A.

Classification of Audit Findings

 Minor Audit finding refers to clerical errors, minor discrepancies, marginal departures
from prescribed procedures and other insignificant findings where the bank’s
exposure to financial loss is minimal.

 Major Audit finding such as;

- Violations of/deviations from Banking Laws, Rules and Regulations of BSP and
other regulatory bodies, bank’s internal policies and procedures that may cause
possible substantial financial loss to the bank and/or other serious significant
implications.
- Gross violations of the principles of accounting, internal control and other
violations/actuations that clearly manifest bad faith, abuse of authority, etc.
- Unwarranted continuance of previously cited conditions and/or audit findings
particularly those where commitments to correct them had been given by the
area audited.
- Gross negligence on the part of the staff and officers.

B. Audit Rating & Demerit Point System

Demerit
Audit Rating
Points
One minor finding committed only once or occasionally 1 point
Two minor findings committed only once or occasionally 2 points
Three to Five minor findings committed only once occasionally 4 points
Six to Nine minor findings committed only once occasionally 8 points
Ten or more minor findings committed only once or occasionally 10 points
One minor findings frequently/continuously committed 2 points
Two minor findings frequently/continuously committed 4 points
Three to Four minor findings frequently/continuously committed 8 points
Five or more minor findings frequently/continuously committed 10 points
One major finding that has been committed once or occasionally 5 points
Two or more major findings that has been committed once or
occasionally 10 points
One major finding that has been frequently /continuously
committed 10 points
One minor finding committed only once or occasionally and with
actual potential loss assessment amounting to the following, to
wit:  
P 100 to P 50k ---------------------------------------------------- 2 points
P 51k to P100k--------------------------------------------------- 3 points
P 101 to P250k--------------------------------------------------- 5 points
P 251k and above------------------------------------------------ 10 points

NOTE:
On every risk category, 10 are the highest demerit points
while 1 is the lowest.
C. Overall Risk-based Audit Score and Equivalents and Interpretation
Parameter
Numerica Risk Level
s
l Risk Equivalent
Numerica Adjectiva
Rating (%)
l l
6 Excellent 1 to 10 1 Low
5 Strong 11 to 20
2 Medium
4 Good 21 to 30
3 Acceptable 31 to 40
2 Weak 41 to 50
3 High
Grossly
1 > 51
Unacceptable

 Interpretation

Numerica
l Risk Equivalent Interpretation
Rating
6 Excellent
– indicates strong performance and risk
management practices that consistently
provide for safe and sound banking
practices. The branch clearly identifies all
risks and employs compensating factors
mitigating concerns. Any weaknesses are
minor and can be handled in a routine
manner by the branch. The branch is in
substantial compliance with laws and
regulations. It gives no cause for
supervisory concern.

– all of the elements of good internal control

system are effective and can give
reasonable assurance that the following
objective will be met
 Reliability and integrity of financial
and operational information.
 Efficiency and effectiveness of
operations.
 Compliance with laws, regulations,
bank policies and contract.
Numerica
l Risk Equivalent Interpretation
Rating
 Safeguarding of assets.
 Demerit points rating is 1 to 10.

– indicates relatively strong performance and

risk management practices that
consistently provide for safe and sound
banking practices. Significant outstanding
issues are monitored until resolved.
Operation is performed in accordance with
the manuals and standards; however,
minor or infrequent problems may arise
with the timeliness, completeness and
accuracy of reports.

5 Strong – all of the elements of good internal control

system are effective and can give
reasonable assurance that the following
objective will be met
 Reliability and integrity of financial
and operational information.
 Efficiency and effectiveness of
operations.
 Compliance with laws, regulations,
bank policies and contract.
 Safeguarding of assets.
 Demerit points rating is 11 to 20.

4 Good
– reflects satisfactory performance and risk
management practices that consistently
provide for safe and sound banking
practices. Minor areas of weakness may be
present which could develop into
conditions of greater concern. These
weaknesses are well within the branch
capabilities and willingness to correct. The
branch is in substantial compliance with
laws and regulations. The supervisory
response is limited to the extent that minor
adjustments are resolved in the normal
course of business and that operations
continue to be satisfactory.

– a few of the elements of good internal

control system are ineffective, and can still
give reasonable assurance that the
following objectives will be met
 Reliability and integrity of financial
and operational information.
Numerica
l Risk Equivalent Interpretation
Rating
 Efficiency and effectiveness of
operations.
 Compliance with laws, regulations,
bank policies and contract.
 Safeguarding of assets.
 Demerit points rating is 21 to 30.

– risk management practices may be less

than satisfactory relative to the
performance of the branch. The branch
may not identify and provide mitigation of
significant risks. Both historical and
projected key performance measures may
generally be flat or negative to the extent
that safe and sound banking practices may
be adversely affected. There may be
significant non-compliance with laws and
regulations. The branch may lack the
ability or willingness to effectively address
weaknesses within appropriate time
frames. It requires more than normal
3 Acceptable supervisory attention to address
deficiencies.

– a few of the elements of good internal

control system are ineffective, and can still
give reasonable assurance that the
following objectives will be met
 Reliability and integrity of financial
and operational information.
 Efficiency and effectiveness of
operations.
 Compliance with laws, regulations,
bank policies and contract.
 Safeguarding of assets.
 Demerit points rating is 31 to 40.

2 Weak
– risk management practices are generally
unacceptable relative to the poor
performance of the branch. Key
performance measures are likely to be
negative. Such performance, if left
unchecked, would be expected to lead to
conditions that could threaten the viability
of the branch performance. There may be
significant non-compliance with laws and
regulations. The branch is not satisfactorily
resolving the weaknesses and problems. A
Numerica
l Risk Equivalent Interpretation
Rating
high potential for failure is present but is
not yet imminent or pronounced. It requires
close supervisory attention.

– some of the elements of good internal

control system are ineffective and may not
give reasonable assurance that the
following objective will be met
 Reliability and integrity of financial
and operational information.
 Efficiency and effectiveness of
operations.
 Compliance with laws, regulations,
bank policies and contract.
 Safeguarding of assets.
 Demerit points rating is 41 to 50
points.

– considered unsatisfactory performance that

is critically deficient and in need of
immediate remedial attention. Such
performance, by itself or in combination
with other weaknesses, directly threatens
the viability of the branch performance.

– mostly all of the required elements for good

Grossly internal control system are ineffective and
1 Unacceptabl does not warrant compliance that the
e following objective will be met
 Reliability and integrity of financial
and operational information.
 Efficiency and effectiveness of
operations.
 Compliance with laws, regulations,
bank policies and contract.
 Safeguarding of assets.
 Demerit points rating is 51 and
above.