Internal auditors have to be more diligent in their oversight of banks because financial institutions continue to face geopolitical and macroeconomic headwinds, said Richard Reynolds, national banking and capital markets internal audit leader at PricewaterhouseCoopers, on a webcast Tuesday.

“For 2012 and continuing this year,  bank profitability is the highest since 2006, so there’s an appearance that the banking industry has recovered” since the financial crisis, Reynolds said. But that positive news needs to be tempered somewhat. Some of that profitability was accomplished by lowering expenses as opposed to outright growth, he said.

Although bank loan portfolios are growing on the back of slight increases in retail borrowing, including mortgages, said Walter Smiechewicz, a managing director in risk assurance at PricewaterhouseCoopers, it’s important for internal auditors not to be overly complacent.

For example, auditors need to be aware when a loan growth begins to slow, since this can often be followed by a slippage in bank underwriting standards. That can lead to less profitable loans being brought onto the balance sheet, Smiechewicz said.

Addressing internal auditors on the call, Kenneth Peyer, a managing director in the financial services risk and regulatory practice at PwC, added, “You need to be able to raise your hand at the appropriate time if you see the lending function beginning to take on more risk.” Internal auditors, he noted, also need to provide an independent opinion on such matters to the board of directors.

What are the best ways to keep an eye on banks? Smiechewicz recommended that the chief audit executive (CAE) conduct an internal audit of a bank’s loan pricing systems and perform an internal audit of the bank’s loan review department “with a focus on covenant protection and monitoring.”

Additionally, Smiechewicz said that conducting an internal audit of new product risks and approval processes is also helpful. Banks, he said, often pursue new lending products or services that present unfamiliar risks, especially when margins are under pressure.

CAEs also need to sharpen their monitoring capacity to comply with regulators and trade groups that have upped their focus on revamping internal audit functions.

Revised internal audit standards that went into effect at the start of the year by the Institute of Internal Auditors (IIA), for example, give more weight to CAEs and help to bring the internal audit function closer to boards of directors.

Similarly, in May the Committee of Sponsoring Organizations of the Treadway Commission (COSO), an organization comprised of accounting associations, developed a more thorough look at internal controls for corporations. COSO is recommending that companies start using its revised framework as soon as feasible.

3 responses to “Bank Internal Auditors Warned About Lending Risks”

  1. Sensible synopsis. These are good examples of where tuned-in internal auditors need to be focused. The question this begs is why do they not (sometimes) do this? In my experience, it is always for one or more of the following 3 reasons:
    1. Competence – people hired into audit who are too junior and are learning the business they are meant to be auditing, or perhaps have been deposited there as a ‘career hold’;
    2. Focus – the massive requirements of regulatory compliance, especially in banks, makes everyone think the only place for an internal auditor to spend time is in these ‘required audits’;
    3. Independence – an auditor is not able or willing to decide where to spend his or her time. What I call an internal audit ‘Governance’ matter.

    In my view, if you sit on an audit committee, these are the underlying issues to focus on.


      • Many of us know that the audit conclusions reached and the auditors’ opinions given (opinions upon which we rely upon) as a result of many recent financial audits have been analogous to a doctor telling the family (just before the bill is paid) “The operation was a total success”… only to be told later, after the bill is paid …“Unfortunately the patient died.”

        Audits are allowing “Creative Accounting” to present financial statements that are more fiction than fact. The oligopoly comprised of a mere eight firms, which had been fostered, nurtured, and reared since inception on self-serving inflexible rules, would soon be reduced to four, as it would be unable to protect itself from the economic fallout of the financial realities that would soon hit the fan. An unfortunate consequence of this situation may be that a greater level of incompetence is now concentrated in the remaining four. Their incompetence would not be an issue if they restricted their evaluations to only certifying the voting ballots at the Oscars.

        Although the Emperor in the tale of “The Emperor’s New Clothes” may have been a total, complete, and utter idiot, it was his ministers and advisors; however, that convinced him that his none-existing clothes were exquisite. They were ultimately responsible for his embarrassment and demise. The public accountants of these failed firms and the officers of these banks are equivalently responsible and are remarkably similar in character to the slobbering advisors who lauded the king with praise. The senior partners at the firm that had engaged Ed were such type of advisors.

        Ed always found it odd that financial auditors are called certified public accountants, yet they certify nothing, they “issue an opinion” with so many disclaimers and loopholes that in comparison make Swiss cheese seem like the densest of heavy metals. The term “opinion” in itself is a weak indicator of the confidence placed on the level of assurance they provide, otherwise a stronger more direct word, such as certify, or attest would be used. It is curious how the PCAOB (Public Company Accounting Oversight Board) the regulatory body over audit practices and reporting to the public, explicitly uses the word attest to describe the responsibility of external auditors in their reporting of management assertions as to the effectiveness of controls, this is a no-nonsense word that is a synonym for certify. There is no equivocation on the part of the PCAOB as to their intent and expectations from the audit. And as far as “public,” they are paid by the very companies who hire them, and at very handsome rates, I might say; a bit of a conflict wouldn’t you say. Where in the end would one conclude their allegiance lies, to the public or to the paying client?

        The assurances provided by public accountants in their clean opinions have been riddled with disclaimers and caveats that exemplify little confidence in their work or provide little comfort to the investor. They merely attempt to deflect responsibility unto management in the event of lawsuits. Auditors now want to institutionalize their insulation from accountability to their clients, by lobbying for a law that will cap their liability to the shareholders, with a policy of claiming that they can’t afford it, that their number is too few to pay such large sums, a variation on the theme of ”Too big to fail.” This of course, like the dry cleaners’ disclaimers on the laundry tickets, did little to protect the then eight and now four largest public accounting firms from legal responsibility due to negligence and fraud. In the past when they did issue an adverse opinion, it was rare and not sufficiently comprehensive to reveal anything of consequence.

        The recent world financial woes can be directly traced to the collegial and cozy relationships, cemented by the exorbitant fees, corporations pay to public accounting firms. The size of these fees provides direct influencing pressure on the amount of independence auditors agree to maintain or are willing to exercise during their audits.
        Others argue that paying too little for audit services is instrumental to the decay of effective audits, because the audit firms in turn hire and assign cheap and inexperienced recent college graduates. These “interns” then are camped out in the company’s conference room where all they are doing is learning to “tick and tie” on their client’s dime. Their experience having been gained with little oversight or supervision by more seasoned members, thereby reducing the audit firms costs and effectiveness. This was one of the many accusations leveled against Arthur Anderson just prior to their demise.

        This new SOX law (the Sarbanes-Oxley act) was intended to require a truth in reporting, that should, if applied as intended, mitigate this common practice. Before the passing of the SOX act, his services were not so much in demand; this act had changed the mood and the demand for his services and given him a little more leverage in negotiating fees and the extent and nature of the required work to ensure compliance. There is nothing faster to light a fire under a high-level executive’s ass, than threatening him with jail time, for him to ensure that the required internal controls are in place and effective.

        Although SOX included many improvements, Ed believed that government might have altogether missed the boat or at least a good opportunity to provide even greater protection to the public. He concluded that the reports that the public, investors and analysts expect and need, must not only provide them with assurances of the reliability of the reported numbers, but must also reasonably alert them of the portent of impending disaster.

Leave a Reply

Your email address will not be published. Required fields are marked *