbyexternal auditorson matterssuch asinternal controlsand regulatoryreturns.Basel iii ComplianceProfessionalsAssociation (BiiiCPA)www.basel-iii-association.com
  10. 10. P a g e | 10- External auditor – The audit firm and theindividual auditengagement team members.Whererelevant, specific referencesaremadetothe audit firm or theindividual audit engagement team members in certainparagraphs.- Bankingsupervisoryauthority – The body responsiblefor promotingthesafety and soundnessof banks and thebanking system in aparticular jurisdiction, includingthe personswhoare involved withsupervisorypolicy setting and policyissues,includingpoliciesregardingaccountingand auditing.- Supervisor– The group of supervisorypersonnel at a bankingsupervisoryauthoritywhoaredirectlyinvolved withthesupervision/ examinationof a specific institution.- Board and senior management – The governance structure at a bankcomposed of a board and senior management.TheCommittee recognisesthat there aresignificant differencesinthelegislativeand regulatory frameworksacrosscountriesregardingthesefunctions.Somecountries usea two-tier structure, wherethe supervisoryfunctionof the board is performed by a separateentityknownasasupervisoryboard, whichhasnoexecutivefunctions.Other countries, bycontrast, use a one-tier structure in whichtheboardhasa broader role.Still other countrieshavemoved or are moving to an approachthatdiscouragesor prohibitsexecutivesfrom serving on the board orlimitstheir number and/ orrequires theboard and board committeestobe chairedonlyby non-executiveboard members.Given thesedifferences, this document doesnot advocatea specificboardstructure.Theterms“board” and “seniormanagement” are onlyused asa waytorefer tothe oversight function and themanagement functioninBasel iii ComplianceProfessionalsAssociation (BiiiCPA)www.basel-iii-association.com
  11. 11. P a g e | 11general and should be interpretedthroughout thedocument inaccordancewiththeapplicablelaw withineach jurisdiction.- Audit committee – A specialised committee established by theboard, the mandate, scope and working procedures for which are setout in a charter or other instrument.As stated in theBCBS paper on Principlesfor enhancingcorporategovernance(October 2010), to increaseefficiencyand allowdeeperfocus in specificareas, boardsin manyjurisdictionsestablishcertainspecialisedboard committees– theaudit committeebeingone ofthem.Thepaper further recommendsthat, for largeand internationallyactivebanks, an audit committeeor equivalent shouldbe required.It alsooutlinesthe overall responsibilitiesof the audit committee.- Thosecharged withgovernance – Theperson(s) or organisation(s)with responsibility for overseeingthe strategic direction of theentityand obligationsrelatedto the accountabilityof the entityasdefinedbyinternationallyaccepted auditingstandards.Such person(s) or organisation(s)is (are) typically the board ofdirectors.Wherethe board of directorsestablishesan audit committeein abank to assist it in meetingitsresponsibilitiesby chargingthe auditcommitteewithspecific tasksand responsibilities,in suchcircumstancestheaudit committeecan be viewedastaking on theroleof thosecharged withgovernance in relationto thosespecifictasksand responsibilities.StructureThe external auditor and audit quality15.Audit qualityincludesdeliveringan appropriate, independentprofessional opinionon thefinancial statements,in compliancewithinternationallyaccepted auditing standards.Basel iii ComplianceProfessionalsAssociation (BiiiCPA)www.basel-iii-association.com
  12. 12. P a g e | 12Internationally accepted auditing standards require the external auditorto possess and demonstrate certain attributes while applying a rigorousaudit process.16.Given that internationallyacceptedauditing standards are applicabletoall entities,Section4of thisdocument builds uponthesestandardsandlaysout thesupervisoryexpectationsof theexternal auditorregardingtheaudit of a bank.Moreover, Section 4 highlightsthekey areaswheresignificant risks ofmaterial misstatement in banks‟financial statementsoften arise, whichthereforerequire theauditor‟sparticular attentionfor a qualityaudit.Engagement between the external auditor and the auditcommittee17.Regular and effectiveengagement and communication betweentheexternal auditor and the audit committeecontributeto audit quality.18.Amongst itsother responsibilities, theaudit committeeisresponsiblefor overseeingthebank‟sexternal auditor.Asoundlyconstitutedaudit committeecanplayakeyrolein contributingtoaudit quality.Section 5 discussesthe audit committee‟sresponsibilitiesin relationtotheoversight of, and its relationshipwith, the external auditor.Engagement between the supervisor and the external auditor19.Effectivecommunication betweenthesupervisor and theexternalauditorenhancestheeffectivenessof supervision of the bankingsector.This relationshipwill then alsocontributeto audit quality.Basel iii ComplianceProfessionalsAssociation (BiiiCPA)www.basel-iii-association.com
  13. 13. P a g e | 1320.Thesupervisor and the external auditor have a mutual interestinbuildingand maintainingan effectiverelationship, which fostersregularcommunicationof useful information.Section 6providesprinciplesand explanatoryguidancefor facilitatinganeffectiverelationshipbetweenthe supervisor and theexternal auditor atthelevelsof thesupervisedbank, the audit firm and theaccountingprofessionasa whole.Engagement between thebanking supervisory authority and theaudit oversight body21.Thebanking supervisoryauthority and therelevant audit oversightbody sharea strongmutual interest in ensuringqualityindependentaudits.Regularand effectivedialoguebetweenthebankingsupervisoryauthorityandthe audit oversight body at a national level can assist in identifyinganddealing withkey issuesin relationtotheconduct of bank audits.Section 7setsout the principlesfor facilitatingeffectivecommunicationbetweenthesebodies.22.Supervisorsare in a uniquepositiontoidentify audit qualityissuesatboth theindustry and individual audit level.Regular and effectiveengagement betweenthe supervisorand therelevant audit oversight bodymay enablethesupervisortoprovide timelyfeedbackon such issues.Additionally, thesupervisormay, if necessary, takeaction toaddressissuesraised by the audit oversight body.Basel iii ComplianceProfessionalsAssociation (BiiiCPA)www.basel-iii-association.com
  14. 14. P a g e | 14TheCommittee‟s international engagement on externalauditing23.Approachesfor dealingwithsupervisoryconcernsabout thequalityoftheaudit of an individual bank may differacrossjurisdictions,but allapproachesshould be designed to contribute toenhancingaudit quality.In its effort to promote audit quality, the Committee engages in regulardialogue and discussion with the relevant international stakeholders onexternal audit matters.Thesestakeholdersinclude, but arenot limitedto, the following:- theFinancial StabilityBoard (FSB), whoseobjectivesincludetheenhancement of theeffectivenessof banking supervision;- theMonitoringGroup, which is responsiblefor advancingthepublicinterest in areasrelatedtointernational audit quality;- thePublic Interest Oversight Board (PIOB), which is responsibleforimprovingthe qualityand public interest focusof the internationalstandardsformulated bystandard-settingboardsoperatingunder theauspicesof the International FederationofAccountants(IFAC) in theareasof audit and assurance, educationand ethics,includingoversight of the public interestactivitiesof three of the IFAC‟sindependent standard-setting boardsand their respectiveconsultativeadvisorygroups;- theconsultativeadvisorygroupsof the InternationalAuditing andAssurance StandardsBoard (IAASB) and the International EthicsStandardsBoard forAccountants(IESBA), whichare responsiblefordeveloping international auditingand ethicsstandards respectively;- theInternational Forum of Independent Audit Regulators(IFIAR), whichis responsiblefor improving audit qualityglobally, includingthrough independent inspectionsof auditorsand/ or audit firms; andBasel iii ComplianceProfessionalsAssociation (BiiiCPA)www.basel-iii-association.com
  15. 15. P a g e | 15- theGlobal Public Policy Committee(GPPC), which iscomprised ofrepresentativesfrom thesix largest international accountingnetworksand focuseson public policyissuesfor the accountingprofession.24. The objectiveof thisdialogueis toenablethe Committeeand therelevant international stakeholderstoidentify and discussrelevant issuesandtopics on a timelybasis sothat supervisors, external auditorsandaudit oversight bodiescan take appropriate action.As such, thesediscussionsshould addressnot only current issuesandtopics, but alsoemergingareasand trendsthat raise concern.3.Overview of the principles- Principle1: The external auditor of a bank should have bankingindustryknowledgeand competencesufficient to respondappropriatelytotherisksof material misstatement in thebank‟sfinancial statementsand toproperlymeet any additional regulatoryrequirementsthat may be part of the statutoryaudit.- Principle2: The external auditor of a bank should be objectiveandindependent in fact and appearancewithrespect tothebank, consistent withthemore stringent requirementsapplicabletopublic interest entitiesin internationallyaccepted ethical standards.- Principle3: The external auditor should exerciseprofessionalscepticism whenplanningand performingthe audit of abank, having due regard tothe specific challengesin auditing abank.- Principle4:Audit firms undertakingbank auditsshould complywiththemore stringent requirementson qualitycontrol applicableto listedentitiesin internationallyacceptedqualitycontrol standards,havingdue regard tothe complexityof abank audit.Basel iii ComplianceProfessionalsAssociation (BiiiCPA)www.basel-iii-association.com
  16. 16. P a g e | 16- Principle5: Theexternal auditorof a bank shouldidentify and assesstherisksof material misstatement in thebank‟sfinancialstatements,takingintoconsideration the complexitiesof bankingactivitiesand the need for bankstohave a strong controlenvironment.- Principle6: The external auditor of a bank should respondappropriatelytothe significant risks of material misstatement in thebank‟sfinancial statements.- Principle7: The audit committeeshould have a robustprocessforapproving, or recommendingfor approval, theappointment, reappointment, removal and remunerationof theexternal auditor.- Principle8: The audit committeeshould monitor and assesstheindependenceof theexternal auditor.- Principle9: The audit committeeshould monitor and assesstheeffectivenessof theexternal audit.- Principle10: The audit committeeshould have effectivecommunicationwiththeexternal auditor toenablethe auditcommitteeto carryout itsoversight responsibilitiesand toenhancethequalityof the audit.- Principle 11: The audit committee should require the external auditorto report to it on all relevant mattersto enable the audit committee tocarryout itsoversight responsibilities.- Principle12: The supervisorand theexternal auditor should haveaneffectiverelationshipthat includesappropriatecommunicationchannelsfor the exchangeof information relevant tocarrying outtheir respectivestatutoryresponsibilities.- Principle13: The external auditor shouldreport tothe supervisormattersthat arelikelyto beof material significancetothe functionsof the supervisor.Basel iii ComplianceProfessionalsAssociation (BiiiCPA)www.basel-iii-association.com
  17. 17. P a g e | 17- Principle14: There should be open, timely and regularcommunicationbetweenthebankingsupervisoryauthority, theauditfirm and the accountingprofession asa wholeon keyrisksandsystemic issuesaswell asa continuousexchangeof viewsonappropriateaccountingtechniquesand auditingissues.- Principle15: There should be regular and effectivedialoguebetweenthebanking supervisoryauthorityand therelevant audit oversightbody.- Principle16: The banking supervisoryauthorityand the auditoversight body should observe appropriateconfidentialityrequirementswhensharinginformation.4. Supervisory expectationsrelevant to the external auditor andthe external audit of financial statements25.External auditsof financial statementsperformed in accordancewithinternationallyaccepted auditingstandards enhancetheconfidenceof allusers,includingsupervisors,in the reliability of the auditedfinancialstatementsand thequalityof the information provided.26.Auditsof banks should be performed in accordancewithinternationallyaccepted auditing standards.As these standardsare not industry-specific, for a qualityauditsupervisorsexpect external auditorsnot onlyto complywithinternationallyaccepted auditing standardsbut alsoto tailor their auditworkin response to thesignificant risksand issuesapplicableto banks.27.External auditorsarerequired tocomplywithapplicablejurisdictionaland, whererelevant, internationallyaccepted ethical standards.Basel iii ComplianceProfessionalsAssociation (BiiiCPA)www.basel-iii-association.com
  18. 18. P a g e | 18However,given thecomplexityand systemic risksassociatedwithbanks,theexternal auditorof a bank should followthe most stringentrulesfor independenceunder thesestandards.Similarly, theexternal auditor of a bank should alsofollowthemoststringent standardson qualitycontrol at theengagement level.28.PartAof this section describesthesupervisor‟sexpectationsasa userofthebank‟sfinancialstatements,specificallywithrespecttotheexternalauditor‟sknowledge, competence, objectivity, independence,professionalscepticismand qualitycontrol over the bank‟saudit.Part B identifies areaswheresupervisorsbelieve there isoften asignificant risk of material misstatement in a bank‟sfinancial statementsand factorstowhichthesupervisor expectstheexternal auditor topayattentionwhenauditingthoseareas.29.While theprimaryfocusin thissection is on the financial statementaudit, particularlyin Principles5 and 6, the external auditor may identifymattersin thecourseof the audit that areof interest tothesupervisor andthereforeshould be consideredfor communicationto the supervisor.Examplesof such mattershavebeen includedin Section 6.30.In some jurisdictions,aspart of thestatutory audit, the externalauditormay alsoundertakeadditional work to provideassuranceoninternalcontrolsor other aspectsof a bank‟soperations.Theprinciplesset out in this section providea relevant referencefor theperformanceof suchadditional work.31.Theprinciplesand explanatoryguidanceset out in thissectionprovidea frameworkfor the supervisor‟sinteractionswiththeexternalauditor,the audit committeeand the relevant audit oversight body.Theoutcome of theseinteractionswill inform thesupervisor‟sviewsastothequalityof theexternalaudit andcontributetothesupervisoryprocess.Basel iii ComplianceProfessionalsAssociation (BiiiCPA)www.basel-iii-association.com
  19. 19. P a g e | 19Theseprinciplesand explanatoryguidancealsoprovide a frameworktoassist theaudit committeein selectingthe external auditor and inassessingthe external auditor‟sknowledge, competence, objectivityandindependenceaswell asthe effectivenessof theaudit process.A. The supervisor‟s expectationsof the external auditor of abankKnowledge and competencePrinciple1: Theexternal auditorof abank should havebankingindustryknowledgeand competence sufficient torespond appropriately totherisksof material misstatement in thebank‟sfinancial statementsand toproperlymeet anyadditional regulatoryrequirementsthat maybepart ofthestatutory audit.32.Given thecomplexityand diversity of banking activities,and the legaland regulatory framework in whichbanks operate, the external auditor ofa bank should havespecialised knowledgeand competencein auditingbanksand should use expertsasappropriate.Knowledge33.Theresourcesrequired toperform theaudit should be suchthat theaudit engagement team, asa whole, has:- proficient knowledgeand understandingof, and practicalexperiencewith, the banking sector, associated banking industry and bank -specific risks,and the operationsand activitiesof banksand bankaudits.Theaudit engagement team may acquire thisproficiencythroughspecific training, participation in bank auditsor workin the bankingsector;Basel iii ComplianceProfessionalsAssociation (BiiiCPA)www.basel-iii-association.com
  20. 20. P a g e | 20- proficient knowledgeof applicableaccounting, assuranceand ethicalstandards, industrypractice and relevant guidancesuch asInternationalAuditing Practice Note (IAPN) 1000;- proficient knowledge of relevant regulatory requirements in the areasof capital and liquidity, and a general understanding of the legal andregulatoryframework applicableto banks;and- proficient knowledgeand understandingof IT relevant to bankaudits.34.In addition, theexternal auditor should consider whethertheauditengagement team should includespecialistswitha high degree oftechnicalaccountingknowledgerelevant to banking, particularlygiventhecomplexityof the requirementsof theapplicablefinancial reportingframeworkpertainingto accountingestimates,includingloan lossprovisions,fair valuemeasurements,andanyareasknowntobesubjecttodifferinginterpretationor inconsistent or developing practices.Competence35.Audit firms should have documented policies and procedures that setminimum competencycriteria for members of a bank‟saudit engagementteam.36.Supervisorsmay havethe abilitytoinfluencethecompetencyrequirementsfor external auditors.Whereregulationsandstandardsin particularjurisdictionsdonot includespecific competencyrequirementsfor banks‟external auditors,thesupervisormay encourage professional and regulatorybodies to introducerequirementsregardingtrainingin, and experiencewith, bank auditingand accountingsothat the audit engagement teamsfor bank auditsarecomprised of sufficientlycompetent staff.37.Competenceis particularlyimportant in underpinning anexternalauditor‟sabilityto exerciseprofessional judgment and carry out keyBasel iii ComplianceProfessionalsAssociation (BiiiCPA)www.basel-iii-association.com
  21. 21. P a g e | 21aspectsof theaudit, such asidentifying and assessingthe risksofmaterial misstatement and designingand implementingappropriateresponsestothose risks.Use of experts38.In someinstances,suchastheauditingofcertaincomplexaccountingestimates,more specialised knowledgemay berequired to support theaudit engagement team,egadditionalexpertisebeyond thatpossessedbytheaudit engagement team‟smembersinafieldotherthanaccountingorauditing.Examplesof such areasare valuation of complex financialinstruments,commercial propertyvaluationsand evaluation of highlycomplex IT environments,particularlyin areassubject to significant risksof material misstatement.39.Internationallyacceptedauditingstandardsset out requirementsforthenature, timingand extent of audit procedureswhichthe externalauditorshould perform to assessthecompetence, capabilitiesandobjectivityof the expertsthe external auditor may use.Theseare important factorsin consideringthe reliabilityof theinformation or resultsproducedby the expert.Objectivity and independencePrinciple2:Theexternal auditor of abank should beobjective andindependent in fact and appearance withrespect to thebank, consistentwiththemorestringent requirementsapplicabletopublic interestentitiesin internationallyaccepted ethical standardsBasel iii ComplianceProfessionalsAssociation (BiiiCPA)www.basel-iii-association.com
  22. 22. P a g e | 22Objectivity40.Objectivityis a fundamental ethical principleand a key element ofaudit quality. It requires that the external auditor‟sjudgment is notaffected by conflictsof interest.As objectivityis a state of mind that in most casescannot bedirectlyobserved by usersof financial statements, it is important for theexternalauditortobe independent in both fact and appearance.Independence41.Independence is freedom from situations and relationshipsin which areasonably informed third party would conclude that an external auditor‟sobjectivityisimpaired.Jurisdictional and internationallyaccepted auditingstandardsandinternationallyaccepted ethicalstandardslayout frameworksfor externalauditorsto identify and respond tothreatsto independence.42.Theexternal auditor of a bank must complywiththe applicablejurisdictionaland internationallyaccepted ethical standards.Furthermore, the Committeebelievesthat the external auditor of a bankshould complywith themore stringent independencestandards forpublic interestentities.Tothe extent that any of theruleswithinany one of thesestandardsonethics ismore restrictivethan thecorrespondingrule in theotherstandardson ethics,theexternal auditormust complywiththemorerestrictiverule.43.Independenceshould be observed not only in thecontext of thebankthat isbeing auditedbut alsowith respect to thebank‟srelated entities.Basel iii ComplianceProfessionalsAssociation (BiiiCPA)www.basel-iii-association.com
  23. 23. P a g e | 2344.External auditorsof a bank should complywithapplicablejurisdictional requirementson the rotationof members of theauditengagement team.45.Theaudit engagement team members,the audit firm and, whenapplicable, networkaudit firmsshould complywiththeindependencerequirementsof both thehome jurisdictionand the overseasregulatoryauthority(in the casewherethe bank is ultimatelyregulatedby anoverseasauthority).46.When assessingwhetheranyrelationshipor circumstanceposesathreat toan externalauditor‟sindependence,theexternal auditor shouldevaluatenot justthe specific ruleson independence,but alsothesubstanceof the threat toindependence, and how a reasonablyinformedthird partywouldperceive the threat and its effect on the externalauditor‟sobjectivity.Theprovision of significant non-audit servicesby theaudit firmand, when applicable, networkaudit firmsto thebank beingauditedmayparticularlyaffect a third party‟sperception of the externalauditor‟sindependence.Such situationsshould be carefullyevaluatedfor threatstothe externalauditor‟sobjectivityand perceived independence.47.Thesupervisor expectsthe external auditor toconsider activelypotential threatsto the auditor‟sindependence,specificallythe threat ofself-review, whendiscussingaccountingmatterswiththe management.For example, complex transactionsmay be structured to achieveaparticular accountingtreatment and/ or regulatory outcome.When anexternal auditor discusseswithor providesadvice tomanagement on such matters, theexternal auditor must exercisecaresoasnot to take on a management role or responsibility.Basel iii ComplianceProfessionalsAssociation (BiiiCPA)www.basel-iii-association.com
  24. 24. P a g e | 24Professional scepticismPrinciple 3: The external auditor should exerciseprofessional scepticismwhen planning and performing the audit of a bank, having due regard tothespecific challengesin auditing abank.48.Professional scepticism is definedas“an attitudethat includesaquestioningmind, beingalert toconditionswhichmay indicate possiblemisstatementduetoerrororfraud, andacriticalassessment ofevidence”.Professional scepticismshould manifest itselfnot onlythrough theauditorobtaining corroboratingevidencefor management‟sassertions,but alsochallengingmanagement‟sassertions, activelyconsideringwhetherthere are alternativeaccountingtreatmentsthat arepreferable to thoseselectedby management, and documenting theapproach, theevidenceobtained, the rationaleapplied and theconclusionsreached.Throughout the audit, the auditor should “adopt a questioningapproachwhenconsideringinformationand forming conclusions”.49.Exercisingappropriate professional scepticismiscriticallyimportantin auditsof banksbecauseof thenumber and significanceof accountingestimatesand the potential for limitedobjectiveevidencesupportingthoseestimates.Professional scepticismis particularlyimportant whenauditing areasthat:(a)involvesignificant management estimatesand judgmentsbecausetheseare more prone to management bias;(b) involve significant non-recurringor unusual transactions;or(c)are more susceptibleto fraud and errorsbeing perpetuated due toweakinternal controls.Basel iii ComplianceProfessionalsAssociation (BiiiCPA)www.basel-iii-association.com
  25. 25. P a g e | 2550.Specific areaswhereprofessional scepticism should be exercised bytheexternal auditorof a bank includeimpairment calculations,fair valuemeasurementsand goingconcern assessments,includingassessmentsofsolvencyand liquidity.Otherexamplesmayincludecomplextransactionsstructuredtoachieveaparticular accountingtreatment and/ or regulatory outcome by themanagement wherethe audit engagement partner hasor ought tohavereasonabledoubt that the proposedaccountingtreatment and/ orregulatoryoutcome isconsistent withtherelevant financial reportingframeworkor regulatory requirements.In thiscontext, theexternal auditor should actively challengemanagement‟sassumptionsand judgmentsand form independent views.This includeschallengingevidenceobtained from management thatcorroboratesmanagement‟sview.51.Where a bank consistentlyutilisesvaluationsthat are at thehigh or lowend of a rangeof acceptablevaluationsor whenthere areother indicationsof possiblemanagement bias, theexternal auditor should considerthisintheoverall risk assessment of thebank and should inform thosechargedwith governance, where appropriate.52.Theevidenceoftheextent ofprofessionalscepticismexercisedshouldbedemonstrable and understandablethroughaudit documentation thatdescribeshow,whyand what conclusionswerereached by theexternalauditor.In thisregard, internationallyacceptedauditingstandardsestablishminimum requirementsfor audit documentation.Quality controlPrinciple4:Audit firms undertaking bank auditsshould complywiththemorestringent requirementsonqualitycontrol applicableto listedBasel iii ComplianceProfessionalsAssociation (BiiiCPA)www.basel-iii-association.com
  26. 26. P a g e | 26entitiesin internationallyaccepted qualitycontrol standards, having dueregard to thecomplexityof abank audit.53.Audit firms must complywith the applicablejurisdictional andinternationallyaccepted standardson qualitycontrol.Furthermore, the Committeebelievesthat the external auditor of a bankshould complywith themore stringent requirementson qualitycontrolapplicabletolistedentitiesin internationallyaccepted qualitycontrolstandards.Tothe extent that any of theruleswithinany one of thesequalitycontrolstandardsismorerestrictivethanacorrespondingrulein theotherqualitycontrol standards, theexternal auditor must comply withthe morerestrictiverule.54.Theaudit of a bank should be subject to an engagement qualitycontrol review(EQCR) performed internallyby theaudit firm prior totheissuanceof theaudit opinion.Theengagement qualitycontrol reviewer should have theappropriateknowledgeand competencetoreview bank audits.Thereviewer should exerciseprofessional scepticismin assessingthequalityof audit evidenceand whethertheauditor‟s judgmentsareappropriate.55.EQCR shouldbepart of abroader firm-levelinternal system of qualitycontrol that emphasisesqualityand consultation and createsa culture ofcompliancewith auditingand ethical standards.56.Wherea networkof audit firms isinvolved in the audit of a bank, theindividual audit firmswithinthenetworkshould applyqualitycontrolprocessesthat comply withthis document.Basel iii ComplianceProfessionalsAssociation (BiiiCPA)www.basel-iii-association.com
  27. 27. P a g e | 27In such cases, theleadaudit engagement partner should be responsiblefor the performanceof a qualityaudit byall theteamsreportingto it.In doing so, the lead partner may place reliance on theprocessesbywhichqualitycontrol is exercised withinthe networkfirmsthat report toit.For example,theleadaudit engagement partnerof agroupaudit mayrelyon thefirm‟s processesfor(a) ensuring that each audit engagement team member(i)acquiresthe appropriateskills,knowledgeand experienceto performbank auditsand(ii) complieswithindependencerules,and(b) monitoringadherencetothe audit firm‟s policiesand procedures onqualitycontrol.57. The involvement of the engagement qualitycontrol reviewerthroughout the audit, and theoutcome of thequalitycontrolreview, should be evident in the audit workingpapers.Any significant discussionsbetweentheengagement qualitycontrolreviewerand the audit engagement team, particularlyin areaswhereviewsmay have differedand asto how conclusionswerereached, shouldbefullydocumented in the audit workingpapers.Thusin jurisdictionswherethesupervisor hasaccessto theexternalauditor‟sworkingpapers,the qualitycontrol review wouldalsobe at thesupervisor‟sdisposal.B. Supervisory expectationsof the audit of a bank‟sfinancialstatementsBasel iii ComplianceProfessionalsAssociation (BiiiCPA)www.basel-iii-association.com
  28. 28. P a g e | 28Identifying and assessing significant risks of materialmisstatement specific to a bank‟s financial statementsPrinciple 5: The external auditor of a bank should identify and assesstherisks of material misstatement in the bank‟s financial statements, takinginto consideration the complexitiesof banking activities and the need forbanksto have astrongcontrol environment.Identifying potential risks58.Banks are exposed to a varietyof risksthat can potentiallyaffect theresultsof their operationsor financial condition.Theseinclude, but are not limitedto, credit risk, market risk, liquidityrisk, operational risk and regulatory risk.New risksmay emergeor thesignificanceof each riskmay changeovertimeasa result of various factorsthat may be driven by changedcircumstancesor developmentsboth internal and external to thebank.59.In designing and performingthe audit of a bank, theexternal auditorshould assessthe inherent and control risk to determine therisk ofmaterial misstatementsat the financial statement and assertionlevels.By doing so, the external auditor gains an understanding of internalcontrolsthat are relevant to the audit, and particularly of the controlenvironment designedby the bank.60.Torespond totheassessedrisk of material misstatement, an externalauditorfollowsan audit strategy that includesboth substantiveproceduresand control testing.Given the nature of bank activities, includingthoseinvolvinga highvolume of transactions,banks implement controlsdesignedtoaddressrisksposed to the organisation.Basel iii ComplianceProfessionalsAssociation (BiiiCPA)www.basel-iii-association.com
  29. 29. P a g e | 29As a result, the external auditor of a bank should perform extensivetestsof controlsover financial reportingtoassesswhether,and to whatextent, the auditorcan rely on them.Materiality61.An understanding of the concept of materiality and determination ofmateriality thresholds is needed in order to establish the auditstrategy, and identify and assesswhether a risk of material misstatementexistsin the financial statements.62.Thedeterminationof what is material tothe financial statementsasawholeis a matter for theexternal auditor‟sprofessional judgment aboutmisstatementsthat could reasonablybe expectedtoinfluenceeconomicdecisionsof userstaken on the basis of the financial statements.63.Theexternal auditor should exercisecaution whenevaluatingidentifiedmisstatements.Thesemisstatementscould be an indicatorof widerissueswithinthebank which could potentiallylead tomaterial misstatementsin thefinancial statementsasa whole.Therefore, individual misstatementsshould not be dismissedsolelybecausetheyare belowthe level of materiality set for planningpurposes.64.For individual account balances, specific classesof transactionsordisclosures,internationallyaccepted auditingstandardsrequire theexternal auditor todeterminea lowerlevel of materialityfor thoseparticular account balances, classesof transactionsor disclosures,if theexternal auditor believesthat “misstatementsof lesseramountsthanmaterialityfor the financial statementsasa wholecould reasonablybeexpectedto influencethe economicdecisionsof users takenon the basisof the financial statements”.Basel iii ComplianceProfessionalsAssociation (BiiiCPA)www.basel-iii-association.com
  30. 30. P a g e | 30This is particularlyrelevant for auditsof banksbecausecertain financialstatement itemsare used in thecalculationof keymetricsused by a widerangeof usersof thefinancial statements.For example, regulatory ratios such as the leverage ratio, liquidity ratioand capital adequacy ratio are calculated based on account balances inthefinancial statementsor are derived from the financial statements.Assessing the risksof material misstatementInternal control and its components65.According to internationallyaccepted auditingstandards, internalcontrol componentsare the control environment, risk assessmentprocess, information and communicationsystemsand processes, controlactivitiesand monitoring of controls.66.Asstated in the BCBSPrinciplesfor enhancingcorporategovernance, arobust internal control environment is critical to the strength of a bank‟sgovernancesystem and itsability tomanage risk.Consequently, whenobtainingan understandingof thebank‟sinternalcontrol environment, the external auditor should, amongst otherconsiderations:- assessthe “tone at the top”, ie whethermanagement, withtheinvolvement of thosechargedwithgovernance,ispromotingarobustcontrol environment;- determine whether the control environment extends to all types ofoperations and service offerings and encompasses all subsidiariesandbranchesof thebanking group;- understand the bank‟sapproach tooutsourcing/ offshoring ofbusinessactivitiesandfunctionsand assesshowinternal control overtheseactivitiesismaintained;andBasel iii ComplianceProfessionalsAssociation (BiiiCPA)www.basel-iii-association.com
  31. 31. P a g e | 31- obtain an adequateunderstandingof the organisationof keycontrolfunctionswithin thebank and itssubsidiaries.At a minimum, keycontrol functionsincludetheinternal audit, riskmanagement, complianceand other monitoringfunctions.67.Compensation arrangements at a bank may be a good indicator of theculture within the organisation because they can influence the behaviourof the bank‟spersonneland thequalityof corporategovernance.Theexternal auditor should payparticular attention totherisksofmaterial misstatement in the financial statementsdue tofraud, particularlywherebanksemploy compensation arrangementsthat mayencourage excessiverisk-takingor other inappropriatebehaviour amongsttheir personnel.Control activities68.Internationallyacceptedauditingstandardsrequire theexternalauditortoobtain an understandingof control activitiesrelevant totheaudit which, in theauditor‟sjudgment, arenecessarytoassesstherisksofmaterial misstatement and toestablishthe audit strategy.Theassessment of thecontrol activitiesover financial reportingis criticalfor the designof further audit proceduresresponsivetoassessedrisks.When identifying and assessingrisksof material misstatement andassessingcontrols,the external auditor should take account of thefollowingfactors:- the knowledgeand competenceof thosein chargeof financialreporting and of other control functionshaving an impact onfinancial reporting;Basel iii ComplianceProfessionalsAssociation (BiiiCPA)www.basel-iii-association.com
  32. 32. P a g e | 32- the nature of hedgingstrategiesemployed by the bank which, ifcomplex, improperlystructuredor inadequatelymonitored, can haveaccountingand solvencyimplications;- the use of complex financial instrumentsinvolving significantestimatesof fair value;- theprovisionofcustodial servicestoretail and/ orinstitutionalclientsandtheproceduresin place toavoid co-minglingof client andproprietaryassets;- thevolume of transactionsby type of activityand/ or presenceofsignificant non-routinetransactions;- theuse and monitoring of internal accounts;- thestructure and complexityof IT systems for conductingbusinessand for facilitatingefficient businessand financial reporting, astheymayleadtoincreasedriskoffraud orerror,particularlywherethereispotential for individual overrideof the control system or thepotentialforfraudulent transactionstogoundetectedduetothesophisticationand complexityof the IT systems;- thenumber, scope and geographical dispersion of subsidiariesandthenecessity for complex consolidationprocedures;- theexistenceof significant transactionswith related parties;and- theuse of off-balancesheet financingarrangements,such asspecialpurpose entities(SPEs) and other complex structures.69. Banking supervisorsand thosecharged with governance, such astheaudit committee,needto be satisfiedthat the internal control iscommensuratewiththenature, volume and complexityof thebank‟sactivitiesand isorganisedin accordancewith regulatoryand legalrequirements.Theinternalcontrolofabank mustberobustandreliablein ordertocopewith stressed environments.Basel iii ComplianceProfessionalsAssociation (BiiiCPA)www.basel-iii-association.com
  33. 33. P a g e | 33Significant deficiencies in internal control whichhave been identified bytheexternal auditorshould be communicated in writingto thosechargedwith governanceand senior management, and other deficienciesininternalcontrol should becommunicatedtotheseniormanagement at anappropriatelevel of responsibilityon a timelybasis.In addition, theCommitteebelievesthat the external auditor shouldcommunicatein writingall mattersthat arelikely tobe significant totheresponsibilitiesof thosecharged withgovernance in overseeingthestrategicdirection of the entityor the entity‟s obligationsrelatedtoaccountability.Such mattersmay includesignificant decisionsor actionsbymanagement that lack appropriateauthorisation.Internal audit70.Theinternal audit function is an important element of theoverallinternalcontrol environment.It providesassurancetotheboard of directorsandsenior management onthequalityand effectivenessof a bank‟sinternal control, risk managementand governance systems and processes.Theworkof internalauditorscanhelpexternalauditorsassessthequalityof the internal control processesand identify risks.71.Whether ornot theexternalauditorexpectstousethework ofabank‟sinternalauditors, providedthere is noreasontodoubt theirknowledge,competenceand objectivity, theexternal auditorshouldengagewith, and seek information on key internal audit findingsfrom, theinternalauditors.Thismayprovidevaluableinput intotheexternalauditor‟sunderstandingof the entityand itsenvironment and aid in identifying and assessingrisksof material misstatement.Basel iii ComplianceProfessionalsAssociation (BiiiCPA)www.basel-iii-association.com
  34. 34. P a g e | 34Theexternal auditorshould consider readingrelevant internal auditreportsif theinformation obtained from engagingwiththe internalauditorsindicatesissuesthat may havean impact onthe financialstatement audit.72.Theexternal auditor‟sobservationson and, whererelevant, evaluationof a bank‟sinternalaudit function are of particular interesttothe auditcommitteeand the bank‟ssupervisorgiven the rolean effectiveinternalaudit function plays in maintaininga robust control environment in abank.Responding to significant risks of material misstatementspecific to a bank‟sfinancial statementsPrinciple6:Theexternal auditor of abank should respond appropriatelytothesignificant risks of material misstatement in thebank‟sfinancialstatements.73.Having identifiedand assessedthe risksof materialmisstatement, internationallyacceptedauditingstandardsrequire theauditortoidentifyanyareaswherethereis a significant risk of materialmisstatement. Paragraphs78-98belowset out keyaudit areasof a bank‟sfinancial statements,wherethere is often a significant risk of materialmisstatement.74.In additiontotheareasset out in paragraphs78-98, there are otheritemsin a bank‟sfinancial statementswhoseregulatory treatment couldgiverise to incentivesfor management biasin the recognitionormeasurement of such items.Asaconsequence,thereisagreaterriskof materialmisstatement oftheseitemsin the financial statements.This may lead toinappropriateapplicationof regulatory rulesto theseitemsand a material misstatement of thebank‟scapital position.Basel iii ComplianceProfessionalsAssociation (BiiiCPA)www.basel-iii-association.com
  35. 35. P a g e | 35Examplesof such itemsare deferred tax assets,investmentsinunconsolidatedentities, pension fund assets, and the classificationoffinancial instruments.External auditorsshould thereforebe alert toany likelihoodthat thetreatment of such itemsin the financial statementsis influencedbymanagement biastowardsadesiredregulatoryoutcomeandconsiderthisin their risk assessment of thebank.External auditorsshould alsobe awarethat management biasmaychangeover time dependingon, for example, the extent to whichthebank isable tomeet itsregulatory requirements.External auditorsshould evaluateestimateswhichmay be subjecttothisbias, and any potential audit differencesotherwiseidentified, in thecontext of theimpact on regulatory capital or regulatory capitalratios,consistent withparagraph 64.75.Areas of significant risk of material misstatement particularlyrequirean external auditor toapplyprofessional judgment and experience.Internationallyaccepted auditing standardsrequire that theexternalauditorobtain sufficient appropriate audit evidence51regarding theassessedrisksof material misstatement, through designingandimplementingappropriate responsesto thoserisks.76.Internationallyacceptedauditingstandardsrequire special auditconsiderationfor areaswheresignificant risksof material misstatementare identified.Given that theseareasare associated withissuesthat the external auditoridentifiesashighly important for the bank, these areasare worthyofdiscussion withthose chargedwithgovernance.77.As the categoriesof what may be a significant risk for a bank maychangeover time, the list of audit areasprovided in paragraphs78-98ofBasel iii ComplianceProfessionalsAssociation (BiiiCPA)www.basel-iii-association.com
  36. 36. P a g e | 36thisdocument asareaswherethere isoftena significant risk of materialmisstatement is not intendedto be comprehensive.Loan lossprovisioning78.Loan lossprovisioning is generallymaterial for a bank‟sfinancialstatementsand thecalculationof capital and keyperformancemetrics.Themeasurement of loanlossprovisionsin accordancewithinternationallyaccepted accountingprinciplesinvolvescomplexjudgmentsabout credit riskwhich may besubjectivein nature.79.Thefactorsthat theexternal auditor needstoconsider in identifyingand assessingthe significant risksof material misstatement in relationtoloanlossprovisioningand the relatedallowancefor loan lossesinclude:(a)Theestimationtechniquesusedtocompute provisionsand how thetechniquesvary among and withinbanks.(b)How management hasassessed theeffect of estimationuncertaintyonthelevel of provisioning, and theeffect suchuncertaintymay have on theappropriatenessof therecognised provisionand thesufficiencyof therelatedallowancefor loanlossesin the financial statements.(c)All knownand relevant impairment indicatorsfor loan exposureswhichincludepreviouslyunexpectedadversedevelopmentsinthemarket oreconomicenvironment, adverse movement in interestrates,restructuring, inadequate underwritingpoliciesadopted by thebank, overduepayments, failure of the borrower tomeet budgetedrevenuesor net income, covenant breachesand forbearance.(d)Whether thebank hassought perspectivesand data from differentfunctionswithin the bank, includingrisk management, credit andinternalaudit, aswell asreliable sourcesexternal tothe bank, includingpeer data and regulator perspectivessoasto consider all relevant andavailableinformation in assessingimpairment.Basel iii ComplianceProfessionalsAssociation (BiiiCPA)www.basel-iii-association.com
  37. 37. P a g e | 37(e)Accounting rulesfor provisioningmay differ from theprovisioningrules that applyfor regulatory reportingor capital purposes.It may thereforebe customaryfor bankstohave different processesandsystems togenerateloanlossprovisionsfor accounting purposesand forregulatorypurposes.Further, there can be material differencesin the applicationof the sameset of accountingand/ or regulatory rulesby individual banks.Largedifferencesbetweenprovisionsfor accountingpurposesand forregulatorypurposesmay indicatea risk of material misstatement of theaccountingprovision.In addition, whilst for regulatory capital purposesunder theBaselframeworkthe accountingloan lossprovisionfor internal ratings-basedapproach(IRB) portfoliosis replacedbythe regulatoryexpectedlossprovision, the level of the accountingprovisionmay neverthelesshave animpact on thelevel or the compositionof regulatory capital, duetothetreatment of thetax effect of provisionsand the allocationof any excessprovision to capital tiers.External auditorsshould be alert toany management biasin thisarea.(f)Disclosuresshould enableuserstoassesstheloan lossprovisioningmethodologyapplied by the bank, regardinghow it relatestocredit riskforthat bank, andhowit compareswithmethodologiesappliedacrossthebankingsector.Financial instruments measured at fair value80.Abank‟sportfolioof financial instrumentsmeasured at fair value canrangefrom “plainvanilla” financial instrumentswhichare frequentlytraded in liquid marketswithobservablemarket prices, and involve lessmeasurement uncertainty, tothosewhichare customised, complex, andBasel iii ComplianceProfessionalsAssociation (BiiiCPA)www.basel-iii-association.com
  38. 38. P a g e | 38wherethe valuationis basedon significant unobservable inputswithasubstantial amount of management judgment.Financial instrumentsmeasured at fair value alsoincludefinancialinstrumentsthat aresubject toan impairment assessment which is a keyarea of judgment.81.Where thereare changesin the composition of a bank‟sportfolio offinancial instruments– whetherdue to changesin customer demand, thebank‟sapproach to managingrisk and liquidity, or changesin prudentialregulation– thebank willneedtoevaluateanyaccountingimplicationsofthechanges.82.Accounting standardscontain requirementson recognition;initialand subsequent measurement (includingimpairment); reclassificationfrom fair value toamortised cost; presentation;and disclosures.Becausetheserequirementsare complex, they may be difficult tointerpret and apply, and thereforethe external auditor often needstoutilisemore complex and wider-rangingaudit proceduresto obtainsufficient appropriateaudit evidencetosatisfyhim/ herselfthat thefinancial statementsare not materiallymisstated.Theclassification of an individual financial instrument may beparticularlyimportant for achievinga favourableregulatory outcome.83.In adoptinga sceptical approach to management‟sassumptionsregardingthevaluation of financial instrumentsfor which therearesignificant unobservableinputs,IAPN 1000,Special considerationsinauditingfinancial instruments,setsout specificaudit proceduresthat maybefollowedin auditingfinancial instrumentsmeasured at fair value.Liabilities including contingent liabilities arising fromnon-compliance with lawsand regulations, and contractualbreachesBasel iii ComplianceProfessionalsAssociation (BiiiCPA)www.basel-iii-association.com
  39. 39. P a g e | 3984.Non-compliancewith, or material breachesof, the prudentialframework,conduct requirements, legal requirementsor contractualagreementscould leadto legal or supervisoryactionsagainst abank, therebyexposingthebank topotential litigationand/ or theimpositionof substantial penalties.Such eventsmay require recognition of provisions, contingent liabilitiesand/ orqualitativedisclosuresin thebank‟sfinancial statements.Further, any adverse impact on the bank‟s reputation resulting from thisnon-compliance could have consequences for the bank‟s going concernassessment.85.In the courseof theaudit, the external auditor should remain alert toactual or suspectedbreachesof prudential regulations,particularlythosethat are likely tobeof material significancetothe functionsof thesupervisor.As noted in Section 6 below,55if theexternal auditor identifiesany suchbreachesof material significance,theauditorshouldnotify thesupervisorimmediately.Disclosures86.Anumber of factorshave contributedto an increased demand fromusersfor more relevant and extensivequalitativeand quantitativedisclosures.Theseincludethe increasedcomplexityof businesstransactions,includingoff-balancesheet transactionsand non-recognition of assetsand liabilities,and increaseduse of fair value and other accountingestimates,withsignificant uncertaintiesand changesin measurementattributes.87.While accounting standards specify disclosure objectives, thestandards may not always prescribe in all circumstances specificdisclosuresto meet thoseobjectives.Basel iii ComplianceProfessionalsAssociation (BiiiCPA)www.basel-iii-association.com
  40. 40. P a g e | 40Therefore, there may be a substantial amount of judgment in assessingwhetherdisclosuresarepresentedfairlyinaccordancewiththedisclosureobjectivesin the relevant accountingframework.88.Increasedtransparencythrough fairly presented public disclosuresenhancesmarket confidence.It is thereforeimportant that thebank providedisclosureswhich presentthebank‟sfinancial condition, the riskstowhichit isexposed and howtheyare managed, and aremeaningful and responsiveto changesinmarket conditionsand perceived risks.89.In respondingtothe significant risksin this area of audit, theexternalauditorhasan important role to playin encouraging consistent andmeaningful disclosureswhich present thebank‟sfinancial condition in awaythat isinformativeand understandableto usersof financialstatements.90.In the courseof itsaudit work, the external auditor should be alert toanyindicationsthat disclosuresin financial statementsare not consistentwith the bank‟sprudential information such ascapital adequacyandliquidityposition disclosureswithinthe financial statements.Going concern assessment91.Agoing concerngivesrisetotwoseparate issues:(a)whetherthegoingconcernbasisofpreparationof financial statementsis appropriate; and(b)theexternalauditor‟sevaluationof thebank‟sassessment of itsabilitytocontinuetomeet itsobligationsfortheforeseeablefuture(forat least12monthsafter the dateof thefinancial statements) and whethertherearematerial uncertaintiesin thisregard that should be disclosedin theapplicableaccountingframework.Basel iii ComplianceProfessionalsAssociation (BiiiCPA)www.basel-iii-association.com
  41. 41. P a g e | 4192.Theworkthe external auditor performs toassessthe going concernstatusof a bank isdifferent from that likelyto be performed for anon-bank entitybecauseof the contractual termsof bank assetsandliabilities(maturitymismatch), the potential for regulatoryintervention, and theimpact that the signallingof anyuncertaintyoverthebank‟sabilityto continueasa goingconcern could have on theshort-termviability of thebank.93.Examplesof reasonsthat make thegoingconcern assessment of abank uniqueare asfollows:(a)Current emerging risks and concernsspecific to the bank or thebankingindustryasa wholemay have an impact on the historical trendsfor the specific bank in sucha manner that thehistorical trendsmay notreflect the likely trend over thenext year.For example, during periodsof market turmoil, normal sourcesoffundingmay no longer be available, asdepositspayable on demand mayrun off more quicklythan historical experiencewouldcontemplateandsuch deposits may bedifficult to replace.(b)As banks arehighlyleveraged, a small changein asset valuationmayhavea substantial impact on the adequacyof a bank‟sregulatory capital.Marketrisksmaybesuchthat financial instrumentsheldat fairvaluemaybesubject tosubstantial changesin valuein the short term and significantvolatility over the longer term.Adecreasein regulatory capital may result in a downgradeby ratingagenciesmakingfunding more expensive and possiblyharder toobtain.94. Given these and other risks, banks are required tomeet liquidityrequirementsand capital ratios set by thebank supervisoryauthority.There should be equal emphasison the evaluation of liquidityandsolvencyof thebank for the period over whichthe going concernassumptionhasbeen assessed:Basel iii ComplianceProfessionalsAssociation (BiiiCPA)www.basel-iii-association.com
  42. 42. P a g e | 42(a)Liquidity: Factorsto assessincludethe reasonablenessand reliabilityof the cashforecast for at least12monthsafter the date of thefinancialstatements,liquidityrisk disclosures,regulatory or contractualrestrictionson cash, loancovenants,and pensionfunding.(b)Solvency: Giventhepotential adverseimpact of capital adequacyconcernson theconfidencein abank and, asa consequence,on thebankoperatingasa goingconcern, the external auditor will need toconsidertherobustnessof thebank‟ssystem for managing capital.In addition, theexternal auditor will need to consider the capital positionin relationtothe current and any knownfuture capitalrequirements,definitionsof capital resources,and challengesof raisingcapital.This is particularlycriticalwherecapital levelsare strained, accesstocapital resourcesis restrictedor where, for example, thebank‟sannualreport or internal capital projectionsincludeambitiousprojectionsofimprovementsin capital levels.95. In respondingto the significant risksin this area of audit, andassessingmanagement‟sassertion that a bank isa goingconcern, factorswhicharenecessaryto consider are:(a)therobustnessof thebank‟sown systemsand controlsfor managingliquidity, capital and market risk;(b)theprudential informationthat isreported tosupervisorscoveringthebank‟ssolvencyand capital;(c) anyexternal indicatorsthat reveal liquidityor fundingconcerns;and(d) theavailabilityof short-term liquiditysupport.96. Given the above risks and the possible systemic implications, if thereare any significant doubtswhich may cause material uncertainty over thebank‟sabilityto continue asa goingconcern, and if the external auditorBasel iii ComplianceProfessionalsAssociation (BiiiCPA)www.basel-iii-association.com
  43. 43. P a g e | 43considersreferringtothe goingconcern issuein theaudit report, theexternal auditor should promptlycommunicatethis fact to thesupervisors.Securitisations – SPEs97.Thebanking sector is involved in activitiessuch assponsoring (ororiginating) structured products/transactionsthat supportmaturity, credit and liquiditytransformationrisksmore oftenthan otherindustrysectors.Thesponsoringbank doesnot ordinarilyfund such activities.Thefunding is generallyprovidedby other parties.However, thesponsoring bank may be exposed to riskssuch asreputational risk in the event of the sponsoredentityencounteringfinancial or operational difficulties.98.Such activitiesrequire special considerationby the external auditorand are of interest to the supervisor for thefollowingreasons:(a) Accounting concern –Accounting frameworksare oftenprinciples-based,whichmayresult indifferent treatmentsofeachofthesecomplex transactions.In addition, becausetheseare highly structured products, theiraccountingtreatment may vary based on the factsand circumstancesofeach transaction, eg whereSPEsare tailoredto remain off thebank‟sbalancesheet.In theseinstances,it is necessaryfor theauditortoevaluatethejudgmentsmadeby themanagement and consider whethertheaccountingtreatment is appropriate and the disclosuresaresufficient.Basel iii ComplianceProfessionalsAssociation (BiiiCPA)www.basel-iii-association.com
  44. 44. P a g e | 44(b)Regulatoryconcern – Becauseof thecomplexityof the securitisationandthechain of financial intermediation, thesponsoring bank in an“originatetodistribute” model may underestimatethe real risktransferred or the risk retainedon itsbalancesheet (includingreputationrisk and conflictsof interest in caseof defaultson thesecuritisedassets).Even so, the originatormay be ableto benefit from an off-balancesheettreatment for the assetsunderlying thesetransactionsand hencemay notberequired tohold additional regulatorycapital unlessspecificallyrequiredby thesupervisor.Theexternal auditorshould be alert to whenthe supervisorrequiresadditional capital even though theoff-balancesheet accountingtreatment appliedbythebank isappropriate.(c)Interconnectivity– Increasesthe correlationbetween banks and othernon-bankingsectors, whichcan add tothe global systemic risk.5. Supervisory expectationswith regard to a bank‟s auditcommittee and its relationship with the external auditor99.The BCBS‟s paper on the Internal audit function in banks(June 2012)and its paper on Principles for enhancing corporate governance (October2010) describe the main resp on sib ilities of a ban k‟s au d it committ ee .Theaudit committee has, amongst others, a number of responsibilitieswith respect to the external auditor and the statutoryaudit.Theaudit committee approves, or recommendstothe board of directorsfor approval, the appointment, reappointment, dismissal andcompensation of theexternal auditor.Theaudit committeealsomonitorsand assessestheindependenceof theexternal auditor.100.Theaudit committeeoverseesthebank‟sstatutoryaudit process.Basel iii ComplianceProfessionalsAssociation (BiiiCPA)www.basel-iii-association.com
  45. 45. P a g e | 45Key aspectsof the audit committee‟swork encompassthe assessment oftheeffectivenessof the external audit process.Theaudit committee should require that seniormanagement take thenecessarycorrectiveactionstoaddressthefindingsandrecommendationsof theexternal auditorin a timelymanner.101.Thediscussion below focuseson theaudit committee‟sresponsibilitiesin relationtothe oversight of, and itsrelationshipwith, the external auditor topromote and support the integrity, objectivityand independenceof theauditor, the qualityof the external audit and thecompetenciesthat underpin that quality.Toenablethe audit committeeto carryout itsoversightresponsibilities, whichalsocontributetothe effectivenessof the auditprocess, theprinciplesin thissection promote effectivetwo-waycommunicationbetweentheaudit committeeand the external auditor.It is important to note that all thediscussionsbelow stem from animportant overarchingprinciple:namely, that there shouldbe afrank, open workingrelationship and a high level of mutual respectamongstall partiesinvolved.102.Theprinciplesand explanatoryguidancein this section form thebasisfor the supervisor‟smonitoring of the effectivenessof theauditcommitteein itsoversight of theexternal auditor.Appointment of the external auditorPrinciple7:Theaudit committee should have arobustprocessforapproving, orrecommendingfor approval, theappointment, reappointment, removal and remuneration of theexternal auditor.103.Theaudit committeehastheprimary responsibilityfor approving, orrecommending to theboard of directorsfor approval, theappointment, reappointment, removal and remunerationof the externalauditor. Basel iii ComplianceProfessionalsAssociation (BiiiCPA)www.basel-iii-association.com
  46. 46. P a g e | 46In doing so, the audit committeeshould determineappropriatecriteriaforselectingthe external auditor and regularlyassesstheknowledge,competence,independence(seePrinciple8below) of theexternalauditorandeffectiveness(seePrinciple9below)of theexternalaudit, havingdueregard to the guidancein Section 4.104.Theaudit committee‟sproceduresfor approving or recommendingtheapproval of the external auditor should alsoincludea risk assessmentof the likelihood of the withdrawal of theexternal auditor from theaudit, and how thebank wouldrespond tothat risk.105.Theaudit committeeshould contribute a sectiontothebank‟sannual report whichexplainsthe approach taken regardingtherecommendation of the appointment or reappointment of theexternalauditor, and should includesupporting information on thetenure of theincumbent auditor.106.If the board of directorshasapproval responsibilitieswith respecttothe external auditor, but doesnot accept the audit committee‟srecommendation, it should includein the annual report, and in anypapersrelatingto theappointment/ reappointment/ dismissal of theexternal auditor, a statement explainingthe audit committee‟srecommendation and the reasonswhytheboard of directorshastaken adifferent position.107.Theaudit committeeshould assesstheoverall qualityof the externalauditor, prior toitsfirst appointment and at least annuallythereafter.Tothat end, the audit committeeshould request that the external auditorreport on theexternal auditor‟sown internal qualitycontrolprocedures,including the audit firm‟s EQCR process, and any significantmattersof concernsarisingfrom theseprocedures.Theaudit committee should alsoconsider, whereavailable, the externalaudit firm‟s annual transparencyreport and any inspectionreportson theaudit firm issuedbythe relevant oversight body.Basel iii ComplianceProfessionalsAssociation (BiiiCPA)www.basel-iii-association.com
  47. 47. P a g e | 47108.Theaudit committeeshould maintain an understandingandknowledgeof:- thestructure and governance of the audit firm;- thecurrent nature of the audit environment, includinganyoverseasjurisdictionswherethe bank operates;- significant issues and concerns raised by the relevant audit oversightbody regarding the audit firm, and the auditor‟s action in addressingtheseconcerns, to understand how these shortcomingsmay affect thequalityof theaudit of the bank;- thenature of bankingregulatory actionsand conditionsthat couldhavean impact on theexternal auditor‟swork on thebank, includinganyregulatoryactionsand conditionsspecific tothebank beingaudited, or to actionsand conditionsthat the supervisor is imposingon all banks (for example, through newlyimplemented regulationsandpolicies);and- public lessonslearnedfrom any recent external audit failuresassociatedwiththebank‟saudit firm and howthefirm hasdealt withthem sothat similardeficienciesdonot occur.109.Theaudit committeeshould alsosatisfyitself that the level of theaudit feesis commensurate with the scope of workundertaken.Wherefeereductionsare offered and accepted, theaudit committeeshould seek assurancethat thesereductionsdo not implyaninappropriateincreasein the materialitylevel tobe applied by theexternal auditor, or a narrowingof the external auditor‟sproposed scopeof the audit, or a reduction in the attentionwhichwill be given to eachbusinesscomponent and thesignificant audit risksidentified.110.Theaudit committeeshould discussand agreeto theterms of theengagement letter issued by the external auditor prior to the approval oftheengagement.Basel iii ComplianceProfessionalsAssociation (BiiiCPA)www.basel-iii-association.com
  48. 48. P a g e | 48Whererelevant, theaudit committeeshould agree toan engagementletterthat hasbeenupdatedtoreflectchangesin circumstances, such asthosearisingfrom changesin legal requirementsand changesin thescopeof theexternal auditor‟swork asa result of revisionstointernationallyaccepted auditing standardswhichhave arisen sincethepreviousyear.111.If the external auditor resigns or communicatesan intentiontoresign, the audit committeeshould followup on thereasons/explanationsgivingrisetosuchresignationand considerwhethertheaudit committeeneedstotakeanyactioninresponsetothosereasons.Independence of the external auditorsPrinciple8:Theaudit committee shouldmonitor and assesstheindependence of theexternal auditor.112.Theindependenceof the external auditor is one of the mainprerequisitesfor anadequatelevel of audit quality.As such, theaudit committeeshould understand theapplicableindependencerequirements.Theaudit committee should have proceduresto monitor and assesstheindependenceof theexternal auditor at least annually, taking intoconsiderationrelevant national laws,regulationsand professionalrequirements.Theassessment should alsoinvolve a consideration of all relationshipsbetweenthebank andtheaudit firm (includingtheprovisionofnon-auditservices) and any safeguardsestablishedby the external auditor.113.Where the audit firm hasbeen theexternal auditor of thebank formanyyears, there may be a perception that there is a familiarity orBasel iii ComplianceProfessionalsAssociation (BiiiCPA)www.basel-iii-association.com
  49. 49. P a g e | 49self-interest threat to the external auditor‟sobjectivityand independencein itsaudit of the bank.However, when the bank changes its external auditor, there is a risk thatthe depth of understanding of the bank and its activities and systems willbelost.This may affect the new external auditor‟sabilityto identify risks ofmaterial financial statement misstatementsand respond tothemappropriately, and hencemay detract from the qualityof the audit.114.Audit committeesshould have a policy in placethat stipulatesthefrequencywithwhichthere should be a tender for the external auditcontract.Thepolicyshould alsocall for the audit committeeto considerperiodicallywhetherthere should be a limit tothe length of an externalauditor‟stenure asthe bank‟sexternal auditor giventhe potential impactof audit firm rotation on independenceand audit quality.115.Audit committeesshould understand theaudit firm‟s policy onrotation of members of the audit engagement team and theaudit firm‟scompliancewith anyjurisdictional or other localregulatory requirementsin this regard.116.As describedin Principle2, the audit committeeshould seekassurancethat the audit engagement team membersand their firm and,whenapplicable, the network external auditorshaveno financial,personal, businessor other relationshipswiththebank whichcouldadverselyaffect theauditor‟sactual or perceivedindependenceandobjectivity.The audit committee should seek from the external auditor, at least on anannual basis, information about the audit firm‟s policies and processesformaintaining independence and monitoring compliance with the relevantindependencerequirements.Basel iii ComplianceProfessionalsAssociation (BiiiCPA)www.basel-iii-association.com
  50. 50. P a g e | 50117.Audit committeesof banks should develop a formal policywhichgovernstheacceptanceof non-audit servicesprovidedby theauditor.Amongst other provisions,the policyshould includecriteria for the typesof non-audit servicesthat the external auditor may provideor isprohibited from providing, and rulesstipulatingwhenadvanceapprovalbythe audit committeeisrequired for theauditor‟s performanceofnon-audit services.Thepolicyshould be reviewedperiodicallyand complianceshould bemonitored, takingintoaccount thecontentsof Section 4of thisdocument.118.Where non-audit servicesare provided by the external auditor, theaudit committeeshould monitor and establishthat theprovision of suchservicesdoesnot impair theexternal auditor‟sobjectivityandindependence,taking intoconsiderationvariousfactorsincludingtheskillsand experienceof the external auditor, safeguardsin placetomitigateanythreat toobjectivityandindependence,andthenatureofandarrangementsfor non-audit fees.119.Where the external auditorprovidesnon-audit servicestothebank, the bank‟sannual report should explain toshareholdersthenatureof and thefee arrangementsfor thenon-audit servicesreceived, andhowauditorindependenceissafeguarded.Effectivenessof the external auditPrinciple9:Theaudit committee should monitor and assesstheeffectivenessof theexternal audit.120.At the start of each audit, the audit committeeshould considerwhetherthe audit approach is appropriate, includingconsiderationsontheaudit scope, thelevel of materiality, areasof focusand whetherplannedaudit proceduresaddressthe areasof significant risk for thebank, in particular thoseareasdescribedin Section 4 of this document.Basel iii ComplianceProfessionalsAssociation (BiiiCPA)www.basel-iii-association.com
  51. 51. P a g e | 51121.Theaudit committeeshould consider whethertheproposedresourcesto executetheaudit plan arereasonablegiven the scope of theaudit engagement, the nature and complexityof thebank‟soperations,and itsstructure and activities.Theaudit committee should understand thenature and extent of auditworkthattheexternalauditorintendstorelyuponwheretheaudit workisperformed by network firm personnel or other audit firms.122.Theaudit committeeshould obtain confirmation from the externalauditorthat there isadequateknowledge, competenceand expertisewithintheaudit engagement team andthat theaudit will beconductedincompliancewith internationallyaccepted auditingstandards, aswell asany applicablelawsand regulations.123.Theaudit committeeshould discusswith the external auditor thefindingsof the latter‟swork.In the courseof itsmonitoring, the audit committeeshould:- Obtain anunderstanding of the external auditor‟sview on anymajorissuesthat aroseduring the audit (includingthoseissuesthat weresubsequentlyresolved aswell asthosethat have been leftunresolved), in particular the external auditor‟sexplanationof thesignificant judgmentstheaudit engagement team made and theconclusionsit reached.This should includethe discussionswith management and thejudgmentsinvolved, therangeof possibleoutcomesand, whereavailable,a comparisonof thebank‟spositionwith that of itspeergroup (on an anonymous basis), includinga comparison withpreviousperiodson such major issues;- Obtainan understandingof the rationalebehindthe final conclusionsdrawnby the audit engagement partner on significant accountingand auditingmatters,particularlyin thosecircumstancesBasel iii ComplianceProfessionalsAssociation (BiiiCPA)www.basel-iii-association.com
  52. 52. P a g e | 52wheretheaudit engagement partner‟sconclusionsdifferedfromthoseof theengagement qualitycontrol reviewer;and- Review the nature and levelsof misstatementsidentified during theaudit, obtainingexplanationsfrom management and, wherenecessary, theexternal auditor asto whycertain errorsmight remainunadjusted.124.Theaudit committeeshould alsodiscusswiththe external auditortheaudit representation lettersbeforesignature bythe boardofdirectors/ seniormanagement and give particular consideration tomatterswherespecific representation hasbeen requested.Theaudit committee should consider whetherthe informationprovidedon each of the itemsin therepresentationlettersiscomplete andappropriatebased on itsown knowledge.125.As part of the ongoingmonitoringprocess, the audit committeeshould discusswiththe auditorthe management letter (or equivalent)and any other audit-relatedreportsprovidedtothebank.In particular, the audit committee should discuss with the externalauditor any significant deficiencies identified in the bank‟s controlenvironment and in itsinternal control over financial reporting.126.At the end of the audit engagement period, the audit committeeshould:- consider whethertheaudit firm hasfolloweditsaudit plan andunderstand thereasonsfor any changes,includingchangesinperceivedaudit risksandtheworkundertakenbytheexternalauditortoaddressthose risks;- obtain feedback about the conduct of theaudit from key bankpersonnel involved, eg theheadsof financeand internal audit; andBasel iii ComplianceProfessionalsAssociation (BiiiCPA)www.basel-iii-association.com
  53. 53. P a g e | 53- report totheboard of directorsonthe effectivenessof the externalaudit process.127.Theaudit committeeshould seek toobtain information from theexternal auditor on the main findingsof audit qualityreviewsof thebank‟saudit and theaudit firm‟s qualitycontrol systems by auditoversight bodies.Relationship between the audit committee and the externalauditorPrinciple10: Theaudit committeeshould have effective communicationwith theexternal auditortoenabletheaudit committeetocarryout itsoversight responsibilities andtoenhancethequalityof theaudit.128.Thefoundation for an effectiverelationship is regular, timely, openandhonestcommunicationbetweentheaudit committeeandtheexternalauditor.Regular dialoguebetweenthetwopartiesshould be held throughout thereporting cycle of the bank.129.Whileboth cooperation and challengesare neededbetweentheexternal auditor and the audit committeefor the external audit to beeffective, theneedfor cooperationshouldneverprevent robust challengesfrom being made whenneeded.Such challengesare a key responsibility of the audit committeeand arepart of theproductive dialogueon key judgmentsthat can result instronger and deeper understandingof and viewson the positionsof allparties.130.In order to reinforce the audit committee‟s effectivenessand enhancethe quality of the audit, the audit committee should consider inviting theexternal auditor toattend audit committeemeetings(except whenBasel iii ComplianceProfessionalsAssociation (BiiiCPA)www.basel-iii-association.com
  54. 54. P a g e | 54discussingmattersin relationto the assessment of the external auditor),even if there are noitemsexplicitlyrelevant tothe external audit on theagenda.Theexternal auditor‟sattendanceshould facilitatetheexchangeof viewson businessperformance, risk and other topics.Further,toenhanceaudit quality, theaudit committeeshouldconsider, ifnecessary, assistingtheexternal auditortogain accesstoany othercommitteemeetingsthat the external auditor determinesto be relevantfor the auditor‟swork.131.Theaudit committeeshould have the right and authoritytomeetregularly– in the absenceof executivemanagement – with theexternalauditor.This will enablethe audit committeetounderstand and discussall issuesthat may havearisenbetweentheexternal auditorand bank managementin thecourse of the external audit and how these issueshavebeenresolved.In addition, thesemeetingsshould addressany other mattersthat theexternal auditor believesthe audit committeeshould be awareof in ordertoexerciseitsresponsibilities.132.The audit committee should discusswith the auditor any mattersarising from the statutory audit that may have an impact on regulatorycapital or disclosures.This may includediscussionof theinteractionbetween theaccountinginformation and theregulatory information, eg accountingimpairmentchargesversusregulatory expectedlosses,or the consistencyof thebank‟sPillar 3 reportingwithitsannual report.133.Theaudit committeeshould discusswiththeexternal auditor anysignificant issuesidentified in the course of theaudit, in particular inBasel iii ComplianceProfessionalsAssociation (BiiiCPA)www.basel-iii-association.com
  55. 55. P a g e | 55areaswhichcould be relevant tofuture financial statements,topromoteearlydiscussionand planning.This includesupcoming changesin accountingstandards or regulationsandtheconsequencesof material transactions.134.Theaudit committeeshould alsocommunicateto theexternalauditormattersthat are likely tobe of significant influenceon theconduct of thestatutoryaudit.Such mattersmay encompasssubjectsthat the audit committeebelieveswarrant particular attention, significant communicationswiththesupervisor,or other mattersthat the audit committeeconsidersmayinfluencethe audit of the financial statements.Reporting by the external auditor to the audit committeePrinciple 11: The audit committee should require the external auditor toreport toit on all relevant matters toenablethe audit committee to carryout itsoversight responsibilities.135.In some jurisdictions,aspart of the statutoryaudit, the auditorsarealsorequired by law or regulationstoexpressan opinion on the controlenvironment of thebank and provide additional reportingof mattersidentifiedaccordingly.Theexplanatoryguidancein thefollowingparagraphsonlycoversreporting totheaudit committee that may be required in thecontext ofthefinancial statement audit.136.Theaudit committeeshould expect the external auditor tocommunicatepromptly tothe audit committeeany significant auditfindingsnoted in thecourseof the audit and any significant problemsencounteredin carrying out theaudit.Basel iii ComplianceProfessionalsAssociation (BiiiCPA)www.basel-iii-association.com
  56. 56. P a g e | 56137.Upon completion of the audit work, theexternal auditor shouldreport tothe audit committeeon theoutcome of the audit in writing.Thecontentsof thesewrittenreportsshould be alignedwith therequirementsset by internationallyaccepted auditingstandardsformatterstobe communicatedtothosechargedwithgovernance, therecommendationsmadein this document, and any additionalrequirementsunder applicablelawsand regulations.138.In addition totheabove, wherenot already covered by therecommendationsin other partsof this document and the relevantauditingstandards, theaudit committeeshould request that the externalauditorreport toit in writingon other significant matters, includingthefollowing:- Key areasof significant risk of material misstatement in thefinancialstatements,in particular on critical accountingestimatesor areasofmeasurement uncertainty(eg loanlossprovisioning and valuationuncertainties), includingpotential valuation bias and consequentialeffectson earnings,compensation structuresand regulatory ratios.- Areas of significant management and auditor judgment, includingjudgmentspertainingto the recognition, de-recognition, measurement or disclosureof relevant itemswithin thefinancial statementsand, whererelevant, judgmentsabout materialuncertaintiesthat may cast doubt on an entity‟sability to continue asa going concern (includingconsiderationof liquidity/ fundingissuesof the entity).- Outsourcingof keyexternal audit work (eg with respect to auditsofsubsidiaries)toanother audit firm or useof external expertstoassistwith the external audit.- Significant internalcontrol deficienciesidentifiedin thecourseof thestatutoryaudit.Basel iii ComplianceProfessionalsAssociation (BiiiCPA)www.basel-iii-association.com
  57. 57. P a g e | 57- Mattersthat arelikelytobesignificant totheresponsibilitiesof thosecharged with governancein overseeingthe strategic directionof theentityor the entity‟sobligationsrelated toaccountability.- Areas of financial statement disclosures, for the bank itselfandrelativetoitspeers, whichtheauditor believescould beimproved, includingthe resultsof discussionswithmanagement.139.For the purposesof complying withthe requirementsofinternationallyacceptedauditingstandards, wheresignificant mattersarecommunicated to the audit committee,the external auditor should alsodetermineif thesemattersneedto be communicatedtotheboard ofdirectors.6. The relationship between the supervisor and the externalauditor140.This section setsout the principlesthat promoteeffectiverelationshipsthat will enableregular communication of mutuallyusefulinformation in thecontext of a statutoryaudit between:- thesupervisor and the external auditor at the supervisedbank level,regardless of whether the communicationis mandatory(SubsectionA– Principles12and 13); and- thebanking supervisoryauthorityand theaudit firm, and theaccountingprofessionasa wholethat is not specific toan individualbank (Subsection B – Principle14).140.Thekey objectiveof having effectiverelationshipsbetweenthepartiesreferredtoaboveistoenhancetheeffectivenessof thesupervisionof the bankingsector.Thisrelationshipwillthenalsocontributetothequalityofexternalaudits.Basel iii ComplianceProfessionalsAssociation (BiiiCPA)www.basel-iii-association.com
  58. 58. P a g e | 58142.An effectiverelationship should enableeach partyto carry out itsrespectivestatutoryresponsibilitieswhilenot implying that eitherparty isresponsiblefor or should or can perform the statutoryresponsibilitiesoftheother party.A. Effective relationship at the supervised bank level143.Theexternal auditor can providethesupervisorwithvaluableinsightintovariousaspectsof a bank‟soperationsand management‟sattitudetotheapplicationof keyaccounting policies,judgmentsand modelsadopted.Conversely, the external auditormay obtain helpful insightsfrominformation originatingfrom the supervisorwherethe supervisorprovidesan independent assessment in areassignificant totheexternalaudit and may focusattention on specificareasof supervisoryconcerns.In certain jurisdictions,thesupervisormay alsorequest theexternalauditortoperform specificassignmentsthat gobeyond thestatutoryaudit workof the auditor.Principle12: Thesupervisorand theexternal auditorshould have aneffective relationship that includesappropriatecommunication channelsfor theexchange of informationrelevant tocarrying out their respectivestatutory responsibilities.144.Supervisorsand external auditorsshould have an open andconstructiverelationship, withconfidencein each other that informationexchangedwill be treated appropriately and confidentially.145.For an effectiverelationship toexist, theengagement betweenthesupervisorand the external auditor should involve individualswhoareknowledgeable,informed and empoweredby their respectiveorganisationstoexchangeinformation.Basel iii ComplianceProfessionalsAssociation (BiiiCPA)www.basel-iii-association.com
  59. 59. P a g e | 59146.Thesupervisor may benefit from theresultsof the external auditor‟sworkbecausein many respectsthetwopartieshavecomplementaryconcernsregardingthesamemattersalthoughthefocusoftheir concernsis different.Similarly, the external auditor may benefit from insightsthat thesupervisorcan communicate.However, in order todischargetheir respectivestatutoryresponsibilities, each partyshould not usethe workof the other asasubstitutefor its ownwork and thesupervised entityshould remain themain sourceof information for their respectivework.147.Theterms, natureandscopeofthisrelationshipcanbedeterminedinindividualjurisdictionsandshouldbecleartoboththesupervisorandtheexternal auditor – for example, through guidanceissued by thebankingsupervisoryauthority.Accessto communication with the bank148.Theexternal auditor‟sworkgivesriseto the auditor‟sreport ontheannual/ consolidatedfinancial statementswhichis often used forprudential supervisorypurposes.When performinga financial statement audit in accordancewithinternationallyaccepted auditing standards, the external auditorcommunicateswithmanagement and/ or those charged withgovernanceabout significant mattersrelating to financial reportingor supplementarymatters,and thesecommunicationsmay be accessedby thesupervisor.In thesamemanner,in certainjurisdictions,theexternal auditormayalsohaveaccesstothe supervisor‟scommunicationsto thebank.149.Giventhebenefitsthat may ensue, when communicatingwithmanagement and/ orthosechargedwithgovernanceofthebank, boththesupervisorand the external auditor should consider communicatingBasel iii ComplianceProfessionalsAssociation (BiiiCPA)www.basel-iii-association.com
  60. 60. P a g e | 60matters that mayalso be of mutual interest toeach other in writing sothatthey form part of the bank‟s records to which the other party should haveaccess.Direct communication at the supervised bank level150.In addition, effectivecommunication shouldbe establishedthroughoneor a combination of direct writtenand oral communicationchannels,asdictatedbythe circumstances.151.Writtencommunicationchannelsmayincludeextendedaudit reportson theaudited financial statements,whichare submitted tothesupervisorand arenot availableto thepublic.In certain jurisdictions, these reportsmay be part of the external auditor‟sstatutory audit work and may alsocover assignmentsrelated to prudentialsupervisoryrequirements.152.Oral communication channelsmay includebilateral meetingsbetweenrepresentativesof thesupervisor and the external auditor, andmay beformal or adhoc.In addition tobilateral meetings, trilateral meetingsinvolvingrepresentativesof thesupervisor, theexternal auditor and thosechargedwith governanceat the supervisedbank can alsobe held.153.Whilst not excludingany other effectivecommunicationchannels,bilateral and trilateral meetingsare examplesof soundpracticecommunication channels, particularlyfor SIBs.Communication of mattersoutside the scope of the externalauditor‟sduty to report/ alert154.Thecommunication channelsdescribed in paragraphs150-153,canbea helpful source of information for thesupervisorabout mattersthatBasel iii ComplianceProfessionalsAssociation (BiiiCPA)www.basel-iii-association.com

×