TOPIC 6Auditing in Islamic Financial

Institutions

1

Introduction► Due to the salient features of the Islamic

banks, in particular prohibition of riba, gharar, maysir and the requirement that its activities and operations must be Shari’ah compliant, the conventional audit may not be sufficient for the Islamic banks

► At present, there are variations of Shari’ah audit practices in Islamic banks, for example, some have an internal Shari’ah audit unit, some outsource their internal Shari’ah audit to external Shari’ah auditors and others conduct Shari’ah review.

What is Auditing?

►Auditing is the accumulation and evaluation of evidence about information to determine and report on the degree of correspondence between information and established criteria.

►An audit seeks to provide only reasonable assurance that the financial statements are free from material error based on statistical sampling – true and fair view

►Unqualified opinion vs qualified opinion

►Auditing should be done by a competent (academically qualified) and independent (free from bias) person

►To do an audit, there must be verifiable information and some standards (criteria) by which the auditor can evaluate the information including companies’ financial statements and individuals’ income tax returns

►Auditors also perform audits of more subjective information such as the Shari’ah compliance of Islamic financial services

Objective of an Audit for Islamic financial institutions

To enable the auditor to express opinion as to whether the financial statements are prepared, in all material aspects, in accordance with Shari’ah rules and principles and relevant accounting standards and practices in the country in which the financial institution operates

Auditor’s opinion

►True and fair view►Auditor’s opinion should enhance the

credibility of financial statements►The user, however, cannot assume

that the opinion is an assurance as to the future viability of the financial institution nor can the user assume as to the efficiency and effectiveness with which the management has conducted the affairs of IFIs

Auditor’s opinion

► An audit is designed to provide reasonable assurance that the financial statements taken as a whole are free from misstatement

► Reasonable assurance is a concept relating to the accumulation of the audit evidence necessary for the auditor to make a conclusion

► In the case of IFIs, the auditor in theory, should have additional task to provide reasonable assurance that the transactions examined comply with Shari’ah rules and principles as determined by Shari’ah Board of the IFI (as per ASIFI 1 AAOIFI)

External Auditors of Islamic BanksCountry Name of bank Auditor

Bahrain Al Baraka Islamic BankBahrain Islamic BankShamil BankKuwait Finance HouseARCapita Investment Bank

PricewaterhouseCoopersErnst and YoungErnst and YoungErnst and YoungErnst and Young

Saudi Arabia Al Baraka banking GroupAl Rajhi Bank

Ernst and YoungErnst and Young

Pakistan Meezan Bank Limited A.F. Ferguson & Co (Associate of PWC)

Malaysia Bank Islam Malaysia BerhadBank Muamalat Malaysia BerhadRHB Islamic Bank

KPMG Desa Megat & Co

Ernst and Young

PricewaterhouseCoopers

9

Nature of Shari’ah Supervisory Board

►An independent body of specialised jurists in fiqh al muamalat (Islamic commercial jurisprudence) that is entrusted with the duty of directing, reviewing and supervising the activities of the IFI in order to ensure that they are in compliance with Shari’ah rules and principles

Nature of Shari’ah Supervisory Board

►Scope of Supervision Product development Financial reporting and Shari’ah opinion Approval of Shari’ah financial services and

products Approval of listed securities and

investment funds

Role & Functions of External Auditors

ASIFI No.1

Objectives & Principles of Auditing

... to express an opinion financial statements are prepared in all material respects in accordance to ...Sharia Rules & Principles

Reasonable assurance through accumulation of audit evidence to conclude that no material misstatements in financial statements

12

Role & Functions of External Auditors

ASIFI No.2 Audit Report Statement that ... Management is that IFI is responsible for activities and reporting in FS that these are in compliance to Shari'ah Rules & Principles

Scope & Plan of Audit was conducted in accordance to ASIFI ...and not contravene Shari'ah Rules & Principles

Express true and fair view ...in accordance with Shari'ah Rules & Principles

13

Role & Functions of External AuditorsASIFI No.3 Terms of Audit

EngagementManagement responsible to maintain effective internal control system ...and to ensure that IFI comply to Sharia Rules & Principles in all respects and make this accessible to the auditorAuditor to attest whether management has adhered to the fatwas, rulings and guidelines

ASIFI No.4 Testing for Compliance with Sharia Rules & Principles

Auditor to form an opinion whether transactions of IFI comply with fatwas, rulings and guidance of SSB

ASIFI No. 5 The Auditor’s Responsibility to Consider Fraud and Error in an Audit of Financial Statements.

The fact that an audit is carried out may act as a deterrent, but the auditor is not and can not be held responsible for prevention of fraud and error, however, the auditor shall be held responsible for negligence and misconduct.

14

AAOIFI Auditing Standards for IFI (ASIFI): Appointment and

Composition of SSB► SSB to be appointed by shareholders in the

AGM upon the recommendation of the board of directors taking into consideration local legislation and regulations

► Shareholders may authorise the board of directors to fix the remuneration of the SSB

► The SSB shall consist at least 3 members► The SSB may seek the service of consultants

(experts in business, accounting, law etc)

AAOIFI ASIFI: Selection and Dismissal of SSB

►The SSB should not include directors or significant shareholders

►The dismissal of a member shall require a recommendation by the board of directors and be subject to the approval of the shareholders in the AGM

AAOIFI ASIFI: Important Elements of SSB Report

►Clear purpose of engagement►Nature of work done►A clear statement that the

management of IFI is responsible for proper complying with Shari’ah rules and principles

►Confirmation that the SSB has performed appropriate tests, procedures and review

►State opinion whether the IFI’s contracts and related documentation are in compliance with Shari’ah

AAOIFI ASIFI: Important Elements of SSB Report

► If the SSB has ascertained that the management has violated the Shari’ah rules and principles or the fatwas and guidelines issued by SSB, then the SSB has to report the violations

► The SSB’s report should be signed by all members of the Board

► The report of SSB shall be published in the Annual Report of the IFI

► AAOIFI’s also recommends that the IFI publishes fatwas, rulings and guidelines issued by the SSB

AAOIFI on Shari’ah Review: Procedures and Working Papers

►To understand management’s awareness, commitment and compliance

►Review contracts and agreements etc►Ascertained approved transactions►Review other relevant information►Consultation and coordination with

external auditors►Discuss findings with IFI’s

management

AAOIFI ASIFI: Internal Shari’ah Review

►Maintain information on bank’s structure and operations

►Establish Internal Shari’ah review objectives and scope of work

►Obtain SSB fatwas, rulings, instructions

►Determine staffing and resources►Determine mode of communication

(channels)/ Obtain approval from authorities including SSB

AAOIFI: Audit Report and Shari’ah Opinion

►Auditor complements SSB of IFIs►Independent samples and test

conducted by both auditor and SSBAudit opinion►The financial statements as a whole

are free from material misstatement based on accumulated audit evidence, refers to the whole audit process and comply with Shari’ah rules and principles

AAOIFI: Audit Report and Shari’ah Opinion

►Shari’ah opinion will include matters pertaining to: Contracts, transactions and dealings Equitable allocation of profit and losses Earnings (lawful/prohibited) Zakat

AAOIFI: Audit Report and Shari’ah Opinion

►Audit opinion is expressed on or after Shari’ah opinion is obtained

►Audit and Shari’ah evidence to be obtained separately

►Audit opinion to refer to Shari’ah rules, opinions and principles and to conduct test on the application of these requirements

Reasonable vs Complete Assurance

► The Report of the Auditors – an independent assurance on the integrity and fairness of financial information

► Financial statement audit – an opinion as to whether the financial statements are prepared in accordance with an identified financial reporting framework and standards

► Since the transactions are too many, evidence will be accumulated on a sampling basis, thus the auditors only express reasonable assurance

► The Report of the Shari’ah Committee indicates a statement of opinion reflecting a complete assurance of Shari’ah principles but the SC never conduct an audit

► Is it appropriate for SC to make such a ‘strong’ statement to indicate a complete assurance?

Reasonable vs Complete Assurance

► Financial auditors are independent professionals with sufficient education and experience to qualify to perform the audit

► Members of SC are qualified Shari’ah scholars but their responsibility is only to advise

► The responsibility of Shari’ah compliance actually lies with the management

► The report of SC indicates that they have taken the responsibility not only to advise but also to provide complete assurance

► To what extent the SC is legally liable in the case of Shari’ah non-compliance and irregularities?

► The report of SC is of great value to the management to ensure credibility of IFIs

Competency and Limited Roles of Shari’ah supervisors

► Without any disregard to the individuals and not as a generalised rule, the jurists sitting on Shari’ah Supervisory Board possess little knowledge about the operations of the IFIs

► Consequently, their compliance review generally remains limited to the extent of assurance of the legal form of transactions i.e. vetting of agreements and documents etc

► On the contrary, the operational matters which include the substance of the transactions might remain unattended because it is not the core competence of these respectable jurists

Competency and Limited Roles of Shari’ah supervisors

► Generally, the management does not wish to bring each and every matter in the attention of the Board or the Supervisors

► Accordingly, unless they have enough time to review things their own, and they take reasonable interest in the same, it not possible for them to have a look on most of the operational matters

► Although we are questioning the personal independence and integrity of respectable jurists in the SSB, they would appreciate that the work performed under one’s guidance should always be counter checked by an independent person

Ex ante vs Ex post Shari’ah compliance

► Ex ante Shari’ah compliance – the SSB’s supervision, monitoring and control tasks to comply with the Shari’ah rules and guidelines during the designing of the contracts and agreements up to the implementation of the terms of contract

► Ex post Shari’ah compliance – a comprehensive Shari’ah auditing to review and check the transactions that took place after the execution of the contracts

► Ex post Shari’ah compliance (Shari’ah auditing) perform random samples of completed transactions to ensure Shari’ah compliance

► Sharia’h supervisors did not carrying out Shari’ah auditing on the operations of IFIs due to their restricted scope of work

The Needs for Shari’ah Audit for Islamic Banks

► External financial auditors only legally responsible to audit conventional financial and operational systems, processes, activities, policies etc

► Shari’ah advisors only focused on Shari’ah compliance on products and policies

► Internal auditors only focused on internal control and operational matters

► Thus, there is a need for purposely a designed Shari’ah audit programme to ensure reasonable assurance of shari’ah compliance for Islamic banking activities

The Needs for Shari’ah Audit for Islamic Banks

► Shari’ah audit will include auditing and assurance processes for products, transactions, disbursements of financing, profit distribution, policy for depositors, penalty charges, accounting recognition and measurement and as well as financial reporting etc

► Thus, Shari’ah auditors need to be well trained in Shari’ah, auditing, accounting etc

► So far, we don’t have educational and professional training programme to develop and produce Shari’ah auditors

The Importance of Shari’ah audit

► Enhance shareholders’ value and confidence of the stakeholders

► If stakeholders are suspicious of Shari’ah compliance, it will seriously affect the integrity of Islamic finance

► Shari’ah non compliance risks is a major challenge for regulators

► Adequate systems and controls are required to ensure compliance with the Shari’ah rules ie. Rulings and fatwas of the SSC are implemented throughout the financial institutions

► Shari’ah risk management system and internal control should supplement the external and internal Shari’ah audit requirements

Responsibility of the Shari’ah auditors

► Allah s.w.t. says in the Qur’an that “Allah doth command you to render back your trusts to those to whom they are due; and when ye judge between people that ye judge with justice”

► Shari’ah auditing – external, as well as internal – is required by Shari’ah as a Fard Kifayah to ensure an Islamic system is fully protected

► In other words, it is a duty which if performed by some, would exempt others in the society; otherwise the whole society is sinful

Shari’ah Governance Framework – Bank Negara Malaysia

Adopted on 1 January 2011, Shari’ah Governance Framework (SGF) for Islamic financial institutions (IFIs) supersedes the Guidelines on the Governance of Shari’ah Committees of IFIs introduced by Bank Negara Malaysia (BNM), the central bank, in 2004

According to the Malaysian central bank, the primary objective of the SGF is to enhance “the role of the Board, the Shariah committee and the management in relation to Shariah matters, including enhancing the relevant key organs having the responsibility to execute the Shariah compliance and research functions aimed at the attainment of a Shariah-based operating environment.”

33

Changes/ in the new SGF

►Number of Shari’ah Committee members has increased from three to five

►Minimum qualification of Shari’ah Committee members – a Bachelors Degree in Shari’ah

►Details of the process of Shari’ah review, Shari’ah risk management, Shari’ah research and Shari’ah audit

35

► A key of the SGF is the Shari’ah audit function Provides assurance to stakeholders

independently by ensuring conformance with Shari’ah including products and services offered by IFIs and Takaful operators

Performed by internal auditor who have adequate Shari’ah related knowledge and skills – to ensure a sound and effective internal controls system of Shari’ah compliance

May engage the expertise of the IFI’s Shari’ah officers in performing the audit, as long as the objectivity of the audit is not compromised

Also can appoint external party to conduct Shari’ah audit

Scope of Shari’ah audit

►Audit of financial statements of the IFI►Compliance audit on organisational

structure, people, process and information technology application systems; and

►Review of adequacy of the Shari’ah governance process

Shari’ah Review According to Shari’ah Governance Framework issued by

Bank Negara Malaysia, Shari’ah review function refers to regular assessment of Shari’ah compliance in the activities and operations of the Islamic banks, with the objective to ensure that the activities and operations carried out by the Islamic banks do not contravene with Shari’ah

The function involves examining and evaluating the Islamic banks’ level of compliance to Shari’ah, remedial rectification measures to resolve non-compliances and control mechanism to avoid recurrences

The scope covers the business operations, including end to end product development process from pre-product approval to post product approval process.

38

Shari’ah Audit► Shari’ah audit refers to the periodical

assessment conducted from time to time, to provide an independent assessment and objective assurance designed to add value and improve the Islamic bank’s compliance, with its main objective in ensuring a sound and effective internal control system for Shari’ah compliance

39

Shari’ah Audit Evidence

► Audit evidence is the information used to determine whether the information being audited is stated in accordance with established criteria

► Evidence may take many forms Oral testimony of the auditees Written communication with outsiders Observations by the auditor Legal documentations SOPs Accounting records ets

Shari’ah Audit Process

►Planning Phase – Shari’ah Audit Programme to be developed

►Execution Phase ►Reporting Phase

41

Audit Process

►Planning Phase – Shari’ah Audit Programme to be developed include a complete understanding about

the Islamic banks’ operations in terms of products, size of operation, location, branches, subsidiaries and divisions

properly documented including the sample selection criteria and size taking into consideration complexity, and frequency of transactions.

Audit Process continued..

►Execution Phase understanding of the management awareness,

commitment and compliance control procedures for adherence to the Shari’ah;

auditing of contracts and standard operating procedures; auditing information and reports such as circulars, minutes

of meeting, operating and financial reports, policies and reports etc;

interviewing relevant personnel; observing operations and processes; auditing profit computation and distribution, zakat

computation and distribution, penalty computation and manner of distribution etc; and

assessing the adequacy of internal control system for Shari’ah compliance

►Reporting phase The final phase of Shari’ah audit process Report the findings of Shari’ah compliance

and non-compliance (if any) Assess the degree of recurring of non-

compliance and its systematic effect to the Islamic banks

Recommend corrective actions, improvements and rectifications

Suggest timeliness for such rectifications to be completed

Audit Report

► The objectives of the audit.► The scope, summary of the methods used to gather

evidence and period of the audit should be disclosed.

► The major and minor findings of the audit should be disclosed as well as the comments from the personnel audited as regards the findings.

► Classification of the Shari’ah non-compliance findings as major, moderate, minor or repeated violations.

► Recommendations, corrective actions, rectifications required and the target dates and the person responsible for the rectification.

Example 1: Auditing BBA Financing

Example of Audit ProgramAudit Objective 1: To ascertain the essential

elements and necessary conditions of BBA contracts

Documents Detail checklists Objective

Purchase agreement Seller details To denote effective transfer of ownership

Purchase agreement Description and location of goods

To avoid gharar on specification of goods and denote deliverability of the goods

Sales agreement Price including mark-up (to be paid by customer)

To fulfill the condition of BBA contract

Sales agreement Customer details To denote effective transfer of ownership

Example of Shari’ah Audit findings

Findings Risk indicator

1. Details of goods purchase for BBA financing not properly recorded

Minor Shari’ah non-compliance risk

2. Sales and purchase agreements contradicts the Shari’ah requirements of BBA contracts

Major Shari’ah non-compliance risk

3. Overcharged the customers penalty and the policy is not in accordance by SSC’s requirements

Moderate Shari’ah non-compliance risk

4. Contradicts the AITAB contracts that in case of asset defects i.e. customers were unduly charged the maintenance costs

Moderate Shari’ah non-compliance risk

5. The date of trading is after the disbursement for personal financing under tawarru’

Major Shari’ah non-compliance risk

ISRA & BNM Research Project on “Shari’ah Audit Framework”

► To review the current Shari’ah supervisory and auditing practices among IFIs in Malaysia

► To evaluate the present Shari’ah governance framework and practices of the IFIs in Malaysia

► To draft the Shari’ah Audit Framework for consideration by BNM that will lay out policy recommendations and guidelines for the IFIs to properly conduct both the internal and the external Shari’ah audit

COMPONENTS OF INTERNAL SHARIAH AUDIT FRAMEWORK

► SCOPE OF INTERNAL SHARIAH AUDIT► INTERNAL SHARIAH AUDIT OBJECTIVES► INTERNAL SHARIAH AUDIT AND GOVERNANCE► AUDIT CHARTER► COMPETENCY OF INTERNAL SHARIAH AUDITORS► INTERNAL SHARIAH AUDIT PROCESS ► REPORTING REQUIREMENTS FOR INTERNAL

SHARIAH AUDIT

The internal Shariah auditors shall possess adequate auditing knowledge, skills and competencies on the following:

►proficiencies in applying internal auditing standards and procedures;

►proficiency in accounting principles and techniques;

►understanding of management principles;►appreciation of accounting, economics,

commercial law, taxation, finance, quantitative methods and information technology applications system;

►skills in dealing with people and communicating;

►skills in oral and written communications; and,►essential and adequate knowledge in Shariah.

Basic qualifications of Internal Shari’ah auditors

►have a relevant bachelor degree or professional qualification (or have minimum 2 years working experience in auditing or IFIs);

►have adequate knowledge of Shariah (undergone sufficient education and training in fiqh muamalat to be approved by the chief internal auditor of the IFI; and ); and, knowledge on Shari’ah include:

usul fiqh relevant to fiqh muamalat; sources of Shariah; principles of Islamic financial contracts; prohibited elements in Islamic financial contracts; and Islamic financial contracts relevant to IFIs in Malaysia

►have adequate knowledge and understanding of the functions of IFI, and the Islamic products and services

Challenges in Shari’ah Audit (Abdul Rahman, 2008)

►To establish audit evidence►To develop a systematic and thorough

audit program►To produce competent and

independent Shari’ah auditors

53

AAOIFI’S SHARI’AH COMMITTEE REPORT

In the name of Allah, The Beneficent, The Merciful

To the Shareholders of The Example Islamic Financial Institution Assalam Alaikum Wa Rahmat Allah Wa Barakatuh

In compliance with the letter of appointment, we are required to submit the following report: We have reviewed the principles and the contracts relating to the transactions and applications introduced by the Example Islamic Financial Institution during the period ended. We have also conducted our review to form an opinion as to whether the Example Islamic Financial Institution has complied with Shari ’a Rules and Principles and also with the specific fatwas, rulings and guidelines issued by us. The Example Islamic Financial Institution’s management is responsible for ensuring that the financial institution conducts its business in accordance with Islamic Shari’a Rules and Principles. It is our responsibility to form an independent opinion, based on our review of the operations of the Example Islamic Financial Institution, and to report to you. We conducted our review which included examining, on a test basis of each type of transaction, the relevant documentation and procedures adopted by the Example Islamic Financial Institution We planned and performed our review so as to obtain all the information and explanations which we considered necessary in order to provide us with sufficient evidence to give reasonable assurance that the Example Islamic Financial Institution has not violated Islamic Shari’a Rules and Principles. In our opinion: a) the contracts, transactions and dealings entered into by the Example Islamic Financial Institution during the year ended ... that we have reviewed are in compliance with the Islamic Shari’a Rules and Principles; b) the allocation of profit and charging of losses relating to investment accounts conform to the basis that had been approved by us in accordance with Islamic Shari’a Rules and Principles; (where appropriate, the opinion paragraph shall also include the following matters:) c) all earnings that have been realized from sources or by means prohibited by Islamic Shari’a Rules and Principles have been disposed of to charitable causes; and d) the calculation of Zakah is in compliance with Islamic Shari’a Rules and Principles. We beg Allah the Almighty to grant us all the success and straight-forwardness. Wassalam Alaikum Wa Rahmat Allah Wa Barakatuh (Names and signature of the members of the Shari’a supervisory board) Place and Date

MEEZAN BANK OF PAKISTAN

MEEZAN BANK OF PAKISTAN