The banking sector is unique among sectors of the economy because it plays a central role in contributing to the financial stability of and the provision of financial resources to the economy. This sector includes major global banks that are systemically important banks (SIBs), the failure of one or more of which could trigger a global financial crisis. In addition, banks have a unique operating model.
Supervisors are primarily concerned with maintaining the stability of the banking system and fostering the safety and soundness of individual banks in order to maintain market confidence and protect the interests of depositors. Consequently, to enhance the effectiveness of supervision, supervisors have a keen interest in the quality with which external auditors perform bank audits. Building effective relationships with external auditors can also enhance banking supervision.
Strong internal control, including an internal audit function and an independent external audit, are part of sound corporate governance. In banks, these are also important for the safety and soundness of operations and can contribute to an efficient and constructive working relationship between bank management and banking supervisors. Appropriate communication between banking supervisors and banks' internal and external auditors will improve the effectiveness of audits and supervision. [1]
An external auditor plans and performs the audit of a bank’s financial statements to obtain reasonable assurance about whether the financial statements as a whole are free from material misstatements, whether due to fraud or error, and are prepared, in all material respects, in accordance with an applicable financial reporting framework [2].
The recent financial crisis not only revealed weaknesses in risk management, control and governance processes at banks, but also highlighted the need to improve the quality of external audits of banks. External auditors of banks can play an important role in contributing to financial stability when they deliver quality bank audits which foster market confidence in banks’ financial statements. Quality bank audits are also a valuable input in the supervisory process. The Basel Committee on Banking Supervision (the Committee, or BCBS) is issuing this document on external audits of banks to improve external audit quality of banks and enhance the effectiveness of prudential supervision, which contribute to financial stability.
Our research statement demonstrates the inclusion of the internal audit in the internal banking control, based on the complementarities between these managerial banking tools. We intend to study the first two mentioned concepts that contribute to the sound corporate governance of a bank and their interdependence — internal banking control and internal banking audit. The nature of the problem stems firstly from the characteristics that distinguish the internal control from the internal audit in the banking industry.
The internal banking control is a very delicate topic in the context of the current financial crisis, when banks need to be able to carry out their duties, even in case of severe shocks that can affect economies. The contemporary reality associated to financial crisis forced banks into reconsidering the way they have to do business by including their concern for organizing a healthy internal control. And an efficient internal banking control facilitates communication between all management structures of a bank and its operational personnel. The characteristics of an efficient banking control contributes to the development of communication between bank management and financial auditors, as well as those between bank management and the national banking supervision authorities.
Table 1
A Multi-criteria Analysis of Internal Banking Control versus Internal Banking Audit [3]
|
Criterion |
Internal Banking Audit |
Internal Banking Control |
|
Organizational Status |
Audit function is organized as a function of the internal control of a credit institution together with risk control and compliance function. It is an independent and objective activity of assuring and consulting conceived to add value and improve bank activities. It helps the bank with fulfill its objectives by supplying a systematic disciplined method of assessment and improvement of efficiency of risk management, control management and corporate governing processes. |
Internal control is a continuous process designed to supply a reasonable insurance for fulfilling performance, information and conformity objectives and which, in order to be effective, needs implantation of the following 3 functions: risk control function, conformity function and internal audit function. Internal control also includes organizing accounting, management of the information, risk assessment and the systems that measure them. |
|
Involved structures Ways of applying |
Internal audit is organized taking into consideration a Statute of the internal audit that is in accordance with regulations issued by Financial Auditing Chamber from country, in house (through the Specialty department of the bank, internal audit inspectors) or by outsourcing. There is an Audit Committee responsible with: a) Supervising the internal auditors and financial auditors; b) Approving or submitting for approval addressed to the executives having as function supervision, payment and revocation of financial auditor. c) Revising and approving the sector of the audit and frequency of audit commitment d) Receiving audit reports e) Insuring that the executives take all necessary correction measures for resolving deficiencies identified during the control and conformity activity, as well as other problems identified by auditors |
Control activities are organized at each operational level of the bank and are part of daily activities of the bank. |
|
Objectives |
a) Assuring that the politics and processes of credit institutions are respected within all activities and structures b) Revising control politics, processes and mechanisms in such a way that they stay sufficient and appropriated to their specific activity. |
Performance objectives (effectiveness and efficiency of all activities developed), information objectives (legitimacy, integrity and supplying in due time financial information and other information needed by the management) and conformity objectives (conformity with applicable regulations as well as with internal politics and procedures). |
|
Activities |
Assuring that politics and procedures are respected at all levels of the bank — Revising politics, processes and control mechanisms already existing in the bank — Analyze the quality of all controls made within the bank from the point of view of effectiveness and efficiency — Expressing recommendations referring to the internal control system — Access to all documents and records needed for carrying out activities — Has a methodology of risk identification — Performs audit of internal activities as well as those outsourced |
Control activities include at least one of the following: a) Analysis at the level of management structures; b) Operative analysis at the level of credit institutions structures; c) Factual controls that have in view limiting the access to assets — for example: titles, cash — limiting the access to clients accounts etc.; d) Analyze inclusion in the limits imposed to risk exposure and follow up of the way in which non-conformity situations are resolved; e) Approvals and authorizations in the case of operations that exceed certain amounts; f) Inspection — the 4-eye principle: segregation of various functions, cross- checking, dual control of assets, double signatures; |
|
Reporting |
The internal audit function must have unlimited access to the management structure and to the audit committee, as well as to relevant documents and information from all fields of activity. Any recommendations made by internal audit for significant remediation of internal controls must be directly reported to the management structures of the credit institution. All recommendations made by internal audit must be the object of a follow up procedure by the management structure having as aim solution assurance and, respectively, reporting. |
Monitoring effectiveness of the internal control system must be part of daily activities of credit institutions and must include separate assessment of the internal control system in general. Deficiencies identified in relation to the internal control system must be acknowledged immediately to the persons in medium leading positions who have to take measures to promptly correct them. Major deficiencies of internal control system must be acknowledged immediately to the persons in leading positions and executives in supervision positions of credit institutions. Monitoring the efficiency of internal control system will be done by the personnel responsible for each structure of the credit institutions as well as for internal audit. |
The analysis does not give enough importance to the human factor implied in the internal banking control activity. We consider necessary further explanations regarding the way applying control by the bank employees because internal control activities must be part of daily activities of credit institutions. The specific of banking activities imposes that bank personnel would not have exclusive control over one/ some operations summing two or more of the following functions: decision function, values and goods management function, maintaining record function and control function. The types of activities that must be definitely separated include: trading and clearing, management of values and maintaining accounting record of them; authorizing transactions and registering them. It is absolutely necessary separating incompatible activities like:
– Personnel responsible with registration of transactions does not have any attributes in authorizing them;
– Separating front-office activities from back-office activities both at the level of central bank and agencies/ branch office;
– Separating the activities of credit documentation analysis from the activity of implementation and monitoring
We found that the relationship between internal banking audit and internal banking control is a very complex and intimate one, generated especially by legislative demands in field. They impose to the banks organizing the audit functions as a component of the internal control system and lead to interdependency of the studied concepts.
References:
- Internal Audit in Banks and the Supervisor's Relationship with Auditors: A Survey. http://www.bis.org/
- International Standard on Auditing (ISA) 200, Overall objectives of the independent auditor and the conduct of an audit in accordance with international standards on auditing, paragraph 11. http://www.bis.org/publ/bcbs244.pdf
- Internal banking control and audit: a comparative approach in the romanian banking sector. Adela Socol. Annales Universitatis Apulensis Series Oeconomica, 13(2), 2011.
