SUMMARY OF STATEMENT OF AUDITING PRACTICE (SAP) 1006 -
AUDITS OF THE FINANCIAL STATEMENTS OF BANKS (PART 9 OF 23)
 

Audit Risk

The three components of audit risk are:

 

(a) inherent risk (the risk that material misstatements occur);

(b) control risk (the risk that the bank’s system of internal control does not prevent or detect and correct such misstatements on a timely basis); and

(c) detection risk (the risk that the auditor will not detect any remaining material misstatements).

As (a) and (c) exist independently of the audit of financial information, the auditor cannot influence them. A bank must therefore have an adequate system of internal control if the levels of (a) and (c) are to be less than high. The auditor assesses these risks and designs substantive procedures so as to reduce audit risk to an acceptably low level.

Materiality

In making an assessment of materiality, in addition to the considerations set out in SSA 320, the auditor considers the following factors:

• Because of high leverage, relatively small misstatements may have a significant effect on the results for the period and on capital, even though they may have an insignificant effect on total assets.

• A bank’s earnings are low when compared to its total assets, liabilities and off-balance sheet commitments. Therefore, misstatements that relate only to assets, liabilities and commitments may be less significant than those that may also relate to the earnings statement.

• Banks are often subject to regulatory requirements, such as the requirement to maintain minimum capital levels. A breach of these requirements could call into question the appropriateness of management’s use of the going concern assumption. The auditor therefore establishes a materiality level so as to identify misstatements that, if uncorrected, would result in a significant contravention of such regulation.

• The appropriateness of the going concern assumption often depends upon matters related to the bank’s reputation as a sound financial institution and actions by regulators. As such, related party transactions and other matters that would not be material to entities other than banks may become material to a bank’s financial statements if they might affect the bank’s reputation or actions by regulators.

Management’s Representations

These are relevant in the context of a bank audit to assist the auditor in determining whether the information and evidence obtained are complete for the audit's purposes. This is particularly true of the bank’s transactions that may not ordinarily be reflected in the financial statements (off-balance sheet items) but which may be evidenced by other records unknown to the auditor. It is often necessary to obtain from management representations regarding significant changes in the bank’s business and risk profile. It may also be necessary to identify areas of a bank’s operations where audit evidence likely to be obtained may need to be supplemented by management’s representations, e.g. loan loss provisions and the completeness of correspondence with regulators. SSA 580 provides guidance as to the use of management's representations as audit evidence, the procedures to be applied in evaluating and documenting them, and the circumstances in which representations should be obtained in writing.

Involvement of Other Auditors

As a result of the wide geographic dispersion of most banks' offices, it is often necessary to use the work of other auditors in many of the bank's operating locations. This may be achieved by using other offices of the auditor’s firm or by using other auditing firms in those locations.

Before using the work of another auditor, the auditor:

• considers the independence of those auditors and their competence to undertake the necessary work (including their knowledge of banking and applicable regulatory requirements);

• considers whether the terms of the engagement, the accounting principles to be applied and the reporting arrangements are clearly communicated; and

• performs procedures to obtain sufficient appropriate audit evidence that the work performed by the other auditors is adequate for this purpose by discussion with the other auditors, by a review of a written summary of the procedures applied and findings, by a review of the working papers of the other auditor, or in any other manner appropriate to the circumstances.

SSA 600 provides further guidance on the issues to be addressed and procedures to be performed in such situations.