- 1. P a g e | 1Basel iii Compliance ProfessionalsAssociation
(BiiiCPA)1200G Street NW Suite 800Washington, DC 20005-6705USA
Tel:202-449-9750Web: www.basel-iii-association.comDear
Member,TodayI willstart withthejobdescriptionthatmademy day:
BaselII/ III and SolvencyIIrisk specialist, Mandarin
Speaking!!!Basel III Risk Specialist - Mandarin Speaking Leading
GlobalInvestment Bank, LondonALeading Global Investment Bank
isExpanding the Regulatory RiskFunctionwiththe hire of a Basel III
Risk Specialist for their LondonGroup.- Basel III RegulatoryRisk
Specialist- LeadingGlobal Investment Bank- Mandarin Speaking-
London, UK- 50,000+ Excellent Bonus BenefitsAsakeymember
oftheriskgroup you will becommunicatingextensivelywith senior
management on a global scaleincludingdirect contact
withseniormanagement in Hong Kong and Shanghai and will
thereforerequireMandarinspeakingskillsat business level
proficiency.An expert in regulatoryframeworks,you will have
practicalunderstandingof Basel II/ III and knowledgeof SolvencyII
ICAAP isalsohighly preferred.Basel iii
ComplianceProfessionalsAssociation
(BiiiCPA)www.basel-iii-association.com
2. P a g e | 2This is a mid-level position withinthe group and
will requirea minimumof 3 years industry experiencewithin theLondon
and/ or InternationalFinancial Markets.It is never toolate
tolearnMandarin. Is lookseasy!AmazingjobdescriptionJust one slight
problem withthisjob description:You cannot haveknowledgeof
SolvencyII ICAAP simplybecausethere isnothing likea Solvency II
ICAAP perhapstheymean SolvencyII ORSA(OwnRiskandSolvencyAssessment,
thePillar 2 document).It remindsme another job description, where
theyrequired 5+ years ofBasel III experience. Provided that
BaselIII wasendorsed at theend of2010,theycould hire someoneafter
2015Another development:Auditors it is your turn tosuffer the
consequencesof the crisisAccordingtothe BIS, The recent financial
crisisnot onlyrevealedweaknessesin risk management, control and
governanceprocessesatbanks,but alsohighlightedthe need toimprove
thequalityof externalauditsof banks.Basel iii
ComplianceProfessionalsAssociation
(BiiiCPA)www.basel-iii-association.com 3. P a g e |
3Giventhecentralrolebanksplayincontributingtofinancial stability,
andthereforethe need for market confidencein the qualityof external
auditsof banks financial statements,the
BaselCommitteeisissuingforconsultationthis guidanceon external
auditsof banks.This document describes,through sixteen
principlesand explanatoryguidance,supervisoryexpectationsregarding
audit qualityand how thatrelatestotheexternal auditors work in
abank.External auditsof banksTherecent financial crisisnot only
revealedweaknessesin risk management, controland governance
processesat banks, but alsohighlighted theneed to
improvethequalityof external auditsof banks.Given the central role
banksplayincontributingtofinancial stability, andthereforethe need
for market confidenceinthequalityof external auditsof
banksfinancial statements,the BaselCommitteeis issuingfor
consultationthis guidanceonexternal auditsof banks.This document
describes,through sixteen principlesand
explanatoryguidance,supervisoryexpectationsregarding audit
qualityand how thatrelatestotheexternal auditors work in a
bank.Implementation of the principlesand the
explanatoryguidanceisexpectedto improve thequalityof bank auditsand
enhancetheeffectivenessof prudential supervisionwhichis an
important element offinancial stability.This document setsout
supervisoryexpectationsof how:Basel iii
ComplianceProfessionalsAssociation
(BiiiCPA)www.basel-iii-association.com 4. P a g e | 4-
externalauditorscandischargetheirresponsibilitiesmoreeffectively;-
audit committeescan contribute toaudit qualityin their oversight
oftheexternal audit;- an effectiverelationship betweenthe external
auditor and thesupervisor, whichallowsgreater mutual
understandingabout therespectiverolesand responsibilitiesof
supervisorsand externalauditors, can lead toregular communication
of mutually usefulinformation;and- regular and effective dialogue
between the banking supervisoryauthorities and relevant audit
oversight bodies can enhance thequalityof bank audits.This document
enhancesand supersedestheCommitteesguidanceTherelationship
betweenbanking supervisorsand banks external auditors(2002) and
External audit qualityand banking supervision (2008).In addition
tothe proposedguidance, theCommitteeispublishingalettertothe
InternationalAuditing andAssurance StandardsBoard(IAASB) on
areaswhereit believesInternational StandardsonAuditingcould be
enhanced.Serving asan observer on the Basel Committeegroup that
developed therevisedguidance,theIAASBprovided helpful and
meaningful input tothiseffort.Commentson the proposalsshouldbe
submittedby Friday 21June2013bye-mail to:
[email protected], commentsmay be sent bypost
to: Secretariat of the BaselCommitteeon BankingSupervision, Bank
for InternationalSettlements,CH-4002Basel, Switzerland.Basel iii
ComplianceProfessionalsAssociation
(BiiiCPA)www.basel-iii-association.com 5. P a g e | 5All
commentsmay bepublishedon thewebsiteof the Bank forInternational
Settlementsunlessa comment contributor
specificallyrequestsconfidential treatment.External auditsof
banks1. Executive summary1.Therecent financial crisisnot
onlyrevealed weaknessesin riskmanagement, control and
governanceprocessesat banks, but alsohighlighted theneed to improve
thequalityof external auditsof
banks.Giventhecentralrolebanksplayincontributingtofinancialstability,
andthereforethe need for market confidencein thequalityof external
auditsof banksfinancial statements,the BaselCommitteeon
BankingSupervision (theCommittee) is issuingthis document on
external auditsof banks.It forms part of theCommitteescommitment to
help improve auditqualityat banks.Thisdocument enhancesand
replacesTherelationship betweenbankingsupervisorsand banksexternal
auditors(January2002) and Externalaudit qualityand banking
supervision (December 2008).2.Implementationof the 16principlesand
observation of theexplanatoryguidancein thisdocument are
expectedtoimprove the qualityof bankauditsand
enhancetheeffectivenessof prudential supervision, whichwillthen
contributetofinancial stability.Throughtheseprinciplesand
explanatoryguidance, the
documentdescribessupervisoryexpectationsregardingaudit qualityand
how thatrelatestotheexternal auditorsworkin a bank.This document
specificallysetsout supervisoryexpectationsof how:Basel iii
ComplianceProfessionalsAssociation
(BiiiCPA)www.basel-iii-association.com 6. P a g e | 6(a)external
auditorscan discharge their responsibilitiesmore
effectively;(b)audit committeescan contribute toaudit qualityin
their oversight oftheexternal audit;(c)an
effectiverelationshipbetweenthe external auditor and
thesupervisor,whichallowsgreater mutual understandingabout
therespectiverolesand responsibilitiesof supervisorsand
externalauditors,can lead toregular communication of
mutuallyusefulinformation;and(d)regular and effective dialogue
between the banking supervisoryauthorities and the relevant audit
oversight bodies can enhance thequalityof bank audits.3.
Thedocument alsonotestheCommitteescontinued commitment
toworkthrough international bodies toenhanceaudit quality.2.
Introduction, application, structure and the
Committeesinternational
engagementIntroduction4.Thebankingsectorisuniqueamongsectorsof
theeconomy becauseitplays a central role in contributing to
thefinancial stabilityof and theprovision of financial resourcesto
the economy.This sector includesmajor global banksthat are
systemicallyimportantbanks(SIBs), the failure of one or moreof
whichcould triggera globalfinancial crisis.In addition, bankshavea
uniqueoperatingmodel.5.Supervisorsare primarilyconcerned
withmaintainingthestability ofthebanking system and fostering
thesafetyand soundnessof individualBasel iii
ComplianceProfessionalsAssociation
(BiiiCPA)www.basel-iii-association.com 7. P a g e | 7banksin order
tomaintain market confidenceand protect
theinterestsofdepositors.Consequently, toenhancethe effectivenessof
supervision, supervisorshavea keen interest in the
qualitywithwhichexternal auditorsperformbank
audits.Buildingeffectiverelationshipswith external auditorscan
alsoenhancebankingsupervision.6.An external auditor plansand
performs the audit of a banksfinancialstatementstoobtain
reasonableassuranceabout whetherthefinancialstatementsasa wholeare
free from material misstatements,whetherduetofraud or error, and
are prepared, in all material respects,in accordancewith an
applicablefinancial reportingframework.In many ways, thesupervisor
and the external auditor havecomplementaryconcernsregarding
thesamematters.For example, theaudit of financial statementsmay
help identifyweaknessesin internal controlsrelatingtofinancial
reportingat a bankwhichmay, therefore,inform supervisoryeffortsin
this area andcontributeto a safeand sound bankingsystem.7.Although
the focusof thisdocument ison the qualityof the auditperformed by
the external auditor, an audit in
accordancewithinternationallyaccepted auditing standardsis
conducted on thepremisethat the management and, whereappropriate,
those chargedwithgovernancehave acknowledgedcertain
responsibilitiesthat arefundamental to the conduct of the
audit.Theaudit of the financial statementsdoesnot relieve
management orthosechargedwithgovernanceof their
responsibilities.8.TheBasel Committee on Banking SupervisionsCore
PrinciplesforEffectiveBanking Supervision (September 2012,Core
Principles)provideBasel iii ComplianceProfessionalsAssociation
(BiiiCPA)www.basel-iii-association.com 8. P a g e | 8a framework of
minimum standardsfor sound supervisorypracticesandare
considereduniversallyapplicable.Core Principle27 focuseson
prudential regulationsand requirementsforbanksin relation to
financial reportingand external audits.This guidanceset out in this
document is consistent with Core Principle27.9.Theapplicationand
thestructure of each section in this document
aredescribedbelow,followedby an outlineof the
keyinternationalrelationshipsbetweenthe Committeeand other
groupsrelevant toexternal auditing.Application10.This document
appliesto the followingentitiessubject toa statutoryaudit:- all
banks, includingthosewithin a bankinggroup;- holdingcompanies
whosesubsidiariesarepredominantlybanks;and- holding
companiessubject toprudential supervision whosesubsidiariesare
predominantlybanks.All of
thesestructuresarereferredtoasbanksorbankingorganisationsinthisdocument.11.Theimplementation
of the principlesset forth in this documentshould be
proportionateto thesize, complexity, structure,
economicsignificanceand riskprofile of the bank and thegroup (if
any) towhichitbelongs.TheCommitteerecognisesthat some
countrieshavefound it appropriatetoadopt legal frameworksand
standards(eg for listedfirms), aswell asBasel iii
ComplianceProfessionalsAssociation
(BiiiCPA)www.basel-iii-association.com 9. P a g e | 9accountingand
auditingstandards, whichmay be more
extensiveandprescriptivethantheprinciplesandexplanatoryguidancesetforthherein.Such
frameworksand standardstend tobe particularlyrelevant for largeror
publicly traded banks or financial institutions.12.This document
hasbeen preparedwiththefull awarenessthatsignificant
differencesexist in national institutional,
legislativeandregulatoryframeworksamongst jurisdictions,including
accountingandauditingstandards,supervisorytechniquesand
institutional
corporategovernancestructures.Supervisorsshouldclearlycommunicatetherecommendationscontainedherein
tothebanks theysuperviseand their
respectiveexternalauditors,andarticulatethemeasuresbanksandexternalauditorsshouldundertaketomeet
thesebest practices,wherepossible.13.Theprinciplesset out in
thisdocument should be applied inaccordancewiththenational
legislationand corporate governancestructuresapplicablein each
country.14.Thefollowingtermsareused in thisdocument, withthe
meaningsspecified:- Financial statement audit An audit of a
banksfinancial statementsbyan external auditor in
accordancewithinternationallyacceptedauditingstandards.-
Statutoryaudit An audit carried out tocomply withtherequirementsof
particular legislationor regulations.In some jurisdictions,thismay
includeonlythe financial statementaudit.In other
jurisdictions,thismay alsoincludeextended reportingbyexternal
auditorson matterssuch asinternal controlsand
regulatoryreturns.Basel iii ComplianceProfessionalsAssociation
(BiiiCPA)www.basel-iii-association.com 10. P a g e | 10- External
auditor The audit firm and theindividual auditengagement team
members.Whererelevant, specific referencesaremadetothe audit firm
or theindividual audit engagement team members in
certainparagraphs.- Bankingsupervisoryauthority The body
responsiblefor promotingthesafety and soundnessof banks and
thebanking system in aparticular jurisdiction, includingthe
personswhoare involved withsupervisorypolicy setting and
policyissues,includingpoliciesregardingaccountingand auditing.-
Supervisor The group of supervisorypersonnel at a
bankingsupervisoryauthoritywhoaredirectlyinvolved
withthesupervision/ examinationof a specific institution.- Board
and senior management The governance structure at a bankcomposed of
a board and senior management.TheCommittee recognisesthat there
aresignificant differencesinthelegislativeand regulatory
frameworksacrosscountriesregardingthesefunctions.Somecountries usea
two-tier structure, wherethe supervisoryfunctionof the board is
performed by a separateentityknownasasupervisoryboard,
whichhasnoexecutivefunctions.Other countries, bycontrast, use a
one-tier structure in whichtheboardhasa broader role.Still other
countrieshavemoved or are moving to an approachthatdiscouragesor
prohibitsexecutivesfrom serving on the board orlimitstheir number
and/ orrequires theboard and board committeestobe chairedonlyby
non-executiveboard members.Given thesedifferences, this document
doesnot advocatea specificboardstructure.Thetermsboard and
seniormanagement are onlyused asa waytorefer tothe oversight
function and themanagement functioninBasel iii
ComplianceProfessionalsAssociation
(BiiiCPA)www.basel-iii-association.com 11. P a g e | 11general and
should be interpretedthroughout thedocument
inaccordancewiththeapplicablelaw withineach jurisdiction.- Audit
committee A specialised committee established by theboard, the
mandate, scope and working procedures for which are setout in a
charter or other instrument.As stated in theBCBS paper on
Principlesfor enhancingcorporategovernance(October 2010), to
increaseefficiencyand allowdeeperfocus in specificareas, boardsin
manyjurisdictionsestablishcertainspecialisedboard committees
theaudit committeebeingone ofthem.Thepaper further recommendsthat,
for largeand internationallyactivebanks, an audit committeeor
equivalent shouldbe required.It alsooutlinesthe overall
responsibilitiesof the audit committee.- Thosecharged
withgovernance Theperson(s) or organisation(s)with responsibility
for overseeingthe strategic direction of theentityand
obligationsrelatedto the accountabilityof the
entityasdefinedbyinternationallyaccepted auditingstandards.Such
person(s) or organisation(s)is (are) typically the board
ofdirectors.Wherethe board of directorsestablishesan audit
committeein abank to assist it in meetingitsresponsibilitiesby
chargingthe auditcommitteewithspecific tasksand responsibilities,in
suchcircumstancestheaudit committeecan be viewedastaking on
theroleof thosecharged withgovernance in relationto
thosespecifictasksand responsibilities.StructureThe external
auditor and audit quality15.Audit qualityincludesdeliveringan
appropriate, independentprofessional opinionon thefinancial
statements,in compliancewithinternationallyaccepted auditing
standards.Basel iii ComplianceProfessionalsAssociation
(BiiiCPA)www.basel-iii-association.com 12. P a g e |
12Internationally accepted auditing standards require the external
auditorto possess and demonstrate certain attributes while applying
a rigorousaudit process.16.Given that
internationallyacceptedauditing standards are applicabletoall
entities,Section4of thisdocument builds
uponthesestandardsandlaysout thesupervisoryexpectationsof
theexternal auditorregardingtheaudit of a bank.Moreover, Section 4
highlightsthekey areaswheresignificant risks ofmaterial
misstatement in banksfinancial statementsoften arise,
whichthereforerequire theauditorsparticular attentionfor a
qualityaudit.Engagement between the external auditor and the
auditcommittee17.Regular and effectiveengagement and communication
betweentheexternal auditor and the audit committeecontributeto
audit quality.18.Amongst itsother responsibilities, theaudit
committeeisresponsiblefor overseeingthebanksexternal
auditor.Asoundlyconstitutedaudit committeecanplayakeyrolein
contributingtoaudit quality.Section 5 discussesthe audit
committeesresponsibilitiesin relationtotheoversight of, and its
relationshipwith, the external auditor.Engagement between the
supervisor and the external auditor19.Effectivecommunication
betweenthesupervisor and
theexternalauditorenhancestheeffectivenessof supervision of the
bankingsector.This relationshipwill then alsocontributeto audit
quality.Basel iii ComplianceProfessionalsAssociation
(BiiiCPA)www.basel-iii-association.com 13. P a g e |
1320.Thesupervisor and the external auditor have a mutual
interestinbuildingand maintainingan effectiverelationship, which
fostersregularcommunicationof useful information.Section
6providesprinciplesand explanatoryguidancefor
facilitatinganeffectiverelationshipbetweenthe supervisor and
theexternal auditor atthelevelsof thesupervisedbank, the audit firm
and theaccountingprofessionasa whole.Engagement between thebanking
supervisory authority and theaudit oversight body21.Thebanking
supervisoryauthority and therelevant audit oversightbody sharea
strongmutual interest in
ensuringqualityindependentaudits.Regularand
effectivedialoguebetweenthebankingsupervisoryauthorityandthe audit
oversight body at a national level can assist in
identifyinganddealing withkey issuesin relationtotheconduct of bank
audits.Section 7setsout the principlesfor
facilitatingeffectivecommunicationbetweenthesebodies.22.Supervisorsare
in a uniquepositiontoidentify audit qualityissuesatboth theindustry
and individual audit level.Regular and effectiveengagement
betweenthe supervisorand therelevant audit oversight bodymay
enablethesupervisortoprovide timelyfeedbackon such
issues.Additionally, thesupervisormay, if necessary, takeaction
toaddressissuesraised by the audit oversight body.Basel iii
ComplianceProfessionalsAssociation
(BiiiCPA)www.basel-iii-association.com 14. P a g e |
14TheCommittees international engagement on
externalauditing23.Approachesfor
dealingwithsupervisoryconcernsabout thequalityoftheaudit of an
individual bank may differacrossjurisdictions,but
allapproachesshould be designed to contribute toenhancingaudit
quality.In its effort to promote audit quality, the Committee
engages in regulardialogue and discussion with the relevant
international stakeholders onexternal audit
matters.Thesestakeholdersinclude, but arenot limitedto, the
following:- theFinancial StabilityBoard (FSB),
whoseobjectivesincludetheenhancement of theeffectivenessof banking
supervision;- theMonitoringGroup, which is responsiblefor
advancingthepublicinterest in areasrelatedtointernational audit
quality;- thePublic Interest Oversight Board (PIOB), which is
responsibleforimprovingthe qualityand public interest focusof the
internationalstandardsformulated
bystandard-settingboardsoperatingunder theauspicesof the
International FederationofAccountants(IFAC) in theareasof audit and
assurance, educationand ethics,includingoversight of the public
interestactivitiesof three of the IFACsindependent standard-setting
boardsand their respectiveconsultativeadvisorygroups;-
theconsultativeadvisorygroupsof the InternationalAuditing
andAssurance StandardsBoard (IAASB) and the International
EthicsStandardsBoard forAccountants(IESBA), whichare
responsiblefordeveloping international auditingand ethicsstandards
respectively;- theInternational Forum of Independent Audit
Regulators(IFIAR), whichis responsiblefor improving audit
qualityglobally, includingthrough independent inspectionsof
auditorsand/ or audit firms; andBasel iii
ComplianceProfessionalsAssociation
(BiiiCPA)www.basel-iii-association.com 15. P a g e | 15- theGlobal
Public Policy Committee(GPPC), which iscomprised
ofrepresentativesfrom thesix largest international
accountingnetworksand focuseson public policyissuesfor the
accountingprofession.24. The objectiveof thisdialogueis toenablethe
Committeeand therelevant international stakeholderstoidentify and
discussrelevant issuesandtopics on a timelybasis sothat
supervisors, external auditorsandaudit oversight bodiescan take
appropriate action.As such, thesediscussionsshould addressnot only
current issuesandtopics, but alsoemergingareasand trendsthat raise
concern.3.Overview of the principles- Principle1: The external
auditor of a bank should have bankingindustryknowledgeand
competencesufficient to respondappropriatelytotherisksof material
misstatement in thebanksfinancial statementsand toproperlymeet any
additional regulatoryrequirementsthat may be part of the
statutoryaudit.- Principle2: The external auditor of a bank should
be objectiveandindependent in fact and appearancewithrespect
tothebank, consistent withthemore stringent
requirementsapplicabletopublic interest entitiesin
internationallyaccepted ethical standards.- Principle3: The
external auditor should exerciseprofessionalscepticism
whenplanningand performingthe audit of abank, having due regard
tothe specific challengesin auditing abank.- Principle4:Audit firms
undertakingbank auditsshould complywiththemore stringent
requirementson qualitycontrol applicableto listedentitiesin
internationallyacceptedqualitycontrol standards,havingdue regard
tothe complexityof abank audit.Basel iii
ComplianceProfessionalsAssociation
(BiiiCPA)www.basel-iii-association.com 16. P a g e | 16-
Principle5: Theexternal auditorof a bank shouldidentify and
assesstherisksof material misstatement in
thebanksfinancialstatements,takingintoconsideration the
complexitiesof bankingactivitiesand the need for bankstohave a
strong controlenvironment.- Principle6: The external auditor of a
bank should respondappropriatelytothe significant risks of material
misstatement in thebanksfinancial statements.- Principle7: The
audit committeeshould have a robustprocessforapproving, or
recommendingfor approval, theappointment, reappointment, removal
and remunerationof theexternal auditor.- Principle8: The audit
committeeshould monitor and assesstheindependenceof theexternal
auditor.- Principle9: The audit committeeshould monitor and
assesstheeffectivenessof theexternal audit.- Principle10: The audit
committeeshould have effectivecommunicationwiththeexternal auditor
toenablethe auditcommitteeto carryout itsoversight
responsibilitiesand toenhancethequalityof the audit.- Principle 11:
The audit committee should require the external auditorto report to
it on all relevant mattersto enable the audit committee tocarryout
itsoversight responsibilities.- Principle12: The supervisorand
theexternal auditor should haveaneffectiverelationshipthat
includesappropriatecommunicationchannelsfor the exchangeof
information relevant tocarrying outtheir
respectivestatutoryresponsibilities.- Principle13: The external
auditor shouldreport tothe supervisormattersthat arelikelyto beof
material significancetothe functionsof the supervisor.Basel iii
ComplianceProfessionalsAssociation
(BiiiCPA)www.basel-iii-association.com 17. P a g e | 17-
Principle14: There should be open, timely and
regularcommunicationbetweenthebankingsupervisoryauthority,
theauditfirm and the accountingprofession asa wholeon
keyrisksandsystemic issuesaswell asa continuousexchangeof
viewsonappropriateaccountingtechniquesand auditingissues.-
Principle15: There should be regular and
effectivedialoguebetweenthebanking supervisoryauthorityand
therelevant audit oversightbody.- Principle16: The banking
supervisoryauthorityand the auditoversight body should observe
appropriateconfidentialityrequirementswhensharinginformation.4.
Supervisory expectationsrelevant to the external auditor andthe
external audit of financial statements25.External auditsof
financial statementsperformed in
accordancewithinternationallyaccepted auditingstandards
enhancetheconfidenceof allusers,includingsupervisors,in the
reliability of the auditedfinancialstatementsand thequalityof the
information provided.26.Auditsof banks should be performed in
accordancewithinternationallyaccepted auditing standards.As these
standardsare not industry-specific, for a
qualityauditsupervisorsexpect external auditorsnot onlyto
complywithinternationallyaccepted auditing standardsbut alsoto
tailor their auditworkin response to thesignificant risksand
issuesapplicableto banks.27.External auditorsarerequired
tocomplywithapplicablejurisdictionaland, whererelevant,
internationallyaccepted ethical standards.Basel iii
ComplianceProfessionalsAssociation
(BiiiCPA)www.basel-iii-association.com 18. P a g e |
18However,given thecomplexityand systemic
risksassociatedwithbanks,theexternal auditorof a bank should
followthe most stringentrulesfor independenceunder
thesestandards.Similarly, theexternal auditor of a bank should
alsofollowthemoststringent standardson qualitycontrol at
theengagement level.28.PartAof this section
describesthesupervisorsexpectationsasa
userofthebanksfinancialstatements,specificallywithrespecttotheexternalauditorsknowledge,
competence, objectivity, independence,professionalscepticismand
qualitycontrol over the banksaudit.Part B identifies
areaswheresupervisorsbelieve there isoften asignificant risk of
material misstatement in a banksfinancial statementsand
factorstowhichthesupervisor expectstheexternal auditor
topayattentionwhenauditingthoseareas.29.While theprimaryfocusin
thissection is on the financial statementaudit, particularlyin
Principles5 and 6, the external auditor may identifymattersin
thecourseof the audit that areof interest tothesupervisor
andthereforeshould be consideredfor communicationto the
supervisor.Examplesof such mattershavebeen includedin Section
6.30.In some jurisdictions,aspart of thestatutory audit, the
externalauditormay alsoundertakeadditional work to
provideassuranceoninternalcontrolsor other aspectsof a
banksoperations.Theprinciplesset out in this section providea
relevant referencefor theperformanceof suchadditional
work.31.Theprinciplesand explanatoryguidanceset out in
thissectionprovidea frameworkfor the
supervisorsinteractionswiththeexternalauditor,the audit
committeeand the relevant audit oversight body.Theoutcome of
theseinteractionswill inform thesupervisorsviewsastothequalityof
theexternalaudit andcontributetothesupervisoryprocess.Basel iii
ComplianceProfessionalsAssociation
(BiiiCPA)www.basel-iii-association.com 19. P a g e |
19Theseprinciplesand explanatoryguidancealsoprovide a
frameworktoassist theaudit committeein selectingthe external
auditor and inassessingthe external auditorsknowledge, competence,
objectivityandindependenceaswell asthe effectivenessof theaudit
process.A. The supervisors expectationsof the external auditor of
abankKnowledge and competencePrinciple1: Theexternal auditorof
abank should havebankingindustryknowledgeand competence sufficient
torespond appropriately totherisksof material misstatement in
thebanksfinancial statementsand toproperlymeet anyadditional
regulatoryrequirementsthat maybepart ofthestatutory audit.32.Given
thecomplexityand diversity of banking activities,and the legaland
regulatory framework in whichbanks operate, the external auditor
ofa bank should havespecialised knowledgeand competencein
auditingbanksand should use
expertsasappropriate.Knowledge33.Theresourcesrequired toperform
theaudit should be suchthat theaudit engagement team, asa whole,
has:- proficient knowledgeand understandingof, and
practicalexperiencewith, the banking sector, associated banking
industry and bank -specific risks,and the operationsand
activitiesof banksand bankaudits.Theaudit engagement team may
acquire thisproficiencythroughspecific training, participation in
bank auditsor workin the bankingsector;Basel iii
ComplianceProfessionalsAssociation
(BiiiCPA)www.basel-iii-association.com 20. P a g e | 20- proficient
knowledgeof applicableaccounting, assuranceand ethicalstandards,
industrypractice and relevant guidancesuch asInternationalAuditing
Practice Note (IAPN) 1000;- proficient knowledge of relevant
regulatory requirements in the areasof capital and liquidity, and a
general understanding of the legal andregulatoryframework
applicableto banks;and- proficient knowledgeand understandingof IT
relevant to bankaudits.34.In addition, theexternal auditor should
consider whethertheauditengagement team should
includespecialistswitha high degree
oftechnicalaccountingknowledgerelevant to banking,
particularlygiventhecomplexityof the requirementsof
theapplicablefinancial reportingframeworkpertainingto
accountingestimates,includingloan lossprovisions,fair
valuemeasurements,andanyareasknowntobesubjecttodifferinginterpretationor
inconsistent or developing practices.Competence35.Audit firms
should have documented policies and procedures that setminimum
competencycriteria for members of a banksaudit
engagementteam.36.Supervisorsmay havethe
abilitytoinfluencethecompetencyrequirementsfor external
auditors.Whereregulationsandstandardsin
particularjurisdictionsdonot includespecific
competencyrequirementsfor banksexternal auditors,thesupervisormay
encourage professional and regulatorybodies to
introducerequirementsregardingtrainingin, and experiencewith, bank
auditingand accountingsothat the audit engagement teamsfor bank
auditsarecomprised of sufficientlycompetent staff.37.Competenceis
particularlyimportant in underpinning anexternalauditorsabilityto
exerciseprofessional judgment and carry out keyBasel iii
ComplianceProfessionalsAssociation
(BiiiCPA)www.basel-iii-association.com 21. P a g e | 21aspectsof
theaudit, such asidentifying and assessingthe risksofmaterial
misstatement and designingand
implementingappropriateresponsestothose risks.Use of experts38.In
someinstances,suchastheauditingofcertaincomplexaccountingestimates,more
specialised knowledgemay berequired to support theaudit engagement
team,egadditionalexpertisebeyond thatpossessedbytheaudit engagement
teamsmembersinafieldotherthanaccountingorauditing.Examplesof such
areasare valuation of complex financialinstruments,commercial
propertyvaluationsand evaluation of highlycomplex IT
environments,particularlyin areassubject to significant risksof
material
misstatement.39.Internationallyacceptedauditingstandardsset out
requirementsforthenature, timingand extent of audit
procedureswhichthe externalauditorshould perform to
assessthecompetence, capabilitiesandobjectivityof the expertsthe
external auditor may use.Theseare important factorsin
consideringthe reliabilityof theinformation or resultsproducedby
the expert.Objectivity and independencePrinciple2:Theexternal
auditor of abank should beobjective andindependent in fact and
appearance withrespect to thebank, consistentwiththemorestringent
requirementsapplicabletopublic interestentitiesin
internationallyaccepted ethical standardsBasel iii
ComplianceProfessionalsAssociation
(BiiiCPA)www.basel-iii-association.com 22. P a g e |
22Objectivity40.Objectivityis a fundamental ethical principleand a
key element ofaudit quality. It requires that the external
auditorsjudgment is notaffected by conflictsof interest.As
objectivityis a state of mind that in most casescannot
bedirectlyobserved by usersof financial statements, it is important
for theexternalauditortobe independent in both fact and
appearance.Independence41.Independence is freedom from situations
and relationshipsin which areasonably informed third party would
conclude that an external
auditorsobjectivityisimpaired.Jurisdictional and
internationallyaccepted auditingstandardsandinternationallyaccepted
ethicalstandardslayout frameworksfor externalauditorsto identify
and respond tothreatsto independence.42.Theexternal auditor of a
bank must complywiththe applicablejurisdictionaland
internationallyaccepted ethical standards.Furthermore, the
Committeebelievesthat the external auditor of a bankshould
complywith themore stringent independencestandards forpublic
interestentities.Tothe extent that any of theruleswithinany one of
thesestandardsonethics ismore restrictivethan thecorrespondingrule
in theotherstandardson ethics,theexternal auditormust
complywiththemorerestrictiverule.43.Independenceshould be observed
not only in thecontext of thebankthat isbeing auditedbut alsowith
respect to thebanksrelated entities.Basel iii
ComplianceProfessionalsAssociation
(BiiiCPA)www.basel-iii-association.com 23. P a g e | 2344.External
auditorsof a bank should complywithapplicablejurisdictional
requirementson the rotationof members of theauditengagement
team.45.Theaudit engagement team members,the audit firm and,
whenapplicable, networkaudit firmsshould
complywiththeindependencerequirementsof both thehome
jurisdictionand the overseasregulatoryauthority(in the casewherethe
bank is ultimatelyregulatedby anoverseasauthority).46.When
assessingwhetheranyrelationshipor circumstanceposesathreat toan
externalauditorsindependence,theexternal auditor shouldevaluatenot
justthe specific ruleson independence,but alsothesubstanceof the
threat toindependence, and how a reasonablyinformedthird
partywouldperceive the threat and its effect on the
externalauditorsobjectivity.Theprovision of significant non-audit
servicesby theaudit firmand, when applicable, networkaudit firmsto
thebank beingauditedmayparticularlyaffect a third partysperception
of the externalauditorsindependence.Such situationsshould be
carefullyevaluatedfor threatstothe externalauditorsobjectivityand
perceived independence.47.Thesupervisor expectsthe external auditor
toconsider activelypotential threatsto the
auditorsindependence,specificallythe threat ofself-review,
whendiscussingaccountingmatterswiththe management.For example,
complex transactionsmay be structured to achieveaparticular
accountingtreatment and/ or regulatory outcome.When anexternal
auditor discusseswithor providesadvice tomanagement on such
matters, theexternal auditor must exercisecaresoasnot to take on a
management role or responsibility.Basel iii
ComplianceProfessionalsAssociation
(BiiiCPA)www.basel-iii-association.com 24. P a g e | 24Professional
scepticismPrinciple 3: The external auditor should
exerciseprofessional scepticismwhen planning and performing the
audit of a bank, having due regard tothespecific challengesin
auditing abank.48.Professional scepticism is definedasan
attitudethat includesaquestioningmind, beingalert
toconditionswhichmay indicate
possiblemisstatementduetoerrororfraud, andacriticalassessment
ofevidence.Professional scepticismshould manifest itselfnot
onlythrough theauditorobtaining corroboratingevidencefor
managementsassertions,but alsochallengingmanagementsassertions,
activelyconsideringwhetherthere are
alternativeaccountingtreatmentsthat arepreferable to
thoseselectedby management, and documenting theapproach,
theevidenceobtained, the rationaleapplied and
theconclusionsreached.Throughout the audit, the auditor should
adopt a questioningapproachwhenconsideringinformationand forming
conclusions.49.Exercisingappropriate professional
scepticismiscriticallyimportantin auditsof banksbecauseof thenumber
and significanceof accountingestimatesand the potential for
limitedobjectiveevidencesupportingthoseestimates.Professional
scepticismis particularlyimportant whenauditing
areasthat:(a)involvesignificant management estimatesand
judgmentsbecausetheseare more prone to management bias;(b) involve
significant non-recurringor unusual transactions;or(c)are more
susceptibleto fraud and errorsbeing perpetuated due toweakinternal
controls.Basel iii ComplianceProfessionalsAssociation
(BiiiCPA)www.basel-iii-association.com 25. P a g e | 2550.Specific
areaswhereprofessional scepticism should be exercised bytheexternal
auditorof a bank includeimpairment calculations,fair
valuemeasurementsand goingconcern
assessments,includingassessmentsofsolvencyand
liquidity.Otherexamplesmayincludecomplextransactionsstructuredtoachieveaparticular
accountingtreatment and/ or regulatory outcome by themanagement
wherethe audit engagement partner hasor ought tohavereasonabledoubt
that the proposedaccountingtreatment and/ orregulatoryoutcome
isconsistent withtherelevant financial reportingframeworkor
regulatory requirements.In thiscontext, theexternal auditor should
actively challengemanagementsassumptionsand judgmentsand form
independent views.This includeschallengingevidenceobtained from
management thatcorroboratesmanagementsview.51.Where a bank
consistentlyutilisesvaluationsthat are at thehigh or lowend of a
rangeof acceptablevaluationsor whenthere areother indicationsof
possiblemanagement bias, theexternal auditor should
considerthisintheoverall risk assessment of thebank and should
inform thosechargedwith governance, where
appropriate.52.Theevidenceoftheextent
ofprofessionalscepticismexercisedshouldbedemonstrable and
understandablethroughaudit documentation thatdescribeshow,whyand
what conclusionswerereached by theexternalauditor.In thisregard,
internationallyacceptedauditingstandardsestablishminimum
requirementsfor audit documentation.Quality controlPrinciple4:Audit
firms undertaking bank auditsshould complywiththemorestringent
requirementsonqualitycontrol applicableto listedBasel iii
ComplianceProfessionalsAssociation
(BiiiCPA)www.basel-iii-association.com 26. P a g e | 26entitiesin
internationallyaccepted qualitycontrol standards, having dueregard
to thecomplexityof abank audit.53.Audit firms must complywith the
applicablejurisdictional andinternationallyaccepted standardson
qualitycontrol.Furthermore, the Committeebelievesthat the external
auditor of a bankshould complywith themore stringent requirementson
qualitycontrolapplicabletolistedentitiesin internationallyaccepted
qualitycontrolstandards.Tothe extent that any of theruleswithinany
one of
thesequalitycontrolstandardsismorerestrictivethanacorrespondingrulein
theotherqualitycontrol standards, theexternal auditor must comply
withthe morerestrictiverule.54.Theaudit of a bank should be subject
to an engagement qualitycontrol review(EQCR) performed internallyby
theaudit firm prior totheissuanceof theaudit opinion.Theengagement
qualitycontrol reviewer should have theappropriateknowledgeand
competencetoreview bank audits.Thereviewer should
exerciseprofessional scepticismin assessingthequalityof audit
evidenceand whethertheauditors judgmentsareappropriate.55.EQCR
shouldbepart of abroader firm-levelinternal system of
qualitycontrol that emphasisesqualityand consultation and createsa
culture ofcompliancewith auditingand ethical standards.56.Wherea
networkof audit firms isinvolved in the audit of a bank,
theindividual audit firmswithinthenetworkshould
applyqualitycontrolprocessesthat comply withthis document.Basel iii
ComplianceProfessionalsAssociation
(BiiiCPA)www.basel-iii-association.com 27. P a g e | 27In such
cases, theleadaudit engagement partner should be responsiblefor the
performanceof a qualityaudit byall theteamsreportingto it.In doing
so, the lead partner may place reliance on
theprocessesbywhichqualitycontrol is exercised withinthe
networkfirmsthat report toit.For example,theleadaudit engagement
partnerof agroupaudit mayrelyon thefirms processesfor(a) ensuring
that each audit engagement team member(i)acquiresthe
appropriateskills,knowledgeand experienceto performbank
auditsand(ii) complieswithindependencerules,and(b)
monitoringadherencetothe audit firms policiesand procedures
onqualitycontrol.57. The involvement of the engagement
qualitycontrol reviewerthroughout the audit, and theoutcome of
thequalitycontrolreview, should be evident in the audit
workingpapers.Any significant discussionsbetweentheengagement
qualitycontrolreviewerand the audit engagement team, particularlyin
areaswhereviewsmay have differedand asto how
conclusionswerereached, shouldbefullydocumented in the audit
workingpapers.Thusin jurisdictionswherethesupervisor hasaccessto
theexternalauditorsworkingpapers,the qualitycontrol review
wouldalsobe at thesupervisorsdisposal.B. Supervisory expectationsof
the audit of a banksfinancialstatementsBasel iii
ComplianceProfessionalsAssociation
(BiiiCPA)www.basel-iii-association.com 28. P a g e | 28Identifying
and assessing significant risks of materialmisstatement specific to
a banks financial statementsPrinciple 5: The external auditor of a
bank should identify and assesstherisks of material misstatement in
the banks financial statements, takinginto consideration the
complexitiesof banking activities and the need forbanksto have
astrongcontrol environment.Identifying potential risks58.Banks are
exposed to a varietyof risksthat can potentiallyaffect theresultsof
their operationsor financial condition.Theseinclude, but are not
limitedto, credit risk, market risk, liquidityrisk, operational
risk and regulatory risk.New risksmay emergeor thesignificanceof
each riskmay changeovertimeasa result of various factorsthat may be
driven by changedcircumstancesor developmentsboth internal and
external to thebank.59.In designing and performingthe audit of a
bank, theexternal auditorshould assessthe inherent and control risk
to determine therisk ofmaterial misstatementsat the financial
statement and assertionlevels.By doing so, the external auditor
gains an understanding of internalcontrolsthat are relevant to the
audit, and particularly of the controlenvironment designedby the
bank.60.Torespond totheassessedrisk of material misstatement, an
externalauditorfollowsan audit strategy that includesboth
substantiveproceduresand control testing.Given the nature of bank
activities, includingthoseinvolvinga highvolume of
transactions,banks implement controlsdesignedtoaddressrisksposed to
the organisation.Basel iii ComplianceProfessionalsAssociation
(BiiiCPA)www.basel-iii-association.com 29. P a g e | 29As a result,
the external auditor of a bank should perform extensivetestsof
controlsover financial reportingtoassesswhether,and to whatextent,
the auditorcan rely on them.Materiality61.An understanding of the
concept of materiality and determination ofmateriality thresholds
is needed in order to establish the auditstrategy, and identify and
assesswhether a risk of material misstatementexistsin the financial
statements.62.Thedeterminationof what is material tothe financial
statementsasawholeis a matter for theexternal auditorsprofessional
judgment aboutmisstatementsthat could reasonablybe
expectedtoinfluenceeconomicdecisionsof userstaken on the basis of
the financial statements.63.Theexternal auditor should
exercisecaution
whenevaluatingidentifiedmisstatements.Thesemisstatementscould be an
indicatorof widerissueswithinthebank which could potentiallylead
tomaterial misstatementsin thefinancial statementsasa
whole.Therefore, individual misstatementsshould not be
dismissedsolelybecausetheyare belowthe level of materiality set for
planningpurposes.64.For individual account balances, specific
classesof transactionsordisclosures,internationallyaccepted
auditingstandardsrequire theexternal auditor todeterminea
lowerlevel of materialityfor thoseparticular account balances,
classesof transactionsor disclosures,if theexternal auditor
believesthat misstatementsof lesseramountsthanmaterialityfor the
financial statementsasa wholecould reasonablybeexpectedto
influencethe economicdecisionsof users takenon the basisof the
financial statements.Basel iii ComplianceProfessionalsAssociation
(BiiiCPA)www.basel-iii-association.com 30. P a g e | 30This is
particularlyrelevant for auditsof banksbecausecertain
financialstatement itemsare used in thecalculationof keymetricsused
by a widerangeof usersof thefinancial statements.For example,
regulatory ratios such as the leverage ratio, liquidity ratioand
capital adequacy ratio are calculated based on account balances
inthefinancial statementsor are derived from the financial
statements.Assessing the risksof material misstatementInternal
control and its components65.According to internationallyaccepted
auditingstandards, internalcontrol componentsare the control
environment, risk assessmentprocess, information and
communicationsystemsand processes, controlactivitiesand monitoring
of controls.66.Asstated in the BCBSPrinciplesfor
enhancingcorporategovernance, arobust internal control environment
is critical to the strength of a banksgovernancesystem and
itsability tomanage risk.Consequently, whenobtainingan
understandingof thebanksinternalcontrol environment, the external
auditor should, amongst otherconsiderations:- assessthe tone at the
top, ie whethermanagement, withtheinvolvement of
thosechargedwithgovernance,ispromotingarobustcontrol environment;-
determine whether the control environment extends to all types
ofoperations and service offerings and encompasses all
subsidiariesandbranchesof thebanking group;- understand the
banksapproach tooutsourcing/ offshoring
ofbusinessactivitiesandfunctionsand assesshowinternal control
overtheseactivitiesismaintained;andBasel iii
ComplianceProfessionalsAssociation
(BiiiCPA)www.basel-iii-association.com 31. P a g e | 31- obtain an
adequateunderstandingof the organisationof
keycontrolfunctionswithin thebank and itssubsidiaries.At a minimum,
keycontrol functionsincludetheinternal audit, riskmanagement,
complianceand other monitoringfunctions.67.Compensation
arrangements at a bank may be a good indicator of theculture within
the organisation because they can influence the behaviourof the
bankspersonneland thequalityof corporategovernance.Theexternal
auditor should payparticular attention totherisksofmaterial
misstatement in the financial statementsdue tofraud,
particularlywherebanksemploy compensation arrangementsthat
mayencourage excessiverisk-takingor other inappropriatebehaviour
amongsttheir personnel.Control
activities68.Internationallyacceptedauditingstandardsrequire
theexternalauditortoobtain an understandingof control
activitiesrelevant totheaudit which, in theauditorsjudgment,
arenecessarytoassesstherisksofmaterial misstatement and
toestablishthe audit strategy.Theassessment of thecontrol
activitiesover financial reportingis criticalfor the designof
further audit proceduresresponsivetoassessedrisks.When identifying
and assessingrisksof material misstatement andassessingcontrols,the
external auditor should take account of thefollowingfactors:- the
knowledgeand competenceof thosein chargeof financialreporting and
of other control functionshaving an impact onfinancial
reporting;Basel iii ComplianceProfessionalsAssociation
(BiiiCPA)www.basel-iii-association.com 32. P a g e | 32- the nature
of hedgingstrategiesemployed by the bank which, ifcomplex,
improperlystructuredor inadequatelymonitored, can haveaccountingand
solvencyimplications;- the use of complex financial
instrumentsinvolving significantestimatesof fair value;-
theprovisionofcustodial servicestoretail and/
orinstitutionalclientsandtheproceduresin place toavoid
co-minglingof client andproprietaryassets;- thevolume of
transactionsby type of activityand/ or presenceofsignificant
non-routinetransactions;- theuse and monitoring of internal
accounts;- thestructure and complexityof IT systems for
conductingbusinessand for facilitatingefficient businessand
financial reporting, astheymayleadtoincreasedriskoffraud
orerror,particularlywherethereispotential for individual overrideof
the control system or thepotentialforfraudulent
transactionstogoundetectedduetothesophisticationand complexityof
the IT systems;- thenumber, scope and geographical dispersion of
subsidiariesandthenecessity for complex consolidationprocedures;-
theexistenceof significant transactionswith related parties;and-
theuse of off-balancesheet financingarrangements,such
asspecialpurpose entities(SPEs) and other complex structures.69.
Banking supervisorsand thosecharged with governance, such
astheaudit committee,needto be satisfiedthat the internal control
iscommensuratewiththenature, volume and complexityof
thebanksactivitiesand isorganisedin accordancewith regulatoryand
legalrequirements.Theinternalcontrolofabank
mustberobustandreliablein ordertocopewith stressed
environments.Basel iii ComplianceProfessionalsAssociation
(BiiiCPA)www.basel-iii-association.com 33. P a g e | 33Significant
deficiencies in internal control whichhave been identified
bytheexternal auditorshould be communicated in writingto
thosechargedwith governanceand senior management, and other
deficienciesininternalcontrol should
becommunicatedtotheseniormanagement at anappropriatelevel of
responsibilityon a timelybasis.In addition,
theCommitteebelievesthat the external auditor shouldcommunicatein
writingall mattersthat arelikely tobe significant
totheresponsibilitiesof thosecharged withgovernance in
overseeingthestrategicdirection of the entityor the entitys
obligationsrelatedtoaccountability.Such mattersmay
includesignificant decisionsor actionsbymanagement that lack
appropriateauthorisation.Internal audit70.Theinternal audit
function is an important element of theoverallinternalcontrol
environment.It providesassurancetotheboard of directorsandsenior
management onthequalityand effectivenessof a banksinternal control,
risk managementand governance systems and processes.Theworkof
internalauditorscanhelpexternalauditorsassessthequalityof the
internal control processesand identify risks.71.Whether ornot
theexternalauditorexpectstousethework ofabanksinternalauditors,
providedthere is noreasontodoubt theirknowledge,competenceand
objectivity, theexternal auditorshouldengagewith, and seek
information on key internal audit findingsfrom,
theinternalauditors.Thismayprovidevaluableinput
intotheexternalauditorsunderstandingof the entityand itsenvironment
and aid in identifying and assessingrisksof material
misstatement.Basel iii ComplianceProfessionalsAssociation
(BiiiCPA)www.basel-iii-association.com 34. P a g e | 34Theexternal
auditorshould consider readingrelevant internal auditreportsif
theinformation obtained from engagingwiththe
internalauditorsindicatesissuesthat may havean impact onthe
financialstatement audit.72.Theexternal auditorsobservationson and,
whererelevant, evaluationof a banksinternalaudit function are of
particular interesttothe auditcommitteeand the bankssupervisorgiven
the rolean effectiveinternalaudit function plays in maintaininga
robust control environment in abank.Responding to significant risks
of material misstatementspecific to a banksfinancial
statementsPrinciple6:Theexternal auditor of abank should respond
appropriatelytothesignificant risks of material misstatement in
thebanksfinancialstatements.73.Having identifiedand assessedthe
risksof materialmisstatement,
internationallyacceptedauditingstandardsrequire
theauditortoidentifyanyareaswherethereis a significant risk of
materialmisstatement. Paragraphs78-98belowset out keyaudit areasof
a banksfinancial statements,wherethere is often a significant risk
of materialmisstatement.74.In additiontotheareasset out in
paragraphs78-98, there are otheritemsin a banksfinancial
statementswhoseregulatory treatment couldgiverise to incentivesfor
management biasin the recognitionormeasurement of such
items.Asaconsequence,thereisagreaterriskof materialmisstatement
oftheseitemsin the financial statements.This may lead
toinappropriateapplicationof regulatory rulesto theseitemsand a
material misstatement of thebankscapital position.Basel iii
ComplianceProfessionalsAssociation
(BiiiCPA)www.basel-iii-association.com 35. P a g e | 35Examplesof
such itemsare deferred tax
assets,investmentsinunconsolidatedentities, pension fund assets,
and the classificationoffinancial instruments.External
auditorsshould thereforebe alert toany likelihoodthat thetreatment
of such itemsin the financial statementsis influencedbymanagement
biastowardsadesiredregulatoryoutcomeandconsiderthisin their risk
assessment of thebank.External auditorsshould alsobe awarethat
management biasmaychangeover time dependingon, for example, the
extent to whichthebank isable tomeet itsregulatory
requirements.External auditorsshould evaluateestimateswhichmay be
subjecttothisbias, and any potential audit
differencesotherwiseidentified, in thecontext of theimpact on
regulatory capital or regulatory capitalratios,consistent
withparagraph 64.75.Areas of significant risk of material
misstatement particularlyrequirean external auditor
toapplyprofessional judgment and experience.Internationallyaccepted
auditing standardsrequire that theexternalauditorobtain sufficient
appropriate audit evidence51regarding theassessedrisksof material
misstatement, through designingandimplementingappropriate
responsesto
thoserisks.76.Internationallyacceptedauditingstandardsrequire
special auditconsiderationfor areaswheresignificant risksof
material misstatementare identified.Given that theseareasare
associated withissuesthat the external auditoridentifiesashighly
important for the bank, these areasare worthyofdiscussion withthose
chargedwithgovernance.77.As the categoriesof what may be a
significant risk for a bank maychangeover time, the list of audit
areasprovided in paragraphs78-98ofBasel iii
ComplianceProfessionalsAssociation
(BiiiCPA)www.basel-iii-association.com 36. P a g e | 36thisdocument
asareaswherethere isoftena significant risk of materialmisstatement
is not intendedto be comprehensive.Loan lossprovisioning78.Loan
lossprovisioning is generallymaterial for a
banksfinancialstatementsand thecalculationof capital and
keyperformancemetrics.Themeasurement of loanlossprovisionsin
accordancewithinternationallyaccepted
accountingprinciplesinvolvescomplexjudgmentsabout credit riskwhich
may besubjectivein nature.79.Thefactorsthat theexternal auditor
needstoconsider in identifyingand assessingthe significant risksof
material misstatement in relationtoloanlossprovisioningand the
relatedallowancefor loan
lossesinclude:(a)Theestimationtechniquesusedtocompute provisionsand
how thetechniquesvary among and withinbanks.(b)How management
hasassessed theeffect of estimationuncertaintyonthelevel of
provisioning, and theeffect suchuncertaintymay have on
theappropriatenessof therecognised provisionand thesufficiencyof
therelatedallowancefor loanlossesin the financial statements.(c)All
knownand relevant impairment indicatorsfor loan
exposureswhichincludepreviouslyunexpectedadversedevelopmentsinthemarket
oreconomicenvironment, adverse movement in
interestrates,restructuring, inadequate underwritingpoliciesadopted
by thebank, overduepayments, failure of the borrower tomeet
budgetedrevenuesor net income, covenant breachesand
forbearance.(d)Whether thebank hassought perspectivesand data from
differentfunctionswithin the bank, includingrisk management, credit
andinternalaudit, aswell asreliable sourcesexternal tothe bank,
includingpeer data and regulator perspectivessoasto consider all
relevant andavailableinformation in assessingimpairment.Basel iii
ComplianceProfessionalsAssociation
(BiiiCPA)www.basel-iii-association.com 37. P a g e |
37(e)Accounting rulesfor provisioningmay differ from
theprovisioningrules that applyfor regulatory reportingor capital
purposes.It may thereforebe customaryfor bankstohave different
processesandsystems togenerateloanlossprovisionsfor accounting
purposesand forregulatorypurposes.Further, there can be material
differencesin the applicationof the sameset of accountingand/ or
regulatory rulesby individual
banks.Largedifferencesbetweenprovisionsfor accountingpurposesand
forregulatorypurposesmay indicatea risk of material misstatement of
theaccountingprovision.In addition, whilst for regulatory capital
purposesunder theBaselframeworkthe accountingloan lossprovisionfor
internal ratings-basedapproach(IRB) portfoliosis replacedbythe
regulatoryexpectedlossprovision, the level of the
accountingprovisionmay neverthelesshave animpact on thelevel or the
compositionof regulatory capital, duetothetreatment of thetax
effect of provisionsand the allocationof any excessprovision to
capital tiers.External auditorsshould be alert toany management
biasin thisarea.(f)Disclosuresshould enableuserstoassesstheloan
lossprovisioningmethodologyapplied by the bank, regardinghow it
relatestocredit riskforthat bank, andhowit
compareswithmethodologiesappliedacrossthebankingsector.Financial
instruments measured at fair value80.Abanksportfolioof financial
instrumentsmeasured at fair value canrangefrom plainvanilla
financial instrumentswhichare frequentlytraded in liquid
marketswithobservablemarket prices, and involve lessmeasurement
uncertainty, tothosewhichare customised, complex, andBasel iii
ComplianceProfessionalsAssociation
(BiiiCPA)www.basel-iii-association.com 38. P a g e | 38wherethe
valuationis basedon significant unobservable inputswithasubstantial
amount of management judgment.Financial instrumentsmeasured at fair
value alsoincludefinancialinstrumentsthat aresubject toan
impairment assessment which is a keyarea of judgment.81.Where
thereare changesin the composition of a banksportfolio offinancial
instruments whetherdue to changesin customer demand,
thebanksapproach to managingrisk and liquidity, or changesin
prudentialregulation thebank
willneedtoevaluateanyaccountingimplicationsofthechanges.82.Accounting
standardscontain requirementson recognition;initialand subsequent
measurement (includingimpairment); reclassificationfrom fair value
toamortised cost; presentation;and
disclosures.Becausetheserequirementsare complex, they may be
difficult tointerpret and apply, and thereforethe external auditor
often needstoutilisemore complex and wider-rangingaudit
proceduresto obtainsufficient appropriateaudit
evidencetosatisfyhim/ herselfthat thefinancial statementsare not
materiallymisstated.Theclassification of an individual financial
instrument may beparticularlyimportant for achievinga
favourableregulatory outcome.83.In adoptinga sceptical approach to
managementsassumptionsregardingthevaluation of financial
instrumentsfor which therearesignificant unobservableinputs,IAPN
1000,Special considerationsinauditingfinancial instruments,setsout
specificaudit proceduresthat maybefollowedin auditingfinancial
instrumentsmeasured at fair value.Liabilities including contingent
liabilities arising fromnon-compliance with lawsand regulations,
and contractualbreachesBasel iii ComplianceProfessionalsAssociation
(BiiiCPA)www.basel-iii-association.com 39. P a g e |
3984.Non-compliancewith, or material breachesof, the
prudentialframework,conduct requirements, legal requirementsor
contractualagreementscould leadto legal or
supervisoryactionsagainst abank, therebyexposingthebank topotential
litigationand/ or theimpositionof substantial penalties.Such
eventsmay require recognition of provisions, contingent
liabilitiesand/ orqualitativedisclosuresin thebanksfinancial
statements.Further, any adverse impact on the banks reputation
resulting from thisnon-compliance could have consequences for the
banks going concernassessment.85.In the courseof theaudit, the
external auditor should remain alert toactual or
suspectedbreachesof prudential regulations,particularlythosethat
are likely tobeof material significancetothe functionsof
thesupervisor.As noted in Section 6 below,55if theexternal auditor
identifiesany suchbreachesof material
significance,theauditorshouldnotify
thesupervisorimmediately.Disclosures86.Anumber of factorshave
contributedto an increased demand fromusersfor more relevant and
extensivequalitativeand quantitativedisclosures.Theseincludethe
increasedcomplexityof
businesstransactions,includingoff-balancesheet transactionsand
non-recognition of assetsand liabilities,and increaseduse of fair
value and other accountingestimates,withsignificant
uncertaintiesand changesin measurementattributes.87.While
accounting standards specify disclosure objectives, thestandards
may not always prescribe in all circumstances specificdisclosuresto
meet thoseobjectives.Basel iii ComplianceProfessionalsAssociation
(BiiiCPA)www.basel-iii-association.com 40. P a g e | 40Therefore,
there may be a substantial amount of judgment in
assessingwhetherdisclosuresarepresentedfairlyinaccordancewiththedisclosureobjectivesin
the relevant accountingframework.88.Increasedtransparencythrough
fairly presented public disclosuresenhancesmarket confidence.It is
thereforeimportant that thebank providedisclosureswhich
presentthebanksfinancial condition, the riskstowhichit isexposed
and howtheyare managed, and aremeaningful and responsiveto
changesinmarket conditionsand perceived risks.89.In respondingtothe
significant risksin this area of audit, theexternalauditorhasan
important role to playin encouraging consistent andmeaningful
disclosureswhich present thebanksfinancial condition in awaythat
isinformativeand understandableto usersof financialstatements.90.In
the courseof itsaudit work, the external auditor should be alert
toanyindicationsthat disclosuresin financial statementsare not
consistentwith the banksprudential information such ascapital
adequacyandliquidityposition disclosureswithinthe financial
statements.Going concern assessment91.Agoing
concerngivesrisetotwoseparate
issues:(a)whetherthegoingconcernbasisofpreparationof financial
statementsis appropriate; and(b)theexternalauditorsevaluationof
thebanksassessment of itsabilitytocontinuetomeet
itsobligationsfortheforeseeablefuture(forat least12monthsafter the
dateof thefinancial statements) and whethertherearematerial
uncertaintiesin thisregard that should be disclosedin
theapplicableaccountingframework.Basel iii
ComplianceProfessionalsAssociation
(BiiiCPA)www.basel-iii-association.com 41. P a g e |
4192.Theworkthe external auditor performs toassessthe going
concernstatusof a bank isdifferent from that likelyto be performed
for anon-bank entitybecauseof the contractual termsof bank
assetsandliabilities(maturitymismatch), the potential for
regulatoryintervention, and theimpact that the signallingof
anyuncertaintyoverthebanksabilityto continueasa goingconcern could
have on theshort-termviability of thebank.93.Examplesof reasonsthat
make thegoingconcern assessment of abank uniqueare
asfollows:(a)Current emerging risks and concernsspecific to the
bank or thebankingindustryasa wholemay have an impact on the
historical trendsfor the specific bank in sucha manner that
thehistorical trendsmay notreflect the likely trend over thenext
year.For example, during periodsof market turmoil, normal
sourcesoffundingmay no longer be available, asdepositspayable on
demand mayrun off more quicklythan historical
experiencewouldcontemplateandsuch deposits may bedifficult to
replace.(b)As banks arehighlyleveraged, a small changein asset
valuationmayhavea substantial impact on the adequacyof a
banksregulatory capital.Marketrisksmaybesuchthat financial
instrumentsheldat fairvaluemaybesubject tosubstantial changesin
valuein the short term and significantvolatility over the longer
term.Adecreasein regulatory capital may result in a downgradeby
ratingagenciesmakingfunding more expensive and possiblyharder
toobtain.94. Given these and other risks, banks are required tomeet
liquidityrequirementsand capital ratios set by thebank
supervisoryauthority.There should be equal emphasison the
evaluation of liquidityandsolvencyof thebank for the period over
whichthe going concernassumptionhasbeen assessed:Basel iii
ComplianceProfessionalsAssociation
(BiiiCPA)www.basel-iii-association.com 42. P a g e |
42(a)Liquidity: Factorsto assessincludethe reasonablenessand
reliabilityof the cashforecast for at least12monthsafter the date
of thefinancialstatements,liquidityrisk disclosures,regulatory or
contractualrestrictionson cash, loancovenants,and
pensionfunding.(b)Solvency: Giventhepotential adverseimpact of
capital adequacyconcernson theconfidencein abank and, asa
consequence,on thebankoperatingasa goingconcern, the external
auditor will need toconsidertherobustnessof thebankssystem for
managing capital.In addition, theexternal auditor will need to
consider the capital positionin relationtothe current and any
knownfuture capitalrequirements,definitionsof capital resources,and
challengesof raisingcapital.This is
particularlycriticalwherecapital levelsare strained,
accesstocapital resourcesis restrictedor where, for example,
thebanksannualreport or internal capital
projectionsincludeambitiousprojectionsofimprovementsin capital
levels.95. In respondingto the significant risksin this area of
audit, andassessingmanagementsassertion that a bank isa
goingconcern, factorswhicharenecessaryto consider
are:(a)therobustnessof thebanksown systemsand controlsfor
managingliquidity, capital and market risk;(b)theprudential
informationthat isreported tosupervisorscoveringthebankssolvencyand
capital;(c) anyexternal indicatorsthat reveal liquidityor
fundingconcerns;and(d) theavailabilityof short-term
liquiditysupport.96. Given the above risks and the possible
systemic implications, if thereare any significant doubtswhich may
cause material uncertainty over thebanksabilityto continue asa
goingconcern, and if the external auditorBasel iii
ComplianceProfessionalsAssociation
(BiiiCPA)www.basel-iii-association.com 43. P a g e |
43considersreferringtothe goingconcern issuein theaudit report,
theexternal auditor should promptlycommunicatethis fact to
thesupervisors.Securitisations SPEs97.Thebanking sector is involved
in activitiessuch assponsoring (ororiginating) structured
products/transactionsthat supportmaturity, credit and
liquiditytransformationrisksmore oftenthan
otherindustrysectors.Thesponsoringbank doesnot ordinarilyfund such
activities.Thefunding is generallyprovidedby other parties.However,
thesponsoring bank may be exposed to riskssuch asreputational risk
in the event of the sponsoredentityencounteringfinancial or
operational difficulties.98.Such activitiesrequire special
considerationby the external auditorand are of interest to the
supervisor for thefollowingreasons:(a) Accounting concern
Accounting frameworksare oftenprinciples-based,whichmayresult
indifferent treatmentsofeachofthesecomplex transactions.In
addition, becausetheseare highly structured products,
theiraccountingtreatment may vary based on the factsand
circumstancesofeach transaction, eg whereSPEsare tailoredto remain
off thebanksbalancesheet.In theseinstances,it is necessaryfor
theauditortoevaluatethejudgmentsmadeby themanagement and consider
whethertheaccountingtreatment is appropriate and the
disclosuresaresufficient.Basel iii
ComplianceProfessionalsAssociation
(BiiiCPA)www.basel-iii-association.com 44. P a g e |
44(b)Regulatoryconcern Becauseof thecomplexityof the
securitisationandthechain of financial intermediation,
thesponsoring bank in anoriginatetodistribute model may
underestimatethe real risktransferred or the risk retainedon
itsbalancesheet (includingreputationrisk and conflictsof interest
in caseof defaultson thesecuritisedassets).Even so, the
originatormay be ableto benefit from an off-balancesheettreatment
for the assetsunderlying thesetransactionsand hencemay
notberequired tohold additional regulatorycapital
unlessspecificallyrequiredby thesupervisor.Theexternal
auditorshould be alert to whenthe supervisorrequiresadditional
capital even though theoff-balancesheet accountingtreatment
appliedbythebank isappropriate.(c)Interconnectivity Increasesthe
correlationbetween banks and othernon-bankingsectors, whichcan add
tothe global systemic risk.5. Supervisory expectationswith regard
to a banks auditcommittee and its relationship with the external
auditor99.The BCBSs paper on the Internal audit function in
banks(June 2012)and its paper on Principles for enhancing corporate
governance (October2010) describe the main resp on sib ilities of a
ban ks au d it committ ee .Theaudit committee has, amongst others,
a number of responsibilitieswith respect to the external auditor
and the statutoryaudit.Theaudit committee approves, or
recommendstothe board of directorsfor approval, the appointment,
reappointment, dismissal andcompensation of theexternal
auditor.Theaudit committeealsomonitorsand assessestheindependenceof
theexternal auditor.100.Theaudit
committeeoverseesthebanksstatutoryaudit process.Basel iii
ComplianceProfessionalsAssociation
(BiiiCPA)www.basel-iii-association.com 45. P a g e | 45Key
aspectsof the audit committeeswork encompassthe assessment
oftheeffectivenessof the external audit process.Theaudit committee
should require that seniormanagement take
thenecessarycorrectiveactionstoaddressthefindingsandrecommendationsof
theexternal auditorin a timelymanner.101.Thediscussion below
focuseson theaudit committeesresponsibilitiesin relationtothe
oversight of, and itsrelationshipwith, the external auditor
topromote and support the integrity, objectivityand independenceof
theauditor, the qualityof the external audit and
thecompetenciesthat underpin that quality.Toenablethe audit
committeeto carryout itsoversightresponsibilities,
whichalsocontributetothe effectivenessof the auditprocess,
theprinciplesin thissection promote
effectivetwo-waycommunicationbetweentheaudit committeeand the
external auditor.It is important to note that all
thediscussionsbelow stem from animportant
overarchingprinciple:namely, that there shouldbe afrank, open
workingrelationship and a high level of mutual respectamongstall
partiesinvolved.102.Theprinciplesand explanatoryguidancein this
section form thebasisfor the supervisorsmonitoring of the
effectivenessof theauditcommitteein itsoversight of theexternal
auditor.Appointment of the external auditorPrinciple7:Theaudit
committee should have arobustprocessforapproving, orrecommendingfor
approval, theappointment, reappointment, removal and remuneration
of theexternal auditor.103.Theaudit committeehastheprimary
responsibilityfor approving, orrecommending to theboard of
directorsfor approval, theappointment, reappointment, removal and
remunerationof the externalauditor. Basel iii
ComplianceProfessionalsAssociation
(BiiiCPA)www.basel-iii-association.com 46. P a g e | 46In doing so,
the audit committeeshould
determineappropriatecriteriaforselectingthe external auditor and
regularlyassesstheknowledge,competence,independence(seePrinciple8below)
of theexternalauditorandeffectiveness(seePrinciple9below)of
theexternalaudit, havingdueregard to the guidancein Section
4.104.Theaudit committeesproceduresfor approving or
recommendingtheapproval of the external auditor should alsoincludea
risk assessmentof the likelihood of the withdrawal of theexternal
auditor from theaudit, and how thebank wouldrespond tothat
risk.105.Theaudit committeeshould contribute a
sectiontothebanksannual report whichexplainsthe approach taken
regardingtherecommendation of the appointment or reappointment of
theexternalauditor, and should includesupporting information on
thetenure of theincumbent auditor.106.If the board of
directorshasapproval responsibilitieswith respecttothe external
auditor, but doesnot accept the audit committeesrecommendation, it
should includein the annual report, and in anypapersrelatingto
theappointment/ reappointment/ dismissal of theexternal auditor, a
statement explainingthe audit committeesrecommendation and the
reasonswhytheboard of directorshastaken adifferent
position.107.Theaudit committeeshould assesstheoverall qualityof
the externalauditor, prior toitsfirst appointment and at least
annuallythereafter.Tothat end, the audit committeeshould request
that the external auditorreport on theexternal auditorsown internal
qualitycontrolprocedures,including the audit firms EQCR process,
and any significantmattersof concernsarisingfrom
theseprocedures.Theaudit committee should alsoconsider,
whereavailable, the externalaudit firms annual transparencyreport
and any inspectionreportson theaudit firm issuedbythe relevant
oversight body.Basel iii ComplianceProfessionalsAssociation
(BiiiCPA)www.basel-iii-association.com 47. P a g e | 47108.Theaudit
committeeshould maintain an understandingandknowledgeof:-
thestructure and governance of the audit firm;- thecurrent nature
of the audit environment, includinganyoverseasjurisdictionswherethe
bank operates;- significant issues and concerns raised by the
relevant audit oversightbody regarding the audit firm, and the
auditors action in addressingtheseconcerns, to understand how these
shortcomingsmay affect thequalityof theaudit of the bank;-
thenature of bankingregulatory actionsand conditionsthat
couldhavean impact on theexternal auditorswork on thebank,
includinganyregulatoryactionsand conditionsspecific tothebank
beingaudited, or to actionsand conditionsthat the supervisor is
imposingon all banks (for example, through newlyimplemented
regulationsandpolicies);and- public lessonslearnedfrom any recent
external audit failuresassociatedwiththebanksaudit firm and
howthefirm hasdealt withthem sothat similardeficienciesdonot
occur.109.Theaudit committeeshould alsosatisfyitself that the level
of theaudit feesis commensurate with the scope of
workundertaken.Wherefeereductionsare offered and accepted, theaudit
committeeshould seek assurancethat thesereductionsdo not
implyaninappropriateincreasein the materialitylevel tobe applied by
theexternal auditor, or a narrowingof the external auditorsproposed
scopeof the audit, or a reduction in the attentionwhichwill be
given to eachbusinesscomponent and thesignificant audit
risksidentified.110.Theaudit committeeshould discussand agreeto
theterms of theengagement letter issued by the external auditor
prior to the approval oftheengagement.Basel iii
ComplianceProfessionalsAssociation
(BiiiCPA)www.basel-iii-association.com 48. P a g e |
48Whererelevant, theaudit committeeshould agree toan
engagementletterthat hasbeenupdatedtoreflectchangesin
circumstances, such asthosearisingfrom changesin legal
requirementsand changesin thescopeof theexternal auditorswork asa
result of revisionstointernationallyaccepted auditing
standardswhichhave arisen sincethepreviousyear.111.If the external
auditor resigns or communicatesan intentiontoresign, the audit
committeeshould followup on
thereasons/explanationsgivingrisetosuchresignationand
considerwhethertheaudit
committeeneedstotakeanyactioninresponsetothosereasons.Independence
of the external auditorsPrinciple8:Theaudit committee shouldmonitor
and assesstheindependence of theexternal
auditor.112.Theindependenceof the external auditor is one of the
mainprerequisitesfor anadequatelevel of audit quality.As such,
theaudit committeeshould understand
theapplicableindependencerequirements.Theaudit committee should
have proceduresto monitor and assesstheindependenceof theexternal
auditor at least annually, taking intoconsiderationrelevant
national laws,regulationsand professionalrequirements.Theassessment
should alsoinvolve a consideration of all
relationshipsbetweenthebank andtheaudit firm
(includingtheprovisionofnon-auditservices) and any
safeguardsestablishedby the external auditor.113.Where the audit
firm hasbeen theexternal auditor of thebank formanyyears, there may
be a perception that there is a familiarity orBasel iii
ComplianceProfessionalsAssociation
(BiiiCPA)www.basel-iii-association.com 49. P a g e |
49self-interest threat to the external auditorsobjectivityand
independencein itsaudit of the bank.However, when the bank changes
its external auditor, there is a risk thatthe depth of
understanding of the bank and its activities and systems
willbelost.This may affect the new external auditorsabilityto
identify risks ofmaterial financial statement misstatementsand
respond tothemappropriately, and hencemay detract from the
qualityof the audit.114.Audit committeesshould have a policy in
placethat stipulatesthefrequencywithwhichthere should be a tender
for the external auditcontract.Thepolicyshould alsocall for the
audit committeeto considerperiodicallywhetherthere should be a
limit tothe length of an externalauditorstenure asthe banksexternal
auditor giventhe potential impactof audit firm rotation on
independenceand audit quality.115.Audit committeesshould understand
theaudit firms policy onrotation of members of the audit engagement
team and theaudit firmscompliancewith anyjurisdictional or other
localregulatory requirementsin this regard.116.As describedin
Principle2, the audit committeeshould seekassurancethat the audit
engagement team membersand their firm and,whenapplicable, the
network external auditorshaveno financial,personal, businessor
other relationshipswiththebank whichcouldadverselyaffect
theauditorsactual or perceivedindependenceandobjectivity.The audit
committee should seek from the external auditor, at least on
anannual basis, information about the audit firms policies and
processesformaintaining independence and monitoring compliance with
the relevantindependencerequirements.Basel iii
ComplianceProfessionalsAssociation
(BiiiCPA)www.basel-iii-association.com 50. P a g e | 50117.Audit
committeesof banks should develop a formal
policywhichgovernstheacceptanceof non-audit servicesprovidedby
theauditor.Amongst other provisions,the policyshould
includecriteria for the typesof non-audit servicesthat the external
auditor may provideor isprohibited from providing, and
rulesstipulatingwhenadvanceapprovalbythe audit committeeisrequired
for theauditors performanceofnon-audit services.Thepolicyshould be
reviewedperiodicallyand complianceshould bemonitored,
takingintoaccount thecontentsof Section 4of thisdocument.118.Where
non-audit servicesare provided by the external auditor, theaudit
committeeshould monitor and establishthat theprovision of
suchservicesdoesnot impair theexternal
auditorsobjectivityandindependence,taking
intoconsiderationvariousfactorsincludingtheskillsand experienceof
the external auditor, safeguardsin placetomitigateanythreat
toobjectivityandindependence,andthenatureofandarrangementsfor
non-audit fees.119.Where the external auditorprovidesnon-audit
servicestothebank, the banksannual report should explain
toshareholdersthenatureof and thefee arrangementsfor thenon-audit
servicesreceived,
andhowauditorindependenceissafeguarded.Effectivenessof the external
auditPrinciple9:Theaudit committee should monitor and
assesstheeffectivenessof theexternal audit.120.At the start of each
audit, the audit committeeshould considerwhetherthe audit approach
is appropriate, includingconsiderationsontheaudit scope, thelevel
of materiality, areasof focusand whetherplannedaudit
proceduresaddressthe areasof significant risk for thebank, in
particular thoseareasdescribedin Section 4 of this document.Basel
iii ComplianceProfessionalsAssociation
(BiiiCPA)www.basel-iii-association.com 51. P a g e | 51121.Theaudit
committeeshould consider whethertheproposedresourcesto
executetheaudit plan arereasonablegiven the scope of theaudit
engagement, the nature and complexityof thebanksoperations,and
itsstructure and activities.Theaudit committee should understand
thenature and extent of
auditworkthattheexternalauditorintendstorelyuponwheretheaudit
workisperformed by network firm personnel or other audit
firms.122.Theaudit committeeshould obtain confirmation from the
externalauditorthat there isadequateknowledge, competenceand
expertisewithintheaudit engagement team andthat theaudit will
beconductedincompliancewith internationallyaccepted
auditingstandards, aswell asany applicablelawsand
regulations.123.Theaudit committeeshould discusswith the external
auditor thefindingsof the latterswork.In the courseof
itsmonitoring, the audit committeeshould:- Obtain anunderstanding
of the external auditorsview on anymajorissuesthat aroseduring the
audit (includingthoseissuesthat weresubsequentlyresolved aswell
asthosethat have been leftunresolved), in particular the external
auditorsexplanationof thesignificant judgmentstheaudit engagement
team made and theconclusionsit reached.This should includethe
discussionswith management and thejudgmentsinvolved, therangeof
possibleoutcomesand, whereavailable,a comparisonof
thebankspositionwith that of itspeergroup (on an anonymous basis),
includinga comparison withpreviousperiodson such major issues;-
Obtainan understandingof the rationalebehindthe final
conclusionsdrawnby the audit engagement partner on significant
accountingand auditingmatters,particularlyin
thosecircumstancesBasel iii ComplianceProfessionalsAssociation
(BiiiCPA)www.basel-iii-association.com 52. P a g e |
52wheretheaudit engagement partnersconclusionsdifferedfromthoseof
theengagement qualitycontrol reviewer;and- Review the nature and
levelsof misstatementsidentified during theaudit,
obtainingexplanationsfrom management and, wherenecessary,
theexternal auditor asto whycertain errorsmight
remainunadjusted.124.Theaudit committeeshould alsodiscusswiththe
external auditortheaudit representation lettersbeforesignature
bythe boardofdirectors/ seniormanagement and give particular
consideration tomatterswherespecific representation hasbeen
requested.Theaudit committee should consider whetherthe
informationprovidedon each of the itemsin
therepresentationlettersiscomplete andappropriatebased on itsown
knowledge.125.As part of the ongoingmonitoringprocess, the audit
committeeshould discusswiththe auditorthe management letter (or
equivalent)and any other audit-relatedreportsprovidedtothebank.In
particular, the audit committee should discuss with the
externalauditor any significant deficiencies identified in the
banks controlenvironment and in itsinternal control over financial
reporting.126.At the end of the audit engagement period, the audit
committeeshould:- consider whethertheaudit firm hasfolloweditsaudit
plan andunderstand thereasonsfor any
changes,includingchangesinperceivedaudit
risksandtheworkundertakenbytheexternalauditortoaddressthose risks;-
obtain feedback about the conduct of theaudit from key
bankpersonnel involved, eg theheadsof financeand internal audit;
andBasel iii ComplianceProfessionalsAssociation
(BiiiCPA)www.basel-iii-association.com 53. P a g e | 53- report
totheboard of directorsonthe effectivenessof the externalaudit
process.127.Theaudit committeeshould seek toobtain information from
theexternal auditor on the main findingsof audit qualityreviewsof
thebanksaudit and theaudit firms qualitycontrol systems by
auditoversight bodies.Relationship between the audit committee and
the externalauditorPrinciple10: Theaudit committeeshould have
effective communicationwith theexternal auditortoenabletheaudit
committeetocarryout itsoversight responsibilities
andtoenhancethequalityof theaudit.128.Thefoundation for an
effectiverelationship is regular, timely,
openandhonestcommunicationbetweentheaudit
committeeandtheexternalauditor.Regular
dialoguebetweenthetwopartiesshould be held throughout thereporting
cycle of the bank.129.Whileboth cooperation and challengesare
neededbetweentheexternal auditor and the audit committeefor the
external audit to beeffective, theneedfor
cooperationshouldneverprevent robust challengesfrom being made
whenneeded.Such challengesare a key responsibility of the audit
committeeand arepart of theproductive dialogueon key judgmentsthat
can result instronger and deeper understandingof and viewson the
positionsof allparties.130.In order to reinforce the audit
committees effectivenessand enhancethe quality of the audit, the
audit committee should consider inviting theexternal auditor
toattend audit committeemeetings(except whenBasel iii
ComplianceProfessionalsAssociation
(BiiiCPA)www.basel-iii-association.com 54. P a g e |
54discussingmattersin relationto the assessment of the external
auditor),even if there are noitemsexplicitlyrelevant tothe external
audit on theagenda.Theexternal auditorsattendanceshould
facilitatetheexchangeof viewson businessperformance, risk and other
topics.Further,toenhanceaudit quality, theaudit
committeeshouldconsider, ifnecessary, assistingtheexternal
auditortogain accesstoany othercommitteemeetingsthat the external
auditor determinesto be relevantfor the auditorswork.131.Theaudit
committeeshould have the right and authoritytomeetregularly in the
absenceof executivemanagement with theexternalauditor.This will
enablethe audit committeetounderstand and discussall issuesthat may
havearisenbetweentheexternal auditorand bank managementin thecourse
of the external audit and how these issueshavebeenresolved.In
addition, thesemeetingsshould addressany other mattersthat
theexternal auditor believesthe audit committeeshould be awareof in
ordertoexerciseitsresponsibilities.132.The audit committee should
discusswith the auditor any mattersarising from the statutory audit
that may have an impact on regulatorycapital or disclosures.This
may includediscussionof theinteractionbetween
theaccountinginformation and theregulatory information, eg
accountingimpairmentchargesversusregulatory expectedlosses,or the
consistencyof thebanksPillar 3 reportingwithitsannual
report.133.Theaudit committeeshould discusswiththeexternal auditor
anysignificant issuesidentified in the course of theaudit, in
particular inBasel iii ComplianceProfessionalsAssociation
(BiiiCPA)www.basel-iii-association.com 55. P a g e |
55areaswhichcould be relevant tofuture financial
statements,topromoteearlydiscussionand planning.This
includesupcoming changesin accountingstandards or
regulationsandtheconsequencesof material transactions.134.Theaudit
committeeshould alsocommunicateto theexternalauditormattersthat are
likely tobe of significant influenceon theconduct of
thestatutoryaudit.Such mattersmay encompasssubjectsthat the audit
committeebelieveswarrant particular attention, significant
communicationswiththesupervisor,or other mattersthat the audit
committeeconsidersmayinfluencethe audit of the financial
statements.Reporting by the external auditor to the audit
committeePrinciple 11: The audit committee should require the
external auditor toreport toit on all relevant matters toenablethe
audit committee to carryout itsoversight responsibilities.135.In
some jurisdictions,aspart of the statutoryaudit, the
auditorsarealsorequired by law or regulationstoexpressan opinion on
the controlenvironment of thebank and provide additional
reportingof mattersidentifiedaccordingly.Theexplanatoryguidancein
thefollowingparagraphsonlycoversreporting totheaudit committee that
may be required in thecontext ofthefinancial statement
audit.136.Theaudit committeeshould expect the external auditor
tocommunicatepromptly tothe audit committeeany significant
auditfindingsnoted in thecourseof the audit and any significant
problemsencounteredin carrying out theaudit.Basel iii
ComplianceProfessionalsAssociation
(BiiiCPA)www.basel-iii-association.com 56. P a g e | 56137.Upon
completion of the audit work, theexternal auditor shouldreport
tothe audit committeeon theoutcome of the audit in
writing.Thecontentsof thesewrittenreportsshould be alignedwith
therequirementsset by internationallyaccepted
auditingstandardsformatterstobe
communicatedtothosechargedwithgovernance, therecommendationsmadein
this document, and any additionalrequirementsunder
applicablelawsand regulations.138.In addition totheabove, wherenot
already covered by therecommendationsin other partsof this document
and the relevantauditingstandards, theaudit committeeshould request
that the externalauditorreport toit in writingon other significant
matters, includingthefollowing:- Key areasof significant risk of
material misstatement in thefinancialstatements,in particular on
critical accountingestimatesor areasofmeasurement uncertainty(eg
loanlossprovisioning and valuationuncertainties),
includingpotential valuation bias and consequentialeffectson
earnings,compensation structuresand regulatory ratios.- Areas of
significant management and auditor judgment,
includingjudgmentspertainingto the recognition, de-recognition,
measurement or disclosureof relevant itemswithin thefinancial
statementsand, whererelevant, judgmentsabout
materialuncertaintiesthat may cast doubt on an entitysability to
continue asa going concern (includingconsiderationof liquidity/
fundingissuesof the entity).- Outsourcingof keyexternal audit work
(eg with respect to auditsofsubsidiaries)toanother audit firm or
useof external expertstoassistwith the external audit.- Significant
internalcontrol deficienciesidentifiedin thecourseof
thestatutoryaudit.Basel iii ComplianceProfessionalsAssociation
(BiiiCPA)www.basel-iii-association.com 57. P a g e | 57-
Mattersthat arelikelytobesignificant totheresponsibilitiesof
thosecharged with governancein overseeingthe strategic directionof
theentityor the entitysobligationsrelated toaccountability.- Areas
of financial statement disclosures, for the bank
itselfandrelativetoitspeers, whichtheauditor believescould
beimproved, includingthe resultsof
discussionswithmanagement.139.For the purposesof complying withthe
requirementsofinternationallyacceptedauditingstandards,
wheresignificant mattersarecommunicated to the audit committee,the
external auditor should alsodetermineif thesemattersneedto be
communicatedtotheboard ofdirectors.6. The relationship between the
supervisor and the externalauditor140.This section setsout the
principlesthat promoteeffectiverelationshipsthat will enableregular
communication of mutuallyusefulinformation in thecontext of a
statutoryaudit between:- thesupervisor and the external auditor at
the supervisedbank level,regardless of whether the communicationis
mandatory(SubsectionA Principles12and 13); and- thebanking
supervisoryauthorityand theaudit firm, and
theaccountingprofessionasa wholethat is not specific toan
individualbank (Subsection B Principle14).140.Thekey objectiveof
having
effectiverelationshipsbetweenthepartiesreferredtoaboveistoenhancetheeffectivenessof
thesupervisionof the
bankingsector.Thisrelationshipwillthenalsocontributetothequalityofex