A bank audit checklist is an important testing and evaluation tool that helps a senior auditor review corporate internal processes and guidelines. This checklist also allows the auditor to ensure compliance with U.S. Securities and Exchange Commission (SEC) laws and regulations, as well as international financial reporting standards (IFRS).
Research Control Environment
An auditor learns about a bank's control environment to familiarize herself with factors affecting corporate activities and transactions. External and internal factors may affect a banking institution's activities. For instance, a U.S.-based investment bank needs to abide by rules the Internal Revenue Service or the Financial Industry Regulatory Authority promulgate on a regular basis. Internal factors may relate to top management's leadership style and ethical values, corporate human resources policies, the staff's skill set and the company's financial robustness. A bank's competitive standing also may affect its control environment.
Test Internal Controls
An auditor tests a bank's internal controls at a given point in time or on a random basis. A control is a group of directives that a bank's top management establishes to prevent fraud, error or technological malfunction in operating activities. Testing internal controls provides the auditor with "evidential matter" and relevant information in risk rating processes. "Evidential matter" is a piece of information upon which an internal auditor bases his opinion. An auditor also ensures that internal controls are adequate and functional. A functional control provides appropriate solutions for internal breakdowns.
Rank Controls and Risks
An auditor reviews a bank's control environment and tests corporate controls to familiarize himself with such controls. He ranks internal controls as "high," "medium" and "low," depending on expected losses. An internal auditor applies generally accepted auditing standards, or GAAS, and generally accepted accounting principles, or GAAP, when rating risks and controls. He also reviews a bank's "risk and control self-assessment," or RCSA. In an RCSA, a bank's senior risk manager provides data on corporate controls and risks as well as risk ratings. She ranks risks as "tier 1," "tier 2" and "tier 3," based on the loss possibility.
Issue Final Report
An internal auditor discusses "high" and "medium" risks with a bank's senior leadership before issuing a final report. He ensures that managers provide corrective measures for such risks. "High" and "medium" risks may cause a bank to incur significant losses. The bank's financial statements also may be inaccurate, incomplete and noncompliant with GAAS, GAAP, IFRS and SEC rules. Complete financial statements include balance sheet (or statement of financial position), statement of profit and loss, statement of cash flows and statement of retained earnings (otherwise known as statement of equity).