The proposed audit shall be conducted after the closure of the financial year on 31st December 2009. The objective of this audit is to assess the risks to the Bank given the current economic environment in the UK &. the performance of the Bank and report to the board of directors. This audit strategy is the first-hand presentation and may be subject to change/modifications if deemed necessary during the audit process (proposed in accordance with the guidelines of ISA 300). This plan &. all subsequent changes shall be documented &. shared with all members of the customer charged with governance &. management.
The focus of the audit shall be on the following:
a) General understanding of the legal &. regulatory framework of the Bank from the perspective of the Board.
b) Identification &. Assessment of the documents &. records of the Bank pertaining to Legal &. Statutory compliance.
(c) Identification of Bank Account statements, operating expenses &. income, profit before &. after-tax, assets &. liabilities held by the bank, share holder’s equity, cash flows &. equivalents, loans &. advances to the customers, Collaterals, non-performing assets, and any other area that may be identified during the audit process.
(d) The audit shall be carried out in full on all the accounting statements and balance sheets. Parts of the statements shall be sampled to assess compliance with internal &. regulatory procedures. If non-compliances are evident then the sample sizes shall be increased at the relevant areas.
(e) The Risk Management System of the Bank shall be assessed and the identified risks shall be analyzed with respect to the threats &. vulnerabilities (exposures) and criticality at which the risks are logged. The risk management of material misstatements in the accounting statements shall be a part of this assessment in accordance with ISA 315. Further to this, the mitigation actions (planned as well as accomplished) against identified risks shall be assessed for their effectiveness in reducing the risk values. Wherever the controls &. mitigation actions are perceived by auditors to be insufficient, the auditors shall enhance the audit scope &. procedures &. determine the overall responses to address the risks of material misstatement in accounting statements. The nature, timing &. extent of further audit procedures shall be determined &. communicated to the board of directors (ISA 330).
(f) The underlying technology infrastructure maintaining the samples selected for audit shall be assessed from the perspective of access control, assignment &. control of roles &. privileges.