A. What is External Audit?

External audit supports credibility of financial reports. The purpose of an external audit is to have an independent party, the auditor, express an opinion on an organization’s financial statements. The auditor assesses whether the financial statements are prepared, in all material respects, in accordance with an applicable financial reporting framework and whether they present fairly the financial position of an organization. External auditors play a critical role in maintaining market confidence in the reported financial statements.⁴

The work of an external auditor is guided by professional standards. ISA are widely recognized as high-quality standards for the performance of audits of financial information. They are issued by the International Auditing and Assurance Standards Board (IAASB), and most jurisdictions use ISA as their national or benchmark norms for auditing.⁵ In some countries, a State auditor (such as an Auditor General) has a mandate to audit the CB’s financial statements. Notably, the International Organization of Supreme Audit Institutions (INTOSAI), a global association for State auditors and similar institutions, has converged its guidelines for financial audits in the public sector with ISA. Since 2010, these INTOSAI guidelines are reviewed annually to ensure consistency with ISA.⁶

External audit differs from internal audit in its objectives, scope, and level of independent assurance. An internal audit function is typically independent of operations with reporting lines to both senior management and an oversight body, such as the Board. However, because internal audit is part of the institution, it is not considered sufficiently independent to opine on the financial statements for external stakeholders. For this reason, the term “independent audit” is used in the context of an external rather than internal audit. The scope of the two functions also differs. The external auditors’ responsibility is limited to the financial statements and financial reporting risks for a defined period, whereas internal auditors continuously evaluate the effectiveness of governance, risk management, and control processes. In addition, internal audit reports are confidential and are not distributed to third parties; whereas independent audit reports on the financial statements are typically issued for external stakeholders and published.

In a risk management framework, external audit is sometimes considered a fourth line of defense.⁷ Current and recognized models for governance and control systems provide for three lines of defense within an organization, namely: (i) the operational management and internal controls; (ii) a risk management and compliance function; and (iii) an internal audit independent from the first and second lines of defense. External auditors are not part of an internal structure, but because of their contribution to governance and controls are sometimes viewed as an additional line of defense (together with regulators and similar external oversight parties).

Public perception of an auditor’s role sometimes goes beyond the duties set by the professional standards, giving rise to what is known as the “audit expectation gap.” This may concern the degree of responsibility for detecting fraud, legal irregularities, and other matters that are not within the financial reporting area. In the CB context, the expectation gap can also relate to assurances on the effectiveness of CB policies. An unmodified audit report may be mistakenly perceived as a clean bill of health on all CB activities, management, and policy decisions. Under ISA, however, external auditors express their opinion only on whether the financial statements are prepared, in all material respects, in accordance with the applicable accounting framework. While a report on internal controls (i.e., a management letter) may also be provided, an external auditor is only concerned with fraud and control weaknesses that cause a material misstatement in the financial statements.

B. Why are Financial Statements of CBs Audited?

Central bank autonomy requires accountability. There is a significant body of research on the links between CB independence, accountability, and transparency. Laurens, Segalotto, Arnone (2009) provide a valuable review of the literature and empirical evidence on the correlation and interdependence of these areas, described as the three pillars of a CB governance framework. The positive correlation between autonomy and accountability has become a recognized principle of good governance for central banks.

Financial reporting is one element of CB accountability. The features of central bank accountability derive from their objectives and mandates.⁸ They typically include accountability for monetary policy - such as through policy strategies, targets, and actions, on which CBs report to the government, financial markets, and other stakeholders. In addition, CBs are accountable for their other functions, including supervisory responsibilities or those related to the smooth functioning of financial infrastructure (e.g., payment systems), where performance measures may be more difficult to establish. Finally, since CBs are entrusted with public resources and often a significant degree of financial autonomy - reporting on the management and stewardship of these resources through quality financial statements enables CB accountability.⁹

External audit supports CB financial accountability. The IMF “Code of Good Practices on Transparency in Monetary and Financial Policies” identifies desirable transparency practices for CBs, including:

• “4.2 The central bank should publicly disclose audited financial statements of its operations on a preannounced schedule.

• 4.2.1 The financial statements should be audited by an independent auditor. Information on accounting policies and any qualification to the statements should be an integral part of the publicly disclosed financial statements.”

Audited financial statements of CBs have various stakeholders. An audit report is normally addressed either to those charged with governance (TCWG) of an audited entity or the entity’s shareholders. For CBs this is typically the Board or the government (representing the State), and private shareholders in some rare cases. Due to its public function, other parties may also have an interest in a CB’s financial position and results of operations. Table 1 gives an overview of key stakeholders and rationale for their interest in audited financial statements.

Table 1:

Key Stakeholders of Central Bank External Audit

Table 1:

Key Stakeholders of Central Bank External Audit

Key stakeholder	Rationale for interest in the CB financial statements
Parliament	Legal compliance, as part of accountability requirements In some cases, votes on accepting CB annual report
Government	Profit distribution Capital level and recapitalization needs Indemnities for certain agreed policies (for example, guarantees on emergency liquidity assistance losses) Taxation (rare)10 Balances and transactions with government For comparison with budget performance
CB Board/Audit Committee & Employees	Help discharge the Board’s fiduciary responsibilities Board approves the financial statements Support Audit Committee’s oversight duties Credibility of CB financial reporting processes External auditor’s management letters help improve controls
General public	Stewardship of public funds - information to taxpayers/the public on the use of resources Increased interest in CB balance sheets when unusual policy actions are in place, for example quantitative easing or ELA.
Financial institutions/markets	Creation of domestic central bank money, given its impact on monetary policy. Level of foreign currency reserves, for example to indicate policy capacity for foreign exchange interventions
International Financial Institutions	Assurances of the reliability of monetary data & statistics Donors/lenders for due diligence purposes, where funds are deposited at the CB IMF Safeguards Assessments

View Table

Table 1:

Key Stakeholders of Central Bank External Audit

Key stakeholder	Rationale for interest in the CB financial statements
Parliament	Legal compliance, as part of accountability requirements In some cases, votes on accepting CB annual report
Government	Profit distribution Capital level and recapitalization needs Indemnities for certain agreed policies (for example, guarantees on emergency liquidity assistance losses) Taxation (rare)10 Balances and transactions with government For comparison with budget performance
CB Board/Audit Committee & Employees	Help discharge the Board’s fiduciary responsibilities Board approves the financial statements Support Audit Committee’s oversight duties Credibility of CB financial reporting processes External auditor’s management letters help improve controls
General public	Stewardship of public funds - information to taxpayers/the public on the use of resources Increased interest in CB balance sheets when unusual policy actions are in place, for example quantitative easing or ELA.
Financial institutions/markets	Creation of domestic central bank money, given its impact on monetary policy. Level of foreign currency reserves, for example to indicate policy capacity for foreign exchange interventions
International Financial Institutions	Assurances of the reliability of monetary data & statistics Donors/lenders for due diligence purposes, where funds are deposited at the CB IMF Safeguards Assessments

A. Overview of Audit Frameworks in CB Legislation

An external audit framework in the law is typically informed by the private or public law nature of an entity. Distinct audit arrangements apply to private corporations and public institutions:

• private law corporations—commercial audit norms apply and independent external audits are required, particularly for companies of a certain size or that seek market funding. This would typically follow from a “corporations act;”

• public law institutions—public audit norms apply and Supreme Audit Institutions (SAIs or State auditors) perform audits. This would typically follow from a “state entities audit act.”

For CBs, the audit frameworks in the legislation are further influenced by other factors, including their mandate, degree of autonomy, and complexity of financial reporting. The oldest CBs were, and in many cases still are, incorporated as stock companies under private law. Recognition of their public mandate by statute or state-ownership of CBs’ capital does not necessarily change their incorporation.¹¹ Relatively younger CBs were established by statute as public law institutions. However, the audit frameworks for CBs do not strictly reflect the above distinction between the commercial and public norms. The legislature can and often has tailored the audit requirements taking into account the unique nature of central bank operations, governance structures, as well as the desired level of autonomy and protection from political influence.

Accordingly, many CBs are subject to commercial audit frameworks, irrespective of their corporate or public nature. There are three approaches:

• exclusive commercial audit framework—statute specifies that the CB is subject to the national or an internationally accepted commercial audit framework to the exclusion of any public audit;

• mixed system—statute recognizes elements of both public and commercial audit frameworks for purposes of auditing the CB;

• delegated system—statute authorizes the CB’s main decision-making body to determine the audit framework, possibly limiting the discretion of this body by prescribing that the framework should be “internationally accepted” or “independent”. This system has evolved to become the most common practice and is being incorporated into recently drafted CB legislation (see Figure 1).

Mixed systems can take either of two forms:

• parallel system—both a SAI and an independent external auditor are assigned, using their respective audit standards,¹² or

• outsourcing system—the SAI’s audit opinion is based on an opinion issued by an independent external auditor.

In the mixed systems, there should be a mechanism to reconcile possibly deviating public and commercial audit results. Where both a SAI and a private external auditor audit the CB (i.e., parallel system), diverging findings and conclusions cannot be ruled out. For such cases, the legal framework should identify the audit opinion that will take precedence in decision making. This is essential for the CB’s financial accountability in general, and the profit distribution scheme in particular. Similarly, while the SAI’s opinion would normally prevail in an outsourcing system, a legal framework could usefully provide for a transparent disclosure of differences in the audit reports.¹³

Where a SAI is involved in the CB’s audit, the legal framework will need to include safeguards to protect the CB autonomy. SAIs can be responsible for a range of audits.¹⁴ The remit of the SAI will need to focus on financial statement audits or the efficiency of management, to the exclusion of an audit of the effectiveness of the CB’s public or monetary policies. A clear definition or parameters for the SAI’s scrutiny of CB policies and operations is necessary to shield the CB from political and external pressure. This, of course, needs to be weighed against the need for CB accountability.¹⁵

Constitutional law may also inform the design of CB audit frameworks. In many jurisdictions the constitution recognizes the SAI and broadly describes its mandate. Depending on this mandate, it may not be possible to exclude public audits of CBs or to limit the scope thereof. Also, constitutional law provisions, or their interpretation, may prescribe involvement of the SAI in the selection and dismissal of independent external auditors.

Appointment and dismissal modalities for independent external auditors should be legally or formally established. For this purpose, it does not matter whether this auditor is the sole auditor or an auditor working parallel with, or under the oversight of, the SAI. Key components of the audit structure include: (i) experience in using international standards and applying these to complex financial institutions and/or CBs; (ii) multi-year appointments with a minimum mandate; (iii) auditor rotation rules (for firms or key audit partners); and (iv) annual performance reviews with ability to discontinue the audit contract for good cause.¹⁶ These measures are intended to safeguard the audit quality and independence. While it is preferable to include the modalities for appointment and dismissal in law, they can also be laid down in the CB’s by-laws, contracts with the auditors, and/or memoranda of understanding with the SAI.

In most jurisdictions, the authority and the procedure to appoint and dismiss the independent external auditors is enshrined in the law (see discussion below). In the outsourcing system discussed above, the authority to appoint an auditor is with the SAI. In other cases, there are alternatives for assigning this authority—with the possibility that multiple bodies are involved during the selection and nomination process:¹⁷

• the CB’s governance bodies (i.e., the Board or its Audit Committee) either pursuant to the CB’s organic law or the corporations act;

• the government (most commonly the Minister of Finance);

• the shareholders’ meeting bringing together several shareholders or the sole shareholder (i.e., the State); or

• the legislature (i.e., the Parliament).

B. Audit Requirements in CB Laws¹⁸

We analyzed available CB laws to determine the existence of external audit provisions. Such provisions typically establish the statutory requirements for an audit, identify the appointing authority, and may contain safeguards to ensure audit quality and protect the auditors’ independence. Overall, a majority (157 CBs or 92 percent) of CBs have an audit requirement that is enshrined in the CB law. The remainder (13 CBs or eight percent) were either silent on audit requirements or the relevant provisions of the law were not readily available. The analysis revealed that the level of detail in the law regarding the audit framework varied. Results are discussed in the section below with additional information on the regional trends in Annex 3.

The majority of CB laws require an independent audit of the central bank. As shown in Figure 1, the majority of CB laws mandate that the audit be conducted by an independent auditor. Some laws go further and stipulate that the CB audit should be performed by an international firm, which is typically independent. Laws mandating the SAI as auditor of the CB comprised 14 percent or 23 CBs. This is consistent with the actual practice observed in our review of signed audit options (Figure 3). The inclusion of the audit requirements in the majority of CB legislation confirms the importance of external audits in ensuring CB accountability. The category “Other” includes cases where the audit was entrusted to an “audit board” or a “statutory auditor” without a clear indication of their role (e.g., internal or external to the CB, public or private nature).

View Full Size

External Audit Attributes per CB Law

Citation: IMF Working Papers 2018, 199; 10.5089/9781484375501.001.A001

Source: 170 laws from CB websites and IMF CB Legislation Database

• Download Figure
• Download figure as PowerPoint slide

The party responsible for appointing the CB auditor is enshrined in most CB laws. Such authority is defined as the body that has the final approval in the appointment process (Figure 2) as stipulated in the law. External auditors are predominantly (36 percent) appointed by the CB Board or a similar governance body. In these instances, the external auditor is also required to be independent and/or internationally recognized, an indication that the CBs are indeed adopting the “delegated system” for an audit framework in the law discussed above. In cases where the CB law entrusts a SAI with the external audit mandate, the appointing authority is also the SAI. In the conduct of safeguards assessments, we have observed, however, that SAIs sometimes delegate this appointing role to the CB’s governance body (e.g., the outsourcing system).¹⁹ Further, the regional analysis of the appointing authority (Annex 3), indicates that all types of appointing arrangements are present in each region (except for the “supranational” appointment type unique to the Eurosystem).

The results on the appointing authority reflect the role of external audit in the agency theory of accountability.²⁰ Appointments by the government (typically the Minister of Finance), the President, the shareholders, or the Parliament account for about a quarter of the cases. Together with the supranational group such appointments closely reflect agency theory, where where the auditor’s role is to support trust and credibility between the principals (i.e., those representing the owners or the State) and agents (i.e., the Board or management). SAIs play a similar role in a public-sector context. That said, a considerable number of CB laws entrust the appointment decisions to the CB governing bodies, which include the Board, audit committees, and in some cases the Governor. Under agency theory, this is effective when strong safeguards on audit independence are in place. As noted above, when the appointment authority is with a governance body, the law would indeed require the auditor to be independent.

View Full Size

Parties Responsible for External Auditor Appointment

Citation: IMF Working Papers 2018, 199; 10.5089/9781484375501.001.A001

Source: CB websites and IMF CB Legislation Database. The total population size is 170 CBs.Note: The accounts of national central banks of the member states of the European Union participating in the Eurosystem and the European Central Bank (ECB) are audited by independent external auditors recommended by the ECB’s Governing Council and approved by the Council of the European Union. These cases are classified as Supranational.

• Download Figure
• Download figure as PowerPoint slide

In practice, most CBs have ownership of the selection and appointment process. Safeguards findings indicate that, central banks have some autonomy in selecting and appointing their external auditors. This is typically implemented through agreements or understandings that delegate this authority to the CB governance body. Within the IMF safeguards assessments population of CBs (see Section V) the CB’s governance body assumes the selection and appointing responsibility in 56 percent of cases, which exceeds the de-jure mandates (i.e., 44 percent for the safeguards population and 36 percent for the total group of CBs in Figure 2). Such practices, which give ownership of the process to the CBs, reduce delays in the appointment of the auditor. They could also safeguard the quality of the audit through CBs’ internal regulations that set requirements for audit independence and international standards.

While a limited number of CB laws have provisions to support audit quality and independence, actual practices are ahead of legal requirements. Only 48 CB (28 percent) laws established audit rotation modalities, which safeguard the independence of the external auditor, and 40 CB laws (24 percent) require the establishment of an audit committee, whose role includes audit oversight. However, IMF safeguards assessments findings suggest that in practice more central banks have audit rotation policies as well as audit committees in place (see Sections IV and V). Further, despite only 15 percent of laws requiring the use of ISA, a review of audit opinions shows that these international standards are referred to in 64 percent of CBs (see Figure 4).

Recent amendments to central bank laws suggest a shift towards international standards. It is noteworthy that of the 27 CB laws that specifically state an ISA requirement, 21 were amended after 2008. Similarly, of the 48 CB laws that had audit rotation requirements, the majority (30 cases) was also amended over the last decade. This is in line with the trend in audit regulation that aims to enhance audit quality and independence (Section VI). In this context, when providing technical assistance on the reforms of CB legislation, IMF staff recommend that a robust audit framework be enshrined in the law. Box 1 provides examples of the recommended provisions on the external audit quality and independence, and Box 2 includes such provisions for an audit oversight body (i.e., and audit committee).

A. Audit Oversight

Over the last decade, audit committees have increasingly become part of the governance structures of CBs. Establishment of audit committees in CBs followed developments in governance codes for the private sector, such as corporate governance principles recommended by the Organisation for Economic Co-operation and Development (OECD) or the Basel Committee on Banking Supervision. A typical audit committee is responsible for oversight of an organization’s internal and external audits, control systems, and financial reporting. Some have also seen their role expanded to incorporate risk management and legal compliance. Similar to statutory provisions on external audit discussed above, CB laws should ideally contain provisions on the audit committee and its oversight role, as part of an overall audit framework (see Box 2).

Audit committees are an important element of the external audit mechanism at CBs. The audit committee is a stakeholder of the external audit process; it receives audit reports on the financial statements, as well as the management letter with observations on internal controls, financial reporting, and compliance matters. In addition, the committee is also responsible for audit oversight and in this capacity its key responsibilities typically include:²²

• Auditor selection and rotation policies. Domestic legislation (for example, the CB’s organic law, audit market regulations, public procurement laws) often provides general rules for auditor appointments; these are complemented with internal policies prescribing a specific framework for the CB. To ensure quality and an independent audit, these policies typically establish selection procedures that give greater weight to technical expertise than to cost, as well as multi-year mandates and rotation requirements.²³

• Ensuring auditor independence during the audit. Box 3 provides an overview of the audit independence concept and threats to such independence. Audit committees are responsible for monitoring the external auditor’s independence throughout the auditor’s mandate. For this purpose, the audit committee would periodically inquire about the audit firm’s own safeguards for independence. To identify possible threats to the auditor’s independence, the committee would also review all services provided by the auditor. It may also decide to restrict non-audit services from an incumbent auditor.²⁴

• Review of performance and retention. Each year, audit committees should evaluate the external auditor and make an informed decision or recommendation regarding retention. This should include an assessment of the qualifications and performance of the audit partners and staff; the quality and candor of the auditor’s communications; and the auditor’s independence, objectivity, and professional skepticism.

• Monitoring of audit findings and recommendations. The audit committee should receive periodic reports from CB staff regarding the status of implementation of audit recommendations.

More than half of central banks have audit committees. While audit committees are not commonly mentioned in the audited financial statements, CBs sometimes disclose their mandate and activities in the Annual Reports. For enhanced transparency, some CBs also publish a separate Audit Committee Annual Report. From the reviews of the legal frameworks, Annual Reports published by CBs, and safeguards experience, we established that nearly half (80 of the 170 CBs) have an audit committee or a similar audit oversight body. This is notable, given that only 40 CB laws specifically required an audit committee, an indication that CBs recognize the need for good governance structures even when there is no explicit requirement in the CB law.²⁵ By contrast, of the 151 CBs laws reviewed in 2013, only 20 percent (30 CBs) specifically required an audit committee. Thus, more central banks laws now require audit committees, an increase from 30 to 40 CBs. This change in legislation indicates a shift towards the adoption of established corporate governance practices.

Audit Committee mandates will need to be appropriately adjusted where a SAI has responsibility for the CB audit. As discussed earlier, a SAI may be mandated to audit the CB financial statements or have a role in appointing the external auditor. SAIs have a high degree of institutional independence, often enshrined in the constitution. Therefore, in these cases, the audit committee’s oversight role will need to be tailored to ensure it does not conflict with the SAI’s status and mandate. Open communication with the SAI could help adjust the oversight tasks to the specific circumstances. The SAI may, for example, conclude that it does not have adequate capacity to audit a complex financial organization such as a CB.²⁶ In those cases, the SAI may decide to subcontract to or share the audit work with an independent external auditor, and delegate audit oversight, including audit firm selection, to the CB and its audit committee. Such arrangements may be formalized through a memorandum of understanding (MoU) between the SAI and the CB.

The financial supervision function of a CB may have an impact on the audit mechanism. As a regulator, the CB may have a role in establishing the rules and expectations for audits of financial institutions. As such, the CB should follow international practices and apply this guidance to its own institution, as appropriate. Additionally, a potential conflict of interest may arise from the CB’s regulatory relationship with the auditors. The CB may decide on the eligibility of external auditors for the supervised institutions or have the power to appoint auditors for special investigations. It would be the responsibility of the CB’s audit committee to ensure that the external auditor’s independence is not compromised on the central bank audit when the auditor is also engaged by the supervised institutions.

Auditors have a professional responsibility to communicate with those charged with governance. In an audit performed under ISA, the auditor is required to communicate certain matters to TCWG (i.e., the Board or its audit committee). These include: (i) the auditor’s responsibility in relation to the audit and confirmation of auditor independence; (ii) planned audit scope and timing of the audit; (iii) significant audit findings; (iv) difficulties encountered in the audit; and (v) deficiencies in internal controls of the audited entity. Accordingly, in a typical annual audit cycle, the auditor should seek at least two meetings with the audit committee - at the planning and concluding stages of the audit.

B. Who Audits Central Banks?

Most CBs are audited by private audit firms with dominance of international firms. We reviewed the published audit opinions of 141 CBs (total population of 170). Figure 3 summarizes the results based on the party that signs the audit report. International audit firms account for about 70 percent of the CB audits. This comprises (i) 94 audit opinions issued solely by an international firm (55 percent); (ii) 19 joint audit arrangements which include an international firm (11 percent), presented within the co-sign group below; and (iii) eight audits subcontracted by the SAI to an international audit firm (4 percent). It is not always evident from published audit reports if the SAI involved a private firm, unless the State auditor notes reliance on a subcontracted private auditor, co-signs with a private auditor, or the CB publishes two audit opinions simultaneously. ²⁷ The regional distribution (Annex 3) shows a less dominant use of international firms in the Asia Pacific region (21 percent), and more audits being conducted by the SAI (36 percent) when compared to the general population.

View Full Size

External Auditors of Central Banks

Citation: IMF Working Papers 2018, 199; 10.5089/9781484375501.001.A001

Source: Of 170 CBs websites, 141 had published audit opinions at September 30, 2017.

• Download Figure
• Download figure as PowerPoint slide

The proportion of audits conducted by international audit firms reflects the use of international audit standards (Figure 4). About 64 percent of CBs’ audit reports stated use of ISA in the audit.²⁸ The significant use of these standards, over and above the legal requirement in CB laws (15 percent), suggests that CBs attribute value to audit quality. This is in line with the observed practice of using international audit firms by most CBs. Application of ISA allows for consistent interpretation of audit requirements and enables efficiency associated with applying a common approach among the audit firms. Further, international affiliation provides certain benefits that support audit quality, including access to a wide network of expertise and quality control procedures. The regional distribution (Annex 3) shows frequent use of ISA across the regions, with a dominant use in Africa and Europe.

View Full Size

Auditing Standards Applied in Central Bank Audits

Citation: IMF Working Papers 2018, 199; 10.5089/9781484375501.001.A001

Source: Of 170 CBs websites, 141 had published audit opinions at September 30, 2017.

• Download Figure
• Download figure as PowerPoint slide

The widespread use of international standards is influenced by several factors. As noted above, the CB laws only require the use of ISA in 15 percent of cases. However, the CB’s internal regulations, such as by-laws, Charters, or Board decisions, often provide for ISA in CB audits. The external auditors are also subject to accounting and audit regulations in their jurisdictions, which as discussed in Section II increasingly adopt ISA. Lastly, the international audit firms base their internal methodologies on these standards and commonly refer to them in their audit reports.

View Full Size

External Auditors of CBs: 2017 vs 2013 Comparison

Citation: IMF Working Papers 2018, 199; 10.5089/9781484375501.001.A001

Source: Of 170 CBs websites, 141 and 143 had published audit opinions at September 30, 2017 and 2013, respectively.

• Download Figure
• Download figure as PowerPoint slide

The audit market structure for CB audits is dynamic, but international audit firms hold a significant share. Of the 141 websites of CBs that published the financial statements, the percentages indicating an international accounting firm is significant and is consistent when comparing 2013 and 2017 data (Figure 5). In both years, international firms were responsible for approximately 70 percent of CB audits (including through co-signing and subcontracting arrangements). The shift in audit firms indicates that CBs periodically rotate audit firms (Sections V and VI). The increase in co-signing arrangements is partly attributed to some CBs engaging international firms through joint audits.

C. Transparency and Timeliness of Reporting

How long does it take to finalize an external audit of a CB?

Central bank laws set fairly ambitious deadlines for audit completion. For financial information to be relevant, it must be recent when made available to users. Timely and accurate financial statements create confidence, credibility, reliability, and awareness of the CB’s activities in the eyes of the public. Based on a review of 170 CB laws, we found that 134 set a statutory deadline for financial reporting (Figure 6). The most common timeframe is three months or less after the financial year-end.

View Full Size

Statutory Deadlines for Completion of _ Annual Financial Statements _

Citation: IMF Working Papers 2018, 199; 10.5089/9781484375501.001.A001

Source: 170 central bank laws.Note: 134 of the central bank laws set a statutory deadline for audit completion. The remaining comprised the “no date” category with either no set date or no clear provision could be found (34 CBs). The category of “other” includes CB laws where a clear date could not be established, e.g., as soon as possible after year-end.

• Download Figure
• Download figure as PowerPoint slide

Audit completion at most CBs is timely. We compared the dates of the audit opinions published by CBs to their financial year-end to establish the timing of audit completion (Figure 7). This showed that about half of the CBs hold themselves to the private sector standards (on average three months). Further, a total of three quarters of CBs finalize the annual audits with six months of their financial year ends. The regional analysis (Annex 3) shows that European CBs set the leading practice of timely completion within three months.

View Full Size

Timing of Audit Completion

Citation: IMF Working Papers 2018, 199; 10.5089/9781484375501.001.A001

Source: Audit reports. Of 170 CBs, 141 had published audit opinions at September 30, 2017.

• Download Figure
• Download figure as PowerPoint slide

Many CBs complete their audits before the statutory deadline. We compared the actual audit completion date based on the dates of the audit reports (Figure 7) to the statutory deadline (Figure 8). This showed that the majority of CBs (91 CBs) actually complete the audits within their statutory deadline, with a sizeable number of CBs (48 CBs) reporting ahead of the deadlines. From safeguards experience, late audit completion is often attributed to late appointment of the auditors, weak accounting controls at CBs requiring audit adjustments, as well as issues with obtaining audit evidence from third parties through external confirmation or valuation procedures.

View Full Size

Audit Completion Dates vis-a-vis Statutory Deadline

Citation: IMF Working Papers 2018, 199; 10.5089/9781484375501.001.A001

Source: Audit opinions and CB laws.Note: There were 115 CBs with both a statutory deadline and published financial statements.

• Download Figure
• Download figure as PowerPoint slide

Publication

Regular reporting of reliable financial information is one of the key principles of CB accountability and assurance of integrity. Of the 141 CBs that published their audited financial statements as of September 2017, 64 percent (108 CBs) were specifically required to do so by their CB law. This suggests that a considerable number of CBs recognize the importance of being transparent and accountable to their stakeholders, even when there is no legal requirement in the CB law. Nevertheless, there is a room for improvement as for 29 CBs the audited financial statements were not readily available on their websites. This represents about 17 percent of the total number of CBs reviewed.

The publication of audited financial statements has improved over the recent years. It is difficult to establish the exact publication dates because the date of an audit report only indicates when the audit was finalized and not when it was published. As a proxy measure, we noted the age (i.e., time from the financial year-end) of the most recent financial statements available as of end-September 2017 and 2013 (Figure 9).²⁹ The trend in the timeliness of the publication has improved and most of the CBs publish within nine months. However, when compared to the audit completion dates (Figure 7), which shows that 79 percent of CBs finalize the audits within nine months, the publication rate (58 percent) is lower. In safeguards experience, the publication delays are sometimes caused by external factors, such as the need to obtain government approval. Another common reason is combining the publication of the financial statements with the annual report, which takes longer to prepare. Delinking the publications would help to ensure that the audited results are available on a timely basis. This may, in some cases, require legislative amendments.

View Full Size

Age of Published Annual Financial Statements

Citation: IMF Working Papers 2018, 199; 10.5089/9781484375501.001.A001

Source: Central bank audited financial statements from CB websites.Note: Of 170 CBs websites, 141 and 143 had published audit opinions at September 30, 2017 and 2013, respectively.

• Download Figure
• Download figure as PowerPoint slide

A. Independent Audit Regulators

The traditional model of self-regulation has shifted in favor of the establishment of audit oversight regulators. In the United States, the Public Company Accounting Oversight Board (PCAOB) was created in 2002 to oversee the audits of public companies in order to protect the interests of investors and the public interest in audit reports. In the EU, legislation that took effect in 2016 requires Member States to establish a system of public oversight of auditors. Other jurisdictions are also introducing similar regulatory structures.³³ Such bodies are responsible for the registration of statutory auditors, adoption of standards on ethics, internal quality control, continuous education, quality assurance, and investigative and disciplinary systems. They also conduct inspections of audit firms, which may provide a useful reference on audit quality for CBs and their audit committees in appointing and renewal decisions.

B. Mandatory Audit Rotation

Audit rotation safeguards audit independence. It is recognized that the audit mandate should provide for multi-year appointments, which protects the auditors from pressures linked to annual re-appointments. However, long relationships with clients create familiarity threats to independence (Box 3) and rotation is required. Rotation can involve a change of partners and key audit staff, or a change of firm. Rotation of key audit partners is required under international standards.³⁴ However, in jurisdictions where audit firms are relatively small, it may be difficult to ensure effective rotation of key audit partners and staff. Accordingly, mandatory firm rotation (MFR) is warranted in such cases and often enshrined in the central banking legislation. Out of 151 CB laws reviewed, 40 included provisions on rotation of external auditors.

In larger jurisdictions, where audit firms are of a significant size and the audit market is well developed, MFR has been a topic of debate. Supporters argue that rotation will enhance audit independence by eliminating the familiarity threats and open growth opportunities for smaller audit firms. Opponents are of the view that this would hinder audit quality, partly due to the loss of institutional knowledge and the risk of “opinion shopping” by audit clients.

The following recent regulatory developments are of significance:

• In the United States, lawmakers blocked mandatory audit firm rotation. In July 2013, the House of Representatives approved a bill that prohibits the PCAOB from requiring public companies to change their audit firm on a regular basis.

• In the EU, audit legislation that took effect in 2016 includes a requirement to change audit firms after 10 years. That period can be extended by up to 10 additional years if companies put the audit out for a tender, and by up to 14 additional years in joint audit arrangements. Member States have an option to shorten these periods.

C. Other

The 2016 EU reform aims to improve audit quality and open up the audit market. In addition to MFR, other measures include: (i) restrictions on non-audit services and prohibition of certain services, (ii) a cap on fees from other non-audit services at 70 percent of the audit fees; (ii) mandatory tendering for audit appointments; and (iii) audit committees’ role in the audit oversight process. The legislation also brings enhanced reporting requirements for the auditors in their reports and in communications with the audit committees.

Standard-setters have issued revised auditing standards that reduce the “expectation gap” through an increased focus on communication. Key initiatives include enhanced communication with TCWG and more detailed and informative audit reports. Revised standards on auditing have been issued and represent a notable change in practice, including enhanced transparency of audits. Audit reports now include a new section in which the auditor highlights critical matters that, in the auditor’s judgment, were of importance in the audit (i.e., key audit matters).³⁵, While these key audit matters (KAM) were previously communicated to TCWG, the new requirements now extend this to be included in the audit report for external stakeholders. Matters likely to be reported include areas in which the auditor encountered significant difficulty during the audit and issues that involved significant judgment, such as valuation issues or adequacy of disclosures in the financial statements.