AUDIT FUNCTIONS IN BANK

R CHANDRA SEKHAR
CLD HYDERABAD
 ORGANIZATIONAL SETUP

ACB ( Audit Committee of Board of Directors)

– Approve formulated policies, monitor & review the performance of the
performance of the Audit Department regularly

ACE (Audit Committee of Executives

ACE shall comprise of the Audit functions in the bank and suggest, on
improvements to be made through functional departments at Central
office, for appproval of the ACB
All EDs
GMs of all CO departments
ED-Audit – Head of Committee
HIA (Head of Internal Audit, GM, CA & ID) – convener of the Committee
 Closure of various Audit reports

1. CGM (Committee of GM)

2. ZACE (Zonal Audit Committee Executives)
3. RACE (Regional Audit Committee Executives)
 CGM

CGM Contains

HIA (Head of Internal Audit, GM, CA & ID) – Head of Committee

CCO (Chief Compliance Officer)
CRO (Chief Risk Officer)
GM- Credit Monitoring
GM- Operations
 ZACE (Zonal Audit Committee Executives)

ZACE contains

FGM/GM (Chairman of Committee)

In-charge of ZAO
All SRMs/RMs (Minimum 2 members required)
AGM/CM (Audit followup cell of ZO shall be convener)
 RACE (Regional Audit Committee Executives)

RACE contains

SRM/RM (Chairman)
AGM/CM of RO (Convener)
Incharge of ZAO
Incharge of Credit Monitoring of RO
Incharge of Credit of RO Minimum 2
members
Incharge of Operation of RO
Required
Incharge of Recovery of RO
Incharge of RCC of RO
Incharge of HRD of RO
Incharge of Priority sector Department of RO
 Types of Audits

1. RBIA
2. RBI Inspection Reports
3. Stock Audit
4. Legal Audit
5. Compliance Audit
6. Revenue Checking
7. Snap Audit
8. 100% Audit/Special Audit/100% verification etc..
9. IS Audit
10.Management Audit of RO/ZO/CO
 RBIA
• In the eyes of RBI, a sound Internal Audit function plays an important role in
contributing to the effectiveness of the internal control system.
• To achieve these objectives, RBI had advised the banks to gradually move towards
risk-based internal audit which will include, in addition to selective transaction
testing, an evaluation of the risk management systems and control procedures
prevailing in various areas of a bank’s operations.
• While focusing on effective risk management and controls, in addition to
appropriate transaction testing, the risk-based internal audit would not only offer
suggestions for mitigating current risks but also anticipate areas of potential risks
and play an important role in protecting the bank from various risks.
• The risk-based internal audit, on the other hand, undertakes an independent risk
assessment solely for the purpose of formulating the risk-based audit plan keeping
in view the inherent business risks of an activity/ location and the effectiveness of
the control systems for monitoring the inherent risks of the business activity.
 RISK ASSESSMENT METHODOLGY

RAM is classified as

1. Business Risk
2. Control Risk
3. Composite Risk
 Business Risk

Presently under Business Risk, Maximum Marks are rationalized to 470 in

line with the suggestions of the Convener, Implementation Monitoring
Committee (formed by DFS)
 Control Risk

If Branch does not have FOREX business then rationalized weightage of FOREX parameter
will be treated as NIL and similarly for the Branches were the Legal Audit not applicable the
rationalized weightage will NIL. The weightage will be distributed proportionately under
remaining heads.
Rating under RBIA
Composite Risk Rating under RBIA
Trend Matrix
Trend Matrix in Composite Risk
 Types of Audit and its Frequency
Type of Audit Periodicity/Frequency of Audit
Risk Based Internal Low risk rated Branches once in 12-15 months. Medium Risk rated
Audit (RBIA) of Branches: Once in 12 months However, Extremely High, Very High
Branches and High risk rated Branches shall be re-audited within 3 (Three) to 6
(Six) months. However, if the Branch confirms to RO that the remarks
of the audit report have been complied with, the RM shall get
Compliance Audit conducted and on satisfying himself, recommend
to ZAO for re-audit & re-assessment of risk rating before the
stipulated periodicity.
Periodicity of RBIA in The periodicity for Risk Based Internal Audit of CFB/ MCB and Credit
Credit intensive oriented ELBs with advances of `100.00 crore and above (as on 31st
Branches March) shall be subjected to Risk Based Internal Audit with duration
of 12 months. If such Branch is rated as High/ Very High/ Extremely
High then next Risk Based Internal Audit shall be conducted after six
months of previous audit.
Audit of Service Service Support Branches shall be subjected to Internal Audit at a
Support Branches regular interval of six months, considering the sensitivity of their
functions
 Types of Audit and its Frequency
Type of Audit Periodicity/Frequency of Audit
Audit of Centralized Credit All CCPCs shall be subjected to Risk Based Internal Audit
Processing Center Branches (RBIA) at quarterly interval
Management Audit of Zonal Management Audit of Zonal Offices is to be conducted
Office: annually
Management Audit of Regional Management Audit of ROs having total business above
Office `10,000 crore or Advance portfolio above `5,000 crore as on
31st March may be subjected to Management Audit on
yearly basis. Other ROs shall be subjected to Management
Audit as per their Risk Rating i.e. once in two year in case of
Low & Medium Risk rating and immediately after 12
months period in case of High Risk
Management Audit of Once in two years
• Departments of Central Office
• Training Centres / Training
Colleges
Any special assignment of audit Need-based - with the permission of Head of Internal Audit
(HIA)
 Types of Audit and its Frequency
Type of Audit Periodicity/ Frequency of Audit
Concurrent Concurrent Audit of ELBs, VLBs (including CFB, IFB, MCB) & some of
Audit Large and Medium category Branches, which shall generally be
decided in descending order of the Advances, so as to cover
minimum 50% of aggregate business, 50% each of Deposits &
Advances of the Bank. However, Concurrent Audit shall be
continued for SSBs, CCPBs, Integrated Treasury Branch, CBS, BSD
and Digital Payments & Transaction banking Dept. - Corporate
Office
Inspection of Once in two years
ZAOs
Stock Audit As per Credit Monitoring Policy, the appointment of auditors shall
be carried out by respective Regional Offices for periodical stock
audit in eligible accounts. The audit observations reported in Stock
Audit reports shall be attended by respective Branches and closure
shall be done in “Credit Monitoring Committee” Meeting of
respective RO/ ZO.
 Types of Audit and its Frequency
Type of Audit Periodicity/ Frequency of Audit
Compliance Audit 1.Concurrent auditors of the Branches (which are under Concurrent Audit)
shall be advised to submit their verification report on Compliance done by the
Branch in respect of: Internal audit Report (RBIA), IS Audit, Special Report,
100%/ Statutory Audit Report, LFAR, Recovery of Revenue Leakage etc.
2.Compliance Audit of at least 10% of Branches, where compliance to audit
report has been submitted by the Branches, will be conducted by the Zonal/
Regional Offices, by deputing officials from RO/ other Branches prioritizing
Branches where Special report submitted, Branch rated with Extremely High
Risk/ Very High risk/ High risk under RBIA, Statutory Audit Reports with
adverse remarks in LFAR, Revenue Leakage exceeding Rupees one lac in fiscal
in Branches, irrespective of their coverage under Concurrent Audit.

3. Zonal Audit Offices will also conduct compliance audit in10% Branches,
including Branches which are under Concurrent Audit, where audit reports
have been closed by competent authority.

4.Identification of Branches to be covered under compliance audit either by

RO/ ZO or ZAO, shall be done by ZAOs randomly and list of Branches to be
subjected for compliance audit by the officials from Branch/ RO/ ZO shall be
submitted to FGM/ ZM. Controllers shall take stringent action against false
compliance submitted by the Branches for getting audit report closed. Proper
rectification of irregularities shall be ensured by RO/ ZO in such cases.
 Types of Audit and its Frequency
Type of Audit Periodicity/ Frequency of Audit
Legal Audit In respect of credit exposure of `5.00 crore and above, may be
conducted by the Law Officer of concerned Regional Office along
with Risk Based internal Audit of the Branch and the Legal Audit
Report submitted by Law officer shall form part of RBIA Report.
Information IS Audit of Branches shall be carried out along with RBIA. IS Audit
System Audit of Core Banking Solution and other related software used by
various departments shall be conducted through a Cert-in
registered firm, annually.
Submission of Audit reports and compliance thereof by the
auditee
 100% Audit / Special Audit / 100% Verification
Head of Internal Audit (HIA) may consider for conduct of 100% Audit/ Special Audit/ 100%
Verification etc. of the Branch/ Office on recommendation of FGM/ ZM or In-charge of ZAO of
their Zone. Head of Internal Audit (HIA) may order for conduct of 100% Audit/ Special Audit/
100% Verification etc. of any Branch/ Office, sue motto.
However, the concerned controlling office shall look into the control aspects by controlling office
before requesting for such request as under:

• Whether weekly wire figures were monitored?

• Whether control returns were received scrutinised & deviations noticed and were followed
up?
• Whether Branch/ office were visited by the RM/ ZM as per the norms and critical remarks
made therein were attended?
• Whether staff accountability has been examined for NPA Accounts? Whether irregularities/
shortcomings reported in earlier Audit reports got rectified by the Branch.

Head of Internal Audit (HIA) can instruct for 100% audit on the basis of feedback received from
the field/ other sources
 SNAP AUDIT
• ZAOs shall conduct Snap Audit at the request of Field General Manager/
Zonal Manager in case of any officer vested with delegated authorities at
Branch/ RO/ ZO, tenders resignation/ applies for VRS.
• Such snap audit shall cover exercise delegated powers by the official
tendering resignation/ VRS after the last RBIA. If regular Risk Based
Internal Audit of that Branch is due then the same will be taken up instead
of snap audit.
• Controller shall ensure rectification of adverse finding reported during
such snap audit. ZO shall inform ZAO at least 30 days in advance, if such
resignation/ VRS application is under their consideration.
• Snap audit conducted by ZAO at the request of FGM shall be closed at
ZACE prior to acceptance of resignation/ VRS of the delegated authorities.
Similarly, Snap Audit conducted in compliance of instruction of CA&ID,
shall be closed at CGM.