lOMoARcPSD|36507141

AUDIT OF BANKS Part 1

(Per International Auditing Standards)
Bank - is a type of financial institution whose principal activity is the taking of deposits and
borrowing for the purpose of lending and investing and that is recognized as a bank by the
regulatory authorities in any countries in which it operates
SIMILAR FUNCTIONS
 Building societies
 Credit unions
 Friendly societies
 Savings and Loans Institutions
 Thrift Institutions
BANK – COMMON ACTIVITIES
 Deposit taking
 Borrowing
 Lending
 Settlement
 Trading and treasury operations
LIMITED GUIDANCE
 Securities underwriting and brokerage
 Asset management
BANKS VS. COMMERCIAL ENTERPRISES
 Custody of large amounts of monetary items
 Custody and control of negotiable instruments
 Liquidity: vulnerable for misappropriation of funds
 > Formal Operating Procedures
 > Internal Control
 Transactions that are initiated in one jurisdiction
 Recorded in a different jurisdiction
 Managed in yet another jurisdiction
 Operates with very high leverage
 Vulnerable: Adverse economic events
 Increase the risk of failure
 Assets that can rapidly change in value and whose value is often difficult to
determine
 Significant effect on its capital
Banks
- derive a significant amount of their funding from short-term deposits (either insured or
uninsured)
- loss confidence from the bank
- fiduciary duties in respect of the assets they hold that belong to other persons
- liabilities for breach of trust
- engage in a large volume and variety of transactions whose value may be significant
- it requires complex accounting
- internal control
- widespread use of IT
- ordinarily operate through networks of branches and departments that are geographically
dispersed
- decentralization of authority
- difficult to maintain uniform operating practices and accounting systems
- transactions can often be directly initiated and completed by the customer without any
intervention by the bank’s employees
- assume significant commitments without any initial transfer of funds other than, in some
cases, the payment of fees
- memorandum accounting entries
- existence: difficult to detect
 lOMoARcPSD|36507141

- regulated by governmental authorities, whose regulatory requirements often influence the

accounting principles that banks follow
- example: Capital Adequacy Requirements – could have implications for the bank’s financial
statements or disclosures
- customer relationships that the auditor, assistants, or the audit firm may have with the
bank might affect the auditor’s independence in a way that customer relationships with
other organizations would not
- has exclusive access to clearing and settlement systems for checks, fund transfers, foreign
exchange transactions
- an integral part of, or are linked to, national and international settlement systems and
consequently could pose a systemic risk to the countries in which they operate
- may issue and trade in complex financial instruments, some of which may need to be
recorded at fair values in the financial statements valuation?

SPECIAL AUDIT CONSIDERATIONS

 The nature of the risks associated with the transactions undertaken by banks.
 The scale of banking operations and the resultant significant exposures that may
arise in a short period.
 The extensive dependence on IT to process transactions.
 The effect of the regulations in the various jurisdictions in which they operate.
 The continuing development of new products and banking practices that may not be
matched by the concurrent development of accounting principles or internal controls.
AUDIT OBJECTIVES
The objective of an audit of financial statements is to enable the auditor to express an
opinion whether the financial statements are prepared, in all material respects, in
accordance with an applicable financial reporting framework.
AGREEING TO THE TERMS OF ENGAGEMENT
The engagement letter documents and confirms the auditor’s acceptance of the
appointment, the objective and scope of the audit, the extent of the auditor’s responsibilities
to the client and the form of any reports.

FACTORS TO CONSIDER
1. The need for sufficient expertise in the aspects of banking relevant to the audit of the
bank’s business activities.
2. The need for expertise in the context of the IT systems and communication networks the
bank uses.
3. The adequacy of resources or inter-firm arrangements to carry out the work necessary at
the number of domestic and international locations of the bank at which audit
procedures may be required.

INCLUSIONS IN ENGAGEMENT LETTER

1) The use and source of specialized accounting principles, with reference to:
 Any requirements contained in the law or regulations applicable to banks.
 Pronouncements of the banking supervisory and other regulatory authorities.
 Pronouncements of relevant professional accounting bodies, for example, the
International Accounting Standards Board; Pronouncements of the Basel
Committee on Banking Supervision.
 Industry practice.

2) The contents and form of the auditor’s report on the financial statements
 any special-purpose reports required from the auditor in addition to the report on the
financial statements
 describe procedures undertaken specially to meet regulatory requirements
3) The nature of any special communication requirements or protocols that may exist
between the auditor and the banking supervisory and other regulatory authorities.
4) The access that bank supervisors will be granted to the auditor’s working papers when
such access is required by law, and the bank’s advance consent to this access.
 lOMoARcPSD|36507141

PLANNING THE AUDIT: INCLUSION

1. Obtaining a sufficient knowledge of the entity’s business and governance structure.
- sufficient understanding of the accounting and internal control systems, including
risk management and internal audit functions
2. Considering the expected assessments of inherent and control risks.
- the risk that material misstatements occur (inherent risk) and the risk that the
bank’s system of internal control does not prevent or detect and correct such misstatements
on a timely basis (control risk)
3. Determining the nature, timing, and extent of the audit procedures to be performed and
4. Considering the going concern assumption regarding the entity’s ability to continue in
operation for the foreseeable future
- It will be the period used by management in making its assessment under the
financial reporting framework
- This period will ordinarily be for a period of at least one year after the balance sheet
date
OBTAINING A KNOWLEDGE OF THE BUSINESS

 The bank’s corporate governance structure.

 The economic and regulatory environment prevailing for the principal countries in which
the bank operates
 The market conditions existing in each of the significant sectors in which the bank
operates
 Knowledge of the products and services offered by the bank.
 Many variations in the basic deposit, loan, and treasury services that are offered and
continue to be developed by banks in response to market conditions.
 Nature of services rendered through instruments such as letter of credit, acceptances,
interest rate features, forward and swap contracts, options, and other similar
instruments.
 Uses – service organizations to provide core services or activities:
considers legal and regulatory restrictions, and obtains an understanding of how the
management and those charged with governance monitor that the system of internal
control (including internal audit) operates effectively
 Obtains an understanding of the nature of risks and how the bank manages them.
 To assess the level of inherent & control risks associated with different aspects of a
bank’s operations and to determine the nature, timing, and extent of the audit
procedures.
CORPORATE GOVERNANCE
 Set out requirements for banks to have effective corporate governance structures
 Understanding of bank’s corporate governance structure
 How those charged with governance discharge their responsibilities for the supervision,
control, and direction of the bank.

AUDIT OF BANKS Part 2

(Per International Auditing Standards)
UNDERSTANDING THE NATURE OF BANKING RISKS
The risks associated with banking activities may broadly be categorized as:
1. Country risk
2. Credit risk
3. Currency risk
4. Fiduciary risk
5. Interest rate risk
6. Legal and documentary risk
7. Liquidity risk
 lOMoARcPSD|36507141

Credit risk
- risk that a customer or counterparty will not settle an obligation for full value, either when
due or at any time thereafter
- particularly from commercial lending, may be considered the most important risk in
banking operations.
- arises from lending to individuals, companies, banks, and governments.

- it also exists in assets other than loans, such as investments, balances due from other
banks and in off-balance sheet commitments
- also includes country risk, transfer risk, replacement risk and settlement risk
- biggest risk for banks
- Defaults can occur on mortgages, credit cards, and fixed income securities. Failure to meet
obligational contracts can also occur in areas such as derivatives and guarantees provided.
Currency risk
- risk of loss arising from future movements in the exchange rates applicable to foreign
currency assets, liabilities, rights, and obligations
Fiduciary risk
- risk of loss arising from factors such as failure to maintain safe custody or negligence in the
management of assets on behalf of other parties
Interest Rate Risk
- risk that a movement in interest rates would have an adverse effect on the value of assets
and liabilities or would affect interest cash flows
Legal and Documentary Risk
- risk that contracts are documented incorrectly or are not legally enforceable in the relevant
jurisdiction in which the contracts are to be enforced or where the counterparties operate
- risk that assets will turn out to be worth less or liabilities will turn out to be greater than
expected because of inadequate or incorrect legal advice or documentation
- existing laws may fail to resolve legal issues involving a bank; a court case involving a
particular bank may have wider implications for the banking business and involve costs to it
and many or all other banks; and laws affecting banks or other commercial enterprises may
change
- Banks are particularly susceptible to legal risks when entering new types of transactions
and when the legal right of a counterparty to enter a transaction is not established
Liquidity Risk
- risk of loss arising from the changes in the bank’s ability to sell or dispose of an asset
- inability to provide cash in a timely manner to customers can result in a snowball effect. If
a bank delay providing cash for a few of their customer for a day, other depositors may rush
to take out their deposits as they lose confidence in the bank
- lowers the bank’s ability to provide funds and leads to a bank run

REASONS OF LIQUIDITY RISKS

- include over-reliance on short-term sources of funds, having a balance sheet concentrated
in illiquid assets, and loss of confidence in the bank on the part of customers
- mismanagement of asset-liability duration can also cause funding difficulties. This occurs
when a bank has many short-term liabilities and not enough short-term assets.
 lOMoARcPSD|36507141

Modeling Risk
- risk associated with the imperfections and subjectivity of valuation models used to
determine the values of assets or liabilities
Operational Risk
- risk of direct or indirect loss resulting from inadequate or failed internal processes, people,
and systems or from external events
- Losses that occur due to human error include internal fraud or mistakes made during
transactions. An example is when a teller accidentally gives an extra $50 bill to a customer
- On a larger scale, fraud can occur through the breaching a bank’s cybersecurity. It allows
hackers to steal customer information and money from the bank and blackmail the
institutions for additional money. In such a situation, banks lose capital and trust from
customers. Damage to the bank’s reputation can make it more difficult to attract deposits or
business in the future.
Price Risk
- risk of loss arising from adverse changes in market prices, including interest rates, foreign
exchange rates, equity and commodity prices and from movements in the market prices of
investments
Regulatory Risk
- The risk of loss arising from failure to comply with regulatory or legal requirements in the
relevant jurisdiction in which the bank operates. It also includes any loss that could arise
from changes in regulatory requirements.
Replacement Risk
- also known as performance risk
- risk of failure of a customer or counterparty to perform the terms of a contract. This failure
creates the need to replace the failed transaction with another at the current market price
- may result in a loss to the bank equivalent to the difference between the contract price and
the current market price
Reputational Risk
- risk of losing business because of negative public opinion and consequential damage to the
bank’s reputation arising from failure to properly manage some of the above risks, or from
involvement in improper or illegal activities by the bank or its senior management, such as
money laundering or attempts to cover up losses
Settlement Risk
- The risk that one side of a transaction will be settled without value being received from the
customer or counterparty. This will generally result in the loss to the bank of the full principal
amount
Two (2) Types of Settlement Risk
1. Default risk is the possibility that one of the parties fails to deliver on a contract entirely.
This situation is like what happens when an online seller fails to send the goods after
receiving the money. Default is the worst possible outcome, so it is only a risk in financial
markets when firms go bankrupt.

2. Settlement timing risks include potential situations where securities are exchanged as
agreed, but not in the agreed-upon time frame. Settlement timing risks are generally far less
serious than default risk, as transactions still take place. These risks are the securities
market equivalent of everyday situations where a pizza or a package from Amazon shows up
late. However, the speed and liquidity of financial markets make the consequences much
more severe.
 lOMoARcPSD|36507141

Solvency Risk
- risk of loss arising from the possibility of the bank not having sufficient funds to meet its
obligations, or from the bank’s inability to access capital markets to raise required funds
Transfer Risk
- risk of loss arising when a counterparty’s obligation is not denominated in the
counterparty’s home currency. The counterparty may be unable to obtain the currency of the
obligation irrespective of the counterparty’s particular financial condition
DEGREE OF CONCENTRATION
- Banking risks increase with the degree of concentration of a bank’s exposure to any one
customer, industry, geographic area, or country
- Assessing the relevant risks relating to loans to entities in those industries may require a
knowledge of these industries, including their business, operational and reporting practices
HOW MANY RISKS?
• More than one risks
• Risks may be correlated with one another
• Ex. Non-payment or settlement failure can have consequences for a bank’s liquidity
position
RISK: ARISING FROM OWNERSHIP
In a closely held bank, the owners may have significant influence on the bank’s
management affecting their independence and judgment.
FACTORS AFFECTING OPERATIONAL RISK
(a) The need to process high volumes of transactions accurately within a short time. This
need is almost always met through the large-scale use of IT, with the resultant risks of:
i. Failure to carry out executed transactions within the required time, causing an
inability to receive or make payments for those transactions.
ii. Failure to carry out complex transactions properly.
iii. Wide-scale misstatements arising from a breakdown in internal control.
iv. Loss of data arising from systems’ failure.
v. Corruption of data arising from unauthorized interference with the systems; and
vi. Exposure to market risks arising from lack of reliable up-to-date information
(b) The need to use electronic funds transfer (EFT) or other telecommunications systems to
transfer ownership of large sums of money, with the resultant risk of exposure to loss arising
from payments to incorrect parties through fraud or error.

(c) The conduct of operations in many locations with a resultant geographic dispersion of
transaction processing and internal controls. As a result:
i. There is a risk that the bank’s worldwide exposure by customer and by product
may not be adequately aggregated and monitored; and
ii. Control breakdowns may occur and remain undetected or uncorrected because of
the physical separation between management and those who handle the
transactions.
 lOMoARcPSD|36507141

Intra-Day Payment Risk

(d) The need to monitor and manage significant exposures that can arise over short
timeframes. The process of clearing transactions may cause a significant build-up of
receivables and payables during a day, most of which are settled by the end of the day.
- This is ordinarily referred to as intra-day payment risk. These exposures arise from
transactions with customers and counterparties and may include interest rate, currency, and
market risks.
Theft & Fraud
- The handling of large volumes of monetary items, including cash, negotiable instruments,
and transferable customer balances, with the resultant risk of loss arising from theft and
fraud by employees or other parties
Environment
- The inherent complexity and volatility of the environment in which banks operate, resulting
in the risk of inappropriate risk management strategies or accounting treatments in relation
to such matters as the development of new products and services
Laws & Regulations
- Operating restrictions may be imposed because of the failure to adhere to laws and
regulations.
- Overseas operations are subject to the laws and regulations of the countries in which they
are based as well as those of the country in which the parent entity has its headquarters.
- This may result in the need to adhere to differing requirements and a risk that operating
procedures that comply with regulations in some jurisdictions do not meet the requirements
of others.
Fraudulent Activities
1. Fraudulent financial reporting without the motive of personal gain, (for example, to
conceal trading losses)
2. Misappropriation of the bank’s assets for personal gain that may or may not involve
the falsification of records
Money Laundering
• Proceeds of crime are converted into funds that appear to have a legitimate source
• In recent years drug traffickers have greatly added to the scale of money laundering
that takes place within the banking industry
Controls in AMLA (IAS)
• A requirement to obtain customer identification (know your client).
• Staff screening.
• A requirement to know the purpose for which an account is to be used.
• The maintenance of transaction records.
• The reporting to the authorities of suspicious transactions or of all transactions of a
particular type, for example, cash transactions over a certain amount.
• The education of staff to assist them in identifying suspicious transactions.
Auditor’s Obligation to Report
• Auditors may have an express obligation to report to the authorities’ certain types of
transactions that come to their attention
• Even where no such obligation exists, an auditor who discovers a possible instance of
noncompliance with laws or regulations considers the implications for the financial
statements and the audit opinion thereof
 lOMoARcPSD|36507141

UNDERSTANDING THE RISK MANAGEMENT PROCESS

Requires the following to be established:
1. Oversight and involvement in the control process by those charged with governance
 Written Risk Management Policies
 Policies: consistent with the bank’s business strategies, capital strength,
management expertise, regulatory requirements and the types and amounts of risk it
regards as acceptable
 Culture: commitment to internal controls and high ethical standards, and often
establish special committees to help discharge their functions
2. Identification, measurement, and monitoring of risks
 Risks that impact the goal achievement
 Independent Risk Management Unit- also responsible for validating and stress testing
the pricing and valuation models used by the front and back offices
3. Control Activities
 Effective Segregation of Duties
 accurate measurement and reporting of positions
 verification and approval of transactions
 reconciliations of positions and results
 setting of limits
 reporting and approval of exceptions to limits
 physical security and contingency planning
4. Monitoring Activities
 Risk management models, methodologies and assumptions used to measure and
manage risk should be regularly assessed and updated

Reliable Information Systems

- information systems that provide adequate financial, operational and compliance

information on a timely and consistent basis
STATUTES AND LIMITATIONS
• General Banking Law
• Thrift Banks Act
• Rural Banks Act
• Philippine Cooperative Code
• Charter of Al-Amanah Islamic Investment Bank of the Philippines
• Anti-Money Laundering Act (AMLA)
• Manual of Regulations for Banks (MORB) issued by BSP
 lOMoARcPSD|36507141

REGULATORY AUTHORITIES
- The BSP, through its Monetary Board, is primarily responsible for overseeing banks.
- The Philippine Deposit Insurance Corporation (PDIC) can also conduct examination of banks
with the prior approval of the Monetary Board, provided that no examination can be
conducted by the PDIC within 12 months of the previous examination date.
TRANSACTIONS BETWEEN AFFILIATES
1. The MORB provides different ceilings for loans to DOSRI (directors, officers, stockholders,
and their related interests), and to subsidiaries and affiliates.
2. Total outstanding loans to each of the bank’s DOSRI is limited to an amount equivalent to
their respective unencumbered deposits and book value of their paid-in capital
contribution in the bank
3. total outstanding loans to each of the bank’s subsidiaries and affiliates must not exceed
10 per cent of the net worth of the lending bank

AFFILIATE
• Is an entity linked directly or indirectly to a bank by means of:
• ownership, control, or power to vote of at least 20 per cent of the outstanding voting stock.
• interlocking directorship or officer ship.
• common stockholders owning at least 10 per cent of the outstanding voting stock of the
bank and at least 20 per cent of the outstanding voting stock of the borrowing entity.
• management contract or any arrangement granting power to the bank to direct or cause
the direction of management and policies of the borrowing entity; or
• permanent proxy or voting trusts in favor of the bank constituting at least 20 per cent of
the outstanding voting stock of the borrowing entity, or vice versa.
COMMERCIAL BANK ACTIVITIES
• accepting drafts.
• issuing letters of credit.
• discounting and negotiating promissory notes, drafts, bills of exchange, and other
evidence of debt.
• accepting or creating demand deposits.
• receiving other types of deposits, as well as deposit substitutes.
• buying and selling foreign exchange, as well as gold or silver bullion.
• acquiring marketable bonds and other debt securities; and
• extending credit.
CHALLENGES OF BANKS

- Use of financial technology including compliance with know-your-customer (KYC)

requirements
- incorporating fintech into their systems and structures
- and ensuring cybersecurity

DATA PRIVACY ACT

- The BSP and the National Privacy Commission are currently reviewing possible overlaps in
their functions with a view to harmonizing them for a more efficient regulatory framework.
 lOMoARcPSD|36507141

BANK SUPERVISION

 The BSP examines the books of every bank once every 12 months, and at such other
times as the Monetary Board may deem expedient. An interval of at least 12 months is
required between annual examinations.
 The BSP examiners are authorized to administer oaths to any director, officer or
employee of any bank and to compel the presentation of all books, documents, papers or
records necessary to ascertain the facts relative to the true condition of such bank.
 The PDIC may also examine banks, with the prior approval of the Monetary Board, to
determine whether they are engaging in unsafe and unsound banking practices. No
examination can be conducted by the PDIC within 12 months of the last examination
date. To avoid overlapping of efforts, the PDIC examination considers the relevant reports
and findings of the BSP pertaining to the bank under examination.
ENFORCEMENT
• Violations of any of the provisions of the General Banking Law are subject to the penalties
and other sanctions under the New Central Bank Act.
• Any owner, director, officer or agent of a bank who, being required in writing by the
Monetary Board or by the head of the supervising and examining department of the BSP,
willfully refuses to file the required report or refuses to permit a lawful examination into the
affairs of such bank, will be punished by a fine of between 50,000 and 100,000 Philippine
pesos or by imprisonment of not less than one year or no more than five years, or both, at
the discretion of the court.
On the other hand, the willful making of a false or misleading statement on a material fact to
the Monetary Board or to the BSP examiners will be punished by a fine of between 100,000
and 200,000 Philippine pesos or by imprisonment of not more than five years, or both, at the
court’s discretion.
• In turn, any person who is responsible for willful violation of the General Banking Law or
any order, instruction, rule, or regulation issued by the Monetary Board will, at the court’s
discretion, be punished by a fine of between 50,000 and 200,000 Philippine pesos or by
imprisonment of not less than two years or no more than 10 years, or both. Whenever a
bank persists in carrying on its business in an unlawful or unsafe manner, the Monetary
Board may act for the receivership and liquidation of such bank, without prejudice to the
penalties provided in the first sentence of this paragraph and the administrative sanctions
provided in the next paragraph.
• Without prejudice to the foregoing criminal sanctions against culpable persons, the
Monetary Board may impose administrative sanctions for any of the above violations, willful
violation of the charter or by-laws of the bank, any commission of irregularities, or
conducting business in an unsafe or unsound manner as determined by the Monetary Board.
These administrative sanctions are as follows:
• fines in amounts as may be determined by the Monetary Board to be appropriate, but in no
case to exceed 30,000 Philippine pesos a day for each violation, taking into consideration
the attendant circumstances, such as the nature and gravity of the violation or irregularity
and the size of the bank.
• suspension of rediscounting privileges or access to the BSP credit facilities.
• suspension of lending or foreign exchange operations or authority to accept new deposits
or make new investments suspension of interbank clearing privileges, and revocation of the
quasi-banking license.
• In addition, the Monetary Board can suspend or remove the offending director or officer
of a bank. In this respect, the termination (or even the resignation) from office of such
director or officer will not exempt him from administrative or criminal sanctions.
• Moreover, the erring corporation may be dissolved by quo warranto proceedings instituted
by the solicitor general. In this connection, an original quo warranto proceeding may be
commenced with the Supreme Court of the Philippines.
 lOMoARcPSD|36507141

COMMON ISSUES
• Cybersecurity concerns continue to confront financial institutions (both locally and
worldwide). Top cyber-threats include card skimming, phishing attacks, ransomware, and
other malware. Accordingly, the BSP has directed banks to adopt advanced cybersecurity
controls and countermeasures, and to improve the management of information security risks
and exposures.
• Meanwhile, the money laundering incident in 2016 where proceeds from the hacking of the
Bangladesh Bank were permitted to enter the Philippine financial system prompted the BSP
to update anti-money laundering guidelines. The new regulation emphasizes the use of a
risk-based approach to the KYC processes.
GOVERNMENT TAKEOVERS
• The Monetary Board may appoint a conservator for a bank that is in a ‘state of continuing
inability or unwillingness to maintain a condition of liquidity deemed adequate to protect the
interest of depositors and creditors. The conservator will have such powers as the Monetary
Board deems necessary to:
• take charge of the assets and liabilities of the bank.
• manage it or reorganize its management.
• collect all monies and debts due; and
• restore its viability.
CONSERVATOR
• If, based on the report of the conservator or its own findings, the Monetary Board
determines that the continuance in business of the bank would involve probable loss to the
depositors and other creditors of the bank, the bank would be placed under receivership and
eventually liquidated. The PDIC is usually the designated receiver. If the bank notifies the
BSP or publicly announces a bank holiday, or in any manner suspends the payment of its
deposit liabilities continuously for more than 30 days, the Monetary Board may, summarily
and without prior hearing, close the bank and place it under receivership of the PDIC.
• The assets of a bank under liquidation are held in trust for the equal benefit of all creditors.
The receiver must first pay the costs of the proceedings, before paying the debts of the
bank, in accordance with the rules on concurrence and preference of credit under the Civil
Code of the Philippines. The shareholders are the last to receive payment if any funds
remain. The depositors can claim from the PDIC the amount of their insured deposits.
BANK FAILURES
• The directors and officers of a failing bank must cooperate with the regulators, including
the conservator and receiver. The following acts of a director or an officer of such bank are
subject to criminal penalties:
• refusal to turn over bank records and assets to the designated receiver.
• tampering with bank records.
• appropriating bank assets for himself or herself or another party.
• causing the misappropriation and destruction of bank assets.
• receiving or permitting or causing to be received in the bank any deposit, collection of
loans, or receivables.
• paying out or permitting or causing to be paid out any fund of the bank; and
• In addition, erring directors and officers will be included in the list of persons disqualified
by the Monetary Board from holding any position in any bank or financial institution.
• No voluntary dissolution and liquidation of a bank can be undertaken without the prior
approval of the Monetary Board. For this purpose, a request for Monetary Board approval
must be accompanied by a liquidation plan.
• Domestic systemically important banks (DSIBs) are required to submit a recovery plan to
the BSP.
 lOMoARcPSD|36507141

PERSONAL LIABILITY
• The bank’s directors and officers who knowingly assent to patently unlawful acts of the
bank or who are guilty of gross negligence or bad faith in directing the affairs of the bank or
acquire any personal or pecuniary interest in conflict with their duties as such directors or
officers, will be liable jointly and severally for all resulting damages suffered by the bank and
its shareholders.
PLANNING EXERCISES
• SIBs are required to submit a recovery plan to the BSP and to update the same annually.
The recovery plan is intended to serve as a guide to recovery of a DSIB in distress. The
recovery plan will take effect when the DSIB breaches the total required Common Equity Tier
1 capital or the minimum liquidity ratios prescribed by the BSP or both. The plan must
contain a detailed list of options or courses of action that will be taken by the DSIB to
address a range of severe stress scenarios to restore its financial strength and viability. It
must consider the DSIB’s nature, size, interconnectedness, level of substitutability and
complexity. It should be capable of being carried out during the recovery stage, when the
DSIB has not yet reached the point of non-viability and the prospect of recovery is
reasonable if appropriate recovery measures are taken. It should not assume any access to
or receipt of government or public financial support or aid from the Philippine government.
The board of directors of a DSIB is required to put in place a robust governance structure
and sufficient resources to support the recovery planning process.
• The list of DSIBs is updated annually and is considered by the BSP to be confidential.

CAPITAL ADEQUACY
• The BSP prescribes the minimum level of capitalization for banks. For instance, a universal
bank with more than 100 branches must have a minimum capital of 20 billion Philippine
pesos, while that of a commercial bank with similar number of branches is 15 billion
Philippine pesos.
• In addition, the BSP adopted Basel III-based capital adequacy requirements for universal
banks and commercial banks. Thrift banks and rural banks that are not subsidiaries of
universal banks or commercial banks continue to be subject to Basel II-based guidelines. In
any case, the daily risk-based capital ratio of a bank, expressed as a percentage of
qualifying capital to risk-weighted assets, must not be less than 10 per cent for both a solo
basis (i.e., head office plus branches) and a consolidated basis (ie, parent bank plus
subsidiary financial allied enterprises, excluding an insurance company). The qualifying
capital is the sum of Tier 1 (going concern) capital and Tier 2 (gone concern) capital, less
required deductions.
• Universal and commercial banks have their respective internal capital adequacy
assessment process that supplements the BSP’s risk-based capital adequacy framework.
These banks are responsible for setting internal capital targets consistent with their risk
profile, operating environment, and strategic plans. • Universal and commercial banks have
their respective internal capital adequacy assessment process that supplements the BSP’s
risk-based capital adequacy framework. These banks are responsible for setting internal
capital targets consistent with their risk profile, operating environment, and strategic plans.
HOW IS IT ENFORCED?
• In the event of non-compliance by a bank with the prescribed minimum ratio, the
Monetary Board may, until that ratio is met or restored by such bank:
• limit or prohibit the distribution of net profits by such bank, and require that such profits be
used, in full or in part, to increase the capital accounts of such bank.
• restrict or prohibit the acquisition of major assets by such bank; and
• restrict or prohibit the making of new investments by such bank, except for purchases of
readily marketable evidence of indebtedness of the Philippines and the BSP, and other
evidence of indebtedness or obligation, the servicing, and the repayment of which are fully
guaranteed by the Philippines.
 lOMoARcPSD|36507141

UNDERCAPITALIZATION
• If a bank becomes undercapitalized, it may be placed under conservatorship by the BSP,
with a view to rectifying the capital deficiency. It may be possible to correct this condition,
and the threatened insolvency of the bank may be averted by effective management
reforms and infusion of additional capital.
• The amended charter of the PDIC also provides for a resolution framework, where the PDIC
may, in coordination with the BSP, commence the resolution of a bank upon failure of
prompt corrective action as declared by the Monetary Board, or upon request by the bank.
For this purpose, the PDIC may, among other things, determine a resolution package for the
bank, identify possible acquirers or investors, and conduct a bidding to determine the
acquirer of the bank.
INSOLVENCY
• The Monetary Board may first appoint a conservator for a bank that is in a ‘state of
continuing inability or unwillingness to maintain a condition of liquidity deemed adequate to
protect the interest of depositors and creditors. If conservatorship is not successful or not
deemed proper by the Monetary Board, the Monetary Board may summarily forbid the bank
from doing business and designate the PDIC as its receiver. If the receiver determines that
the bank cannot be rehabilitated or permitted to resume business, the Monetary Board may
instruct the receiver to liquidate the bank.
• Likewise, in case of a bank placed under resolution, in case the PDIC determines that the
bank may not be resolved, the Monetary Board may place the bank under receivership and
designate the PDIC as its receiver.
OBJECTIVE OF SUBSTANTIVE TESTING
- To supplement controls testing the auditor may have performed to determine that the
underlying accounting records are materially correct and reconcile to the financial report
that the auditor will ultimately form an opinion on
SUBSTANTIVE PROCEDURES AND ASSERTIONS
Nature, timing, and extent of procedures:
 Risk Assessment
 Audit Risk
 Professional Judgment
RISKS
Audit Risk - risk that an auditor expresses an inappropriate audit opinion when a financial
report is materially misstated
Inherent Risk - risk of a misstatement occurring irrespective of any controls management
may put in place
Control risk
- is assessed as high when there are no internal controls tested or relied upon by the auditor
(or they are unable to be tested and relied upon
- it is assessed as low when there are good internal controls in place that are designed and
implemented effectively to reduce an identified risk and the auditor has been able to test
them and verify their operating effectiveness throughout the period subject to audit
 lOMoARcPSD|36507141

Detection Risk
- The combination of inherent risk and control risk
- There is an inverse relationship between the auditor’s assessed risk of material
misstatement and detection risk
Audit Risk Model
AR = Audit risk AR = f (IR, CR, DR)
Where: IR = Inherent risk
CR = Control risk
DR = Detection risk

lOMoARcPSD|36507141

DEFINITION OF SUBSTANTIVE PROCEDURES

 Substantive procedures are designed to obtain direct evidence as to the completeness,
accuracy and validity of data, and the reasonableness of the estimates and other
information contained in the financial report.
 Planning procedures and control testing
 Design an appropriate substantive audit procedures (audit program)
 Includes all the planning, interim, and year-end testing procedures with enough detail to
enable the auditor to understand the nature, timing, and extent (or scope) of testing
required
 FACTORS OF EXTENT AND TIMING OF SUBSTANTIVE PROCEDURES
 Nature of the test
 Level of assurance necessary
 Type of evidence required
 Complexity of the client’s data capturing systems
AUDITING IN SPECIALIZED INDUSTRIES
Examples:
Airline, Banking & Insurance, Agriculture, and Oil Extraction
Why specialized?
1. have specific financial reporting standards applicable to them,
2. or to have distinct accounting policies which have been developed to account for
specialized transactions and balances which are based on the normally-applied
financial reporting standards
*For instance, IAS 41, Agriculture is clearly relevant specifically to the agriculture sector and
IFRS 7, Financial Instruments: Disclosure will need specific application by companies
operating in the banking sector
AUDIT CONSIDERATIONS
Competence
- whether the firm is competent to perform the engagement and has the capabilities,
including time, and resources, to do so
- whether the audit firm personnel has knowledge of relevant industries and has experience
with relevant regulatory or reporting requirements, or the ability to gain the necessary skills
and knowledge effectively
LARGE OR SMALL?
 Larger audit firms are likely to meet the competence requirement for almost any type of
industry – they will either already possess necessary skill and competence through
having existing clients in the particular industry, or have the resource available to bring
in experts and/or provide any necessary staff training.
 Smaller firms may have to carefully consider their competence to take on an audit client
in a specialised industry if they have not previously worked with an audit client in the
same industry.
REGARDLESS OF THE SIZE…
Audit firms may choose to specialise themselves in the audit of clients in a particular market
or sector, for example a smaller firm may specialise in the audit of clients in the farming
sector, or in not-for-profit organisations, so it should not be assumed that just because an
audit firm is small, it would not meet the competence requirement.
AUDIT PLANNING
Identification of the risk of material misstatement in a specialised industry should be
approached in the same was as in any other audit – by obtaining appropriate
understanding of the business and its environment.
To assist audit team members assigned to a specialised industry client, the audit firm is
likely to have additional resources available. There may be briefing notes or internal
technical guidance on how financial reporting standards should be applied within the
sector
BANKING
- For example, in the audit of banking sector clients, an audit firm may produce guidance on
the specific application of IFRS® Standards relating to the range of financial instruments
typically held by banks.
- Audit staff can then refer to this guidance when performing the audit, particularly when
identifying risks of material misstatement.
 lOMoARcPSD|36507141

NORMAL BALANCES AND TRANSACTIONS

- It is also important to remember that while there may be specific risks of material
misstatement relating to the industry-specific balances and transactions, there must also be
appropriate consideration of the “normal” balances and transactions.
RELIANCE ON EXPERTS
- The auditor may plan to use an auditor’s expert to obtain audit evidence.
- This is quite likely in a specialised industry as despite being competent to perform the
engagement, the audit firm may not have the necessary specific expertise in some areas.

Comprehensive Reviewer for the Audit of Business Process

Outsourcing (BPO) Industry
1. Introduction to Business Process Outsourcing (BPO) Industry
Business Process Outsourcing (BPO) refers to the practice of contracting
specific business tasks, such as customer service, finance, human resources,
or IT services, to third-party service providers. These third parties, often
located in different geographical regions, help businesses streamline their
operations, reduce costs, and focus on core activities.
 Back-ofÏce services: These involve non-customer-facing tasks such
as data entry, billing, payroll, and purchasing.
 Front-ofÏce services: These tasks deal directly with customers, such
as marketing, customer support, and sales.
The global BPO industry has seen tremendous growth, especially in regions
like India and the Philippines, due to their skilled labor force, cost
advantages, and technological infrastructure. Companies in various sectors,
from healthcare and telecommunications to retail and banking, are using
BPO services to enhance operational efÏciency.
Why Outsource?
 Cost EfÏciency: By outsourcing, companies save on labor,
infrastructure, and operational costs.
 Focus on Core Business: It allows companies to focus on their core
competencies, like innovation and market expansion, while
outsourcing non-core functions.
 Scalability: BPOs allow companies to scale operations up or down
quickly based on business needs.
 Access to Expertise: BPO providers often have specialized
knowledge and tools that may not be available internally within a
company.
2. The Structure of the BPO Industry
2.1. Key Sectors of the BPO Industry
The BPO industry can be categorized into several sub-sectors based on the
nature of the services provided:
1. Contact Centers: These handle customer interactions, both inbound
(customer inquiries, support) and outbound (telemarketing, sales).
2. Human Resource Outsourcing (HRO): Manages recruitment,
payroll, benefits administration, and employee training.
3. Finance and Accounting Outsourcing (FAO): Outsourcing of
financial tasks such as bookkeeping, accounts receivable/payable, and
financial reporting.
4. Knowledge Process Outsourcing (KPO): This involves outsourcing
tasks requiring high-level expertise, such as research and data
analytics.
 lOMoARcPSD|36507141

5. Information Technology Outsourcing (ITO): Includes services

related to IT infrastructure management, software development, and
technical support.
6. Healthcare Outsourcing: Includes services like medical billing,
telemedicine, claims processing, and patient data management.
7. Legal Process Outsourcing (LPO): Legal services like document
review, litigation support, and contract management are outsourced.

2.2. Core Functions and Services of BPO

BPO providers typically offer:
 Customer Support: Answering queries, resolving complaints,
managing orders.
 Finance & Accounting: Processing payroll, handling invoices, tax
reporting.
 Technical Support: Assisting customers with technical issues,
troubleshooting.
 Sales and Marketing: Telemarketing, lead generation, market
research.
 IT Services: Hosting services, network management, cybersecurity.
BPOs also increasingly incorporate Artificial Intelligence (AI),
Automation, and Machine Learning (ML) to streamline operations,
improve service accuracy, and reduce manual intervention.

3. Specialization of the BPO Industry

The BPO industry is distinct due to its unique set of challenges, technological
reliance, and the specialization required in specific sectors. The
specialization of the BPO industry arises from its dependence on delivering
quality services at scale while adhering to stringent regulatory requirements
and global standards. Several factors highlight the specialized nature of the
industry:
3.1. Technological Infrastructure
BPO providers heavily rely on advanced technologies, such as cloud
computing, artificial intelligence, and automated processes, to deliver
seamless services. The ability to handle vast amounts of data, manage
customer relationships efÏciently, and provide real-time solutions makes BPO
providers technology-centric entities.
3.2. Global Workforce Management
The BPO industry is uniquely positioned to manage global talent pools. Most
BPO companies operate across different time zones, requiring sophisticated
systems for managing employees, time, and resources efÏciently.
3.3. Regulatory Environment
Several laws and regulations directly impact the BPO industry. In particular,
tax laws and data privacy regulations (such as the General Data
Protection Regulation (GDPR) in Europe) create a framework within which
BPO providers must operate. Regulatory compliance is crucial, as BPO
companies often deal with sensitive information, such as financial records,
health data, or personal customer details.
 lOMoARcPSD|36507141

4. Key Statutory Laws Applicable to BPOs

The BPO industry benefits from several regulatory frameworks that provide
tax incentives, financial exemptions, and industry-specific support.
4.1. Omnibus Investment Code (OIC)
This code offers a variety of incentives to encourage investment in specific
industries, including BPOs:
 Income Tax Holiday: BPOs may qualify for income tax exemptions for
a period of 4-8 years, depending on their operations.
 Additional Labor Deductions: Companies can deduct certain labor
expenses, which helps offset the costs of hiring, especially for large-
scale operations.
 Duty-Free Imports: Equipment, supplies, and materials imported for
BPO services may be exempt from import duties, reducing the cost of
acquiring necessary infrastructure.

4.2. Special Economic Zone Act of 1995 (PEZA Law)

PEZA-registered BPO companies can enjoy:
 Zero-Rated VAT: BPO services can be exempt from value-added tax.
 5% Gross Income Tax: In place of other national and local taxes,
BPOs may pay a simplified gross income tax of just 5%.
 Simplified Import Procedures: BPOs in special economic zones can
import goods without extensive bureaucratic hurdles.

4.3. Cagayan Special Economic Zone Act of 1995 (CEZA Law)

This law further encourages foreign direct investment (FDI) in BPOs through:
 Permanent Resident Status for Foreign Investors: Foreign
investors and their families can secure permanent resident status with
a minimum investment of USD 150,000.
 Corporate Income Tax Exemptions: In addition to income tax
holidays, companies may also qualify for exemptions from corporate
income tax for certain durations.

5. Growth Factors of the BPO Industry

The BPO industry in the Philippines, in particular, has seen exponential
growth due to several critical factors:
5.1. Language and Cultural AfÏnity
Filipino employees are known for their proficiency in Western-accented
English, making them more relatable to U.S. and European clients.
Additionally, their close cultural afÏnity to Western norms allows them to
handle customer queries more effectively.
5.2. Cost EfÏciency
One of the primary reasons companies outsource to the Philippines is the
significantly lower labor cost compared to countries like the U.S. or the U.K.
This cost advantage, coupled with high-quality services, makes the
Philippines a preferred BPO destination.

5.3. Government Support

The Philippine government has been quick to pass favorable legislation, such
as the Data Privacy Act, which ensures that companies handling sensitive
information comply with international data protection standards.
 lOMoARcPSD|36507141

5.4. Diversification of Services

The Philippine BPO industry has diversified beyond traditional voice-based
services to include non-voice sectors like healthcare information
management, financial services, and even emerging industries like
animation and gaming.
5.5. Technological Advancement
With the incorporation of new technologies, BPO providers are offering more
sophisticated and efÏcient services. Companies are now investing in AI, cloud
computing, and cybersecurity measures to improve the quality of services
and reduce errors.

6. Risk Assessment in BPO Auditing

Conducting an audit of a BPO organization involves understanding and
addressing several inherent risks, many of which are unique to the
outsourcing industry. Auditors must focus on identifying, assessing, and
mitigating these risks.
6.1. Common Risks in the BPO Industry
1. Business Risk: Risks related to operational inefÏciencies, client
dissatisfaction, or market volatility can lead to financial losses or lost
contracts.
2. Technology Risk: Since BPO operations rely heavily on technology,
any disruption—such as system crashes, cybersecurity threats, or data
breaches—can have catastrophic consequences.
3. Security Risk: With BPO companies handling large volumes of
customer data, the risk of data breaches or mishandling of sensitive
information is high.
4. Human Capital Risk: BPOs often face high employee turnover rates,
leading to challenges in maintaining service quality and institutional
knowledge.
5. Reputation Risk: Customer dissatisfaction, service interruptions, or
data privacy violations can harm a BPO’s reputation, affecting its
ability to retain and attract clients.
6. Political and Regulatory Risk: Changes in government regulations
or tax incentives can affect the profitability of BPO operations,
particularly in regions that are highly dependent on regulatory
benefits.

6.2. Audit Response to BPO Risks

To mitigate risks, auditors implement several measures:
 IT Security Audits: Ensuring that robust firewalls, encryption, and
data access controls are in place to protect sensitive information.
 Operational Audits: Reviewing internal processes to identify
inefÏciencies, operational bottlenecks, or service gaps.
 Financial Audits: Cross-verifying financial statements, especially
regarding invoicing accuracy, payroll management, and service-level
agreements (SLAs).
 lOMoARcPSD|36507141

7. Audit Process in the BPO Industry

A thorough audit process in the BPO industry requires the following
structured approach:
7.1. Pre-Audit Planning
Before conducting the audit, auditors must familiarize themselves with the
BPO provider’s business operations, organizational structure, key clients, and
specific service offerings. During this phase, auditors also establish:
 Scope of the Audit: The key areas of focus, such as financial
statements, compliance with regulations, data security, and
operational efÏciency.
 Audit Objectives: Determining whether the BPO meets its
contractual obligations, adheres to legal standards, and maintains
accurate financial records.
7.2. Conducting the Audit
During the audit, several key areas are reviewed:
1. Invoicing and Revenue Recognition: Auditors review invoicing
procedures to ensure the company accurately bills clients based on
contracts or SLAs. Any discrepancies in the invoicing process could
indicate errors in revenue recognition.
2. Service Level Agreement (SLA) Adherence: Analyzing if the BPO
provider meets its contractual SLAs, such as response times, customer
satisfaction metrics, and call resolution rates.
3. Payroll Management: Verifying that the payroll system accurately
compensates employees and adheres to legal requirements (tax
deductions, benefits, etc.).
4. Data Security Measures: Assessing the adequacy of cybersecurity
systems, access controls, and data protection measures.
5. Fixed Assets: Physical verification of company assets, particularly in
cases of hybrid work setups, is critical for ensuring that company
property is being used efÏciently and that there is no misappropriation
of resources.
7.3. Gathering Evidence
Evidence collection is a key aspect of the audit process. Auditors use a
variety of methods to gather evidence:
 Documentation Review: Reviewing financial documents, contracts,
SLAs, and regulatory filings.
 Interviews and Discussions: Speaking with key personnel to
understand processes and identify potential risks or inefÏciencies.
 Analytical Procedures: Comparing financial ratios, key performance
indicators (KPIs), and trends to detect anomalies or inconsistencies in
operational performance.
8. Major Audit Areas of Significance
8.1. Invoicing
BPO providers often use performance-based invoicing (per call, per
transaction, or per employee). Auditors must ensure that:
 Invoices accurately reflect the services provided.
 Invoicing is timely and aligns with agreed-upon SLAs.
 Significant fluctuations in revenue are investigated, and appropriate
explanations are obtained.
 lOMoARcPSD|36507141

Key Metrics to Analyze:

 Revenue per Employee: Auditors analyze whether revenue
generated per employee aligns with industry norms.
 Profit Margins: Checking profitability per project against budgeted
margins.
 Revenue Earned per Hour: Verifying whether the revenue aligns
with the hours logged for each project.
8.2. Service Level Agreement (SLA) Adherence
SLAs define the terms of service delivery. Auditors must review whether:
 The BPO provider is meeting the agreed performance standards.
 Any penalties for non-compliance are appropriately charged.
8.3. Payroll
Payroll is a critical area in BPO audits, especially given the size of the
workforce. Auditors examine:
 Accuracy of salary computations, tax deductions, and benefit
allocations.
 Controls over payroll processing and prevention of payroll fraud.
8.4. Data Security
BPO companies handle vast amounts of client and customer data. Auditors
focus on:
 Ensuring data protection policies meet international standards.
 Verifying the existence of cybersecurity measures like encryption,
multi-factor authentication, and breach detection systems.
8.5. Fixed Assets
For companies operating in hybrid setups, auditors must:
 Conduct physical asset verification to ensure proper allocation and
usage.
 Confirm that assets used remotely are properly tracked and
maintained.
9. Proof of Evidence in BPO Auditing
Gathering proof of compliance, financial accuracy, and operational efÏciency
is crucial in BPO audits. Evidence is collected in several forms:
 Documentation: Contracts, SLAs, financial records, and compliance
certificates form the backbone of audit evidence.
 Data Analytics: Advanced tools can be used to track trends in
performance, costs, and revenue generation.
 Physical Verification: Particularly for fixed assets, physical
inspections ensure the presence and proper use of company property.
10. Case Study: Understanding Revenue Growth in a BPO Company
Scenario: A BPO company has reported a 10% increase in revenue this year
compared to last year.
Questions to ask during the audit:
 What caused the revenue growth? Did the company secure new
clients, or did existing clients increase their service usage?
 Is the revenue growth sustainable? Are the factors contributing to
the growth one-time occurrences, or is there potential for continued
growth?
 Does the growth align with operational output? Are the
operational costs, employee hours, and service outputs in line with the
revenue increase?
 Are there any discrepancies in invoicing? Review whether any
discrepancies in billing might have artificially inflated revenue.
 lOMoARcPSD|36507141

11. Conclusion
The audit of BPO companies presents unique challenges due to the industry’s
reliance on technology, regulatory complexities, and the need for rigorous
data protection protocols. Auditors must adopt specialized strategies that
address the industry's distinct risk profile, particularly in areas such as data
security, SLA adherence, and compliance with tax laws. By focusing on
critical areas such as invoicing, payroll, and regulatory compliance, auditors
can provide a comprehensive assessment of a BPO's financial health,
operational efÏciency, and risk management practices.

1. Introduction to Auditing the Mining Industry

Auditing in the mining industry stands out as a highly specialized process
due to the nature of operations, regulatory frameworks, and environmental
responsibilities. Mining companies engage in extracting minerals that hold
significant economic value, but the operational and environmental
complexities demand rigorous audits to ensure compliance, proper revenue
generation, and mitigation of long-term risks.
Specialized Nature of Mining Audits:
 Complex Extraction Processes: Mining operations involve technical
extraction processes, from exploration to the actual mining and
refinement of materials. Each phase has unique financial and
operational risks.
 Regulatory Overload: Mining is heavily regulated, not only for
business and financial activities but also environmental impacts. The
industry must comply with strict national and international regulations,
particularly around land use, environmental degradation, and resource
management.
 Long Project Life Cycles: Mining projects often span multiple
decades, from exploration to decommissioning. Auditors must account
for long-term liabilities, particularly related to environmental
remediation and land rehabilitation.
 High Financial Stakes: Mineral extraction can be extremely
lucrative, but it comes with high financial risks tied to commodity price
fluctuations, operational inefÏciencies, and potential non-compliance
penalties.

2. Key Characteristics of the Mining Industry

The mining industry presents unique characteristics that affect how audits
are performed, focusing on specific areas like financial controls, site
management, revenue recognition, and environmental obligations.
a. Regulation
Mining is tightly regulated by national laws, local ordinances, and
international environmental standards. These regulations govern not
just the operations of the mines but also their corporate responsibilities, land
use, and the management of mineral resources.
Key Regulatory Influences:
 Philippine Constitution: Provides the foundational legal framework
for mining activities in the Philippines.
 Government Agencies: In many countries, mining operations are
monitored by multiple governmental agencies, each enforcing different
aspects of the law, such as environmental protection and land use
management.
 lOMoARcPSD|36507141

 Corporate Compliance: Mining companies must also adhere to

corporate laws related to taxation, environmental policies, and worker
safety standards.

b. Revenue Sources in Mining

The revenue generation model for the mining industry is complex and
multifaceted. It primarily revolves around royalties, but also includes a wide
range of other income streams. Understanding and auditing these revenue
streams is crucial.

Primary Revenue Streams:

1. Royalties: A royalty is a payment made to the owner of the resource
(often the government) for the right to extract minerals. There are
different types:
o Unit-based royalties: Calculated per unit of extracted material.
o Value-based (ad valorem) royalties: A percentage of the
value of the extracted material.
o Profit-based royalties: Royalties based on the profit generated
from mining activities after allowable expenses. (gross profit)
2. Other Revenue Streams: (for Government)
o Leases: Mining companies lease land from government or
private owners, and payments for these leases are considered a
source of revenue for the government.
o Licenses and Permit Fees: These fees are paid by companies
to acquire legal authorization to explore and extract minerals.
o Bonuses: Some companies pay bonuses to secure mining rights.
o Penalties and Fines: Penalties are issued for non-compliance
with regulations, such as safety violations or environmental
damage.
Auditor's Role: Auditors must verify that these various streams are
accurately recorded, reported, and in compliance with the relevant legal and
regulatory frameworks.
c. Life Cycle of a Mining Project
Mining projects have a long lifecycle, which auditors must account for to
ensure that operations, financial practices, and compliance requirements are
adhered to at every stage.
1. Exploration and Feasibility:
 Risk Level: Very high, as there is no guarantee that exploration will
result in a profitable mining operation.
 Auditor Focus: Evaluating whether the company has made
reasonable estimates for exploration costs, and assessing the
allocation of funds for future project phases.
2. Planning and Construction:
 Regulatory Compliance: Companies must secure permits and ensure
that construction adheres to local laws, including those related to
environmental impact.
 Auditor Focus: Ensuring that expenses for planning and construction
are accurately capitalized and that regulatory approvals are in place.
 lOMoARcPSD|36507141

3. Operations:
 Revenue Generation: This is the phase where the extraction and sale
of minerals occur, making it the primary focus for revenue audits.
 Auditor Focus: Verifying sales figures, ensuring royalties and taxes
are paid correctly, and evaluating operational efÏciency.
4. Closure and Decommissioning:
 Environmental Liabilities: This phase involves closing the mine,
cleaning up the site, and restoring the land. Financial assurances, such
as remediation funds, are critical to ensure the company can cover
these costs.
 Auditor Focus: Ensuring that financial provisions for site remediation
are adequate and based on realistic cost estimates.
d. Challenges in Auditing the Mining Industry
 High Volume of Transactions: Mining companies deal with large-
scale transactions, both in terms of operational costs and revenue from
mineral sales. Auditors must ensure that these transactions are
accurately recorded and compliant with regulations.
 Commodity Pricing: Minerals like gold, copper, and iron ore are
traded on international markets, with prices fluctuating daily. Auditors
must confirm that revenues are reported accurately, based on up-to-
date market prices.
 Operational Complexity: The operational structure of mining firms is
often dispersed over large geographic areas, adding challenges in
auditing inventory, production, and labor practices.

3. Audit Planning for the Mining Industry

Audit planning for mining companies requires auditors to develop a
comprehensive understanding of the mining process, industry regulations,
and internal controls of the mining company. The following steps outline the
planning phase:
a. Acquiring Knowledge of the Business
Before initiating the audit, auditors must gain a deep understanding of the
company’s operations, financial systems, and regulatory environment. This
knowledge is critical to identifying potential risks and focusing audit efforts
on the areas of highest risk.
Key Considerations:
 Understanding Mining Operations: The auditor needs to familiarize
themselves with the technical aspects of mining operations, including
the methods used for extraction and production, and how they are
recorded in the company’s financials.
 Regulatory Framework: Auditors must be aware of the
environmental and labor regulations specific to mining, as non-
compliance can result in significant financial liabilities.
 Internal Controls: An auditor must evaluate the strength of the
company’s internal controls, particularly in the areas of financial
reporting, environmental compliance, and production tracking.
 lOMoARcPSD|36507141

b. Assessing Risk in Mining Operations

Risk assessment is central to the audit process. In the mining industry, risks
are numerous and multifaceted, from environmental liabilities to market
risks.
Key Risks:
1. Regulatory Risks: Non-compliance with regulations could lead to
fines, penalties, or even the shutdown of operations.
2. Market Risks: Fluctuating commodity prices can drastically impact
the company’s revenue. Auditors must ensure that revenue recognition
policies account for these price changes.
3. Environmental Risks: Mining operations can cause significant
environmental damage. Companies are required to provide financial
assurances for the remediation of sites after operations cease, and
these assurances must be scrutinized.
4. Operational Risks: The sheer complexity of managing equipment,
labor, and safety across large, often remote, operations presents risks
that auditors need to evaluate.

c. Special Audit Considerations for the Mining Industry

Due to the industry’s unique nature, there are specific areas that require
specialized audit approaches:
 Royalty Calculations: Royalties, as noted earlier, can be calculated in
various ways, depending on the type of resource and the applicable
legislation. Auditors must ensure that the correct methods are being
applied consistently.
 Cost Allocation for Site Remediation: Auditors need to evaluate
the adequacy of the company's provisions for decommissioning and
remediation of sites post-closure. This includes reviewing cost
estimates and ensuring that funds are being appropriately set aside.
4. Risk Assessment in the Mining Sector
Risk assessment in mining requires auditors to delve deep into the specific
financial, operational, and environmental risks that characterize the industry.
This process ensures that the audit plan addresses the most significant risks
facing the company.
a. Types of Risks in the Mining Industry
The mining industry faces several distinct risks, including financial,
environmental, and regulatory risks.
1. Regulatory Risks
Mining operations are subject to strict regulatory oversight. Non-compliance
with environmental, safety, or corporate laws can lead to significant
penalties, operational delays, or loss of licenses. Auditors must assess:
 Compliance with Permits: Ensuring that all necessary permits and
licenses have been obtained and are up-to-date.
 Environmental Regulation Compliance: Verifying that the company
adheres to environmental regulations and has set aside funds for
environmental rehabilitation.
 lOMoARcPSD|36507141

2. Operational Risks
Mining operations are highly complex and involve large-scale extraction
processes that rely on heavy machinery, labor, and technology. Operational
failures can disrupt production and create financial liabilities. Auditors should
evaluate:
 Safety Risks: Ensuring compliance with labor and safety regulations
to minimize accidents and legal liabilities.
 Production Tracking: Confirming that internal controls are in place to
accurately track production volumes, which directly impacts revenue
recognition.
3. Environmental Risks
Mining activities can result in significant environmental damage, requiring
companies to invest in site remediation. These environmental risks include:
 Soil and Water Contamination: Auditors must review the company’s
environmental management plans and assess whether they
adequately address potential contamination issues.
 Site Rehabilitation: Auditors need to ensure that the company’s
financial provisions for site rehabilitation are sufÏcient and that
remediation plans are being followed.
4. Financial Risks
The volatile nature of commodity prices introduces financial risks that affect
the valuation of assets and revenue recognition. Auditors should focus on:
 Revenue Recognition: Ensuring that revenues are recognized based
on accurate production data and current market prices.
 Cost Management: Verifying that costs are accurately recorded and
that cost-cutting measures do not compromise regulatory compliance
or safety.
b. Fraud and Corruption Risks
Fraud and corruption are significant risks in the mining industry due to the
high financial stakes involved in mineral extraction. Auditors must be vigilant
about:
 Overstatement of Costs: Companies may inflate costs to reduce tax
or royalty liabilities.
 Understatement of Revenues: Mining companies might underreport
production or revenues to reduce payments to the government.
 Bribery and Corruption: In some jurisdictions, there is a risk of
bribery or corruption among ofÏcials, particularly in the granting of
permits and licenses.

5. Revenue and Financial Assurances in Mining Audits

Revenue in the mining industry comes from multiple sources, primarily
lOMoARcPSD|36507141

focused on the extraction and sale of minerals. Auditors must ensure that
revenues are accurately recorded, royalties are calculated and paid
correctly, and that financial assurances for site remediation are appropriately
accounted for.
a. Auditing Revenues in the Mining Industry
Revenue streams in mining are complex, with payments coming from a
variety of sources including royalties, leases, and fees. Auditors must ensure
that these streams are accurately reported and compliant with legal
frameworks.
Key Considerations in Revenue Auditing:
1. Royalty Calculation: Mining companies are required to pay royalties
based on production volumes or the value of the minerals extracted.
Auditors must ensure that royalty calculations are correct and that the
company is complying with relevant tax laws.
2. Self-Reporting Risks: Mining companies often self-report production
volumes, which are used to calculate royalties. Auditors must
independently verify this information to ensure accuracy.
3. Revenue Recognition: Auditors need to ensure that the company’s
revenue recognition policies are in line with accounting standards and
reflect actual production levels.
Audit Techniques:
 Data Reconciliation: Comparing production data with sales records
to verify that revenues are accurately reported.
 Verification of Royalty Payments: Ensuring that royalties paid to
the government are based on accurate production figures and reflect
the correct market prices.

b. Financial Assurances for Site Remediation

Mining companies are required to provide financial assurances to cover the
costs of environmental remediation once mining operations cease. This
ensures that the government and taxpayers are not left with the financial
burden of cleaning up mining sites.
Key Aspects of Financial Assurance Auditing:
1. Remediation Cost Estimates: Auditors must assess whether the
company’s cost estimates for site remediation are realistic and based
on current market conditions.
2. Adequacy of Financial Securities: Verifying that the company has
set aside sufÏcient financial resources (through bonds, insurance, or
other financial instruments) to cover future remediation costs.
3. Timeliness of Inspections: Ensuring that site inspections are
conducted regularly and that financial provisions are adjusted as
necessary to reflect any changes in remediation costs.

6. Gathering Audit Evidence in the Mining Industry

Audit evidence is the foundation of the auditor’s conclusions. In the mining
industry, auditors must gather sufÏcient, reliable evidence to support their
findings on revenue recognition, compliance, and financial assurances.
a. Sources of Evidence
To ensure a thorough audit, auditors must gather evidence from multiple
sources, including:
1. Review of Documents: Examining contracts, licenses, environmental
reports, and financial statements.
2. Interviews: Conducting interviews with key personnel to gain insights
into internal controls and compliance efforts.
3. Testing of Controls: Evaluating the company’s internal controls to
ensure that they are effective in preventing fraud, non-compliance,
and operational inefÏciencies.
4. Site Visits: Physically inspecting mining sites to verify production
levels, environmental management practices, and the state of site
rehabilitation efforts.
 lOMoARcPSD|36507141

b. Audit Techniques
Auditors in the mining industry employ a variety of techniques to gather
evidence:
 Inspection: Examining tangible assets such as mining equipment,
inventories, and environmental rehabilitation efforts.
 Inquiry and Confirmation: Verifying the accuracy of production
volumes, revenues, and costs through third-party confirmations.
 Observation: Observing processes in action, such as how
environmental regulations are being followed on-site.
 Analytical Procedures: Using trend analysis, ratios, and other
techniques to identify inconsistencies or red flags.
Key Ratios in Mining Audits:
 Non-Performing Assets to Total Assets: Identifies the portion of a
company’s assets that are not generating revenue.
 Cost of Remediation to Revenue: Measures whether a company’s
provision for site remediation is adequate relative to its revenue
generation.
 Revenue per Ton of Extracted Material: Tracks how efÏciently the
company is turning extracted materials into revenue.

7. Specialized Audit Considerations in the Mining Industry

Mining audits present specialized challenges, particularly around
environmental and operational risks. Auditors must employ unique strategies
to address these challenges.
a. Environmental and Remediation Liabilities
Mining activities can cause significant environmental damage, and
companies are required to set aside financial resources for remediation once
mining operations cease. Auditors need to ensure that:
 Remediation Plans Are SufÏcient: Auditors should verify that
companies have comprehensive and up-to-date remediation plans in
place.
 Financial Assurances Are Adequate: Companies must provide
financial securities to cover the cost of site rehabilitation. Auditors
must evaluate whether these assurances are adequate to cover the
actual costs.
 Compliance with Environmental Regulations: Auditors should
ensure that the company is complying with all environmental
regulations and that any violations are properly addressed.

Key Considerations:
 Remediation Cost Baselines: Auditors need to verify that the
company’s baseline cost estimates for site remediation are accurate
and regularly updated.
 Government Oversight: Governments often require periodic audits
of mining companies to ensure compliance with environmental
regulations. Auditors should assess the adequacy of government
oversight.
b. Fraud and Corruption Prevention
Fraud and corruption are significant risks in the mining industry due to the
high financial stakes involved. Auditors must focus on:
 lOMoARcPSD|36507141

 Assessing Fraud Risks: Auditors should evaluate the company’s

internal controls to determine whether they are sufÏcient to prevent
fraud.
 Revenue Manipulation: Companies may underreport revenues or
overstate costs to avoid paying royalties or taxes.
 Bribery and Corruption: In some jurisdictions, bribery and corruption
are prevalent in the mining industry, particularly in the issuance of
permits or licenses.
8. Performance Audits in Mining
Performance audits in mining focus on evaluating the efÏciency and
effectiveness of mining operations and the company’s compliance with
regulatory frameworks. These audits are crucial for assessing whether the
company is achieving its operational and environmental objectives.
a. Audit Criteria and Objectives
When conducting performance audits, auditors must set clear objectives and
criteria to evaluate the company’s performance. Some key objectives
include:
 Evaluating the Completeness of Revenues: Ensuring that all
revenues, including royalties, fees, and leases, are fully accounted for.
 Assessing Environmental Compliance: Verifying that the company
is complying with environmental regulations and that it has adequate
provisions for site remediation.
b. Challenges in Performance Auditing
Mining performance audits come with several challenges:
 Technical Complexity: Auditors must have specialized knowledge of
mining operations, extraction processes, and environmental
regulations.
 Capacity Building: Audit ofÏces often struggle to retain staff with the
necessary expertise in mining and environmental management.
 Data Limitations: Access to accurate and up-to-date data can be
challenging, particularly in remote mining operations.
c. Performance Audit Questions
Some high-level questions that guide performance audits include:
 Are mining revenues consistent with market prices and
production volumes?
 Does the company have sufÏcient financial assurances in place
for site remediation?
 Are internal controls effective in preventing fraud and non-
compliance?
9. Reporting on Mining Audits
At the conclusion of the audit, auditors must compile a comprehensive report
that presents their findings, conclusions, and recommendations. These
reports should be clear, concise, and actionable.
a. Reporting Techniques
To ensure that audit reports are effective, auditors should:
 Use Visual Aids: Include charts, diagrams, and graphs to illustrate
key findings, such as trends in revenues or the adequacy of financial
assurances for site remediation.
 Provide Practical Recommendations: Auditors should provide
recommendations that address the identified risks and gaps in
compliance or internal controls.
 lOMoARcPSD|36507141

b. Common Reporting Findings

Common findings in mining audits may include:
 Underreporting of Production Volumes: Companies may
underreport their production to avoid paying royalties.
 InsufÏcient Financial Assurances: Companies may not have set
aside enough financial resources to cover the cost of site remediation.
 Environmental Non-Compliance: Companies may fail to adhere to
environmental regulations, leading to long-term liabilities.

Conclusion
The audit of mining companies is a complex and specialized process that
requires a deep understanding of the industry’s unique characteristics, risks,
and regulatory requirements. Auditors play a critical role in ensuring that
mining companies operate responsibly, comply with regulations, and provide
adequate financial assurances for site remediation. By conducting thorough
risk assessments, gathering sufÏcient evidence, and performing detailed
audits, auditors can help ensure the financial health and environmental
sustainability of the mining sector.
 lOMoARcPSD|36507141

1. Particular IT concerns for banks include use of complex valuation models

incorporated in the IT systems. Correct answer: True
2. IT systems is considered a low-risk area for banks. Correct answer: False
3. PFRS 9 provides that a financial instrument be measured at fair value plus
transaction costs. Correct answer: False
4. In an audit of banks, substantive audit procedures include inspection,
observation, inquiry, confirmation and reperformance. Correct answer: False
5. Computation consists of checking the arithmetical accuracy of source documents
and accounting records or of performing independent calculations. In the context
of the audit of a bank’s financial statements, computation is a useful procedure
for checking the consistent application of valuation models. Correct answer: True
6. Pawnshop operations may include both personal and real property as security for
a loan. Correct answer: False
7. A difference between bank FI and non-bank FI is that non-banks may not accept
deposits. Correct answer: False
8. Banks often engage in transactions that are initiated in one jurisdiction, recorded
in a different jurisdiction and managed in yet another jurisdiction. Correct answer:
True
9. BSP is governed by banking institutions. Correct answer: False
10. In developing an overall plan for the audit of the financial statements of a bank,
the auditor gives particular attention to the extent of IT and other systems used
by the bank. Correct answer: True
11. IAPS 1006 applies to audits of financial statements of banks. Correct answer:
True
12. Liquidity risk is the risk that one side of a transaction will be settled without value
being received from the customer or counterparty. Correct answer: False
13. PRFS 7 Financial Instruments: Disclosures may be relevant when auditing banks
and other financial institutions. Correct answer: True
14. An auditor should acquire all the expertise in banking before he can accept an
audit engagement of banks. Correct answer: False
15. If you are to accept an audit engagement of a client engaged primarily in banking
transactions, you should obtain the necessary experience and expertise during
the audit engagement. Correct answer: False
16. The auditor remains alert for related party transactions during the course of the
audit, only specifically in the lending and investment areas. Correct answer:
False
17. Banks typically have a wide diversity of activities, which means that it is
sometimes difficult for an auditor to fully understand the implications of particular
transactions. Correct answer: True
18. Inherent and control risk relating to banks can be reduced by the auditor. Correct
answer: False
19. In developing an overall plan for the audit of the financial statements of a bank,
the auditor gives particular attention to existence of related party transactions.
Correct answer: True
20. A bank’s assets are often readily transferable, of high value and in a form that
cannot be safeguarded by physical procedures. Correct answer: False
21. General audit objectives for specialized industries will be different from non-
specialized industries. Correct answer: False
22. Accounting standards for special industry may be different from GAAP. Correct
answer: True
23. For banking institutions, auditing the cash account has a higher control risk
compared to other companies. Correct answer: False
24. Banks should have control procedures in place to ensure those rules are applied
in the preparation of appropriate financial information for management and
external reporting. Correct answer: True
 lOMoARcPSD|36507141

25. When auditing banks and other financial institutions, the expected credit loss
model in accordance with PFRS 9, should be considered by the auditor. Correct
answer: True
26. Offshore Banking is the conduct of banking transactions in foreign currencies
involving the receipt of funds from internal and external sources and the
utilization of such funds. Correct answer: False
27. Some characteristics unique to banks include auditor’s consideration of the need
for expertise in the context of the IT systems and communication networks the
bank uses. Correct answer: True
28. The audit process may be revised for an audit of a specialized industry. Correct
answer: True
29. In planning audit for banks, the auditor has a need for sufficient expertise in the
aspects of banking relevant to the audit of the bank’s business activities. Correct
answer: False
30. Understanding laws and regulations for banks and other financial institutions are
essential when accepting an audit engagement. Correct answer: True
31. A specialized industry distinguished industry set apart from others for its’ unique
way of accounting their daily transactions and reporting its financial results that
are allowed under the applicable accounting framework, such as IFRS or GAAP.
Correct answer: True
32. Classifications of banks are limited to universal banks, commercial banks, thrift
banks, rural banks, cooperative banks, and Islamic banks. Correct answer: False
33. SEC rules and regulations may be adhered by specialized industries. Correct
answer: False
34. Financial institutions include insurance companies. Correct answer: True
35. Specialized industries are unusual entities. Correct answer: False
36. Relevant laws and regulations should not be considered when auditing for a non-
specialized industry. Correct answer: False
37. According to RA 9160, covered transactions should be considered by an auditor.
Correct answer: False
38. Specialized industries have different accounting standards as compared to
PFRS. Correct answer: False
39. The greater number of branches a bank has, the higher risks of material
misstatement may be associated with it. Correct answer: True
40. RA 8791 is otherwise known as “The General Banking Law of 2000”. Correct
answer: True
41. For banking institutions, auditing the cash account has a higher inherent risk
compared to other companies. Correct answer: False
42. In making an assessment of materiality, the auditor considers PSA 320 for
auditing of banks. In addition the auditor should also consider the
appropriateness of the going concern assumption which often depends upon
matters related to the bank’s reputation as a sound financial institution and
actions by regulators. Correct answer: True
43. The auditor may over rely on the opinion of expert/specialists of banks and other
financial institutions. Correct answer: False
44. A bank generally records a liability account for a customer’s deposit transaction.
Correct answer: True
45. The control concerns arising from the use of IT by a bank are similar to those
arising when IT is used by other organizations. Correct answer: True