Internal Auditing for Commercial Banks
1Internal Auditing for Banks & Financial
InstitutionsPresenter:Altaf Noor AliChartered Accountant21st
Session: 9.30 - 1.30 pmInternal AuditPersonal Introductions Group
Activity: The Right QuestionsBasic conceptsWhat are threats to
banks? Fraud ProfilesInternal Audit: Specimen Disclosures in Annual
Reports of a Commercial BankExternal & Internal Audit:
Related?Training and Continuing Education3Last Session
tommorowAdministration, Process & StandardsOrganisation of
Internal Audit FunctionRole of Audit Committee in Annual Audit
Plan.Reports to Audit Committee: Audit Rating, Risk Evaluation,
Issues, Responses & Follow-upWhat are major human-related
issues in an audit? Fraud prevention, detection and investigation
activities: Is this a job of internal audit?Code of Ethics for
Professional AccountantAuditing Standards at 1-1-06: Closer
lookInternational Audit Framework: From IAPC to IAASB and
Contemporary Issues Ten Practical Steps for Improving Internal
AuditEvaluation [5.00 - 5.30]34Your Presenters approach to this
session.Knowledge is Power, gain as much of it as you can, and
remember.its deficiency is your constraint.And I PROMISE to present
what I know in an interesting manner!Key: How can you benefit most
from this session? Ask, simplify, understand, remember, and
apply.5Tell us about yourselfLets know each other well. Tell us:
Your NameYour position, department & bankTime period in present
positionYour most important function
Feel free to express yourself in a way we understand.
6Setting the SceneWise Sayings7Trust your God. 8Trust your God
after tying your camel9Group Activity: Internal Audit The Questions
in Your MindDuration: 5 minutesWrite questions that you have in
your mind at this point of time relating to this sessionthe ones
for which you are here to seek an answer.
Example: Is internal audit mandatory?10Internal Audit: Key
Questions>What is the role of internal audit in the present
scheme of corporate governance? What is mentioned about it in the
annual reports?Chief Internal Auditor reports to the audit
committee of the board. Many members in this committee do not have
understanding of this function. What can be done about it?What is
the utility of internal audit function in a financial institution?
There are different frameworks for approaching internal controls,
such as COSO [usa], COCO [canada], and Turnbull [uk]. How should
one go about reconciling its requirements given the foreign
reporting? Similarly, banks have risk assessment and internal
control units whose areas of work are common and confusing. What
can be done?What do you recommend should be done to improve the
effectiveness of internal audit function? 11Internal Audit: >
Key QuestionsWhat indicators are available to the management to
evaluate the effectiveness and efficiency of this function?Do you
think internal auditors have the desired training and skills to go
beyond routine checking?Internal auditors toil to get the audit
observation to a reportable stage. However, audit observations are
not taken that seriously. Follow-up mechanism is weak or
non-existent; implementation slow. Why is it so?How should an
auditor go about assessing the non-financial risk in a financial
institution?Going by the track record, why so many things go wrong
in banks. Why banks are so vulnerable?12Internal Audit: >>
Key Questions How can internal audit function add value to the
financial institution to justify investment in this function?Why
are internal auditors found doing things which are not exactly our
core activity?What are the major technical, admin, and
human-related issues in an internal audit department? What should
an auditor do to cope with the pressures on completing an
assignment? Specifically, should there be a single final report or
interim reports consolidated in a final report? What are the
characteristics of successful internal auditors?
13Internal Audit: >>> Key QuestionsWhat can internal
auditors do in individual capacity to educate and improve their
skill base? How should they respond to the gap between theory and
its application in a commercial setting? Tell us about the current
auditing standards and specially use of software in audits of
financial institutions?What is internal risk assessment framework.
Are you going to discuss how to fill it, in this session?Do
internal auditor have good career paths?For all practical purposes,
the ceo determines the career of cia. However, the reporting of cia
is to the audit committee. How this conflict can be resolved or
managed?How do you think the participants should evaluate the
return-on-training for this program?
Or, is it, for God sake, tell me where am I right now?
14Auditors: Traditional Weak AreasClear objectives,
understanding and commitment from the topOperational information
and trainingAssessing operational environments and operationsAudit
documentation and referencingProvision for continuous
trainingCommunication skillsClout in the organisation
15Internal Audit: Evolution>The Evolution of
BusinessAgriculture AgeIndustrial Age: The Rise of Mass
Manufacturingand Corporate SectorThe Rise of Service Sector:
Banking, Financial, InsuranceThe Electronic/Information/Digital
AgeThe Code of Corporate Governance16Internal Audit: > Recent
HappeningsPrudential Regulation G-1 [16-7-05]: Rotation of External
Auditors to be changed after every five yearsExternal Auditors:
Separate report on internal controls from 31-12-06Requirement of
paid-up capital. [at 3-2-07 Listed Commercial Banks = 22,
Investment Banks =11, Leasing companies = 19, Others= 10]Meltdown
of Islamic Investment Bank, Crescent Standard Investment Bank Ltd,
etc [taken over by secp]Separate risk management structureRecent
flurry of arrivals and acquisitionsUnion Bank taken overPicic due
diligence continuesBarclays Bank arrival of new playerFuture of
relatively small and regional banks
17External Audit Report on Internal ControlSBP CircularThe
requirement is that the external auditor will provide a separate
report to the shareholders of Banks and financial institutions on
internal control. The will be applicable to financial statements
from 1.1.0618Financial services in Pakistan:Major trends in last 5
yearsPrivatisation and down sizingCentral bank managementDominance
of Consumer FinancingE-banking and plastic moneyAdvent of
open-ended fundsIslamic bankingActive involvement in Stock
ExchangesBanking spreads and bank charges
19Tell me:Who are the stakeholders in a bank?20Major
Stakeholders in a BankInvestorsEmployeesDepositorsClients extended
banking servicesLendersCentral Board of RevenueRegulators [also
known as banking supervisors]Have I skipped any significant
stakeholder? like a general physician
21Tell me:How is a bank different from other commercial
entities? 22Banks: How are they different?Bearer Securities>>
Banks hold custody of large amounts of monetary items, like cash,
whose security is critical.The liquidity characteristics of these
items make banks vulnerable to misappropriation and fraud.
Leverage>> Banks operate with very high leverage (the ratio
of capital to total assets is low). This makes banks vulnerable to
adverse economic events and increases the risk of failure.Change in
Fair Value>> Bank have assets that can rapidly change in
value and whose value is often difficult to determine. A relatively
small decrease in asset values may have a significant effect on
their capital and potentially on their regulatory
solvency.Credibility>> Banks generally derive a significant
amount of their funding from short-term deposits. A loss of
confidence by depositors in a banks solvency may quickly result in
a liquidity crisis.23>Banks: How are they different?Transaction
Volume>> Engage in a large volume and variety of transactions
whose value may be significant. This ordinarily requires complex
accounting and internal control systems and widespread use of
information technology (IT).Decentralisation>> Ordinarily
operate through networks of branches and departments that are
geographically dispersed. This mandates a greater decentralization
of authority and dispersal of accounting and control functions,
with consequential difficulties in maintaining uniform operating
practices and accounting systems, particularly when the branch
network transcends national boundaries.Electronic>>
Transactions can often be directly initiated and completed by the
customer without human contact, for example, over the Internet or
through automatic teller machines.Third Party>> Fiduciary
duties in respect of the assets they hold that belong to other
persons like lockers. This may give rise to liabilities for breach
of trust. 24>>Banks: How are they different?Memo
Transactions>> Assume significant commitments without any
initial transfer of funds other than, in some cases, the payment of
fees. These commitments may involve only memorandum accounting
entries. Consequently their existence may be difficult to
detect.Highly Regulated>> They are regulated by governmental
authorities, whose regulatory requirements often influence the
accounting principles that banks follow. Non-compliance with
regulatory requirements, for example, capital adequacy
requirements, could have implications for the banks financial
statements or the disclosures.Clearing System Access>> They
generally have exclusive access to clearing and settlement systems
for checks, fund transfers, foreign exchange transactions,
etc.International Settlements>>They are an integral part of,
or are linked to, national and international settlement systems and
consequently could pose a systemic risk to the countries in which
they operate.25Lets talk about internal audit? internal
auditor?
internal audit deptt.?
Some basic concepts26Tell me: What isInternal Audit?27Internal
Audit A corporate function responsible for evaluating an entity's
financial, operational, procedural and other aspects [by its own
employees]. Keywords: FOPO
[Can a bank outsource its internal audit function?]28Tell me:
Who is anInternal Auditor?29Internal Auditor The person who does
internal auditing for a living and a career. The Human Face of
internal audit function of an entity.30Tell me: What is an Internal
Audit Deptt.?31Internal Audit Deptt. The official base of internal
auditors. (in other words, the official place to look for internal
auditors).32Nameinternal audit = function Personinternal auditor =
human
Placeinternal audit deptt. = venue
Recap of basic concepts33Tell me: What is Basle Committee on
Banking Supervision?34Basle Committee on Banking Supervision The
de-facto standard setting body for central and their supervised
commercial banks.
Any idea about what is Basle-I and Basle-II?35Image
IssueInternal Auditors36Internal Auditors: Public Compliments -
ShikwaThey have limited understanding of business issues. They
believe everything to be done by the book. Commercial compulsions
do not exist for them.They seem to be in a perpetual state of
urgency.They expect your full attention at their convenience.They
waste a lot of your time by not doing their homework. Sometimes
they ask stupid questions.The worst part is that they doubt
integrity of everyone.They are mainly introvert in nature. They
hardly ever make friends.
37Internal Auditors: Public Compliments The UltimateThey are
Post-Mortem Generals.The corporate internal audits are full of OSDs
(Officers on Special Duty); its a permanent resting place for all
those who could not do anything sensible elsewhere.My wife was an
internal auditor before wedding; since then all her observations
have been about me!If you are so good, how come Code had to bring
you into existence through legislation and that too for listed
companies only?38Internal Auditors: Jawab-e-ShikwaWe are your
colleagues, with a difficult task to do. Why not be open with us?
Do you have something to hide?You handle us properly and we can be
your messangers in conveying to the management your operational and
human issues/problems. Feel free to discuss any business matter!We
at Audit Deptt. are severely understaffed. The Management would not
take any chances with understaffing which hampers revenue growth,
but we confess being seen often as an item of expenditure. We need
to gain quantum knowledge in a very limited time, and in the
process of learning we feel free to ask any question rather than
not understanding it. 39Internal Auditors: Jawab-e-Shikwa
UltimateYou may be honest but is that inscribed on your
forehead?Who do you think the management remembers first as an
expert in case of a fraud?We have been effective by preventing many
peoples from having wrong ideas. If management is more comfortable
paying for fraud than foot our bill, its their problem. We were
always a utility.We know that you see us as a necessary evil in a
corporate set-up but you cant wish us away!In the end you need to
see that we are trained but humans 40Five Critical Concepts.What is
accountability?41Accountability The liability of a board of
directors to shareholders and stakeholders for corporate
performance and actions.
Should the concept of accountability be any different for banks
and financial institutions? 42Example of AccountabilityAnnual
Report
An official document/report presented annually by all publicly
listed companies to its shareholders by law. It contains decisions,
representations, data and information on different aspects.It also
contains financial results and overall performance of the previous
fiscal year and comments on future. 43Where Annual Report is
presented?Annual General Meeting A company gathering, usually held
after the end of each financial year, at which shareholders and
management discuss the previous year and the outlook for the
future, directors are elected and other shareholder concerns are
addressed. 44Tell me: What is the most important term used in
auditing?
Starts with r ends with k
45Risk-based Auditing Approach An approach [method] that
questions and responds to the question: what is the risk involved
in a particular audit subject e.g process, procedure, disclosure,
non-disclosure. What is a relatively less understood but critical
term in auditing? NFI 46Tell me:What is anaudit committee?47Audit
Committee An Audit Committee is a sub-committee of Board of
Directors responsible for over-seeing the matters relating to
external and internal auditors. It owes its existence to the
Code.
Is CEO a member of Audit Committee?There should be atleast one
Finance Expert in Audit Committee. T/F 48Tell me:Who areexternal
auditors?49External Auditors A person or a firm of chartered
accountants appointed by the shareholders in Annual General Meeting
to audit the financial statements of an entity for the current
year. External auditors can also be appointed as internal auditors.
T/F50Tell me: What is audit report?51Audit Report Statement of the
accounting firm's assessment of the validity and accuracy of a
company's financial information and conformity with accepted
accounting practices. 52Group Activity: Share your views Why do we
need an internal auditor in the presence of external
auditor?53Commercial Banks: Practical Fraud Profiles.
Cooperative SocietiesBankers Equity Ltd Islamic Investment Bank
LtdCrescent Standard Investment Bank LtdPress Reporting of Frauds
in Commercial Bank
Was it possible for internal audit function to have prevented
such happenings? Prevention of fraud should be an expressive
objective of internal audit. T/F5354Commercial Banks: Fraud
Profiles.
Lending, dealing and deposit taking cycles5455Fraud Risk
Factors: Lending CycleImpersonation and False Information on Loan
Applications/Double-Pledging of Collateral/Fraudulent
Valuations/Forged or Valueless Collateral1 No on-site appraisal of
or visit by the borrower.2 Difficulty in obtaining corroboration of
the individuals credentials, inconsistent or missing documentation
and inconsistencies in personal details.3 Valuer from outside the
area in which the property is situated.4 Valuation is ordered and
received by the borrower rather than the lender.5 Lack of
verification of liens to substantiate lien positions and
priorities6 Lack of physical control of collateral that requires
physical possession to secure a loan (like jewellery, bearer bonds,
art work).56Fraud Risk Factors: >>Lending CycleUse of Nominee
Companies/Transactions with Connected Companies1 Complex structures
which are shrouded in secrecy.2 Several customers with sole
contact, that is, handled exclusively by one member of staff.3
Limited liability partnerships without full disclosure of ownership
or with complex common ownership structures.Kickbacks and
Inducements1 Excessive amounts of business generated by particular
loan officers.2 Strong recommendation by director or lending
officer but missing data or documentation on credit file.3
Indications of week documentation controls, for example providing
funding before documentation is complete.Use of Parallel
Organizations(Companies under the common control of
directors/shareholders)1 Unexpected settlement of problem loans
shortly before the period end or prior to an audit visit or
unexpected new lending close to the period end.2 Changes in the
pattern of business with related organizations.57Fraud Risk
Factors:>>>Lending CycleLoans to Fictitious
Borrowers/Transactions with Connected Companies1 Thin loan files
with sketchy, incomplete financial information, poor documentation
or management claim that the borrower is wealthy and undoubtedly
creditworthy.2 Valuations which seem high, valuers used from
outside the usually permitted area or the same valuer used on
numerous applications.3 Generous extensions or revised terms when
the borrower defaults.
Deposit Transformation or Back-to-Back Lending1 A bank deposit
is made by another bank, which is then used to secure a loan to a
beneficiary nominated by the fraudulent staff member of the first
bank, who hides the fact that the deposit is pledged.2 Pledges over
deposits (disclosed by confirmations which have specifically
requested such pledges to be disclosed).3 Documentation of files
held in directors or senior managers offices outside the usual
filing areas; deposits continually rolled over or made even when
liquidity is tight.58Fraud Risk Factors: >>>>Lending
CycleFunds Transformation(Methods used to conceal the use of bank
funds to make apparent loan repayments)1 Loans which suddenly
become performing shortly before the period end or prior to an
audit visit.2 Transactions with companies within a group or with
its associated companies where the business purpose is unclear.3
Lack of cash flow analysis that supports the income generation and
repayment ability of the borrower.59Fraud Risk Factors: Dealing
CycleOff-Market Rings/Related Party Deals No spot checks on the
prices at which deals are transacted.Unusual levels of activity
with particular counterparties.Broker KickbacksHigh levels of
business with a particular broker.Unusual trends in broker
commissions.False DealsA significant number of cancelled
deals.Unusually high value of unsettled transactions.Unrecorded
DealsHigh levels of profit by particular dealers in relation to
stated dealing strategy.Significant number of unmatched
counterparty confirmations.Delayed Deal AllocationsNo time stamping
of deal tickets or a review of the time of booking.Alterations to
or overwriting of details on deal sheets.Misuse of Discretionary
AccountsUnusual trends on particular discretionary accounts.Special
arrangements for preparation and issue of statements.60Fraud Risk
Factors: Deposit Taking CycleDepositors Camouflage(Hiding the
identity of a depositor, possibly in connection with funds
transformation or money laundering.)Similar or like-sounding names
across various accounts.Offshore company depositors with no clearly
defined business or about which there are few details.Unrecorded
DepositsAny evidence of deposit-taking by any other company of
which there are details on the premises, whether part of the bank
or not.Documentation held in management offices that it is claimed
has no connection with the business of the bank or evasive replies
on such documents.Theft of Customer Deposits/InvestmentsCustomers
with hold-mail arrangements who only have very occasional contact
with the bank.No independent resolution of customer complaints or
review of hold-mail accounts.61Fraud Risk Factors: AnalogyThe risk
of fraudulent activities or illegal acts arises at banks both from
within the institution and from outsiders. Among the many
fraudulent activities and illegal acts that banks may face are
check-writing fraud, fraudulent lending and trading arrangements,
money laundering and misappropriation of banking assets. Fraudulent
activities may involve collusion by management of banks and their
clients. Those perpetrating fraudulent activities may prepare false
and misleading records to justify inappropriate transactions and
hide illegal activities. Fraudulent financial reporting is another
serious concern.In addition, banks face an ongoing threat of
computer fraud. Computer hackers, and others who may gain
unauthorized access to banks computer systems and information
databases, can misapply funds to personal accounts and steal
private information about the institution and its customers. Also,
as is the case for all businesses, fraud and criminal activity
perpetrated by authorized users inside banks is a particular
concern.62>>Fraud Risk Factors: AnalogyBanks with serious
deficiencies in corporate governance and internal control are most
vulnerable. Significant losses may arise from:Lack of adequate
management oversight and accountability, and failure to develop a
strong control culture within the bank. Major losses due to fraud
often arise as a consequence of management's lack of attention to,
and laxity in, the control culture of the bank, insufficient
guidance and oversight by management, and a lack of clear
management accountability through the assignment of roles and
responsibilities. These situations also may involve a lack of
appropriate incentives for management to carry out strong line
supervision and maintain a high level of control consciousness
within business areas.Inadequate recognition and assessment of the
risk of certain banking activities, whether on- or off-balance
sheet. When the risks of new products and activities are not
adequately assessed and when control systems that function well for
simpler traditional products are not updated to address newer
complex products, a bank may be exposed to a greater risk of loss
from fraud.63>>>Fraud Risk Factors: AnalogyThe absence or
failure of key control structures and activities, such as
segregation of duties, approvals, verifications, reconciliations,
and reviews of operating performance. Lack of a segregation of
duties has played a major role in fraudulent activities. [reasons:
saving manpower costs, budget, etc]Inadequate communication of
information between levels of management within the bank,
especially in the upward communication of problems. Fraud may go
undetected when information about inappropriate activities that
should be brought to the attention of higher level management is
not communicated until the problems become severe.Inadequate or
ineffective internal audit programs and monitoring activities. When
internal auditing or other monitoring activities are not
sufficiently rigorous to identify and report control weaknesses,
fraud may go undetected at banks. Also, when adequate mechanisms
are not in place to ensure management action to correct reported
deficiencies.64Commercial Banks: Comments on Internal Audit in
Annual ReportThe Board has set up an effective Internal Audit
function. All the branches, regions and groups are subject to
audit. All the Internal Audit Reports are accessible to the Audit
Committee and important points arising out of audit are reviewed by
the Audit Committee and important points requiring Boards attention
are bought into their notice.Statement of Compliance para.20 NBP AR
200465Commercial Banks: >>Comments on Internal Audit in
Annual ReportThe Board has formed an audit committee comprising of
three non-executive directors. The audit committee has written
terms of reference in the form of a charter, which has been
approved by the Board of Directors. The committee is responsible
for the oversight of he internal audit function and reviews its
approach and methodology from time to time.Directors Report 2004 AR
NBP66Commercial Banks: >>>Comments on Internal Audit in
Annual ReportInternal audit department of the bank conducts the
audit of all branches, regions and groups at head office level on
ongoing basis to evaluate the efficiency and effectiveness of
internal control system and proper follow-up of irregularities and
control weaknesses is carried out.Directors Report 2004 AR
NBP67Internal & External Auditors The relationship & the
Difference68Internal & External Auditors:
RelationshipAppointment & Functional ReportingScope of
WorkQualificationExternal Auditors use of Internal Auditor workForm
of Reporting
69Internal & External Auditors: Appointment & Function
ReportingInternal Auditors are appointed by the CEO solely or in
consultation. They report to the Audit Committee. Issue: Provide
safeguards.The Code provides that the CEO may appoint the internal
auditor and determine his terms of employment, to be approved by
the BOD. The appointment of external auditor (person or firm) is
provided in the Companies Ordinance 1984.External Auditor is
appointed by the shareholders in Annual General Meeting.70Internal
& External Auditors: ScopeThe scope of work of internal auditor
is defined and determined by the Audit Committee. Normally, it
includes:Financial & Procedural ReviewsOperational Reviews
[most importantly that of non-financial indicators]Compliance
Reviews
The scope of work of external auditor is defined by the statute.
Its more focused on ensuring that financial statements are free
from material misstatements.
71Internal Auditors: Scope 1: Review Accounting & Internal
Control SystemsThe establishment of adequate accounting and
internal control systems is a responsibility of management which
demands proper attention on a continuous basis.Internal auditing is
ordinarily assigned specific responsibility by management for
reviewing these systems, monitoring their operation and
recommending improvements thereto.72Internal Auditors: Scope 2:
Examination of financial and operating information.This may include
review of the means used to identify, measure, classify and report
such information and specific inquiry into individual items
including detailed testing of transactions, balances and
procedures.73Internal Auditors: Scope 3: Operational Reviews Scope
4: Compliance ReviewsReview of the economy, efficiency and
effectiveness of operations including non-financial controls of an
entity.Review of compliance with laws, regulations and other
external requirements and with management policies and directives
and other internal requirements.
74Internal Auditors: Recap of ScopeReview of the accounting and
internal control systems. Internal auditing is ordinarily assigned
specific responsibility by management for reviewing these systems,
monitoring their operation and recommending improvements
thereto.Examination of financial and operating information. Review
of the economy, efficiency and effectiveness of operations
including non-financial controls of an entity.Review of compliance
with laws, regulations and other external requirements and with
management policies and directives and other internal
requirements.
How an internal auditor can add value to an entity?How the
performance of internal audit should be evaluated?75Internal &
External Auditors: QualificationFor internal auditors, the Code
does not prescribes any minimum qualifications. You may have any
person as an internal auditor. This area needs to be addressed by
the Code.For external auditors, for public companies (listed or
unlisted), the minimum qualification for appointment is that of
being a Chartered Accountant.
76Internal & External Auditors: Relationship = ISA 6101.
Internal auditors are free to use similar standards that external
auditors do in reaching to an audit opinion. 2. The external
auditors MAY rely on the work of the internal auditors in forming
an overall opinion on the financial statements. However, to do so,
they perform an assessment of the effectiveness of the internal
audit function.The final responsibility of expressing an opinion is
that of the external auditors.
77Internal & External Auditors: Relationship = ISA 610 Para
13When obtaining an understanding and performing a preliminary
assessment of the internal audit function, the important criteria
are the following:(a) Organizational status: Specific status of
internal auditing in the entity and the effect this has on its
ability to be objective. In the ideal situation, internal auditing
will report to the highest level of management and be free of any
other operating responsibility. Any constraints or restrictions
placed on internal auditing by management would need to be
carefully considered. In particular, the internal auditors will
need to be free to communicate fully with the external
auditor.78Internal & External Auditors: >>Relationship
Contd.(b) Scope of function: The nature and extent of internal
auditing assignments performed. The external auditor would also
need to consider whether management acts on internal audit
recommendations and how this is evidenced.(c) Technical competence:
Whether internal auditing is performed by persons having adequate
technical training and proficiency as internal auditors. The
external auditor may, for example, review the policies for hiring
and training the internal auditing staff and their experience and
professional qualifications.79Internal & External Auditors:
>>>Relationship Concluded(d) Due professional care:
Whether internal auditing is properly planned, supervised, reviewed
and documented. The existence of adequate audit manuals, work
programs and working papers would be considered.80Internal &
External Auditors: Form of ReportingExternal Auditors report in a
prescribed statutory form.There is no standard form of reporting
for the internal auditor. The internal audit conclusion may be in
the form of a rating exclusive to the bank.
81Internal & External Auditors: Code of EthicsExternal
Auditors abide by IAASB. Non-compliance results in disciplinary
action.There is no abiding form of code of ethics for the internal
auditor unless he is a member of Institute of Internal Auditors,
USA. Presently there is no local professional institute for
internal auditors.
82Internal Auditors: Sum of AdvantagesNo constraint on
resources, with proper management attitude.No bar on frequency of
undertaking a specific aspect for audit, may be weekly, monthly,
quarterly or even daily.Afford time to get into much more details
than would be expected from an external auditor much wider
scope.Most likely to have updated and thorough knowledge of
business than an external auditor.
83Internal Auditors: Competencies, Attitudes, Skills
etcIntegrity.Relevant qualifications [education training].Technical
[understanding of dynamics of issues and business] and analytical
mind.Inquisitiveness. Continuous learning process.Communication
SkillsAsking right questionsListening skillsWriting skillsPersonal:
Patience and doing homework.
84Group Activity 1: Your ViewsHow much an internal auditor can
benefit from the methods & techniques of external auditors?85
Do you think that the external auditors should make a reference in
their Report about the effectiveness of internal audit
function?Group Activity: Your Views86Internal Audit
FunctionTraining & Continuing Education 1. Bank of
International Settlement www.bis.org = Basle Committee on Banking
Supervision2. IFAC Website www.ifac.org or www.iaasb.org = HANDBOOK
OF INTERNATIONAL AUDITING, ASSURANCE, AND ETHICS PRONOUNCEMENTS.
2007 handbook available can be downloaded free.3. SECP
www.secp.gov.pk = Code of Corporate Governance4. IIA www.theiia.org
= 20 Qs Directors Should Ask About Internal Audit5. Search and
find. Examples include www.auditplus.com www.auditnet.org = audit
programs etc6. State Bank of Pakisan = www.sbp.gov.pk 87Recap 1st
SessionInternal Audit Framework for Commercial Bank: Success
FactorsExternal & Internal Audit: The knotScope of Internal
Audit: How internal audit can be more effective than external
audit?Constraints on Internal Audit Function.Update on SBP
Circulars on Internal Audit
8788Thank You.
