CHAPTER 2: INTRODUCTION TO AUDIT AND ASSURANCE: SPECIALIZED • ¬ Specialized industries often have specific financial reporting

INDUSTRIES standards tailored to their unique requirements.

• ¬ Alternatively, they may adopt distinct accounting policies
CHAPTER OVERVIEW AND OBJECTIVES developed to account for specialized transactions and balances
within the framework of generally accepted financial reporting
This chapter discusses the basic concepts and characteristics of standards.
Specialized Industries,
UNIQUE TRANSACTIONS AND BALANCES:
After this chapter, the students are expected to:
• ¬ Specialized industries frequently engage in transactions and
1. DefineSpecializedIndustryandtheircharacteristics maintain balances that differ from those in more general industries.
2. Identifysomeofthestandardsforthespecializedindustry • ¬ These unique transactions and balances may necessitate
3. Identify the different audit considerations when performing audit specialized accounting treatments to accurately reflect the
engagement of entities belonging to specialized industry financial position and performance of the industry participants.
4. LearnaboutthePhilippineAuditingPracticeStatements(PAPS
COMPLIANCE WITH APPLICABLE STANDARDS:
SPECIALIZED INDUSTRY
¬ Entities operating within specialized industries must adhere to the
-This refers to a distinct market segment that operates with unique relevant financial reporting standards applicable to their sector.
characteristics in terms of accounting for transactions and reporting
financial results. ¬ Compliance ensures that financial statements accurately represent the
economic activities and financial condition of the entities within the
-These differences are typically permitted under the applicable specialized industry.
accounting framework, such as Philippine Financial Reporting Standards
(PFRS) IMPACT ON FINANCIAL REPORTING:

5 CHARACTERISTICS OF A SPECIALIZED INDUSTRY: • ¬ The existence of specialized industries can lead to variations in
financial reporting practices across different sectors.
1. DistinctAccountingPractices • ¬ Stakeholders, including investors, regulators, and analysts, must
2. Unique Transactions & Balances understand the nuances of financial reporting within specialized
3. CompliancewithApplicableStandards industries to properly evaluate the performance and prospects of
4. Impact on Financial Reporting entities operating within them.
5. RegulatoryOversight
REGULATORY OVERSIGHT:
DISTINCT ACCOUNTING PRACTICES:
 • ¬ Regulatory bodies often provide guidance and oversight Building Materials, Inc.; Agata Mining Ventures, Inc.; Coral
specific to specialized industries to ensure compliance with Bay Nickel Corporation; Holcim Mining and Development
applicable accounting standards. Corp
• ¬ This oversight helps maintain transparency, consistency, and
comparability in financial reporting within specialized sectors. UTILITIES AND POWER:

FOCUS OF SPECIALIZED INDUSTRIES: - These are companies providing basic amenities like
water and electricity, considered part of the public
1. Banking service landscape and heavily regulated.
2. ConstructionandRealEstateIndustries - Relevant Standards for Utilities and Power includes:
3. MiningIndustries Ø Compliance with regulatory requirements set by
4. Utilities&Power Energy Regulatory Commission (ERC) in the
5. Telecoms Philippines.
6. Not for Profit Entities - Examples of Companies: Manila Electric Company
(MERALCO), Malvar Enerzone Corporation, Visayan
BANKING:
Electric Company.

• - These are Relevant standards for Banking Industry commonly

includes:
TELECOMMUNICATIONS:
PFRS 7 Financial Instruments - These are companies enabling global communication via
PFRS 9 Financial Instruments various means such as phone, internet, wired or wireless
PAPS 1006 Audit of financial instruments of Banks communication.
Examples of Banking Industries: BPI, BDO, Unibank, PNB, ADB. - Relevant Standards for Telecommunication includes:
Ø PFRS 9 – Financial Instruments
MINING INDUSTRIES: Ø PFRS 15 – Revenue from Contracts with Customers
- These Involves the extraction of precious minerals and Ø PFRS 16 – Leases.
geological materials, transformed for economic benefit - Examples of Companies: Philippine Long-Distance Telephone
- Relevant standards for Mining Industry commonly includes: (PLDT) Company, Globe Telecom, Smart Communications,
Ø PAS 16 – Property, Plant, and Equipment (PPE) Inc., DITO Tele community Corporation.
Ø PFRS 16 – Leases
Ø PFRS 6 – Exploration for and Evaluation of Mineral
Resources. NOT FOR PROFIT ENTITIES:
- Examples of Mining Companies: Republic Cement and - These are organizations not earning profits for owners but
 utilizes all income for pursuing objectives. § This standard requires auditors to assess whether there
- Examples of Entities: Haribon Foundation, Tahanang are sufficient and appropriate resources to perform
Walang Hagdanan, Inc., Philippine Red Cross the engagement.
§ Mandates the presence of appropriate competence and
PFRS FOR SPECIALIZED INDUSTRIES: capabilities within the audit team.

COMPETENCE IN LARGER AUDIT FIRMS:

§ Larger firms are likely to meet competence requirements for

various industries.
§ Large firms will either possess necessary skills and competence
through existing clients in specific industries or have the
resources available to bring in experts or provide staff training
as needed.

AUDIT CONSIDERATIONS IN SPECIALIZED INDUSTRIES:

CONSIDERATIONS FOR SMALLER FIRMS:

§ Smaller firms must carefully evaluate their competence

1. COMPETENCE IN AUDITING SPECIALIZED INDUSTRIES
to take on audits in specialized industries.
§ Lack of previous experience with clients in the same industry
may necessitate a thorough assessment of their capabilities.
IESBA INTERNATIONAL CODE OF ETHICS FOR PROFESSIONAL
§ May need to invest in training or seek external
ACCOUNTANTS:
expertise to meet the requirements of
Ø This standard requires auditors to have an appropriate specialized audits.
understanding of the nature and complexity of the
client's business.
Ø Mandates knowledge of relevant industrial regulatory or reporting 2. AUDIT PLANNING IN SPECIALIZED INDUSTRIES
requirements.
Identification of Risks:
Ø Ensures acceptance of new clients aligns with ethical principles.
- In a specialized industry, risk identification must be
similar to any other audit by obtaining a thorough
ISA 220 (REVISED) QUALITY MANAGEMENT FOR AN AUDIT OF FINANCIAL understanding of the business and its environment.
STATEMENTS: - Staff with necessary competence should handle this
 without difficulty. Statements (PAPSs) that provide interpretative guidance
- Consider specific risks related to industry-specific and practical assistance to professional accountants in
balances and transactions while also assessing implementing PSAs and to promote good practice.
"normal" balances and transactions.

§ Philippine Review Engagement Practice Statements

3. RELIANCE ON EXPERTS IN SPECIALIZED INDUSTRIES (PREPSs) Philippine Assurance Engagement Practice
Ø Auditors may plan to use auditor’s experts to obtain audit Statements (PAEPSs) and Philippine Related Services
evidence, especially in areas where the audit firm lacks Practice Statements (PRSPSs) are issued to serve the
specific expertise despite overall competence. same purpose for implementation of PSREs, PSAEs, and
Ø Examples include valuing complex financial instruments PSRSs, respectively.
in banking audits or reviewing defined benefit pension
schemes with actuaries.
§ This Statement does not establish any new basic principles
Ø Adhere to the requirements and principles of PSA 620,
or essential procedures; its purpose is to assist auditors, and
"Using the Work of an Auditor’s Expert," including evaluating
to develop good practice, by providing guidance on the
the objectivity, competence, and capabilities of the
application of the PSAs when conducting an audit of
expert.
financial statements.
Ø Determine and communicate the scope and objectives of
the expert’s work and assess their findings.
Ø Evaluate the relevance and adequacy of the expert’s
findings or conclusions, ensuring consistency with the AUDIT STANDARDS TO BE REMEMBER ON SPECIALIZED INDUSTRIES:
auditor’s understanding of the client and other audit
procedures. 1. PAPN No. 001 of S2020 – Audit Considerations on the
Ø Avoid over-reliance on the expert’s work; the auditor Occurrence of an Extraordinary Event.
retains responsibility and must investigate any 2. PAPN No. 001 of 2021 – Guidance on the Tasks and
inconsistencies with their own findings or conclusions. Activities of Student Interns in an Audit Engagement
3. PAPS 1004 - The Relationship Between Bangko Sentral ng
Pilipinas (BSP) and Banks' External Auditors
4. PAPS 1005 (Rev.) - The Special Consideration in the Audit of Small
THE PHILIPPINE AUDITING PRACTICE STATEMENTS (PAPS) Entities
5. PAPS 1000 - Inter-Bank Confirmation Procedures
§ The AASC issues Philippine Auditing Practice Note (PAPN) 6. PAPS 1006 - Audits of the Financial Statements of Banks
previously referred to as Philippine Auditing Practice
7. PAPS 1010 - The Consideration of Environmental Module 2: Audit of Banks
Matters in the Audit of Financial Statements
8. PAPS 1012 - Auditing Derivative Financial Instruments I. Description
9. PAPS 1013 - Electronic Commerce - Effect on the Audit of
Financial Statements This module introduces the banking industry, and its characteristics.
10. PAPS 1014 - Reporting by Auditors on Compliance with Learners will be introduced to the roles of the different entities and
International Financial Reporting Standards Edit individuals concerning the banking institution. This module also
11. PAPS 1000Ph-Audit Evidence - Practical Problems in discusses the practical assistance of PAPS to auditors and on how to
Audit of Financial Statements promote good practice in applying Philippine Standards on Auditing
12. PAPS 1003Ph - Guidance in Dealing with Reports Required by (PSAs) to the audit of banks’ financial statements.
the SEC Relating to Increase in Capital Stock of a
Corporation II. Objectives
13. PAPS 1002Ph (Revised) - The Auditor's Report on General
Purpose Financial Statements Prepared in Accordance After completing the module, the students are expected to:
with a Philippine Financial Reporting Framework Other than
ü Learn about Philippine Auditing Practice Statements (PAPS or Statements)
PFRS (March 12, 2010)
ü Define bank and its characteristics
ü Identify some of the bank activities
ü Identify the roles of the Board of Directors (Those charged with
governance) and the management
ü Identify the roles of BSP
---END OF MODULE 2: INTRODUCTION TO SPECIALIZED INDUSTRIES --- ü Identify the roles of the external auditor
ü Learn about the relationship of the BSP and the external auditor

III. Learning Contents

What is Philippine Auditing Practice Statements or STATEMENTS?

Philippine Auditing Practice Statements (PAPSs or Statements) are

issued by the Philippine Auditing Standards and Practices Council
(ASPC) to provide practical assistance to auditors in implementing
the Philippine Standards on Auditing (PSAs) or to promote good
practice. Statements do not have the authority of PSAs.
This PAPS is based on International Auditing Practices Statement investing and that is recognized as a bank by the BSP. (PAPS 1006
(IAPS) 1004. IAPS 1004 has been prepared in association with the P.3)
Basel Committee on Banking Supervision* (the Basel Committee).
IAPS 1004 was approved for publication by the International Auditing Banks play a central role in the economy. They hold the savings of
Practices Committee (IAPC) of the International Federation of the public, provide a means of payment for goods and services and
Accountants and by the Basel Committee. It is based on ISAs extant finance the development of business and trade. To perform these
at 1 October 2001. Banks play a vital role in economic life and the functions securely and efficiently, individual banks must command
continued strength and stability of the banking system is a matter of the confidence of the public and those with whom they do business.
general public concern. The separate roles of banking supervisors The stability of the banking system, both nationally and
and external auditors are important in this regard. The growing internationally, has therefore come to be recognized as a matter of
complexity of banking makes it necessary that there be greater general public interest. This public interest is reflected in the way
mutual understanding and, where appropriate, more banks, unlike most other commercial enterprises, are subject to
communication between banking supervisors and external auditors. prudential supervision by a specific official agency, the Bangko
Sentral ng Pilipinas (BSP). (PAPS 1004 P.1)
This PAPS shall be effective for audits of financial statements for
Characteristics of Banks: (PAPS 1004 P.18)
periods ending on or after December 31, 2003. Earlier application is
encouraged.
1. They have custody of large amounts of monetary items, including cash and
negotiable instruments, whose physical security has to be safeguarded during
transfer and while being stored. They also have custody and control of
negotiable instruments and other assets that are readily transferable in electronic
form. The liquidity characteristics of these items make banks vulnerable to
misappropriation and fraud. Banks therefore need to establish formal operating
procedures, well-defined limits for individual discretion and rigorous systems of
internal control.

2. They often engage in transactions that are initiated in one jurisdiction, recorded
in a different jurisdiction and managed in yet another jurisdiction.

3. They often engage in transactions that are initiated in one jurisdiction, recorded
in a different jurisdiction and managed in yet another jurisdiction.

4. They often engage in transactions that are initiated in one jurisdiction, recorded
in a different jurisdiction and managed in yet another jurisdiction.
Banks is a type of financial institution whose principal activity is the
taking of deposits and borrowing for the purpose of lending and 5. They generally derive a significant amount of their funding from shortterm
 deposits (either insured or uninsured). A loss of confidence by depositors in a 13. They generally have exclusive access to clearing and settlement systems for
bank’s solvency can quickly result in a liquidity crisis. checks and fund transfers, foreign exchange transactions, etc. They are an
integral part of, or are linked to,
6. They have fiduciary duties in respect of the assets they hold that belong to other
national and international settlement systems and
persons. This may give rise to liabilities for breach of trust. Banks therefore need
to establish operating procedures and internal controls designed to ensure that consequently could pose a systemic risk to the countries in
they deal with such assets only in accordance with the terms on which the assets which they operate.
were transferred to the bank.

14. They may issue and trade in complex financial instruments, some of which may
7. They engage in a large volume and variety of transactions whose value may be need to be recorded at fair value in the financial statements. They therefore
significant. This necessarily requires complex accounting and internal control need to establish appropriate valuation and risk management procedures. The
systems and widespread use of information technology (IT). effectiveness of these procedures depends on the appropriateness of the
methodologies and mathematical models selected, access to reliable current
8. They ordinarily operate through a network of branches and departments that and historical market information, and the maintenance of data integrity.
are geographically dispersed. This necessarily involves a greater decentralization
of authority and dispersal of accounting and control functions with
consequential difficulties in maintaining uniform operating practices and
accounting systems, particularly when the branch network transcends national
boundaries.

9. Transactions can often be directly initiated and completed by the customer

without any intervention by the bank’s employees, for example over the Internet
or through automatic teller machines (ATMs).

10. They often assume significant commitments without any initial transfer of funds
other than, in some cases, the payment of fees. These commitments may involve
only memorandum accounting entries. Consequently, their existence may be
difficult to detect.

11. They are regulated by governmental authorities whose regulatory requirements

often influence the accounting principles that banks follow. Non-compliance
with regulatory requirements, for example, capital adequacy requirements,
could have implications for the bank’s financial statements or the disclosures
The Responsibility of the Bank’s Board of Directors and the Management:
therein.
(PAPS 1004 P.8)
12. Customer relationships that the auditor, assistants, or the audit firm may have
with the bank might affect the auditor’s independence in a way that customer
The primary responsibility for the conduct of the business of a bank is
relationships with other organizations would not. vested in the board of directors and the management appointed
by it. The board of directors is primarily responsible for the corporate
governance of the bank. It should establish strategic objectives,
policies and procedures that will guide and direct the activities of • Information flows internally and to the public;

the bank, the means to attain these and the mechanism for
• Compliance with existing laws, rules and regulations.
monitoring management’s performance. While management of the
day-to-day affairs of the bank is management’s responsibility, the Management is responsible for: (PAPS 1004 P.9)

board is, however, responsible for monitoring and overseeing

• Preparing financial statements in accordance with generally accepted
management action. accounting principles in the Philippines, and

• For establishing accounting procedures that provide for the maintenance of

Specific duties and responsibilities of the board of directors include, insuring, among others,
documentation sufficient to support the financial statements.
that:

• Appointed officers are qualified and have integrity, technical expertise and
• This responsibility includes ensuring that the external auditor who examines and
experience; reports on the financial statements has complete and unhindered access to,
and is provided with, all necessary information that can materially affect them
and, consequently, the auditor’s report on them.
• Objectives and a business strategy are established and performance reviewed;

• Corporate values, codes of conduct and other standards of appropriate behavior

• Management also has the responsibility to provide all information to the
are prescribed;
supervisory agencies that such agencies are entitled by law or regulation to
obtain.
• Policies are adopted that will prevent the use of facilities in criminal and other
illegal activities;
• Management is responsible for the establishment and the effective operation of
an internal audit function in a bank appropriate to its size and to the nature of its
• Written policies on all major business activities are established and complied with;
operations. This function is part of the ongoing monitoring of the system of internal
controls because it provides an assessment of the adequacy of, and
• Responsibilities and decision-making authorities are prescribed; compliance with, the bank’s established policies and procedures and assurance
as to the adequacy, effectiveness and sustainability of the bank’s risk
• A system of checks and balances is established; • Performance of management and control procedures and infrastructure independent of those
management is monitored, with day-to-day responsibility for complying with those policies and
assessed and controlled; procedures. In fulfilling its duties and responsibilities,

management should take all necessary measures to ensure

• Adequate risk management policy is adopted and maintained (including that there is a continuous and adequate internal audit
effective internal controls);
function. (PAPS 1004 P.12)
• An audit committee is constituted that will be responsible for, among other
things, the set-up of an internal audit department, appointment of the external The responsibilities of the board of directors and management are in
auditor, and monitoring and evaluating the internal control system; no way diminished by the existence of a system for the supervision
 of banks by the BSP or by a requirement for the bank’s financial Ø any material finding during the audit involving fraud or dishonesty
which will reduce capital funds by at least one percent (1%) (see
statements to be audited by an external auditor. (PAPS 1004 P.13)
paragraph 17);
Ø adjustments or potential losses amounting to at least one percent
Audit Committee (PAPS 1004 P.10)
(1%) of capital funds of the bank; or
Ø any finding to the effect that the total bank assets, on a going
ü Audit committees are set up to meet the practical difficulties that may arise in concern basis, are no longer adequate to cover the total claims of
the board of directors fulfilling its task of ensuring the existence and maintenance creditors.
of an adequate system of internal controls.
The Role of the BSP
ü In addition, such a committee reinforces both the internal control system and
the internal audit function. In order to reinforce the audit committee’s
effectiveness, the internal and external auditors should be allowed and
The key objective of prudential supervision is to maintain stability and
encouraged to attend the meetings of the audit committee. confidence in the financial system, thereby reducing the risk of loss
to depositors and other creditors. In addition, supervision also is often
ü Regular meetings of the audit committee with the internal and external auditors directed toward verifying compliance with laws and regulations
help enhance the external auditors independence and the credibility of the
internal auditors, and assist the audit committee to perform its key role on
governing banks and their activities.
strengthening corporate governance.
• One of the tools of banking supervision is the system of licensing, which allows
The Role of the External Auditor the BSP to identify the population to be supervised and to control entry into the
banking system. In order to qualify for and retain a banking license, entities must
observe certain prudential requirements. These requirements are defined in BSP
The objective of an audit of a bank’s financial statements by an regulations. The following basic requirements for a banking license ordinarily are
external auditor is to enable an independent auditor to express an found in the BSP systems of supervision:
opinion as to whether the bank’s financial statements are prepared,
in all material respects, in accordance with generally accepted Ø the bank must have suitable shareholders and members of the board
(this notion includes integrity and standing in the business community
accounting principles in the Philippines. (PAPS 1004 P.14) as well as the financial strength of all major shareholders);

• The auditor designs audit procedures to reduce to an acceptably low level the Ø the bank’s management must be honest and trustworthy and must
risk of giving an inappropriate audit opinion when the financial statements are possess appropriate skills and experience to operate the bank in a
materially misstated. Based on the assessment of inherent and control risk, the sound and prudent manner;
auditor carries out substantive procedures to reduce the overall audit risk to an
acceptably low level. Ø the bank’s organization and internal control must be consistent with its
business plans
• The external auditor has the sole responsibility for the audit report and for and strategies;
determining the nature, timing and extent of audit procedures.
Ø the bank should have a legal structure in line with its operational structure;
• The external auditor is required to report to the BSP the following: (PAPS 1004 P.27)
 these opportunities to understand management’s business plans and strategies
Ø the bank must have adequate capital to withstand the risks inherent in and how it expects to achieve them. Similarly, the BSP seeks to discover whether
the nature and size of its business; and the bank is properly equipped to carry out its functions in terms of the skills and
competence of its staff and the equipment and facilities at its disposal. The
information gained from these contacts with management assists the BSP in
Ø the bank must have sufficient liquidity to meet outflows of funds.
forming an opinion about management’s competence.

• Further and more detailed requirements are prescribed, including minimum

• Effective supervision requires the collection and analysis of information about
numerical ratios for the adequacy of the bank’s capital and liquidity. The
supervised banks. For example, the BSP collects, reviews and analyzes prudential
objective of regulation is to set conditions to ensure that a bank conducts its
reports and statistical returns from banks. These include basic financial
business prudently and has adequate financial resources to overcome adverse
statements as well as supporting schedules that provide greater detail. These
circumstances and safeguard the interest of the depositors.
reports are used to check adherence to certain prudential requirements and
they also provide a basis for discussions with the bank’s management. Off-site
• BSP has the authority to review and reject any proposal to transfer significant monitoring can often identify potential problems, particularly in the interval
ownership or a controlling interest in existing banks to other parties. between on-site inspections, thereby providing early detection and prompting
corrective action before problems become more serious.
• Ongoing banking supervision ordinarily is conducted on the basis of
recommendations and guidance. However, the BSP has at its disposal recourse • The BSP must have a means of validating the information they receive either
to legal powers to bring about timely corrective action when a bank fails to meet through on-site inspections or the use of external auditors. On-site work, whether
prudential requirements, when there are violations of laws or regulations, or when done by the BSP’s own staff or commissioned by the BSP but undertaken by
depositors are faced with a substantial risk of loss. In extreme circumstances, the external auditors, is structured to provide independent verification of whether an
BSP has the authority to revoke the bank’s license. adequate internal control system, meeting the specific criteria the BSP
mandates, exists at individual banks and whether the information provided by
• Banks are subject to a variety of risks. The BSP monitors and may limit a range of banks is reliable.
banking risks, such as credit risk, market risk (including interest and foreign
exchange risk), liquidity and • Banking supervisors are interested in ensuring that all the work performed by
funding risk, operational risk, legal risk and reputational risk. It external auditors is carried out by auditors who:
Ø are properly licensed and in good standing
may also develop systems of measurement that will capture
Ø have relevant professional experience and competence;
the extent of exposure to specific risks (for example, the risks
Ø are subject to a quality assurance program;
involved in derivative financial instruments). These systems Ø are independent in fact and appearance of the bank audited;
may form the basis for specific controls or limits on the various Ø are objective and impartial; and
categories of exposure. Ø comply with any other applicable ethical requirements.

• The BSP is concerned to ensure that the quality of management is adequate for • Accordingly, the BSP has established requirements for the selection of external
the nature and scope of the business. Where on-site inspections are carried out, auditors of banks. 9 This is intended to ensure that the external auditors the banks
the examiners have an opportunity to notice signs of management deficiencies. appoint have the necessary experience, resources and skills to conduct bank
The BSP may also arrange to interview management on a regular basis and audits. Where there is no obvious reason for a change of external auditor, the
pursues other opportunities for contacts where they arise. The BSP tries to use BSP may also investigate the circumstances that caused the bank not to
 reappoint the auditor. V. References
• Accordingly, the BSP has established requirements for the selection of external
auditors of banks. 9 This is intended to ensure that the external auditors the banks ü Philippine Auditing Practice Statement 1006 AUDITS OF THE FINANCIAL
appoint have the necessary experience, resources and skills to conduct bank STATEMENTS OF BANKS
audits. Where there is no obvious reason for a change of external auditor, the ü Philippine Auditing Practice Statement 1004 THE RELATIONSHIP
BSP may also investigate the circumstances that caused the bank not to BETWEEN BANGKO
reappoint the auditor.
I. Description

This module introduces the audit banking industry, its concepts,

The Relationship between the BSP and the External Auditor
principles and standards affecting the engagement. Learners will
be able to apply the different principles, techniques, procedures
and standards in the audit of financial statements of banks.

II. Objectives

After completing the module, the students are expected to:

ü Identify the objective of the audit of banking institutions.

ü Learn about the contents of the audit engagement letter
ü Learn about the concepts of audit planning in bank audit
ü List and identify the different banking risks
ü Know the internal control consideration of bank audit

In many respects the BSP and the external auditor have ü Learn how to perform substantive audit procedures for bank audit
ü Learn about the independent auditor’s report on bank audit
complementary concerns regarding the same matters though the
focus of their concerns is different. III. Learning Contents

There are many areas where the work of the BSP and of the external A. What is Philippine Auditing Practice Statements (PAPS) 1006?
auditor can be useful to each other. Communications from auditors
to management and other reports submitted by auditors can Philippine Auditing Practice Statements (PAPSs or Statements) are
provide BSP with valuable insight into various aspects of the bank’s issued by the Philippine Auditing Standards and Practices Council
operations. Such reports may be made available to the BSP (ASPC) to provide practical assistance to auditors in implementing
the Philippine Standards on Auditing (PSAs) or to promote good
practice. Statements do not have the authority of PSAs.
 principles in the Philippines.
This Statement is based on IAPS 1006, issued in December 2001 by
the International Auditing Practices Committee (IAPC) of the The objective of the audit of a bank’s financial statements
International Federation of Accountants. The IAPC bank audit conducted in accordance with PSAs is, therefore, to enable the
sub-committee included observers from the Basel Committee on auditor to express an opinion on the bank’s financial statements,
Banking Supervision (the Basel Committee). which are prepared in accordance with accounting principles
This Statement does not establish any new basic principles or generally accepted in the Philippines.
essential procedures; its purpose is to assist auditors, and to
develop good practice, by providing guidance on the The auditor’s report indicates that accounting principles generally
application of the PSAs to the audits of the financial statements of accepted in the Philippines have been used to prepare the
banks. The auditor exercises professional judgment to determine bank’s financial statements. When reporting on financial
the extent to which any of the audit procedures described in this statements of a bank prepared specifically for use in a country
Statement may be appropriate in the light of the requirements of other than the Philippines, the auditor considers whether the
the PSAs and the bank’s particular circumstances. financial statements contain appropriate disclosures about the
financial reporting framework used.
This PAPS shall be effective for audits of financial statements for
periods ending on or after December 31, 2003. Earlier application C. Agreeing the Terms of the Engagement
is encouraged. This PAPS supersedes “Audit Manual for
Commercial Banks” issued by the Auditing Standards and As stated in PSA 210, “Terms of Audit Engagements”:
Practices Council.
The engagement letter documents and confirms the auditor’s
acceptance of the appointment, the objective and scope of the
audit, the extent of the auditor’s responsibilities to the client and
B. Audit Objectives the form of any reports.

PSA 200, “Objective and General Principles Governing an Audit of In considering the objective and scope of the audit and the
Financial Statements,” states: extent of the responsibilities, the auditor considers his own skills and
competence and those of his assistants to conduct the
The objective of an audit of financial statements is to engagement. In doing so, the auditor considers the following
enable the auditor to express an opinion whether the factors:
financial statements are prepared, in all material respects,
in accordance with generally accepted accounting • the need for sufficient expertise in the aspects of banking relevant to the audit
of the bank’s
 business activities; regulatory or other special purpose accounting principles or describe procedures
undertaken especially to meet regulatory requirements.

• the need for expertise in the context of the IT systems and communication
networks the bank uses; and • The nature of any special communication requirements or protocols that may exist
between the auditor and the BSP and other regulatory authorities (e.g., the
Philippine Deposit Insurance Commission, SEC).
• the adequacy of resources or inter-firm arrangements to carry out the work
necessary at the number of domestic and international locations of the bank
at which audit procedures may be required. • The access that the BSP will be granted to the auditor’s working papers, and the
bank’s advance
consent to this access.
In addition to the general factors set out in PSA 210, the auditor
considers including comments on the following when issuing an
engagement letter.

• The use and source of specialized accounting principles, with particular reference to:

Ø any requirements contained in the law or regulations applicable to banks;

Ø pronouncements of the BSP and other regulatory authorities (e.g., the
Philippine Deposit Insurance Commission); o pronouncements of
relevant professional accounting bodies, for example, the Philippine
Accounting Standards Council;
Ø pronouncements of the Basel Committee on Banking Supervision; and o
industry practice.

Accoun&ng bodies’
pronouncements

Industry practice
• The contents and form of the auditor’s report on the financial statements and any
special-purpose reports required from the auditor in addition to the report on the
financial statements. This includes whether such reports refer to the application of
 D. Audit Planning their responsibilities for the supervision, control and direction of the
bank.
The audit plan includes:
The auditor obtains and maintains a good working knowledge of
1. Obtaining a sufficient knowledge of the entity’s business and governance the products and services offered by the bank. In obtaining and
structure, and a sufficient understanding of the accounting and internal maintaining that knowledge, the auditor is aware of the many
control systems, including risk management and internal audit functions.
variations in the basic deposit, loan and treasury services that are
2. Considering the expected assessments of inherent and control risks, being
offered and continue to be developed by banks in response to
the risk that material misstatements occur (inherent risk) and the risk that the market conditions. The auditor obtains an understanding of the
bank’s system of internal control does not prevent or detect and correct such nature of services rendered through instruments such as letters of
misstatements on a timely basis (control risk);
credit, acceptances, interest rate futures, forward and swap
3. Determining the nature, timing and extent of the audit procedures to be
contracts, options and other similar instruments in order to
performed; and considering the going concern assumption regarding the understand the inherent risks and the auditing, accounting and
entity’s ability to continue in operation for the foreseeable future, which will disclosure implications thereof.
be the period used by management in making its assessment under generally
accepted accounting principles in the Philippines. This period will
Service Organizations
4. ordinarily be for a period of at least one year after the balance sheet date. If the bank uses service organizations to provide core services or
Obtaining a Knowledge of the Business activities, such as cash and securities settlement, the responsibility
for compliance with rules and regulations and sound internal
controls remains with those charged with governance and the
Obtaining a knowledge of the bank’s business requires the auditor to management of the outsourcing bank. The auditor considers legal
understand:
and regulatory restrictions, and obtains an understanding of how
Ø the bank’s corporate governance structure;
the management and those charged with governance monitor
Ø the economic and regulatory environment in which the bank operates; and that the system of internal control (including internal audit)
Ø the market conditions existing in each of the significant sectors in which the bank operates effectively. PSA 402, “Audit Considerations Relating to
operates.
Entities Using Service Organizations” gives further guidance on this
subject.
Corporate governance plays a particularly important role in
banks; the BSP sets out requirements for banks to have effective
corporate governance structures. Accordingly, the auditor
obtains an understanding of the bank’s corporate governance
structure and how those charged with governance discharge
 Banking risks increase with the degree of concentration of a bank’s
exposure to any one customer,
industry, geographic area, or country.

For example, a bank’s loan portfolio may have large

concentrations of loans or commitments to industries, and some,
such as real estate, shipping and natural resources, may have
highly specialized practices. Assessing the relevant risks relating to
loans to entities in those industries may require a knowledge of
these industries, including their business, operational and reporting
\\\\ practices.

Most transactions involve more than one of the risks identified

above. Furthermore, the individual risks set out above may be
correlated with one another.

For example, a bank’s credit exposure in a securities transaction

may increase as a result of an increase in the market price of the
securities concerned. Similarly, non-payment or settlement failure
can have consequences for a bank’s liquidity position. The auditor
therefore considers these and other risk correlations when
analyzing the risks to which a bank is exposed.

Banks may be subject to risks arising from the nature of their ownership.

For example, a bank’s owner or a group of owners might try to

influence the allocation of credit. In a closely held bank, the
owners may have significant influence on the bank’s
management affecting their independence and judgment. The
auditor considers such risks.
Operational Risks Factors in a Bank: 5. The handling of large volumes of monetary items, including cash, negotiable
instruments and transferable customer balances, with the resultant risk of loss
arising from theft and fraud by employees or other parties.
1. The need to process high volumes of transactions accurately within a
short time. This need is almost always met through the large-scale use of IT,
with the resultant risks of: 6. The inherent complexity and volatility of the environment in which banks
a. failure to carry out executed transactions within the required time, operate, resulting in the risk of inappropriate risk management strategies or
causing an inability to receive or make payments for those accounting treatments in relation to such matters as the development of new
transactions; products and services.

b. failure to carry out complex transactions properly;

7. Operating restrictions may be imposed as a result of the failure to adhere to
c. wide-scale misstatements arising from a breakdown in internal control;
laws and regulations. Overseas operations are subject to the laws and
d. loss of data arising from systems’ failure; o corruption of data arising regulations of the countries in which they are based as well as those of the
from unauthorized
country in which the parent entity has its headquarters. This may result in the
interference with the systems; and need to adhere to differing requirements and a risk that operating
e. exposure to market risks arising from lack of reliable up-to-date procedures that comply with regulations in some jurisdictions do not meet the
information. requirements of others.

2. The need to use electronic funds transfer (EFT) or other telecommunications

systems to transfer ownership of large sums of money, with the resultant risk of PSA 240, “Fraud and Error,”
exposure to loss arising from payments to incorrect parties through fraud or
error. Fraudulent activities may take place within a bank by, or with the
knowing involvement of, management or personnel of the bank.
3. The conduct of operations in many locations with a resultant geographic
dispersion of transaction processing and internal controls. As a result:
Such frauds may include fraudulent financial reporting without the
motive of personal gain, (for example, to conceal trading losses),
a. there is a risk that the bank’s worldwide exposure by customer and or the misappropriation of the bank’s assets for
by product may not be adequately aggregated and monitored;
and
personal gain that may or may not involve the falsification of
b. control breakdowns may occur and remain undetected or
records. Alternatively, fraud may be
uncorrected because of the physical separation between perpetrated on a bank without the knowledge or complicity of the
management and those who handle the transactions. bank’s employees.

4. The need to monitor and manage significant exposures that can arise over PSA 240, “Fraud and Error,” gives more guidance on the nature of
short time-frames. The process of clearing transactions may cause a
the auditor’s responsibilities with respect to fraud. Although many
significant build-up of receivables and payables during a day, most of which
are settled by the end of the day. This is ordinarily referred to as intra-day areas of a bank’s operations are susceptible to fraudulent
payment risk. These exposures arise from transactions with customers and activities, the most common take place in the lending, deposit-
counterparties and may include interest rate, currency, and market risks.
taking, and dealing functions.
 1. Oversight and involvement in the control process by those charged with
Republic Act No. 9160, “The Anti- Money Laundering Act of 2001” (AMLA) governance
2. Identification, measurement and monitoring of risks

By the nature of their business, banks are ready targets for those 3. Control activities

engaged in money laundering activities by which the proceeds 4. Monitoring activities

5. Reliable information systems
of crime are converted into funds that appear to have a
legitimate source. In recent years drug traffickers in particular
Oversight and involvement in the control process by those charged with
have greatly added to the scale of money laundering that takes governance
place within the banking industry.
Those charged with governance should approve written risk
AMLA requires banks to establish policies, procedures and management policies. The policies should be consistent with the
controls to deter and to recognize and report money laundering bank’s business strategies, capital strength, management
activities. These policies, procedures and controls commonly expertise, regulatory requirements and the types and amounts of
extend to the following. risk it regards as acceptable.

• A requirement to obtain customer identification (“know your client”).

Those charged with governance are also responsible for
• Staff screening. • A requirement to know the purpose for which an account is to be establishing a culture within the bank that emphasizes their
used. commitment to internal controls and high ethical standards, and
• The maintenance of transaction records. often establish special committees to help discharge their
• The reporting to the authorities of suspicious transactions or of all
functions.
transactions of a particular type, for example, cash transactions over a
certain amount.
• The education of staff to assist them in identifying suspicious transactions. Management is responsible for implementing the strategies and
policies set by those charged with governance and for ensuring
PSA 250, "Consideration of Laws and Regulations in an Audit of Financial Statements" that an adequate and effective system of internal control is
gives guidance when an auditor discovers a possible instance of noncompliance with
established and maintained.
laws or regulations considers the implications for the financial statements and the audit
opinion thereon.
Identification, measurement and monitoring of risks

Understanding the risk management process Risks that could significantly impact the achievement of the bank’s
goals should be identified, measured,
An effective risk management system in a bank generally requires the and monitored against pre-approved limits and criteria.
following:
This function may be conducted by an independent risk
 management unit, which is also responsible for validating and Reliable information systems
stress testing the pricing and valuation models used by the front
and back offices. Banks ordinarily have a risk management unit Risk management models, methodologies and assumptions used
that monitors risk management activities and evaluates the to measure and manage risk should be regularly assessed and
effectiveness of risk management models, methodologies and updated. This function may be conducted by an independent risk
assumptions used. In such situations, the auditor considers whether management unit. Internal auditing should test the risk
and how to use the work of that unit. management process periodically to check whether
management polices and procedures are complied with and
Control activities whether the operational controls are effective. Both the risk
management unit and internal auditing should have a reporting
A bank should have appropriate controls to manage its risks, line to those charged with governance and management that is
including effective segregation of duties (particularly between independent of those on whom they are reporting
front and back offices), accurate measurement and reporting of
positions, verification and approval of transactions, reconciliations
of positions and results, setting of limits, reporting and approval of Development of an Overall Audit Plan
exceptions to limits, physical security and contingency planning.
In developing an overall plan for the audit of the financial
Monitoring activities statements of a bank, the auditor gives particular attention to:

Risk management models, methodologies and assumptions used

to measure and manage risk should be regularly assessed and
updated.

This function may be conducted by an independent risk

management unit. Internal auditing should test the risk
management process periodically to check whether
management policies and procedures are complied with and
whether the operational controls are effective. Both the risk
management unit and internal auditing should have a reporting
line to those charged with governance and management that is
independent of those on whom they are reporting.
 with achieving objectives such as the following.

• Transactions are executed in accordance with management’s general or specific

authorization
• All transactions and other events are promptly recorded at the correct
amount, in the appropriate accounts and in the proper accounting period
so as to permit preparation of financial statements in accordance with
accepted principles generally accepted in the Philippines
• Access to assets is permitted only in accordance with management’s authorization
• Recorded assets are compared with the existing assets at reasonable
intervals and appropriate action is taken regarding any differences.

The Basel Committee on Banking Supervision has issued a policy paper, "Framework
for Internal Control Systems in Banking Organisations" (September 1998), which Audit Procedures
provides banking supervisors with a framework for evaluating banks’ internal control
systems. This framework is used by many banking supervisors and may be used during
• inspection;
supervisory discussions with individual banking organizations. Auditors of banks’
financial statements may find a knowledge of this framework useful in understanding • observation;
the various elements of a bank’s internal control system. • inquiry and confirmation;
• computation; and
The auditor obtains an understanding of the accounting and • analytical procedures.
internal control systems sufficient to plan the audit and develop
1. Define the different assertions stated above.
an effective audit approach. After obtaining the understanding,
2. Define the audit procedures stated above and site situations when/where the
the auditor considers the assessment of inherent and control risks auditor performs such audit procedures.
so as to determine the appropriate detection risk to accept for
the financial statement assertions and to determine the nature,
timing, and extent of substantive procedures for such assertions. E. Reporting on the Financial Statements

Where the auditor assesses control risk at less than high, In expressing an opinion on the bank’s financial statements, the
substantive procedures are ordinarily less extensive than are auditor:
otherwise required and may also differ in their nature and timing.
• adheres to any specific formats and terminology specified by the law, the
regulatory authorities, professional bodies and industry practice; and
Identifying, Documenting and Testing Control Procedures
• determines whether adjustments have been made to the accounts of foreign
PSA 400, "Risk Assessments and Internal Control" indicates that branches and subsidiaries that are included in the consolidated financial
internal controls relating to the accounting system are concerned statements of the bank to bring them into conformity with generally
 accepted accounting principles in the Philippines. This is particularly relevant
in the case of banks with foreign branches and subsidiaries because most
V. References
countries local regulations prescribe specialized accounting principles
applicable primarily to banks. This may lead to a greater divergence in the
accounting principles followed by branches and subsidiaries, than is the case
ü Philippine Auditing Practice Statement 1006 AUDITS OF THE FINANCIAL
STATEMENTS OF BANKS
in respect of other commercial entities.

The financial statements of banks are prepared in the

context of the legal and regulatory requirements and
accounting policies are influenced by such regulations.

• The BSP regulatory accounting principles for banks (RAP) may differ materially
from generally accepted accounting principles (GAAP).

• When the bank is required to prepare a single set of financial statements that
comply with both frameworks (i.e., RAP and GAAP), the auditor may express
a totally unqualified opinion only if the financial statements have been
prepared in accordance with both frameworks. If the financial statements
are in accordance with only one of the frameworks, the auditor expresses an
unqualified opinion in respect of compliance with that framework and a
qualified or adverse opinion in respect of compliance with the other
framework.

• When the bank is required to comply with RAP instead of GAAP, the auditor
considers the need to refer to this fact in an emphasis of matter paragraph.

Banks often present additional information in annual reports that

also contain audited financial statements. This information
frequently contains details of the bank’s risk adjusted capital, and
other information relating to the bank’s stability, in addition to any
disclosures in the financial statements.

PSA 720, “Other Information in Documents Containing Audited

Financial Statements” provides guidance
on the procedures to be undertaken in respect of such additional
information.