Log in / Register
Home arrow Business & Finance arrow The art of RF (riba-free) Islamic banking and finance


At the Bank of Whittier, NA, we pioneered the use of a risk-based audit program that helped management establish which areas of bank operations needed to be audited in light of the risks associated and the extent of those risks as well as the frequency of conducting that audit (monthly, annually, or biannually). Management innovated and developed a computer-based program that helped institutionalize this risk-based audit function and determine the frequency of each audit area.

All board members, management, and staff of the bank sincerely believe that the various internal and external audits and the on-site government (OCC) examination are processes of discovery, cleansing, training, and coaching of bank management and staff that will help to improve the quality and effectiveness of bank operations and that will result protecting its safety and soundness as a first-rate banking operation. As to dealing with outside or inside auditors and examiners, bank management trains bank staff to listen carefully, to not argue, to not act defensively, and to learn. They are also trained to take prompt and immediate action to correct any oversight or error pointed out by the auditors, preferably before they leave the bank premises. Bank management asks bank auditors to point out specifically what needs to be fixed so that we can attain the highest level of compliance.

The board of directors' audit committee is responsible for establishing and maintaining an effective audit function that satisfies statutory, regulatory, and supervisory requirements and professional credibility.

As stipulated by the standards of government regulators, directors cannot delegate these responsibilities. However, they may delegate the design, implementation, and monitoring of specific internal controls to management and the testing and assessment of internal controls to auditors and other outside vendors. The board of directors' meeting minutes should reflect decisions regarding audits, such as external audit engagement terms (including any decision to forgo an external audit), the scope of audits to be performed, or why an audit of a particular area is not necessary.

Members of the bank's board of directors are specifically responsible for:

■ Reviewing and approving audit strategies, policies, programs, and organizational structure.

■ Monitoring the effectiveness of the audit function.

Following are the audit functions to be executed by the board's audit committee:

■ Facilitation of the appointment and work of the internal and outside auditors.

■ Analysis and evaluation of their findings.

■ Recommendation of corrective actions with a specific timeline.

■ Reporting of all findings and recommendations in the board's meeting minutes.

■ Review of financial content of the bank's financial reports to be submitted to stockholders, the public, and/or regulatory agencies.

■ Recommendation and/or initiation of an investigation of adverse operation results or trends, where applicable.

The formality and extent of a bank's internal and external audit programs depend on the bank's size, complexity, scope of activities, and risk profile. The board of directors must carefully consider how extensive the audit program must be to effectively test and monitor internal controls and ensure the reliability of the bank's financial statements and reporting.

The board of directors must strive to ensure that the bank's audit system is efficiently capable to test internal controls in order to be able to identify:

■ Inaccurate, incomplete, or unauthorized transactions.

■ Deficiencies in the safeguarding of bank assets.

■ Unreliable financial and/or regulatory reporting.

■ Violations of laws and/or regulations.

■ Deviations from the bank's policies and procedures.

The board of directors is expected to do its best to be aware of all risks and control issues for the bank's operations, including risks in new products, emerging technologies, information systems, and Internet banking. Control issues and risks associated with increasing reliance on technology include:

■ Increased user access to information systems.

■ Reduced segregation of duties.

■ Potential unidentifiable errors resulting from the shift of operations from paper to electronic audit trails.

■ Lack of standards and controls for end-user systems.

■ Increased complexity of contingency plans and information system recovery plans.

Found a mistake? Please highlight the word and press Shift + Enter  
< Prev   CONTENTS   Next >
Business & Finance
Computer Science
Language & Literature
Political science