Yandraduth Googoolye: Growing prominence of the role of auditors - a central banker's perspective

Speech by Mr Yandraduth Googoolye, First Deputy Governor of the Bank of Mauritius, at the Forum of Accountants, organised by the Mauritius Institute of Professional Accountants, Balaclava, 11 August 2016.

The views expressed in this speech are those of the speaker and not the view of the BIS.

Central bank speech  | 
03 October 2016
PDF version
 |  4 pages

Good Morning

First of all, I would like to thank the Mauritius Institute of Professional Accountants - MIPA - for giving me the opportunity to address this select audience today.

The Importance of Auditors

The importance of Auditors in this time and age cannot be over emphasised. Being myself a fellow of the Chartered Association of Certified Accountants, UK and a Fellow of the Association of International Accountants, I am very much alive of the expectations which regulators, stakeholders and members of the public generally have from auditors. They expect auditors - internal and external auditors alike - to be the watchdog of their respective institutions.

Today, however, I am wearing my other hat - that of the regulator of the banking sector - and I will share with you a few reflections on the growing prominence of the role of auditors in the financial sector, particularly the banking industry, from a prudential perspective.

Unlike other companies, most of the funds used by banks to conduct their business belong to their creditors, in particular to their depositors. Since they act as intermediaries between savers and users of capital, banks operate within a controlled regulatory and supervisory framework where sound corporate governance and effective internal control systems play a predominant role.

Following the financial crisis and other blows to market confidence and integrity of the financial sector - amongst which the LIBOR rigging scandal - corporate governance as well as the role of auditors has been under a strong and critical public spotlight. The potential systemic implications of weak internal control systems of a bank on the integrity and stability of the whole financial system had the consequence of raising investors', regulators' and other stakeholders' expectations of boards and senior management, and of those charged with providing an independent review of a company's operations and financial accounts.

There were concerted efforts worldwide to improve standards of corporate behaviour and transparency through the international harmonisation of accounting standards, strengthening the principles of corporate governance, lifting the bar on the 'fitness and propriety' of directors and senior officers and introducing improved market disclosure standards. Auditors were also subjected to higher levels of scrutiny by the regulators and their professional bodies.

Quality of Audit

One of the tenets of the Core Principles for Effective Banking Supervision, developed by the Basel Committee on Banking Supervision in 2006 and revised in 2012, is that banks should have in place internal control frameworks to establish and maintain a properly controlled operating environment for the conduct of their business taking into account their risk profile, which should include, inter alia, appropriate independent internal audit and compliance functions to test adherence to these controls as well as applicable laws and regulations. In addition, the bank's Board and management have the responsibility for ensuring that the financial statements issued annually to the public bear an independent external auditor's opinion as a result of an audit conducted in accordance with internationally accepted auditing practices and standards.

Therefore, both external and internal auditors have a key role to play in strengthening corporate governance as they are the third line of defence within the combined assurance frameworks after the risk management control and compliance functions.

The internal audit function is one of the fundamental "checks and balances" for sound corporate governance, designed to provide an independent assurance to the board of directors and senior management on the quality and effectiveness of a bank's internal control, risk management and governance systems and processes, to help the board and senior management protect their organisation and its reputation. While external auditors, on the other hand, are responsible for providing reasonable assurance that the financial statements are free from material misstatements and prepared according to international financial reporting standards.

The global financial crisis, however, not only revealed weaknesses in risk management, control and governance processes in banks, but also highlighted the need to improve the quality of external audits of banks.

While until now, the "three lines of defence model" has been used traditionally to model the interaction between corporate governance and internal control systems, international standard setters and policy-makers are calling for a stronger interaction between banks and supervisors, particularly on the governance of risk. According to the four-lines-of-defence model, the external auditor would be required to provide an autonomous assessment of the first three lines.

In March 2014, the Basel Committee on Banking Supervision issued new guidelines on external audit of banks in aiming at reinforcing the key role the audit committee plays in promoting quality bank audits through effective communication with the external auditor and robust oversight of the external audit process.

Though the external auditor does not have direct corporate governance responsibility, he must provide a check on the information aspects of the governance system, notably, whether the financial information given to investors and other stakeholders is reliable to help foster their confidence in the financial reports, are in line with the accounting standards and disclosure requirements and faithfully portray the economics of a transaction.

Independence of Auditors

To foster confidence in the bank's financial statements, it is imperative that the independence of the external auditor is preserved.

As far back as the late 90s, the banking legislation in Mauritius was reviewed necessitating the rotation of the audit engagement partners every 5 years. Further, the appointment of external auditors by financial institutions under our purview for the yearly audit of their financial statements is subject to the approval of the central bank. To reinforce this independence, we have proposed that it is the firm of auditors itself which is subject to rotation every 5 years as opposed to solely the engagement partners.

The Relationship between the Supervisory Authority, the Internal Auditor and External Auditors

As the work carried out by the internal auditor involves review of the internal controls, risk management and governance processes, the supervisor holds consultations with the internal auditors to discuss the functioning of the internal audit department and the findings of the department, particularly in areas presenting a significant risk and reviews the internal audit reports to identify control problems and areas of potential risks.

In many respects, the work of banking supervisors and external auditors may be perceived as complementary as they often look at the very same issues from a different point of view. In light thereof, the supervisor place reliance on the work of the external auditors, such as their report on the internal controls system in place at the banks and their management letter for a more efficient oversight of banks.

In Mauritius, every bank is required to appoint annually an external auditor to audit its accounts, and such appointment is subject to the approval of the Bank of Mauritius. The external auditor must be independent, experienced in the audit of financial institutions and have the necessary resources to undertake audits of financial institutions on a consolidated basis. If the financial institution fails to appoint an auditor approved by the central bank, the central bank may itself appoint the auditor.

The role, duties and powers vested on the auditor are clearly spelt out in Section 39 of the Banking Act 2004. Auditors are required to submit a report on the financial statements of the financial institution, wherein, amongst others, the auditor must state whether the financial statements -

(i) have been prepared in accordance with International Accounting Standards and any additional prudential requirements set out in guidelines issued by the central bank;

(ii) are, in his opinion, complete, fair and properly drawn up;

(iii) present a true and fair view of the affairs of the financial institution;

The Banking Act 2004 also empowers the Central Bank to, inter alia, impose on an auditor of a bank a duty to carry out an extended scope audit or other examination and make recommendations as necessary. The Bank of Mauritius may also require the auditor to submit a report as to whether, in his opinion, the systems of credit provisioning and write-offs specified by the central bank are being complied with and whether or not measures to counter the possibility of money laundering or the funding of terrorist activities have been adopted by the financial institution and are being implemented in accordance with any enactment relating to anti-money laundering and prevention of terrorism and with guidelines or instructions issued by the central bank.

The Bank also issued a Guideline on Transactions or Conditions respecting Well-being of a Financial Institution Reportable by the External Auditor to the Bank of Mauritius. This Guideline was reviewed in February 2014 and lays down the ground rules respecting certain types of relationships between financial institutions and their external auditors. The relationships are described in terms of categories of transactions or conditions impinging on the well-being of financial institutions that must be reported by their external auditors to the Bank of Mauritius.

Additionally, in terms of Section 39 of the Banking Act and the Guideline on Transactions or Conditions respecting Well Being of a Financial Institution reportable by the External Auditor, the external auditors have an obligation to report directly to the Bank of Mauritius if they become aware of serious issues during their audit that the supervisor should know about in the public interest.

In furtherance of a more effective and efficient oversight, the Bank of Mauritius holds trilateral meetings with the banks and their external auditors on an annual basis after the publication of the audited financial statements to review the financial results and discuss any issue of concern.

Concluding Remarks

No governance system, however well designed, can fully prevent a financial institution from being victim to frauds and other malpractices. The BAI case is a crying lesson to be learnt where deceptive practices enabled the group to mask the huge losses of the BAI Group since December 2010.

The auditing profession has an important role to play in ensuring that financial reports reflect the way the business has actually been run or the risks to which the business has actually been exposed. The ethical values, integrity and impeachable professional conduct expected from auditors cannot be underscored enough in the promotion of a stable and sound financial system.

I am sure that the other distinguished speakers will also touch upon these issues during this Forum. I wish you all fruitful deliberations.

Thank you.