This site uses cookies to provide you with a more responsive and personalised service. By using this site you agree to our use of cookies. Please read our cookie notice for more information on the cookies we use and how to delete or block them.
The full functionality of our site is not supported on your browser version, or you may have 'compatibility mode' selected. Please turn off compatibility mode, upgrade your browser to at least Internet Explorer 9, or try using another browser such as Google Chrome or Mozilla Firefox.

FRC publishes results of its Audit Quality Thematic Review on loan loss provisions and related IT controls

  • FRC Image

02 Dec 2014

The Financial Reporting Council (FRC) has today published the results of its thematic review in respect of the audit of loan loss provisions and related IT controls in banks and building societies. The report includes good practice observations, an overview of findings and key messages for both auditors and Audit Committees. The report notes improvements in the quality of aspects of the audit of loan loss provisions and related IT controls, most noticeably in cases where the FRC has recently identified significant issues. It also identifies areas where further improvement is required.

The FRC’s thematic reviews analyse further aspects of auditing which are not considered in detail during routine audit inspections of individual firms.  Thematic reviews seek to “identify both good practice and areas of common weakness” among audit firms.  The FRC announced in December 2013 that it would conduct a thematic review of bank and building society audits concentrating specifically on loan loss provisions and general IT controls.

The FRC’s Audit Quality Review team visited seven of the UK’s largest audit firms to review their audit methodology, guidance and training in respect of the audit of loan loss provisions and related IT controls. They also reviewed relevant aspects of the audit procedures performed on 13 individual audits during those visits, covering a range of banks and building societies.

During its review, the FRC identified a number of “good practice observations” which audit firms should continue:

  • successful integration of IT specialists into the audit team;
  • use of recently developed testing techniques such as benchmarking and data analytics, and adoption of more sophisticated techniques such as code reviews, which enabled the audit teams to carry out a more rigorous analysis of management’s data extraction and manipulation for statistical purposes;
  • use of centrally developed templates to consider completeness and accuracy of data and to improve consistency in the assessment of loan loss provisions and valuation of more complex collateral held;
  • increased use of other experts such as valuations experts; and
  • provision of sector-specific training and implementation of sector-specific audit methodologies.

However, alongside these good practices there were also a number of areas where improvements are required. The report provides a number of key messages for auditors and audit committees to address these areas for improvement.

Key messages for auditors:

Be proactive in monitoring and enhancing bank audit quality, as well as being reactive to regulatory concerns. Ensure that bank audit initiatives and procedures remain fit for purpose and enhance them where significant issues are identified.

Revisit procedures to ensure that all regulatory and market risks are captured by risk assessment methodology and sector training and consider or enhance the use of benchmarking and data analytics as effective audit tools in the audit of loan loss provisions.

Ensure audit teams apply an appropriate degree of challenge and professional scepticism in the audit of loan loss provisions, rather than seeking to corroborate management’s views.

Make sector training mandatory for partners and staff engaged in bank audits where this is not already the case and monitor attendance at, and effectiveness of, those training courses.

Fast track the integration of non-IT specialists into the audit team using lessons learned in integrating IT specialists into audit teams.

Perform root cause analysis to understand why current quality control processes did not identify weaknesses highlighted by the review.

Key messages for audit committees:   

Discuss with auditors their proposed actions in response to this thematic review.

Understand the implications of the firm’s benchmarking and other data analytics on the quality and robustness of the audit of the financial statements.

Seek assurance annually that the sector expertise and competence levels of the audit team and the firm are appropriate in relation to the bank’s business activities.

Consider with the auditors the effectiveness of the bank’s relevant internal controls, and the extent to which the auditors review them and are able to place reliance on them.

Ensure management is assessing the impact of current and emerging issues on a timely basis and that the auditor and the bank jointly understand how these issues affect the assessment of significant risk.

Consider the timing of planning with group auditors and check it is sufficiently early in the process to obtain appropriate and relevant information from group or other component auditors.

The FRC concluded that “…there has been an increase in the quality of the audit of loan loss provisions and related IT controls in banks. In particular, improvements have been noted where significant issues have been raised previously. However we identified certain instances where audit teams were still not appropriately challenging in their audit testing…[W]hilst significant investment in sector specific audit procedures has been made by firms in response to our previous inspections, we consider that auditors need to be more proactive in ensuring that their procedures across all areas are fit for purpose, rather than implementing changes primarily in response to regulatory findings.”

This thematic review follows the thematic reviews of auditors' materiality judgements and the auditor’s identification of and response to fraud risks and the auditor’s consideration of laws and regulation.

The press release and full report can be obtained from the FRC website.

Correction list for hyphenation

These words serve as exceptions. Once entered, they are only hyphenated at the specified hyphenation points. Each word should be on a separate line.