External Audit Arrangements at Central Banks
  • 1 0000000404811396https://isni.org/isni/0000000404811396International Monetary Fund
  • | 2 0000000404811396https://isni.org/isni/0000000404811396International Monetary Fund
  • | 3 0000000404811396https://isni.org/isni/0000000404811396International Monetary Fund

Contributor Notes

This paper takes stock of external audit arrangements at central banks. Its focus is on the annual audit of central bank financial statements, as well as legal and institutional measures that support audit quality and independence. The paper outlines good practices in these areas and provides a summary of actual practices observed based on a review of audited financial statements and central bank legislation. While the audit frameworks for central banks differ depending on their legal and institutional circumstances, central banks’ external audits increasingly follow international standards. Most of them are audited by auditors with international affiliations and embrace modern governance structures that provide for audit oversight. However, the paper also notes that a sizeable number of central banks do not publish the audit results in a timely manner, which leaves room for improvement in transparency practices.


This paper takes stock of external audit arrangements at central banks. Its focus is on the annual audit of central bank financial statements, as well as legal and institutional measures that support audit quality and independence. The paper outlines good practices in these areas and provides a summary of actual practices observed based on a review of audited financial statements and central bank legislation. While the audit frameworks for central banks differ depending on their legal and institutional circumstances, central banks’ external audits increasingly follow international standards. Most of them are audited by auditors with international affiliations and embrace modern governance structures that provide for audit oversight. However, the paper also notes that a sizeable number of central banks do not publish the audit results in a timely manner, which leaves room for improvement in transparency practices.

I. Overview

Central banks (CBs) have public mandates and are often entrusted with significant degrees of autonomy. For this reason, to ensure democratic control and good governance, CBs are expected to be accountable.2 This paper focuses on one element of central bank accountability and transparency: the annual external audit of the financial statements.3

We discuss external audit arrangements currently in place at CBs based on a review of publicly available information on CBs’ websites, which included audit reports as well as central bank legislation. This covered 170 websites of the CBs listed in Annex 1. Observations on best practice and audit quality issues are also corroborated by the findings of IMF safeguards assessments, which evaluate audit, governance and control practices, as well as aspects of legal structure and autonomy at CBs of members borrowing from the IMF.

Central banks are strengthening their financial transparency practices, in particular, the publication of financial statements. Most CBs (83 percent) of the above population make their audited financial statements available on their websites and the timeliness of their publication has improved in recent years. Audit completion is generally timely and within statutory deadlines. Most of the published audit reports confirm the use of International Standards on Auditing (ISA; 64 percent), with 70 percent of the CBs audited by internationally affiliated audit firms. Further, CBs are adopting governance structures that embrace modern audit oversight through audit committees. Our findings also indicate that CBs use international standards and practices in the external audit area even in the absence of legal requirements and that recent legal amendments incorporate provisions supporting external audit quality and independence.

The paper is organized as follows: Section II explains the scope and objective of an independent audit of CB financial statements, including key stakeholders. External audit requirements differ among the CBs, and Section III provides an overview of matters that influence the legal design of an audit framework, along with a summary of audit provisions observed in CB legislation. Section IV describes key aspects of an effective audit mechanism, including the role of audit committees and observed transparency practices. It also provides information on the CB auditors and audit standards used by CBs. Section V includes information on the trends observed in IMF safeguards assessments, including insights on audit quality challenges. The audit profession is undergoing reforms and Section VI outlines the main regulatory and professional developments that may be of relevance to CBs’ audit policies and practices, including audit committees’ agendas. A glossary of relevant terms and a list of references is provided at the end.

II. External Audit Objective

A. What is External Audit?

External audit supports credibility of financial reports. The purpose of an external audit is to have an independent party, the auditor, express an opinion on an organization’s financial statements. The auditor assesses whether the financial statements are prepared, in all material respects, in accordance with an applicable financial reporting framework and whether they present fairly the financial position of an organization. External auditors play a critical role in maintaining market confidence in the reported financial statements.4

The work of an external auditor is guided by professional standards. ISA are widely recognized as high-quality standards for the performance of audits of financial information. They are issued by the International Auditing and Assurance Standards Board (IAASB), and most jurisdictions use ISA as their national or benchmark norms for auditing.5 In some countries, a State auditor (such as an Auditor General) has a mandate to audit the CB’s financial statements. Notably, the International Organization of Supreme Audit Institutions (INTOSAI), a global association for State auditors and similar institutions, has converged its guidelines for financial audits in the public sector with ISA. Since 2010, these INTOSAI guidelines are reviewed annually to ensure consistency with ISA.6

External audit differs from internal audit in its objectives, scope, and level of independent assurance. An internal audit function is typically independent of operations with reporting lines to both senior management and an oversight body, such as the Board. However, because internal audit is part of the institution, it is not considered sufficiently independent to opine on the financial statements for external stakeholders. For this reason, the term “independent audit” is used in the context of an external rather than internal audit. The scope of the two functions also differs. The external auditors’ responsibility is limited to the financial statements and financial reporting risks for a defined period, whereas internal auditors continuously evaluate the effectiveness of governance, risk management, and control processes. In addition, internal audit reports are confidential and are not distributed to third parties; whereas independent audit reports on the financial statements are typically issued for external stakeholders and published.

In a risk management framework, external audit is sometimes considered a fourth line of defense.7 Current and recognized models for governance and control systems provide for three lines of defense within an organization, namely: (i) the operational management and internal controls; (ii) a risk management and compliance function; and (iii) an internal audit independent from the first and second lines of defense. External auditors are not part of an internal structure, but because of their contribution to governance and controls are sometimes viewed as an additional line of defense (together with regulators and similar external oversight parties).

Public perception of an auditor’s role sometimes goes beyond the duties set by the professional standards, giving rise to what is known as theaudit expectation gap.” This may concern the degree of responsibility for detecting fraud, legal irregularities, and other matters that are not within the financial reporting area. In the CB context, the expectation gap can also relate to assurances on the effectiveness of CB policies. An unmodified audit report may be mistakenly perceived as a clean bill of health on all CB activities, management, and policy decisions. Under ISA, however, external auditors express their opinion only on whether the financial statements are prepared, in all material respects, in accordance with the applicable accounting framework. While a report on internal controls (i.e., a management letter) may also be provided, an external auditor is only concerned with fraud and control weaknesses that cause a material misstatement in the financial statements.

B. Why are Financial Statements of CBs Audited?

Central bank autonomy requires accountability. There is a significant body of research on the links between CB independence, accountability, and transparency. Laurens, Segalotto, Arnone (2009) provide a valuable review of the literature and empirical evidence on the correlation and interdependence of these areas, described as the three pillars of a CB governance framework. The positive correlation between autonomy and accountability has become a recognized principle of good governance for central banks.

Financial reporting is one element of CB accountability. The features of central bank accountability derive from their objectives and mandates.8 They typically include accountability for monetary policy - such as through policy strategies, targets, and actions, on which CBs report to the government, financial markets, and other stakeholders. In addition, CBs are accountable for their other functions, including supervisory responsibilities or those related to the smooth functioning of financial infrastructure (e.g., payment systems), where performance measures may be more difficult to establish. Finally, since CBs are entrusted with public resources and often a significant degree of financial autonomy - reporting on the management and stewardship of these resources through quality financial statements enables CB accountability.9

External audit supports CB financial accountability. The IMF “Code of Good Practices on Transparency in Monetary and Financial Policies” identifies desirable transparency practices for CBs, including:

  • “4.2 The central bank should publicly disclose audited financial statements of its operations on a preannounced schedule.

  • 4.2.1 The financial statements should be audited by an independent auditor. Information on accounting policies and any qualification to the statements should be an integral part of the publicly disclosed financial statements.”

Audited financial statements of CBs have various stakeholders. An audit report is normally addressed either to those charged with governance (TCWG) of an audited entity or the entity’s shareholders. For CBs this is typically the Board or the government (representing the State), and private shareholders in some rare cases. Due to its public function, other parties may also have an interest in a CB’s financial position and results of operations. Table 1 gives an overview of key stakeholders and rationale for their interest in audited financial statements.

Table 1:

Key Stakeholders of Central Bank External Audit

article image

III. Legal Considerations

A. Overview of Audit Frameworks in CB Legislation

An external audit framework in the law is typically informed by the private or public law nature of an entity. Distinct audit arrangements apply to private corporations and public institutions:

  • private law corporations—commercial audit norms apply and independent external audits are required, particularly for companies of a certain size or that seek market funding. This would typically follow from a “corporations act;”

  • public law institutions—public audit norms apply and Supreme Audit Institutions (SAIs or State auditors) perform audits. This would typically follow from a “state entities audit act.”

For CBs, the audit frameworks in the legislation are further influenced by other factors, including their mandate, degree of autonomy, and complexity of financial reporting. The oldest CBs were, and in many cases still are, incorporated as stock companies under private law. Recognition of their public mandate by statute or state-ownership of CBs’ capital does not necessarily change their incorporation.11 Relatively younger CBs were established by statute as public law institutions. However, the audit frameworks for CBs do not strictly reflect the above distinction between the commercial and public norms. The legislature can and often has tailored the audit requirements taking into account the unique nature of central bank operations, governance structures, as well as the desired level of autonomy and protection from political influence.

Accordingly, many CBs are subject to commercial audit frameworks, irrespective of their corporate or public nature. There are three approaches:

  • exclusive commercial audit framework—statute specifies that the CB is subject to the national or an internationally accepted commercial audit framework to the exclusion of any public audit;

  • mixed system—statute recognizes elements of both public and commercial audit frameworks for purposes of auditing the CB;

  • delegated system—statute authorizes the CB’s main decision-making body to determine the audit framework, possibly limiting the discretion of this body by prescribing that the framework should be “internationally accepted” or “independent”. This system has evolved to become the most common practice and is being incorporated into recently drafted CB legislation (see Figure 1).

Mixed systems can take either of two forms:

  • parallel system—both a SAI and an independent external auditor are assigned, using their respective audit standards,12 or

  • outsourcing system—the SAI’s audit opinion is based on an opinion issued by an independent external auditor.

In the mixed systems, there should be a mechanism to reconcile possibly deviating public and commercial audit results. Where both a SAI and a private external auditor audit the CB (i.e., parallel system), diverging findings and conclusions cannot be ruled out. For such cases, the legal framework should identify the audit opinion that will take precedence in decision making. This is essential for the CB’s financial accountability in general, and the profit distribution scheme in particular. Similarly, while the SAI’s opinion would normally prevail in an outsourcing system, a legal framework could usefully provide for a transparent disclosure of differences in the audit reports.13

Where a SAI is involved in the CB’s audit, the legal framework will need to include safeguards to protect the CB autonomy. SAIs can be responsible for a range of audits.14 The remit of the SAI will need to focus on financial statement audits or the efficiency of management, to the exclusion of an audit of the effectiveness of the CB’s public or monetary policies. A clear definition or parameters for the SAI’s scrutiny of CB policies and operations is necessary to shield the CB from political and external pressure. This, of course, needs to be weighed against the need for CB accountability.15

Constitutional law may also inform the design of CB audit frameworks. In many jurisdictions the constitution recognizes the SAI and broadly describes its mandate. Depending on this mandate, it may not be possible to exclude public audits of CBs or to limit the scope thereof. Also, constitutional law provisions, or their interpretation, may prescribe involvement of the SAI in the selection and dismissal of independent external auditors.

Appointment and dismissal modalities for independent external auditors should be legally or formally established. For this purpose, it does not matter whether this auditor is the sole auditor or an auditor working parallel with, or under the oversight of, the SAI. Key components of the audit structure include: (i) experience in using international standards and applying these to complex financial institutions and/or CBs; (ii) multi-year appointments with a minimum mandate; (iii) auditor rotation rules (for firms or key audit partners); and (iv) annual performance reviews with ability to discontinue the audit contract for good cause.16 These measures are intended to safeguard the audit quality and independence. While it is preferable to include the modalities for appointment and dismissal in law, they can also be laid down in the CB’s by-laws, contracts with the auditors, and/or memoranda of understanding with the SAI.

In most jurisdictions, the authority and the procedure to appoint and dismiss the independent external auditors is enshrined in the law (see discussion below). In the outsourcing system discussed above, the authority to appoint an auditor is with the SAI. In other cases, there are alternatives for assigning this authority—with the possibility that multiple bodies are involved during the selection and nomination process:17

  • the CB’s governance bodies (i.e., the Board or its Audit Committee) either pursuant to the CB’s organic law or the corporations act;

  • the government (most commonly the Minister of Finance);

  • the shareholders’ meeting bringing together several shareholders or the sole shareholder (i.e., the State); or

  • the legislature (i.e., the Parliament).

B. Audit Requirements in CB Laws18

We analyzed available CB laws to determine the existence of external audit provisions. Such provisions typically establish the statutory requirements for an audit, identify the appointing authority, and may contain safeguards to ensure audit quality and protect the auditors’ independence. Overall, a majority (157 CBs or 92 percent) of CBs have an audit requirement that is enshrined in the CB law. The remainder (13 CBs or eight percent) were either silent on audit requirements or the relevant provisions of the law were not readily available. The analysis revealed that the level of detail in the law regarding the audit framework varied. Results are discussed in the section below with additional information on the regional trends in Annex 3.

The majority of CB laws require an independent audit of the central bank. As shown in Figure 1, the majority of CB laws mandate that the audit be conducted by an independent auditor. Some laws go further and stipulate that the CB audit should be performed by an international firm, which is typically independent. Laws mandating the SAI as auditor of the CB comprised 14 percent or 23 CBs. This is consistent with the actual practice observed in our review of signed audit options (Figure 3). The inclusion of the audit requirements in the majority of CB legislation confirms the importance of external audits in ensuring CB accountability. The category “Other” includes cases where the audit was entrusted to an “audit board” or a “statutory auditor” without a clear indication of their role (e.g., internal or external to the CB, public or private nature).

Figure 1:
Figure 1:

External Audit Attributes per CB Law

Citation: IMF Working Papers 2018, 199; 10.5089/9781484375501.001.A001

Source: 170 laws from CB websites and IMF CB Legislation Database

The party responsible for appointing the CB auditor is enshrined in most CB laws. Such authority is defined as the body that has the final approval in the appointment process (Figure 2) as stipulated in the law. External auditors are predominantly (36 percent) appointed by the CB Board or a similar governance body. In these instances, the external auditor is also required to be independent and/or internationally recognized, an indication that the CBs are indeed adopting the “delegated system” for an audit framework in the law discussed above. In cases where the CB law entrusts a SAI with the external audit mandate, the appointing authority is also the SAI. In the conduct of safeguards assessments, we have observed, however, that SAIs sometimes delegate this appointing role to the CB’s governance body (e.g., the outsourcing system).19 Further, the regional analysis of the appointing authority (Annex 3), indicates that all types of appointing arrangements are present in each region (except for the “supranational” appointment type unique to the Eurosystem).

The results on the appointing authority reflect the role of external audit in the agency theory of accountability.20 Appointments by the government (typically the Minister of Finance), the President, the shareholders, or the Parliament account for about a quarter of the cases. Together with the supranational group such appointments closely reflect agency theory, where where the auditor’s role is to support trust and credibility between the principals (i.e., those representing the owners or the State) and agents (i.e., the Board or management). SAIs play a similar role in a public-sector context. That said, a considerable number of CB laws entrust the appointment decisions to the CB governing bodies, which include the Board, audit committees, and in some cases the Governor. Under agency theory, this is effective when strong safeguards on audit independence are in place. As noted above, when the appointment authority is with a governance body, the law would indeed require the auditor to be independent.

Figure 2.
Figure 2.

Parties Responsible for External Auditor Appointment

Citation: IMF Working Papers 2018, 199; 10.5089/9781484375501.001.A001

Source: CB websites and IMF CB Legislation Database. The total population size is 170 CBs.Note: The accounts of national central banks of the member states of the European Union participating in the Eurosystem and the European Central Bank (ECB) are audited by independent external auditors recommended by the ECB’s Governing Council and approved by the Council of the European Union. These cases are classified as Supranational.

In practice, most CBs have ownership of the selection and appointment process. Safeguards findings indicate that, central banks have some autonomy in selecting and appointing their external auditors. This is typically implemented through agreements or understandings that delegate this authority to the CB governance body. Within the IMF safeguards assessments population of CBs (see Section V) the CB’s governance body assumes the selection and appointing responsibility in 56 percent of cases, which exceeds the de-jure mandates (i.e., 44 percent for the safeguards population and 36 percent for the total group of CBs in Figure 2). Such practices, which give ownership of the process to the CBs, reduce delays in the appointment of the auditor. They could also safeguard the quality of the audit through CBs’ internal regulations that set requirements for audit independence and international standards.

While a limited number of CB laws have provisions to support audit quality and independence, actual practices are ahead of legal requirements. Only 48 CB (28 percent) laws established audit rotation modalities, which safeguard the independence of the external auditor, and 40 CB laws (24 percent) require the establishment of an audit committee, whose role includes audit oversight. However, IMF safeguards assessments findings suggest that in practice more central banks have audit rotation policies as well as audit committees in place (see Sections IV and V). Further, despite only 15 percent of laws requiring the use of ISA, a review of audit opinions shows that these international standards are referred to in 64 percent of CBs (see Figure 4).

Recent amendments to central bank laws suggest a shift towards international standards. It is noteworthy that of the 27 CB laws that specifically state an ISA requirement, 21 were amended after 2008. Similarly, of the 48 CB laws that had audit rotation requirements, the majority (30 cases) was also amended over the last decade. This is in line with the trend in audit regulation that aims to enhance audit quality and independence (Section VI). In this context, when providing technical assistance on the reforms of CB legislation, IMF staff recommend that a robust audit framework be enshrined in the law. Box 1 provides examples of the recommended provisions on the external audit quality and independence, and Box 2 includes such provisions for an audit oversight body (i.e., and audit committee).

External Audit Provisions in CB Laws

IMF technical assistance reports concerning reforms of CB legislation typically include the following recommended provisions to underpin accountability through a robust audit framework. They are intended to ensure audit quality, independence, and adequate communication with those charged with governance (e.g., the Board and its audit committee).

  • The financial statements of the Central Bank shall, at least once a year, be audited in accordance with International Standards on Auditing by independent external auditors who shall be of good repute and have recognized experience in the auditing of major international financial institutions.

  • The Board shall appoint the external auditors upon the recommendation of the Audit Committee for a multi-year term. No external auditor shall be appointed consecutively for a cumulative period exceeding [five/seven] years, after which the audit firm/or the key audit partners shall be replaced.

  • The external auditor shall report to the Audit Committee on key matters arising from the audit and, in particular, on material weaknesses in internal controls relating to the financial reporting process.

  • The external auditors shall have full power to examine all books and accounts of the Central Bank and obtain all information about its transactions.

Source: IMF technical assistance reports on central bank legislation and safeguards assessments.

IV. External Audit Mechanism at Central Banks

External audit mechanism supports quality audit.21 Such an institutional mechanism encompasses the practices and procedures in place to ensure audit quality and independence, as well as accountability for the audit results. Main elements of the mechanism include oversight by an independent body (i.e., an audit committee), the external auditors, audit selection and rotation policies, and processes in place to ensure timeliness of audit completion and publication.

A. Audit Oversight

Over the last decade, audit committees have increasingly become part of the governance structures of CBs. Establishment of audit committees in CBs followed developments in governance codes for the private sector, such as corporate governance principles recommended by the Organisation for Economic Co-operation and Development (OECD) or the Basel Committee on Banking Supervision. A typical audit committee is responsible for oversight of an organization’s internal and external audits, control systems, and financial reporting. Some have also seen their role expanded to incorporate risk management and legal compliance. Similar to statutory provisions on external audit discussed above, CB laws should ideally contain provisions on the audit committee and its oversight role, as part of an overall audit framework (see Box 2).

Audit committees are an important element of the external audit mechanism at CBs. The audit committee is a stakeholder of the external audit process; it receives audit reports on the financial statements, as well as the management letter with observations on internal controls, financial reporting, and compliance matters. In addition, the committee is also responsible for audit oversight and in this capacity its key responsibilities typically include:22

  • Auditor selection and rotation policies. Domestic legislation (for example, the CB’s organic law, audit market regulations, public procurement laws) often provides general rules for auditor appointments; these are complemented with internal policies prescribing a specific framework for the CB. To ensure quality and an independent audit, these policies typically establish selection procedures that give greater weight to technical expertise than to cost, as well as multi-year mandates and rotation requirements.23

  • Ensuring auditor independence during the audit. Box 3 provides an overview of the audit independence concept and threats to such independence. Audit committees are responsible for monitoring the external auditor’s independence throughout the auditor’s mandate. For this purpose, the audit committee would periodically inquire about the audit firm’s own safeguards for independence. To identify possible threats to the auditor’s independence, the committee would also review all services provided by the auditor. It may also decide to restrict non-audit services from an incumbent auditor.24

  • Review of performance and retention. Each year, audit committees should evaluate the external auditor and make an informed decision or recommendation regarding retention. This should include an assessment of the qualifications and performance of the audit partners and staff; the quality and candor of the auditor’s communications; and the auditor’s independence, objectivity, and professional skepticism.

  • Monitoring of audit findings and recommendations. The audit committee should receive periodic reports from CB staff regarding the status of implementation of audit recommendations.

More than half of central banks have audit committees. While audit committees are not commonly mentioned in the audited financial statements, CBs sometimes disclose their mandate and activities in the Annual Reports. For enhanced transparency, some CBs also publish a separate Audit Committee Annual Report. From the reviews of the legal frameworks, Annual Reports published by CBs, and safeguards experience, we established that nearly half (80 of the 170 CBs) have an audit committee or a similar audit oversight body. This is notable, given that only 40 CB laws specifically required an audit committee, an indication that CBs recognize the need for good governance structures even when there is no explicit requirement in the CB law.25 By contrast, of the 151 CBs laws reviewed in 2013, only 20 percent (30 CBs) specifically required an audit committee. Thus, more central banks laws now require audit committees, an increase from 30 to 40 CBs. This change in legislation indicates a shift towards the adoption of established corporate governance practices.

Audit Committee mandates will need to be appropriately adjusted where a SAI has responsibility for the CB audit. As discussed earlier, a SAI may be mandated to audit the CB financial statements or have a role in appointing the external auditor. SAIs have a high degree of institutional independence, often enshrined in the constitution. Therefore, in these cases, the audit committee’s oversight role will need to be tailored to ensure it does not conflict with the SAI’s status and mandate. Open communication with the SAI could help adjust the oversight tasks to the specific circumstances. The SAI may, for example, conclude that it does not have adequate capacity to audit a complex financial organization such as a CB.26 In those cases, the SAI may decide to subcontract to or share the audit work with an independent external auditor, and delegate audit oversight, including audit firm selection, to the CB and its audit committee. Such arrangements may be formalized through a memorandum of understanding (MoU) between the SAI and the CB.

Audit Committee Provisions in CB Laws

Audit committees provide audit oversight and are part of the overall governance and accountability framework of an entity. The Audit committee’s task is to assist the Oversight Board in implementing the latter’s responsibilities with respect to internal controls, audit and financial reporting.

In the context of CBs, the following provisions are typically recommended by IMF technical assistance reports for inclusion in CB legislation. They are intended to ensure independent audit and control oversight through a committee (acting to the benefit of the Board) with adequate mandate and expertise.

  • The Board shall appoint an Audit Committee.

  • The members of the Audit Committee shall be appointed from among non-executive Board members.

  • In the absence of at least one non-executive Board member with extensive experience in the field of accounting or auditing, the Audit Committee shall appoint at least one independent external expert with such experience. Independence criteria for the expert could also be provided; for example: the expert shall not have been a member of the Board or staff in the [three] calendar years preceding his/her appointment as member of the Audit Committee.

  • The appointment and dismissal criteria for the members of the Audit Committee and/or the expert should also be set in line with those applicable to the Board members.

  • The Audit Committee’s responsibilities shall include:

    • ➢evaluate the overall effectiveness of internal control systems;

    • ➢oversee the financial reporting process implemented by management;

    • ➢recommend the appointment of external auditors, and the scope of external audits and other services;

    • ➢periodically review the external auditors’ independence and performance;

    • ➢meet with the external auditors to discuss their findings;

    • ➢review with the external auditors the year-end financial statements;

    • ➢oversee the internal audit function;

    • ➢monitor compliance by the Central Bank’s Departments with the findings and recommendations issued by the Chief Internal Auditor.

  • The Board shall define the composition, and further responsibilities and duties of the Audit Committee in the Audit Committee Charter of the Central Bank.

  • The Audit Committee may regulate its own proceedings.

  • The Audit Committee shall periodically report to the Board.

Source: IMF technical assistance reports on central bank legislation and safeguards assessments.

The financial supervision function of a CB may have an impact on the audit mechanism. As a regulator, the CB may have a role in establishing the rules and expectations for audits of financial institutions. As such, the CB should follow international practices and apply this guidance to its own institution, as appropriate. Additionally, a potential conflict of interest may arise from the CB’s regulatory relationship with the auditors. The CB may decide on the eligibility of external auditors for the supervised institutions or have the power to appoint auditors for special investigations. It would be the responsibility of the CB’s audit committee to ensure that the external auditor’s independence is not compromised on the central bank audit when the auditor is also engaged by the supervised institutions.

Auditors have a professional responsibility to communicate with those charged with governance. In an audit performed under ISA, the auditor is required to communicate certain matters to TCWG (i.e., the Board or its audit committee). These include: (i) the auditor’s responsibility in relation to the audit and confirmation of auditor independence; (ii) planned audit scope and timing of the audit; (iii) significant audit findings; (iv) difficulties encountered in the audit; and (v) deficiencies in internal controls of the audited entity. Accordingly, in a typical annual audit cycle, the auditor should seek at least two meetings with the audit committee - at the planning and concluding stages of the audit.

Auditors’ Independence

Professional standards are based on a conceptual approach to auditor independence. Independence comprises:

  • Independence of mind - the state of mind that permits the expression of a conclusion without being affected by influences that compromise professional judgment, thereby allowing an individual to act with integrity and exercise objectivity and professional skepticism; and

  • Independence in appearance - the avoidance of facts and circumstances that are so significant that a reasonable and informed third party would be likely to conclude that the auditor’s integrity, objectivity, or professional skepticism has been compromised.

Threats to independence may be created by a broad range of relationships and circumstances, which fall into one or more of the following categories:

  • Self-interest threat - the threat that a financial or other interest will inappropriately influence the auditor’s judgment or behavior;

  • Self-review threat - the threat that an auditor will not appropriately evaluate the results of a previous judgment made or service performed by the auditor, on which the auditor will rely when forming a judgment as part of providing a current service;

  • Advocacy threat - the threat that an auditor will promote a client’s or employer’s position to the point that the auditor’s objectivity is compromised;

  • Familiarity threat — the threat that due to a long or close relationship with a client or employer, an auditor will be too sympathetic to their interests or too accepting of their work; and

  • Intimidation threat - the threat that an auditor will be deterred from acting objectively because of actual or perceived pressures, including attempts to exercise undue influence over the auditor.

Examples include:

  • Financial interest - it is less likely for an auditor to hold a direct financial interest in a CB (for example, as a shareholder, debtor, or creditor); however, indirect financial interests may arise, for example in relation to CB investments, loans for financial institutions, or significant CB vendors. Significant gifts or excessive hospitality may also create self-interest and familiarity threats;

  • Family, personal, or employment relationships;

  • Long association of senior audit personnel with an audit client, including lack of partner rotation;

  • Provision of non-audit services. Some specific services - such as bookkeeping, implementation of accounting systems, selecting accounting policies, or valuation services may be prohibited because the auditor would then audit their own work. Other services may need to be carefully evaluated for potential risks to independence and objectivity.

  • Fees - auditors should not accept fees contingent on the outcome of the audit. Further, when the auditor’s compensation represents a large portion of the audit partner or firm business, the auditor may be exposed to self-interest or intimidation threats. The auditor’s integrity may also be impacted when the fees are too low for the scope of the audit.

Source: “Code of Ethics for Professional Accountants” by the International Ethics Standards Board for Accountants of IFAC.

B. Who Audits Central Banks?

Most CBs are audited by private audit firms with dominance of international firms. We reviewed the published audit opinions of 141 CBs (total population of 170). Figure 3 summarizes the results based on the party that signs the audit report. International audit firms account for about 70 percent of the CB audits. This comprises (i) 94 audit opinions issued solely by an international firm (55 percent); (ii) 19 joint audit arrangements which include an international firm (11 percent), presented within the co-sign group below; and (iii) eight audits subcontracted by the SAI to an international audit firm (4 percent). It is not always evident from published audit reports if the SAI involved a private firm, unless the State auditor notes reliance on a subcontracted private auditor, co-signs with a private auditor, or the CB publishes two audit opinions simultaneously. 27 The regional distribution (Annex 3) shows a less dominant use of international firms in the Asia Pacific region (21 percent), and more audits being conducted by the SAI (36 percent) when compared to the general population.

Figure 3:
Figure 3:

External Auditors of Central Banks

Citation: IMF Working Papers 2018, 199; 10.5089/9781484375501.001.A001

Source: Of 170 CBs websites, 141 had published audit opinions at September 30, 2017.

The proportion of audits conducted by international audit firms reflects the use of international audit standards (Figure 4). About 64 percent of CBs’ audit reports stated use of ISA in the audit.28 The significant use of these standards, over and above the legal requirement in CB laws (15 percent), suggests that CBs attribute value to audit quality. This is in line with the observed practice of using international audit firms by most CBs. Application of ISA allows for consistent interpretation of audit requirements and enables efficiency associated with applying a common approach among the audit firms. Further, international affiliation provides certain benefits that support audit quality, including access to a wide network of expertise and quality control procedures. The regional distribution (Annex 3) shows frequent use of ISA across the regions, with a dominant use in Africa and Europe.

Figure 4.
Figure 4.

Auditing Standards Applied in Central Bank Audits

Citation: IMF Working Papers 2018, 199; 10.5089/9781484375501.001.A001

Source: Of 170 CBs websites, 141 had published audit opinions at September 30, 2017.

The widespread use of international standards is influenced by several factors. As noted above, the CB laws only require the use of ISA in 15 percent of cases. However, the CB’s internal regulations, such as by-laws, Charters, or Board decisions, often provide for ISA in CB audits. The external auditors are also subject to accounting and audit regulations in their jurisdictions, which as discussed in Section II increasingly adopt ISA. Lastly, the international audit firms base their internal methodologies on these standards and commonly refer to them in their audit reports.

Figure 5:
Figure 5:

External Auditors of CBs: 2017 vs 2013 Comparison

Citation: IMF Working Papers 2018, 199; 10.5089/9781484375501.001.A001

Source: Of 170 CBs websites, 141 and 143 had published audit opinions at September 30, 2017 and 2013, respectively.

The audit market structure for CB audits is dynamic, but international audit firms hold a significant share. Of the 141 websites of CBs that published the financial statements, the percentages indicating an international accounting firm is significant and is consistent when comparing 2013 and 2017 data (Figure 5). In both years, international firms were responsible for approximately 70 percent of CB audits (including through co-signing and subcontracting arrangements). The shift in audit firms indicates that CBs periodically rotate audit firms (Sections V and VI). The increase in co-signing arrangements is partly attributed to some CBs engaging international firms through joint audits.

C. Transparency and Timeliness of Reporting

How long does it take to finalize an external audit of a CB?

Central bank laws set fairly ambitious deadlines for audit completion. For financial information to be relevant, it must be recent when made available to users. Timely and accurate financial statements create confidence, credibility, reliability, and awareness of the CB’s activities in the eyes of the public. Based on a review of 170 CB laws, we found that 134 set a statutory deadline for financial reporting (Figure 6). The most common timeframe is three months or less after the financial year-end.

Figure 6.
Figure 6.

Statutory Deadlines for Completion of _ Annual Financial Statements _

Citation: IMF Working Papers 2018, 199; 10.5089/9781484375501.001.A001

Source: 170 central bank laws.Note: 134 of the central bank laws set a statutory deadline for audit completion. The remaining comprised the “no date” category with either no set date or no clear provision could be found (34 CBs). The category of “other” includes CB laws where a clear date could not be established, e.g., as soon as possible after year-end.

Audit completion at most CBs is timely. We compared the dates of the audit opinions published by CBs to their financial year-end to establish the timing of audit completion (Figure 7). This showed that about half of the CBs hold themselves to the private sector standards (on average three months). Further, a total of three quarters of CBs finalize the annual audits with six months of their financial year ends. The regional analysis (Annex 3) shows that European CBs set the leading practice of timely completion within three months.

Figure 7:
Figure 7:

Timing of Audit Completion

Citation: IMF Working Papers 2018, 199; 10.5089/9781484375501.001.A001

Source: Audit reports. Of 170 CBs, 141 had published audit opinions at September 30, 2017.

Many CBs complete their audits before the statutory deadline. We compared the actual audit completion date based on the dates of the audit reports (Figure 7) to the statutory deadline (Figure 8). This showed that the majority of CBs (91 CBs) actually complete the audits within their statutory deadline, with a sizeable number of CBs (48 CBs) reporting ahead of the deadlines. From safeguards experience, late audit completion is often attributed to late appointment of the auditors, weak accounting controls at CBs requiring audit adjustments, as well as issues with obtaining audit evidence from third parties through external confirmation or valuation procedures.

Figure 8:
Figure 8:

Audit Completion Dates vis-a-vis Statutory Deadline

Citation: IMF Working Papers 2018, 199; 10.5089/9781484375501.001.A001

Source: Audit opinions and CB laws.Note: There were 115 CBs with both a statutory deadline and published financial statements.


Regular reporting of reliable financial information is one of the key principles of CB accountability and assurance of integrity. Of the 141 CBs that published their audited financial statements as of September 2017, 64 percent (108 CBs) were specifically required to do so by their CB law. This suggests that a considerable number of CBs recognize the importance of being transparent and accountable to their stakeholders, even when there is no legal requirement in the CB law. Nevertheless, there is a room for improvement as for 29 CBs the audited financial statements were not readily available on their websites. This represents about 17 percent of the total number of CBs reviewed.

The publication of audited financial statements has improved over the recent years. It is difficult to establish the exact publication dates because the date of an audit report only indicates when the audit was finalized and not when it was published. As a proxy measure, we noted the age (i.e., time from the financial year-end) of the most recent financial statements available as of end-September 2017 and 2013 (Figure 9).29 The trend in the timeliness of the publication has improved and most of the CBs publish within nine months. However, when compared to the audit completion dates (Figure 7), which shows that 79 percent of CBs finalize the audits within nine months, the publication rate (58 percent) is lower. In safeguards experience, the publication delays are sometimes caused by external factors, such as the need to obtain government approval. Another common reason is combining the publication of the financial statements with the annual report, which takes longer to prepare. Delinking the publications would help to ensure that the audited results are available on a timely basis. This may, in some cases, require legislative amendments.

Figure 9:
Figure 9:

Age of Published Annual Financial Statements

Citation: IMF Working Papers 2018, 199; 10.5089/9781484375501.001.A001

Source: Central bank audited financial statements from CB websites.Note: Of 170 CBs websites, 141 and 143 had published audit opinions at September 30, 2017 and 2013, respectively.

V. External Audit in IMF Safeguards Assessments

The external audit mechanism is one of the five elements of CBs’ governance and control frameworks covered in IMF safeguards assessments. Safeguards assessments evaluate the adequacy of a central bank’s governance framework, focusing in particular on external audit, legal structure and autonomy, financial reporting, internal audit, and internal controls (the ELRIC framework) of countries borrowing from the IMF.30 Publication of a CB’s annual financial statements that are independently audited in accordance with international standards is a key requirement of the safeguards policy. In this context, assessments look at the processes for the selection and rotation of external auditors, the quality of the audit, and the auditors’ communication with governance bodies such as the central bank board and audit committee. Accordingly, safeguards assessments provide insights on the quality of the external audits at CBs, which cannot be easily evaluated from the review of the published audit reports and legal frameworks.

Safeguards assessments experience shows that central banks have improved their external audit mechanisms (Figure 10). In the first years following the introduction of the safeguards policy (2010-2005), the assessments found elevated risks in external audit at CBs. These primarily related to non-existent or deficient audits that did not comply with ISA. The risks ratings remained relatively high in the following period from 2005-2010, which was in part attributed to the developments in international standards (both auditing and financial reporting), that put more stringent requirements on audit quality and capacity. Since 2010, however, CBs external audits showed a positive trend in risk ratings. This includes improved compliance with ISA and strengthened audit oversight through audit committees.

Figure 10:
Figure 10:

External Audit Mechanism - Risk Ratings in Safeguards Assessments

Citation: IMF Working Papers 2018, 199; 10.5089/9781484375501.001.A001

Source: IMF safeguards database.Note 1: Safeguards assessments assign a rating to each ELRIC category. The four-level internal and confidential risk ratings are Low, Medium-Low, Medium-High, and High. Note 2: The five-year periods are based on fiscal years ending April 30th. The last period includes information up to September 30th, 2017.

The assessments continue to identify vulnerabilities in CB’s external audits. 104 assessments covering 61 CBs were conducted in the period from May 2010-September 2017. Heightened risks for external audit were observed in about a third of the assessments (covering 25 CBs). The root causes for the elevated risks related to quality issues at audit firms as well as weaknesses in audit processes at CBs. Main findings that led to the higher risk rating in these 25 CBs include:

  • Some audit firms had weak capacity and deficient quality control processes, which resulted in non-compliance with ISA (17 CBs). The assessments identified problems in audit procedures in important areas, such as in verification of foreign reserves or obtaining assurances on the Information Technology systems. In some cases, the auditors accepted poor disclosures that did not meet the required standards and/or failed to identify errors in the financial statements. The majority of these firms lacked international affiliation, however at several firms with global networks (6 CBs) the quality assurance processes were not effective as well.

  • At 14 CBs internal procedures for the selection and appointment of auditors were deficient. The procedures did not ensure timely appointments and did not set requirements on audit capacity and requisite experience in auditing financial institutions. They also lacked safeguards for audit independence through multi-year mandates, rotation, and limits on audit fees. Indeed, in two cases assessments raised serious concerns about the auditors’ independence.

  • In a smaller number of cases (7 CBs), the audit mechanism was assessed as weak despite the involvement of a quality auditor. In addition to the weak audit selection policies, this involved insufficient follow-up on audit recommendations and protracted audit process (late audit appointments and delayed completion).

  • Audit oversight by audit committees was also either weak or lacking (20 CBs), which contributed to the overall higher risk profile.

Safeguards assessments findings confirm the importance of audit oversight in ensuring audit quality. As discussed in Section IV, audit committees have a pivotal role in the external audit process. The results of safeguards assessments show a positive correlation between an effective audit committee and favorable safeguards ratings for the external audit mechanism.31 The assessments review the roles and responsibilities of audit oversight bodies at CBs, and evaluate the capacity of the audit committees to handle audit and financial reporting issues. When these elements are assessed as deficient, the assessments typically recommend measures to strengthen the committee’s mandate and to enhance its expertise (e.g., through membership or use of experts in advisory capacity).

CBs that have undergone safeguards assessments incorporate procedures into their external audit mechanisms that ensure compliance with international standards. This is evident from the trend in risk ratings discussed above (Figure 10), as well as from safeguards monitoring information.32 Annex 2 includes a summary of the key elements of the external audit mechanism at the CBs that are subject to safeguards monitoring. This group (60 CBs as at September 2017) shows on average a higher use of international firms and standards, as well as the presence of the audit committees, when compared to those observed in the general population.

The monitoring information confirms that audit rotation practices are present at most CBs. Rotation practices at CBs are difficult to ascertain from publicly available information, unless specifically mentioned in the central bank law. The average rotation period applied by the 60 CBs under safeguards monitoring is typically 3-4 years with a possibility of renewal, or five years with no immediate renewal. This is shorter than the current regulatory and professional requirements (Section VI), suggesting the CBs are more conservative in their approach.

VI. Regulatory and Professional Developments

The audit profession is being reformed in the wake of corporate failures of recent years, either through new public policies or professional standards (see Annex 4). These reforms focus on (i) oversight of audit firms through independent audit regulators, (ii) measures to safeguard auditors’ independence, (iii) requirements for audit committees and their role in audit oversight, (iv) functioning of the audit market, and (v) reporting and bridging the “expectation gap.” Reforms target entities of relevance to capital markets (i.e. listed companies and financial institutions); however, the resulting changes will have a wider impact, for example, through internal policies at audit firms and new professional standards. To lead by example, CBs must stay abreast of these developments and consider their bearing on CB audit policies as well as the audit committee’s agenda.

A. Independent Audit Regulators

The traditional model of self-regulation has shifted in favor of the establishment of audit oversight regulators. In the United States, the Public Company Accounting Oversight Board (PCAOB) was created in 2002 to oversee the audits of public companies in order to protect the interests of investors and the public interest in audit reports. In the EU, legislation that took effect in 2016 requires Member States to establish a system of public oversight of auditors. Other jurisdictions are also introducing similar regulatory structures.33 Such bodies are responsible for the registration of statutory auditors, adoption of standards on ethics, internal quality control, continuous education, quality assurance, and investigative and disciplinary systems. They also conduct inspections of audit firms, which may provide a useful reference on audit quality for CBs and their audit committees in appointing and renewal decisions.

B. Mandatory Audit Rotation

Audit rotation safeguards audit independence. It is recognized that the audit mandate should provide for multi-year appointments, which protects the auditors from pressures linked to annual re-appointments. However, long relationships with clients create familiarity threats to independence (Box 3) and rotation is required. Rotation can involve a change of partners and key audit staff, or a change of firm. Rotation of key audit partners is required under international standards.34 However, in jurisdictions where audit firms are relatively small, it may be difficult to ensure effective rotation of key audit partners and staff. Accordingly, mandatory firm rotation (MFR) is warranted in such cases and often enshrined in the central banking legislation. Out of 151 CB laws reviewed, 40 included provisions on rotation of external auditors.

In larger jurisdictions, where audit firms are of a significant size and the audit market is well developed, MFR has been a topic of debate. Supporters argue that rotation will enhance audit independence by eliminating the familiarity threats and open growth opportunities for smaller audit firms. Opponents are of the view that this would hinder audit quality, partly due to the loss of institutional knowledge and the risk of “opinion shopping” by audit clients.

The following recent regulatory developments are of significance:

  • In the United States, lawmakers blocked mandatory audit firm rotation. In July 2013, the House of Representatives approved a bill that prohibits the PCAOB from requiring public companies to change their audit firm on a regular basis.

  • In the EU, audit legislation that took effect in 2016 includes a requirement to change audit firms after 10 years. That period can be extended by up to 10 additional years if companies put the audit out for a tender, and by up to 14 additional years in joint audit arrangements. Member States have an option to shorten these periods.

C. Other

The 2016 EU reform aims to improve audit quality and open up the audit market. In addition to MFR, other measures include: (i) restrictions on non-audit services and prohibition of certain services, (ii) a cap on fees from other non-audit services at 70 percent of the audit fees; (ii) mandatory tendering for audit appointments; and (iii) audit committees’ role in the audit oversight process. The legislation also brings enhanced reporting requirements for the auditors in their reports and in communications with the audit committees.

Standard-setters have issued revised auditing standards that reduce theexpectation gap” through an increased focus on communication. Key initiatives include enhanced communication with TCWG and more detailed and informative audit reports. Revised standards on auditing have been issued and represent a notable change in practice, including enhanced transparency of audits. Audit reports now include a new section in which the auditor highlights critical matters that, in the auditor’s judgment, were of importance in the audit (i.e., key audit matters).35, While these key audit matters (KAM) were previously communicated to TCWG, the new requirements now extend this to be included in the audit report for external stakeholders. Matters likely to be reported include areas in which the auditor encountered significant difficulty during the audit and issues that involved significant judgment, such as valuation issues or adequacy of disclosures in the financial statements.

VII. Conclusion

External audit is an established element of the CBs’ accountability. The requirement for an independent annual audit is enshrined in most of CBs laws and, in practice, the majority of the CBs publish their externally audited financial statements. This is a notable development when compared to the period from 2000-2002, when the IMF introduced the safeguards assessments policy. The policy originated from a concern that a substantial number of CBs of members borrowing from the Fund at the time were not subject to an independent audit.

Central banks implement good practices and international standards in this area, and go over and above legal requirements. They hold themselves to standards applicable to financial institutions in the private sector and adopt good governance practices such as audit committees. The external auditors for most of the CBs referred to international standards on auditing and a significant number of CBs (70 percent) engage auditors with global networks and international affiliation. Recognizing the importance of external audit for CB autonomy and governance, the modern CB laws provide for the establishment of audit committees and set more detailed provisions on audit quality.

Transparency of the audited results has increased, but there is still room for improvement. Over the past four years, many CBs improved the timeliness of publication of the audited financial statements and more than half publish within nine months of their financial year-ends. Nevertheless, there continues to be a sizeable group of CBs (17 percent) for which the audited financial results were not readily available on their websites.

CBs should be proactive in safeguarding audit quality through adequate institutional arrangements. In addition to the use of international auditing standards and engagement of qualified auditors, CBs should have in place robust audit policies that support audit quality and independence. This includes selection and appointment procedures that give appropriate weight to technical requirements and expertise, as well as measures to ensure audit independence. The governance structures should provide for audit committees to oversee the audit process and CBs response to audit findings.

The external audit evolves and CBs should stay abreast of the developments. The changes to control systems that are increasingly reliant on technology and the developments in financial reporting standards (particularly International Financial Reporting Standards) have and will continue to present challenges on the external audit process. This will require that external auditors, as well as the CBs and their audit committees have sufficient capacity and adaptability to stay relevant and add value.

Annex 1: List of Central Bank Websites Visited

  1. Bank of Afghanistan

  2. Bank of Albania

  3. Bank of Algeria

  4. National Bank of Angola

  5. Central Bank of Argentina

  6. Central Bank of Armenia

  7. Central Bank of Aruba

  8. Reserve Bank of Australia

  9. Austrian National Bank

  10. The Central Bank of Azerbaijan

  11. Central Bank of The Bahamas

  12. Central Bank of Bahrain

  13. Bangladesh Bank

  14. Central Bank of Barbados

  15. National Bank of Belarus

  16. Central Bank of West African States (BCEAO)

  17. Bank of Central African States

  18. National Bank of Belgium

  19. Central Bank of Belize

  20. Bermuda Monetary Authority

  21. Royal Monetary Authority of Bhutan

  22. Central Bank of Bolivia

  23. Central Bank of Bosnia and Herzegovina

  24. Bank of Botswana

  25. Central Bank of Brazil

  26. Bulgarian National Bank

  27. National Bank of Cambodia

  28. Bank of the Republic of Burundi

  29. Bank of Canada

  30. Bank of Cape Verde

  31. Cayman Islands Monetary Authority

  32. The People’s Bank of China

  33. Central Bank of Chile

  34. Central Bank of Colombia

  35. Central Bank of Comoros

  36. Central Bank of Costa Rica

  37. Central Bank of Congo

  38. Central Bank of Cuba

  39. Central Bank of Curagao and St Maarten

  40. Croatian National Bank

  41. Central Bank of Cyprus

  42. Czech National Bank

  43. National Bank of Denmark

  44. Central Bank of Djibouti

  45. Central Bank of the Dominican Republic

  46. Central Bank of Ecuador

  47. Eastern Caribbean Central Bank

  48. Central Bank of Egypt

  49. Bank of Eritrea

  50. Central Reserve Bank of El Salvador

  51. Bank of Estonia

  52. National Bank of Ethiopia

  53. European Central Bank

  54. Reserve Bank of Fiji

  55. Bank of Finland

  56. Banque de France

  57. Central Bank of The Gambia

  58. National Bank of Georgia

  59. Deutsche Bundesbank

  60. Bank of Ghana

  61. Bank of Guatemala

  62. Bank of Greece

  63. Central Bank of Guinea

  64. Bank of Guyana

  65. Bank of Haiti

  66. Central Bank of Honduras

  67. Central Bank of Hungary

  68. Central Bank of Iceland

  69. Reserve Bank of India

  70. Central Bank of Iran

  71. Bank Indonesia

  72. Central Bank of Iraq

  73. Central Bank of Ireland

  74. Bank of Israel

  75. Bank of Italy

  76. Bank of Japan

  77. Bank of Jamaica

  78. Central Bank of Jordan

  79. National Bank of Kazakhstan

  80. Central Bank of Kenya

  81. Bank of Korea

  82. Central Bank of Kuwait

  83. Central Bank of Kosovo

  84. Bank of the Lao PDR

  85. National Bank of Kyrgyz Republic

  86. Central Bank of Lebanon

  87. Bank of Latvia

  88. Central Bank of Lesotho

  89. Central Bank of Libya

  90. Central Bank of Liberia

  91. Bank of Lithuania

  92. Central Bank of Luxembourg

  93. National Bank of Macedonia

  94. Central Bank of Madagascar

  95. Reserve Bank of Malawi

  96. Central Bank of Malaysia

  97. Maldives Monetary Authority

  98. Central Bank of Malta

  99. Central Bank of Mauritania

  100. Bank of Mauritius

  101. Bank of Mexico

  102. National Bank of Moldova

  103. Bank of Mongolia

  104. Central Bank of Montenegro

  105. Central Bank of Morocco

  106. Central Bank of Myanmar

  107. Bank of Mozambique

  108. Bank of Namibia

  109. Central Bank of Nepal

  110. Netherlands Bank

  111. Reserve Bank of New Zealand

  112. Central Bank of Nicaragua

  113. Central Bank of Nigeria

  114. Norges Bank

  115. Central Bank of Oman

  116. State Bank of Pakistan

  117. Palestine Monetary Authority

  118. Bank of Papua New Guinea

  119. Central Bank of Paraguay

  120. Central Reserve Bank of Peru

  121. Central Bank of the Philippines

  122. National Bank of Poland

  123. Qatar Central Bank

  124. Bank of Portugal

  125. National Bank of Romania

  126. Central Bank of Russia

  127. National Bank of Rwanda

  128. Central Bank of Samoa

  129. Central Bank of San Marino

  130. Central Bank of Sao Tome and Principe

  131. Saudi Arabian Monetary Agency

  132. National Bank of Serbia

  133. Central Bank of Seychelles

  134. Bank of Sierra Leone

  135. Monetary Authority of Singapore

  136. National Bank of Slovakia

  137. Bank of Slovenia

  138. Central Bank of Somalia

  139. Central Bank of Solomon Islands

  140. South African Reserve Bank

  141. Bank of Spain

  142. Central Bank of Sri Lanka

  143. Bank of Sudan

  144. Central Bank of Suriname

  145. The Central Bank of Swaziland

  146. Sveriges Riksbank

  147. Central Bank of Syria

  148. Swiss National Bank

  149. National Bank of Tajikistan

  150. Bank of Tanzania

  151. Bank of Thailand

  152. Central Bank of Timor-Leste

  153. National Reserve Bank of Tonga

  154. Central Bank of Trinidad and Tobago

  155. Central Bank of Tunisia

  156. Central Bank of Turkey

  157. Central Bank of Turkmenistan

  158. Bank of Uganda

  159. National Bank of Ukraine

  160. Central Bank of the UAE

  161. Bank of England - UK

  162. Federal Reserve Bank of the United States

  163. Central Bank of Uzbekistan

  164. Central Bank of Uruguay

  165. Central Bank of Venezuela

  166. State Bank of Vietnam

  167. Reserve Bank of Vanuatu

  168. Central Bank of Yemen

  169. Bank of Zambia

  170. Reserve Bank of Zimbabwe

Annex 2: Audit Arrangements at CBs Subject to IMF Safeguards Monitoring

article image
Source: IMF Safeguards database as of September 2017, based on IMF regional classification.

Annex 3: Regional Trends36

Figure 2.
Figure 2.

Those Responsible for External Auditor Appointment

Citation: IMF Working Papers 2018, 199; 10.5089/9781484375501.001.A001

Source: CB websites and IMF CB Legislation Database. The total population size is 170 CBs.Note 2: The “Other” category includes the parliament, president, supranational and shareholders classifications.
Figure 2.
Figure 2.

Those Responsible for External Auditor _Appointment

Citation: IMF Working Papers 2018, 199; 10.5089/9781484375501.001.A001

Figure 3.
Figure 3.

External Auditors of Central Banks

Citation: IMF Working Papers 2018, 199; 10.5089/9781484375501.001.A001

Source: Central bank audited financial statements from CB websites.Note: Of 170 CBs websites, 141 had published audit opinions at September 30, 2017.
Figure 3.
Figure 3.

External Auditors of Central Banks

Citation: IMF Working Papers 2018, 199; 10.5089/9781484375501.001.A001

Source: Central bank audited financial statements from CB websites.Note: Of 170 CBs websites, 141 had published audit opinions at September 30, 2017.
Figure 4.
Figure 4.

Auditing Standards Applied in Central Bank Audits

Citation: IMF Working Papers 2018, 199; 10.5089/9781484375501.001.A001

Source: Central bank audited financial statements from CB websites.Note: Of 170 CBs websites, 141 had published audit opinions at September 30, 2017.
Figure 4.
Figure 4.

Auditing Standards Applied in Central Bank Audits

Citation: IMF Working Papers 2018, 199; 10.5089/9781484375501.001.A001

Source: Central bank audited financial statements from CB websites.Note: Of 170 CBs websites, 141 had published audit opinions at September 30, 2017.
Figure 7.
Figure 7.

Timing of Audit Completion

Citation: IMF Working Papers 2018, 199; 10.5089/9781484375501.001.A001

Source: Central bank audited financial statements from CB websites.Note: Of 170 CBs websites, 141 had published audit opinions at September 30, 2017.
Figure 7.
Figure 7.

Timing of Audit Completion

Citation: IMF Working Papers 2018, 199; 10.5089/9781484375501.001.A001

Source: Central bank audited financial statements from CB websites.Note: Of 170 CBs websites, 141 had published audit opinions at September 30, 2017.
Figure 9.
Figure 9.

Age of Published Annual Financial Statements

Citation: IMF Working Papers 2018, 199; 10.5089/9781484375501.001.A001

Figure 9.
Figure 9.

Age of Published Annual Financial Statements

Citation: IMF Working Papers 2018, 199; 10.5089/9781484375501.001.A001

Annex 4: Audit Profession Reforms

The external audit profession continues to introspect and explore ways to safeguard the integrity of the profession, including by enhancing audit quality. A glance at regulatory reforms in key markets or regions across the world suggests a heightened level of activity and a focus on accountability towards the users of financial statements and the public. Notable reforms include the following:

  • The Eurasian Economic Commission (EEC) is the permanent regulatory body of the Eurasian Economic Union, whose members are the Republics of Armenia, Belarus, Kazakhstan, and Kyrgyzstan; and the Russian Federation. The EEC Board approved in August 2016 audit, reporting and accounting draft liberalization plans aimed at the creation of a common market for these two services. By establishing a unified system of audit standards, audit quality requirements, and control over audit firms, the EEC hopes to achieve a higher level of trust and reliance on audit reports issued in its member countries.

  • The European Union (EU) adopted audit reforms in April 2014. The provisions were applicable from the first financial year starting on or after 17 June 2016. Broadly, the improvements aim to enhance statutory audits in the EU by reinforcing auditors’ independence and their professional skepticism towards the management of the audited company, in particular for public interest entities (PIEs). They contain, inter alia, mandatory audit firm rotation for PIEs, new requirements for audit committees relating to their oversight of the audit, additional restrictions on the provision of non-audit services by the statutory auditor to their PIE audit clients, and new reporting requirements.

  • China. In March 2016, the Ministry of Finance announced a new regulation changing the compulsory rotation period for some auditors of financial institutions as well as the related tendering requirements. Under the new regulations, which have now been instituted, the 5-year rotation period (3-year initial term plus 2 further years on the basis of a tender) introduced in 2010 will still apply to most audit firms, whereas financial institutions can now engage an auditor who ranked within the top 15 CPA firms in Mainland China for up to 8 consecutive years (5 years initial term and a 3-year extension - without the need for a tender but involving an internal process overseen by the audit committee).

  • Nigeria. The Securities and Exchange Commission of Nigeria is considering new guidelines that will require external auditors to issue an affirmative statement on the adequacy and effectiveness of the internal control system of the company being audited. This aims to strengthen the corporate governance of companies. In addition to the current rule that stipulates change of external auditing firm after tenure of 10 years, companies shall now require external auditing firms to rotate audit partners assigned to undertake the external audit of the company from time to time to avoid familiarity.

  • South Africa. In December 2015, the Independent Regulatory Board for Auditors enacted a new rule that mandates all auditors’ reports on annual financial statements of all PIE to disclose the number of years that the audit firm or sole practitioner has been the auditor of the entity (audit tenure).


  • Allemand Frederic, 2017, “Accountability and Audit Requirements in Relation to the SSM”, ECB Legal Conference 2017, 4-5 September 2017, ECB, Frankfurt, 2017 pp. 5982.

    • Search Google Scholar
    • Export Citation
  • Archer David, Moser-Boehm Paul, 2013, “Central Bank Finances”; Bank for International Settlements, BIS Papers No 71, (Basel: Bank for International Settlements).

    • Search Google Scholar
    • Export Citation
  • Arndorfer Isabella, Minto Andrea, 2015, “The Four Lines of Defence Model for Financial Institutions”, BIS Occasional Paper No 11, (Basel: Bank for International Settlements).

    • Search Google Scholar
    • Export Citation
  • Bank for International Settlements, 2009, “Issues in the Governance of Central Banks - A Report from the Central Bank Governance Group”, (Basel: Bank for International Settlements).

    • Search Google Scholar
    • Export Citation
  • Basel Committee on Banking Supervision, 2014, “External Audits of Banks”, (Basel: Bank for International Settlements).

  • Bossu Wouter, Hagan Sean, Weenink Hans, 2017, “Safeguarding Central Bank Autonomy: The Role of Transparency and AccountabilityECB Legal Conference 2017, 45 September 2017, ECB, Frankfurt, 2017 pp. 3142.

    • Search Google Scholar
    • Export Citation
  • Chamoun Elie, van Greuning Riaan, 2018, “Effectiveness of Internal Audit and Oversight at Central Banks Safeguards Findings - Trends and Observations”, IMF Working Paper, No 18/125 (Washington: International Monetary Fund).

    • Search Google Scholar
    • Export Citation
  • Camilleri Marie-Thérèse, Lybek Tonny, Sullivan Kenneth R., 2007, “Audit Committees in Central Banks”, IMF Working Paper No 07/73 (Washington: International Monetary Fund).

    • Search Google Scholar
    • Export Citation
  • European Central Bank, 2017, “Good Practices for the Selection and Mandate of External Auditors according to Article 27.1 of the ESCB/ECB Statute”.

    • Search Google Scholar
    • Export Citation
  • Grochalska Joanna, 2011, “Questions that an Audit Committee Should Ask”, Central Banking journal, Vol. XXI, No. 3, February, pp. 9095.

    • Search Google Scholar
    • Export Citation
  • Institute of Chartered Accountants of England and Wales (ICAEW), 2005, “Agency Theory and the Role of Audit”, available on www.icaew.com.

    • Search Google Scholar
    • Export Citation
  • International Auditing and Assurance Standards Board, 2011, “Audit Quality - an IAASB Perspective”, available on www.ifac.org.

  • International Auditing and Assurance Standards Board, 2015, “The New AuditorsReport - Greater Transparency into the Financial Statement Audit”, available on www.ifac.org.

    • Search Google Scholar
    • Export Citation
  • International Monetary Fund, 2014, “Proposed Modification of the Policy on Provision of Consulting Services by the External Audit Firm”; IMF Policy Papers

    • Search Google Scholar
    • Export Citation
  • International Monetary Fund, “Protecting IMF Resources: Safeguards Assessments of Central Banks” -Factsheet; available on: www.imf.org/external/np/exr/facts/safe.htm.

    • Search Google Scholar
    • Export Citation
  • International Monetary Fund, 2017, “Safeguards Assessments—2017 Update”; IMF Policy Papers

  • International Monetary Fund, 2015, “Safeguards Assessments—Review of Experience”; IMF Policy Papers.

  • International Organisation of Supreme Audit Institutions Professional Standards Committee, 2010, “The Auditing Function of Supreme Audit Institutions” (Copenhagen: PSC Secretariat).

    • Search Google Scholar
    • Export Citation
  • Khan Ashraf, 2018, “Central Bank Legal Protection: Liability and Immunity Arrangements”, IMF Working Paper, (forthcoming).

  • Organization for Economic Co-operation and Development, 1998, “Central Bank Audit Practices”, Sigma Papers, No. 24, (Paris: OECD Publishing).

    • Search Google Scholar
    • Export Citation
  • Segalotto Jean-François, Arnone Marco, Laurens Bernard, 2009, “Central Bank Independence, Accountability, and Transparency--A Global Perspective” (Washington: International Monetary Fund).

    • Search Google Scholar
    • Export Citation

Glossary of Terms

Audit opinions. Unmodified opinion when the auditor concludes that the financial statements are prepared, in all material respects, in accordance with the applicable financial reporting framework. Modified opinion on the financial statements is necessary when: (a) the auditor concludes, based on the audit evidence obtained, that the financial statements as a whole are not free from material misstatement; or (b) the auditor is unable to obtain sufficient appropriate audit evidence to conclude that the financial statements as a whole are free from material misstatement. Modified opinion includes a qualified opinion, an adverse opinion or a disclaimer of opinion on the financial statements (ISA 700 and 705).

ELRIC framework. The framework used by the IMF to conduct safeguards assessments at member central banks. ELRIC stands for (i) the External audit mechanism; (ii) the Legal structure and autonomy of the central bank; (iii) the financial Reporting framework; (iv) the Internal audit mechanism; and (v) the internal Controls system.

Key audit matters. Those matters that, in the auditor’s professional judgment, were of most significance in the audit of the financial statements of the current period. Key audit matters are selected from matters communicated with those charged with governance. The purpose of communicating key audit matters is to enhance the communicative value of the auditor’s report by providing greater transparency about the audit that was performed. (IAS 701, Communicating Key Audit Matters).

Management Letter. The external auditors written commination describing the significant deficiencies in internal control identified during the audit to those charged with governance on a timely basis. (IAS 265, Communicating Deficiencies in Internal Control to Those Charged with Governance and Management).

Reasonable assurance. Reasonable assurance is the level of confidence that the financial statements are not materially misstated that an auditor, exercising professional skill and care, is expected to attain from an audit. An auditor cannot attain absolute confidence because of numerous factors arising from the limitations of audit evidence, the impracticality of examining all evidence and uncertainties as to the future. The confidence that an auditor attains is subjective and is the basis for offering an audit opinion (ICAEW).

Supreme Audit Institution (SAI) is a public body of a state or supranational organization which, however designated, constituted or organized, exercises, by virtue of law, or other formal action of the state or the supranational organization, the highest public auditing function of that state or supranational organization in an independent manner, with or without jurisdictional competence (INTOSAI Statutes, December 2016).

Those Charged with Governance TCWG. ISA defines “those charged with governance” as the person(s) with responsibility for overseeing the strategic direction of the entity and obligations related to the accountability of the entity. This is typically an audit committee or the entire oversight/governance body (i.e., the Board).


We would like to thank Wouter Bossu, Simon Bradbury, George Kabwe, and Ashraf Khan for their review and insightful comments. We are also grateful to Amanda Robertshawe, Joanna Peta, and Julia Cardoso for their contribution and research assistance.


See Bank for International Settlements (BIS) “Issues in the Governance of Central Banks - A Report from the Central Bank Governance Group” (May 2009), and Bossu, Hagan, Weenink “Safeguarding Central Bank Autonomy: The Role of Transparency and Accountability” (September 2017), which provides an overview of IMF staff views on the interactions between these concepts.


Throughout this paper, the term “external audit” is used to refer to an independent financial audit of annual financial statements. This is distinct from internal audit, performance and public expenditure audits, forensic investigations, or agreed-upon procedures and other special-purpose type audit engagements.


In the banking sector, this public role contributes to financial stability through delivery of quality audits. See “Basel Committee on Banking Supervision - External Audits of Banks” (March 2014).


The IAASB periodically publishes information on the global adoption of ISA; as of September 2017, 124 jurisdictions were using ISA or committed to using them in the future.


ISA are different from International Financial Reporting Standards (IFRS). The former guides the audit process, whereas IFRS is a framework for the preparation of the financial statements.


See BIS publication on “The Four Lines of Defence Model for Financial Institutions” (December 2015), which takes the lines of defense model further to reflect specific governance features on regulated financial institutions.


See Chapter 7 of the BIS publication on “Issues in the Governance of Central Banks - A Report from the Central Bank Governance Group” (May 2009), which provides an overview of accountability arrangements and mechanisms for central banks.


CBs can be held accountable through the judiciary, ideally subject to legal protection to some extent. Such protection typically extends to the CB, its decision-makers including staff, and needs to be embedded in the CB law.


Though CBs generally are exempted from income and other forms of taxation, some CBs remain subject to taxation. Examples include the Bank of England and the Central Bank of Egypt.


Most central banks are fully owned by the State. The CBs of Belgium, Greece, Italy, Japan, San Marino, South Africa, Switzerland, and Turkey have private shareholders—CB shares in Belgium, Greece, and Switzerland are listed on their respective stock exchanges, whiles shares in the Reserve Bank of South Africa are traded on an over- the-counter share transfer facility market. In the United States, the regional Federal Reserve Banks also have private shareholders (i.e., banks). Some CBs, such as De Nederlandsche Bank, are nationalized, but their legal frameworks retain elements of private law. In 2010, the Austrian government purchased the outstanding shares of the Oesterreichische Nationalbank that were held by private investors; the CB remained a stock corporation.


For example, the Central Bank of Ireland is subject to two financial statements audits; one derives from the membership in the Eurosystem and is conducted by an independent auditor approved by the Council of the European Union, and the second is conducted by the Comptroller and Auditor General under the requirements of the Central Bank Act. Similarly, Banco de la República Colombia is subject to two financial statement audits.


For example, in Tanzania, the Comptroller and Auditor General (CAG) issued in 2009 the “Policy and Guidelines for Contracting out Audits of Public Authorities and Other Bodies”, which clarified that an explanation of the differences would be incorporated in the CAG audit report in case of disagreements with a subcontracted auditor.


See INTOSAI publication “The Auditing Function of Supreme Audit Institutions” (May 2010).


For example, the audit of the ECB by the European Court of Auditors is limited to an examination of the operational efficiency of the management of the ECB. This limitation was also extended to the new functions within the single supervisory mechanism (SSM).


Performance reviews are typically assigned to an audit committee or a similar oversight body. They are intended to ensure that the auditors maintain audit quality and independence, including adequate resources and quality control.


For instance, in Mexico the Minister of Finance requests the Institute of Chartered Accountants to propose a shortlist of candidate firms, amongst which the Minister will chose, but in agreement with the Accounting Rules Commission.


This analysis is based on a review of central banking legislation obtained from central banks’ website and the IMF Central Bank Legislation Database as of September 2017. A similar review was also conducted in September 2013, and the 2013 results are referred to where relevant.


The roles and responsibilities of the respective parties in such a delegation arrangement are typically defined in a memorandum of understanding, a contract, or engagement letter.


The agency theory explains the role and development of the audit profession. Agency relationships are fiduciary relationships. Principals delegate some decision-making authority to agents and establish mechanisms to reinforce trust, such as an audit. See “Agency Theory and the Role of Audit”, Institute of Chartered Accountants and England and Wales, 2005.


The term “external audit mechanism” is used in IMF Safeguards Assessments (Section V).


Audit committees may have different authority in this area depending on domestic legislation or CB regulations. The committee may be responsible for decision-making, or it may have an advisory role, where it is responsible only for making recommendations to the Board.


For example, the European Central Bank issued “Good Practices for the selection and mandate of External Auditors according to Article 27.1 of the ESCB/ECB Statute”, which provide high level guidance for the Eurosystem.


For example, the IMF has in place a policy on non-audit-related consulting services provided by the Fund’s external audit firm. See IMF Policy Paper “Proposed Modification of the Policy on Provision of Consulting Services by the External Audit Firm”, 2014.


Some CB laws include general provisions that allow the decision-making bodies to establish committees, without a specific reference to an audit committee.


SAIs are in general characterized by independence, professionalism, and integrity. While they enjoy a high degree of independence, and have taken steps to enhance capacity, there are predominantly focused on non-financial institutions, such as government agencies. Thus, they often face capacity challenges to address the complexities of a central bank audit.


For example, the 2015 Public Audit Act of Kenya permits the Auditor-General to “outsource audit services from duly registered audit firms”. As such the FY 2016 audit opinion states that the audit was conducted by an independent audit firm on behalf of the Auditor-General.


As noted in Section II, ISAs differ from IFRS. In reviewing the audit reports, our study did extend to the evaluation of the financial reporting frameworks used by the CBs.


The majority of the CBs (115 out of 141 CBs that published their financial statements) had fiscal years ending in December.


The main objective of the safeguards policy is to mitigate the risks of misuse of Fund resources and misreporting of program monetary data under Fund arrangements. See “Protecting IMF Resources - Safeguards Assessments of Central Banks.”


See “Effectiveness of Internal Audit and Oversight at Central Banks Safeguards Findings - Trends and Observations”, IMF Working Paper, No WP/18/125.


CBs subject to IMF safeguards policy remain under monitoring for as long as IMF credit is outstanding. This includes a review of the annual audit results, as well as communication with CBs and their external auditors on any developments in external audit arrangements.


The International Body of Independent Audit Regulators (IFIAR) comprises independent audit regulators from 52 jurisdictions representing Africa, North America, South America, Asia, Oceania, and Europe.


International Federation of Accountants (IFAC) Code of Ethics for Professional Accountants provides that key audit partners on public interest entities should not serve for longer than seven years, with a cooling off period of two years.


ISA 701 applies both to audits of financial statements of listed entities (required) and in circumstances when the auditor otherwise decides to communicate key audit matters in the auditor’s report (voluntary). This ISA also applies when the auditor is required by law or regulation to communicate key audit matters in the auditor’s report (e.g., for public interest entities - PIE). Applicability to CB audits is based on local regulations, determination whether the CB is considered a PIE, and some CBs and their auditors may voluntarily disclose the KAMs.


Based on IMF regional classification of member countries to five area departments: African (AFR); Asia and Pacific (APD); European (EUR); Middle East and Central Asia (MCD); and Western Hemisphere (WHD).

External Audit Arrangements at Central Banks
Author: Mr. Atilla Arda, Martin Gororo, Joanna Grochalska, and Mowele Mohlala