Professional Documents
Culture Documents
Audit Program
Audit Objectives:
To determine if:
a. Designs are far from being inherently weak or ineffectual;
b. Controls exists; and
c. Controls are capable of effectively preventing, or detecting and correcting,
material misstatements
Audit Procedures:
a. Summarize the list of key internal controls.
b. A schedule will be provided in the audit tools for the review of the design.
c. Test the design and implementation of controls individually.
i. Inquiring of entity personnel;
ii. Observing the application of specific controls;
iii. Inspecting documents and reports; and
iv. Tracing transactions through the information system.
d. Check the performance of the bank reconciliation at the end of each month.
i. Performance direction assessment
e. Investigate control activities.
i. Policies and procedures that mitigate risks
ii. Performance reviews
iii. Segregation of duties
iv. Electronic safeguards
Audit Objectives:
To determine if:
a. There are internal control deficiencies;
b. Controls are maintained; and
c. Controls are effective and efficient.
Audit Procedures:
a. Check the existence of controls.
b. Assessment of risks of material misstatement at the assertion level.
c. Assess the control environment.
d. Investigate Control activities.
e. Examine information and communication systems.
f. Analyze monitoring activities.
Remarks/Comments:
____________________________________________________________________________
____________________________________________________________________________
____________________________________________________________________________
II. ACCOUNTS AND TRANSACTIONS
Audit Objectives:
To determine if:
a. Recorded transactions exist and are accurate;
b. All transactions are recorded and processed adequately.
Audit Procedures:
a. Trace audit trail of monthly transactions towards their source documents to ensure
accuracy and completeness.
b. Examine physical security measures that protect the physical equipment necessary for
transaction processing.
c. Test transaction processing through a set of ‘dummy transactions’ to go through the
process and evaluate if controls are sufficient.
d. Use sampling techniques to determine a sample size of transactions to be verified.
Tests on samples would be analytical procedures.
e. Create a checksheet for any defects or misstatements occurring in the sample.
Audit Objectives:
a. Evaluate the appropriateness of the transaction authorization process;
b. Determine if all transactions have been properly authorized by responsible personnel
with authority before the transaction has been recorded;
c. Determine if authorization structure is properly communicated to staff;
d. Determine if the company authorization process can adequately risk fraud.
Audit Procedures:
a. Create a flowchart to assess the authorization process visually as well as to determine
the criteria.
b. Conduct interviews with responsible personnel as well as float surveys for low-level
employees and cross-reference the two pieces of evidence.
c. Use ‘dummy transactions’ to test the process as well as to record lead and cycle times in
which a transaction is authorized and processed.
Audit Objectives:
a. Determine whether all related parties have been properly identified and all related party
transactions are properly accounted for and appropriately disclosed in the financial
statements.
Audit Procedures:
a. Testing how related-party transactions are identified and coded in the company’s
enterprise resource planning (ERP) system;
b. Analyze the presentation of related-party transactions in the financial statements.
c. Create a list of legitimate related parties of the firm through inquiries of management and
administration.
Audit Objectives:
a. Determine whether foreign exchange transactions are recorded at the proper market
prices and remeasured accordingly;
b. Evaluate controls that seek to mitigate the risk of loss from foreign exchange
transactions;
c. Determine if foreign exchange transactions comply with appropriate regulatory frameworks.
Audit Procedures:
a. Review transactions if coinciding with international regulatory frameworks such as the
Directorate General of Foreign Trade (DGFT).
b. Recalculate remeasurement/translation of amounts in the financial statements to ensure
correctness.
c. Request letter in prescribed format, NNL declaration, FEMA declaration, IEC of importer,
Bank Guarantee (if applicable), Signature verification of authorised signatory
d. Determine availability of documents as per covering schedule, Lodgement of documents
within timelines, Acceptance on Bill of Exchange, Generation and handling over of Import bill
presentation memo, Delivery of original documents to importer, Acceptance to overseas
bank.
Remarks/Comments:
____________________________________________________________________________
____________________________________________________________________________
____________________________________________________________________________
Audit Objectives:
a. Examine the underlying documentation supporting the purchase of assets, such as
warranties and options, that have been properly accounted for.
b. Assess the adequacy of the system of internal control; the adequacy of the procedures
and the division of duties; and the adequacy of internal audit review.
Audit Procedures:
a. Review and test investor entity’s process and related data
b. Ensure disclosures and enhance the transparency of the entity’s financial assets that
exist in the current environment
c. Inspect other documentation supporting the investor entity’s interest in the fund
Audit Objectives:
a. Assess whether the stated objectives at the time such securities are purchased and
subsequent trading activity in those securities provides support for their classification as
long-term investments.
Audit Procedures:
a. Check and verify all investments have been properly classified and notes have been
placed with respect to restrictions in investments.
b. Examine financial statements to check recognition of gains or losses from investment.
Audit Objectives:
a. Evaluate inefficient processes for information exchange and can lead to errors,
inaccuracies, and misunderstandings.
Audit Procedures:
a. Ensure that there are adequate checks and balances
b. Review documentation supporting the process for compliance with policies, practices,
and regulations
c. Review contracts with third party providers of investment services to determine if
responsibilities, expectations, and investment and performance measurement
benchmarks are clear and consistent with intentions
Section D: Financial Statements (Risks area that could materially affect the FS)
Audit Objectives:
a. Review and validate management's valuations of alternative investments and due
diligence investing procedures.
Audit Procedures:
a. Check compliance with valuation policies and procedures
b. Review validity and completeness of market data
c. Evaluate the appropriateness of the method
Remarks/Comments:
____________________________________________________________________________
____________________________________________________________________________
____________________________________________________________________________
Audit Objectives:
To examine:
a. The authorization controls; and
b. The appropriateness of credit assessment procedures done prior to the
disbursement of funds.
Audit Procedures:
a. Obtain information from lending personnels
i. Information needed:
1. Credit Extensions;
2. Payment History; and
3. Sources of recovery.
b. Review the bank’s process of accepting credit loans.
c. Review supporting documentation prior to lending.
d. Examine the validation of authorization levels and system authorities.
Audit Objectives:
To test the practices whether they are in adherence to fair lending regulations
Audit Procedures:
a. Obtain information from lending personnels.
b. Identify the scope of the bank’s fair lending examination.
c. Check the processes done before lending.
d. Analyze and check if the processes are in compliance with fair lending laws and
regulations.
e. Analyze the bank’s compliance management system.
Audit Objectives:
To check:
a. The concentration of loans;
b. Size of individual credit exposures;
c. Trends in loan volume; and
d. Related party lending.
Audit Procedures:
a. Ensure that there are adequate checks and balances so that one person does not have
sole responsibility for all aspects of a transaction.
b. Review documentation supporting the process for compliance with policies, practices,
and regulations.
Audit Objectives:
To examine:
a. The commitments to lend funds; and
b. The guarantee of repayment of funds by customers to third parties.
Audit Procedures:
a. Review contracts with third party providers of investment services to determine if
responsibilities, expectations, and investment and performance measurement
benchmarks are clear and consistent with intentions.
Remarks/Comments:
____________________________________________________________________________
____________________________________________________________________________
____________________________________________________________________________
V. INFORMATION SYSTEM
Audit Objectives:
To assesses through the entire cycle and best practices are suggested as per the
ISO/IEC 27001 Information security Management frameworks
Audit Procedures:
The risk management process considers the information (in IT assets or IT systems) at
risk, determines the consequence of compromise, identifies threats, recommends
appropriate security controls and safeguards, and determines the reduced residual risk
remaining after the controls and safeguards are implemented. Controls can also be
designed to demonstrate compliance to a set of security requirements or regimes.
The following scenarios are examples of activities that would need to follow the IT risk
management procedure.
Section B: IT Governance
Audit Objectives:
Improving IT governance by reducing risks, improving security, complying with
regulations and facilitating communication between technology and business
management.
Audit Procedures:
Internal audits of IT governance should focus beyond the implementation of governance
practices. Internal audit adds value to the organization by assessing the effectiveness of
IT governance components, and providing assurance to stakeholders that principles and
practices are followed and working as intended. Internal audit assessments will likely
include activities such as:
● Assessing the degree to which IT governance activities and standards are consistent
with the internal audit activity’s understanding of the organization’s risk appetite.
● Conducting consulting engagements as allowed by the audit charter and approved by
the board.
● Ongoing dialogue with senior management and the board to ensure that substantial
organizational and risk changes are being addressed in a timely manner.
Remarks/Comments:
____________________________________________________________________________
____________________________________________________________________________
______________________________________________________________________
Audit Objectives:
a. Check the accuracy of the recorded customer deposit account balances.
b. Determine whether the principal and interest accrual accounts accurately reflect the
bank's liability.
Audit Procedures:
a. To ensure accuracy, balance the subsidiary system’s month-end balance to the general
ledger.
b. Extract all open deposit accounts and stratify by demand deposit account, savings, and
certificate of deposit.
c. Review the stratifications and determine the intended sample size for confirmation.
Section B: Reconciliations
Audit Objectives:
a. Assess proper reconciliation on a recurring basis for all balance sheet accounts related
to deposit operations and correspondent banks.
Audit Procedures:
a. Select account reconciliations for asset, liability, and internal accounts. Review and test
the reconciliations.
b. For the remaining accounts not tested, select all general ledger suspense and in-process
accounts.
c. Perform additional testing due from Correspondent Banks and Official Checks
Outstanding.
d. Summarize the results of testing, conclude as to whether the audit objectives have been
met; and render an opinion of the area.
Audit Objectives:
a. Ensure accrued interest is computed and recorded properly,and interest is paid or
credited to depositors in accordance with the terms of agreements.
Audit Procedures:
a. Document the process management uses to ensure interest accruals are accurate.
Determine if management periodically performs recalculations to ensure the operating
system is functioning as intended.
b. Reconcile interest paid, based on the deposit system reports, to the general ledger.
Investigate variances.
c. Summarize results of testing and conclude as to whether the audit objectives have been
met.
Remarks/Comments:
____________________________________________________________________________
____________________________________________________________________________
____________________________________________________________________________
Audit Objectives:
a. Assess the organization's AML policies and procedures, and the company's anti-money
laundering compliance program document.
b. Test for gaps in the internal controls of the company regarding AML obligations.
Audit Procedures:
a. Review the AML policy statements of the organization and examine the accompanying
procedural documentation. Check that the policies are up to date with the latest
regulations and industry guidance.
b. Interview relevant personnel, the AML Officer, to obtain an understanding of the entity’s
operations and information that may not be accessible within the written program.
c. Assess the organization’s AML business risk assessment, including their assessment of
risks associated with the entity’s customers, jurisdictions, products, delivery channels,
transactions, and mitigating controls.
Audit Objectives:
a. Assess the compliance and attentiveness in covered and suspicious transaction
reporting, and assess the reporting protocols of the company and actions to be taken.
Audit Procedures:
a. Test the entity’s transaction monitoring methods and ensure that the management
information systems, electronic or manual, are accurate in detecting potentially
suspicious activities, regardless of the amount.
b. Test a sample of the client files to assess compliance with the framework requirements
and to check that the organization’s day-to-day processes match the firm’s documented
procedures.
c. Review the system of reporting transactions
● Check if the timing of reporting “Covered Transactions” is within five working
days from occurrence.
● Check the timing of reporting “Suspicious” or “Covered and Suspicious”
transactions if it does not exceed ten (10) days from occurrence.
● Check if all “Covered Institutions” reports are stored for five years from the dates
of transactions.
Audit Objectives:
a. Evaluate accuracy and compliance with customer identification requirements in
identifying the identity of customers, verification of information, and in implementing risk
assessment procedures.
Audit Procedures:
a. Review the organization’s procedures for customer identification, including assessing the
inherent risks and demographic data of the customers.
b. Assess written customer acceptance policies and customer information including:
● the list of the location of all clients;
● list of all current clients showing value and volume of activity;
● list of all high-risk client types or industry;
● list of any exceptional transactions over the last 6 months.
c. Ensure that documents or information obtained under the Customer Due Diligence
process are up to date, and records of customer transactions are kept for five years.
Audit Objectives:
a. Evaluate employee training regarding record keeping requirements, customer
identification process, and reporting of covered and suspicious transactions.
b. Assess the effectiveness of the training program for employees.
Audit Procedures:
a. Interview relevant personnel to ensure that all the staff are trained on the latest policies
and regulations regarding money laundering that will enable them to fully comply with
their obligations under the Anti-Money Laundering Act..
b. Obtain and review documentation including anti-money laundering training materials, a
log of the employee training, the employee screening process, and the CVs of the key
personnel of the firm.
Remarks/Comments:
____________________________________________________________________________
____________________________________________________________________________
____________________________________________________________________________
Audit Objectives:
a. Evaluate whether reporting and activities of the company are in accordance with the
relevant authorities governing the entities;
b. Determine whether entities follow industry-specific rules and standards
Audit Procedures:
a. Inquire relevant staff members regarding how management is informed of its compliance
to regulatory requirements from regulatory bodies such as the BSP;
b. Conduct an interview with the Chief Compliance Officer regarding compliance function
operations as well as its judgment of compliance risk.
Remarks/Comments:
____________________________________________________________________________
____________________________________________________________________________
____________________________________________________________________________
Prepared by:
Group 5