You are on page 1of 55

Strength Of Internal Audit

To Mitigate Banking Risks


Banking Sector

Group Members
Iqra shaikh
Hina Awan
Ramsha Aftab
Talia Iqbal
Ali Raza Jaffry
Awais Mumtaz

Introduction
An audit is an objective examination and evaluation of the financial
statement of an organization to make sure that the records are fair and
accurate representation of the transactions they claim to represent. (Ref)

Audit objectives
Primary Objective
To produce a report by the auditor of his opinion of the truth and fairness of
financial statements so that any person reading and using them can belief
in them.
Secondary Objective
To detect Error and Fraud
To prevent Errors and fraud by the deterrent and moral effects of Audit

History of Auditing

Timeline (Inshort)

Types of Audit
]
Internal

audit
Internal Audit in banking Sector
Internationally
In Pakistan
External audit

Traditional and risk based


auditing and difference

Audit process

Staffing the audit team.


Creating an audit project plan.
Laying the groundwork for audit.
Analyzing audit results.
Sharing audit results.
Writing audit results.
Dealing with resistance to audit recommendations.
Building an ongoing audit programs.

Rational of the Research

There exist a gap in literature..


Research will identify which bank follows the traditional and which follows
the current auditing methodology.
It is the research which provides the comprehensive picture to identify
which bank is or should follow to mitigate their risk also show the efficiency
of internal audit toward the mitigation of future uncertainties.
The rational of research is gap between the actual practices and best
practices which banking sector should follow in order to mitigate risks like
(credit, systemic, market, operational, reputational, liquidity) in efficient way.

Literature Review
Types of Risks faced by banks
Best practices in internal audit
Relationship b/w internal audit characteristics and
risks
Empirical researches

Risks faced by the banks

Market risk
Systemic risk
Operational risk/fraud risk
Liquidity risk
Credit risk
Reputational risk

Market risk
Market risk is the risk that the value of an investment will
decrease due to moves in market factors.
The four standard market risk factors include:
Equity risk, or the risk that stock prices will change.
Interest rate risk, or the risk that interest rates will change.
Currency risk, or the risk that foreign exchange rates will
change.
Commodity risk, or the risk that commodity prices (i.e. grains,
metals, etc.) will change.

Systemic risk

Systematic risk, also known as "market risk" or "un-diversifiable risk", is the


uncertainty inherent to the entire market or entire market segment. Also
referred to as volatility, systematic risk consists of the day-to-day
fluctuations in a stock's price.
Types of Systemic risk
Banking panics
Banking crises due to falling asset prices. Contagion; financial architecture.
Foreign exchange mismatches in the banking system and behavioral effects
from
uncertainty

OPERATIONAL RISK
Operational risk is the prospect of loss resulting from inadequate or failed
procedures, systems or policies. Any event that disrupts business
processes.
Types of Operational risk.
Internal fraud
External fraud
Employment practices and workplace safety
Clients, products, & business practice
Damage to physical assets
Business disruption and systems failures.

Fraud risk
Bank fraud is the use of potentially illegal means to obtain money, assets, or
other property owned or held by a financial institution, or to obtain money
from depositors by fraudulently posing as a bank or other financial
institution.
The four biggest fraud in banks
Electronic fraud.
Identity theft
Credit/Debit card fraud
Cheque fraud.

Reputational Risk
Reputational risk, often called reputation risk, is a risk of loss resulting from
damages to a firm's reputation, in lost revenue; increased operating, capital
or regulatory costs; or destruction of shareholder value, consequent to an
adverse or potentially criminal event even if the company is not found guilty.
Adverse events typically associated with reputation risk include ethics,
safety, security, sustainability, quality, and innovation.

Liquidity Risk

Liquidity risk can be of the following types:


Market liquidity
Market liquidity refers to the extent to which a market, such as a country's
stock market or a city's real estate market, allows assets to be bought and
sold at stable prices. Cash is the most liquid asset, while real estate, fine art
and collectibles are all relatively illiquid.
Funding liquidity
A classic indicator of funding liquidity risk is the current ratio (current
assets/current liabilities), or for that matter, the quick ratio. A line of credit
(LOC) would be a classic mitigate. Market (asset) liquidity risk is asset
illiquidity.

Credit Risk
credit risk refers to the risk that a borrower may not repay a loan and
that the lender may lose the principal of the loan or the interest
associated with it.
Credit default risk
A credit risk is the risk of default on a debt that may arise from a
borrower failing to make required payments. In the first resort, the risk is
that of the lender and includes lost principal and interest, disruption to
cash flows, and increased collection costs.
Concentration risk
Concentration risk is a banking term denoting the overall spread of a
bank's outstanding accounts over the number or variety of debtors to
whom the bank has lent money.

Country risk
Country risk is the risk that a foreign government will default on its bonds or
other financial commitments. Country risk also refers to the broader notion
of the degree to which political and economic unrest affect the securities of
issuers doing business in a particular country.
Sovereign Risk

Sovereign risk is the risk that a foreign central bank will alter its foreign
exchange regulations, significantly reducing or completely nullifying the
value of its foreign exchange contracts.
Counterparty Risk

Counterparty risk is the risk to each party of a contract that the


counterparty will not live up to its contractual obligations. Counterparty
risk is a risk to both parties and should be considered when evaluating
a contract.

Best
Practices

Best Practices
Following are the possible best practices of internal audit department, which can
mitigate all the possible risks faced by commercial banks of Pakistan:

Mandate
Clear objectives and enterprise-wide authority.
Authority to carry out its responsibilities independently.
Right of access to the institutions records.
A requirement to express an opinion on the effectiveness of controls.
Authority to follow-up.
The mandate is communicated within the institution.

Organizational Structure
Stature and authority of the function head to be effective in fulfilling its
mandate.
Direct access to the CEO and the Board (or Audit Committee).
Internal Audit department structure.
Independence of activities and day-to-day internal control processes.

Resources
Level of resources necessary to carry out responsibilities.
Qualifications and competencies of staff.
Continuing professional development programs to enhance staff
competencies.

Methodology And Practice


Policies and practices that are generally acceptable industry practices and
current professional standards.
Appropriateness of audit methodologies and practices to execute the Audit
departments mandate.
Audit methodology is risk-based? Responds to changes in the institutions
risk profile.

Planning
Adequacy of policies and practices to review audit cycles in response to
changes in the institutions environment and risk profile.
Extent to which the annual audit planning process clearly identifies audit
objectives and scope of work.

Reporting
Adequacy of policies and practices to report audit findings and
recommendations to management.
Adequacy of policies and practices to follow-up on the resolution of audit
findings and recommendations.

Quality Assurance
Adequacy of policies and practices for monitoring of audit staff to ensure
that they comply with standards of professional practice and utilize
approved methodology in executing their reviews.

Board Oversight
Extent to which Board (or Audit Committee) approval is required for the
appointment and/or removal of the Audit head.
b) The internal auditing mandate, resources and the annual work plan.
Adequacy of policies and practices to report periodically to the Board (or
Audit Committee) on audit findings, recommendations and progress in
meeting annual audit plan.

CHARACTERISTICS OF BEST
PRACTICES OF INTERNAL AUDIT

RISKS WHICH ARE REDUCED BY


INTERNAL AUDIT

Mandate
.

Business risk
Credit Risk
Operational risk
Market Risk
Systemic Risk

Organization Structure
2.1 Appropriateness of the stature and
authority of the function head within
the organization for the function to be
effective in fulfilling its mandate.
2.2 Extent to which the function head
has direct access to the CEO and the
Board (or Audit Committee).
2.3 Appropriateness of the functions
organization structure.
2.4 Extent to which the function is
independent of activities it audits and
day-to-day internal control processes.

Risk which are Mitigated by


Organizational structure
Moral Hazards
Operational risk
Market Risk
Business risk

Resources
3.1. Adequacy of the functions
processes to determine the required:
a) Level of resources necessary to
carry out responsibilities;
b) Qualifications and competencies of
staff; and
c) Continuing professional
development programs to enhance
staff competencies.
3.2 Adequacy of the functions
resources and appropriateness of its
collective qualifications and
competencies for executing its
mandate.
3.3 Sufficiency of staff development
programs

Risk which are Mitigated by


Resources
Operational Risk
Business Risk
Market Risk

Methodology and Practices


4.1 Adequacy of policies and practices to
ensure that audit methodologies conform to
generally accepted industry practices and
current professional standards.
4.2 Appropriateness of audit methodologies
and practices to execute the functions
mandate.
4.3 Extent to which the functions audit
methodology is risk-based and responds to
changes in the institutions risk profile.
Planning
5.1 Adequacy of policies and practices to
review audit cycles in response to changes
in the institutions environment and risk
profile.
5.2 Extent to which the annual audit
planning process clearly identifies audit
objectives and scope of work.

Risks which are Mitigated by


Methodology and Practices
Business risk
Credit Risk
Liquidity Risk

Reporting
6.1. Adequacy of policies and
practices to report audit findings and
recommendations to management.
6.2. Adequacy of policies and
practices to follow-up on the
resolution of audit findings and
recommendations.

Risks which are Mitigated by


Reporting
Operational Risk

Quality Assurance
7.1 Adequacy of policies and practices
for monitoring of audit staff to ensure
that they comply with standards of
professional practice and utilize
approved methodology in executing
their reviews.

Risks which are Mitigated by


Quality Assurance
Operational Risk

Senior Management and


Board Oversight
8.1 Extent to which Board (or Audit
Committee) and Senior Management
approval is required for:
a) The appointment and/or removal of the
function head;
b) The functions mandate and resources;
and
c) The functions annual work plan.
8.2 Adequacy of policies and practices to
report periodically to the Board (or Audit
Committee) and Senior Management on
audit findings, recommendations and
progress in meeting annual audit plan
(including the impact of any resource
limitations).
8.3 Adequacy of policies and practices to
perform regular independent reviews of the
function (including feedback received from
the institutions external auditor) and to
communicate the results to the Board (or
Audit Committee) and Senior Management.

Risks which are Mitigated


by Senior Management and
Board oversight
Moral Hazards
Operational risk

Empirical Researches

Effect of Internal Audit on Market risk


Name of
Author

Name of Paper

Robert P.
LIFO-FIFO,
Derstine and
Accounting Ratios
Ronald J. Huefner and market risk

Thomas J.
Linsmeier, Daniel
B. Thornton,
Mohan
Venkatachalam
and Michael
welker

The Effect of
Mandated Market
Risk Disclosures on
Trading Volume
Sensitivity to
Interest Rate,
Exchange Rate, and
Commodity Price
Movements

Year

Objective

Methodology

Results

1974

The summary
statistics for market
studies, Beaver,
sample size: 90
risk are similar to
Kettler, and Scholes companies
those reported by
attempted to relate
other studies.'4 The
some accounting
sampling combined sample
ratios which can be technique: convenient mean of 0.917 is
viewed as measures , Moody's Industrial close to the value of
of the riskiness of a Manuals
1.0 which represents
firm's securities to the
the "average"
familiar "beta"
country/state:
riskiness of all New
market risk measure.
Chicago
York Stock Exchange
firms that comprise
Fisher's index.

2002

Consistent with the


Two streams of
results of prior
research on market
studies, we find that
risk exposures are
sample size: 222
the coefficients of
germane to this study. firms disclosure
SQMKTVOL and
Studies in the first
SQIRETI are positive
stream establish that
and statistically
stock prices are
sampling technique: significant in each
sensitive to changes convenient
panel at p < 0.0001.
in interest rates,
In interpreting our
currency exchange country: Canada
results,we use a
rates, and commodity
statistical cutoff level
prices.
of p c 0.05 to reject
the null hypothesis.

The Sensitivity Of Bank Stock Returns To Market, Interest And Exchange


Rate Risks
This paper presents and estimates a multifactor model of bank stock returns
that incorporates market return, interest rate and exchange rate risk factors. A
model of the optimizing behavior of an international banking firm is used to
derive the sensitivity coefficients of the alternative factors. Regression
equations are estimated that are based on either actual or unexpected values
of the underlying factors with a post-October 1979 time dummy variable and
with a money center bank dummy variable. Standard results are obtained for
the market and interest rate variables while new results are derived for the
exchange rate variable. The specific effects of the latter variable are found to be
dependent on the time period of observation and the money center status of
banks. (Choi, Kopecky, & Elyasiani, 1992)

Liquidity provision, banking, and the allocation of interest rate risk


The paper studies the efficient allocation of technology-induced interest rate
risk and the implications of such risk for efficient liquidity provision. Complete
immunization against interest rate risk is shown to be undesirable as it
precludes the exploitation of favorable reinvestment opportunities. Under the
assumptions of Diamond-Dybvig (1983), interest-induced valuation risks of
long-term assets should be borne by early withdrawers, reinvestment
opportunity risks of short-term assets by late withdrawers. Efficient liquidity
provision thus entails no shifting of interest rate risk. In the absence of
additional moral hazard, second-best allocations can be implemented through
unregulated competition among banks. (Hellwig, 1994)

Systemic risk
Name of
Author

Name of
Paper

Year

The
Determinants
Pasquale di
of Systematic
Biase&Elisa
Vol. 4, No. 11;
Risk in the
bettaDApoli
2012
Italian
to.
Banking
System.

Objective

Methodology Results
Results indicate
that bank
equity beta
correlates
We use a
positively with
Provides an
number of
bank size and
insight to the
regression
with the relative
main
models to test volume of loans
determinants
the statistical
and intangible
behind the
significance of a assets. We find
systematic risk wide range of no evidence
of banks.
bank-specific
that lower
risk factors.
leveraged
banks may be
exposed to
lower
systematic risk.

Systemic Risk and the Financial Crisis: A Primer


The objective of this article examines the role of systemic risk in the banks.
Systemic concerns prompted the audit department to prevent the
bankruptcy of several large financial firms. The authors explain why the
failures of financial firms are more likely to pose systemic risks than the
failures of nonfinancial firms and discuss possible remedies for such risks.
They conclude that the banks could benefit from reforms that reduce
systemic risks, such as the creation of an improved regime for resolving
failures of large financial firms. (Bullard, Neely, & Wheelock, 2009)

Liquidity Risk
Name of
Author

Name of
Paper

The Effect of
Liquidity Risk
Naser Ail
on the
Yadollahzade
Performance
h Tabari,
of Commercial
Banks

Year 2Objective

In this research, the


performance of
fifteen Iranian banks
is examined (Note 2)
during an eight-year
period from 2003 to
2010 using of panel
data.
The required data is
drawn from the
studied banks and
2013
the data related to
Macro economic
variables including
the growth of gross
domestic product,
consumer price index
are drawn from
central bank's site in
order to calculate the
inflation ratio

Methodology Results
In this research,
the
performance of
fifteen Iranian
banks is
examined (Note
The result
2) during an
shows that
eight-year
liquidity risk
period from
has a
2003 to 2010
significantly
using of panel
negative effect
data.
on both criteria
The required
of the
data is drawn
performance
from the studied
i.e. return on
banks and the
asset and
data related to
return on
Macro economic
equity. It
variables
means that
including the
liquidity risk
growth of gross
will cause to
domestic
weaken the
product,
performance of
consumer price
bank.
index are drawn
from central

Credit Risk
Name of Author

Name of
Paper

The Impact of
the Internal
Audit in
Reducing
Shqipdona
Hashani Siqani & Credit
Edona Sekiraca Risk in
Commercial
Banks in
Kosovo

Effect of
internal
Ellis Kofi Akwaa controls on
Sekyi & Jordi
credit risk
Moreno Gene
among listed
Spanish

Year

Objective

The aim of this


European
research is to
Scientific
reveal the role of
Journal
internal audit in
February
managing the
2016 edition credit risk in
vol.12, No.4 commercial
banks in Kosovo.

January,
2016

The paper
examines the
effectiveness of
internal control
systems, credit
default risk as a
result of internal
control systems
and establishes

Methodology

Results

The results
showed that
This research
credit risk is the
was conducted
dominant risk in
by surveys and
which the
the
banking system
questionnaires,
in Kosovo is
which were filled
exposed.
by directors of
Therefore, any
audit
commercial bank
departments of 7
operating, in
commercial
Kosovo, must
banks. (27
have a system
Questions)
for managing
credit risk.
Findings showed
that there is
significant effect
of internal
controls on credit
Quantitative
risk especially
research
the control
approach is used environment,
to test
risk
hypotheses on
management,
the relationship control activities
between internal and monitoring.
controls and
The non-

Name of Author

Name of
Paper

Year

Objective

Methodology

Results

The study was


carried out as a The results
cross-sectional showed that the
To analyze the
survey where
role of internal
role of internal
the study
audit in
An Analysis
audit in
population was implementing
of the Role of
implementing
99 respondents enterprise risk
Internal Audit
enterprise risk
from 9 state
Management
Dr. Odoyo
in
Management in
corporations.
indicate a
Fredrick S, Dr. Implementin
state
Vol. 5, No.
Data was
moderately
Omwono
g Risk
corporations in
6; May
collected using a strong positive
Gideon A &
Management
Kenya. To
2014
standardized
and Significant
Mr.Okinyi
-a
identify the risk
questionnaire. correlation
Narkiso
Study of
management
The study used between role of
State
practices
Pearsons
internal audit
Corporations
adopted by
Product Moment and
in Kenya
state
Coefficient to
implementation
corporations in
show the
of enterprise
Kenya
relationship
risk
between the
management.
variables.

Effect of internal controls on credit risk among listed Spanish banks


Ellis Kofi Akwaa Sekyi and Jordi Moreno Gene (2015) stated this paper examines
the effectiveness of internal control systems, credit default risk as a result of internal
control systems and establishes a relationship between internal controls and credit risk.
Quantitative research approach is used to test hypotheses on the relationship between
internal controls and credit risk among listed banks in Spain.
The study find that internal control systems are in place but their effectiveness cannot
be guaranteed. This exposes Spanish listed banks to serious default situations. There
is significant effect of internal controls on credit risk especially the control environment,
risk management, control activities and monitoring. The non-disclosure of material
internal control weakness is a contributory factor to the ineffective internal control
systems. There is however a perceived board ineffectiveness which does not augur well
for effective internal control systems. Board characteristics for Spanish banks confirm
the agency theory.

The Impact of the Internal Audit in Reducing Credit Risk in Commercial


Banks in Kosovo
Shqipdona Hashani Siqani & Edona Sekiraca (2016) stated that the aim of this
research is to reveal the role of internal audit in managing the credit risk in
commercial banks in Kosovo.
This research was conducted by surveys and the questionnaires, which were filled
by directors of audit departments of 7 commercial banks. (27 Questions).
The results showed that credit risk is the dominant risk in which the banking
system in Kosovo is exposed. Therefore, any commercial bank operating, in
Kosovo, must have a system for managing credit risk.

An Analysis of the Role of Internal Audit in Implementing Risk Management- a


Study of State Corporations in Kenya
Dr. Odoyo Fredrick S, Dr. Omwono Gideon A & Mr.Okinyi Narkiso (May, 2014)
stated that the purpose of this research is to analyze the role of internal audit in
implementing enterprise risk Management in state corporations in Kenya. To identify
the risk management practices adopted by state corporations in Kenya.
The study was carried out as a cross-sectional survey where the study population
was 99 respondents from 9 state corporations. Data was collected using a
standardized questionnaire. The study used Pearsons Product Moment Coefficient
to show the relationship between the variables.
The results showed that the role of internal audit in implementing enterprise risk
Management indicate a moderately strong positive and Significant correlation
between role of internal audit and implementation of enterprise risk management.

Operational Risk
Name of
Author

Name of Paper

Year

Methodology

Results

The Determinants
of Operational
ANNA
Risk in U.S.
2011
CHERNOB
Financial
AI
Institutions

1) Sample: 30 U.S.
Banks
2) Sampling
Technique:
Convenient.
3) Country: United
States of America.
4)Questionnaire
5) Regression
Analysis: Poisson
Regression Model

Internal factors contribute


to the occurrence of
operational risk. Banks
suffering from different
types of operational risk
tend to have Weak financial
performance. Operational
risk can be mitigated by
improvement in internal
control and management
oversight.

JOS
FRANCIS
CO
MARTNE
ZSNCHEZ
A

1) Sample:
Commercial Banks
2) Sampling
Technique: Random
sampling technique.
3) Country: Mexico.
5) Regression
Analysis: Bayes
Theorem.

An analysis on
operational risk in
international
2016
banking: A
Bayesian
approach

Bayesian approach helps to


mitigate operational risk in
commercial Banks.
This framework enabled to
minimize operational risk
for the studied business of
commercial banks.

The Determinants of Operational Risk in U.S.


Financial Institutions
Operational losses in a bank lead to collapse of internal control system and the
firms suffering from these losses perceive to have other risk such as credit risk
etc.. This research study spotlights the correlation between operational risk and
credit risk, as well as the role of proper managerial incentives in mitigating
operational risk. Operational risk is observed in day to day operations of banks
and sometimes difficult to predict. The purpose of the research paper is to
identify risks faced by banks and discover the internal audit practices that
enable to mitigate the risks. The main objective of internal audit is to mitigate
operational risk through proper documentation. Hence, in order to mitigate
operational risk it is indispensable to examine the day to day operations of
bank. Finance mangers need to carefully integrate and engineer an effective
operational risk framework to avoid fraud and fake manipulation of data.
Moreover, the Audit Committee, Board of Directors along with Finance
Managers should keep a record on everyday banking activities to avoid
operational risks.

Reputational Risk
Name of
Author

Walter, Ingo

Name of
Paper

Reputational
Risk and
Conflicts of
Interest in
Banking and
Finance: The
Evidence So
Far

Year

Objective

Methodology

Results

An analytical study
have been conducted
a. Define reputational
through this paper on
risk in financial
The loss of an
the case of The Bank
intermediation and to
institution's franchise
of Spain taking
identify the proximate
value can far outweigh
control of the
sources of reputational
an accounting loss when
country's fourth
risk facing financial
its reputation is called
largest bank, Banco
services firms. b. The key
into question.
Espaol de Crdito
drivers of reputational
Managements and
(Banesto) and
risk in the presence of
boards of financial
subsequently
transactions costs and
intermediaries must be
declining the shares
imperfect information in
convinced that a good
of JP Morgan & Co., a
financial markets,
defense is as important
U.S. bank holding
surveys empirical
as a good offense in
company closely
research in the literature
determining sustainable
involved with
2006 on the impact of
competitive
Banesto. They
reputational losses
performance. It is
created a sample
imposed on financial
probably leadership,
prediction of returns
intermediaries, and
more than anything
on Morgan stock and
presents some new
else, that separates
compared the
empirical findings. c. The
winners from losers over
predicted returns
link between reputational
the long term the
with actual returns
risk and exploitation of
notion that appropriate
on Morgan shares
conflicts of interest in
professional behavior
after the Banesto
financial intermediation.
reinforced by a sense of
event
d. Considers some
belonging to a quality
announcement. The
managerial requisites for
franchise constitutes a
difference was
dealing with both
decisive comparative
considered the
reputational risk and
advantage.
excess return
conflicts of interest.
attributable to the

Name of Author

Name of
Paper

Year

Objective

Methodology Results

draws heavily
on
To explore the
management
proposition that research.
The concept of reputation risk
corporate social Secondary
Corporate
management could assist in the
responsibility
data, drom
Social
understanding of corporate social
Bebbington, Jan;
reporting could various cases
Reporting and
responsibility reporting practice.
Carlos, Larrinaga;
2008 be viewed as
have been
Reputation
This paper explores the link
Moneva, Jose M.
both an outcome analytically
Risk
between reputation risk
of, and part of
studied to draw
Management
management and existing
reputation risk
out the scarce
theorizing in social accounting.
management
linkages
processes.
between
reputation and
CSR reporting.

Name of Author Name of Paper

Soh, Dominic
S.B.; Bennie,
Nonna
Martinov

Internal auditors
perceptions of their
role in
environmental,
social and
governance
assurance and
consulting

Year

Objective

Methodolog
y

a. To investigate the
nature and extent of
internal audit
functions(IAFs)
involvement in
environmental, social
and governance
assurance (ESG) and
consulting in Australia.
Data were
B.To identify emerging
collected from
priorities, and the
100 Chief Audit
professions capacity
Executives and
2015 to respond to these. c.
internal audit
explores internal audit
service provider
practitioners
partners through
perceptions of the
a survey.
current and future
importance of these
issues and the
adequacy of their skills
and expertise in
meeting the challenges
associated with their
involvement in these
areas.

Results

Governance issues are a key area of focus for


respondents assurance and consulting efforts,
followed by social and environmental issues,
respectively. While governance issues are
perceived to be of greatest current importance
to IAFs, environmental issues are most
commonly expected to increase in importance
over the next five years, and are reported to be
in greatest need of further development of
IAFs skills and expertise. As the corporate
landscape and expectations around
transparency and accountability increase, the
internal audit profession needs to address the
current perceived skills gap in their ability to
provide assurance and consulting on ESG
issues to ensure their continued relevance and
ability to meet stakeholders needs and
expectations in providing effective integrated
assurance and in contributing to internal
improvements. This paper provides initial
empirical evidence of the nature and extent of
internal audits involvement in ESG assurance
and consulting.

Methodology
Research Method
Qualitative & Quantitative Research
Data Collection
Primary Data
Interviews & Questionnaires
Secondary Data
Research Papers
Sample
Sample size 10 banks
List of banks
HABIB BANK LIMITED,
UNITED BANK LIMITED,
ALLIEDBANK OF PAKISTAN
SONERI BANK OF PAKISTAN
SUMMIT BANK
SILK BANK
ASKARI COMMERCIAL BANK OF PAKISTAN
MUSLIM COMMERCIAL BANK
ALFALAH BANK
FAYSAL BANK & HABIB METROPOLITAN BANK

Research Technique
Questionnaires filled by Head of Audit departments in Local Banks
Interviews
Data Analysis
Regression analysis using SPSS software

INTERVIEW
ANALYSIS

S.NO

Questions

Analysis

Does internal audit have clear objectives and HBL has well defined objectives and has authority to
enterprise-wide authority for its activities?
perform its activity.

HBL auditors are independent, it shows by there


Does internal audit have authority to carry out
reporting structure, in HBL audit department directlty
its responsibilities independently?
report to board.

Does the audit have a right of access to the


institutions records, information and
personnel?

The representative strongly agree with that


statement but our observation identify that it is just
at agree level.

Can internal audit express its opinion on the


effectiveness of institutions organizational
and procedural controls?

HBL audit department has right and freedom to


express its opinion and reprenstative.

S.
No

Questions

Analysis

Actually it is the HBL Management's responsibility to


Does internal audit have an authority to follow- check whether the actions are taken or not. But
up with management on action taken in
Internal audit has the authority to follow-up then.
response to its findings and recommendations? Management tells Internal audit department that the
actions are taken and then IA test it and then close it.
HBL's clear cut policies, scope and all manuals, which
include the policies, scope and mandate, are with
everybody, every employee of internal audit
department and also available at share site of HBL.
There is informal and formal mechanism of
To which extent the mandate of internal audit communication. Informally everybody knows the
is communicated within the institution?
mandate because it is pretty much enshrined in the
culture of HBL. Formally, when the employees are
being hired they sign a lot of terms, conditions and
policies. One of the term is that they will comply and
follow all the policies and procedures. IA policies are
also a bank's policies.
Yes, the stature and authority of IA head of HBL is
Is the stature and authority of internal audit
absolutely enough there to fulfill the mandate of IA
head, within the organization, appropriate
function. Faiq Sadiq, who is head of IA, reports directly
enough to be effective in fulfilling the
to the board audit committee (BAC) chairman. He has
functions mandate?
a very high authority in the organization.
Absolutely, IA head of HBL has direct access to the
CEO and BOD. There is a monthly management letter,
To which extent the function head has direct
which goes out to the CEO as well. Whatever he
access to the CEO and the Board?
wants, he can just go to the CEO. The CEO can either
come to him. Without these authorities no one can
run IA functions.

S.NO

Questions

Analysis

The internal audit department structure was rated at


How would you rate internal audit Department
4 on a 0 to 4 scale.
structure?

10

Internal audit department has adequate


resources to perform procedure?

HBL has adequate resources to appropriately


perform internal audit procedures. Meanwhile a new
software is soon to be introduced to enhance
performance of the Internal Audit Department.

11

Does the audit have a right of access to the


institutions records, information and
personnel?

HBL internal audit department is quite efficient to


ascertain efficiency of organizations resources
effectively..

12

How would you rate the adequacy of policies Audit methodologies in HBL conform to banking
and practices, in your organization, to ensure industry practices and current professional
that audit methodologies conform to generally standards. The adequacy of policies was rated at 3
accepted industry practices and current
on a 0 to 4 scale.
professional standards?
.

S.NO

Questions

Analysis

Does internal audit practices helps in


achieving organizational objectives?

The internal audit practices helps in achieving


organizational objectives because internal audit
team practices are designed in such a way to
accomplish the goals.

14

To which extent the functions audit


methodology are risk-based and respond to
changes in the institutions risk profile?

Their audit functions methodology is moving toward


risk base from traditional one.
They are not fully doing risk base auditing but are
moving with good pace. He rated their risk base
auditing at 2 on 0 to 4 scale.

15

There are policies in response to change in institution


Are there adequate policies and practices to like whenever new branch or
review audit cycles in response to changes in department open in HBL they do their internal audit,
the institutions environment and risk profile? whenever they feel default situation in a department
they do internal audit without any prior formalities.

16

The audit planning process clearly identifies the


To which extent the annual audit planning
objectives and scope of work as it is
process clearly identifies audit objectives and review constantly by senior people. In HBL there is a
scope of work?
hierarchy level where people are accountable to
upper level senior people who are monitoring them.

13

S.NO

Questions

Analysis

There are quarterly meetings in which all the major


Are there adequate policies and practices to
findings of the audits done in the reported time are
17 report audit findings and recommendations to discussed and suggestions are welcomed. Moreover,
management?
emergency meetings can be called for bigger issues
at any time of the year.

Are there adequate policies and practices to


18 follow-up on the resolution of audit findings
and recommendations?

The internal audit department keeps a continuous


record of the rectifications that an auditee have to
make on the basis of the recommendations and
errors found by the auditor. Proper recording is done
for all the discrepancies an their rectifications.

Are there adequate policies and practices for


monitoring of audit staff to ensure that they
19 comply with standards of professional practice
and utilize approved methodology in executing
their reviews?

A manual is given to all the newly hired staff of the


department to ensure their acknowledgment and
compliance with the professional practices and
approved methodologies in executing reviews.
Moreover, trainings are conducted on a regular basis
to introduce them to any new changes.

To what extent the Board of Directors or Audit


Committee approval is required for the
20
appointment and/or removal of the function
head?

They range this statement from 60% to 80%. The


Audit Committee and Board of Directors is there to
take decisions, so the function head can be replaced
or appointed by the approval of BOD and Audit
Committee.

S.NO

Questions

Analysis

To what extent the Board of Directors or Audit


21 Committee approval is required for the
functions annual work plan?

HBL rated as 3 point, between 80% - 100%. For the


function of annual work plan, it is not necessary to be
approved by the Audit Committee or BOD.

Are the policies and practices report


periodically to the Board of Directors or Audit
22 Committee) on audit findings,
recommendations and progress in meeting
annual audit plan adequate enough?

HBL strongly agreed with this statement. The findings


of Audit and its reports and recommendations are to
be reported and discussed with BOD and Audit
Committee.

They rate the statement as 2, neutral. The


Are the policies and practices to perform
analysis figured out that policies and practices report
regular independent reviews of the function
cannot be only reviewed independently but it needs
23 and to communicate the results to the Board of to be figured out collaboratively and then all the
Directors or Audit Committee adequate
findings have to be reported directly to the Audit
enough?
Committee. If some fraud is there then it needs to be
discussed at an early stage.
Are the policies and practices report
periodically to the Board of Directors or Audit
24 Committee) on audit findings,
recommendations and progress in meeting
annual audit plan adequate enough?

The audit planning process clearly identifies the


objectives and scope of work as it is review constantly
by senior people. In HBL there is a hierarchy level
where people are accountable to upper level senior
people who are monitoring them.

The internal audit department is the only department


Are the policies and practices to perform
in the organization who directly reports to the audit
regular independent reviews of the function
Committee which consists of the members from the
25 and to communicate the results to the Board of
BOD. The results achieved by the department are
Directors or Audit Committee adequate
thoroughly reviewed in duly scheduled meetings with
enough?
BOD.