SEACEN Seminar on INTERNAL AUDIT OF CENTRAL BANKS Taipei, Taiwan, R'O'C' 1417 September 2004 - PowerPoint PPT Presentation

Loading...

PPT – SEACEN Seminar on INTERNAL AUDIT OF CENTRAL BANKS Taipei, Taiwan, R'O'C' 1417 September 2004 PowerPoint presentation | free to download - id: c3cfe-YTlhO



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

SEACEN Seminar on INTERNAL AUDIT OF CENTRAL BANKS Taipei, Taiwan, R'O'C' 1417 September 2004

Description:

Auditor as 'watchdog' and 'faultfinder'. Less emphasis on scientific audit programs. ... Risk Evaluation Family. 27. Risk Based Audit Process Cont'd. Auditor's ... – PowerPoint PPT presentation

Number of Views:65
Avg rating:3.0/5.0
Slides: 61
Provided by: ghulams
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: SEACEN Seminar on INTERNAL AUDIT OF CENTRAL BANKS Taipei, Taiwan, R'O'C' 1417 September 2004


1
SEACEN Seminar on INTERNAL AUDIT OF CENTRAL
BANKS Taipei, Taiwan, R.O.C. 14-17 September
2004
  • Presented by
  • Shamsul Islam
  • Junior Joint Director
  • Audit Department

2
SEACEN Seminar
  • Organized by South East Asian Central Bank
  • Research Training
    Centre
  • (SEACEN Centre) Malaysia.
  • Financed by Bank of Japan (BOJ)
  • Hosted by The Central Bank of China
  • (CBC)Taiwan.

3
Central Bank of China
4
Seminar Participants 30 participants from the
following 15 Central Banks/Monetary
Authorities/Ministry of Finance.
  • Royal Monetary Authority of Bhutan
  • Ministry of Finance, Brunei.
  • Reserve Bank of Fiji.
  • Bank Indonesia
  • The Bank of Korea
  • Bank Negara Malaysia
  • The Bank of Mangolia.
  • Nepal Rastra Bank
  • State Bank of Pakistan.
  • Bank of Papua New Guinea.
  • Bangko Sentral ng Pilipinas.
  • Central Bank of Sri Lanka.
  • The Central Bank of China, Taipei.
  • Bank of Thailand.
  • Banking and Payments Authority of Tinor Leste.

5
Resource Persons.
  • Mr. John Graham Joscelyna CA(SA) CIA
  • Director International Services
  • UHY Advisers Inc.
  • Mr. Noriyuki Tomioka
  • Director Internal Auditors Office
  • Bank of Japan.
  • Dr. JIIN FENG CHEN
  • Associate Professor
  • Department of Accounting, College of Commerce,
  • National Chengchi University.

6
ISSUES FOR DISCUSSION IN THE SEMINAR.
  • Role of Internal Audit in Governance.
  • Identification of gaps in the Internal Audit
    Function and Opportunities for Improvement.
  • Internal Audit in the Risk Management Process.
  • Leveraging on Automation and Information
    Technology in Audit Engagements.
  • Impact of Regulations on Internal Audit.
  • Outsourcing of the Internal Audit Function.
  • Industrys Best Practices in Internal Audit.

7
1. Role of Internal Audit in Governance
  • Entire audit process directly or indirectly
    linked with Governance Process.
  • Audit is an on going Governance Process through
    evaluation of the System of internal controls.

8
What should Governance mean to Audit.
  • Process of oversight at board level.
  • Relationship between board and management.
  • Organization of executive functions
  • Information flow
  • Key Control Process.
  • Transparency
  • Authority
  • Accountability
  • Impacts the Bank from top to bottom.
  • Determines the control environment.
  • Influences the banks culture.

9
Pre-requisite for Auditors in relation to
Governance
  • Authority in Internal Audit Charter/IA Mandate.
  • Competence on the part of Auditors.
  • Real desire of Board and Management to include
    Auditors.

10
What should be auditors relationship with his
auditees.
  • Facilitator
  • Picking up on their issues.
  • Questioning them on their needs.
  • Educator Verification Checklist
  • Sharing best practices
  • Sharing movement in Governance practice.
  • Listener
  • Listen more from auditee so that auditor may
    educate and facilitate them.

11
What can Auditor do?
  • Share Professional Best Practices
  • What reporting works best.
  • Usefulness of an independent audit
  • Usefulness of audit to the auditee.
  • How value is added to the performance of auditee.
  • Agree Audit Charter with the Board and
    Management.
  • Reporting of Audit activities to the Board.
  • Share International Internal Audit Standards and
    what they mean.

12
Objectives of these activities
  • Auditor has a voice in the Governance arena.
  • Auditor adds value to the views of the auditee.
  • Auditor is professional.
  • Auditor has an independent voice.

13
Increase understanding with regard to
  • Code of Ethics.
  • Control Framework in the Bank.
  • Agreement on auditors work.
  • Agreement on the risks taken by the Bank.
  • Agreement on what auditor can and should do.

14
Reliance is also sought from other players.
  • Risk Managers.
  • Compliance Officer.
  • External Auditor.

15
Auditors leadership in Governance Process.
  • Adding value at the highest level.
  • Working at a strategic level.
  • Facilitating.
  • Enabling.

16
2) Identification of Gaps in the Internal Audit
Function and opportunities for improvement.
  • Gaps
  • IIAs standards.
  • Negative conception with regard to Auditors.
  • Level of competence in risk based auditing.
  • Auditor as watchdog and faultfinder.
  • Less emphasis on scientific audit programs.
  • Designing and implementing of flow charts in
    audit process.
  • Preparation of check list and their applications.
  • Designing of questionnaire for the auditee.

17
  • Gaps
    Cont………
  • Central Bank experience Professional
    qualifications.
  • Professional qualifications Central Bank
    experience.
  • I.T. experts - Experience of Central Bank
    working.
  • Central Bank working experience - I.T. expertise.
  • Lack of coordination and understanding between
    Internal and External Auditors.

18
Opportunities for improvement
  • Adoption of IIAs Standards.
  • To further educate the auditee with patience
    behavior.
  • To increase the level of competency in risk based
    auditing through training and by changing audit
    methodology.
  • To switch over in role of auditor from watchdog
    and faultfinder to the educator/facilitator/ment
    or.
  • To prepare scientific audit programs
  • To design and implement flow charting.
  • To use check list and questionnaire during the
    audit process.

19
Opportunities for improvement
contd…..
  • To arrange short courses/training for the
    officials who have a handsome experience but far
    behind the professional qualifications regarding
    audit.
  • Auditors other than I.T. should impart the I.T.
    training.
  • Top level management/Audit Committee should
    ensure the coordination and better understanding
    between Internal and External auditors.

20
3. Internal Audit in the Risk Management Process.
  • Change in the role of Audit.
  • Watchdog/Faultfinder Risk identifier/educator.
  • Change in Audit Methodology.
  • Compliance based audit/Financial audit Risk
    Based audit.

21
Risk Based Audit Process
  • Understanding of risks faced.
  • Assessing the exposures.

22
Risk Based Audit Process Contd……
  • Gather information and plan.
  • Knowledge of departments/segments/objectives.
  • Understanding of operations and procedures.
  • Prior years audit results.
  • Regulatory statutes, approved policies.
  • Identifying risk associated with segment/process.

23
Risk Based Audit Process Contd……
  • Obtain understanding of Internal Control
  • Control environment.
  • Control procedures.
  • Matches of associated risks with controls.

24
Risk Based Audit Process Contd……
  • Perform Audit Tests
  • Test effectiveness of controls and other
    substantive audit procedures.

25
Risk Based Audit Process Contd……
  • Conclude the Audit
  • Analyse the audit findings.
  • Discuss with departmental heads and draw
    conclusion.
  • Recommendation for improvements.
  • Draft Report.

26
Risk Evaluation Family
Internal Auditor
Risk Manager
Compliance Officer or Unit
External Auditor
27
Risk Based Audit Process Contd……
  • Auditors own Risks.
  • Explicit Audit.
  • Delivering the right audit product.
  • Assuring the quality of work.
  • Maintaining professional reputation
  • Managing Human Resources.

28
4. Leveraging on Automation and Information
Technology in Audit Engagements.
  • Why the automation is need of the time?
  • To increase in efficiency productivity of
    Audit.
  • To increase in accuracy.
  • To eliminate storage of work papers.
  • To enable instantaneous communications.
  • To permit access of information via Internet.
  • To lower audit cost.
  • To faster the audit process.

29
  • Overall status of automation.
  • Initial / middle stage.
  • Working is being automated.
  • Designing of software.
  • Parallel Runs.
  • Partially live working.
  • Complete live working.

30
  • Usage of Software Tools.
  • In-house development.
  • Outsourcing the computerization.
  • Readymade Softwares.

31
  • Automation status in other Central Banks -
  • SRILANKA
  • Payment System with - Real Time Gross Settlement
    (RTGS)
  • Government Debt Security Management with -
    Scriptless Securities Settlement System (SSSS).
  • Treasury and International Reserve Management
    with Treasury Dealing Room Management System
    (TDRMS).

32
  • Computer Assisted Audit Tools and Techniques
    (CAATTs).
  • Readymade Softwares
  • Audit Command Language (ACL).
  • Sarbox Portal (SP)
  • Risk and Control Tracking System (RCTS).
  • Control Assessment Template (CAT).
  • Risk Navigator (RN).
  • Team Mate (TM).
  • Office-Suite Software.

33
  • Sarbanes Oxley Software
  • 10th Annual Survey of Internal Audit Utilization
    of Software Tools
  • Why are you not using Sarbanes Oxley Software?
  • Our Company is not subject to Sarbanes Oxley
    79.
  • Another Department in our organization handles
    Sarbanes Oxley compliance 5,
  • Sarbanes Oxley compliance is outsource at our
    Organization 1.
  • These types of tools are too expensive 8.
  • Others 10.

34
Summary of the Survey Results.
35
5. Impact of Regulations on Internal Audit
  • Rules and Regulations may be National or
    International.
  • Evaluate how does it impact the Bank?
  • What about its stakeholders?

36
Rules and Regulations may relate to
  • Best practices.
  • Leading Central Bank practices.
  • IMF suggestions or demands.
  • Money Laundering
  • Reserve Management.
  • Electronic Banking.
  • Generally Accepted Accounting Principles.
  • International Accounting Standards.
  • International standards of Auditing.
  • Income Tax Laws.
  • Rules and Regulations framed by SEC.
  • Corporate Governance Rules.

37
Impact on audit due to compliance of rules and
Regulations
  • Cost.
  • Responsibility
  • Control Establishment
  • Scope.

38
Compliance of Regulations is every ones
business, therefore
  • Is it in the risk assessment?
  • Is it understood in the Banks control
    environment?
  • Is it in the control activities of the Bank?
  • How does management see and acts?
  • How are regulatory issues communicated?

39
In compliance of the Regulations, information,
communicated to the regulators
  • Fair
  • Complete.
  • Transparent.
  • Independently verifiable by the Internal and
    External Auditor.

40
Impact of Incorrect information communicated to
the regulators
  • Lack of Trust
  • Disbelief
  • Lack of credibility.

41
6. Outsourcing of the Internal Audit Function
  • Kinds of outsourcing.
  • Special Project outsourcing.
  • Partial outsourcing.
  • Temporary staffing.
  • Full outsourcing.

42
Determining factors if the Internal Auditing be
outsourced
  • Will the outsourcing of Internal Audit effect the
    effectiveness of corporate governance?
  • What are the advantages and disadvantages of
    internal audit outsourcing?

43
Arguments in favour of Outsourcing
  • Allows management to focus on core competencies.
  • Cost saving resulting from economies of scale.
  • Flexible access to expertise.
  • Access to leading practices.

44
Arguments against outsourcing
  • By the lapse of time outsourcing provider will
    demand an ever greater premium for their
    services.
  • An external provider will not know the business
    as well, as the internal personnel do.
  • A valuable training ground is lost.
  • Morale of the personnel will be seriously
    impaired.
  • Individual Employee allegiance is to the
    outsourcing provider, not to the client.
  • Corporate governance is a management function
    which can not be outsourced.
  • Independence of external auditor will be impaired
    when the outsourcing provider is also external
    auditor.
  • Confidentiality is potentially lost.
  • Management and the audit committee lose an
    objective source of information.

45
Advantages of Outsourcing
  • Smaller Organizations access to a broader set of
    skills.
  • Information systems audit skills highly
    effective.
  • Innovative approaches knowledge of Best
    Practices.
  • Integrated audit approach Internal External.
  • Active Management Participation Provide
    direction and oversight.

46
Disadvantages of Outsourcing
  • Loss of a second set of eyes and ears.
  • Confidentiality could not be maintained.
  • Outsource provider might be an auditor of
    commercial bank(s) to which central bank is
    monitoring.
  • Expertise leave the Organization.
  • Outsourcing does not build new managers.
  • Outsourcing does not have to live with the
    decisions or recommendations made but still
    have pressure to retain the contract.
  • Difficult to rebuild internal auditing
    department, if outsourcing is not successful
    dependency on one outside provider.
  • External Auditor may be lacking internal audit
    knowledge material differences in perspective
    and execution

47
Central Banks Outsourced
  • Internal Audit function of the Reserve Bank of
    Fiji is outsourced.
  • Justifications for outsourcing put forth by the
    representative of Reserve Bank of Fiji
  • Cost effective.
  • Provides more independence and autonomy to the
    auditor.
  • Outsourcing addresses the problem of resource
    constraints.
  • Staff can be engaged in the core areas of the
    Bank.
  • Expertise in the field of audit were lacking.
  • Career paths and opportunities of audit personnel
    is limited as only one central bank in the
    country.
  • Skills required for auditing are readily
    available in the market.

48
Central Banks Outsourced
Contd……
  • A few audit functions have been co-sourced by
    Central Bank of Srilanka.
  • The functions out sourced
  • General Review of Information System.
  • Pay Role System.
  • Real Time Gross Settlement System (RTGS).
  • Justification for co-sourcing put forth by the
    representatives of Sri Lanka.
  • Early retirement of staff and the absence of
    expertise to special audit functions.

49
7. Industry Best Practices in Internal Audit
  • Principles of Internal Audit.
  • Independence, objectivity and impartiality.
  • Audit should exercise their assignment without
    interference and are free to report their
    findings and appraisals.
  • Audit charter should be approved by the Board of
    Directors and should be communicated to all staff
    within the Bank.
  • Rotation of staff assignments within the audit
    department.
  • No involvement in the operations of the bank.
  • Recognition of the auditors independence in the
    audit charter.
  • Official internally transferred to audit
    department should not involve in the audit of his
    previous activity for a certain period.

50
Principles of Internal Audit
Contd….
  • Maintenance of professional competence
  • On the job training.
  • Formal internal and external training.
  • Staff rotation within the Department.
  • Incentives to become a Certified Internal Auditor.

51
Working methods and types of Audit
  • Working methods
  • Drawing up a risk-based audit plan.
  • Examining and assessing the available
    information.
  • Communicating the results.
  • Follow up of recommendations.
  • Types of audit
  • Financial Audit.
  • Compliance Audit.
  • Operational Audit.
  • Management Audit.
  • Risk-based Audit.
  • I.T. Audit.

52
Audit Procedure
  • Prepare audit program and document audit
    procedures in working papers.
  • Distribute audit reports to auditees and senior
    management.
  • Follow up the audit recommendations to see
    whether they are implemented.
  • Inform senior management about the status of the
    said implementation.

53
Management of the Internal Audit Department
  • The head of the Internal Audit Department is
    responsible for
  • Ensuring the use of sound internal audit
    standards by the internal audit staff.
  • Existence of upto-date audit charter.
  • Existence of upto-date written policies and
    procedures for audit staff.
  • Appropriate professional competence and training
    of the audit staff.
  • To regularly send report to appropriate
    management level for discussion.

54
IIAs International Standards for the
Professional Practice of Internal Auditing
  • The purpose, authority and responsibility of the
    internal audit activity should be formally
    defined in a charter, consistent with the
    standards, and approved by the board.
  • Internal auditors should be objective in
    performing their work.
  • Internal auditors should have impartial, unbiased
    attitude and avoid conflicts of interest.
  • Engagements should be performed with proficiency
    and due professional care.

55
IIAs International Standards for the
Professional Practice of Internal Auditing

Contd…..
  • Quality Assurance and Improvement Program Chief
    Audit Executive (CAE) should develop and maintain
    a quality assurance and improvement program which
    should cover
  • All aspects of the internal audit actively and
    continuously monitoring its effectiveness.
  • Periodic internal and external quality
    assessments and ongoing internal monitoring.
  • Assurance that the internal audit activity is in
    conformity with the Standards and the Code of
    Ethics.

56
IIAs International Standards for the
Professional Practice of Internal Auditing

Contd…..
  • Disclosure of non-compliance.
  • Internal audit actively should achieve full
    compliance with the Standards and internal
    auditors with Code of Ethics.
  • In case of full compliance not achieved,
    disclosure should be made to senior management
    and the board.

57
IIAs International Standards for the
Professional Practice of Internal Auditing

Contd…..
  • Governance
  • IIAs Internal Standards for the Professional
    Practice of Internal Auditing. Internal audit
    actively should assess and make appropriate
    recommendations for improving the governance
    process for
  • Promoting appropriate ethics and values within
    the organization.
  • Ensuring effective organizational performance
    management and accountability.
  • Effectively communicating risk and control
    information to appropriate areas of the
    organization.
  • Effectively coordinating the activities and
    communicating information among the board,
    external auditors and management.

58
(No Transcript)
59
September 17 Post Seminar City Tour
  • - Yingo Ceramics Museum
  • - Lin Family Mansion and Garden.

60
  • Thank You
About PowerShow.com