SUMMARY OF STATEMENT OF AUDITING PRACTICE (SAP) 1006 -
AUDITS OF THE FINANCIAL STATEMENTS OF BANKS (PART 12 OF 23)

Inherent Limitations of Internal Control

SSA 400 “Risk Assessments and Internal Control” describes the procedures to be followed by the auditor in identifying, documenting and testing internal controls. In doing so, the auditor is aware of the inherent limitations of internal control. The assessed levels of inherent and control risks cannot be sufficiently low to eliminate the need for the auditor to perform any substantive procedures. Irrespective of the assessed levels of inherent and control risks, the auditor performs some substantive procedures for material account balances and classes of transactions.

Considering the Influence of Environmental Factors

In assessing the effectiveness of specific control procedures, the auditor considers the environment in which internal control operates. Some of the factors that may be considered include the following.

• The organisational structure of the bank and the manner in which it provides for the delegation of authority and responsibilities.
   

• The quality of management supervision.
   

• The extent and effectiveness of internal auditing.
   

• The extent and effectiveness of the risk management and compliance systems
   

• The skills, competence and integrity of key personnel.
   

• The nature and extent of inspection by supervisory authorities.

Performing Substantive Procedures

Introduction

As a result of the assessment of the level of inherent and control risks, the auditor determines the nature, timing and extent of the substantive tests to be performed on individual account balances and classes of transactions. In designing these substantive tests, the auditor considers the risks and factors that served to shape the bank’s systems of internal control. In addition, there are a number of audit considerations significant to these risk areas to which the auditor directs attention. These are discussed in subsequent paragraphs.

SSA 500, “Audit Evidence” lists the assertions embodied in the financial statements as: existence, rights and obligations, occurrence, completeness, valuation, measurement, and presentation and disclosure.

Tests of the completeness assertion are particularly important in the audit of bank’s financial statements particularly in respect of liabilities. Much of the audit work on liabilities of other commercial entities can be carried out by substantive procedures on a reciprocal population. Banking transactions do not have the same type of regular trading cycle, and reciprocal populations are not always immediately in evidence. Large assets and liabilities can be created and realised very quickly and, if not captured by the systems, may be overlooked. Third party confirmations and the reliability of controls become important in these circumstances.