The Financial Risk Audit – This type of audit verifies that controls over acquisition and

use of resources are adequate. It also verifies that sufficient control exists over assets,
liabilities, revenues, and expenditures. They address the accounting and reporting of
financial transactions, including commitments, authorizations, and receipt and
disbursement of funds. The aim of which is to assess the reliability of the accounting
system and information of resulting financial report. Financial risk audit is composed of
the following
Types of Risk Definition Assertions and Activities

Credit Risk Risks arising from the Compliance to management

borrower’s failure to honor to policies and procedures, BSP
pay his obligations (interest and other regulatory agencies’
and/or loan principal) on due or issuances and directives,
maturity date. proper documentation and
classification and compliance
with internal control standards
and risk management system

Strategic Risk Refers to the risk of failure of Compliance to submitted

the bank to execute business business plan; strategic
plans, objectives and medium implementation, reporting,
to long-term goals monitoring and review.
Assessment and evaluation of
the marketing plan, its policies
and procedures and its
effectiveness in risk
management

Liquidity Risk The current and prospective Assessment and evaluation of

risk to earnings or capital
arising from the bank’s inability
to meet its obligations when
they come due without
incurring unacceptable losses
or costs. It is the inability to
manage unplanned decreases
or changes in funding sources.
the implementation of liquidity
policies and procedures, risk
management methodologies,
limits, structure, monitoring and
management information
system and compliance with
BSP issuances and rulings.

Market/ Interest It is the probability of a decline Assessment and evaluation of

Risk in the value of an asset the marketing plan, its policies
resulting from unexpected and procedures and its
fluctuations in interest rates. effectiveness in risk
management.
The risk to earnings or capital
arising from adverse
movements in factors that
affect the market value of
 instruments, products, and
transactions in an institution’s
over-all portfolio. Market risk
arises from market-making,
dealings and position-taking in
interest rate, foreign exchange,
and equity and commodities
market.

Non-Financial Risks - events or actions, other than financial transactions, that can
negatively impact the operations or assets of a company. These include the following
risks:

Types of Risk Definition Assertions and Activities

Operational Risk The risk that may arise as a Assessment of the quality and
result of weakness in appropriateness of policies
organizational structure, poor and procedures, to analyze
oversight function of the board the organizational structures
of directors and senior such as people, equipment,
management, defective process and information
personnel recruitment/ technology systems, and to
selection criteria, weak internal evaluate the adequacy of the
control system, inadequate methods and resources, in
internal and external audit relation to the assignment.
coverage and deficient
management information
system.

Personnel Risk Risk on the failure of bank Examining and assessing

and Succession personnel to function and bank policies, procedures,
Plan follow policies, procedures, documentation, systems, and
and violation of the code of practices with respect to an
conduct. organization’s HR functions.
The purpose of the audit is to
It is the failure of the bank to reveal the strengths and
prepare its executive and weaknesses in the human
emergency succession plan. resource system, and any
issues needing resolution.
Information Risk about hardware,
Technology Risk software, systems interfaces,
data system users, system
and data criticality and
sensitivity which will affect
management information,
reporting and monitoring.
Legal Risk Risk arising from contracts not
legally enforceable or non-
documented agreement. It
may also refer to failure to
honor agreements or contract
with other parties.
Security Risk Risk arising from failure to
ensure the safety of its
employees, clients, and
properties and the non-
implementation of policies and
procedures which led to the
any losses or destruction of life
and property of the bank.
Anti-Money Risks which lead to the
Laundering layering or integration into the
banking system any funds
obtain from illegal sources. It
is also the failure to detect or
prevent the funding of terrorist
plan and activities.
Business The risk of interruption to Review and assessment of
Continuity operation in the event of the effectiveness of the plan
Disaster Recovery natural or human-related on how the bank will deal with
Reviewing the governance
(control) of information and
communications technologies
(computer). To examine the
effectiveness of their technical
and procedural controls to
minimize risks.
Identifying and assessing the
completeness, genuineness
and legality of contracts or
agreements and is
enforceability. Determines any
breach of policies and
procedures.
Review and identifies the
strengths and weaknesses of
current security practices,
prioritize exposures to help
focus on the greatest risk,
deliver risk mitigation actions,
consistent with the bank’s
objectives and compliance
requirements and providing a
repeatable methodology to
support on-going security
audit.
Review and assess the banks
policies on customer
identification, storage, and
reporting systems.
Plan disaster. How the bank will the risk in case of
deal with this risk should be events/disaster that could
enumerated in a Disaster affect the continuity of
Recovery and Business business operations of the
Continuity Plan which should bank including testing
spell out the time needed for frequency and methods.
system back up, the method of
data protection, relation with
clients, the suitability, quality
and familiarity with the plan of
uninterrupted operation and
implementation of stress tests

Corporate The risk that the board will not Review and assessment on
Governance perform their mandated the performance of the board
functions and responsibilities, and senior officers of the
violates regulations, laws and Bank.
internal policies and
regulations.

The risk that may arise as a

result of weakness in
organizational structure, poor
oversight function of the board
of directors and senior
management, defective
personnel
recruitment/selection criteria,
weak internal control system,
inadequate internal and
external audit coverage and
deficient management
information system. Such risk
may affect the capital and
earnings of the bank.

Compliance Risk Risk to earnings or capital to assess the quality of

arising from violations of, or appropriateness of the
non-compliance with laws, established systems, policies
rules and regulations, and procedures to ensure
prescribed practices, or ethical compliance with laws,
standards. This risk exposes regulations, policies and
the bank to fines, monetary procedures.
penalties, payment of
damages, and suspension of
authorities or violating of
contract