Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
Industry-wide ElectronicBank Confirmation PlatformTECHNOLOGY THAT DRIVES AUDIT EFFICIENCY AND EFFECTIVENESS
Accountants”.
infringement.
Copyright © September 2019 by the Malaysian Institute of Accountants (MIA). All rights reserved.
The Malaysian Institute of Accountants’ logo appearing on/in this publication is a registered trademark of MIA. No part of this publication, either in whole or in part, may be copied, reproduced, recorded, distributed, republished, downloaded, displayed, posted, stored or transmitted in any form (tangible or intangible) or by any means, including but not limited to electronic, mechanical, photocopying, scanning or audio/video recording, information storage or retrieval system for any purpose whatsoever without prior express written permission of MIA. Such request can be emailed to the Strategic Communication & Branding Unit at: [email protected]
Permission is however granted to any person to make copies of this publication provided that such copies are strictly for personal use or fair use in the academic classrooms. Such copies shall not be sold or disseminated, and each copy shall bear the following credit line – “Used with the permission of the Malaysian Institute of Accountants”.
Any unauthorised use of this publication and/or any creation of a derivative work therefrom in any form or by any means is strictly prohibited and may violate the relevant intellectual property laws. In the event of any violation or infringement of MIA’s copyright and/or logo, MIA will not hesitate to take legal action for such violation and/or infringement.
3 | Industry-wide Electronic Bank Confirmation Platform
INTRODUCTION
Online confirmations are now the preferred method for confirming client information in jurisdictions such as the United States of America, the United Kingdom and Australia. In Malaysia, online confirmations are currently being used in a limited manner for confirmations with some foreign banks.
To keep abreast of the latest market developments, MIA championed an industry-wide Electronic Bank Confirmation Platform which is now ready for roll-out.
MIA would like to accord its appreciation to Bank Negara Malaysia (BNM), TheAssociation of Banks in Malaysia (ABM),banking institution, local audit firms, and other stakeholders for supporting the Platform.
Electronic bank confirmations will eliminate duplications and provide authentication and authorisation procedures to detect fraud and deter fraudsters. This is a progressive step in auditing that will not only save time and resources but bring Malaysia up-to-speed with developments in leading markets.
Dr. Nurmazilah Dato’ Mahzan, MIA CEO
Why is MIA championing theindustry-wide Electronic Bank Confirmation Platform?
4 | Industry-wide Electronic Bank Confirmation Platform
Under the International Standard on Auditing (ISA) 505 reliable audit evidence can be obtained in documentary form from a third party e.g. a bank, whether on paper, electronically or in another medium. Many bank confirmation request letters are sent to banks annually by auditors for confirmation of their clients' bank balances and arrangements. Presently, electronic confirmations are used in a limited manner in Malaysia.
Extol Corporation Sdn Bhd (Extol) was selected to develop an industry-wide electronic bank confirmation platform, with a very economical usage fee compared to the current fee charged by an international service provider.
Extol specialises in Information and Communications Technology (ICT) security and has significant experience in providing ICT services to financial institutions.
PRESENT
FUTURE
Where we are now
Where we want to go
•
•
•
• •
•
•
Sending bank confirmations manually has been in practice since the beginning of the audit profession.
Manual bank confirmations are ine�cient and time consuming
The process is slow and time-consuming, with an average turnaround time of 4 to 8 weeks.
Any delays a�ect clearance by auditors and could impact the timely approval of financial statements by the Board of Directors. The management of audit clients can conceal fraud by compromising the manual confirmation processes, making it di�cult for even the most experienced auditors to detect financial fraud.
Today, there is a far more e�cient and secure way torequest and receive bank confirmations minimising the risk of error or fraud going undetected, i.e. throughelectronic confirmation.This electronic platform:
Enhances the security of the bank confirmation process through verifications of the organisations and users, ensuring confirmations are only sent and received by registered auditors and banksReduces risks of fraud related to the bank confirmation process
Enhances e�ciency in the bank confirmation process
Saves valuable time and e�ort that can be diverted to other higher value-added work
A better way to obtain bank confirmations
•
5 | Industry-wide Electronic Bank Confirmation Platform
6 | Industry-wide Electronic Bank Confirmation Platform
What are the challenges auditors face with paper-based confirmation?
Risk of Fraud
As compared to electronic confirmation, a paper-
based confirmation is more easily manipulated by a client, e.g. through the
creation of false confirmation contact
details, signature forgery and clients obtruding on the confirmation process,
all of which are hard for an auditor to detect.
Risk of Human Error
There is a risk of human error as the manual confirmation is labour-intensive, especially
during the audit peak period. For example, posting
confirmation to the wrong address will require re-sending
the confirmation and further follow-up.
7 | Industry-wide Electronic Bank Confirmation Platform
What are the challenges auditors face with paper-based confirmation?
Waste of Time
Numerous printing, mailing and follow-up tasks are essential before an auditor can receive the bank confirmation reply. There may be hundreds or
thousands of such confirmation request letters being sent out
and received, depending on the size of the firm. This time can
be put to better productive use.
Di�culty in Monitoring
The lack of a reply from banks could be due to requests not
being sent to the right place for processing. Paper confirmations
get lost in transit easily, especially during the mailing
process. Monitoring the status of a confirmation usually
incurs much time in chasing the responding entity on the
confirmation status.
Environmentally-friendly paperless confirmation process
Reduce time and e�ort for printing, mailing and following up
Real-time tracking on the confirmationstatus
A. GREATER EFFICIENCY AND COST REDUCTIONS
Enable e�ective monitoring and timely meeting of deadlines
Smoother receiving process – deliver confirmation to the right person
Highly secure process to confirm bank balances/other arrangements
8 | Industry-wide Electronic Bank Confirmation Platform
How the electronic confirmation benefits you as an auditor
9 | Industry-wide Electronic Bank Confirmation Platform
Reduce the risks of fraud on bank
confirmation process
Improve audit sta� morale, productivity and retention – frees up sta�
to perform more challenging work
Reduce risks of human error by decreasing
manual work
Higher response rate and shorter turnaround time
Platform’s enhanced security ensures the privacy and data integrity of the confirmation
B. IMPROVED AUDIT QUALITY
How the electronic confirmation benefits you as an auditor
One of the most common findings for low practice review inspection rating of audit firms is the failure to obtain bank confirmations. Electronic confirmations eliminate this issue and help you comply with practice review requirements.
Store the entire firm’s bank confirmation requests and responses received for di�erent engagement teams in one place for a period of six months
C. STREAMLINE YOUR CONFIRMATION PROCESS
Assign just one or two sta� to manage the centralised confirmation process for the entire firm’s audit engagements
10 | Industry-wide Electronic Bank Confirmation Platform
Quantifying the Benefits ofElectronic Confirmation
CASE STUDY
Empirical research has shown that electronic confirmations result in improvements in the response rates, turnaround times and reconfirmation rates.
How do we quantify these?
For auditors to perform a bank confirmation manually, the bank confirmation request will typically beprepared by a junior sta� and reviewed by a manager. When a response is received from banks, it will be compiled and passed to the manager for review. In a scenario where auditors need to follow up with banks, it may a�ect the clearance timeline by the auditor.
In addition, the time that audit sta� spend on manual preparation and compilation can be spent on doing other more productive work, e.g. observation, inquiries with management and other substantive procedures. This could improve the e�ciency and e�ectiveness of the audit.
11 | Industry-wide Electronic Bank Confirmation Platform
The example below compares the estimated time an auditor from a small and medium practice spends on bank confirmation using the manual and electronic methods, assuming that the auditor is handling 5 entities with a total of 25 bank confirmations:
ProcessApproximate Time Spent
Manual Electronic
Preparing confirmation (prepare, print, review process, franking and sending)
Chasing non-responses for confirmation
25 mins / entity= 125 mins
20 mins / entity= 100 mins
40% of non-response rate(10 out of 25 confirmations)
= 30 mins
10% of non-response rate(3 out of 25 confirmations)
= 9 mins
Following up (and communication) for re-confirmation
Receipt of bank confirmation (compile and file in, and review process)
30% of re-confirmation rate(8 out of 25 confirmations)
= 80 mins
4% of re-confirmation rate(1 out of 25 confirmations)
= 10 mins
15 mins / job= 75 mins
15 mins / job= 75 mins
Total Time
Total Time Savings
310 mins 194 mins
116 mins
Quantifying the Benefits of Electronic Confirmation
CASE STUDY
HOW DOES THE PLATFORM WORK?
Registration & Activation Process Flow
12 | Industry-wide Electronic Bank Confirmation Platform
MIA DatabaseAll auditors mustbe verified withMIA database
SSL Encrypted
Audit Firm Verification & Admin Activation
Company KeyGeneration
Create Users
Start ConfirmationProcess
Company KeyActivation
Users Activation
AUDIT ADMIN
AUDIT USER
HOW DOES THE PLATFORM WORK?Bank Confirmation Process Flow
Add Client Profile Bank Receives Confirmation
Request
Bank Replies
AUDITOR BANK
Submit Bank Confirmation Request
Auditor Downloads Confirmation Reply
5 4
321
13 | Industry-wide Electronic Bank Confirmation Platform
Bank Confirmation Request LetterAuthorised signature(s) in accordance to the mandate for the conduct of the customer’s bank account is still required on the hardcopy of the request letter. The sample of the Bank Confirmation Request Letter can be downloaded from the MIA website at www.mia.org.my.
6
ReconfirmationRequest
(Attach Bank ConfirmationRequest Letter )
14 | Industry-wide Electronic Bank Confirmation Platform
Storage of Data and the Encryption
The data are stored at Extol’s servers located in Malaysia.
All the sensitive data and PDF attachments received are encrypted.
The Platform provides an audit trail system that logs all the activities conducted on the Platform, including submission of requests and download of responses. It can be used to assist in any suspicious fraud or forensics investigation when required.
The Platform also observes the applicable IT security standards and guidelines where necessary.
Platform Process Control Assurance Examination
To provide assurance on the security controls and processing integrity, an independent external auditor is appointed by MIA to conduct a service organisation risk and controls assessment of the Platform, through the issuance of a Service Organisation Control (SOC) 3 Report.
How is the security of the Platform and data assured?
PDF File
+Secured User Login
Encryption Program Secure Key
Encrypted File
Verification of Users
During the registration process, theapplicants’ details must be associated with the audit firm’s details as recorded in MIA’s membership database. They will be verified with online and o�ine mechanisms to confirm their identity. Besides User ID and password, all applicants must provide an activation email for a 2-factor authentication process in order to validate their registration.
All users must verify the pre-set security image and phrase during the user authentication process to prevent phishing.
How do auditors gain access to the Platform?Auditors must log in via www.auditor.econfirm.my to access the secure web-based Platform.
Who should use the Platform?All audit firms in Malaysia should use the Platform to enhance the security and e�ciency of the bank confirmation process.
The ultimate goal of the Platform is to help audit firms conduct an audit on proper confirmation that can detect, deter and prevent bank confirmation fraud. Freeing up your sta� from tedious paperwork could enrich their wellbeing and talent retention, which may in turn improve service quality and generate more billable profits for the firm.
What is the fee for using the Platform?The usage fee is RM15 per online submission of confirmation request and will only be charged upon the successful receipt of the confirmation.
Auditors will be billed twice a month on the 1st and 16th of the preceding period, and enjoy a credit period of up to 30 days to process and settle the payment.
SEND
15 | Industry-wide Electronic Bank Confirmation Platform
FREQUENTLY ASKED
2. How to register the audit firm as the user of the Platform?
You are required to read and understand the audit firm participation agreement before submitting the duly completed Audit Firm Registration Form to [email protected]. The documents can be downloaded from the MIA website at [email protected].
16 | Industry-wide Electronic Bank Confirmation Platform
1. Confirmation Request Letter subsequent to the implementation of the Platform?
Yes, the Letter needs to be revised to obtain consent from the audit client on the usage of the Platform. The sample of the Bank Confirmation Request Letter can be downloaded from the MIA website at www.mia.org.my.
3. Can I request for prior year bank confirmations and cancel a wrong request?
Yes, you may request for prior year bank confirmations and there is an option to cancel wrong request, but this will not be possible once the requester has sent the request to the bank.
4. Is a report on the entire confirmation status of an audit client available to be generated and downloaded from the Platform?
Yes, you may generate a report on the confirmation status based on several variables such as client, request date, requester, etc.
Is there any revision in the Bank
17 | Industry-wide Electronic Bank Confirmation Platform
For enquiries, please contact:[email protected]
1-40-1, Menara Bangkok BankBerjaya Central ParkNo. 105 Jalan Ampang50450 Kuala Lumpur.
Head o�ceMalaysian Institute of Accountants (MIA)Dewan AkauntanUnit 33-01, Level 33, Tower A, The Vertical Avenue 3, Bangsar South City, No. 8, Jalan Kerinchi59200 Kuala Lumpur, Malaysia.
Governed by:
+603 2722 9000 +603 2722 [email protected]