LogoRegulatory Alerts
2016-03-31

Regulation on External Audit of Microfinance Institutions

The Central Bank of the Republic of Kosovo issued this Regulation to establish comprehensive requirements for the approval, conduct, and oversight of external auditors auditing microfinance institutions. It mandates that approved audit firms maintain independence, adhere to International Standards on Auditing and Financial Reporting Standards, and submit detailed annual audit reports alongside management letters. Furthermore, the regulation outlines strict quality control mechanisms, confidentiality obligations, and civil penalties for non-compliance to ensure accurate financial reporting and risk management within Kosovo's microfinance sector.

Central Bank of the Republic of Kosovo logo

Kosovo

Central Bank of the Republic of Kosovo

Click to view thumbnail

1 Based on Article 35, paragraph 1.1 of Law No. 03/L-209 on the Central Bank of the Republic of Kosovo (Official Gazette of the Republic of Kosovo, No. 77/16 August 2010), Articles 103 and 114 of Law No. 04/L-093 on banks, microfinance institutions and non-bank financial institutions (Official Gazette of the Republic of Kosovo, No. 11/11 May 2012), the Board of the Central Bank of the Republic of Kosovo, in its meeting held on 29 August 2013, approved the following:

REGULATION ON THE EXTERNAL AUDIT OF MICROFINANCE INSTITUTIONS

Article 1 Purpose and Definition

  1. The purpose of this regulation is to strengthen, define the regulatory framework regarding external auditors of microfinance institutions (hereinafter: MFI), and to define the quality of services provided by external auditors, in relation to the specific risks of MFIs and the financial sector as a whole. This regulation defines the requirements for the approval of external auditors, the conduct of the external audit of MFIs, and the relationships between external auditors, MFIs, and the CBK.
  2. This regulation applies to all MFIs as well as foreign branches of MFIs registered by the CBK to operate in the Republic of Kosovo.

Article 2 Definitions

  1. All terms used in this regulation have the same meaning as the definitions below for the purpose of this regulation: a. Foreign MFI branch or foreign financial institution branch (hereinafter: foreign MFI branch) - means a legal entity which has its registered office and is licensed to conduct microfinance activities in another jurisdiction besides the Republic of Kosovo; b. Audit firm - implies a legal entity or any other entity, regardless of legal form, which is licensed in accordance with Law No. 04/L-014 on accounting, financial reporting and audit (Official Gazette of the Republic of Kosovo, No. 11/26 August 2011) (hereinafter: Financial Reporting Law) to perform statutory audit work. c. Financial statements - implies the statement of financial position, income statement, cash flow statement, statement of changes in equity, supplementary notes and explanatory materials, which are integral parts of the financial statements.

2 Article 3 General Conditions

  1. The external auditor of an MFI registered by the CBK to operate in Kosovo must be licensed by the Financial Reporting Council of Kosovo (FRC) and approved by the CBK.
  2. Based on a written application, the CBK will approve as an external auditor of an MFI only if the following conditions are met: a) An external auditor licensed in Kosovo in accordance with the Financial Reporting Law. b) An external auditor who has at least 3 (three) years of experience in the field of auditing financial statements of MFIs or other financial institutions, or participating staff who conduct the audit have such experience.

Article 4 Specific Conditions and Requirements

  1. The approval granted to the external auditor is limited to a specific MFI and is valid for one financial year.
  2. Applications for approval must be submitted to the CBK before June 30 of each year.
  3. The MFI, together with the approval application, must provide the CBK with: a) The proposal for the appointment of the external auditor; b) The MFI's audit program; c) A description of the utilization of resources during the audit service; d) The external auditor's engagement letter or service contract provided; e) A document proving the sufficient experience of the external auditor or his staff who conduct the audit in the field of auditing MFIs and other financial institutions; f) A certificate issued by the Financial Reporting Council of Kosovo (FRC) regarding the results of the latest quality control review for the external auditor (this certificate will not be required by the CBK until the FRC is able to issue such a certificate); and g) A written declaration by the external auditor regarding compliance with the criteria defined in Article 7 of this Regulation.
  4. The audit program and utilization of resources during the audit service must be appropriate in relation to the nature and size of the MFI.
  5. The continuous employment of the same external auditor is limited to three years or three consecutive audits.

3 Article 5 Good Reputation The CBK will approve as an external auditor of an MFI, external auditors who have a good reputation and are not engaged in any activity that is inconsistent with the functions of external audit.

Article 6 Re-audit The CBK has the right to request a re-audit by another external auditor at the MFI's expense, in cases where the existing external auditor of the MFI has conducted an audit or submitted a report that is not in compliance with Law 04/L-093, CBK regulations, International Standards on Auditing (hereinafter: ISA), and does not reflect the true and fair financial position of the MFI.

Article 7 Professional Ethics External auditors must comply with the professional ethics principles defined by the International Federation of Accountants "Code of Ethics for Professional Accountants".

Article 8 Independence and Objectivity

  1. During the conduct of the audit, external auditors must be independent from the entity being audited and must in no way be involved in the management decisions of the MFI being audited. External auditors must not conduct the audit if there is any direct or indirect financial, employment, or work relationship, including for additional non-audit services, between the external auditors and the MFI being audited, from which an objective, reasonable, and informed third party could conclude that the independence of external auditors is compromised.
  2. Approved external auditors must also comply with the provisions of the European Union Commission Recommendation of 16 May 2002, Statutory Independence of Auditors in the EU: The Structure of Fundamental Principles. Furthermore, the CBK will ensure compliance with Chapter IV of Directive 2006/43/EC on statutory audits of annual accounts and consolidated accounts.
  3. External auditors must document in their audit working papers all interventions affecting their independence, as well as the safeguard measures they have taken to mitigate those interventions.

Article 9 Independence and Objectivity of Auditors Conducting an Audit on Behalf of Audit Firms Owners or shareholders of an approved audit firm, as well as members of the administrative, management and supervisory bodies of that firm, or an associated firm, must not interfere in the execution of any audit in any way that would risk the independence and objectivity of the auditor conducting the audit on behalf of the audit firm.

4 Article 10 Audit Fees Audit service fees: a) Must be adequate to enable the proper quality of audit; b) Must not be influenced or determined by the fee for supplementary services provided by the MFI being audited; and c) Must not be based on any form of conditional fee.

Article 11 Requirements for External Auditors in Conducting Annual Account Audits External auditors must conduct all audits of MFIs in accordance with ISA.

Article 12 Content of the Audit

  1. External auditors must assess whether the annual accounts of the MFI are or are not prepared and finalized in accordance with International Financial Reporting Standards (hereinafter: IFRS), Law 04/L-093 and CBK regulations, and must assess whether the MFI's management has fulfilled its obligation to provide clear and appropriate notes as well as documentation of accounting information in accordance with Law 04/L-093 and CBK regulations.
  2. External auditors must assess whether information in annual reports regarding annual accounts, assumptions related to the continuity of operations and proposals regarding the utilization of surpluses or coverage of losses are in accordance with Law 04/L-093 and CBK regulations, and whether the information is consistent with annual accounts.
  3. External auditors must assess the adequacy of the MFI's risk management systems based on the assessment of: a) Compliance with requirements for organizational structures regarding the management of each specific risk; b) Policies and procedures for the management of each specific risk as well as their implementation; c) Adequacy of identification, measurement and monitoring of each specific risk; d) Adequacy and effectiveness of the internal audit system regarding the management of each specific risk.
  4. Specific risks include: credit risk, market risk, operational risk, liquidity risk and other risks to which MFIs are exposed.
  5. External auditors must conduct an assessment for the MFI regarding the manner of managing assets and establishing appropriate internal controls.
  6. The audit of the MFI must cover areas such as credit portfolio, provisions for loan losses, non-performing assets, asset valuation and adequacy of internal controls over financial reporting.
  7. External auditors must, through audits, contribute to the prevention and disclosure of irregularities and errors.

5 Article 13 Duties of External Auditors

  1. External auditors must conduct audits according to their best judgment including risk assessment, which presents the inclusion of misstated information in annual accounts due to irregularities and errors.
  2. External auditors must ensure they have a sufficient basis to assess whether any breach of Law 04/L-093 and CBK regulations has occurred, which are material with respect to annual accounts.
  3. External auditors must check the regularity, accuracy and completeness of MFI reports submitted to the CBK in accordance with regulatory requirements currently approved by the CBK. Based on the control exercised, external auditors must assess whether reports have been conducted or are in accordance with Law 04/L-093 and CBK regulations, and whether they realistically and objectively reflect the financial position of the MFI.
  4. External auditors must submit in writing to the Board of Directors of the MFI the following circumstances: a) Deficiencies regarding the obligation to ensure proper recording, clear disclosure and documentation of accounting information; b) Errors and deficiencies in the organization and control of asset management; c) Irregularities and errors that may cause misstatement in annual accounts;

Article 14 Documentation of Performance As required by ISA 230, "Audit Documentation", external auditors must document how an audit was conducted as well as the results of an audit. Matters indicating that irregularities or errors may be present must be documented separately.

Article 15 Maintenance of Audit Working Papers Audit working papers must be prepared and maintained in accordance with relevant ISA.

Article 16 Report of External Auditors

6

  1. External auditors must prepare an annual audit report with an audit opinion in accordance with IFRS and, in case of material differences are presented, also an audit report with an audit opinion in accordance with the Regulation on Credit Risk Management.
  2. The audit report must confirm that audit services have been conducted in accordance with the provisions of Law 04/L-093, this regulation and other relevant CBK regulations.
  3. The audit report must verify and disclose the following issues: a) Whether annual accounts are prepared and finalized in accordance with IFRS, Law 04/L-093 and relevant CBK regulations and present a true and fair view of the financial position and activities of the MFI b) Whether the MFI's management has fulfilled its obligation to provide clear and appropriate notes as well as documentation of accounting information; and c) Whether information in the annual report regarding annual accounts, assumptions related to the continuity of operations and proposals regarding the utilization of surpluses or coverage of losses are in accordance with Law 04/L-093 and relevant CBK regulations.
  4. If accounts do not provide information regarding the result and position of the MFI, which must be secured, external auditors must emphasize this or determine auditor's reservations and possibly provide necessary supplementary information in the audit report.
  5. If external auditors conclude that accounts should not be finalized in their current form, this must be clearly emphasized.
  6. External auditors must evaluate the implementation of recommendations given by external auditors for the previous financial year.

Article 17 Management Letter

  1. External auditors, in accordance with the regulation on MFI Reporting, must prepare the final management letter for the MFI, for conclusions of the audit process. The management letter must include all conclusions to which the external auditor may have arrived regarding the activity or financial position of the MFI, as well as information regarding their care in the audit mission.
  2. In the final management letter, external auditors must give a specific statement regarding the internal control system with the aim of providing specific assurance on and for the purpose of disclosing material issues, in the structure of internal control. The specific statement must also include the function of internal audit.

Article 18 Discretion

7

  1. External auditors and external auditor's collaborators have the duty to maintain confidentiality regarding any knowledge acquired during their activities, unless otherwise provided by law, or in cases where the information relates to a person whose duty does not require professional confidentiality. External auditors and external auditor's collaborators may not use that information for their own activities, services or employment of others.
  2. External auditors, regardless of the limitations presented in paragraph 1 of this article or the confidentiality agreement, may give explanations and present documentation regarding the audit conducted, in cases where required by current legislation in Kosovo.
  3. The obligation to maintain confidentiality continues to apply even after such duty has ended.

Article 19 Obligation to Inform

  1. The external auditor within the framework of his duties must provide information regarding issues related to the MFI, which the external auditor has learned during the audit period, when this is required by the general meeting of shareholders, board of directors, senior management, audit committee or an authorized person from the CBK.
  2. The external auditor must immediately notify the audit committee or Board of Directors of the MFI and the CBK, in cases where during the conduct of the audit of the MFI he observes: a) A serious conflict within decision-making bodies or the unexpected departure of a manager who has had a key function; b) Information indicating that there may be material breaches of laws, regulations, directives and orders of the CBK, as well as the statute and bylaws of the MFI; or c) The intention of the internal auditor to resign or his dismissal; and negative or material changes that pose a risk for the work of the MFI and the possibility that the risk will continue.
  3. The external auditor must, based on the CBK's request, provide the CBK with any information during the entire audit mission, regarding his performance in audit services at an MFI.
  4. The CBK maintains regular contacts and may initiate meetings with the external auditor of the MFI, at any time when such contacts are considered necessary.

Article 20 Quality Control and Review

  1. External auditors approved by the CBK must apply adequate quality control policies and procedures which address all important aspects of the audit.
  2. External auditors approved by the CBK will be subject to a quality review providing assurance by the CBK.

8 3. The quality review of an approved external auditor must include a specific audit task and must be conducted by the CBK or by a reviewer appointed by the CBK. 4. During the quality review, the CBK or reviewer must determine to what extent the external auditor has applied adequate quality control rules and procedures in all important aspects of the audit. During the review, the CBK or reviewer must have access to all documents of the external auditor's working papers, to the extent necessary to conduct adequate quality control. 5. Taking into account confidentiality obligations, Article 18 of this regulation applies equally to the CBK and the reviewer. 6. The summarized results of the quality review providing assurance will be published by the CBK, including recommendations, implementation of recommendations and if any case occurs also sanctions.

Article 21 Dismissal and Resignation

  1. External auditors of MFIs may be dismissed when there are sufficient grounds for this. Differences in opinions on accounting treatments or audit procedures cannot be considered as sufficient grounds for dismissal.
  2. Both audited MFIs and external auditors must inform the CBK in case of dismissal or resignation and must provide sufficient explanations for the reasons for such a decision.

Article 22 Withdrawal of Approval The approval of the external auditor will be withdrawn if the good reputation of that audit firm is seriously compromised or if one of the requirements of this Regulation is no longer met.

Article 23 Implementation, Improvement Measures and Civil Penalties

  1. If external auditors of MFIs breach the auditor's duties, defined by Law 04/L-093, provisions of this regulation and other relevant CBK regulations, the CBK may impose a written warning on the external auditor, a copy of which will be sent to the audited MFI.
  2. If breaches described in paragraph 1 of this article are repeated, the CBK has the right to: a) refuse approval of the external auditor to engage in conducting audits of financial institutions licensed by the CBK to operate in the Republic of Kosovo;

9 b) request the dismissal or replacement of an auditor; c) directly appoint, dismiss or replace an auditor, or d) request a re-audit according to Article 6 of this Regulation. 3. The CBK may impose a fine of one thousand (1,000) up to twenty thousand (20,000) Euros on the audit firm for the following breaches: a) failure to conduct the audit according to this regulation; b) failure to prepare the auditor's report within the time limit according to Article 5 of the Regulation on MFI Reporting at the CBK. c) failure to notify the Board of Directors about the facts and circumstances from paragraph 4 of Article 13 of this regulation.

Article 24 Entry into Force This regulation enters into force 15 days after approval by the CBK Board. Chairman of the Board of the Central Bank of the Republic of Kosovo

Mejdi Bektashi

Share