商业银行内部审计与外部审计的作用课件

1、 Role of Internal and External Audit内部审计与外部审计的作用内部审计与外部审计的作用Federal Reserve System2Outline of the Discussion提纲提纲 nSpecific roles of internal and external audit 内部审计与外部审计的作用nInteraction with external audit 与外部审计的互动nEffectiveness of the internal audit function 内部审计的有效性nAnalysis of the quality of audit

2、 work 审计质量分析nLeveraging off internal and external audit 充分发挥内部审计与外部审计的作用3Role of Internal Audit 内部审计的作用内部审计的作用nIndependent review assessment of the effectiveness of internal controls 对内部审计的有效性进行独立评估nDetail oriented approach based on sufficient transaction testing 以充分交易测试为基础的细节检查nAudit coverage is ba

3、sed on entity-wide and business line risks 审计内容应以公司整体风险和业务环节风险为基础4Role of External Audit外部审计的作用外部审计的作用nOpines on the appropriateness of financial statements 对财务报表是否适宜发表意见nMacro level approach 宏观的方法nEmphasis on an analysis of financial risk and financial condition 重点是金融风险分析和财务状况分析nLegal requirements

4、will impact the type of audit work performed 法定要求会影响审计工作的类型5Role of External Audit, cont.外部审计的作用（续）外部审计的作用（续）nSample types of statements produced for financial institutions 给金融机构出具的各种审计报告样本uAudited financial statements - holding company or bank or individual branch or balance sheet only 经审计的财务报表控股公司

5、、银行、分行或资产负债表uDirectors audit 董事审计uManagement letter 致管理层的信uStatement on internal controls 对内部控制的意见6New Rules for External Auditors对外部审计师的新规定对外部审计师的新规定nSarbanes-Oxley (Public Companies and Public Banking Organizations) SarbanesOxley规则（上市公司和银行）uLead and concurring partners - rotate every five years Se

6、ction 206 牵头合伙人和其他合伙人每五年轮换一次第206节uCPA firm cannot audit a client for one year if a CEO, CFO, controller or chief accounting officer was employed by the firm and participated in the audit in any capacity - Section 206 如果注册会计师事务所参与审计的职员中有人曾经担任审计对象的首席执行官、财务总监、司库或会计总监，则事务所一年内不能对该机构进行审计第206节uCPA firm can

7、not provide audit and non-audit services - Section 201 注册会计师事务所不能提供的审计服务和非审计服务第201节7Evaluation of Internal Audit 内部审计评估内部审计评估nDetermination of the overall effectiveness of the internal audit function 内部审计部门整体效能的确定uIndependence 独立性uMission 职责uResources/qualifications/skills 人力/资格/技能uInteraction with

8、Senior Management 与高级管理层的交流8Audit Committee审计委员会审计委员会 9Audit Committee Structure 审计委员会的结构审计委员会的结构 10Independence独立性独立性nKey factor in evaluating independence - reporting line 独立性评估的关键因素报告渠道uDomestic - Audit Committee of the Board of Directors国内银行董事会的审计委员会uUS branches and agencies of foreign banks - h

9、ead office audit department 外资银行在美国的分行和代理行总行审计部门 FAdministrative reporting line to Senior Management 向高级管理层报告的行政渠道11Independence, cont.独立性（续）独立性（续）nWays to evaluate audit independence 评估审计独立性的方法nRole of the Audit Committee 审计委员会的作用uapproves the annual plan, salary, budgets and sign-off on annual app

10、raisal of the auditor 批准年度计划、工资、预算，签署对审计师的年度考核uregularly meets with General Auditor 定期与总审计师会面nRole of management 管理层的作用uprovide all relevant documents 提供所有相关文件ukeep audit informed of major issues 让审计人员了解所有重要事件uensure that audit is invited to all major committee meetings 确保审计人员参加委员会的所有重要会议12Required

11、CEO and CFO Certifications首席执行官和财务总监必须申明的事项首席执行官和财务总监必须申明的事项nCEO and CFO must certify annual and quarterly reports and attestations include 首席执行官和财务总监必须保证年报和季报以及证明中：uThere are no material misstatements or omission 材料真实完整uControls over financial reporting were reviewed within 90 days and are effectiv

12、e 对财务报告管理的评估完成的时间在90天内，目前依然有效uAny significant deficiencies or material weaknesses in internal controls or fraud were disclosed to CPA firm and Audit committee 内部控制中的重大缺陷或欺诈行为都已告知注册会计师事务所和审计委员会uAll material off-balance sheet transactions and other relationships with unconsolidated affiliates or perso

13、ns were disclosed 所有重要的表外交易及与未整合的附属机构的关系都已得到披露13Mission职责职责nAudit Charter 审计规则uRoles, reporting lines and responsibilities 作用、报告渠道和职责Femphasize institutions ability to manage risk 关注公司管理风险的能力Finclude audits methodology and approach 包括审计的方法和具体操作Fdescribe reporting lines 规定报告渠道uFull access to all info

14、rmation 可以获得所有信息14Audit Resources审计的人力资源管理审计的人力资源管理nSufficiency of resources 人员充足nQualifications of staff 人员的资格条件usufficient staff with expertise in technical areas 充足的人员，具备足够的专业知识nAppropriate skill level and training 良好的技能水平与培训urecommended one week of training per year for each auditor 建议所有审计人员每年接受

15、1个星期的培训15Interaction with Senior Management与高级管理层的交流与高级管理层的交流nLevel within the organization commensurate with risk 职位应与风险相称nAppropriate interaction with Senior Management 与高级管理层进行恰当的交流nPrompt resolution of issues by management 管理层迅速解决问题ucritical component 非常关键16Quality 质量质量 Timeliness 及时及时nAudit app

16、roach/risk assessment methodology 审计方法/风险评估方法nAnnual audit plan 年度审计计划nAudit programs 审计程序nAudit reports and work papers 审计报告和工作底稿nAudit exception follow-up 审计特例跟踪17Selected Types of Audit Coverage审计范围的类型审计范围的类型nFull scope audits 全面审计nLimited scope - 部分审计uTarget/spot/risk audits 专项审计/现场审计/风险审计uSurpr

17、ise audits 突击审计uConversion/system development audits 转换审计/系统开发审计uData center and application reviews 信息中心与应用评价nSpecific audit reviews would be supplemented by continuous monitoring 审计检查将辅以持续监控18Internal Audit Approach内部审计方法内部审计方法nEstablish auditable entities 确定审计对象 - ue.g. identify all legal entitie

18、s, departments, corporate functions, geographic locations, committees 如：确定所有的法人实体、部门、职能部室、各地机构、各委员会nAnalyze the risk of all auditable components using established risk factors 运用已确定的风险因子分析各审计对象的风险nDetermine the appropriate risk 恰当地评定风险程度 - u1-very low risk 很低; 2-low risk 低; 3- medium risk 一般; 4-high

19、 risk 高; 5-very high risk 很高19Risk Assessment Methodology风险评估方法风险评估方法nIdentification of key risks within the institution separate from management 独立于管理层，识别机构的主要风险nFormat of the methodology 主要方法:uRisk-based 风险为本uQualitative/quantitative factors 定性/定量因素uCombination of risks and other factors 综合考虑风险和其他

20、因素20Sample Factors Risk Assessment风险评估风险评估因素例举因素例举nBASIC RISKS 基本风险nCredit risk 信用风险nMarket risk 市场风险nLiquidity risk 流动性风险nOperations risk 操作风险nReputational risk 信誉风险nLegal risk 法律风险nFraud risk 欺诈风险nTrading risk 交易风险nCredit and sales risk 信贷与销售风险nControl environment 控制环境nReporting risk 报告风险nRevenue

21、or expense volatility 收入或支出的波动性nError impact 差错影响nNature of process 程序的性质21uTransactional values/volumes 交易价值/交易量uQuality of management 管理质量uReliance on data 对数据的依赖度uAccess to physical assets实物资产的有权使用uEconomic or political trends 经济或政治趋势uStaff quality and changes 人员素质与变动uDegree of management judgmen

22、t and quality of supervision 管理层判断能力与监管质量uProduct changes 产品变化uLegal/regulatory impact 法律/监管影响Sample Factors Risk Assessment风险评估风险评估因素例举因素例举22Annual Audit Plan年度审计计划年度审计计划nBased upon the risk assessment methodology 以风险评估方法为基础nNormally part of a multi-year cycle - three to five years 通常是多年周期（3到5年）的一部

23、分nApproved by the Audit Committee or head office audit department annually with updates approved quarterly 每年由审计委员会或总行审计部门批准，更新调整每季审批ujustification for delaying or eliminating audits 推迟或取消审计的理由 23Annual Audit Plan, cont.年度审计计划（续）年度审计计划（续）nFormat for the plan 计划格式uInclude all auditable entities 列出所有审

24、计对象uProvide details on coverage for each business unit 详细列出针对每个业务部门的审计内容uIdentify work by categories - e.g., administration, audit time, continuous monitoring, special projects 分类确定具体工作如行政事务、审计时间、持续监控、特别计划24Audit Programs审计程序审计程序nDetailed programs for each auditable area 针对所有审计领域制定详细审计程序nCompleted d

25、uring the first audit and subsequently updated 在整个审计过程中不断完善nCoverage of key risks and controls in the area 应涵盖该领域的主要风险和控制措施25Audit Documentation审计文件审计文件nPlanning memo 准备备忘录nScope document 审计范围文件nSummary of issues 问题总结nReport to management 向管理层报告26Audit Reports and Work Papers审计报告与工作底稿审计报告与工作底稿nAudit

26、 Reports 审计报告nDetailed analysis 详细分析uexecutive summary 执行总结udetailed scope of planned audit 计划内审计的具体范围 udescription of the work performed 所进行工作的描述uanalysis of conditions and/or rating 情况和/或评级分析27nAudit Work Papers 审计工作底稿urecord of work performed 记录所做工作uproper documentation and cross-referencing 准确记录

27、及交叉引用uanalysis including sample methodology 分析工作方法uretention requirements 保留要求Audit Reports and Work Papers审计报告与工作底稿审计报告与工作底稿28Audits Exception Follow-up审计特例跟踪审计特例跟踪nTracking system or method - mainly spreadsheet or automated 跟踪系统或方法主要采用电子表格或自动化方法nMay identify issues by high, medium or low 对问题的确定采用高

28、、中、低三档nSignificant items cleared in a timely manner (30-60 days) 及时解决重要问题（30-60天）nImportance of management response or lack of a response 管理层反馈的重要性29Audit Outsourcing审计的外包审计的外包nThe performance of internal audit activities by an external party such as a CPA firm. 内部审计活动由公司外部人士进行，如注册会计师事务所nOther terms

29、 used: cosourcing, contracting 其他常用术语：外包、签约nIssues 问题：uIndependence, conflict of interest, control of the work, understanding of the corporate culture,& continuity 独立性、利益冲突、工作控制、对公司文化的理解、连续性30Overall Evaluation of Internal Audit内部审计的总体评价内部审计的总体评价nPositive evaluation - can rely upon the work of internal audit in the risk-focused examination process 正面评价在风险为本的监管过程中，内部审计的