Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Agenda
1. Types of Audits of Banks 2. Audit of Risks in Banks 3. Audit of Financial Position & Results of Operations of Banks 4. Audit of IT Computer Systems in Banks 5. Future of Bank Auditing
Page 2
Page 3
the adequacy and effectiveness of risk management, control and governance processes of the Bank. Assessing compliance with regulations of Legislative Bodies and the Banks procedures. Providing recommendations for improving the operations of the Bank in terms of efficient and effective performance. Assisting the detection of fraud. For those purposes the Department conducts audits at the branches, departments and subsidiaries of the Bank throughout Turkey and abroad. All business systems, applications, processes, operations, functions and activities within the Bank are subject to the audits.
Page 4
The number and professional quality of internal auditors in IAD should be sufficient, All audit plans and annual results must be reported to the BRSA, Manuals should be written, The charter, working papers must contain the minimum requirements asked by the BRSA,
The BRSA, in its regulations, refers to the IIAs standards on those issues.
Page 5
Working Methodology
RISK BASED AUDITING PRINCIPLE Identification Sourcing Assessment Prioritization
RISK
AUDIT PLANS
Audit manuals are established to provide guidance on specific audits. Manuals are prepared about procedures of on-site engagements that the auditors may perform.
Page 6
Risk Level of Banks Activities Credit Extension Retail Banking Operations Commercial Banking Operations Deposit Collection and Investment Products Treasury Management Financial Investments and Placement Management of Customer Funds Safe Keeping Insurance Services Agency Services Payment Systems IT Systems Human Resource Legal Proceedings New Technologies
Importance Level
AUDIT PLAN
Audit Period
Risk Indicators
Risk Assessment
Subsidiaries
Risk Assessment
Page 7
OPERATION SERVICE
ASS.DIRECTOR Branch Audits & Central Audits & Internal Fraud & Investigations
ASS.DIRECTOR H/O Departments & Subsidiaries & IT Audits & Risk Management Audits & Financial Accounting Audits & Trainings & Human Resources Mng.
SUPERVISOR IT Audit
IT Audit Team
Auditors/Assistant Auditors
Page 8
On-Site Audits Branch Audits H/O and Subsidiary Audits Central Audits Audits of Operations and Transactions Process Audits Internal Fraud Detection Information Technologies Audits IT Processes Banking Applications Subsidiary IT Audits Risk Management Audits
Operational Audits Financial Audits IT Audits Performance Audits Managerial Audits Compliance Audits Internal Fraud Detection Governance Audits
Page 9
Co n
De
Recomputing
firm
ati o
Statistical Sampling
An Pr alyti c oc ed al ur es
Page 10
Ri=Lip(Li)
Page 12
Share Risk Market Risk Interest Rate Risk Exchange Rate Risk Commodity Risk Liquidity Risk
Credit Risk
Financial Risks
Counterparty Credit Risk Transaction & Business Risk Issuer Risk Concentration Risk
Issuing Risk
Page 13
Potential Benefits
Page 14
Level of Development
MARKET RISK
SIMPLE
Standard Approach Value at Risk (VAR) Approach
MEDIUM
ADVANCED
Page 15
Total Capital
%8
Credit Risk
Market Risk
Operational Risk
Page 16
Page 17
To achieve these objectives, the main proposal the BCBS Basel 3 has developed are: a)Capital reform (including quality and quantity of capital), complete risk coverage, leverage ratio; and a)Liquidity reform (short term and long term ratios).
Page 18
Page 19
on risks related to a possible recession (reputation, liquidity, labor force reduction...) 1.Audit the effectiveness of risk management and corporate governance processes. 2.Conduct the re-evaluation of risks and identify the risks associated with each other. 3.Undertake a teaching role on risk management. 4.Improve the relations with other governance, risk and checkpoints within the organization. 5.Expand the studies related with Fraud on the audit plans. Also;
1.Auditors
should be in close contact with the senior management and the audit committee. 2.More flexible inspection plans that can be changed during the period should be used. 3.Information about the organization and business should be improved. 4.In order to conduct more effective audits, the audit reports should be prepared in shorter times and intensive technology should be used.
Page 20
Page 21
Page 22
Page 23
deposits and other liabilities of bank are compared with past periods to examine difference.
Current
difference.
Page 24
Interest income Interest expense Service and commission income/expense Personnel expense Income and expense of other activities Other income and expenses Rediscount and evaluation transactions
Page 25
Reconciliation is done by auditor to reach equity of trial balance-MIS-balance sheet for related accounts. Change in trend of interest income and expense is examined to determine possible reverse entries. Change in trend of commission income and expense is examined. Possible correction records related to commission income and expense are examined to be certain of accuracy. Current personnel payments are compared to past periods. Conformity of the subsidiary records to the trial balance is examined.
Page 26
Liabilities are examined to understand their origin. Nominal amounts of securities are examied to confirm their assets on off-balance sheet. Reconciliation is done related to deposits which is given or taken.
Page 27
Page 28
For the risk assessment of IT Processes, initially interviews with business unit managers and Garanti Technology senior management are performed. IT Risk Assessment surveys are filled by the said managers, to determine the risky IT processes. The results of surveys are evaluated in terms of vulnerability and impact of IT processes. Applications and Subsidiaries are assessed based on the international Risk Assessment methodologies of ISACA (Information Systems Audit & Control Association). Annual audit plans are formed based on the prioritization resulted from the risk assessments. Risk assessment is performed annually.
Page 30
Page 31
IT Governance Audits ( IT Governance, IT Strategy & Source Planning ) Security Audits ( Network/ Info. Security,...) General Process Audits ( Software Development, Change Management... ) Infrastructure Audits ( Database Management,, System Software Manag... ) Disaster Recovery Audits
Internet Banking Telephone Banking Securities & Treasury Applications Commercial Loans ATM Credit CardsSystem Core Banking (Deposits) Consumer Loans Accountancy .......
GarantiBank Int. NV. GarantiBank SA. Garanti Pension & Life Insurance Garanti Leasing Garanti Securities Garanti Factoring Garanti Asset Man. Garanti Bank Moscow Garanti Mortgage ..
In IT Process audits, general controls in the processes are evaluated, based on COBIT, ISO 27001, ITIL, CMMI control objectives, ISACA checklists, BRSA regulations and various technical control lists. In Banking Application audits, application controls including data creation/ authorization, input/ output, data processing, mining, limit, compliance, workflow, efficiency, security controls are evaluated. In IT Audits of Subsidiaries, general and application controls of Subsidiaries current IT and financial processes are evaluated based on the same standards used in IT Process & Application audits.
32
Page 32
With the developments in banking sector, classical audit practices changed to modern audit methodologies.
Traditional Methods Focused in finding errors Issue Focused to past Financial losses Labor intensive Based on problem
Modern Methods Focused in system, process and risk Prevention Focused to future Efficiency System intensive Based on solution
Page 33
Page 34