1. The document discusses guidelines from the Basel Committee on Banking Supervision regarding expectations for external audits of banks.
2. It aims to improve audit quality and enhance banking supervision by outlining 16 principles for effective audits. These principles cover expectations for external auditors, audit committees, and the relationship between auditors and supervisors.
3. Implementing the guidelines is expected to strengthen bank audits and prudential supervision, contributing to overall financial stability. The document replaces and enhances previous Basel Committee guidance on these topics.
1. P a g e | 1
Basel iii Compliance ProfessionalsAssociation (BiiiCPA)
1200G Street NW Suite 800Washington, DC 20005-6705USA Tel:
202-449-9750Web: www.basel-iii-association.com
Dear Member,
TodayI willstart withthejobdescriptionthat
mademy day: BaselII/ III and SolvencyII
risk specialist, Mandarin Speaking!!!
Basel III Risk Specialist - Mandarin Speaking Leading Global
Investment Bank, London
ALeading Global Investment Bank isExpanding the Regulatory Risk
Functionwiththe hire of a Basel III Risk Specialist for their London
Group.
- Basel III RegulatoryRisk Specialist
- LeadingGlobal Investment Bank
- Mandarin Speaking
- London, UK
- 50,000+ Excellent Bonus Benefits
Asakeymember oftheriskgroup you will becommunicatingextensively
with senior management on a global scaleincludingdirect contact with
seniormanagement in Hong Kong and Shanghai and will therefore
requireMandarinspeakingskillsat business level proficiency.
An expert in regulatoryframeworks,you will have practical
understandingof Basel II/ III and knowledgeof SolvencyII ICAAP is
alsohighly preferred.
Basel iii ComplianceProfessionalsAssociation (BiiiCPA)
www.basel-iii-association.com
2. P a g e | 2
This is a mid-level position withinthe group and will requirea minimum
of 3 years industry experiencewithin theLondon and/ or International
Financial Markets.
It is never toolate tolearnMandarin. Is lookseasy!
Amazingjobdescription…
Just one slight problem withthisjob description:You cannot have
knowledgeof SolvencyII ICAAP … simplybecausethere isnothing like
a Solvency II ICAAP… perhapstheymean SolvencyII ORSA(OwnRisk
andSolvencyAssessment, thePillar 2 document).
It remindsme another job description, where theyrequired 5+ years of
Basel III experience. Provided that BaselIII wasendorsed at theend of
2010,theycould hire someoneafter 2015…
Another development:
Auditors… it is your turn tosuffer the consequencesof the crisis…
Accordingtothe BIS, The recent financial crisisnot onlyrevealed
weaknessesin risk management, control and governanceprocessesat
banks,but alsohighlightedthe need toimprove thequalityof external
auditsof banks.
Basel iii ComplianceProfessionalsAssociation (BiiiCPA)
www.basel-iii-association.com
3. P a g e | 3
Giventhecentralrolebanksplayincontributingtofinancial stability, and
thereforethe need for market confidencein the qualityof external audits
of banks' financial statements,the BaselCommitteeisissuingfor
consultationthis guidanceon external auditsof banks.
This document describes,through sixteen principlesand explanatory
guidance,supervisoryexpectationsregarding audit qualityand how that
relatestotheexternal auditor's work in a
bank.
External auditsof banks
Therecent financial crisisnot only revealed
weaknessesin risk management, control
and governance processesat banks, but also
highlighted theneed to improvethequality
of external auditsof banks.
Given the central role banksplayin
contributingtofinancial stability, and
thereforethe need for market confidencein
thequalityof external auditsof banks'
financial statements,the BaselCommittee
is issuingfor consultationthis guidanceon
external auditsof banks.
This document describes,through sixteen principlesand explanatory
guidance,supervisoryexpectationsregarding audit qualityand how that
relatestotheexternal auditor's work in a bank.
Implementation of the principlesand the explanatoryguidanceis
expectedto improve thequalityof bank auditsand enhancethe
effectivenessof prudential supervisionwhichis an important element of
financial stability.
This document setsout supervisoryexpectationsof how:
Basel iii ComplianceProfessionalsAssociation (BiiiCPA)
www.basel-iii-association.com
4. P a g e | 4
- externalauditorscandischargetheirresponsibilitiesmoreeffectively;
- audit committeescan contribute toaudit qualityin their oversight of
theexternal audit;
- an effectiverelationship betweenthe external auditor and the
supervisor, whichallowsgreater mutual understandingabout the
respectiverolesand responsibilitiesof supervisorsand external
auditors, can lead toregular communication of mutually useful
information;and
- regular and effective dialogue between the banking supervisory
authorities and relevant audit oversight bodies can enhance the
qualityof bank audits.
This document enhancesand supersedestheCommittee'sguidanceThe
relationship betweenbanking supervisorsand bank's external auditors
(2002) and External audit qualityand banking supervision (2008).
In addition tothe proposedguidance, theCommitteeispublishinga
lettertothe InternationalAuditing andAssurance StandardsBoard
(IAASB) on areaswhereit believesInternational StandardsonAuditing
could be enhanced.
Serving asan observer on the Basel Committeegroup that developed the
revisedguidance,theIAASBprovided helpful and meaningful input to
thiseffort.
Commentson the proposalsshouldbe submittedby Friday 21June2013
bye-mail to: baselcommittee@bis.org.
Alternatively, commentsmay be sent bypost to: Secretariat of the Basel
Committeeon BankingSupervision, Bank for International
Settlements,CH-4002Basel, Switzerland.
Basel iii ComplianceProfessionalsAssociation (BiiiCPA)
www.basel-iii-association.com
5. P a g e | 5
All commentsmay bepublishedon thewebsiteof the Bank for
International Settlementsunlessa comment contributor specifically
requestsconfidential treatment.
External auditsof banks
1. Executive summary
1.Therecent financial crisisnot onlyrevealed weaknessesin risk
management, control and governanceprocessesat banks, but also
highlighted theneed to improve thequalityof external auditsof banks.
Giventhecentralrolebanksplayincontributingtofinancialstability, and
thereforethe need for market confidencein thequalityof external audits
of banks‟financial statements,the BaselCommitteeon Banking
Supervision (theCommittee) is issuingthis document on external audits
of banks.
It forms part of theCommittee‟scommitment to help improve audit
qualityat banks.
Thisdocument enhancesand replacesTherelationship betweenbanking
supervisorsand banks‟external auditors(January2002) and External
audit qualityand banking supervision (December 2008).
2.Implementationof the 16principlesand observation of theexplanatory
guidancein thisdocument are expectedtoimprove the qualityof bank
auditsand enhancetheeffectivenessof prudential supervision, whichwill
then contributetofinancial stability.
Throughtheseprinciplesand explanatoryguidance, the document
describessupervisoryexpectationsregardingaudit qualityand how that
relatestotheexternal auditor‟sworkin a bank.
This document specificallysetsout supervisoryexpectationsof how:
Basel iii ComplianceProfessionalsAssociation (BiiiCPA)
www.basel-iii-association.com
6. P a g e | 6
(a)external auditorscan discharge their responsibilitiesmore effectively;
(b)audit committeescan contribute toaudit qualityin their oversight of
theexternal audit;
(c)an effectiverelationshipbetweenthe external auditor and the
supervisor,whichallowsgreater mutual understandingabout the
respectiverolesand responsibilitiesof supervisorsand external
auditors,can lead toregular communication of mutuallyuseful
information;and
(d)regular and effective dialogue between the banking supervisory
authorities and the relevant audit oversight bodies can enhance the
qualityof bank audits.
3. Thedocument alsonotestheCommittee‟scontinued commitment to
workthrough international bodies toenhanceaudit quality.
2. Introduction, application, structure and the Committee‟s
international engagement
Introduction
4.Thebankingsectorisuniqueamongsectorsof theeconomy becauseit
plays a central role in contributing to thefinancial stabilityof and the
provision of financial resourcesto the economy.
This sector includesmajor global banksthat are systemicallyimportant
banks(SIBs), the failure of one or moreof whichcould triggera global
financial crisis.
In addition, bankshavea uniqueoperatingmodel.
5.Supervisorsare primarilyconcerned withmaintainingthestability of
thebanking system and fostering thesafetyand soundnessof individual
Basel iii ComplianceProfessionalsAssociation (BiiiCPA)
www.basel-iii-association.com
7. P a g e | 7
banksin order tomaintain market confidenceand protect theinterestsof
depositors.
Consequently, toenhancethe effectivenessof supervision, supervisors
havea keen interest in the qualitywithwhichexternal auditorsperform
bank audits.
Buildingeffectiverelationshipswith external auditorscan alsoenhance
bankingsupervision.
6.An external auditor plansand performs the audit of a bank‟sfinancial
statementstoobtain reasonableassuranceabout whetherthefinancial
statementsasa wholeare free from material misstatements,whetherdue
tofraud or error, and are prepared, in all material respects,in accordance
with an applicablefinancial reportingframework.
In many ways, thesupervisor and the external auditor have
complementaryconcernsregarding thesamematters.
For example, theaudit of financial statementsmay help identify
weaknessesin internal controlsrelatingtofinancial reportingat a bank
whichmay, therefore,inform supervisoryeffortsin this area and
contributeto a safeand sound bankingsystem.
7.Although the focusof thisdocument ison the qualityof the audit
performed by the external auditor, an audit in accordancewith
internationallyaccepted auditing standardsis conducted on thepremise
that the management and, whereappropriate, those chargedwith
governancehave acknowledgedcertain responsibilitiesthat are
fundamental to the conduct of the audit.
Theaudit of the financial statementsdoesnot relieve management or
thosechargedwithgovernanceof their responsibilities.
8.TheBasel Committee on Banking Supervision‟sCore Principlesfor
EffectiveBanking Supervision (September 2012,Core Principles)provide
Basel iii ComplianceProfessionalsAssociation (BiiiCPA)
www.basel-iii-association.com
8. P a g e | 8
a framework of minimum standardsfor sound supervisorypracticesand
are considereduniversallyapplicable.
Core Principle27 focuseson prudential regulationsand requirementsfor
banksin relation to financial reportingand external audits.
This guidanceset out in this document is consistent with Core Principle
27.
9.Theapplicationand thestructure of each section in this document are
describedbelow,followedby an outlineof the keyinternational
relationshipsbetweenthe Committeeand other groupsrelevant to
external auditing.
Application
10.This document appliesto the followingentitiessubject toa statutory
audit:
- all banks, includingthosewithin a bankinggroup;
- holdingcompanies whosesubsidiariesarepredominantlybanks;and
- holding companiessubject toprudential supervision whose
subsidiariesare predominantlybanks.
All of thesestructuresarereferredtoasbanksorbankingorganisationsin
thisdocument.
11.Theimplementation of the principlesset forth in this document
should be proportionateto thesize, complexity, structure, economic
significanceand riskprofile of the bank and thegroup (if any) towhichit
belongs.
TheCommitteerecognisesthat some countrieshavefound it appropriate
toadopt legal frameworksand standards(eg for listedfirms), aswell as
Basel iii ComplianceProfessionalsAssociation (BiiiCPA)
www.basel-iii-association.com
9. P a g e | 9
accountingand auditingstandards, whichmay be more extensiveand
prescriptivethantheprinciplesandexplanatoryguidancesetforthherein.
Such frameworksand standardstend tobe particularlyrelevant for larger
or publicly traded banks or financial institutions.
12.This document hasbeen preparedwiththefull awarenessthat
significant differencesexist in national institutional, legislativeand
regulatoryframeworksamongst jurisdictions,including accountingand
auditingstandards,supervisorytechniquesand institutional corporate
governancestructures.
Supervisorsshouldclearlycommunicatetherecommendationscontained
herein tothebanks theysuperviseand their respectiveexternal
auditors,andarticulatethemeasuresbanksandexternalauditorsshould
undertaketomeet thesebest practices,wherepossible.
13.Theprinciplesset out in thisdocument should be applied in
accordancewiththenational legislationand corporate governance
structuresapplicablein each country.
14.Thefollowingtermsareused in thisdocument, withthe meanings
specified:
- Financial statement audit –An audit of a bank‟sfinancial statements
byan external auditor in accordancewithinternationallyaccepted
auditingstandards.
- Statutoryaudit –An audit carried out tocomply withthe
requirementsof particular legislationor regulations.
In some jurisdictions,thismay includeonlythe financial statement
audit.
In other jurisdictions,thismay alsoincludeextended reportingby
external auditorson matterssuch asinternal controlsand regulatory
returns.
Basel iii ComplianceProfessionalsAssociation (BiiiCPA)
www.basel-iii-association.com
10. P a g e | 10
- External auditor – The audit firm and theindividual audit
engagement team members.
Whererelevant, specific referencesaremadetothe audit firm or the
individual audit engagement team members in certainparagraphs.
- Bankingsupervisoryauthority – The body responsiblefor promoting
thesafety and soundnessof banks and thebanking system in a
particular jurisdiction, includingthe personswhoare involved with
supervisorypolicy setting and policyissues,includingpolicies
regardingaccountingand auditing.
- Supervisor– The group of supervisorypersonnel at a banking
supervisoryauthoritywhoaredirectlyinvolved withthe
supervision/ examinationof a specific institution.
- Board and senior management – The governance structure at a bank
composed of a board and senior management.
TheCommittee recognisesthat there aresignificant differencesin
thelegislativeand regulatory frameworksacrosscountriesregarding
thesefunctions.
Somecountries usea two-tier structure, wherethe supervisory
functionof the board is performed by a separateentityknownasa
supervisoryboard, whichhasnoexecutivefunctions.
Other countries, bycontrast, use a one-tier structure in whichthe
boardhasa broader role.
Still other countrieshavemoved or are moving to an approachthat
discouragesor prohibitsexecutivesfrom serving on the board or
limitstheir number and/ orrequires theboard and board committees
tobe chairedonlyby non-executiveboard members.
Given thesedifferences, this document doesnot advocatea specific
boardstructure.
Theterms“board” and “seniormanagement” are onlyused asa way
torefer tothe oversight function and themanagement functionin
Basel iii ComplianceProfessionalsAssociation (BiiiCPA)
www.basel-iii-association.com
11. P a g e | 11
general and should be interpretedthroughout thedocument in
accordancewiththeapplicablelaw withineach jurisdiction.
- Audit committee – A specialised committee established by the
board, the mandate, scope and working procedures for which are set
out in a charter or other instrument.
As stated in theBCBS paper on Principlesfor enhancingcorporate
governance(October 2010), to increaseefficiencyand allowdeeper
focus in specificareas, boardsin manyjurisdictionsestablishcertain
specialisedboard committees– theaudit committeebeingone of
them.
Thepaper further recommendsthat, for largeand internationally
activebanks, an audit committeeor equivalent shouldbe required.
It alsooutlinesthe overall responsibilitiesof the audit committee.
- Thosecharged withgovernance – Theperson(s) or organisation(s)
with responsibility for overseeingthe strategic direction of theentity
and obligationsrelatedto the accountabilityof the entityasdefined
byinternationallyaccepted auditingstandards.
Such person(s) or organisation(s)is (are) typically the board of
directors.
Wherethe board of directorsestablishesan audit committeein a
bank to assist it in meetingitsresponsibilitiesby chargingthe audit
committeewithspecific tasksand responsibilities,in such
circumstancestheaudit committeecan be viewedastaking on the
roleof thosecharged withgovernance in relationto thosespecific
tasksand responsibilities.
Structure
The external auditor and audit quality
15.Audit qualityincludesdeliveringan appropriate, independent
professional opinionon thefinancial statements,in compliancewith
internationallyaccepted auditing standards.
Basel iii ComplianceProfessionalsAssociation (BiiiCPA)
www.basel-iii-association.com
12. P a g e | 12
Internationally accepted auditing standards require the external auditor
to possess and demonstrate certain attributes while applying a rigorous
audit process.
16.Given that internationallyacceptedauditing standards are applicableto
all entities,Section4of thisdocument builds uponthesestandardsand
laysout thesupervisoryexpectationsof theexternal auditorregardingthe
audit of a bank.
Moreover, Section 4 highlightsthekey areaswheresignificant risks of
material misstatement in banks‟financial statementsoften arise, which
thereforerequire theauditor‟sparticular attentionfor a qualityaudit.
Engagement between the external auditor and the audit
committee
17.Regular and effectiveengagement and communication betweenthe
external auditor and the audit committeecontributeto audit quality.
18.Amongst itsother responsibilities, theaudit committeeisresponsible
for overseeingthebank‟sexternal auditor.
Asoundlyconstitutedaudit committeecanplayakeyrolein contributing
toaudit quality.
Section 5 discussesthe audit committee‟sresponsibilitiesin relationto
theoversight of, and its relationshipwith, the external auditor.
Engagement between the supervisor and the external auditor
19.Effectivecommunication betweenthesupervisor and theexternal
auditorenhancestheeffectivenessof supervision of the bankingsector.
This relationshipwill then alsocontributeto audit quality.
Basel iii ComplianceProfessionalsAssociation (BiiiCPA)
www.basel-iii-association.com
13. P a g e | 13
20.Thesupervisor and the external auditor have a mutual interestin
buildingand maintainingan effectiverelationship, which fostersregular
communicationof useful information.
Section 6providesprinciplesand explanatoryguidancefor facilitatingan
effectiverelationshipbetweenthe supervisor and theexternal auditor at
thelevelsof thesupervisedbank, the audit firm and theaccounting
professionasa whole.
Engagement between thebanking supervisory authority and the
audit oversight body
21.Thebanking supervisoryauthority and therelevant audit oversight
body sharea strongmutual interest in ensuringqualityindependent
audits.
Regularand effectivedialoguebetweenthebankingsupervisoryauthority
andthe audit oversight body at a national level can assist in identifying
anddealing withkey issuesin relationtotheconduct of bank audits.
Section 7setsout the principlesfor facilitatingeffectivecommunication
betweenthesebodies.
22.Supervisorsare in a uniquepositiontoidentify audit qualityissuesat
both theindustry and individual audit level.
Regular and effectiveengagement betweenthe supervisorand the
relevant audit oversight bodymay enablethesupervisortoprovide timely
feedbackon such issues.
Additionally, thesupervisormay, if necessary, takeaction toaddress
issuesraised by the audit oversight body.
Basel iii ComplianceProfessionalsAssociation (BiiiCPA)
www.basel-iii-association.com
14. P a g e | 14
TheCommittee‟s international engagement on external
auditing
23.Approachesfor dealingwithsupervisoryconcernsabout thequalityof
theaudit of an individual bank may differacrossjurisdictions,but all
approachesshould be designed to contribute toenhancingaudit quality.
In its effort to promote audit quality, the Committee engages in regular
dialogue and discussion with the relevant international stakeholders on
external audit matters.
Thesestakeholdersinclude, but arenot limitedto, the following:
- theFinancial StabilityBoard (FSB), whoseobjectivesincludethe
enhancement of theeffectivenessof banking supervision;
- theMonitoringGroup, which is responsiblefor advancingthepublic
interest in areasrelatedtointernational audit quality;
- thePublic Interest Oversight Board (PIOB), which is responsiblefor
improvingthe qualityand public interest focusof the international
standardsformulated bystandard-settingboardsoperatingunder the
auspicesof the International FederationofAccountants(IFAC) in the
areasof audit and assurance, educationand ethics,including
oversight of the public interestactivitiesof three of the IFAC‟s
independent standard-setting boardsand their respectiveconsultative
advisorygroups;
- theconsultativeadvisorygroupsof the InternationalAuditing and
Assurance StandardsBoard (IAASB) and the International Ethics
StandardsBoard forAccountants(IESBA), whichare responsiblefor
developing international auditingand ethicsstandards respectively;
- theInternational Forum of Independent Audit Regulators
(IFIAR), whichis responsiblefor improving audit quality
globally, includingthrough independent inspectionsof auditors
and/ or audit firms; and
Basel iii ComplianceProfessionalsAssociation (BiiiCPA)
www.basel-iii-association.com
15. P a g e | 15
- theGlobal Public Policy Committee(GPPC), which iscomprised of
representativesfrom thesix largest international accounting
networksand focuseson public policyissuesfor the accounting
profession.
24. The objectiveof thisdialogueis toenablethe Committeeand the
relevant international stakeholderstoidentify and discussrelevant issues
andtopics on a timelybasis sothat supervisors, external auditorsand
audit oversight bodiescan take appropriate action.
As such, thesediscussionsshould addressnot only current issuesand
topics, but alsoemergingareasand trendsthat raise concern.
3.Overview of the principles
- Principle1: The external auditor of a bank should have banking
industryknowledgeand competencesufficient to respond
appropriatelytotherisksof material misstatement in thebank‟s
financial statementsand toproperlymeet any additional regulatory
requirementsthat may be part of the statutoryaudit.
- Principle2: The external auditor of a bank should be objectiveand
independent in fact and appearancewithrespect tothe
bank, consistent withthemore stringent requirementsapplicableto
public interest entitiesin internationallyaccepted ethical standards.
- Principle3: The external auditor should exerciseprofessional
scepticism whenplanningand performingthe audit of a
bank, having due regard tothe specific challengesin auditing a
bank.
- Principle4:Audit firms undertakingbank auditsshould complywith
themore stringent requirementson qualitycontrol applicableto listed
entitiesin internationallyacceptedqualitycontrol standards,having
due regard tothe complexityof abank audit.
Basel iii ComplianceProfessionalsAssociation (BiiiCPA)
www.basel-iii-association.com
16. P a g e | 16
- Principle5: Theexternal auditorof a bank shouldidentify and assess
therisksof material misstatement in thebank‟sfinancial
statements,takingintoconsideration the complexitiesof banking
activitiesand the need for bankstohave a strong control
environment.
- Principle6: The external auditor of a bank should respond
appropriatelytothe significant risks of material misstatement in the
bank‟sfinancial statements.
- Principle7: The audit committeeshould have a robustprocessfor
approving, or recommendingfor approval, the
appointment, reappointment, removal and remunerationof the
external auditor.
- Principle8: The audit committeeshould monitor and assessthe
independenceof theexternal auditor.
- Principle9: The audit committeeshould monitor and assessthe
effectivenessof theexternal audit.
- Principle10: The audit committeeshould have effective
communicationwiththeexternal auditor toenablethe audit
committeeto carryout itsoversight responsibilitiesand toenhance
thequalityof the audit.
- Principle 11: The audit committee should require the external auditor
to report to it on all relevant mattersto enable the audit committee to
carryout itsoversight responsibilities.
- Principle12: The supervisorand theexternal auditor should havean
effectiverelationshipthat includesappropriatecommunication
channelsfor the exchangeof information relevant tocarrying out
their respectivestatutoryresponsibilities.
- Principle13: The external auditor shouldreport tothe supervisor
mattersthat arelikelyto beof material significancetothe functions
of the supervisor.Basel iii ComplianceProfessionalsAssociation (BiiiCPA)
www.basel-iii-association.com
17. P a g e | 17
- Principle14: There should be open, timely and regular
communicationbetweenthebankingsupervisoryauthority, theaudit
firm and the accountingprofession asa wholeon keyrisksand
systemic issuesaswell asa continuousexchangeof viewson
appropriateaccountingtechniquesand auditingissues.
- Principle15: There should be regular and effectivedialoguebetween
thebanking supervisoryauthorityand therelevant audit oversight
body.
- Principle16: The banking supervisoryauthorityand the audit
oversight body should observe appropriateconfidentiality
requirementswhensharinginformation.
4. Supervisory expectationsrelevant to the external auditor and
the external audit of financial statements
25.External auditsof financial statementsperformed in accordancewith
internationallyaccepted auditingstandards enhancetheconfidenceof all
users,includingsupervisors,in the reliability of the auditedfinancial
statementsand thequalityof the information provided.
26.Auditsof banks should be performed in accordancewith
internationallyaccepted auditing standards.
As these standardsare not industry-specific, for a qualityaudit
supervisorsexpect external auditorsnot onlyto complywith
internationallyaccepted auditing standardsbut alsoto tailor their audit
workin response to thesignificant risksand issuesapplicableto banks.
27.External auditorsarerequired tocomplywithapplicablejurisdictional
and, whererelevant, internationallyaccepted ethical standards.
Basel iii ComplianceProfessionalsAssociation (BiiiCPA)
www.basel-iii-association.com
18. P a g e | 18
However,given thecomplexityand systemic risksassociatedwith
banks,theexternal auditorof a bank should followthe most stringent
rulesfor independenceunder thesestandards.
Similarly, theexternal auditor of a bank should alsofollowthemost
stringent standardson qualitycontrol at theengagement level.
28.PartAof this section describesthesupervisor‟sexpectationsasa user
ofthebank‟sfinancialstatements,specificallywithrespecttotheexternal
auditor‟sknowledge, competence, objectivity, independence,professional
scepticismand qualitycontrol over the bank‟saudit.
Part B identifies areaswheresupervisorsbelieve there isoften a
significant risk of material misstatement in a bank‟sfinancial statements
and factorstowhichthesupervisor expectstheexternal auditor topay
attentionwhenauditingthoseareas.
29.While theprimaryfocusin thissection is on the financial statement
audit, particularlyin Principles5 and 6, the external auditor may identify
mattersin thecourseof the audit that areof interest tothesupervisor and
thereforeshould be consideredfor communicationto the supervisor.
Examplesof such mattershavebeen includedin Section 6.
30.In some jurisdictions,aspart of thestatutory audit, the external
auditormay alsoundertakeadditional work to provideassuranceon
internalcontrolsor other aspectsof a bank‟soperations.
Theprinciplesset out in this section providea relevant referencefor the
performanceof suchadditional work.
31.Theprinciplesand explanatoryguidanceset out in thissection
providea frameworkfor the supervisor‟sinteractionswiththeexternal
auditor,the audit committeeand the relevant audit oversight body.
Theoutcome of theseinteractionswill inform thesupervisor‟sviewsasto
thequalityof theexternalaudit andcontributetothesupervisoryprocess.
Basel iii ComplianceProfessionalsAssociation (BiiiCPA)
www.basel-iii-association.com
19. P a g e | 19
Theseprinciplesand explanatoryguidancealsoprovide a frameworkto
assist theaudit committeein selectingthe external auditor and in
assessingthe external auditor‟sknowledge, competence, objectivityand
independenceaswell asthe effectivenessof theaudit process.
A. The supervisor‟s expectationsof the external auditor of a
bank
Knowledge and competence
Principle1: Theexternal auditorof abank should havebankingindustry
knowledgeand competence sufficient torespond appropriately tothe
risksof material misstatement in thebank‟sfinancial statementsand to
properlymeet anyadditional regulatoryrequirementsthat maybepart of
thestatutory audit.
32.Given thecomplexityand diversity of banking activities,and the legal
and regulatory framework in whichbanks operate, the external auditor of
a bank should havespecialised knowledgeand competencein auditing
banksand should use expertsasappropriate.
Knowledge
33.Theresourcesrequired toperform theaudit should be suchthat the
audit engagement team, asa whole, has:
- proficient knowledgeand understandingof, and practicalexperience
with, the banking sector, associated banking industry and bank -
specific risks,and the operationsand activitiesof banksand bank
audits.
Theaudit engagement team may acquire thisproficiencythrough
specific training, participation in bank auditsor workin the banking
sector;
Basel iii ComplianceProfessionalsAssociation (BiiiCPA)
www.basel-iii-association.com
20. P a g e | 20
- proficient knowledgeof applicableaccounting, assuranceand ethical
standards, industrypractice and relevant guidancesuch as
InternationalAuditing Practice Note (IAPN) 1000;
- proficient knowledge of relevant regulatory requirements in the areas
of capital and liquidity, and a general understanding of the legal and
regulatoryframework applicableto banks;and
- proficient knowledgeand understandingof IT relevant to bank
audits.
34.In addition, theexternal auditor should consider whethertheaudit
engagement team should includespecialistswitha high degree of
technicalaccountingknowledgerelevant to banking, particularlygiven
thecomplexityof the requirementsof theapplicablefinancial reporting
frameworkpertainingto accountingestimates,includingloan loss
provisions,fair valuemeasurements,andanyareasknowntobesubjectto
differinginterpretationor inconsistent or developing practices.
Competence
35.Audit firms should have documented policies and procedures that set
minimum competencycriteria for members of a bank‟saudit engagement
team.
36.Supervisorsmay havethe abilitytoinfluencethecompetency
requirementsfor external auditors.
Whereregulationsandstandardsin particularjurisdictionsdonot include
specific competencyrequirementsfor banks‟external auditors,the
supervisormay encourage professional and regulatorybodies to introduce
requirementsregardingtrainingin, and experiencewith, bank auditing
and accountingsothat the audit engagement teamsfor bank auditsare
comprised of sufficientlycompetent staff.
37.Competenceis particularlyimportant in underpinning anexternal
auditor‟sabilityto exerciseprofessional judgment and carry out key
Basel iii ComplianceProfessionalsAssociation (BiiiCPA)
www.basel-iii-association.com
21. P a g e | 21
aspectsof theaudit, such asidentifying and assessingthe risksof
material misstatement and designingand implementingappropriate
responsestothose risks.
Use of experts
38.In someinstances,suchastheauditingofcertaincomplexaccounting
estimates,more specialised knowledgemay berequired to support the
audit engagement team,egadditionalexpertisebeyond thatpossessedby
theaudit engagement team‟smembersinafieldotherthanaccountingor
auditing.
Examplesof such areasare valuation of complex financial
instruments,commercial propertyvaluationsand evaluation of highly
complex IT environments,particularlyin areassubject to significant risks
of material misstatement.
39.Internationallyacceptedauditingstandardsset out requirementsfor
thenature, timingand extent of audit procedureswhichthe external
auditorshould perform to assessthecompetence, capabilitiesand
objectivityof the expertsthe external auditor may use.
Theseare important factorsin consideringthe reliabilityof the
information or resultsproducedby the expert.
Objectivity and independence
Principle2:Theexternal auditor of abank should beobjective and
independent in fact and appearance withrespect to thebank, consistent
withthemorestringent requirementsapplicabletopublic interestentities
in internationallyaccepted ethical standards
Basel iii ComplianceProfessionalsAssociation (BiiiCPA)
www.basel-iii-association.com
22. P a g e | 22
Objectivity
40.Objectivityis a fundamental ethical principleand a key element of
audit quality. It requires that the external auditor‟sjudgment is not
affected by conflictsof interest.
As objectivityis a state of mind that in most casescannot bedirectly
observed by usersof financial statements, it is important for theexternal
auditortobe independent in both fact and appearance.
Independence
41.Independence is freedom from situations and relationshipsin which a
reasonably informed third party would conclude that an external auditor‟s
objectivityisimpaired.
Jurisdictional and internationallyaccepted auditingstandardsand
internationallyaccepted ethicalstandardslayout frameworksfor external
auditorsto identify and respond tothreatsto independence.
42.Theexternal auditor of a bank must complywiththe applicable
jurisdictionaland internationallyaccepted ethical standards.
Furthermore, the Committeebelievesthat the external auditor of a bank
should complywith themore stringent independencestandards for
public interestentities.
Tothe extent that any of theruleswithinany one of thesestandardson
ethics ismore restrictivethan thecorrespondingrule in theother
standardson ethics,theexternal auditormust complywiththemore
restrictiverule.
43.Independenceshould be observed not only in thecontext of thebank
that isbeing auditedbut alsowith respect to thebank‟srelated entities.
Basel iii ComplianceProfessionalsAssociation (BiiiCPA)
www.basel-iii-association.com
23. P a g e | 23
44.External auditorsof a bank should complywithapplicable
jurisdictional requirementson the rotationof members of theaudit
engagement team.
45.Theaudit engagement team members,the audit firm and, when
applicable, networkaudit firmsshould complywiththeindependence
requirementsof both thehome jurisdictionand the overseasregulatory
authority(in the casewherethe bank is ultimatelyregulatedby an
overseasauthority).
46.When assessingwhetheranyrelationshipor circumstanceposesa
threat toan externalauditor‟sindependence,theexternal auditor should
evaluatenot justthe specific ruleson independence,but alsothe
substanceof the threat toindependence, and how a reasonablyinformed
third partywouldperceive the threat and its effect on the external
auditor‟sobjectivity.
Theprovision of significant non-audit servicesby theaudit firm
and, when applicable, networkaudit firmsto thebank beingaudited
mayparticularlyaffect a third party‟sperception of the external
auditor‟sindependence.
Such situationsshould be carefullyevaluatedfor threatstothe external
auditor‟sobjectivityand perceived independence.
47.Thesupervisor expectsthe external auditor toconsider actively
potential threatsto the auditor‟sindependence,specificallythe threat of
self-review, whendiscussingaccountingmatterswiththe management.
For example, complex transactionsmay be structured to achievea
particular accountingtreatment and/ or regulatory outcome.
When anexternal auditor discusseswithor providesadvice to
management on such matters, theexternal auditor must exercisecareso
asnot to take on a management role or responsibility.
Basel iii ComplianceProfessionalsAssociation (BiiiCPA)
www.basel-iii-association.com
24. P a g e | 24
Professional scepticism
Principle 3: The external auditor should exerciseprofessional scepticism
when planning and performing the audit of a bank, having due regard to
thespecific challengesin auditing abank.
48.Professional scepticism is definedas“an attitudethat includesa
questioningmind, beingalert toconditionswhichmay indicate possible
misstatementduetoerrororfraud, andacriticalassessment ofevidence”.
Professional scepticismshould manifest itselfnot onlythrough the
auditorobtaining corroboratingevidencefor management‟s
assertions,but alsochallengingmanagement‟sassertions, actively
consideringwhetherthere are alternativeaccountingtreatmentsthat are
preferable to thoseselectedby management, and documenting the
approach, theevidenceobtained, the rationaleapplied and the
conclusionsreached.
Throughout the audit, the auditor should “adopt a questioningapproach
whenconsideringinformationand forming conclusions”.
49.Exercisingappropriate professional scepticismiscriticallyimportant
in auditsof banksbecauseof thenumber and significanceof accounting
estimatesand the potential for limitedobjectiveevidencesupporting
thoseestimates.
Professional scepticismis particularlyimportant whenauditing areas
that:
(a)involvesignificant management estimatesand judgmentsbecause
theseare more prone to management bias;
(b) involve significant non-recurringor unusual transactions;or
(c)are more susceptibleto fraud and errorsbeing perpetuated due to
weakinternal controls.
Basel iii ComplianceProfessionalsAssociation (BiiiCPA)
www.basel-iii-association.com
25. P a g e | 25
50.Specific areaswhereprofessional scepticism should be exercised bythe
external auditorof a bank includeimpairment calculations,fair value
measurementsand goingconcern assessments,includingassessmentsof
solvencyand liquidity.
Otherexamplesmayincludecomplextransactionsstructuredtoachievea
particular accountingtreatment and/ or regulatory outcome by the
management wherethe audit engagement partner hasor ought tohave
reasonabledoubt that the proposedaccountingtreatment and/ or
regulatoryoutcome isconsistent withtherelevant financial reporting
frameworkor regulatory requirements.
In thiscontext, theexternal auditor should actively challenge
management‟sassumptionsand judgmentsand form independent views.
This includeschallengingevidenceobtained from management that
corroboratesmanagement‟sview.
51.Where a bank consistentlyutilisesvaluationsthat are at thehigh or low
end of a rangeof acceptablevaluationsor whenthere areother indications
of possiblemanagement bias, theexternal auditor should considerthisin
theoverall risk assessment of thebank and should inform thosecharged
with governance, where appropriate.
52.Theevidenceoftheextent ofprofessionalscepticismexercisedshould
bedemonstrable and understandablethroughaudit documentation that
describeshow,whyand what conclusionswerereached by theexternal
auditor.
In thisregard, internationallyacceptedauditingstandardsestablish
minimum requirementsfor audit documentation.
Quality control
Principle4:Audit firms undertaking bank auditsshould complywiththe
morestringent requirementsonqualitycontrol applicableto listed
Basel iii ComplianceProfessionalsAssociation (BiiiCPA)
www.basel-iii-association.com
26. P a g e | 26
entitiesin internationallyaccepted qualitycontrol standards, having due
regard to thecomplexityof abank audit.
53.Audit firms must complywith the applicablejurisdictional and
internationallyaccepted standardson qualitycontrol.
Furthermore, the Committeebelievesthat the external auditor of a bank
should complywith themore stringent requirementson qualitycontrol
applicabletolistedentitiesin internationallyaccepted qualitycontrol
standards.
Tothe extent that any of theruleswithinany one of thesequalitycontrol
standardsismorerestrictivethanacorrespondingrulein theotherquality
control standards, theexternal auditor must comply withthe more
restrictiverule.
54.Theaudit of a bank should be subject to an engagement quality
control review(EQCR) performed internallyby theaudit firm prior tothe
issuanceof theaudit opinion.
Theengagement qualitycontrol reviewer should have theappropriate
knowledgeand competencetoreview bank audits.
Thereviewer should exerciseprofessional scepticismin assessingthe
qualityof audit evidenceand whethertheauditor‟s judgmentsare
appropriate.
55.EQCR shouldbepart of abroader firm-levelinternal system of quality
control that emphasisesqualityand consultation and createsa culture of
compliancewith auditingand ethical standards.
56.Wherea networkof audit firms isinvolved in the audit of a bank, the
individual audit firmswithinthenetworkshould applyqualitycontrol
processesthat comply withthis document.
Basel iii ComplianceProfessionalsAssociation (BiiiCPA)
www.basel-iii-association.com
27. P a g e | 27
In such cases, theleadaudit engagement partner should be responsible
for the performanceof a qualityaudit byall theteamsreportingto it.
In doing so, the lead partner may place reliance on theprocessesby
whichqualitycontrol is exercised withinthe networkfirmsthat report to
it.
For example,theleadaudit engagement partnerof agroupaudit mayrely
on thefirm‟s processesfor
(a) ensuring that each audit engagement team member
(i)acquiresthe appropriateskills,knowledgeand experienceto perform
bank auditsand
(ii) complieswithindependencerules,and
(b) monitoringadherencetothe audit firm‟s policiesand procedures on
qualitycontrol.
57. The involvement of the engagement qualitycontrol reviewer
throughout the audit, and theoutcome of thequalitycontrol
review, should be evident in the audit workingpapers.
Any significant discussionsbetweentheengagement qualitycontrol
reviewerand the audit engagement team, particularlyin areaswhere
viewsmay have differedand asto how conclusionswerereached, should
befullydocumented in the audit workingpapers.
Thusin jurisdictionswherethesupervisor hasaccessto theexternal
auditor‟sworkingpapers,the qualitycontrol review wouldalsobe at the
supervisor‟sdisposal.
B. Supervisory expectationsof the audit of a bank‟sfinancial
statements
Basel iii ComplianceProfessionalsAssociation (BiiiCPA)
www.basel-iii-association.com
28. P a g e | 28
Identifying and assessing significant risks of material
misstatement specific to a bank‟s financial statements
Principle 5: The external auditor of a bank should identify and assessthe
risks of material misstatement in the bank‟s financial statements, taking
into consideration the complexitiesof banking activities and the need for
banksto have astrongcontrol environment.
Identifying potential risks
58.Banks are exposed to a varietyof risksthat can potentiallyaffect the
resultsof their operationsor financial condition.
Theseinclude, but are not limitedto, credit risk, market risk, liquidity
risk, operational risk and regulatory risk.
New risksmay emergeor thesignificanceof each riskmay changeover
timeasa result of various factorsthat may be driven by changed
circumstancesor developmentsboth internal and external to thebank.
59.In designing and performingthe audit of a bank, theexternal auditor
should assessthe inherent and control risk to determine therisk of
material misstatementsat the financial statement and assertionlevels.
By doing so, the external auditor gains an understanding of internal
controlsthat are relevant to the audit, and particularly of the control
environment designedby the bank.
60.Torespond totheassessedrisk of material misstatement, an external
auditorfollowsan audit strategy that includesboth substantive
proceduresand control testing.
Given the nature of bank activities, includingthoseinvolvinga high
volume of transactions,banks implement controlsdesignedtoaddress
risksposed to the organisation.
Basel iii ComplianceProfessionalsAssociation (BiiiCPA)
www.basel-iii-association.com
29. P a g e | 29
As a result, the external auditor of a bank should perform extensivetests
of controlsover financial reportingtoassesswhether,and to what
extent, the auditorcan rely on them.
Materiality
61.An understanding of the concept of materiality and determination of
materiality thresholds is needed in order to establish the audit
strategy, and identify and assesswhether a risk of material misstatement
existsin the financial statements.
62.Thedeterminationof what is material tothe financial statementsasa
wholeis a matter for theexternal auditor‟sprofessional judgment about
misstatementsthat could reasonablybe expectedtoinfluenceeconomic
decisionsof userstaken on the basis of the financial statements.
63.Theexternal auditor should exercisecaution whenevaluating
identifiedmisstatements.
Thesemisstatementscould be an indicatorof widerissueswithinthe
bank which could potentiallylead tomaterial misstatementsin the
financial statementsasa whole.
Therefore, individual misstatementsshould not be dismissedsolely
becausetheyare belowthe level of materiality set for planningpurposes.
64.For individual account balances, specific classesof transactionsor
disclosures,internationallyaccepted auditingstandardsrequire the
external auditor todeterminea lowerlevel of materialityfor those
particular account balances, classesof transactionsor disclosures,if the
external auditor believesthat “misstatementsof lesseramountsthan
materialityfor the financial statementsasa wholecould reasonablybe
expectedto influencethe economicdecisionsof users takenon the basis
of the financial statements”.
Basel iii ComplianceProfessionalsAssociation (BiiiCPA)
www.basel-iii-association.com
30. P a g e | 30
This is particularlyrelevant for auditsof banksbecausecertain financial
statement itemsare used in thecalculationof keymetricsused by a wide
rangeof usersof thefinancial statements.
For example, regulatory ratios such as the leverage ratio, liquidity ratio
and capital adequacy ratio are calculated based on account balances in
thefinancial statementsor are derived from the financial statements.
Assessing the risksof material misstatement
Internal control and its components
65.According to internationallyaccepted auditingstandards, internal
control componentsare the control environment, risk assessment
process, information and communicationsystemsand processes, control
activitiesand monitoring of controls.
66.Asstated in the BCBSPrinciplesfor enhancingcorporategovernance, a
robust internal control environment is critical to the strength of a bank‟s
governancesystem and itsability tomanage risk.
Consequently, whenobtainingan understandingof thebank‟sinternal
control environment, the external auditor should, amongst other
considerations:
- assessthe “tone at the top”, ie whethermanagement, withthe
involvement of thosechargedwithgovernance,ispromotingarobust
control environment;
- determine whether the control environment extends to all types of
operations and service offerings and encompasses all subsidiaries
andbranchesof thebanking group;
- understand the bank‟sapproach tooutsourcing/ offshoring of
businessactivitiesandfunctionsand assesshowinternal control over
theseactivitiesismaintained;and
Basel iii ComplianceProfessionalsAssociation (BiiiCPA)
www.basel-iii-association.com
31. P a g e | 31
- obtain an adequateunderstandingof the organisationof keycontrol
functionswithin thebank and itssubsidiaries.
At a minimum, keycontrol functionsincludetheinternal audit, risk
management, complianceand other monitoringfunctions.
67.Compensation arrangements at a bank may be a good indicator of the
culture within the organisation because they can influence the behaviour
of the bank‟spersonneland thequalityof corporategovernance.
Theexternal auditor should payparticular attention totherisksof
material misstatement in the financial statementsdue to
fraud, particularlywherebanksemploy compensation arrangements
that mayencourage excessiverisk-takingor other inappropriate
behaviour amongsttheir personnel.
Control activities
68.Internationallyacceptedauditingstandardsrequire theexternal
auditortoobtain an understandingof control activitiesrelevant tothe
audit which, in theauditor‟sjudgment, arenecessarytoassesstherisksof
material misstatement and toestablishthe audit strategy.
Theassessment of thecontrol activitiesover financial reportingis critical
for the designof further audit proceduresresponsivetoassessedrisks.
When identifying and assessingrisksof material misstatement and
assessingcontrols,the external auditor should take account of the
followingfactors:
- the knowledgeand competenceof thosein chargeof financial
reporting and of other control functionshaving an impact on
financial reporting;
Basel iii ComplianceProfessionalsAssociation (BiiiCPA)
www.basel-iii-association.com
32. P a g e | 32
- the nature of hedgingstrategiesemployed by the bank which, if
complex, improperlystructuredor inadequatelymonitored, can have
accountingand solvencyimplications;
- the use of complex financial instrumentsinvolving significant
estimatesof fair value;
- theprovisionofcustodial servicestoretail and/ orinstitutionalclients
andtheproceduresin place toavoid co-minglingof client and
proprietaryassets;
- thevolume of transactionsby type of activityand/ or presenceof
significant non-routinetransactions;
- theuse and monitoring of internal accounts;
- thestructure and complexityof IT systems for conductingbusiness
and for facilitatingefficient businessand financial reporting, asthey
mayleadtoincreasedriskoffraud orerror,particularlywherethereis
potential for individual overrideof the control system or thepotential
forfraudulent transactionstogoundetectedduetothesophistication
and complexityof the IT systems;
- thenumber, scope and geographical dispersion of subsidiariesand
thenecessity for complex consolidationprocedures;
- theexistenceof significant transactionswith related parties;and
- theuse of off-balancesheet financingarrangements,such asspecial
purpose entities(SPEs) and other complex structures.
69. Banking supervisorsand thosecharged with governance, such asthe
audit committee,needto be satisfiedthat the internal control is
commensuratewiththenature, volume and complexityof thebank‟s
activitiesand isorganisedin accordancewith regulatoryand legal
requirements.
Theinternalcontrolofabank mustberobustandreliablein ordertocope
with stressed environments.
Basel iii ComplianceProfessionalsAssociation (BiiiCPA)
www.basel-iii-association.com
33. P a g e | 33
Significant deficiencies in internal control whichhave been identified by
theexternal auditorshould be communicated in writingto thosecharged
with governanceand senior management, and other deficienciesin
internalcontrol should becommunicatedtotheseniormanagement at an
appropriatelevel of responsibilityon a timelybasis.
In addition, theCommitteebelievesthat the external auditor should
communicatein writingall mattersthat arelikely tobe significant tothe
responsibilitiesof thosecharged withgovernance in overseeingthe
strategicdirection of the entityor the entity‟s obligationsrelatedto
accountability.
Such mattersmay includesignificant decisionsor actionsby
management that lack appropriateauthorisation.
Internal audit
70.Theinternal audit function is an important element of theoverall
internalcontrol environment.
It providesassurancetotheboard of directorsandsenior management on
thequalityand effectivenessof a bank‟sinternal control, risk management
and governance systems and processes.
Theworkof internalauditorscanhelpexternalauditorsassessthequality
of the internal control processesand identify risks.
71.Whether ornot theexternalauditorexpectstousethework ofabank‟s
internalauditors, providedthere is noreasontodoubt their
knowledge,competenceand objectivity, theexternal auditorshould
engagewith, and seek information on key internal audit findings
from, theinternalauditors.
Thismayprovidevaluableinput intotheexternalauditor‟sunderstanding
of the entityand itsenvironment and aid in identifying and assessing
risksof material misstatement.
Basel iii ComplianceProfessionalsAssociation (BiiiCPA)
www.basel-iii-association.com
34. P a g e | 34
Theexternal auditorshould consider readingrelevant internal audit
reportsif theinformation obtained from engagingwiththe internal
auditorsindicatesissuesthat may havean impact onthe financial
statement audit.
72.Theexternal auditor‟sobservationson and, whererelevant, evaluation
of a bank‟sinternalaudit function are of particular interesttothe audit
committeeand the bank‟ssupervisorgiven the rolean effectiveinternal
audit function plays in maintaininga robust control environment in a
bank.
Responding to significant risks of material misstatement
specific to a bank‟sfinancial statements
Principle6:Theexternal auditor of abank should respond appropriately
tothesignificant risks of material misstatement in thebank‟sfinancial
statements.
73.Having identifiedand assessedthe risksof material
misstatement, internationallyacceptedauditingstandardsrequire the
auditortoidentifyanyareaswherethereis a significant risk of material
misstatement. Paragraphs78-98belowset out keyaudit areasof a bank‟s
financial statements,wherethere is often a significant risk of material
misstatement.
74.In additiontotheareasset out in paragraphs78-98, there are other
itemsin a bank‟sfinancial statementswhoseregulatory treatment could
giverise to incentivesfor management biasin the recognitionor
measurement of such items.
Asaconsequence,thereisagreaterriskof materialmisstatement ofthese
itemsin the financial statements.
This may lead toinappropriateapplicationof regulatory rulesto these
itemsand a material misstatement of thebank‟scapital position.
Basel iii ComplianceProfessionalsAssociation (BiiiCPA)
www.basel-iii-association.com
35. P a g e | 35
Examplesof such itemsare deferred tax assets,investmentsin
unconsolidatedentities, pension fund assets, and the classificationof
financial instruments.
External auditorsshould thereforebe alert toany likelihoodthat the
treatment of such itemsin the financial statementsis influencedby
management biastowardsadesiredregulatoryoutcomeandconsiderthis
in their risk assessment of thebank.
External auditorsshould alsobe awarethat management biasmay
changeover time dependingon, for example, the extent to whichthe
bank isable tomeet itsregulatory requirements.
External auditorsshould evaluateestimateswhichmay be subjecttothis
bias, and any potential audit differencesotherwiseidentified, in the
context of theimpact on regulatory capital or regulatory capital
ratios,consistent withparagraph 64.
75.Areas of significant risk of material misstatement particularlyrequire
an external auditor toapplyprofessional judgment and experience.
Internationallyaccepted auditing standardsrequire that theexternal
auditorobtain sufficient appropriate audit evidence51regarding the
assessedrisksof material misstatement, through designingand
implementingappropriate responsesto thoserisks.
76.Internationallyacceptedauditingstandardsrequire special audit
considerationfor areaswheresignificant risksof material misstatement
are identified.
Given that theseareasare associated withissuesthat the external auditor
identifiesashighly important for the bank, these areasare worthyof
discussion withthose chargedwithgovernance.
77.As the categoriesof what may be a significant risk for a bank may
changeover time, the list of audit areasprovided in paragraphs78-98of
Basel iii ComplianceProfessionalsAssociation (BiiiCPA)
www.basel-iii-association.com
36. P a g e | 36
thisdocument asareaswherethere isoftena significant risk of material
misstatement is not intendedto be comprehensive.
Loan lossprovisioning
78.Loan lossprovisioning is generallymaterial for a bank‟sfinancial
statementsand thecalculationof capital and keyperformancemetrics.
Themeasurement of loanlossprovisionsin accordancewith
internationallyaccepted accountingprinciplesinvolvescomplex
judgmentsabout credit riskwhich may besubjectivein nature.
79.Thefactorsthat theexternal auditor needstoconsider in identifying
and assessingthe significant risksof material misstatement in relationto
loanlossprovisioningand the relatedallowancefor loan lossesinclude:
(a)Theestimationtechniquesusedtocompute provisionsand how the
techniquesvary among and withinbanks.
(b)How management hasassessed theeffect of estimationuncertaintyon
thelevel of provisioning, and theeffect suchuncertaintymay have on the
appropriatenessof therecognised provisionand thesufficiencyof the
relatedallowancefor loanlossesin the financial statements.
(c)All knownand relevant impairment indicatorsfor loan exposureswhich
includepreviouslyunexpectedadversedevelopmentsinthemarket or
economicenvironment, adverse movement in interest
rates,restructuring, inadequate underwritingpoliciesadopted by the
bank, overduepayments, failure of the borrower tomeet budgeted
revenuesor net income, covenant breachesand forbearance.
(d)Whether thebank hassought perspectivesand data from different
functionswithin the bank, includingrisk management, credit and
internalaudit, aswell asreliable sourcesexternal tothe bank, including
peer data and regulator perspectivessoasto consider all relevant and
availableinformation in assessingimpairment.
Basel iii ComplianceProfessionalsAssociation (BiiiCPA)
www.basel-iii-association.com
37. P a g e | 37
(e)Accounting rulesfor provisioningmay differ from theprovisioning
rules that applyfor regulatory reportingor capital purposes.
It may thereforebe customaryfor bankstohave different processesand
systems togenerateloanlossprovisionsfor accounting purposesand for
regulatorypurposes.
Further, there can be material differencesin the applicationof the same
set of accountingand/ or regulatory rulesby individual banks.
Largedifferencesbetweenprovisionsfor accountingpurposesand for
regulatorypurposesmay indicatea risk of material misstatement of the
accountingprovision.
In addition, whilst for regulatory capital purposesunder theBasel
frameworkthe accountingloan lossprovisionfor internal ratings-based
approach(IRB) portfoliosis replacedbythe regulatoryexpectedloss
provision, the level of the accountingprovisionmay neverthelesshave an
impact on thelevel or the compositionof regulatory capital, duetothe
treatment of thetax effect of provisionsand the allocationof any excess
provision to capital tiers.
External auditorsshould be alert toany management biasin thisarea.
(f)Disclosuresshould enableuserstoassesstheloan lossprovisioning
methodologyapplied by the bank, regardinghow it relatestocredit risk
forthat bank, andhowit compareswithmethodologiesappliedacrossthe
bankingsector.
Financial instruments measured at fair value
80.Abank‟sportfolioof financial instrumentsmeasured at fair value can
rangefrom “plainvanilla” financial instrumentswhichare frequently
traded in liquid marketswithobservablemarket prices, and involve less
measurement uncertainty, tothosewhichare customised, complex, and
Basel iii ComplianceProfessionalsAssociation (BiiiCPA)
www.basel-iii-association.com
38. P a g e | 38
wherethe valuationis basedon significant unobservable inputswitha
substantial amount of management judgment.
Financial instrumentsmeasured at fair value alsoincludefinancial
instrumentsthat aresubject toan impairment assessment which is a key
area of judgment.
81.Where thereare changesin the composition of a bank‟sportfolio of
financial instruments– whetherdue to changesin customer demand, the
bank‟sapproach to managingrisk and liquidity, or changesin prudential
regulation– thebank willneedtoevaluateanyaccountingimplicationsof
thechanges.
82.Accounting standardscontain requirementson recognition;initial
and subsequent measurement (includingimpairment); reclassification
from fair value toamortised cost; presentation;and disclosures.
Becausetheserequirementsare complex, they may be difficult to
interpret and apply, and thereforethe external auditor often needsto
utilisemore complex and wider-rangingaudit proceduresto obtain
sufficient appropriateaudit evidencetosatisfyhim/ herselfthat the
financial statementsare not materiallymisstated.
Theclassification of an individual financial instrument may be
particularlyimportant for achievinga favourableregulatory outcome.
83.In adoptinga sceptical approach to management‟sassumptions
regardingthevaluation of financial instrumentsfor which thereare
significant unobservableinputs,IAPN 1000,Special considerationsin
auditingfinancial instruments,setsout specificaudit proceduresthat may
befollowedin auditingfinancial instrumentsmeasured at fair value.
Liabilities including contingent liabilities arising from
non-compliance with lawsand regulations, and contractual
breaches
Basel iii ComplianceProfessionalsAssociation (BiiiCPA)
www.basel-iii-association.com
39. P a g e | 39
84.Non-compliancewith, or material breachesof, the prudential
framework,conduct requirements, legal requirementsor contractual
agreementscould leadto legal or supervisoryactionsagainst a
bank, therebyexposingthebank topotential litigationand/ or the
impositionof substantial penalties.
Such eventsmay require recognition of provisions, contingent liabilities
and/ orqualitativedisclosuresin thebank‟sfinancial statements.
Further, any adverse impact on the bank‟s reputation resulting from this
non-compliance could have consequences for the bank‟s going concern
assessment.
85.In the courseof theaudit, the external auditor should remain alert to
actual or suspectedbreachesof prudential regulations,particularlythose
that are likely tobeof material significancetothe functionsof the
supervisor.
As noted in Section 6 below,55if theexternal auditor identifiesany such
breachesof material significance,theauditorshouldnotify thesupervisor
immediately.
Disclosures
86.Anumber of factorshave contributedto an increased demand from
usersfor more relevant and extensivequalitativeand quantitative
disclosures.
Theseincludethe increasedcomplexityof businesstransactions,
includingoff-balancesheet transactionsand non-recognition of assets
and liabilities,and increaseduse of fair value and other accounting
estimates,withsignificant uncertaintiesand changesin measurement
attributes.
87.While accounting standards specify disclosure objectives, the
standards may not always prescribe in all circumstances specific
disclosuresto meet thoseobjectives.
Basel iii ComplianceProfessionalsAssociation (BiiiCPA)
www.basel-iii-association.com
40. P a g e | 40
Therefore, there may be a substantial amount of judgment in assessing
whetherdisclosuresarepresentedfairlyinaccordancewiththedisclosure
objectivesin the relevant accountingframework.
88.Increasedtransparencythrough fairly presented public disclosures
enhancesmarket confidence.
It is thereforeimportant that thebank providedisclosureswhich present
thebank‟sfinancial condition, the riskstowhichit isexposed and how
theyare managed, and aremeaningful and responsiveto changesin
market conditionsand perceived risks.
89.In respondingtothe significant risksin this area of audit, theexternal
auditorhasan important role to playin encouraging consistent and
meaningful disclosureswhich present thebank‟sfinancial condition in a
waythat isinformativeand understandableto usersof financial
statements.
90.In the courseof itsaudit work, the external auditor should be alert to
anyindicationsthat disclosuresin financial statementsare not consistent
with the bank‟sprudential information such ascapital adequacyand
liquidityposition disclosureswithinthe financial statements.
Going concern assessment
91.Agoing concerngivesrisetotwoseparate issues:
(a)whetherthegoingconcernbasisofpreparationof financial statements
is appropriate; and
(b)theexternalauditor‟sevaluationof thebank‟sassessment of itsability
tocontinuetomeet itsobligationsfortheforeseeablefuture(forat least12
monthsafter the dateof thefinancial statements) and whetherthereare
material uncertaintiesin thisregard that should be disclosedin the
applicableaccountingframework.
Basel iii ComplianceProfessionalsAssociation (BiiiCPA)
www.basel-iii-association.com
41. P a g e | 41
92.Theworkthe external auditor performs toassessthe going concern
statusof a bank isdifferent from that likelyto be performed for a
non-bank entitybecauseof the contractual termsof bank assetsand
liabilities(maturitymismatch), the potential for regulatory
intervention, and theimpact that the signallingof anyuncertaintyover
thebank‟sabilityto continueasa goingconcern could have on the
short-term
viability of thebank.
93.Examplesof reasonsthat make thegoingconcern assessment of a
bank uniqueare asfollows:
(a)Current emerging risks and concernsspecific to the bank or the
bankingindustryasa wholemay have an impact on the historical trends
for the specific bank in sucha manner that thehistorical trendsmay not
reflect the likely trend over thenext year.
For example, during periodsof market turmoil, normal sourcesof
fundingmay no longer be available, asdepositspayable on demand may
run off more quicklythan historical experiencewouldcontemplateand
such deposits may bedifficult to replace.
(b)As banks arehighlyleveraged, a small changein asset valuationmay
havea substantial impact on the adequacyof a bank‟sregulatory capital.
Marketrisksmaybesuchthat financial instrumentsheldat fairvaluemay
besubject tosubstantial changesin valuein the short term and significant
volatility over the longer term.
Adecreasein regulatory capital may result in a downgradeby rating
agenciesmakingfunding more expensive and possiblyharder toobtain.
94. Given these and other risks, banks are required tomeet liquidity
requirementsand capital ratios set by thebank supervisoryauthority.
There should be equal emphasison the evaluation of liquidityand
solvencyof thebank for the period over whichthe going concern
assumptionhasbeen assessed:
Basel iii ComplianceProfessionalsAssociation (BiiiCPA)
www.basel-iii-association.com
42. P a g e | 42
(a)Liquidity: Factorsto assessincludethe reasonablenessand reliability
of the cashforecast for at least12monthsafter the date of thefinancial
statements,liquidityrisk disclosures,regulatory or contractual
restrictionson cash, loancovenants,and pensionfunding.
(b)Solvency: Giventhepotential adverseimpact of capital adequacy
concernson theconfidencein abank and, asa consequence,on thebank
operatingasa goingconcern, the external auditor will need toconsider
therobustnessof thebank‟ssystem for managing capital.
In addition, theexternal auditor will need to consider the capital position
in relationtothe current and any knownfuture capital
requirements,definitionsof capital resources,and challengesof raising
capital.
This is particularlycriticalwherecapital levelsare strained, accessto
capital resourcesis restrictedor where, for example, thebank‟sannual
report or internal capital projectionsincludeambitiousprojectionsof
improvementsin capital levels.
95. In respondingto the significant risksin this area of audit, and
assessingmanagement‟sassertion that a bank isa goingconcern, factors
whicharenecessaryto consider are:
(a)therobustnessof thebank‟sown systemsand controlsfor managing
liquidity, capital and market risk;
(b)theprudential informationthat isreported tosupervisorscoveringthe
bank‟ssolvencyand capital;
(c) anyexternal indicatorsthat reveal liquidityor fundingconcerns;and
(d) theavailabilityof short-term liquiditysupport.
96. Given the above risks and the possible systemic implications, if there
are any significant doubtswhich may cause material uncertainty over the
bank‟sabilityto continue asa goingconcern, and if the external auditor
Basel iii ComplianceProfessionalsAssociation (BiiiCPA)
www.basel-iii-association.com
43. P a g e | 43
considersreferringtothe goingconcern issuein theaudit report, the
external auditor should promptlycommunicatethis fact to the
supervisors.
Securitisations – SPEs
97.Thebanking sector is involved in activitiessuch assponsoring (or
originating) structured products/transactionsthat support
maturity, credit and liquiditytransformationrisksmore oftenthan other
industrysectors.
Thesponsoringbank doesnot ordinarilyfund such activities.
Thefunding is generallyprovidedby other parties.
However, thesponsoring bank may be exposed to riskssuch as
reputational risk in the event of the sponsoredentityencountering
financial or operational difficulties.
98.Such activitiesrequire special considerationby the external auditor
and are of interest to the supervisor for thefollowingreasons:
(a) Accounting concern –Accounting frameworksare often
principles-based,whichmayresult indifferent treatmentsofeachofthese
complex transactions.
In addition, becausetheseare highly structured products, their
accountingtreatment may vary based on the factsand circumstancesof
each transaction, eg whereSPEsare tailoredto remain off thebank‟s
balancesheet.
In theseinstances,it is necessaryfor theauditortoevaluatethe
judgmentsmadeby themanagement and consider whetherthe
accountingtreatment is appropriate and the disclosuresaresufficient.
Basel iii ComplianceProfessionalsAssociation (BiiiCPA)
www.basel-iii-association.com
44. P a g e | 44
(b)Regulatoryconcern – Becauseof thecomplexityof the securitisation
andthechain of financial intermediation, thesponsoring bank in an
“originatetodistribute” model may underestimatethe real risk
transferred or the risk retainedon itsbalancesheet (includingreputation
risk and conflictsof interest in caseof defaultson thesecuritisedassets).
Even so, the originatormay be ableto benefit from an off-balancesheet
treatment for the assetsunderlying thesetransactionsand hencemay not
berequired tohold additional regulatorycapital unlessspecifically
requiredby thesupervisor.
Theexternal auditorshould be alert to whenthe supervisorrequires
additional capital even though theoff-balancesheet accounting
treatment appliedbythebank isappropriate.
(c)Interconnectivity– Increasesthe correlationbetween banks and other
non-bankingsectors, whichcan add tothe global systemic risk.
5. Supervisory expectationswith regard to a bank‟s audit
committee and its relationship with the external auditor
99.The BCBS‟s paper on the Internal audit function in banks(June 2012)
and its paper on Principles for enhancing corporate governance (October
2010) describe the main resp on sib ilities of a ban k‟s au d it commi
tt ee .
Theaudit committee has, amongst others, a number of responsibilities
with respect to the external auditor and the statutoryaudit.
Theaudit committee approves, or recommendstothe board of directors
for approval, the appointment, reappointment, dismissal and
compensation of theexternal auditor.
Theaudit committeealsomonitorsand assessestheindependenceof the
external auditor.
100.Theaudit committeeoverseesthebank‟sstatutoryaudit process.
Basel iii ComplianceProfessionalsAssociation (BiiiCPA)
www.basel-iii-association.com
45. P a g e | 45
Key aspectsof the audit committee‟swork encompassthe assessment of
theeffectivenessof the external audit process.
Theaudit committee should require that seniormanagement take the
necessarycorrectiveactionstoaddressthefindingsand
recommendationsof theexternal auditorin a timelymanner.
101.Thediscussion below focuseson theaudit committee‟s
responsibilitiesin relationtothe oversight of, and itsrelationship
with, the external auditor topromote and support the integrity, objectivity
and independenceof theauditor, the qualityof the external audit and the
competenciesthat underpin that quality.
Toenablethe audit committeeto carryout itsoversight
responsibilities, whichalsocontributetothe effectivenessof the audit
process, theprinciplesin thissection promote effectivetwo-way
communicationbetweentheaudit committeeand the external auditor.
It is important to note that all thediscussionsbelow stem from an
important overarchingprinciple:namely, that there shouldbe a
frank, open workingrelationship and a high level of mutual respect
amongstall partiesinvolved.
102.Theprinciplesand explanatoryguidancein this section form the
basisfor the supervisor‟smonitoring of the effectivenessof theaudit
committeein itsoversight of theexternal auditor.
Appointment of the external auditor
Principle7:Theaudit committee should have arobustprocessfor
approving, orrecommendingfor approval, the
appointment, reappointment, removal and remuneration of the
external auditor.
103.Theaudit committeehastheprimary responsibilityfor approving, or
recommending to theboard of directorsfor approval, the
appointment, reappointment, removal and remunerationof the external
auditor. Basel iii ComplianceProfessionalsAssociation (BiiiCPA)
www.basel-iii-association.com
46. P a g e | 46
In doing so, the audit committeeshould determineappropriatecriteriafor
selectingthe external auditor and regularlyassessthe
knowledge,competence,independence(seePrinciple8below) of the
externalauditorandeffectiveness(seePrinciple9below)of theexternal
audit, havingdueregard to the guidancein Section 4.
104.Theaudit committee‟sproceduresfor approving or recommending
theapproval of the external auditor should alsoincludea risk assessment
of the likelihood of the withdrawal of theexternal auditor from the
audit, and how thebank wouldrespond tothat risk.
105.Theaudit committeeshould contribute a sectiontothebank‟s
annual report whichexplainsthe approach taken regardingthe
recommendation of the appointment or reappointment of theexternal
auditor, and should includesupporting information on thetenure of the
incumbent auditor.
106.If the board of directorshasapproval responsibilitieswith respect
tothe external auditor, but doesnot accept the audit committee‟s
recommendation, it should includein the annual report, and in any
papersrelatingto theappointment/ reappointment/ dismissal of the
external auditor, a statement explainingthe audit committee‟s
recommendation and the reasonswhytheboard of directorshastaken a
different position.
107.Theaudit committeeshould assesstheoverall qualityof the external
auditor, prior toitsfirst appointment and at least annuallythereafter.
Tothat end, the audit committeeshould request that the external auditor
report on theexternal auditor‟sown internal qualitycontrol
procedures,including the audit firm‟s EQCR process, and any significant
mattersof concernsarisingfrom theseprocedures.
Theaudit committee should alsoconsider, whereavailable, the external
audit firm‟s annual transparencyreport and any inspectionreportson the
audit firm issuedbythe relevant oversight body.
Basel iii ComplianceProfessionalsAssociation (BiiiCPA)
www.basel-iii-association.com
47. P a g e | 47
108.Theaudit committeeshould maintain an understandingand
knowledgeof:
- thestructure and governance of the audit firm;
- thecurrent nature of the audit environment, includinganyoverseas
jurisdictionswherethe bank operates;
- significant issues and concerns raised by the relevant audit oversight
body regarding the audit firm, and the auditor‟s action in addressing
theseconcerns, to understand how these shortcomingsmay affect the
qualityof theaudit of the bank;
- thenature of bankingregulatory actionsand conditionsthat could
havean impact on theexternal auditor‟swork on thebank, including
anyregulatoryactionsand conditionsspecific tothebank being
audited, or to actionsand conditionsthat the supervisor is imposing
on all banks (for example, through newlyimplemented regulations
andpolicies);and
- public lessonslearnedfrom any recent external audit failures
associatedwiththebank‟saudit firm and howthefirm hasdealt with
them sothat similardeficienciesdonot occur.
109.Theaudit committeeshould alsosatisfyitself that the level of the
audit feesis commensurate with the scope of workundertaken.
Wherefeereductionsare offered and accepted, theaudit committee
should seek assurancethat thesereductionsdo not implyan
inappropriateincreasein the materialitylevel tobe applied by the
external auditor, or a narrowingof the external auditor‟sproposed scope
of the audit, or a reduction in the attentionwhichwill be given to each
businesscomponent and thesignificant audit risksidentified.
110.Theaudit committeeshould discussand agreeto theterms of the
engagement letter issued by the external auditor prior to the approval of
theengagement.
Basel iii ComplianceProfessionalsAssociation (BiiiCPA)
www.basel-iii-association.com
48. P a g e | 48
Whererelevant, theaudit committeeshould agree toan engagement
letterthat hasbeenupdatedtoreflectchangesin circumstances, such as
thosearisingfrom changesin legal requirementsand changesin the
scopeof theexternal auditor‟swork asa result of revisionsto
internationallyaccepted auditing standardswhichhave arisen sincethe
previousyear.
111.If the external auditor resigns or communicatesan intentionto
resign, the audit committeeshould followup on thereasons/explanations
givingrisetosuchresignationand considerwhethertheaudit committee
needstotakeanyactioninresponsetothosereasons.
Independence of the external auditors
Principle8:Theaudit committee shouldmonitor and assessthe
independence of theexternal auditor.
112.Theindependenceof the external auditor is one of the main
prerequisitesfor anadequatelevel of audit quality.
As such, theaudit committeeshould understand theapplicable
independencerequirements.
Theaudit committee should have proceduresto monitor and assessthe
independenceof theexternal auditor at least annually, taking into
considerationrelevant national laws,regulationsand professional
requirements.
Theassessment should alsoinvolve a consideration of all relationships
betweenthebank andtheaudit firm (includingtheprovisionofnon-audit
services) and any safeguardsestablishedby the external auditor.
113.Where the audit firm hasbeen theexternal auditor of thebank for
manyyears, there may be a perception that there is a familiarity or
Basel iii ComplianceProfessionalsAssociation (BiiiCPA)
www.basel-iii-association.com
49. P a g e | 49
self-interest threat to the external auditor‟sobjectivityand independence
in itsaudit of the bank.
However, when the bank changes its external auditor, there is a risk that
the depth of understanding of the bank and its activities and systems will
belost.
This may affect the new external auditor‟sabilityto identify risks of
material financial statement misstatementsand respond tothem
appropriately, and hencemay detract from the qualityof the audit.
114.Audit committeesshould have a policy in placethat stipulatesthe
frequencywithwhichthere should be a tender for the external audit
contract.
Thepolicyshould alsocall for the audit committeeto consider
periodicallywhetherthere should be a limit tothe length of an external
auditor‟stenure asthe bank‟sexternal auditor giventhe potential impact
of audit firm rotation on independenceand audit quality.
115.Audit committeesshould understand theaudit firm‟s policy on
rotation of members of the audit engagement team and theaudit firm‟s
compliancewith anyjurisdictional or other localregulatory requirements
in this regard.
116.As describedin Principle2, the audit committeeshould seek
assurancethat the audit engagement team membersand their firm and,
whenapplicable, the network external auditorshaveno financial,
personal, businessor other relationshipswiththebank whichcould
adverselyaffect theauditor‟sactual or perceivedindependenceand
objectivity.
The audit committee should seek from the external auditor, at least on an
annual basis, information about the audit firm‟s policies and processesfor
maintaining independence and monitoring compliance with the relevant
independencerequirements.
Basel iii ComplianceProfessionalsAssociation (BiiiCPA)
www.basel-iii-association.com
50. P a g e | 50
117.Audit committeesof banks should develop a formal policywhich
governstheacceptanceof non-audit servicesprovidedby theauditor.
Amongst other provisions,the policyshould includecriteria for the types
of non-audit servicesthat the external auditor may provideor is
prohibited from providing, and rulesstipulatingwhenadvanceapproval
bythe audit committeeisrequired for theauditor‟s performanceof
non-audit services.
Thepolicyshould be reviewedperiodicallyand complianceshould be
monitored, takingintoaccount thecontentsof Section 4of this
document.
118.Where non-audit servicesare provided by the external auditor, the
audit committeeshould monitor and establishthat theprovision of such
servicesdoesnot impair theexternal auditor‟sobjectivityand
independence,taking intoconsiderationvariousfactorsincludingthe
skillsand experienceof the external auditor, safeguardsin placeto
mitigateanythreat toobjectivityandindependence,andthenatureofand
arrangementsfor non-audit fees.
119.Where the external auditorprovidesnon-audit servicestothe
bank, the bank‟sannual report should explain toshareholdersthenature
of and thefee arrangementsfor thenon-audit servicesreceived, andhow
auditorindependenceissafeguarded.
Effectivenessof the external audit
Principle9:Theaudit committee should monitor and assessthe
effectivenessof theexternal audit.
120.At the start of each audit, the audit committeeshould consider
whetherthe audit approach is appropriate, includingconsiderationson
theaudit scope, thelevel of materiality, areasof focusand whether
plannedaudit proceduresaddressthe areasof significant risk for the
bank, in particular thoseareasdescribedin Section 4 of this document.
Basel iii ComplianceProfessionalsAssociation (BiiiCPA)
www.basel-iii-association.com
51. P a g e | 51
121.Theaudit committeeshould consider whethertheproposed
resourcesto executetheaudit plan arereasonablegiven the scope of the
audit engagement, the nature and complexityof thebank‟s
operations,and itsstructure and activities.
Theaudit committee should understand thenature and extent of audit
workthattheexternalauditorintendstorelyuponwheretheaudit workis
performed by network firm personnel or other audit firms.
122.Theaudit committeeshould obtain confirmation from the external
auditorthat there isadequateknowledge, competenceand expertise
withintheaudit engagement team andthat theaudit will beconductedin
compliancewith internationallyaccepted auditingstandards, aswell as
any applicablelawsand regulations.
123.Theaudit committeeshould discusswith the external auditor the
findingsof the latter‟swork.
In the courseof itsmonitoring, the audit committeeshould:
- Obtain anunderstanding of the external auditor‟sview on anymajor
issuesthat aroseduring the audit (includingthoseissuesthat were
subsequentlyresolved aswell asthosethat have been left
unresolved), in particular the external auditor‟sexplanationof the
significant judgmentstheaudit engagement team made and the
conclusionsit reached.
This should includethe discussionswith management and the
judgmentsinvolved, therangeof possibleoutcomesand, where
available,a comparisonof thebank‟spositionwith that of itspeer
group (on an anonymous basis), includinga comparison with
previousperiodson such major issues;
- Obtainan understandingof the rationalebehindthe final conclusions
drawnby the audit engagement partner on significant accounting
and auditingmatters,particularlyin thosecircumstances
Basel iii ComplianceProfessionalsAssociation (BiiiCPA)
www.basel-iii-association.com
52. P a g e | 52
wheretheaudit engagement partner‟sconclusionsdifferedfrom
thoseof theengagement qualitycontrol reviewer;and
- Review the nature and levelsof misstatementsidentified during the
audit, obtainingexplanationsfrom management and, where
necessary, theexternal auditor asto whycertain errorsmight remain
unadjusted.
124.Theaudit committeeshould alsodiscusswiththe external auditor
theaudit representation lettersbeforesignature bythe boardof
directors/ seniormanagement and give particular consideration to
matterswherespecific representation hasbeen requested.
Theaudit committee should consider whetherthe informationprovided
on each of the itemsin therepresentationlettersiscomplete and
appropriatebased on itsown knowledge.
125.As part of the ongoingmonitoringprocess, the audit committee
should discusswiththe auditorthe management letter (or equivalent)
and any other audit-relatedreportsprovidedtothebank.
In particular, the audit committee should discuss with the external
auditor any significant deficiencies identified in the bank‟s control
environment and in itsinternal control over financial reporting.
126.At the end of the audit engagement period, the audit committee
should:
- consider whethertheaudit firm hasfolloweditsaudit plan and
understand thereasonsfor any changes,includingchangesin
perceivedaudit risksandtheworkundertakenbytheexternalauditor
toaddressthose risks;
- obtain feedback about the conduct of theaudit from key bank
personnel involved, eg theheadsof financeand internal audit; and
Basel iii ComplianceProfessionalsAssociation (BiiiCPA)
www.basel-iii-association.com
53. P a g e | 53
- report totheboard of directorsonthe effectivenessof the external
audit process.
127.Theaudit committeeshould seek toobtain information from the
external auditor on the main findingsof audit qualityreviewsof the
bank‟saudit and theaudit firm‟s qualitycontrol systems by audit
oversight bodies.
Relationship between the audit committee and the external
auditor
Principle10: Theaudit committeeshould have effective communication
with theexternal auditortoenabletheaudit committeetocarryout its
oversight responsibilities andtoenhancethequalityof theaudit.
128.Thefoundation for an effectiverelationship is regular, timely, open
andhonestcommunicationbetweentheaudit committeeandtheexternal
auditor.
Regular dialoguebetweenthetwopartiesshould be held throughout the
reporting cycle of the bank.
129.Whileboth cooperation and challengesare neededbetweenthe
external auditor and the audit committeefor the external audit to be
effective, theneedfor cooperationshouldneverprevent robust challenges
from being made whenneeded.
Such challengesare a key responsibility of the audit committeeand are
part of theproductive dialogueon key judgmentsthat can result in
stronger and deeper understandingof and viewson the positionsof all
parties.
130.In order to reinforce the audit committee‟s effectivenessand enhance
the quality of the audit, the audit committee should consider inviting the
external auditor toattend audit committeemeetings(except when
Basel iii ComplianceProfessionalsAssociation (BiiiCPA)
www.basel-iii-association.com
54. P a g e | 54
discussingmattersin relationto the assessment of the external auditor),
even if there are noitemsexplicitlyrelevant tothe external audit on the
agenda.
Theexternal auditor‟sattendanceshould facilitatetheexchangeof views
on businessperformance, risk and other topics.
Further,toenhanceaudit quality, theaudit committeeshouldconsider, if
necessary, assistingtheexternal auditortogain accesstoany other
committeemeetingsthat the external auditor determinesto be relevant
for the auditor‟swork.
131.Theaudit committeeshould have the right and authoritytomeet
regularly– in the absenceof executivemanagement – with theexternal
auditor.
This will enablethe audit committeetounderstand and discussall issues
that may havearisenbetweentheexternal auditorand bank management
in thecourse of the external audit and how these issueshavebeen
resolved.
In addition, thesemeetingsshould addressany other mattersthat the
external auditor believesthe audit committeeshould be awareof in order
toexerciseitsresponsibilities.
132.The audit committee should discusswith the auditor any matters
arising from the statutory audit that may have an impact on regulatory
capital or disclosures.
This may includediscussionof theinteractionbetween theaccounting
information and theregulatory information, eg accountingimpairment
chargesversusregulatory expectedlosses,or the consistencyof the
bank‟sPillar 3 reportingwithitsannual report.
133.Theaudit committeeshould discusswiththeexternal auditor any
significant issuesidentified in the course of theaudit, in particular in
Basel iii ComplianceProfessionalsAssociation (BiiiCPA)
www.basel-iii-association.com
55. P a g e | 55
areaswhichcould be relevant tofuture financial statements,topromote
earlydiscussionand planning.
This includesupcoming changesin accountingstandards or regulations
andtheconsequencesof material transactions.
134.Theaudit committeeshould alsocommunicateto theexternal
auditormattersthat are likely tobe of significant influenceon the
conduct of thestatutoryaudit.
Such mattersmay encompasssubjectsthat the audit committeebelieves
warrant particular attention, significant communicationswiththe
supervisor,or other mattersthat the audit committeeconsidersmay
influencethe audit of the financial statements.
Reporting by the external auditor to the audit committee
Principle 11: The audit committee should require the external auditor to
report toit on all relevant matters toenablethe audit committee to carry
out itsoversight responsibilities.
135.In some jurisdictions,aspart of the statutoryaudit, the auditorsare
alsorequired by law or regulationstoexpressan opinion on the control
environment of thebank and provide additional reportingof matters
identifiedaccordingly.
Theexplanatoryguidancein thefollowingparagraphsonlycovers
reporting totheaudit committee that may be required in thecontext of
thefinancial statement audit.
136.Theaudit committeeshould expect the external auditor to
communicatepromptly tothe audit committeeany significant audit
findingsnoted in thecourseof the audit and any significant problems
encounteredin carrying out theaudit.
Basel iii ComplianceProfessionalsAssociation (BiiiCPA)
www.basel-iii-association.com
56. P a g e | 56
137.Upon completion of the audit work, theexternal auditor should
report tothe audit committeeon theoutcome of the audit in writing.
Thecontentsof thesewrittenreportsshould be alignedwith the
requirementsset by internationallyaccepted auditingstandardsfor
matterstobe communicatedtothosechargedwithgovernance, the
recommendationsmadein this document, and any additional
requirementsunder applicablelawsand regulations.
138.In addition totheabove, wherenot already covered by the
recommendationsin other partsof this document and the relevant
auditingstandards, theaudit committeeshould request that the external
auditorreport toit in writingon other significant matters, includingthe
following:
- Key areasof significant risk of material misstatement in thefinancial
statements,in particular on critical accountingestimatesor areasof
measurement uncertainty(eg loanlossprovisioning and valuation
uncertainties), includingpotential valuation bias and consequential
effectson earnings,compensation structuresand regulatory ratios.
- Areas of significant management and auditor judgment, including
judgmentspertainingto the recognition, de-
recognition, measurement or disclosureof relevant itemswithin the
financial statementsand, whererelevant, judgmentsabout material
uncertaintiesthat may cast doubt on an entity‟sability to continue as
a going concern (includingconsiderationof liquidity/ fundingissues
of the entity).
- Outsourcingof keyexternal audit work (eg with respect to auditsof
subsidiaries)toanother audit firm or useof external expertstoassist
with the external audit.
- Significant internalcontrol deficienciesidentifiedin thecourseof the
statutoryaudit.
Basel iii ComplianceProfessionalsAssociation (BiiiCPA)
www.basel-iii-association.com
57. P a g e | 57
- Mattersthat arelikelytobesignificant totheresponsibilitiesof those
charged with governancein overseeingthe strategic directionof the
entityor the entity‟sobligationsrelated toaccountability.
- Areas of financial statement disclosures, for the bank itselfand
relativetoitspeers, whichtheauditor believescould be
improved, includingthe resultsof discussionswithmanagement.
139.For the purposesof complying withthe requirementsof
internationallyacceptedauditingstandards, wheresignificant mattersare
communicated to the audit committee,the external auditor should also
determineif thesemattersneedto be communicatedtotheboard of
directors.
6. The relationship between the supervisor and the external
auditor
140.This section setsout the principlesthat promoteeffective
relationshipsthat will enableregular communication of mutuallyuseful
information in thecontext of a statutoryaudit between:
- thesupervisor and the external auditor at the supervisedbank level,
regardless of whether the communicationis mandatory(Subsection
A– Principles12and 13); and
- thebanking supervisoryauthorityand theaudit firm, and the
accountingprofessionasa wholethat is not specific toan individual
bank (Subsection B – Principle14).
140.Thekey objectiveof having effectiverelationshipsbetweenthe
partiesreferredtoaboveistoenhancetheeffectivenessof thesupervision
of the bankingsector.
Thisrelationshipwillthenalsocontributetothequalityofexternalaudits.
Basel iii ComplianceProfessionalsAssociation (BiiiCPA)
www.basel-iii-association.com
58. P a g e | 58
142.An effectiverelationship should enableeach partyto carry out its
respectivestatutoryresponsibilitieswhilenot implying that eitherparty is
responsiblefor or should or can perform the statutoryresponsibilitiesof
theother party.
A. Effective relationship at the supervised bank level
143.Theexternal auditor can providethesupervisorwithvaluableinsight
intovariousaspectsof a bank‟soperationsand management‟sattitudeto
theapplicationof keyaccounting policies,judgmentsand models
adopted.
Conversely, the external auditormay obtain helpful insightsfrom
information originatingfrom the supervisorwherethe supervisor
providesan independent assessment in areassignificant totheexternal
audit and may focusattention on specificareasof supervisoryconcerns.
In certain jurisdictions,thesupervisormay alsorequest theexternal
auditortoperform specificassignmentsthat gobeyond thestatutory
audit workof the auditor.
Principle12: Thesupervisorand theexternal auditorshould have an
effective relationship that includesappropriatecommunication channels
for theexchange of informationrelevant tocarrying out their respective
statutory responsibilities.
144.Supervisorsand external auditorsshould have an open and
constructiverelationship, withconfidencein each other that information
exchangedwill be treated appropriately and confidentially.
145.For an effectiverelationship toexist, theengagement betweenthe
supervisorand the external auditor should involve individualswhoare
knowledgeable,informed and empoweredby their respective
organisationstoexchangeinformation.
Basel iii ComplianceProfessionalsAssociation (BiiiCPA)
www.basel-iii-association.com
59. P a g e | 59
146.Thesupervisor may benefit from theresultsof the external auditor‟s
workbecausein many respectsthetwopartieshavecomplementary
concernsregardingthesamemattersalthoughthefocusoftheir concerns
is different.
Similarly, the external auditor may benefit from insightsthat the
supervisorcan communicate.
However, in order todischargetheir respectivestatutory
responsibilities, each partyshould not usethe workof the other asa
substitutefor its ownwork and thesupervised entityshould remain the
main sourceof information for their respectivework.
147.Theterms, natureandscopeofthisrelationshipcanbedeterminedin
individualjurisdictionsandshouldbecleartoboththesupervisorandthe
external auditor – for example, through guidanceissued by thebanking
supervisoryauthority.
Accessto communication with the bank
148.Theexternal auditor‟sworkgivesriseto the auditor‟sreport onthe
annual/ consolidatedfinancial statementswhichis often used for
prudential supervisorypurposes.
When performinga financial statement audit in accordancewith
internationallyaccepted auditing standards, the external auditor
communicateswithmanagement and/ or those charged withgovernance
about significant mattersrelating to financial reportingor supplementary
matters,and thesecommunicationsmay be accessedby thesupervisor.
In thesamemanner,in certainjurisdictions,theexternal auditormayalso
haveaccesstothe supervisor‟scommunicationsto thebank.
149.Giventhebenefitsthat may ensue, when communicatingwith
management and/ orthosechargedwithgovernanceofthebank, boththe
supervisorand the external auditor should consider communicating
Basel iii ComplianceProfessionalsAssociation (BiiiCPA)
www.basel-iii-association.com
60. P a g e | 60
matters that mayalso be of mutual interest toeach other in writing sothat
they form part of the bank‟s records to which the other party should have
access.
Direct communication at the supervised bank level
150.In addition, effectivecommunication shouldbe establishedthrough
oneor a combination of direct writtenand oral communication
channels,asdictatedbythe circumstances.
151.Writtencommunicationchannelsmayincludeextendedaudit reports
on theaudited financial statements,whichare submitted tothesupervisor
and arenot availableto thepublic.
In certain jurisdictions, these reportsmay be part of the external auditor‟s
statutory audit work and may alsocover assignmentsrelated to prudential
supervisoryrequirements.
152.Oral communication channelsmay includebilateral meetings
betweenrepresentativesof thesupervisor and the external auditor, and
may beformal or adhoc.
In addition tobilateral meetings, trilateral meetingsinvolving
representativesof thesupervisor, theexternal auditor and thosecharged
with governanceat the supervisedbank can alsobe held.
153.Whilst not excludingany other effectivecommunication
channels,bilateral and trilateral meetingsare examplesof sound
practicecommunication channels, particularlyfor SIBs.
Communication of mattersoutside the scope of the external
auditor‟sduty to report/ alert
154.Thecommunication channelsdescribed in paragraphs150-153,can
bea helpful source of information for thesupervisorabout mattersthat
Basel iii ComplianceProfessionalsAssociation (BiiiCPA)
www.basel-iii-association.com
61. P a g e | 61
are outsidethe scope of theexternal auditor‟sdutyto report/ alert
discussed in Principle13 and on whichthe supervisorscan reasonably
expect theauditorstoform aviewinthecourseoftheiraudit ofthebank‟s
financial statements.
155.Thecontentsof theexternal auditor‟scommunication could cover all
issuesthat thesupervisor might consider relevant in carrying out its
functions.
Such issuesmay includecurrent, emerging and thematic issues,and
entity-specificand sector-wideissues.
Theexternal auditorshould remain alert to the fact that theseissuesmay
alsofall withinthe scope of theexternal auditor‟sduty toreport/alert.
156.In addition todiscussingwiththesupervisorareaswherethere is
often a significant riskof material misstatement in thefinancial
statements,Section4includesexamplesofareaswheremattersofinterest
tothesupervisormaybeidentifiedbytheexternalauditorin thecourseof
thefinancial statement audit and thereforeare relevant for
communicationto the supervisor.
Examplesof thesemattersare:
- Wherea bank undertakestransactionstoachievea particular
accountingor regulatory outcome suchthat the accounting
treatment istechnicallyacceptable,but it obscuresthesubstanceof
thetransaction.
- Wherea bank consistentlyutilisesvaluationswhich are at the
extremeendsof a range of acceptablevaluationsor there areother
indicationsof possiblemanagement bias.
- Significant deficiencies in internalcontrol processesand their
observationson mattersthat are significant tothe responsibilitiesof
Basel iii ComplianceProfessionalsAssociation (BiiiCPA)
www.basel-iii-association.com
62. P a g e | 62
thosechargedwithgovernancein overseeingthestrategic direction
of the entityor the entity‟s obligationsrelated toaccountability.
This may includewhererelevant, their observationson the
effectivenessof theinternal audit function, the riskmanagement
functionand thecompliancefunction (wherenot alreadyrequiredby
statute).
- Actual or suspectedbreachesof prudential regulationsnoted in the
course of the audit.
- Indicationsthat disclosuresin financialstatementsarenot consistent
with published prudential information.
157.Annex 1tothis document providesexamplesof the potential content
of the extended audit reportsdescribedin paragraph 151.
Annex 2tothis document providesguidanceon thetimingand examples
of the potential content of themeetingsbetweenthesupervisorand the
external auditor, ascircumstancesmay dictate.
158.Where bilateral and trilateral meetingsare held, particularlyin the
caseof SIBs, thetiming and content of these meetingscould be aligned
with the typical phasing of the bank‟sexternal audit and/ or the
supervisoryassessment of thebank.
Of particular importancearethe planningand concluding phasesof the
external audit.
Themeetingsshould focuson the keyissuesand judgmentswithin the
scopeof theexternal auditor‟sstatutoryaudit work.
159.Theform, frequency and content of thecommunication describedin
thisdocument betweenthesupervisor and theexternal auditor of the
supervisedentitywill varydependingonthejurisdictionalcircumstances,
Basel iii ComplianceProfessionalsAssociation (BiiiCPA)
www.basel-iii-association.com