An external audit program encompasses engaging an independent auditor to perform a full-scope financial statement audit, a balance-sheet-only audit, an attestation of internal controls over financial reporting, or other agreed-upon external audit procedures. Outsourced or co-sourced internal audit activities are not considered part of an external audit program.
An effective external audit function often provides the board of directors and management with:
• Reasonable assurance about the effectiveness of internal controls over financial reporting, the accuracy and timeliness in recording transactions, and the accuracy and completeness of financial and regulatory reports.
• An independent and objective view of a bank’s activities, including processes relative to financial reporting.
• Information useful to directors and management in maintaining a bank’s risk management processes.
External Audit Function
Internal Audit Function in Bank
The primary role of internal auditors is to independently and objectively review and evaluate bank activities to maintain or improve the efficiency and effectiveness of a bank’s risk management, internal controls, and corporate governance. They do this by:
• Evaluating the reliability, adequacy, and effectiveness of accounting, operating, and administrative controls.
• Ensuring that bank internal controls result in prompt and accurate recording of transactions and proper safeguarding of assets.
• Determining whether a bank complies with laws and regulations and adheres to established bank policies.
• Determining whether management is taking appropriate steps to address current and prior control deficiencies and audit report recommendations.
Internal auditors must understand a bank’s strategic direction, objectives, products, services, and processes to conduct these activities. The auditors then communicate findings to the board of directors or its audit committee and senior management.
In addition, internal auditors often have a role in merger, acquisition, and transition activities. This role may include such duties as helping the board and management evaluate safeguards and controls, including appropriate documentation and audit trails, during the bank’s acquisition planning and implementation processes.
