Section 16. Economy and management
Griselda Qela, Ph D., candidate in Finance Part-time Lecturer, Department of Finance, Faculty of Economy, University of Tirana, Albania Branch Manager, Credins Bank sh.a, Tirana, Albania, E-mail: griselda_cela@hotmail.com
EFFICIENCY OF INTERNAL AND EXTERNAL CONTROL SYSTEMS IN BANKS OF SECOND LEVEL
Abstract: Financial crises of recent years have highlighted several weaknesses within the risk management, control and bank governance, auditing and financial oversight. This has led to an increased review of relevant roles and interactions of bank supervisors and external auditors who are key contributors to the market discipline. Auditors ensure that financial information is transparent and reliable while supervisors provide confidence in financial systems. On the other hand, auditors and auditors also allow market players to make decisions based on this information and contribute to financial stability. In 2014, the Basel Committee on Banking Supervision investigated the interaction between overseers and external auditors, enabling their relationships to improve the quality of banks' audit, financial statements and effective supervision of the banking system. This paper aims to provide an overview in what is happening with the audit in the Albanian banking system by highlighting the topics and issues that have been constantly subject to discussion between the auditors.
Keywords; Internal Audit, External Audit, banking system, auditing, banking supervision, internal control.
Introduction ous result in that situation. Under certain circumstances, the
The Internal Audit Process is responsible for "interpreting CPA may want to emphasize specific issues with respect to the
and collecting evidence of selected business facts", enabling financial statements even though it or it intends to express an
managers to keep track of significant business developments, unqualified opinion on the statements. Normally, these ex-
activities and results from varied and voluminous transactions planations should be included in a separate paragraph in the
(Mautz [5]). Complexity and increasing volume of transac- report. Examples of disclosures that the auditor can report as
tion complexity, remoteness of owners / managers from the an emphasis of an issue may include the following: source of transactions and of any party reporting, technical • Existence of related party in transactions; and accounting expertise to review business activities in an • Important events occurring after the balance sheet date; understandable way, the need for an organizational status to • Description of accounting issues that affect the compa-
ensure independence and objectivity, as well as the procedural rability of financial statements with those of the previous year; discipline, all contributed to the creation of Internal Audit • Material uncertainties.
within the companies. The main auditor who gives the opinion on the financial
However, Rule 203 of the Code of Professional Conduct statements is called the principal auditor according to AICPA's
states that in unusual situations, the violation of a generally audit standards and the engagement team partner according
accepted accounting principle does not necessarily require to AICPA's audit standards. The other auditor performs work
a negative opinion on the principle in question. However, to on the financial information of a component that is called a
justify an unqualified opinion, the auditor should state and component auditor according to AICPA's audit standards. explain, in a separate paragraph or section in the audit report, It is essential that auditors and readers of audit reports
that observance of the principle would produce an errone- understand the circumstances when a report is unqualified
Section 16. Economy and management
or inappropriate and cases when a certain type of audit report issued under each circumstance. In studying audit reports that are part of an unqualified report, there are three closely related topics: conditions that require a departure from an unqualified opinion, types of opinions different from the unqualified opinions and materiality. When the auditor has not accumulated sufficient evidence to conclude whether the financial statements have been declared in accordance with the proper financial reporting, there is a limitation on scope. There are two main causes of scope limitations: customer - imposed restrictions and those caused by circumstances beyond client control or the auditor. An example of client restriction is the refusal to allow the auditor to confirm material receivables or to physically examine the inventory. An example of a limitation caused by the circumstances is when the auditor is not assigned until after the end of the customer's year. It may not be possible to physically observe inventories, confirm receivables, or perform other important procedures after the balance sheet date (Levine, Siegel, Qureshi, & Dauber, [4]).
Internal audit should conduct periodic audits and review all the processes and procedures that banks apply for the continuous provision and control of the physical and information security system. The Bank's internal regulatory framework should be fully in line with those of the national regulations in force, such as the Central Bank's specific regulation on "Minimum Security Requirements in the Banking and Financial Activities Areas and for Monetary Value Transport" as well as in accordance with the structure, objectives, organization's activity and the best practices applied in this field. Lack of respect for these procedures in many cases leads to great operational losses. That is why auditing physical and informal security is an important task, as a third defensive line. Of course, cooperation with the second line of defense (such as Security, Operational Risk, Fraud and Prevention, Human Resources, Compliance etc.) should be a focus on everyday business. Experience has shown that strong co-operation of these structures has produced very good results in creating a safe environment (Eden & Moriah, [3]).
It is also required to keep in mind that banks evolve and consequently their security structures will change. Considering this, security auditing is not just a task, it is also a constant effort to improve the protection of IT and physical security. Security is defined by frameworks, processes, and procedures, but in the end it is a challenge for each member of the organization. Although Internal Audit, like any other Bank structure, already has a broad knowledge base in this area as well as security incidents, there are still many challenges, as many new methods or schemes of fraud are was used today. This is because self-confidence is affected by the human factor, which is unpredictable as well as the daily developments of technology.
That is why audits in this area and risk assessments as well as the recommendation of measures for their administration and mitigation will always be a challenge. These risks need to be constantly monitored in order to comply with security standards and to maximally prevent, in time, all threats that may arise in the Bank (Revista Shkenca dhe Jeta, [6]).
The Corporate Governance Improvement Committee's principles emphasize that banks should have an internal audit function with sufficient authority to reflect the real situation of what is happening within the system. A robust internal control system, including an independent and effective internal audit, is part of sound banking governance. Bank supervisors should be vigilant with regard to the effectiveness of the internal audit function of the bank, that policies and practices are followed closely and that management takes appropriate and timely corrective action in response to internal audit findings identified by the auditors the interior. An internal audit function provides vital assurance to the board of directors of a bank and high management in terms of the quality of the internal control system of the bank. In doing so, the audit function helps to reduce the risk of loss and reputational damage to the bank (Basel Committee on Banking Supervision [1]).
Supervisors and auditors possess a lot of skills and specific knowledge on how control is carried out. External auditors can take part in the supervisory process by performing additional work at the request of supervisors, providing more reasonable or limited assurance in a range of areas such as internal controls, IT systems or risk management. External auditors contribute to strengthening oversight proce- dures.
However, audit information has not always been revised during regular bank inspection and supervisors do not always have a good understanding of what an external audit involves and how they can rely on the work of auditors. Practices differ in terms of the purpose of the work of auditors, the extent of the auditors' contributions to the oversight process, and the type of insurance they provide (Centre for Financial Reporting Reform Governance Global Practice [2]).
Conculsions
Referring to the internal audit in second tier banks in Albania (data obtained from internal reports in this sector) is concluded as follows:
• Audit reports are communicated once a year in a summarized and general way. While throughout the calendar year, employees are briefed on specific issues that affect their interests, while re-emphasizing the importance of following recommendations for negative findings in the audit report.
• Audit reports are generally logical and coherent, contain complete supporting information and each finding is accompanied by relevant recommendations. However, there are
those who are dissatisfied with the way in which the report is written, considering that they are not based on practicality, the prohibition on non-important issues does not appear in time as it is not preceded by problems that have been identified as negative findings, etc.
• Negative findings in the audit report indicate that there have been problems during the audit or describe situations that need to be corrected. Regarding their frequency or quantity, they say that there are many of them regarding the human factor and the uncertainty of the proceeds that need to be followed. In the entirety of the violations expressed by them (often influenced also by the position or information they have), we mention examples of practice of negative findings as follows: Lack of physical evidence in the registration of transfers, opening of the branch door before the official opening hours the lack of original orders in the transactions executed, the changes in its operations, and so on.
• For all cases of finding violations or negative findings, the recommendation is the implementation of the internal procedures of each bank and the maintenance and follow-up of laws for banking institutions in Albania.
• Most banking units include in their activity all areas of responsibility of the banking group they represent.
• Almost all the external audit reports of banks that have been studied have been conducted by the largest accounting companies operating in Albania (one of the BIG FOURs), which gives a greater reliability to the audit report and bank performance.
• External audit of all banks taken in the study is carried out only on the Bank's Financial Statements. All reports on the bank's financial position, whether by KPMG, E & J, PWC, or DELOITTE, have a uniformity in their realization. They all note the policy pursued by the bank for FP and make a summary of the bank's financial situation by not leaving the framework.
References:
1. Basel Committee on Banking Supervision. The internal audit function in banks. Basel Committee on Banking Supervision. 2012.
2. Centre for Financial Reporting Reform Governance Global Practice. Banking Supervisors and External Auditors: Building a Constructive Relationship. Vienna - Austria: The World Bank. 2015.
3. Eden L., & Moriah L. Impact of Internal Audit on Bank Branch Performance: A field experiment, Organizational Behaviour and Human Decision Processes. VOL 68, 1996. - P. 262-272.
4. Levine M., Siegel J., Qureshi A., & Dauber N. The Complete Guide to Auditing Standards and Other Professional Standards for Accountants. Somerset, USA: John Wiley & Sons, Inc. 2008.
5. Mautz R. Philosophy ofAuditing. Amer Accounting Assn. 1964.
6. Revista Shkenca dhe Jeta. Roli i funksionit te Auditimit te Brendshem ne Sigurine Bankare. Shkenca dhe j eta. 2016. Shtator.