AUDIT OF BANKS

Definition

Bank pertains to a financial institution licensed to receive deposits and make loans and may
also provide financial services such as wealth management, currency exchange, and safe deposit
boxes. Most countries have the national government or central bank as its regulatory body
(Investopedia).

Purpose

▪ To examine compliance to legal and jurisdictional regulations, laws, and industry standards.
▪ To ensure integrity of a financial institution and its practices
▪ To protect not only the financial institution’s management but other stakeholders such as
shareholders, creditors, lenders, and clients.

Manual of Regulations for Banks

Definition

The Manual of Regulations for Banks (MORB) serves as the principal source of banking
regulations issued by the Monetary Board of the Bangko Sentral. It also covers adoption of
international standards and best practices, as well as amendments to existing policies.
It is composed of six sections, namely, (1) Organization, Management and Administration, (2)
Deposit and Borrowing Operations, (3) Loans, Investments and Special Credits, (4) Trust, Other
Fiduciary Business and Investment Management Activities, (5) Foreign Exchange Transactions and
(6) Treasury and Money Market Operations.

Key Objectives of BSP’s Supervisory Enforcement Policy

▪ Reconcile desired changes in the overall condition and governance of Bangko Sentral supervised
FIs with the expectations set under relevant laws and regulations
▪ In an effort to maintain the stability of the financial system, mitigate the risks to the FIs and other
stakeholders

Sec. X190 (2008 - X166) Audited Financial Statements of Banks

Subsection X190.1 (2008 - X166.1) Financial Audit – Reports Required

Annual financial audit by an external auditor shall pe rendered by banks to the Bangko Sentral
not later than thirty (30) calendar days after the close of the calendar year or the fiscal year adopted
by the bank. Such report shall be accompanied by:
1. Certification by the external auditor on the: (a) dates of start and termination of audit; (b)
date of submission of the financial audit report and certification under oath stating that no
material weakness or breach in the internal control and risk management systems was noted in
 the course of the audit of the bank to the board of directors or country head; and (c) the absence
of any direct or indirect financial interest and other circumstances that may impair the
independence of the external auditor
2. Reconciliation Statement between the AFS and balance sheet and income statement for
bank proper (regular and FCDU) and trust department including copies of reconciling entries
3. Other information the Bangko Sentral may require

Subsection X190.1 (2008 - X166.1) Financial Audit – Letter of Commitment (LOC)

LOC refers to a written commitment to undertake a specific positive action or refrain from
performing a particular activity with a given time period required from the FI’s Board of Directors
(Board), upon approval and/or confirmation by the Monetary Board (MB). It is generally used to
arrest emerging supervisory concerns before these develop into serious weaknesses or problems, or
to address remaining supervisory issues and concerns (General Principles, p2).
The LOC, which the external auditor shall submit to the board of directors or country head upon
the requirement of the bank, shall indicate any material weakness or breach in the institution’s
internal control and risk management systems within thirty (30) calendar days after submission of
the financial audit report.

Definition of terms:
Material weakness – significant control deficiency/ies which results in more than a remote
likelihood that a material misstatement of the FS will not be detected or prevented by the entity’s
internal control. It does not mean that a material misstatement has occurred or will occur, but that it
could occur.
Control deficiency – exists when the design or operation of a control does not allow management
or employees, in the normal course of performing their assigned functions, to prevent or detect
misstatements on a timely basis.
Significant deficiency –control deficiency/ies that adversely affects the entity’s ability to initiate,
authorize, record, process, or report financial data reliably in accordance with GAAP.
More than remote likelihood – future events are likely to occur or are reasonably possible to occur.

Subsection X190.3 (2008 - X166.3) Disclosure of Adverse Findings and Sanctions

Findings required disclosure. External uaditors shall report to Bangko Sentral matters adversely
affecting the condition or soundness of the bank such as:
▪ Any serious irregularity, including those involving fraud or dishonesty, that may jeopardize the
interest of depositors and creditors;
▪ Losses incurred which substantially reduce the capital funds of the bank;
▪ Inability of the auditor to confirm that the claims of creditors are still covered by the bank’s
assets.
This disclosure shall not serve as a ground for civil, criminal or disciplinary proceedings against
the external auditor. This information should be presented to the bank management in order to preserve
the concerns of the supervisory authority and external auditors regarding the confidentiality of
information.
Sanction. Failure to perform this duty of reporting to the Bangko Sentral, the auditing firm(s)
shall be blacklisted by the Monetary Board for a period as the Board may deem. Consequently, banks
shall not be allowed to engage the services of the blacklisted auditing firm.
 Subsection X190.4 (2008 - X166.4) Disclosure s in Notes to Audited Financial Statements

▪ Basic quantitative indicators of financial performance such as:

𝑁𝑒𝑡 𝐼𝑛𝑐𝑜𝑚𝑒 (𝐿𝑜𝑠𝑠)𝑎𝑓𝑡𝑒𝑟 𝐼𝑛𝑐𝑜𝑚𝑒 𝑇𝑎𝑥 × 100
Return on Average Equity (%) =
𝐴𝑣𝑒𝑟𝑎𝑔𝑒 𝑇𝑜𝑡𝑎𝑙 𝐶𝑎𝑝𝑖𝑡𝑎𝑙 𝐴𝑐𝑐𝑜𝑢𝑛𝑡𝑠
𝑆𝑢𝑚 𝑜𝑓 𝑇𝑜𝑡𝑎𝑙 𝐶𝑎𝑝𝑖𝑡𝑎𝑙 𝐴𝑐𝑐𝑜𝑢𝑛𝑡𝑠 𝑎𝑠 𝑜𝑓 𝑡ℎ𝑒 12 𝑚𝑜𝑛𝑡ℎ − 𝑒𝑛𝑑𝑠
Average Total Capital Accounts =
12
𝑁𝑒𝑡 𝐼𝑛𝑐𝑜𝑚𝑒 (𝐿𝑜𝑠𝑠)𝑎𝑓𝑡𝑒𝑟 𝐼𝑛𝑐𝑜𝑚𝑒 𝑇𝑎𝑥 × 100
Return on Average Assets (%) =
𝐴𝑣𝑒𝑟𝑎𝑔𝑒 𝑇𝑜𝑡𝑎𝑙 𝐴𝑠𝑠𝑒𝑡𝑠
𝑆𝑢𝑚 𝑜𝑓 𝑇𝑜𝑡𝑎𝑙 𝐴𝑠𝑠𝑒𝑡𝑠 𝑎𝑠 𝑜𝑓 𝑡ℎ𝑒 12 𝑚𝑜𝑛𝑡ℎ − 𝑒𝑛𝑑𝑠
Average Total Assets =
12
𝑁𝑒𝑡 𝐼𝑛𝑡𝑒𝑟𝑒𝑠𝑡 𝐼𝑛𝑐𝑜𝑚𝑒 × 100
Net Interest Margin (%) =
𝐴𝑣𝑒𝑟𝑎𝑔𝑒 𝐼𝑛𝑡𝑒𝑟𝑒𝑠𝑡 𝐸𝑎𝑟𝑛𝑖𝑛𝑔 𝐴𝑠𝑠𝑒𝑡𝑠
𝑆𝑢𝑚 𝑜𝑓 𝑇𝑜𝑡𝑎𝑙 𝐼𝑛𝑡𝑒𝑟𝑒𝑠𝑡 𝐸𝑎𝑟𝑛𝑖𝑛𝑔 𝐴𝑠𝑠𝑒𝑡𝑠 𝑎𝑠 𝑜𝑓 𝑡ℎ𝑒 12 𝑚𝑜𝑛𝑡ℎ − 𝑒𝑛𝑑𝑠
Average Interst Earning Assets =
12
▪ Risk-based capital adequacy ratio and applicable and existing capital adequacy framework
▪ Concentration of credit where concentration is said to exist when total loan exposures to a particular
industry/economic sector exceeds thirty percent (30%) of total loan portfolio
▪ Breakdown of total loans (secured and unsecured) and secured loans (type of security)
▪ Nature and amount of contingencies and commitments from off-balance sheet items
▪ Provisions and allowances for losses and how these losses are determined
▪ Aggregate amount of secured liabilities and assets pledged as security
▪ Accounting policies (general accounting principles, changes in accounting policies/practices,
principles of consolidation, policies and methods for determining when assets are impaired,
recognizing income on impaired assets and losses on non-performing credits, income recognition,
valuation policies and accounting policies on securitizations, foreign currency translations, loan fees,
premiums and discounts, repurchase agreements, premises/fixed assets, income taxes and
derivatives)

Philippine Auditing Practice Statement 1006

Special Audit Considerations

▪ Nature of the risks associated with the transactions undertaken by banks.

▪ Scale of banking operations and the resultant significant exposures that may arise in a short period.
▪ Extensive dependence on IT to process transactions.
▪ Effect of the regulations in the various jurisdictions in which they operate.
▪ Continuing development of new products and banking practices that may not be matched by the
concurrent development of accounting principles or internal controls.

Par. 10-11 | Audit Objective

▪ To enable the auditor to express an opinion on the bank’s financial statements, which are prepared
in accordance with accounting principles generally accepted in the Philippines.
▪ The auditor’s report indicates that accounting principles generally accepted in the Philippines have
been used to prepare the bank’s financial statements. When reporting on financial statements of a
bank prepared specifically for use in a country other than the Philippines, the auditor considers
whether the financial statements contain appropriate disclosures about the financial reporting
framework used
 Par. 21 | Risks Associated with Banking Activities

Currency Risk
Country Risk Fiduciary Risk
Risk of loss caused by
Risk that foreign customers and Risk of loss due to failure
future movements in
counterparties will fail to settle obligations to maintain safe custody
exchange rates applicable to
due to economic, political and social factors or negligence in the
foreign currency assets,
of the counterparty’s home country and management of assets on
liabilities, rights and
external to the customer or counterparty behalf of other parties.
obligations.

Credit risk Interest Rate risk

Liquidity risk
Risk of customer not settling an obligation for full value, either Risk that movement
Risk of loss
when due or at any time thereafter. It may be considered the in interest rates would
due to changes
most important risk in banking operations particularly from adversely affect the
in bank’s
commercial lending. It arises from lending to individuals, value of assets and
ability to sell
companies, banks and governments. Also, it exists in assets liabilities or would
or dispose of
other than loans, such as investments, balances due from other affect interest cash
an asset.
banks and in off-balance sheet commitments. flows.

Modeling risk Operational risk Price risk Solvency risk

Risk linked with the Risk of direct or Risk of loss arising from Risk of loss arising from
imperfections and indirect loss due to adverse changes in market possibility of not having
subjectivity of internal processes, prices, including interest sufficient funds to meet its
valuation models people and systems rates, foreign exchange rates, obligations, or from the
used in determining or external events equity and commodity prices bank’s inability to access
the values of assets failure or and from movements in the capital markets to raise
or liabilities. inadequacy. market prices of investments. required funds.

Regulatory risk
Legal and documentary risk Replacement or Performance risk
Risk of loss due to the
Risk that contracts are Risk of failure to perform the terms of a
failure to comply with
documented incorrectly or are contract on the part of the counterparty
regulatory or legal
not legally enforceable in the creating the need to replace the failed
requirements in the
relevant jurisdiction in which transaction with another at current market
relevant jurisdiction in
the contracts are to be enforced price which may result in a loss to the bank
which the bank operates
or where the counterparties equivalent to the difference between the
or changes in regulatory
operate. contract price and the current market price.
requirements.

Reputational risk Transfer risk

Settlement risk
Risk of losing business due to negative Risk of loss when a
Risk that one side of a
public opinion and consequential counterparty’s obligation is not
transaction will be settled
damage to the bank’s reputation arising denominated in counterparty’s
without value being
from failure to properly manage some home currency. The
received from the customer
of the above risks, or from involvement counterparty may be unable to
or counterparty which will
in improper or illegal activities by the obtain the currency of the
generally result in the loss to
bank or its senior management, such as obligation irrespective of the
the bank of the full principal
money laundering or attempts to cover counterparty’s particular
amount
up losses. financial condition
 Internal Control Considerations

▪ Balancing and Reconciliation Procedures. Carried out within a time-frame that allows the
detection of errors and discrepancies so that they can be investigated and corrected with
minimal loss to the bank as it deals with large volumes of transactions that can individually or
cumulatively involve large sums of money.
It can be carried out hourly, daily, weekly, or monthly, depending on the volume and nature of the
transaction, level of risk, and transactions settlement time-frame.
Purpose is to ensure the completeness of transaction processing across highly complex integrated
IT systems and the reconciliations themselves are normally automatically generated by these
systems.
▪ Control Procedures on Application of Specialized Accounting Rules. To ensure those rules are
applied in the preparation of appropriate financial information for management and external
reporting. Examples are those that result in the market revaluation of foreign exchange and
security purchase and sale commitments so as to ensure that all unrealized profits and losses are
recorded.
▪ Banks constantly develop new financial products and services, thereby, the auditor considers
whether the necessary revisions are made in accounting procedures and related internal controls.
▪ Ability to maintain control during the period of maximum volumes or maximum financial
exposure. End of day balances may reflect the volume of transactions processed through the
systems or of the maximum exposure to loss during the course of a business day. This is particularly
relevant in executing and processing foreign exchange and securities transactions.
▪ Verification of Amount and Terms. The majority of banking transactions must be recorded in a
certain level of detail capable of being verified both internally and by the bank’s customers and
counterparties.
▪ Continuous verification of foreign exchange trade tickets. Attained by having an employee not
involved in the transaction match the tickets to incoming confirmations from counterparties.

Controls Safeguarding Assets

▪ Passwords and joint access arrangements to limit IT and EFT system access to authorized
employees.
▪ Segregation of the record-keeping and custody functions (use of computer-generated transaction
confirmation reports available immediately and only to one in charge of record-keeping functions).
▪ Frequent third-party confirmation and reconciliation of asset positions by an independent
employee.

Assertions and Specific Audit Procedures on Bank’s Financial Statement Items

Due from Other Banks

Inter-bank confirmation procedures. Likely provides more cogent evidence than
Existence
tests of related internal controls.
Valuation Assess credit-worthiness of depository bank
Verify that balances represent bona fide commercial transactions and significant
Presentation
variation from normal or expected levels is not intended to give misleading
& Disclosure
information
 Money Market Instruments (MMI)
Consider physical inspection or confirmation with external custodians and
Existence
reconciliation of the related amounts with the accounting records.
Valuation Assess appropriateness of valuation techniques considering creditworthiness of issuer

Rights & Evaluate ownership of instruments held in bearer form and encumbrances considering
Obligations the feasibility of checking for receipt of the related income.

Test proper accrual of income earned, significant gains and losses from sales and
Measurement
revaluations; reasonableness of between types of securities owned and related income
Securities Held for Trading Purposes (Trading Account Securities)
Physical inspection of securities or confirmation with external custodians and the
Existence
reconciliation of the amounts with the accounting records.
Consider reperformance of valuation calculations and extents of tests of such
Valuation
controls
Specific audit procedures are the same for MMI’s Rights & Obligations and Measurement Assertion
Investments in Subsidiaries and Associated Entities
Assess valuation techniques and nature and extent of any impairment reviews
Valuation
management has carried out and whether results are reflected in the assets’ valuations.
Loans (All lines of credit extended to customers)
Adequacy of the recorded provision for loan losses: Sound Practices for Loan
Accounting and Disclosure by the Basel Committee provides guidance to banks and
Valuation banking supervisors on recognition and measurement of loans, establishment of loan
loss provisions, credit risk disclosure and related matters. Also, BSP has mandated
certain loan loss provision requirements accepted in the Philippines.
Disclosure Disclosure requirements concerning their loans and provisions for loan losses
Capital and Reserves
An item of monitoring by BSP. Small changes in capital or reserves may have a large effect on a
bank’s ability to continue operating, particularly if it is near to its permitted minimum capital ratios
which may cause greater pressures for management to engage in fraudulent financial reporting by
miscategorizing assets and liabilities or by describing them as being less risky than they actually are.

Presentation Bank’s capital, capital ratios, as per required, and restrictions on the distribution of
& Disclosure retained earnings, as provided by applicable regulations, must be disclosed
Interest Income and Interest Expense

Satisfactory procedures for proper accounting of accrued income and expenditure

at the year-end; adequacy of the related system of internal control; and analytical
procedures in assessing the reasonableness of the reported amounts [comparison of
Measurement
reported interest yields in percentage terms: to market rates; to BSP rates; to
advertised rates (by type of loan or deposit); and between portfolios.] Average rates in
effect are used in order to avoid distortions caused by changes in interest rates.
 Reasonableness of the policy applied and whether income recognition on non-
performing loans complies with the policy of the bank, requirements of generally
accepted accounting principles in the Philippines and the BSP must be considered.
Fee and Commission Income
Auditor considers using analytical procedures in assessing the reasonableness of the
Completeness
reported amounts in making sure that individual items have been recorded.
• Whether the income relates to the period covered by the financial statements and that
those amounts relating to future periods have been deferred.
• Whether the income is collectible (this is considered as part of the loan review audit
Measurement
procedures where the fee has been added to a loan balance outstanding).
• Whether the income is accounted for in accordance with generally accepted
accounting principles in the Philippines.
Provisions for Taxes on Income
The auditor becomes familiar with the taxation rules applicable to banks. The
auditor also considers whether any auditors on whose work it is intended to rely in
Measurement respect of the bank’s foreign operations are similarly familiar with the rules in their
jurisdiction. The auditor is aware of the taxation treaties between the various
jurisdictions in which the bank operates.
Related Party Transactions
The auditor becomes familiar with the applicable BSP requirements18 for lending to
related parties and performs procedures to identify the bank’s controls over related
Measurement
party lending, including approval of related party credit extensions and monitoring
of performance of related party loans.

The auditor considers reviewing transactions accounted for as sales transactions to

determine whether there are unrecorded recourse obligations involved.
Representations from management or others are often required to understand the
business purpose of a particular transaction. Such representations are evaluated in the
Valuation
light of apparent motives and other audit evidence. In order to obtain a complete
understanding of a transaction, certain circumstances may warrant a discussion with
the related party, their auditor, or other parties such as legal counsel, who are familiar
with the transaction. (PSA 580 “Management Representations”)

Fiduciary Activities
The auditor considers whether all the bank’s income from such activities has been
recorded and is fairly stated in the bank’s financial statements. The auditor also
Completeness
considers whether the bank has incurred any material undisclosed liability from a
breach of its fiduciary duties, including the safekeeping of assets.

The auditor considers whether generally accepted accounting principles in the

Presentation
Philippines require disclosure of the nature and extent of its fiduciary activities in the
& Disclosure
notes to its financial statements, and whether the required disclosures have been made.
 Questions

1. The following describes the characteristics that generally distinguish banks from other commercial
enterprises except

a. Banks generally derive a significant amount of their funding from short-term deposits (either insured
or uninsured). A loss of confidence by depositors in a bank’s solvency may quickly result in a
liquidity crisis.
b. They operate with very high leverage (that is, the ratio of capital to total assets is low), which
increases banks’ vulnerability to adverse economic events and increases the risk of failure.
c. They have assets that can rapidly change in value and whose value is often difficult to determine.
However, a relatively small decrease in asset values does not have a significant effect on their
capital and their regulatory solvency.
d. They have custody of large amounts of monetary items, including cash and negotiable instruments,
whose liquidity characteristics make banks vulnerable to misappropriation and fraud. Banks therefore
need to establish formal operating procedures, well-defined limits for individual discretion and
rigorous systems of internal control.

All the options provided are among the characteristics distinguishable for banks except C. It
incorrectly describes the potential effects of having a variation in its assets’ values. Indeed, banks
have assets that can rapidly change in value and whose value is often difficult to determine but it is
incorrect to say that it does not have a significant effect on their capital and their regulatory solvency.
In fact, its nature of operations reveals that with even such a relatively small decrease in asset values
can greatly impact its capital and regulatory solvency which can, in turn, affect its overall operation.

2. Given that a bank’s assets are often readily transferable, of high value and in a form that cannot be
safeguarded solely by physical procedures, banks must ensure that access to assets is permitted only in
accordance with management’s authorization through the following controls except

a. Passwords and joint access arrangements to limit IT and EFT system access to authorized employees.
b. Segregation of the record-keeping and custody functions (including the use of computer generated
transaction confirmation reports available immediately and only to the employee in charge of the
record-keeping functions).
c. Frequent third-party confirmation and reconciliation of asset positions by an independent employee.
d. Continuous verification of foreign exchange trade tickets by having an employee not involved
in the transaction match the tickets to incoming confirmations from counterparties
 D

Continuous verification of foreign exchange trade tickets by having an employee not involved
in the transaction match the tickets to incoming confirmations from counterparties is an example of
a control which ensures banking transactions are verifiable both internally and externally – by its
customers and counterparties. More specifically, individual transactions must be recorded and
maintained in a level of detail that allows verification on both the accuracy of amounts and terms.

3. Which of the following are factors an auditor gives attention to in developing an overall plan for the
audit of the financial statements of a bank?
I. Geographic spread of the bank’s operations and the co-ordination of work between
different audit teams
II. Contingent liabilities and off-balance sheet items
III. Complexity of the transactions undertaken by the bank and its documentation
IV. Extent of IT and other systems used by the bank

a. I, II, III and IV

b. I, II, and III only
c. I and III only
d. I, II, and IV only

All statements are considerations in overall plan of bank audits together with: (1) the extent to
which any core activities are provided by service organizations; (2) regulatory considerations; (3) the
expected assessments of inherent and control risks; (4) the work of internal auditing; (5) the
assessment of audit risk; (6) the assessment of materiality; (7) management’s representations; (8) the
involvement of other auditors; (9) the existence of related party transactions; and (10) going concern
considerations.

4. The Manual of Regulations for Banks (MORB) is issued by

a. Monetary Board of the Bangko Sentral

b. Board of Accountancy
c. Cooperative Development Authority
d. Commission on Audit

The Manual of Regulations for Banks (MORB) serves as the principal source of banking
regulations issued by the Monetary Board of the Bangko Sentral. It also covers adoption of
international standards and best practices, as well as amendments to existing policies. It is composed
of six sections, namely, (1) Organization, Management and Administration, (2) Deposit and
Borrowing Operations, (3) Loans, Investments and Special Credits, (4) Trust, Other Fiduciary
Business and Investment Management Activities, (5) Foreign Exchange Transactions and (6)
Treasury and Money Market Operations.
5. It is an item monitored by the Bangko Sentral ng Pilipinas (BSP) in which a small change can have a
large effect on a bank’s ability to continue its operation

a. Investments in Subsidiaries and Associated Entities

b. Capital and Reserves
c. Money Market Instruments (MMI)
d. Securities Held for Trading Purposes (Trading Account Securities)

Capital and Reserves is a crucial item of monitoring by BSP. Small changes in capital or reserves
may have a large effect on a bank’s ability to continue operating, particularly if it is near to its
permitted minimum capital ratios which may cause greater pressures for management to engage in
fraudulent financial reporting by miscategorizing assets and liabilities or by describing them as being
less risky than they actually are.