ABC Bank

Audit Program

I. ASSESSMENT OF INTERNAL CONTROL

W.P. Ref: __________________________ Actual Date: JANUARY 1 to APRIL 31, 2022

By: Ma. Rosalynn C. Ledda Actual Time: _______ Estimate Time: 184 hours

Section A: Design of Internal Control

Audit Objectives:
To determine if:
a. Designs are far from being inherently weak or ineffectual;
b. Controls exists; and
c. Controls are capable of effectively preventing, or detecting and correcting,
material misstatements

Audit Procedures:
a. Summarize the list of key internal controls.
b. A schedule will be provided in the audit tools for the review of the design.
c. Test the design and implementation of controls individually.
i. Inquiring of entity personnel;
ii. Observing the application of specific controls;
iii. Inspecting documents and reports; and
iv. Tracing transactions through the information system.
d. Check the performance of the bank reconciliation at the end of each month.
i. Performance direction assessment
e. Investigate control activities.
i. Policies and procedures that mitigate risks
ii. Performance reviews
iii. Segregation of duties
iv. Electronic safeguards

Section B: Dispersal of Internal Control Functions

Audit Objectives:
To determine if:
a. There are internal control deficiencies;
b. Controls are maintained; and
c. Controls are effective and efficient.

Audit Procedures:
a. Check the existence of controls.
b. Assessment of risks of material misstatement at the assertion level.
c. Assess the control environment.
d. Investigate Control activities.
e. Examine information and communication systems.
f. Analyze monitoring activities.

Remarks/Comments:
____________________________________________________________________________
____________________________________________________________________________
____________________________________________________________________________
II. ACCOUNTS AND TRANSACTIONS

W.P. Ref: __________________________ Actual Date: JANUARY 1- APRIL 31, 2022

By: ___Alec Benjamin P. Lingan________ Actual Time: _______ Estimate Time: 184 Hours

Section A: Transaction Processing

Audit Objectives:
To determine if:
a. Recorded transactions exist and are accurate;
b. All transactions are recorded and processed adequately.

Audit Procedures:
a. Trace audit trail of monthly transactions towards their source documents to ensure
accuracy and completeness.
b. Examine physical security measures that protect the physical equipment necessary for
transaction processing.
c. Test transaction processing through a set of ‘dummy transactions’ to go through the
process and evaluate if controls are sufficient.
d. Use sampling techniques to determine a sample size of transactions to be verified.
Tests on samples would be analytical procedures.
e. Create a checksheet for any defects or misstatements occurring in the sample.

Section B: Authorization Process

Audit Objectives:
a. Evaluate the appropriateness of the transaction authorization process;
b. Determine if all transactions have been properly authorized by responsible personnel
with authority before the transaction has been recorded;
c. Determine if authorization structure is properly communicated to staff;
d. Determine if the company authorization process can adequately risk fraud.

Audit Procedures:
a. Create a flowchart to assess the authorization process visually as well as to determine
the criteria.
b. Conduct interviews with responsible personnel as well as float surveys for low-level
employees and cross-reference the two pieces of evidence.
c. Use ‘dummy transactions’ to test the process as well as to record lead and cycle times in
which a transaction is authorized and processed.

Section C: Related Party Transactions

Audit Objectives:
a. Determine whether all related parties have been properly identified and all related party
transactions are properly accounted for and appropriately disclosed in the financial
statements.

Audit Procedures:
a. Testing how related-party transactions are identified and coded in the company’s
enterprise resource planning (ERP) system;
b. Analyze the presentation of related-party transactions in the financial statements.
c. Create a list of legitimate related parties of the firm through inquiries of management and
administration.

Section D: Foreign Exchange Trading

Audit Objectives:
a. Determine whether foreign exchange transactions are recorded at the proper market
prices and remeasured accordingly;
b. Evaluate controls that seek to mitigate the risk of loss from foreign exchange
transactions;
c. Determine if foreign exchange transactions comply with appropriate regulatory frameworks.

Audit Procedures:
a. Review transactions if coinciding with international regulatory frameworks such as the
Directorate General of Foreign Trade (DGFT).
b. Recalculate remeasurement/translation of amounts in the financial statements to ensure
correctness.
 c. Request letter in prescribed format, NNL declaration, FEMA declaration, IEC of importer,
Bank Guarantee (if applicable), Signature verification of authorised signatory
d. Determine availability of documents as per covering schedule, Lodgement of documents
within timelines, Acceptance on Bill of Exchange, Generation and handling over of Import bill
presentation memo, Delivery of original documents to importer, Acceptance to overseas
bank.

Remarks/Comments:
____________________________________________________________________________
____________________________________________________________________________
____________________________________________________________________________

III. OPERATIONAL AUDIT - INVESTMENTS

W.P. Ref: . Actual Date: JANUARY 1 to APRIL 31, 2022 .

By: Maecille P. Lacamen , Actual Time: _______ Estimate Time: 98 hours

Section A: Other financial assets: current investment of funds

Audit Objectives:
a. Examine the underlying documentation supporting the purchase of assets, such as
warranties and options, that have been properly accounted for.
b. Assess the adequacy of the system of internal control; the adequacy of the procedures
and the division of duties; and the adequacy of internal audit review.

Audit Procedures:
a. Review and test investor entity’s process and related data
b. Ensure disclosures and enhance the transparency of the entity’s financial assets that
exist in the current environment
c. Inspect other documentation supporting the investor entity’s interest in the fund

Section B: Long-term Investment

Audit Objectives:
a. Assess whether the stated objectives at the time such securities are purchased and
subsequent trading activity in those securities provides support for their classification as
long-term investments.

Audit Procedures:
a. Check and verify all investments have been properly classified and notes have been
placed with respect to restrictions in investments.
b. Examine financial statements to check recognition of gains or losses from investment.

Section C: Investment process

Audit Objectives:
a. Evaluate inefficient processes for information exchange and can lead to errors,
inaccuracies, and misunderstandings.

Audit Procedures:
a. Ensure that there are adequate checks and balances
b. Review documentation supporting the process for compliance with policies, practices,
and regulations
c. Review contracts with third party providers of investment services to determine if
responsibilities, expectations, and investment and performance measurement
benchmarks are clear and consistent with intentions

Section D: Financial Statements (Risks area that could materially affect the FS)

Audit Objectives:
a. Review and validate management's valuations of alternative investments and due
diligence investing procedures.

Audit Procedures:
a. Check compliance with valuation policies and procedures
b. Review validity and completeness of market data
 c. Evaluate the appropriateness of the method

Remarks/Comments:
____________________________________________________________________________
____________________________________________________________________________
____________________________________________________________________________

IV. LENDING OPERATIONS

W.P. Ref: __________________________ Actual Date: JANUARY 1 to JUNE 30, 2022

By: Ma. Rosalynn C. Ledda Actual Time: _______ Estimate Time: 368 hours

Section A: Credit Assessment Procedure

Audit Objectives:
To examine:
a. The authorization controls; and
b. The appropriateness of credit assessment procedures done prior to the
disbursement of funds.

Audit Procedures:
a. Obtain information from lending personnels
i. Information needed:
1. Credit Extensions;
2. Payment History; and
3. Sources of recovery.
b. Review the bank’s process of accepting credit loans.
c. Review supporting documentation prior to lending.
d. Examine the validation of authorization levels and system authorities.

Section B: Lending Practices

Audit Objectives:
To test the practices whether they are in adherence to fair lending regulations

Audit Procedures:
a. Obtain information from lending personnels.
b. Identify the scope of the bank’s fair lending examination.
c. Check the processes done before lending.
d. Analyze and check if the processes are in compliance with fair lending laws and
regulations.
e. Analyze the bank’s compliance management system.

Section C: Composition of Loan Portfolio

Audit Objectives:
To check:
a. The concentration of loans;
b. Size of individual credit exposures;
c. Trends in loan volume; and
d. Related party lending.

Audit Procedures:
a. Ensure that there are adequate checks and balances so that one person does not have
sole responsibility for all aspects of a transaction.
b. Review documentation supporting the process for compliance with policies, practices,
and regulations.

Section D: Commitments and Contingencies

Audit Objectives:
To examine:
 a. The commitments to lend funds; and
b. The guarantee of repayment of funds by customers to third parties.

Audit Procedures:
a. Review contracts with third party providers of investment services to determine if
responsibilities, expectations, and investment and performance measurement
benchmarks are clear and consistent with intentions.

Remarks/Comments:
____________________________________________________________________________
____________________________________________________________________________
____________________________________________________________________________

V. INFORMATION SYSTEM

W.P. Ref: __________________________ Actual Date: JANUARY 1 to JUNE 30, 2022

By: Jenine Ika R. Leonardo Actual Time: _______ Estimate Time: 88 hours

Section A: Reduction of IT Risk

Audit Objectives:
To assesses through the entire cycle and best practices are suggested as per the
ISO/IEC 27001 Information security Management frameworks

Audit Procedures:

The risk management process considers the information (in IT assets or IT systems) at
risk, determines the consequence of compromise, identifies threats, recommends
appropriate security controls and safeguards, and determines the reduced residual risk
remaining after the controls and safeguards are implemented. Controls can also be
designed to demonstrate compliance to a set of security requirements or regimes.

The following scenarios are examples of activities that would need to follow the IT risk
management procedure.

● Need to share information or collaborate using information technology

● Need to purchase IT assets, including computers, mobile devices, servers,
network‐enabled devices, etc.
● Need to purchase IT services or systems, either locally hosted or cloud-based

Section B: IT Governance

Audit Objectives:
Improving IT governance by reducing risks, improving security, complying with
regulations and facilitating communication between technology and business
management.

Audit Procedures:
Internal audits of IT governance should focus beyond the implementation of governance
practices. Internal audit adds value to the organization by assessing the effectiveness of
IT governance components, and providing assurance to stakeholders that principles and
practices are followed and working as intended. Internal audit assessments will likely
include activities such as:
● Assessing the degree to which IT governance activities and standards are consistent
with the internal audit activity’s understanding of the organization’s risk appetite.
● Conducting consulting engagements as allowed by the audit charter and approved by
the board.
 ● Ongoing dialogue with senior management and the board to ensure that substantial
organizational and risk changes are being addressed in a timely manner.

normally carried out for such audit procedure as

● to evaluate the organization system against a system standard
● to determine the conformity or nonconformity of the system elements with the
specified requirements
● to determine the effectiveness of the implemented system and process controls
in meeting the specified objectives
● to offer an opportunity for improvement in the system, and
● to meet statutory and regulatory requirements.
In the latest approach, the auditors are expected to go beyond mere auditing for
compliance by focusing on risk, status, and importance. This means they are expected
to make more judgments on what is effective, rather than merely adhering to what is
formally prescribed.

Remarks/Comments:
____________________________________________________________________________
____________________________________________________________________________
______________________________________________________________________

VI. DEPOSIT OPERATIONS

Audit Date: JANUARY 1 - JULY 31, 2022

W.P. Ref: _________________ Actual Estimate
By: Kristine Joyce S. Manipon Time: ____________ Time: 136 Hours__

Section A: Account Confirmations

Audit Objectives:
a. Check the accuracy of the recorded customer deposit account balances.
b. Determine whether the principal and interest accrual accounts accurately reflect the
bank's liability.

Audit Procedures:
a. To ensure accuracy, balance the subsidiary system’s month-end balance to the general
ledger.
b. Extract all open deposit accounts and stratify by demand deposit account, savings, and
certificate of deposit.
c. Review the stratifications and determine the intended sample size for confirmation.

Section B: Reconciliations

Audit Objectives:
a. Assess proper reconciliation on a recurring basis for all balance sheet accounts related
to deposit operations and correspondent banks.

Audit Procedures:
a. Select account reconciliations for asset, liability, and internal accounts. Review and test
the reconciliations.
b. For the remaining accounts not tested, select all general ledger suspense and in-process
accounts.
c. Perform additional testing due from Correspondent Banks and Official Checks
Outstanding.
d. Summarize the results of testing, conclude as to whether the audit objectives have been
met; and render an opinion of the area.

Section C: Interest Accruals

Audit Objectives:
a. Ensure accrued interest is computed and recorded properly,and interest is paid or
credited to depositors in accordance with the terms of agreements.
Audit Procedures:
a. Document the process management uses to ensure interest accruals are accurate.
Determine if management periodically performs recalculations to ensure the operating
system is functioning as intended.
b. Reconcile interest paid, based on the deposit system reports, to the general ledger.
Investigate variances.
c. Summarize results of testing and conclude as to whether the audit objectives have been
met.

Remarks/Comments:
____________________________________________________________________________
____________________________________________________________________________
____________________________________________________________________________

VII. AMLA OPERATIONS

W.P. Ref: __________________________ Actual Date: JANUARY 1 to APRIL 31, 2022

By: Shanerine G. Khan Actual Time: _______ Estimate Time: 164 Hours

Section A: AML Policies and Procedures and Internal Controls

Audit Objectives:
a. Assess the organization's AML policies and procedures, and the company's anti-money
laundering compliance program document.
b. Test for gaps in the internal controls of the company regarding AML obligations.

Audit Procedures:
a. Review the AML policy statements of the organization and examine the accompanying
procedural documentation. Check that the policies are up to date with the latest
regulations and industry guidance.
b. Interview relevant personnel, the AML Officer, to obtain an understanding of the entity’s
operations and information that may not be accessible within the written program.
c. Assess the organization’s AML business risk assessment, including their assessment of
risks associated with the entity’s customers, jurisdictions, products, delivery channels,
transactions, and mitigating controls.

Section B: Transaction Monitoring and Testing

Audit Objectives:
a. Assess the compliance and attentiveness in covered and suspicious transaction
reporting, and assess the reporting protocols of the company and actions to be taken.

Audit Procedures:
a. Test the entity’s transaction monitoring methods and ensure that the management
information systems, electronic or manual, are accurate in detecting potentially
suspicious activities, regardless of the amount.
b. Test a sample of the client files to assess compliance with the framework requirements
and to check that the organization’s day-to-day processes match the firm’s documented
procedures.
c. Review the system of reporting transactions
● Check if the timing of reporting “Covered Transactions” is within five working
days from occurrence.
● Check the timing of reporting “Suspicious” or “Covered and Suspicious”
transactions if it does not exceed ten (10) days from occurrence.
● Check if all “Covered Institutions” reports are stored for five years from the dates
of transactions.

Section C: Customer Due Diligence

Audit Objectives:
a. Evaluate accuracy and compliance with customer identification requirements in
identifying the identity of customers, verification of information, and in implementing risk
assessment procedures.
Audit Procedures:
a. Review the organization’s procedures for customer identification, including assessing the
inherent risks and demographic data of the customers.
b. Assess written customer acceptance policies and customer information including:
● the list of the location of all clients;
● list of all current clients showing value and volume of activity;
● list of all high-risk client types or industry;
● list of any exceptional transactions over the last 6 months.
c. Ensure that documents or information obtained under the Customer Due Diligence
process are up to date, and records of customer transactions are kept for five years.

Section D: AML Training Program

Audit Objectives:
a. Evaluate employee training regarding record keeping requirements, customer
identification process, and reporting of covered and suspicious transactions.
b. Assess the effectiveness of the training program for employees.

Audit Procedures:
a. Interview relevant personnel to ensure that all the staff are trained on the latest policies
and regulations regarding money laundering that will enable them to fully comply with
their obligations under the Anti-Money Laundering Act..
b. Obtain and review documentation including anti-money laundering training materials, a
log of the employee training, the employee screening process, and the CVs of the key
personnel of the firm.

Remarks/Comments:
____________________________________________________________________________
____________________________________________________________________________
____________________________________________________________________________

VIII. COMPLIANCE FUNCTION

W.P. Ref: __________________________ Actual Date: JANUARY 1 - JULY 31, 2022

By: __Alec Benjamin P. Lingan_________ Actual Time: _ Estimate Time: 40 Hours

Section A: Adherence to GAAP and PFRS

Audit Objectives:
a. Evaluate whether reporting and activities of the company are in accordance with the
relevant authorities governing the entities;
b. Determine whether entities follow industry-specific rules and standards

Audit Procedures:
a. Inquire relevant staff members regarding how management is informed of its compliance
to regulatory requirements from regulatory bodies such as the BSP;
b. Conduct an interview with the Chief Compliance Officer regarding compliance function
operations as well as its judgment of compliance risk.

Remarks/Comments:
____________________________________________________________________________
____________________________________________________________________________
____________________________________________________________________________

Prepared by:

Group 5

KHAN, SHANERINE GAMONGAN

LACAMEN, MAECILLE PAPA
LEDDA, MA. ROSALYNN CHUA
LEONARDO, JENINE IKA RAMOS
LINGAN, ALEC BENJAMIN PANGAN
MANIPON, KRISTINE JOYCE SOMERA