Chapter 21 Audits in Banks – CS Professional Banking Law and Practice Notes is designed strictly as per the latest syllabus and exam pattern.
Audits in Banks – CS Professional Banking Law and Practice Study Material
Write short note on long form audit report.
Long Form Audit report (IFAR):
Besides the normal audit report as-per the statutory requirements, auditors are also required to furnish Long Form Audit Report. The matters which the banks require their auditors to deal with in the LFAR have been specified by Reserve Bank of India. The format of LFAR is in a questionnaire form.
The LFAR is not a substitute for Statutory Audit Report. Nor is it deemed to be a part of Statutory Audit Report. The Statutory Audit Report is a self contained document and the auditor should not make any cross reference to the observation in the LFAR.
In case of any matter of emphasis, the auditor should mention the same in the report clearly.
LFAR is an elaborate reporting on the operations and controls in the branch which is based on the audit observations made by the auditor during the course of the audit. The whole bank LFAR is drafted by the Central Statutory Auditors based on the LFAR received from the Branch Auditors.
Write short note on Internal Audit.
- Bridges the gap between management and the board.
- Assesses the ethical climate and the effectiveness and efficiency of operations.
- Serves as an organization’s safety net for compliance with rules, regulations and overall best business practices.
- Is a cornerstone of strong governance.
- Gives an assurance that:
- Internal controls are sufficient to mitigate risks.
- Governance processes are adequate.
- Organizations goals and objectives are met.
- While external audit confirms the validity of the financial position expressed by an organisation, investigation may be supported by internal audit function.
- Internal audit confirms the effectiveness of business process controls in reducing financial risk.
- Assures compliance with the law.
- Indicates areas where business processes may be improved upon.
Distinguish between Forensic Audit and Revenue Audit.
Forensic Audit: The forensic audit is normally performed by a forensic accountant who has the skill in both accounting and investigation. Forensic Accounting is the type of engagement that undertaking the Financial Investigation in response to a particular subject matter, where the findings of the investigation normally are used as evidence in court.
The investigation is covering numbers of areas include fraud, crime, insurance claims as well as a dispute among shareholders. A forensic audit is also needed to have a proper plan, procedure, and report like other audit engagement.
Revenue Audit: Revenue audit is usually conducted at large and medium-sized branches and is aimed at identifying cases of leakage of revenue due to wrong computation of interest, non-application of interest on time, application of incorrect rates of interest/exchange/commission, non-application of penal interest, non-recovery or short recovery of service charges on guarantees and letters of credit, etc. This type of audit is also known as ‘income and expenditure audit’ or ‘income leakage audit’.
Describe the Principles of Internal Audit.
Principles of Internal Audit:
Basic Principles of Internal Audit as enumerated by Institute of Chartered Accountants of India (ICAI) are given below:
(i) independence- The independence of the internal audit function as a whole, and the Internal Auditor within the organisation, plays a large part in establishing the independence of the Internal Auditor.
(ii) integrity and Objectivity-The Internal Auditorshall be honest, truthful and be a person of high integrity. He shall operate in a highly professional manner and seen to be fair in all his dealings. He shall avoid all conflicts of interest and not seek to derive any undue personal benefit or advantage from his position.
(iii) Due Professional care- The Internal Auditor shall exercise due professional care and diligence while carrying out the internal audit. “Due professional care” signifies that the Internal Auditor exercises reasonable care in carrying out the work to ensure the achievement of planned objectives.
(iv) Confidentiality- Internal Auditor shall at all times, maintain utmost confidentiality of all information acquired during the course of the audit work. He shall not disclose any such information to a party outside the internal audit function and any disclosure shall be on a “need to know basis”.
(v) Skills and competence- Internal Auditor shall have sound knowledge, strong interpersonal skills, practical experience and professional expertise in certain areas and other competence required to conduct a quality audit. He shall undertake only those assignments for which he has the requisite competence.
(vi) System and Process Focus – An Internal Auditor shall adopt a system and process focused methodology in conducting audit procedures.
(vii) Participation in Decision Making- In conducting internal audit assignments, the Internal Auditor shall avoid passing any judgement or render an opinion on past management decisions. As part of his advisory role, the Internal Auditor shall avoid participation in operational decision making which may be subject of a subsequent audit.
(viii) Sensitive to Multiple Stakeholder interests- The Internal Auditor shall evaluate the implications of his observations and recommendations on multiple stakeholders, especially where diverse interests may be conflicting in nature. In such situations, the Internal Auditor shall remain objective and present a balanced view.
(ix) Quality and continuous improvement- The quality of the internal audit work shall be paramount for the Internal Auditor since the credibility of the audit reports depends on the reliability of reported findings.
What do you mean by risk based Internal Audit? Discuss the scope of Risk Based Internal Audit (RBIA).
Risk Based Internal Audit (RBIA)
RBIA is not about auditing risks but about auditing the management of risk. Its focus is on the processes applied by the management team. The primary focus of risk-based internal audit is to provide reasonable assurance to the Board and top management about the adequacy and effectiveness of the risk management and control framework in the banks’ operations.
Scope of RBIA
The precise scope of risk-based internal audit must be determined by each bank for low, medium, high, very high and extremely high risk areas. However, at the minimum, it must review/report on:-
- process by which risks are identified and managed in various areas;
- the control environment in various areas;
- gaps, if any, in control mechanism which might lead to frauds, identification of fraud prone areas;
- data integrity, reliability and integrity of MIS;
- internal, regulatory and statutory compliance;
- budgetary control and performance reviews;
- transaction testing/verification of assets to the extent considered necessary
- monitoring compliance with the risk-based internal audit report
- variation, if any, in the assessment of risks under the audit plan vis-a-vis the risk-based internal audit.
- a review of the systems in place for ensuring compliance with money laundering controls;
- identifying potential inherent business risks and control risks, if any;
- suggesting various corrective measures and,
- undertaking follow up reviews to monitor the action taken thereon
Write an explanatory note on information systems audit approaches.
Information Systems Audit Approaches:
There are three approaches for conducting Information Systems Audit viz. auditing around the computer, auditing through the computer and auditing with the computer.
(i) Auditing around the computer: Under this approach, the emphasis is on checking the correctness of the output data/documents with reference to the input of a process without going into the details of the processing involved. This approach is preferred, where auditors themselves do not have the desired level of technical skills to adopt the other approaches.
(ii) Auditing through the computer: Auditing through the computer requires fair knowledge of the operating system, hardware being used and certain technical expertise in systems development. Under this approach, the computer programs and the data constitute the target of IS audit.
(iii) Auditing with the computer: Under this approach, the computer system and its programs are used as tools in the audit process. The objective is to perform substantive tests using the computers and its programs. The data from the auditee’s computer system are retrieved to an independent environment.
Computer-Assisted Audit Tools and Techniques (CAATTs): CAATTS are efficient and effective ways to audit system-generated files, records and documents and to evaluate internal controls of an accounting system in many Information Systems. Banks should adopt a proper mix of manual techniques and CAATs for conducting IS Audit.
(a) Test Data Method – This method is used to establish application integrity by processing specially prepared sets of input data. The results of each test are compared with the pre-determined expected results.
(b) Base Case System Evaluation – Under this method, a base test set of transactions is prepared along with the expected results. This set of transactions is comprehensive and all possible transaction types are included.
(c) Tracing – Under this method, the test data does a virtual walk through the application logic. The application under review must undergo a special compilation to activate a trace option.
(d) Integrated Test Facility – This is an automated test technique, where the audit module is designed in the application program itself to be run in the normal course of operations by the application program with a specific choice of test data.
(e) Parallel Simulation – This requires the auditor to write a program that simulates the key features and processes of the application. The program is run on the pre-processed actual transactional data and the results obtained are compared with the actual results obtained.
What do you mean by Credit Audit? Explain on the objectives of credit audit.
Credit Risk is defined as “the possibility of losses associated with diminution in the credit quality of borrowers or counter-parties. In a bank’s portfolio, losses stem from outright default due to inability or unwillingness of a customer or counterparty to meet commitments in relation to lending, trading, settlement and other financial transactions.
Credit Audit examines compliance with extant sanction and post-sanction processes/ procedures laid down by the bank from time to time. Credit Audit is an integral part of risk based internal audit system, aimed at identification of credit risk and may also suggest the remedial measures for controlling the credit risk underlying the loan & investment portfolios of high value.
Objectives of credit Audit:
- To review sanction process and compliance status of large value loans vis-a-vis Bank’s loan policies, procedures and laid down credit processes.
- To bring about improvement in the quality of Bank’s credit portfolio.
- To make an independent review of Credit Risk Assessment
- To suggest/recommend corrective actions to improve credit quality, credit administration and credit skills of the staff.
- Pick-up early warning signals and suggest remedial measures.
Identification of signs of stress and initiation of adequate steps is crucial to ensure the quality of the credit portfolio and therefore needs careful examination during the audit. CAAs identified as Medium and High Risk are reviewed at shorter intervals at the discretion of Internal audit department of bank.
Scores/ risk ratings are awarded under credit risk & control risk areas separately at CAA level as High / Medium / Low / Very Low Risk. Final rating of CAA is arrived at based on the RBI’s Risk Matrix, considering inherent business risk and control risk as under:
- Extremely High Risk
- Very High Risk
- High Risk
- Medium Risk
- Low risk.
What is Concurrent Audit? Describe the Scope of Concurrent Audit.
Concurrent audit aims at shortening the interval between a transaction and its independent examination. It is, therefore, integral to the establishment of sound internal accounting functions and effective controls and is regarded as part of a bank’s early warning system to ensure timely detection of serious errors and irregularities, which also helps in averting fraudulent transactions and preventive vigilance in banks.
It is a continuous audit, which goes on all the year around, usually conducted by external auditors (Chartered Accountants) on monthly basis.
Scope of concurrent audit
Concurrent audit is an examination which is contemporaneous with the occurrence of transactions or is carried out as near thereto as possible. It attempts to shorten the interval between a transaction and its examination by an independent person.
There is an emphasis in favour of substantive checking in key areas rather than test checking. This audit is essentially a management process integral to the establishment of sound internal accounting functions and effective controls and setting the tone for a vigilant internal audit to preclude the incidence of serious errors and fraudulent manipulations.
A concurrent auditor may not sit in judgement of the decisions taken by a branch manager or an authorised official. This is beyond the scope of concurrent audit. However, the audit will necessarily have to see whether the transactions or decisions are within the policy parameters laid down by the Head Office, they do not violate the instructions or policy prescriptions of the RBI, and that they are within the delegated authority.
Minimum areas of coverage under concurrent Audit:
- Cash transactions including physical verification of cash, etc.
- Loans & Advances including physical verification of securities, delegation of Powers for sanction, Security Charge Creation, end use verification of funds, monitoring of accounts with excess drawings, monitoring of projects, etc.
- Adherence to KYC / AML guidelines including monitoring of transactions in accounts, compliance with Foreign Account Tax Compliance Act (FATCA) and Common Reporting Standards (CRS), monitoring of transactions in new accounts/staff accounts, reporting of CTR/STR, etc.
- Remittances/ Bills for Collection including SWIFT transactions, monitoring of overdue statements (bills purchased / discounted / negotiated, etc.).
- House Keeping including reconciliation of accounts, monitoring of General Ledger/Subsidiary General Ledger/Parking Accounts, opening of internal accounts, etc.
- Treasury operations.
- Non fund based business.
- Foreign Exchange transactions.
- Clearing transactions.
- Verification of Merchant Banking Business.
- Verification of Credit Card / Debit card business.
- Conduct of employees, mis-selling of products, etc.
- Compliance to RBI guidelines and internal Policy guidelines issued from time to time.