Within the conceptual framework of this research, we will identify and define the risk faced by banks. Major emphasis will be placed on the practical considerations of auditors and accountants in facing these risks. The various risks defined and prevented by auditors include: Interest rate risk, Asset quality risk, Fiduciary Risk, Processing risk, Credit risk, market risk, Liquidity risk, Operational risk, Legal risk, Reputational risk. To address all those risks, auditors had developed numerous applicable tests and procedures, which will also be discussed in this report.
For auditors, a banking client tends to indicate increased engagement risk and the procedures to be undertaken when assessing the engagement risk need to be more rigorously applied because:
- Banks can be highly geared and exposed to more risks than most organizations
- There may be more stakeholders who rely on the accuracy of a bank’s financial reporting and the integrity of its policies, procedures, and controls
- Banks generally handle complex and innovative financial products
- Banks may operate in a volatile industry and markets
- There may be additional reporting requirements imposed by regulatory authorities.
The cross-disciplinary perception differs from the traditional “silo” mentality wherein credit risk management is “owned” by lenders, rate risk by treasure, operations risk by audit, and so forth, with no one responsible for evaluating the company’s overall risk profile. (Aharony 12)
Measuring these interactions and assessing the consolidated risk profile are two key tasks of the audit group. At present, the auditors identify five risky “cylinders”: credit, market (including rate risk), operations, reputation, and liquidity. When asked about, say, strategy risk, the reply is that since this important exposure is common to all the cylinders, it is not separately identified.
Other strategy-involved auditors, clearly diligent on the practical assessment of risk, remain less articulate about the risk management process itself. This accords with the thesis that these perceptions and redefinitions first grow out of behavior and only later condense into a management philosophy. Thus the new approach to risk management will inevitably supplant the old, at least in strategically transforming banks. But standardization is not to be expected. Whether the stable of risks, in other words, contains three, four, or thirteen horses will depend upon the size, complexity, and sheer style of particular companies.
Risk factors for banks may be higher than normal because of the business environment in which they operate. (Dietrich 18) Conditions that would indicate increased risk include: capital ratios that are deteriorating or are near regulatory minimums; rating downgrades or indications of less than well-capitalized status; restriction orders from the regulators or a history of problems with the regulators; key ratios not in line with industry norms or peer group ratios; interest rates not in line with industry norms or peer groups.
Financial data/ratios need to be examined in considering past performance, adequacy of provisioning, capital adequacy, increases in volume of activities, concentrations of lending activities, etc. (Hertz 79) Auditors also review for any signs of deteriorating performance such as: increased delinquency ratios for consumer and credit card loans; increases in nonperforming assets; decreasing coverage of the provision (allowance) for loan losses to nonperforming loans and assets and to the total loan portfolio. (Tinsely 16)
Increased risk for auditors may apply if a significant portion of management and other staff’s remuneration is based on financial results. An understanding of the bank’s attitude to remuneration is therefore necessary. Proper benchmarks for performance need to be in place that avoid creating inappropriate incentives for staff. (McNamee 127) Auditors need to consider whether, based on the prior knowledge, there are factors that considerably increase the assessment of engagement risk.
There may be: poor underwriting standards; inadequate loan documentation; lack of or outdated appraisals or financial statements of borrowers; deficiencies in internal control; inability to recognize impaired credits; inadequate provision (allowance) for loan losses; lack of an asset/liability function; lack of an independent credit review function; lack of written lending and treasury policies and procedures; inaccurate regulatory reports or numerous amendments to regulatory reports; significant findings by the internal audit department; inadequate internal audit function; frequent limit violations; poor risk management; history of treasury losses.
Most banks usually have well-developed risk management practices that address risks related to their business, such as interest risk, liquidity risk, credit risk, currency risk, etc. Although management may expect us to examine such practices, we need to clarify the extent of the work we plan to perform.
Auditors normally consider the client’s risk management practices as part of assessment of engagement risk, and they may thus decide to assess business risks through discussions with management and tests of control activities with few or no corresponding substantive tests. Alternatively, if these control activities are relevant to our audit, such as those relating to credit management, and are effective and efficient to test, it would be appropriate to plan to rely on them and perform appropriate tests for the purpose of obtaining audit assurance.
In the case of a bank, it is important to prepare and send a letter to the client annually confirming the terms of the engagement and including information relevant to the current audit engagement since the scope of our audit may be dictated by statutory requirements, group auditors’ instructions, and/or regulatory reporting. (Hill 7) To acquire a knowledge of a bank’s business auditors may wish to understand some or all of the following matters that will ultimately facilitate the performance of an effective and efficient audit and enable auditing company to serve as effective business advisers:
- Range of services offered by the bank and the principal characteristics of each significant area of business
- Motivation, experience, competence, and style of management
- Extent to which decision making is centralized or decentralized and management’s attitude to risk and acceptable level of risk
- Level of management commitment to a high-quality control environment, including consolidated risk management
- Economic and regulatory environment prevailing for each of the countries in which the bank operates
- Market conditions existing in each of the sectors in which the bank operates. (Aharony 14)
Auditors may seek to understand the risk management processes that address business risks specific to a banking client. They would not necessarily represent specific risks related to account balances and potential error(s). They would normally understand the control activities in place to monitor: Credit risk, including credit concentration risk; Interest rate risk; Market risk arising from positions taken in securities and other instruments; Liquidity risk; Settlement risk; Currency risk.
Auditors need to consider the client’s countries of operation and evaluate the risk of foreign customers and counterparties failing to settle their obligations due to economic, political, and social factors of their country. In addition, we also need to consider the markets in which the client operates.
A consideration of markets generally covers:
- The geographical location of markets. Credit risk may be heightened if the client’s credit portfolio is concentrated in a particular region rather than being widely spread.
- The market sectors served, such as retail or corporate.
- The competitive strengths and weaknesses of the products and services offered. Auditors need to evaluate whether the competitive advantage of our client may be reduced by “disintermediation,” that is, the ability of customers to bypass banks to obtain necessary products they need.
- Competition. There are many other entities that perform similar activities to banks, such as securities brokers/dealers, insurers, investment companies, investment banks, and finance companies of corporations.
- Knowledge of industries in which the bank’s customers operate. Often a bank’s loan portfolio could be concentrated in highly specialized industries such as real estate, shipping, and natural resources. Evaluating the nature of these portfolios may require a knowledge of the business and reporting practices of those industries.
- The structure of the banking industry and the Bank’s position and reputation in the marketplace. For example, if the bank has a poor rating, it might not have access to better quality loans, thereby taking more credit risk. (Hertz 113-114)
To gain further knowledge about a client, it may be helpful to benchmark the financial information available to local banking industry statistics published by the central banks and market information providers. It may also be useful to compare financial results with those of similar size competitors, considering the relative strengths, weaknesses, and market position within the client’s market.
From the legislative point of view, the most important legislation for banks is that issued by the relevant supervisory agencies, commissions, or central banks. The supervisory agencies may restrict certain business activities based on capital levels. Such agencies also generally require that the bank’s control activities operate within safety and soundness standards and also impose reporting requirements. Usually, such agencies have enforcement powers that may affect internal control. In addition, central banks may regulate interest rates and national monetary policies that will have an impact on the client’s business.
Auditors need to consider examining the relationship between the client and the banking regulators, particularly the ease (or difficulty) with which the client meets the requirements set by the regulators. (McNamee 140) Reviewing a client’s regulatory correspondence files and regulatory returns will enable us to evaluate whether or not the client is complying with capital adequacy, minimum capitalization, minimum liquidity levels, exchange controls, foreign currency positions, lending limits, and any relevant requirements set by the regulators.
Prudential ratios that normally need to be considered include: capital adequacy ratio, which measures the adequacy of equity capital with respect to risk (for example, banks in countries that follow the regulations of the Bank for International Settlements (“The Basle Rules”) are required to have a minimum equity capital to risk-weighted assets ratio of 8 percent); liquidity ratio, which measures the ability of banking institutions to meet withdrawal requests from depositors; concentration risk ratio, which is aimed at preventing excessive concentration of risk in any one beneficiary or group of beneficiaries.
Bank Management is likely to develop control activities and use performance indicators to aid in designing information and communication systems that address key business and financial risks. Effective risk management in a banking environment generally includes: approved policies and documented limits that control the levels of risk accepted; monitoring compliance with such policies and limits and reporting on an exception basis; accurate measurement and reporting of positions prepared by an independent middle office function; procedures and the ability to react quickly and control losses if positions assumed become unfavorable.
The banking industry is highly regulated and subjected to intense scrutiny; therefore one would generally expect to find that the control environment in a bank is conducive to a reliable accounting process and effective internal control. However, there have been a number of well-publicized instances where this general belief has proved to be false. Auditors therefore need to carefully evaluate each of the principal factors that have an impact on the control environment.
Before auditors can rely on Bank’s internal controls, they need to determine whether the control environment is conducive to such reliability.
The elements needed to consider for a banking client are:
- The role of the board of directors in determining policies for the levels of risk that the bank is willing to accept in its daily operations
- The role of senior management in designing, implementing, and monitoring effective risk management systems to implement the policies prescribed by the board of directors
- The presence of nonexecutive directors on the board and independent compensation committee that reviews incentive plans, including commissions, discretionary bonuses, directors’ service contracts, and profit-sharing plans
- The role of line management in carrying out the prescribed procedures and control activities
- The strength of the internal audit function and the audit committee and their role as an independent appraisal function
- Other significant committees, for example, asset and liability management committee, credit committee, or general management committee
- The role of regulators and the extent and results of their review
- The strength of the compliance function
- The adequacy of segregation of duties. (McNamee 156)
Banks usually have highly complex organizational structures with diversified and decentralized operations, multiple locations (branches, agencies, and foreign representative offices and subsidiaries), and multiple layers of management. In addition, many activities of banks are carried out on a global basis. In many instances, transactions are recorded at a central booking point, while execution occurs in various markets. This may involve centralized global trading with positions being passed on to other locations within the organization.
Banks often delegate various internal control responsibilities to multiple layers of management and to committees who report to the board of directors. Due to the nature of the organizational structure of a bank, supervisory activities are carried out at many levels. Most line officers or managers utilize reports similar to, although more detailed than, those used by senior management.
Effective senior management control methods for banks often include the following: risk management strategies established by senior management with the approval of the board of directors for use in monitoring and controlling the business; an internal audit department, which is a key element of internal control in the case of a bank; management reports, such as daily financial statements, monthly average balance and interest margin reports, monthly aging reports, and monthly budget-to-actual reports.
Accounting processes and internal control in banks are generally sophisticated. Due to the nature of banks’ operations, preventative and detective controls and other policies and procedures are of vital importance to a bank’s management in preventing significant losses arising from fraud, misappropriation, or errors.
Preliminary analytical procedures for bank audits generally require different criteria to be considered than those used in manufacturing/service engagements. The main difficulties that arise with respect to the implementation of analytical procedures result from the specific nature of banking activities, including: multicurrency activities; significant fluctuations in interest-bearing asset and liability accounts between period ends; a large number of products and fluctuating reference rates; global trading.
The nature of the ratios used depends on the banking activities under review. For example, for retail banking business, it may be appropriate to calculate the loan provision rate after stratifying loans by type. However, a statistical analysis of the provision rate is not appropriate for large lines of credit, and each large item needs to be analyzed on a case-by-case basis.
The ratio of commission received to net banking revenue may also be calculated differently according to whether the activities are market related or corporate finance in nature. For market-related activities, the best approach is to separate the various functions of the organization, such as trading and new listings, and calculate relevant ratios, such as commission received to third-party-issues volumes. For corporate finance activities, a commission is determined by business combinations, acquisitions, and other corporate finance activities on an individual case basis. It is generally not relevant to review consultancy activities of this nature using standard ratios.
In circumstances where the income after tax is nominal or negative, planning materiality needs to be based on some alternative stable base, which represents the normalized ongoing level of profitability. In appropriate circumstances, net interest income or income after a normal level of bad debt provisions may represent a stable base for a banking client. (McNamee 160)
One of the requirements for using larger materiality guidelines is that wholly owned subsidiaries do not operate in a regulated business environment. Many subsidiaries of banks, particularly those in the financial services sector, are likely to be regulated by banking and other supervisors. We, therefore, need to consider the regulatory environment within which the subsidiaries operate to ensure that the level of materiality is adequate for reporting to the relevant regulatory body. We generally do not take advantage of the relaxation of the quantitative guidelines for planning materiality in the manner described in 10.42 of the Manual, even where the bank subsidiaries are wholly owned.
The planning materiality to be set for branch audits depends on the scope of the work and whether such audits are governed by regulatory or statutory requirements. (Hertz 142) Where no such requirements apply and the branches are not separate reporting entities, the extent of the audit work will depend on the instructions sent by the group auditors. If the auditors are required to issue a separate report on the branch’s financial statements, the quantitative guidelines set by the company will usually apply.
The major components of a bank’s financial statements that may be associated with specific risks are outlined below. These specific risks, related potential error(s), and the characteristics that may indicate specific risk are not intended to be an exhaustive list. In addition, these characteristics/indicators would not necessarily represent a specific risk for every institution:
The allowance for loan losses is an account balance that may be subject to a specific risk. However, the portion of the allowance related to consumer loans or credit cards may not represent a specific risk, whereas commercial real estate loans may represent a specific identified risk requiring the development of an appropriate response for only this component of the entire account balance.
There may also be specific identified risks that may not relate to specific account balances but that present risk to banks in that they may result in contingent or future liabilities or have other effects on a bank’s overall operations. For example, such risks are often associated with regulatory capital, investment management, and trust and custody operations.
In the case of such activities, there may be local regulatory requirements for which auditors are required to test compliance. Where there are no such requirements the auditors will generally consider the significance of the area and the effect of any potential risk of loss (after insurance) to the bank. (McNamee 171) Such specific risks are generally addressed through discussions and tests of controls, and if there is no impact on the financial statements, with few or no corresponding substantive tests.
An effective and efficient audit approach to a banking client requires that consideration is given to characteristics specific to the banking sector, including:
- The high volume and repetitive nature of transactions undertaken by a bank and the relatively short time frames in which they must be processed, typically resulting in extensive use of EDP and EFT systems
- The wide network of branches and geographical dispersal of operations, necessarily involving a greater decentralization of authority and dispersal of principal business activities
- The sophisticated internal control required so that a bank may adequately safeguard against risks such as loss of assets and invalid transactions and on which we will generally seek to rely during the planning and performance of the audit engagement
- The controls exercised by the regulators, including permanent controls in the form of prudential returns and ratios, and in-depth inspections
- The unusual relationship between the impact of a transaction on a bank’s balance sheet and on its income statement.
If the auditors have identified a specific risk affecting the valuation of trading securities, they may be able to isolate the risk to specific products. If a client’s trading securities portfolio includes illiquid stock or the unsold portion of an underwritten issue they may pinpoint our risk of incorrect valuation to these products only. (Santomero 32) For these products, they would perform tests of relevant control activities that mitigate this risk and a basic level of substantive tests, or focused substantive tests if they consider this to be more efficient.
For other items in the portfolio which are not affected by the specific risk and for which independent market valuation is readily available, such as US Treasury bills or gilts, the auditors may choose to take a moderate level of control assurance from testing relevant control activities and perform a low level of substantive testing, or alternatively to perform an intermediate level of substantive tests if considered more efficient.
It is obvious that potential risks for auditors are multitude and different when it comes to the banking industry. Those risks include but are not limited to: interest rate risk, asset quality risk, fiduciary Risk and processing risk, which, in turn, are correlated with credit risk, market risk, liquidity risk, operational risk, legal risk and reputational risk. In order to deal with all the risks outlined, auditors have to follow their procedures diligently as well as to perform a thorough check of Bank’s internal controls.
At EssayLib.com writing service you can order a custom research paper on Banking Industry topics. Your research paper will be written from scratch. We hire top-rated Ph.D. and Master’s writers only to provide students with professional research paper assistance at affordable rates. Each customer will get a non-plagiarized paper with timely delivery. Just visit our website and fill in the order form with all research paper details:
Enjoy our professional paper writing service!
Bibliography Aharony, J., Jones C., & I. Swary, "An Analysis of Risk and Return Characteristics of Corporate Bankruptcy Using Capital Market Data," Journal of Finance, September 1999. Dietrich, J., and R. Kaplan, "Empirical Analysis of the Commercial Loan Classification Decision," Accounting Review, January 1992. Hertz, David B. and Howard Thomas, Practical Risk Analysis, NY: John Wiley & Sons, 2001. Hill, Henry P., "Reporting on Uncertainties by Independent Auditors," Journal of Accountancy, January 1993. McNamee, David W. and Frances A., Audit Excellence: Best Practices and Total Quality Management, Altamonte Springs, FL: The Institute of Internal Auditors, 2003. Santomero, A.M. and J.D. Vinso. "Estimating the Probability of Failure for Commercial Banks and the Banking System," Journal of Banking and Finance, Vol. 1, No. 2, September 1997. Tinsely, P.A., "Capital Structure, Precautionary Balances, and the Valuation of the Firm: The Problem of Financial Risk," Journal of Financial and Quantitative Analysis, Vol. 5, No. 1, March 1990.