AUDITING AND ASSURANCE:

SPECIALIZED INDUSTRIES
AUD 4
AUDITING

• A systematic process of objectively obtaining and evaluating evidence regarding

assertions about economic actions and events to ascertain the degree of correspondence
between those assertions and established criteria and communicating the results to
interested users.
ASSURANCE

• An engagement whereby a practitioner expresses a conclusion that enhances the degree

of confidence of the users on a subject matter prepared by a “responsible party” when the
subject matter is compared and measured against established criteria.
LEVEL OF ASSURANCE

• Reasonable Assurance ( Audit)

• Are aimed at “Reducing Engagement Risk” to an acceptably low level in the light of the
given circumstance. A positive expression is thereby included in a practitioner’s report.

• Limited Assurance ( Review)

Also aimed at “Reducing Engagement Risk” to an acceptable level, but that, there is a
higher engagement risk than that when a reasonable assurance is promised, since less
extensive procedures are performed by the practitioner
ELEMENTS OF ASSURANCE ENGAGEMENT

• Three Party Relationship

• Subject Matter
• Suitable Criteria
• Sufficient Appropriate Evidence
• Written Report
WHAT IS SPECIALIZED INDUSTRY?

• A specialized industry is a distinct market that has a unique way of accounting for
transactions and reporting its financial results. These differences are allowed under the
applicable accounting framework, such as IFRS or GAAP. Examples of specialized
industries are airlines, banking, and insurance.
AUDIT CONSIDERATIONS

• Competence
• Audit Planning
• Reliance on experts
COMPETENCE

• When accepting an audit engagement involving a specialist industry, the audit firm needs
to pay close attention to the competence of the audit firm to provide the service.
• ISQC 1, Quality Control for Firms That Perform Audits and Reviews of Financial
Statements, and Other Assurance and Related Services Engagements requires the audit
firm to consider whether the firm is competent to perform the engagement and has the
capabilities, including time and resources, to do so. This should include consideration of
whether the audit firm personnel has knowledge of relevant industries and has experience
with relevant regulatory or reporting requirements, or the ability to gain the necessary
skills and knowledge effectively.
AUDIT PLANNING

• Identification of the risk of material misstatement in a specialized industry should be approached in

the same was as in any other audit – by obtaining appropriate understanding of the business and its
environment.
• To assist audit team members assigned to a specialized industry client, the audit firm is likely to have
additional resources available. There may be briefing notes or internal technical guidance on how
financial reporting standards should be applied within the sector. For example, in the audit of banking
sector clients, an audit firm may produce guidance on the specific application of IFRS® Standards
relating to the range of financial instruments typically held by banks. Audit staff can then refer to this
guidance when performing the audit, particularly when identifying risks of material misstatement.
RELIANCE ON EXPERTS

• The auditor may plan to use an auditor’s expert to obtain audit evidence. This is quite likely in
a specialized industry as despite being competent to perform the engagement, the audit firm
may not have the necessary specific expertise in some areas.
• For instance in the audit of a bank, specialists may be brought in to value complex financial
instruments.
• The audit firm must adhere to the requirements and principles of ISA 620, Using the Work of
an Auditor’s Expert which deals with matters including the evaluation of the objectivity,
competence and capabilities of the auditor’s expert, determining and communicating the scope
and objectives of their work, and assessing their finding
CONCLUSION

• The audit of a client in a specialized industry can pose some challenges to the audit firm.
However, with proper consideration of competence, and by providing staff with
additional support and guidance, these audits should not necessarily be more complex or
challenging to plan and perform. Using experts can provide high quality audit evidence in
specialist situations, but the auditor must be careful to fully evaluate the findings of the
auditor’s expert and not to over-rely on their work. For audit staff, working on this type
of engagement can be very rewarding, providing exposure to sometimes unusual
businesses.
TRANSACTION CYCLES

• A transaction cycle is an interlocking set of business transactions.

Types of Transaction cycles in Accounting

1. Revenue Receipt Transaction Cycle – sales / income and collection cycle

2. Expenditure and Disbursements Cycle – purchasing and payment cycle
3. Payroll Cycle
4. Production (Conversion) Cycle
5. Financing Cycle
AUDIT OF BANKS’ FINANCIAL STATEMENTS
DEFINITION OF BANKS
DISTINGUISHING CHARACTERISTICS OF BANKS
DISTINGUISHING CHARACTERISTICS OF BANKS
DISTINGUISHING CHARACTERISTICS OF BANKS
DISTINGUISHING CHARACTERISTICS OF BANKS
DISTINGUISHING CHARACTERISTICS OF BANKS
BANKING LAWS
KEY AUDIT CONSIDERATIONS
AUDIT OBJECTIVE OF THE BANKS FS
(IAPS 1006)

• to enable the auditor to express an opinion on the bank’s financial

statements, which are prepared in accordance with the applicable
financial reporting framework.
SKILLS REQUIRED FOR THE AUDITOR AND STAFF
ISA 210
TERMS OF AGREEMENT ON WRITTEN REPORT
AUDIT PLANNING
OBTAINING KNOWLEDGE OF THE BUSINESS

• Understand the bank’s corporate governance structure;

• The economic and regulatory environment prevailing for the principal countries in which the bank
operates; and
• The market conditions existing in each of the significant sectors in which the bank operates.
• Corporate governance plays a particularly important role in banks; many regulators set out
requirements for banks to have effective corporate governance structures. Accordingly the auditor
obtains an understanding of the bank’s corporate governance structure and how those charged with
governance discharge their responsibilities for the supervision, control and direction of the bank.
OBTAINING KNOWLEDGE OF THE BUSINESS
UNDERSTANDING THE NATURE OF BANKING
RISKS
Country Risk Credit Risk
Currency Risk Fiduciary Risk
Interest Rate Risk Legal and Documentary Risk
Liquidity Risk Modeling Risk
Operational Risk Price Risk
Regulatory Risk Replacement Risk
Reputational Risk Settlement Risk
Solvency Risk Transfer Risk
Banking risks increase with the degree of concentration of a bank’s exposure to
any one customer, industry, geographic area or country.

For example, a bank’s loan portfolio may have large concentrations of loans or
commitments to particular industries, and some, such as real estate, shipping
and natural resources, may have highly specialized practices. Assessing the
relevant risks relating to loans to entities in those industries may require a
knowledge of these industries, including their business, operational and
reporting practices.

Most transactions involve more than one of the risks identified above.
Furthermore, the individual risks set out above may be correlated with one
another. for a bank’s liquidity position. The auditor therefore considers these
and other risk correlations when analyzing the risks to which a bank is exposed.
Factors that contribute significantly to operational risk include the following:

(a) The need to process high volumes of transactions accurately within a short
time. This need is almost always met through the large-scale use of IT, with the
resultant risks of:
(i) Failure to carry out executed transactions within the required time, causing
an inability to receive or make payments for those transactions;
(ii) Failure to carry out complex transactions properly;
(iii) Wide-scale misstatements arising from a breakdown in internal control;
(iv) Loss of data arising from systems’ failure;
(v) Corruption of data arising from unauthorized interference with the systems;
and
(vi) Exposure to market risks arising from lack of reliable up-to-date
information.
Fraudulent activities may take place within a bank by, or with the
knowing involvement of, management or personnel of the bank. Such
frauds may include fraudulent financial reporting without the motive of
personal gain, or the misappropriation of the bank’s assets for personal
gain that may or may not involve the falsification of records.
Alternatively, fraud may be perpetrated on a bank without the knowledge
or complicity of the bank’s employees. ISA 240, “The Auditor’s
Responsibility to Consider Fraud and Error in an Audit of Financial
Statements”1 gives more guidance on the nature of the auditor’s
responsibilities with respect to fraud. Although many areas of a bank’s
operations are susceptible to fraudulent activities, the most common take
place in the lending, deposit-taking and dealing functions.
POLICIES, PROCEDURES AND CONTROLS TO
DETER AND TO RECOGNIZE AND REPORT
MONEY LAUNDERING ACTIVITIES
• A requirement to obtain customer identification (know your client).
• Staff screening.
• A requirement to know the purpose for which an account is to be used.
• The maintenance of transaction records.
• The reporting to the authorities of suspicious transactions or of all
transactions of a particular type, for example, cash transactions over
a certain amount.
• The education of staff to assist them in identifying suspicious
transactions.
In some jurisdictions, auditors may have an express obligation to report to the authorities certain types of
transactions that come to their attention. ISA 250, “Consideration of Laws and Regulations in an Audit of
Financial Statements” gives further guidance on this matter.
UNDERSTANDING THE RISK MANAGEMENT PROCESS

An effective risk management system in a bank generally requires the following:

1. Oversight and involvement in the control process by those charged with governance
2. Identification, measurement and monitoring of risks
3. Control activities. A bank should have appropriate controls to manage its risks,
including effective segregation of duties (particularly between front and back offices),
accurate measurement and reporting of positions, verification and approval of
transactions, reconciliations of positions and results, setting of limits, reporting and
approval of exceptions to limits, physical security and contingency planning.
4. Monitoring Activities. Risk management models, methodologies and assumptions used
to measure and manage risk should be regularly assessed and updated.
5. Reliable Information Systems that provide adequate financial, operational and
compliance information on a timely and consistent basis.
DEVELOPMENT OF AN OVERALL AUDIT PLAN
In developing an overall plan for the audit of the financial statements of a bank,
the auditor gives particular attention to:

• The complexity of the transactions undertaken by the bank and the

documentation in respect thereof;
• The extent to which any core activities are provided by service organizations;
• Contingent liabilities and off-balance sheet items;
• Regulatory considerations;
• The extent of IT and other systems used by the bank;
• The expected assessments of inherent and control risks;
• The work of internal auditing;
DEVELOPMENT OF AN OVERALL AUDIT PLAN

• The assessment of audit risk;

• The assessment of materiality;
• Management’s representations;
• The involvement of other auditors;
• The geographic spread of the bank’s operations and the co-
ordination of work between different audit teams;
• The existence of related party transactions; and
• Going concern considerations.
EXPECTED ASSESSMENT OF INHERENT AND
CONTROL RISKS
The nature of banking operations is such that the auditor may not be able to reduce audit risk to an
acceptably low level by the performance of substantive procedures alone. This is because of factors such as
the following:
• The extensive use of IT and EFT systems, which means that much of the audit evidence is available only in
electronic form and is produced by the entity’s own IT systems.
• The high volume of transactions entered into by banks, which makes reliance on substantive procedures
alone impracticable.
• The geographic dispersion of banks’ operations, which makes obtaining sufficient coverage extremely
difficult.
• The difficulty in devising effective substantive procedures to audit complex trading transactions.
In most situations the auditor will not be able to reduce audit risk to an acceptably low level unless
management has instituted an internal control system that allows the auditor to be able to assess the level of
inherent and control risks as less than high. The auditor obtains sufficient appropriate audit evidence to
support the assessment of inherent and control risks.
 INTERNAL CONTROL

The Basel Committee on Banking Supervision has issued a policy paper,

“Framework for Internal Control Systems in Banking Organizations” (September
1998), which provides banking supervisors with a framework for evaluating
banks’ internal control systems.
This framework is used by many banking supervisors, and may be used during supervisory
discussions with individual banking organizations.

Auditors of banks’ financial statements may find a knowledge of this framework useful in
understanding the various elements of a bank’s internal control system.
 IDENTIFYING, DOCUMENTING AND TESTING
CONTROL PROCEDURES
ISA 400, “Risk Assessments and Internal Control”4 indicates that internal
controls relating to the accounting system are concerned with achieving
objectives such as the following:
• Transactions are executed in accordance with management’s general or specific
authorization
• All transactions and other events are promptly recorded at the correct amount, in the
appropriate accounts and in the proper accounting period so as to permit preparation of
financial statements in accordance with the applicable financial reporting framework
• Access to assets is permitted only in accordance with management’s authorization
• Recorded assets are compared with the existing assets at reasonable intervals and
appropriate action is taken regarding any differences
Inherent Limitations of Internal Control
ISA 400 describes the procedures to be followed by the auditor in
identifying, documenting and testing internal controls.
In doing so, the auditor is aware of the inherent limitations of internal
control.
The assessed levels of inherent and control risks cannot be sufficiently
low to eliminate the need for the auditor to perform any substantive
procedures.
Irrespective of the assessed levels of inherent and control risks, the
auditor performs some substantive procedures for material account
balances and classes of transaction
CONSIDERING THE INFLUENCE OF ENVIRONMENTAL FACTORS

SOME OF THE FACTORS THAT MAY BE CONSIDERED INCLUDE THE FOLLOWING:

• THE ORGANIZATIONAL STRUCTURE OF THE BANK AND THE MANNER IN WHICH IT PROVIDES FOR THE DELEGATION OF AUTHORITY AND RESPONSIBILITIES.
• THE QUALITY OF MANAGEMENT SUPERVISION.
• THE EXTENT AND EFFECTIVENESS OF INTERNAL AUDITING.
• THE EXTENT AND EFFECTIVENESS OF THE RISK MANAGEMENT AND COMPLIANCE SYSTEMS
• THE SKILLS, COMPETENCE AND INTEGRITY OF KEY PERSONNEL.
• THE NATURE AND EXTENT OF INSPECTION BY SUPERVISORY AUTHORITIES
PERFORMING SUBSTANTIVE PROCEDURES

ISA 500, “Audit Evidence”7 lists the assertions embodied in the financial
statements as: existence, rights and obligations, occurrence, completeness,
valuation, measurement, and presentation and disclosure.
 Reporting on the Financial Statements

In expressing an opinion on the bank’s financial statements, the auditor:

• Adheres to any specific formats and terminology specified by the law,the
regulatory authorities, professional bodies and industry practice; and

• Determines whether adjustments have been made to the accounts of foreign

branches and subsidiaries that are included in the consolidated financial
statements of the bank to bring them into conformity with the financial
reporting framework under which the bank is reporting.
 PEER REVIEW STANDARDS

Compliance with Technical Standards

Office System and Procedure

Quality of Reporting

Training of Staff

Quality Review Board

ASSIGNMENT FOR NEXT WEEK ACTIVITY

1. Give Examples of Related Parties Relationship in a Bank

2. Enumerate Regulatory Bodies affecting Banking Institution
3. Identify the different audit and accounting considerations and trends for the
industry.
4. Look for at least 2-3 audited financial statements of companies under the
specialized industry in the Philippines and list down your observations from
audit report to the financial statements.