7/29/2019 Projects on bank audit
1/95
Control System And Bank Audit
1
INTRODUCTION
BANK AND CONTROL
AUDITING
BANK AUDIT
1
7/29/2019 Projects on bank audit
2/95
Control System And Bank Audit
INTRODUCTION TO BANK AND CONTROL SYSTEM
BANKING:
Banking has been defined in section 5 of the act as the accepting,for the purpose of lending or investment, of deposits of money from the public, repayable
on demand or otherwise, and withdraw able by cheque, draft, order or otherwise.
A Banking company or a Bank means any company, which transacts the
business of banking in India, and includes a foreign company, engaged in the business of
banking in India.
There are four types of banking institutions in India. These are:
1) Commercial banks
Commercial banks are the most prevalent banking
institutions in India. Commercial banks operating in India can be divided into two
categories based on their ownership-public sector and private sector banks.
2) Regional rural banks (RRBs) -
RRBs have been established with a view to
developing the rural economy by providing credit and other facilities, particularly
to the farmers.
3) Co-operative Banks -
Co-operative banks are the banks in the Co-operative
sector, which cater predominantly to the needs of the farming, and allied sectors.
Co-operative banks include central Co-operative banks, state Co-operative banks,
primary Co-operative banks and land development banks.
4) Development banks -
Development banks were started for providing only long-
term finance for development purposes; they are also referred as Term-lending
institutions.
2
7/29/2019 Projects on bank audit
3/95
Control System And Bank Audit
Important features
Banks have the following characteristics, which distinguish them from most other
commercial enterprises.
1. They have custody of large quantum of monetary items, Including cash and
negotiable instruments, whose physical security has to be ensured This applies to
both the storage and the transfer of monetary items and makes banks vulnerable to
misappropriation and fraud. They, therefore, need to establish formal operating
procedures, well-defined limits for individual discretion and rigorous systems of
internal control
2. They engage in a large quantum and variety of transactions in terms of both
number and value. This therefore requires complex accounting and internal
control systems.
3. They generally operate through a wide network of branches and departments
which are geographically dispersed.
4. Banks are regulated by governmental authorities and the resultant regulatory
requirements often influence accounting and auditing practices in the banking
sector.
Regulatory framework
There is an elaborate regulatory framework governing banks in
India. The principal enactments which govern the functioning of various types of banks
are:
Banking Regulation Act, 1949
Banking Companies (Acquisition and Transfer of Undertakings) Act, 1970
Banking Companies (Acquisition and Transfer of Undertakings) Act, 1980
SBIAct, 1955
SBI (Subsidiary Banks) Act, 1959 Regional Rural Banks Act, 1976
Companies Act, 1956
Co-operative Societies Act, 1912 or the relevant state Co-operative Societies Act.
3
7/29/2019 Projects on bank audit
4/95
Control System And Bank Audit
INTRODUCTION-an overview of Auditing
Economic decisions in every society must be based upon the information available
at the time the decision is made. For example, the decision of a bank to make a loan to abusiness is based upon previous financial relationships with that business, the financial
condition of the company as reflected by its financial statements and other factors
If decisions are to be consistent with the intention of the decision makers, the information
used in the decision process must be reliable. Unreliable information can cause inefficient
use of resources to the detriment of the society and to the decision makers themselves. In
the lending decision example, assume that the bank makes the loan on the basis of
misleading financial statements and the Borrower Company is ultimately unable to
repay. As a result the bank has lost both the principal and the interest. In addition,
another company that could have used the funds effectively was deprived of.the
money.
As a means of overcoming the problem of unreliable information, the decision-
maker must develop a method of assuring him that the information is sufficiently reliable
for these decisions. In doing this he must weigh the cost of obtaining more reliable
information against the expected benefits.
A common way to obtain such reliable information is to have some type of verification
(audit) performed by independent persons. The audited information is then used in the
decision making process on the assumption that it is reasonably complete, accurate and
unbiased.
The word Audit is derived from the Latin word Audire which means to
here. In olden days, whenever the owner of the business suspects the frauds, they
appoint independent and impartial person who uses to hear the explanation given by the
accountant. Such person was known as Auditor.
Auditing may be defined as,
A careful and critical examination of books of accounts by a
properly qualified person on the basis of proper evidence so as to express an opinion (i.e.
views) about the truth and fairness of financial statements.
4
7/29/2019 Projects on bank audit
5/95
Control System And Bank Audit
TYPES OF AUDIT
The entire process of audit depends upon the type of audit. Type of audit to be
conducted is to be selected carefully, keeping in mind the objects of audit in each and every
case. Hence it is essential to study the various types of audit before laying down the
programme for any audit work.
5
CHART SHOWING DIFFERENTCLASSES OF AUDIT
BASED ON
AUTHORITY
Y
BASED ON
SCOPE
BASED ONTIME
BASED ON OTHEROBJECT TYPES
Statutory Non-Statutory InternalAudit Audit Audit
Complete PartialAudit Audit
Continuous Final InterimAudit Audit Audit
Special Cost Management SocialAudit Audit Audit Audit
Balance Sheet Occasional Audit In Cash Operational
Audit Audit Depth Audit Audit
7/29/2019 Projects on bank audit
6/95
Control System And Bank Audit
BASED ON AUTHORITY:
1) Statutory Audit
It is the audit, which is compulsory under the law*Appointment ofauditors,
removal, Remuneration, rights, duties, and liabilities are governed as per the
provisions 'of the respective law applicable to the organisation. Scope of audit work
and all other terms are as laid down by the law. It can be conducted only by a
qualified Chartered Accountant.
2) Non-Statutory Audit
Non-statutory audits are voluntary audits. These audits are not compulsory under
any law. Terms and conditions of audit are determined as per the agreement made between
the auditor and proprietor for e.g. financial audit of a sole trader or partnership firm. It also
includes non-financial audits e.g. internal audit, management audit, Operational audit,
Social audit, etc.
a) Private Audit
The audit which is done for the satisfaction of the owner Is called
private audit. This type of audit is not compulsory at all. It may be conducted by
sole proprietors, partnership firms, family trusts, private trusts, etc. The various types of
private audit are
i) Audit of Sole Proprietor
Audit of accounts of a sole-proprietor is not compulsory. However, he
may get his books audited for various reasons. Some of the reasons are: -
1) For obtaining loan from bank and financial institutions.
2) For presenting authentic data to income tax and Sales tax authorities.
3) For his own satisfaction that his employees have written the books of accounts
properly and that there are no frauds and errors.
ii) Audit of partnership firms
1) Under partnership Act it is not compulsory to audit the accounts. However in actual
practice it is not only advisable but even necessary to get them audited
2) It helps to prevent disputes among the partners.
3) It facilitates borrowing frombanks
4) Audited accounts are preferred by income tax and sales tax departments.
5) Audited accounts can be helpful in case of litigation.
6
7/29/2019 Projects on bank audit
7/95
Control System And Bank Audit
3) Internal Audit
This type of audit is also optional. It is conducted by the internal auditor who is
appointed by the proprietor. Even the employee of the organisation may be appointed as
an internal auditor to examine the books of accounts. All the terms and conditions of audit
work are determined by the agreement. The basic purpose of internal audit is not only to
examine the books of accounts but also to review the present working and make valuable
suggestions to improve it.
BASED ON SCOPE:
1) Complete Audit
In complete audit the auditor have to check each and every transaction,
voucher document etc. relating to the transactions of business. This types of audit
is not possible in case of large business organizations.
2) Partial Audit
Sometimes auditor may be called upon to audit few books and give his
finding thereon. Sometimes he may be called upon to audit only the payment
side of cashbook or receipts side only. This is called as Partial Audit. Auditor has
to be very careful when he undertakes this type of audit. Usually this type ofaudit is called for when a fraud or misappropriation is" suspected. While
submitting the report auditor should clearly mention -the scope and documents
or books made available to him for his audit. Partial audit is not practical. Such
an audits possible where audit is not a legal necessity.
BASED ON TIME:
1) CONTINUOUS AUDIT
One where the auditor, or his staff, is constantly engaged in checking the
accounts during the whole period or where the auditor or his staff attends at regular or
irregular intervals during the period.
Continuous audit means an audit at regular intervals throughout the
accounting year. Continuous audit, accounting and auditing work is done side by
side.
7
7/29/2019 Projects on bank audit
8/95
Control System And Bank Audit
(2) FINAL /ANNUAL /PERIODICAL / COMPLETED AUDIT:
Periodic audit is also known as 'final or completed audit'. Final audit is carried out
continuously until it is completed. It is a past accounts audit. In case of a final audit, the
auditor gets hold of all the books of accounts and the vouchers for the, accountingPeriod. He is in possession of all the facts and figures relating to the accounting period for
which the audit is being conducted. In case of this audit, the auditor visits the clients place
only once and remains there till the audit is over.
Generally this type of audit is appropriate for smaller business concerns. Generally
majority of audits are in the nature of Final Audits.
(3) INTERIM AUDIT:
It is a kind of audit, which is conducted in between the annual or final audits. It is
conducted to find out the interim profit and know the financial 'position at the end of a
part of the accounting year. This is usually carried out at half yearly intervals. Hence, this is
also called as half yearly audit.
BASSED ON OBJECT :
1) SPECIAL AUDIT
Under section 233 A of companies Act, the central government has power to direct
special audit under following circumstances:
a) When the affairs of any company are not managed as per the sound business
principles.
b) When the financial position of the company is such as to endanger its solvency.
c) When company is being managed in a manner which is likely to cause serious
injury or damage to the interest of trade or industry
The auditor appointed by the government is required to report to the government.
2) COST AUDIT
It is a type of audit, which involves verification of cost records maintained by the
organisation. Under section 233 B of the companies Act, 1956 the central government may
direct an audit of cost records by a person who is qualified. Appointment of auditor is done
by the board of director subject to the approval of the central government. The auditors repot
8
7/29/2019 Projects on bank audit
9/95
Control System And Bank Audit
to the government, the copy of the report is send to the company. It has been defined as the
verification of the correctness of cost accounts and of adherence to the cost accounting plan.
3) Management audit:-
'Management auditing is concerned with review of operations and performance of
management to improve efficiency and effectiveness of the organisation. It is, thus, an
extension of internal audit function. Some authors use the terms management auditing
and operational auditing interchangeably because of the close resemblance of
methodology employed. But it may be noted, although operational auditing is also
concerned with review of operations of an entity, management auditing, in addition to it
also includes review of managerial performance. Secondly, the frame of reference of a
management audit is derived, generally, from the expectations of the external
participants and not of organisation's management as in case of operational auditing.
4) Social audit
Social audit is a recent development in the field of at it is based on the
modern concept of social responsibility of business. Social audit examines to what extent
the business is discharging the social responsibilities. It examines the contribution of the
concern to the society at large.
Other types:
1) Balance sheet Audit
Balance Sheet audit is of a recent origin. It has acquired popularity in U.S.A.
As the very name suggests, balance sheet audit consists of verification of all the items
appearing in the balance sheet such as assets, capital, reserves and liabilities of the business.
Under 'balance sheet audit, the auditor commences audit on the basis of the Balance sheet,
and he works back to the books of original entry and other evidences. Though balance sheet
audit concentrates mainly on balance sheet items, it also includes an examination of those
transactions, which are appearing in the Profit and Loss Account because balance of Profit
and Loss Account appears in the balance sheet. Thus, in balance sheet audit all the items
contained in the balance sheet and other related or allied items are verified completely. The
auditor' will check up general ledger also
9
7/29/2019 Projects on bank audit
10/95
Control System And Bank Audit
(2) Occasional audit: -
This type of audit is carried out occasionally as per the need of the business, T1V
applicable to the proprietary concerns such as sole traders and partnerships, it is just a need-
based audit. It is conducted at the desire of the owner of the business. This of audit is not
possible in case of Joint Stock Company as the annual au; compulsory as provided in
Companies Act, 1956.
(3) Audit in Depth
Under this type of audit, the auditor examines thoroughly selected transactions
right from their origin to the conclusion. All records and documents pertaining to the
transactions are checked in detail. The basic purpose of this type of audit is to
whether the system of internal check or control system is effective. This type of audit
enables the auditor to suggest to the management a better procedure for recording the
transactions to avoid any loopholes for committing frauds.
4) Cash Audit
Here the auditor examines only cash transactions. He examines cash receipts and cash
payments. Cash transactions are checked with the help of receipts and vouchers and other
evidences. The receipts and payments may be capital or revenue in nature.
5) Operational Audit
Operational audit goes beyond financial audit. It is conducted to see that the business
operations are improved in future. It guides the management in achieving
organizational objectives
10
7/29/2019 Projects on bank audit
11/95
Control System And Bank Audit
INTRODUCTION TO BANK AUDIT
Bank Audit is a time bound exercise and it is full of challenges and
responsibilities. For those who approach this exercise with scientific methods and properplanning The auditor has very limited option as far as the availability of time is
concerned, therefore, the only option he has is to carry out the audit in a very scientific
manner so that he is able to conduct a purposeful audit in the limited time.
Generally, the appointment letters are received in second or third week of March
and the auditors are expected to commence the audit in the first week of April and to
complete the audit, in one visit and in all respect, by the end of second week of April.
Therefore, the time available for the completion of audit in all respects is generally in the
range of 4-5 days to a maximum of a week or 10 days, irrespective of the size of the
branch, volume of business and nature of activities.
The banks are taking effective measures to address this issue and some banks
have allowed the auditors of large and very large branches to visit the respective branches
before the close of the year. Such visits help the auditors to gather lot of first hand
information and insight about the branch and its business profile, performance, NPA
profile, client profile, level of computerization, etc.
Generally, banks circulate detailed closing instructions to the branches and the
auditors well in advance. It is important to review the instructions and to incorporate the
significant instructions in the audit plan/programme/checklist.
With the latest information available at the touch of button, it is very important that to
keep update about the significant developments in the banking sector and to incorporate
all the significant developments in the audit programme/checklist.
As the concept of Peer Review is already put in place, it is important that while
carrying out the attest function due emphasis is given to Auditing & Assurance Standards
and other pronouncements of the Institute while discharging the attest function. Apart
from this, it is also important to preserve all the required documents/representations etc.
for future reference.
11
7/29/2019 Projects on bank audit
12/95
7/29/2019 Projects on bank audit
13/95
7/29/2019 Projects on bank audit
14/95
Control System And Bank Audit
2
CONTROL SYSTEMS
BANKING REGULATION ACT, 1949
CORPORATE GOVERNANCE
GOSH COMMITTEE RECOMMENDATIONS
AUDITING & ASSUARANCE STANDARDS(AAS)XX
14
7/29/2019 Projects on bank audit
15/95
Control System And Bank Audit
Controls and Regulations (banking regulation act, 1949)
CAPITAL RESERVES
Section 11 of the Banking Regulation Act lays down the requirements regarding
the minimum paid-up share capital and reserves of banking companies. Similar
requirements in the case of cooperative banks are laid down in section 56(h). These
provisions are not applicable to rural banks, nationalised banks, and the State Bank Of
India and its subsidiaries.
Under section 12(1), the subscribed capital of a banking company should not be
less than one-half of its authorized capital and the paid-up capital not less than one-half of
the subscribed capital. If the capital is increased, it should comply with these conditions
within a stipulated time period. Further, the capital of a banking company should consist
of ordinary shares alone, the only exception being in the case of preference shares issued
prior to July 1, 1944. These provisions do not apply to a banking company incorporated
before January 15, 1937 or to a nationalised bank, a regional rural bank, a cooperative
bank, and the State bank Of India and its subsidiaries.
A banking company incorporated outside India is required to deposit with the
Reserve bank in the form of cash and/or approved securities, (a) an amount not less than
the minimum paid-up capital and reserves as prescribed under section 11(2) of the
Banking Regulation Act (1949), and (b) an amount equal to 20 percent of its profits for
each year in respect of all business transacted through its branches in India. However, the
central government may, on the recommendation of the Reserve Bank, exempt a banking
company from these requirements for a specified period having regard to the adequacy of
the total amounts deposited by it with the Reserve Bank in relation to its deposit
liabilities.
Restriction on commission, brokerage, discount, etc. on sale of shares.
Notwithstanding anything to the contrary contained in 3[Secs. 76 and 79 of the
Companies Act, 1956 (1 of 1956)], no banking company shall pay out directly or
indirectly by way of commission, brokerage, discount of remuneration in any form in
respect of any shares, issued by it, any amount exceeding in the aggregate two and one-
half per cent. of the paid-up value of the said shares.
15
7/29/2019 Projects on bank audit
16/95
7/29/2019 Projects on bank audit
17/95
Control System And Bank Audit
Cash reserve.
Every banking company, not being a scheduled bank, shall maintain in India by
way of cash reserve with itself or by way of balance in a current account with the Reserve
Bank or by way of net balance in current accounts or in one or more of the aforesaid
ways, a sum equivalent, to at least three percent Of the total of its demand and time
liabilities in India as on the last Friday of the second preceding fortnight and shall submit
to the Reserve Bank before the twentieth day of every month a return showing the amount
so held on alternate Fridays during a month with particulars of its demand and time
liabilities in India on such Fridays or if any such Friday is a public holiday under the
Negotiable Instruments Act, 1881(26 of 1881), at the close of business on the preceding
working day.
Restrictions on loans and advances.
(1) Notwithstanding anything to the contrary
contained in Sec. 77 of the Companies Act, 1956 (1 of 1956), no banking company shall,
(a) Grant any loans or advances on the security of its own shares, or
(b) Enter into any commitment for granting any loan or advance or advance to or on
behalf of
(i) Any of its directors,
(ii) Any firm in which any of its directors is interested as partner, manager,
employee or guarantor, or
(iii) Any company (not being a subsidiary of the banking company or a company
registered under Sec. 25 of the Companies Act, 1956 (1 of 1956), or a Government
company)] of which 2[or the subsidiary or the holding company of which] any of the
directors of the banking company is a director, managing agent, manager, employee or
guarantor or in which he holds substantial interest, or
(iv) Any individual in respect of whom any of its directors is a partner or
guarantor.
(2) Where any loan or advance granted by a banking company is such that a commitment
for granting it could not have been made if Cl.(b)of sub-section (1) had been in force on
the date on which the loan or advance was made, or is granted by a banking company
after the commencement of Sec. 5 of the Banking Laws (Amendment) Act, 1968 (58 of
1968), but in pursuance of a commencement of Sec. 5 of the Banking Laws (Amendment)
Act, 1968(58 of 1968), but in pursuance of a commitment entered into before such
17
7/29/2019 Projects on bank audit
18/95
Control System And Bank Audit
commencement, steps shall be taken to recover the amounts due to the banking company
on account of the loan or advance together with interest, if any, due thereon within the
period stipulated at the time of the grant of the loan or advance, or where no such period
has been stipulated, before the expiry of one year from the commencement of the said
Sec. 5:
(3) No loan or advance, referred to in sub-section (2), or any part thereof shall be remitted
without the previous approval of the Reserve Bank, and any remission without such
approval shall be void and of no effect.
(4) Where any loan or advance referred to in sub-section (2), payable by any person, has
not been repaid to the banking company within the period specified in that sub-section,
then such person shall, if he is a director of such banking company on the date of the
expiry of the said period, be deemed to have vacated his office as such on the said date.
CONTROL OVER MANAGEMENT
36-AA. Power of Reserve Bank to remove managerial and other persons from office .
(1) Where the Reserve Bank is satisfied that in the public interest or for preventing the
affairs of a banking company being conducted in a manner detrimental to the interests
of the depositors or for securing the proper management of any banking company it is
necessary so to do, the Reserve Bank may, for reasons to be recorded in writing, by
order remove from office, with effect from such date as may be specified in the order
3[any chairman, director,] chief executive officer (by whatever name called) or other
officer or employee of the banking company.
(2) No order under sub-section (1) shall be made 4[unless the chairman, director] or chief
executive officer or other officer or employee concerned has been given a reasonable
opportunity of making a representation to the Reserve Bank against the proposed
order:
Provided that if in the opinion of the Reserve Bank, any delay would be detrimental to
the interests of the banking company or its depositors the Reserve Bank may, at the
time of giving the opportunity aforesaid or at any time thereafter, by order direct, that
pending the consideration of the representation aforesaid, if any 5[the chairman or, as
the case maybe director or chief executive officer] or other officer or employee, shall
not, with effect from the date of such order.
(a) 6[act as such chairman or director] or chief executive officer or other officer or
employee of the banking company;
18
7/29/2019 Projects on bank audit
19/95
Control System And Bank Audit
(b) in any way, whether directly or indirectly be concerned with, or take part in
the management of, the banking company.
(3) If any person in respect of whom an order is made by the Reserve Bank under
subsection (1) or under the provison to sub-section (2) contravenes the provisions of
this section, he shall be punishable with fine which may extend to two hundred and
fifty rupees for each day during which such contravention continues.
(4) Any person appointed as 1[chairman, director or chief executive officer] or other
officer or employee under this section shall
(a) Hold office during the pleasure of the Reserve Bank and subject thereto for a
period not exceeding three years or such further periods not exceeding three years at a
time as the Reserve Bank may specify;
(b) Not incur any obligation or liability by reason only of his being a 5[chairman,
director or chief executive officer] or other officer or employee or for anything done
or omitted to be done in good faith in the execution of the duties of his office or in
relation thereto.
(5) Notwithstanding anything contained in any law or in any contract, memorandum or
articles of association, on the removal of a person from office under this section that
person shall not be entitled to claim any compensation the loss or termination of
office.
Power to inspect.
(1) The Reserve Bank shall, on being directed so to do by the Central Government or by
the High Court, cause an inspection to be made by one or more of its officers of a
banking company which is being wound up and its books and accounts.
(2) On such inspection, the Reserve Bank shall submit its report to the Central
Government and the High Court.
(3) If the Central Government, on consideration of the report of the Reserve Bank, is of
opinion that there has been a substantial irregularity in the winding-up proceedings, it
may bring such irregularity to the notice of the High Court for such action as the High
Court may think fit.
19
7/29/2019 Projects on bank audit
20/95
Control System And Bank Audit
CORPORATE GOVERNANCE:
Goodcorporate governance is the only alternative available before the Indian
corporate sectary and more particularly, banks both commercial and co-operativesector to come atpar with international standards. But, some seriousthought has to
be given to bring certain amount of norm in governanceof the countryspolitical
system.
Corporate Governance has been defined in different ways by different thinkers
and experts.
According to noble Laureate Milion Friedman "Corporate Governance is to
conduct the business in accordance with owner or shareholders' desires, which generally
will be to make as much money as possible, while conforming to the basic rules of the
society embodied in law and local customs". This definition is narrow in scope as it gives
more importance to the owners' stake. Over a period of time, with fast developments in
the world, the .scope of the corporate governance has widened. It now encompasses the
interest of not only the owners but also many other stakeholders.
The OECD experts have defined, "Corporate Governance as the system by which
corporations are directed and controlled. The corporate governance specifies the
distribution of rights and responsibilities among different parties in the corporation, such
as, the Board, managers, shareholders and other stakeholders, and spell out the rules and
procedures for making decisions on corporate affairs. In simple words, corporate
governance is not just profit making, but behaving responsibly, protecting environment,
promoting healthy competition and preventing networth erosion. Corporate governance
cannot be explained by a set of hard and fast rules or standards. The crux of corporate
democracy lies in the accountable business leadership. Its main aim-is to maintain a
balance between economic and social goals and between individual and commercial
goals. According to Mr. J. Wclfensohn, President, World Bank, "Corporate Governance is
about promoting corporate fairness, transparency and accountability".
20
7/29/2019 Projects on bank audit
21/95
Control System And Bank Audit
HISTORICAL BACKGROUND:
The emergence of modern corporate governance is traced back to the Watergate
Scandal in USA. At that time, on investigation, the U.S. regulatory and legislative bodies
were able to highlight control failures that had allowed several major corporations to
make illegal political contributions and to bribe government officials. As a consequence
to this. Foreign and Corrupt Practices Act of 1977 was introduced in USA. that contained
specific provisions regarding the establishment, maintenance and review of a system of
internal controls. Thereafter, a number of other measures were initiated for internal
financial controls and the most important was Headway Commission after the collapse of
Savings and Loans in USA. The 'Headway Commission submitted its report in 1987 and
stressed for the need for a proper control environment, independent audit committees and
an objective Internal Audit Function.
The corporate world in India cannot remain indifferent to the development around
the world. The collapse of South East Asian economies in 1997 made corporate
governance a very vital issue for corporate world. With the fast growth of economy,
corruption is bound to emerge and it is considered as a part of growing economy. In
developing countries, the resources have to be prioritized as required by the policy
makers. Corruption and economic development cannot go hand in hand. If a country is
considered to be corrupt, it may not attract foreign investment. Good corporate
governance is important for running a business on sound ethical values. In the words of
Mr. Deepak Parekh, ethics means, "Not doing a thing one would be ashamed of if it
becomes public".
The only good governance available in the banking sector was the ground rules
and Code of Ethics known as G R A CE, indection of professional directors, redressal of
custom complaints through Ombudsman and functioning of Audit committee of the
Board. The banks enjoyed full protection. They were not exposed to any competition and
there was hardly any concept of transparency and accountability. This became a breeding
ground for malpractices and led to inefficiency due to economic compulsions and
pressure, the Government of India compelled to open Indian economy and introduce
prudential Accounting Norms, as suggested by Narasimham Committee in its report
21
7/29/2019 Projects on bank audit
22/95
Control System And Bank Audit
submitted to RBI in 1990. A new challenge emerged, which led to reform in the Indian
banking system so as to bring it at par to international standards as required under BIS
norms.
CRITICAL ISSUES: -
Apart from the emerging challenges, a few issues having policy implications
continue to remain shrouded in controversy. primarily, they relate to the following areas:
a) Government Ownership: government ownership of the banking sector creates a
number of problems for RBI as the regulator. The problems are particularly
complex because the government often acts as quasi-regulator. Therefore, it is to
be decides whether good governance is compatible with government ownership.
b) Checks and Balances: in India, in most banks, the chairman and CEO positions
are combined. This may create concentration of power in a single individual. It
has been suggested that the roles of the Chairman and CEO be separated.
c) RBI and Government nominee directors: whether RBI can effectively perform
its role as supervisor, when it is also represented on the board through its nominee
director, which may lead to conflict of interest with its regulatory function. More
so, since the nominee of RBI and government are treated as superior to other
directors.
d) Sectoral representation: considering the current trend of liberalization, the
reorientation given to various interest groups in the board for protection of there
sectional economic interests, may have to be reviewed.
e) Quality and proportion of non-executive director: only individuals of proven
professional competence and experience and with special insight into specific
economic activities may be appointed as non-executive directors. The optimum
proportion of executive and non-executive directors continues to be a matter of
debate.
f) Delay in Filling up vacancies in the board: In many cases There is long delay in
filling up the vacancies in the board, which cripples its efficient functioning.
g) Ceiling on number of members in board: the size of the board should be too un
wieldy so as hamper its cohesiveness.
h) Disparities in remuneration of whole time directors: normally, the whole time
directors of PSU banks are remunerated very poorly compared to there private
22
7/29/2019 Projects on bank audit
23/95
7/29/2019 Projects on bank audit
24/95
7/29/2019 Projects on bank audit
25/95
Control System And Bank Audit
3.4 Precautions for averting frauds in
areas of letters of
credit, issue of
guarantees and co-
acceptance facilities
The RBI vide its Cir. No. DBOD. No. GC.
SIC. BC. 97/C.408(A)-83 date 26-11-1983 has
advised the banks to follow the following
precautions for opening LCs, issuing BGs
and co-acceptance of Bills.
(a) LCs, BGs facility should be given only
to the customers having regular credit
facilities and if the customers do not
have regular credit facilities, the
proposal should be appraised like any
other credit proposal.
(b) Before establishing LC, the bank
should examine the financial position
of the customer, his ability to meet the
required funds for retirement of bills onpresentation.
(c) The bank should obtain suitable margin andother security.
(d) If the customer is enjoying credit facilities orhaving account with other banks, withoutreference and concurrence of such other
bank, LC should not be opened.
(e) LC should not be established on theguarantee of another bank.
(f) For performance guarantee, the bank shouldexamine the capacity and means to
perform the obligation under guarantee.(g) With respect to co-acceptance of
bills, the following guide-lines are
given by RBI.
i) The need for sanctioning such
facility should be thoroughly
examined and sanctioned only
to the customers having other
credit facilities.
ii) Genuine trade bills only to be
co-accepted, it should be
ensured that the stocks covered
bills are reflected in the stock
statements of the customer.
iii) Accommodation bills, house bills,
bills of group concerns should
not be co-accepted.
iv) Proper records are to bemaintained for recording the bills
25
7/29/2019 Projects on bank audit
26/95
Control System And Bank Audit
8.14 Monthly certificateof assisted units and
on stocks pledged/
hypothecated to
bank.
co-accepted.v) The powers to co-accept bills,
beyond certain limits must beexerc ised by two officers jointly.
The RBI vide its circular No. DBOD. No.
Com. BC. 28/C.408(A)-81 dated 23-02-1981
has advised the banks to lay down a system
of submitting periodical returns/certificates
to the controlling offices, say monthly,containing the information to show name of
the borrowers, limits sanctioned, short
description and value of the securities
charged to the bank, date of inspection
thereof names and signatures of the officials
who carried out the inspection as also
serious defects if any, observed by the
officials during such inspection. The auditor
should examine whether the branch is
submitting such return to the controlling
office every month.
9.10 Fraud cases up to Rs.25,000/-having
involvement of an
insider should not
be reported to Police,
where the recovery isnot doubtful.
With a view to expedite cases and award of
punishments, the Committee desired that
where a fraud for an amount not exceeding
Rs. 25,000/- involving an employee of the
bank is detected, and the recovery of the
amount is not in doubt, the matter shouldnot be reported to the police.
26
7/29/2019 Projects on bank audit
27/95
Control System And Bank Audit
AUDITING AND ASSUARANCE STANDARD (AAS) XX:
The auditor should obtain an understanding of internal control relevant to
the audit. The auditor uses the understanding of internal control to identify types of
potential misstatements, consider factors that affect the risks of material misstatement,
and design the nature, timing, and extent of further audit procedures. Internal control
relevant to the audit is discussed below.
Internal control, consists of the following components:
(a) The control environment.
(b) Control activities.
(c) Monitoring of controls.
Controls Relevant to the Audit
1) There is a direct relationship between an entity's objectives and the controls it
implements to provide reasonable assurance about their achievement. The entity's
objectives, and therefore controls, relate to financial reporting, operations and
compliance; however, not all of these objectives and controls are relevant to the audi-tor's risk assessment.
2) Ordinarily, controls that are relevant to an audit pertain to the entity's objective of
preparing financial statements for external purposes that give a true and fair view (or
are presented fairly, in all material respects) in accordance with the applicable
financial reporting framework and the management of risk that may give rise to a
material misstatement in those financial statements. It is a matter of the auditor's
professional judgment, subject to the requirements of this AAS, whether a control,
individually or in combination with others, is relevant to the auditor's considerations
in assessing the risks of material misstatement and designing and performing further
procedures in response to assessed risks. In exercising that judgment, the auditor
considers the circumstances, the applicable component and factors such as the
following:
The auditor's judgment about materiality.
The size of the entity.
27
7/29/2019 Projects on bank audit
28/95
Control System And Bank Audit
The nature of the entity's business, including its organization and ownership
characteristics.
The diversity and complexity of the entity's operations.
Applicable legal and regulatory requirements.
The nature and complexity of the systems that are part of the entity's internal control,
including the use of service organizations.
3) Controls relating to operations and compliance objectives may, however, be relevant
to an audit if they pertain to data the auditor evaluates or uses in applying audit
procedures. For example, controls pertaining to non-financial data that the auditor
uses in analytical procedures, such as production statistics, or controls pertaining to
detecting non-compliance with laws and regulations that may have a direct and
material effect on the financial statements, such as controls over compliance with
income tax laws and regulations used to determine the income tax provision, may be
relevant to an audit.
4) Internal control over safeguarding of assets against unauthorized acquisition, use, or
disposition may include controls relating to financial reporting and operations
objectives. In obtaining an understanding of each of the components of internal
control, the auditor's consideration of safeguarding controls is generally limited to
those relevant to the reliability of financial reporting. For example, use of access
controls, such as passwords, that limit access to the data and programs that process
cash disbursements may be relevant to a financial statement audit. Conversely,
controls to prevent the excessive use of materials in production generally are not rel-
evant to a financial statement audit.
Control Activities
1) The auditor should obtain a sufficient understanding of control activities to assess the
risks of material mis-statement at the assertion level and to design further audit
procedures responsive to assessed risks. Control activities are the policies and
procedures that help ensure that management directives are carried out; for example,
that necessary actions are taken to address risks that threaten the achievement of the
entity's objectives. Control activities, whether within IT or manual systems, have
various objectives and are applied at various organizational and functional levels.
Examples of specific control activities include those relating to the following:
28
7/29/2019 Projects on bank audit
29/95
Control System And Bank Audit
Authorization, Performance reviews, formation processing, Physical controls,
Segregation of duties
2) General IT-controls are policies and procedures that relate to many applications and
support the effective functioning of application controls by helping to ensure the
continued proper operation of information systems. General IT-controls that maintain
the integrity of information and security of data commonly include controls over the
following:
Data centre and network operations.
System software acquisition, change and maintenance.
Access security.
Application system acquisition, development, and maintenance.
The auditor should document:
The manner in which these matters are documented is for the auditor to
determine using professional judgment. In particular, the results of the risk assessment
may be documented separately, or may be documented as part of the auditor's
documentation of further procedures. Examples of common techniques, used alone or in
combination include narrative descriptions, questionnaires, check lists and flow
charts. Such techniques may also be useful in documenting the auditor's assessment of
the risks of material misstatement at the overall financial statement and assertions level.
For example, documentation of the understanding of a complex information system in
which a large volume of transactions are electronically initiated, recorded, processed, or
reported may include flowcharts, questionnaires, or decision tables. For an information
system making limited or no use of IT or for which few transactions are processed (say,
long-term debt), documentation in the form of a memorandum may be sufficient.
Ordinarily, the more complex the entity and the more extensive the audit procedures
performed by the auditor, the more extensive the auditor's documentation will be. AAS 3,
"Documentation" provides guidance regarding documentation in the context of the audit
of financial statements.
Effective Date
This Auditing and Assurance Standards is effective for audits related to
accounting periods beginning on or after 1st April, 2007.
29
7/29/2019 Projects on bank audit
30/95
7/29/2019 Projects on bank audit
31/95
Control System And Bank Audit
PREPARATION AND PLANNING FOR AUDIT
The audit preparation and planning should start immediately on receipt of the
appointment letter and the auditor should not wait until actual commencement of audit forthe same. The various stages involved in audit preparation and planning and the other
related issues have been discussed below in detail.
STAGE I: AT THE OFFICE
UNDERSTANDING THE BASIC SCOPE OF AUDIT:
Broadly the scope of audit can be divided into three main parts:
1.Authentication of closing returns such as:
a) Balance Sheet.
b) Profit and Loss Account either for the full year or for two half years.
c) Master Summary of advances containing asset classification.
d) Statement of furniture/fixtures, computers, etc.and depreciation.
e) Statement of Capital Adequacy.
f) Statement of maturity pattern of loans & advances and deposits.
g) Statement of maturity pattern of foreign currency assets and liabilities.
h) Statement of maturity pattern of borrowings.
i) Statement of cash and bank balance on twelve odd dates.
j) Statement of lending to sensitive sectors.
k) Statement of movements in NPA.
1) Statement of advances made by rural branches.
2. Issuance of certificates in relation to:
a) Claim for PMRY subsidy.
b) Refund of DICGC claim.
c) Asset classification, income recognition and provisioning.
d) Memorandum of Changes (MOC) for previous year.
e) Investments, if any, held on behalf of Head office.
3. Issuance of reports including special purpose reports/certificates such as:
a) Auditors Report.
b) Long Form Audit Report.
c) Tax Audit Report.
31
7/29/2019 Projects on bank audit
32/95
Control System And Bank Audit
d) Compliance certificate in respect of implementation of recommendations of Ghosh
& Jilani Committees.
The scope is illustrative and not exhaustive and it may differ from bank to bank.
COMMUNICATION WITH THE BRANCH
Generally, the appointment letter issued by the HO/CO also contains the details
like complete postal address and contact numbers of the branch, name of the branch head,
business portfolio of the branch, etc. If these details are not mentioned in the appointment
letter, the same must be obtained.
Depending upon the business profile of the branch, the auditor must issue written
communication for all the audit requirements to the branch.
PREPARATION OF AUDIT PROGRAMME
1. While preparing/updating audit programme due importance must be given to
a) Auditing & Assurance Standards and other pronouncements of the Institute.
b) Provisions of the governing statutes.
c) Latest closing instructions.
d) Latest business profile.
e) Audited and un-audited financial statements.
f) LFAR for the previous year.
g) Guidelines and circulars issued by RBI.
h) Past experience of bank audit.
2. Generally, the information about the closing returns to be signed and certificates and
reports to be issued is mentioned in the appointment letter and/or the closing instructions
issued by the HO/CO. It must be ensured that all this information is properly
updated/incorporated in the audit programme and all the related instructions for the
closing returns, certificates, reports, etc., are incorporated in the audit checklist.
3. As most of the branches/operations are computerized, due emphasis must be given
to the level of computerization at the branch level. The audit approach in case of a
computerized branch is totally different from the one adopted in case of the branch
maintaining manual records.
4. The audit programme must be flexible and have substantial scope for
modification/revision during the course of audit.
32
7/29/2019 Projects on bank audit
33/95
7/29/2019 Projects on bank audit
34/95
Control System And Bank Audit
EXECUTION OF AUDIT
During execution of audit, following important aspects must be borne in mind:
1. The audit programme and the checklists must be suitably updated/ modified in the
light of the understanding gathered about the overall functioning of the branch.
2. The audit observations must be discussed on a daily basis.
4. The documentation and proper filing must be given due importance. All the audit
memos along with the supporting documents must be systematically filed on a daily
basis.
5. The final issues affecting the true and fair view and other disclosures must be
discussed with the branch management.
COMPLETION OF AUDIT
At the final stage, the following important aspects must be borne in mind:
1. The auditor must ensure that all the audited closing returns, reports and certificates
have been duly signed and stamped.
2. It must be ensured that LFAR has also been prepared and discussed with the branch.
3. Tax audit must also be completed during the course of statutory audit, as no separate
visit is allowed for the same.
4. The copies of the audited closing returns, reports and certificates are obtained for the
purpose of filing.
5. Necessary representation letter must be obtained from the branch management.
6. In case the Bank requires Attendance Certificate to be submitted along with the bill,
ensure that the same has been obtained in the prescribed format.
AUDIT OF BL. AND P&L:
The statutory audit of banks and their branches is generally described as Balance
Sheet Audit.The audit procedures followed in case of banks are to some extent different
from those followed in case of other entities. The reason being the system of accounting
followed and the nature of records maintained by the banks. Before we proceed with the
Balance Sheet and the Profit & Loss Account, it is advisable to gain an understanding of
accounting system and the nature of records of the branch.
34
7/29/2019 Projects on bank audit
35/95
7/29/2019 Projects on bank audit
36/95
Control System And Bank Audit
SPECIFIC AUDIT APPROACH FOR MAJOR ITEMS OF BALANCE SHEET
PART I: ASSETS
1. Cash
a) Evaluate the effectiveness of internal controls being exercised by the branch by
making enquiries about the daily verification of cash at the opening and the
closing hours, maintenance of cash related registers and vault regi'ster, safety of
cash cabin, dual custody of cash, safe keeping of vault and cash box keys,
recording of movements of keys, dual custody of the keys, security arrangements
for cash movements, decoy money, daily cash holding and retention limit, etc.
b) Review the reports of the concurrent auditors to ascertain the level and
effectiveness of internal controls and also ascertain the frequency of cash
verification carried out by the concurrent auditors.
c) Verify the closing cash balance at the branch and the extension counter/ATM
center connected to the branch as on the last day of the year or as of any day
during the course of audit in the presence of the cashier and the manager.
2. Balances with Reserve Bank of India, State Bank of India and other Banks
Verify the balances as per the books with the balance confirmation certificates
received from these banks.Ensure that the matters to be reported in LFAR have been duly
verified and incorporated.
3. Money at call and short Notice
Generally these assets are not held or dealt with at the branch level.
4. Investments
Generally these assets are not held or dealt with at the branch level.
5. Advances
The audit approach in respect of advances is covered in detail in audit of
advances
6. Furnitures, fixtures, computers and office equipments
a) Evaluate the effectiveness of internal controls over acquisition, recording,
identification, safeguarding and periodic verification of these items.
b) Verify the major additions and deletions/disposals with the related supporting
documents such as invoices, challans, etc.
36
7/29/2019 Projects on bank audit
37/95
Control System And Bank Audit
7. Other asset - Inter Office adjustments (NET)
a) Understand the basic nature of such transactions, the relevance thereof for the
overall presentation of financial statements and the procedure for recording such
transactions.
b) Ensure that the closing balance shown in the statement of the last day of the year
tallies with the corresponding balance in General Ledger.
c) Comment of very old and high value un-reconciled items.
8. Other asset - Interest accrued
Ascertain the system of accruing interest on advances in the computerized branch
in the light of RBI guidelines for monthly charging of interest.
9. Other asset - Suspense account
a) Understand the guidelines issued by HO for operating suspense account.
b) Obtain the details of entries/items outstanding as at the year-end.
c) Identify the provision to be made in respect of very old entries.
d) Ensure that the matters to be reported in LFAR have been duly verified and
incorporated.
10. Other asset - Stationery and stamps
Evaluate the effectiveness of internal controls exercised by the branch for
acquisition, recording, usage, physical verification, dual custody, access, etc., for stamps,
deposit receipts, drafts, pay-orders, cheque books, traveller's cheques, gift cheques, etc.
12. Other asset - Miscellaneous debits in Government accounts
Generally the balance outstanding in this account indicates the pending claims to
be received from the Government towards pension, provident fund, etc., paid by the
branch on behalf of the Government.
13. Other asset - Security deposits
It relates to telephone deposit, mobile deposit, electricity deposit, deposit paid to
the landlord for leased premises, etc.
PART II: LIABILITIES
1. Deposits
a) Ensure that the balances as per the subsidiary ledgers of various deposit accounts
are duly balanced and tallied with the respective balances in the general ledger. Any
difference in the balancing should be reported in the audit report.
37
7/29/2019 Projects on bank audit
38/95
Control System And Bank Audit
b) Understand the types of various deposits held by the branch and the salient
features of those deposits with reference to the due dates for application, accrual,
compounding and payment of interest.
c) Ascertain that the branch has complied with the RBI guidelines related to opening
and maintenance of deposit accounts including NRI deposit accounts. More
emphasis should be given to KYC norms, operations in new accounts, heavy cash
deposits and withdrawals, etc. Any serious discrepancy in this regard should be
reported.
2. Borrowings
Generally borrowings are not held or dealt with at the branch level.
3. Bills payable
a) Generally bills payable relates to pay-order (PO), demand draft (DD),
telegraphic transfer (TT) and mail transfer (MT) and banker's cheque issued by the
branch. The balances in these accounts indicate progressive balance that is subject
to reconciliation at HO level.
b) Ensure that the details of lost demand drafts, if any, circulated by RO/HO is
readily available with the branch.
4. Inter-office adjustment (NET) For details refer item 7 of PART I.
5. Interest accrued
Ascertain the system of accruing interest on deposits in the computerized branch.
Generally interest on deposits is accrued at the last day of the month and is reversed on
the first day of the succeeding month.
7. Other liabilities - Rebate on Bills discounted
a) Ascertain that the branch has complied with the related accounting policy and
necessary accounting has been done in respect of discount received in advance for
the un-expired period of the bills outstanding as at the year-end.
b) In case the bill-wise details are not made available and the amount of rebate is
material, report the fact in the audit report.
38
7/29/2019 Projects on bank audit
39/95
Control System And Bank Audit
8. Other liabilities - Tax deducted at source
`Normally tax is deducted at source as per the Income Tax Act, 1961 in respect of
interest on term deposit, staff salaries, rent, professional charges and payments made
to the contractors, etc.
9. Other Liability - unrealized interest on NPA
a) This account is also referred to as Interest Suspense, De-recognized Interest, etc.
b) Generally the branches are required to maintain subsidiary ledger/register for
recording account-wise details of unrealized interest.
10. Other liabilities Others
a) This could include sundry deposits, staff security deposit, margin money and
statutory dues such as deduction of professional tax, provident fund, ESI, etc.
b) In respect of the statutory dues, ensure that proper reporting has been done in the
Tax Audit Report.
PART III: CONTINGENT LIABILITY
1. Claims against the Bank not acknowledged as debts
a) Generally this includes disputed amounts of lease rent, property tax, etc., in respect
of premises taken on lease.
b) Obtain suitable representation from the branch about the completeness of the
disclosure of such contingent liabilities.
2. Guarantees and acceptances, endorsements & other obligations
Obtain the list of un-expired guarantees and letters of credit. In case the list is not
made available, report the fact in the audit report.
PART IV: BILLS FOR COLLECTION (CONTRA ITEMS)
a) Obtain the list of bills /or collection (inward and outward) outstanding as at the
year-end and verify the same with the related registers maintained by the branch.
b) Ascertain that age of the outstanding bills and the reasons for old items.
39
7/29/2019 Projects on bank audit
40/95
Control System And Bank Audit
SPECIFIC AUDIT APPROACH FOR MAJOR ITEMS OF PROFIT AND LOSS
ACCOUNT
PART I: INCOME
1. Interest/discount on advances/bills
a) Evaluate the overall effectiveness of internal controls through the reports of
concurrent auditors and other agencies.
b) Ascertain the nature and the extent of revenue leakage detected by the
concurrent auditors.
c) Ascertain that the branch has complied with HO instructions for recognizing
penal interest and overdue interest.
2. Other income - commission, exchange and brokerage
a) It normally includes commission/exchange on letters of credit, guarantees,
remittances and transfer of funds through DD, TT, MT, etc., bills for collection and
Government business.
b) Ensure that the branch has complied with the provisions of Service Tax and
other taxes applicable on services.
3. Other income - profit on sale of fixed assets
a) It normally includes profit or loss (net) on sale of motor vehicle, furniture and
fixtures, computers and other fixed assets held by the branch.
b) Ensure that proper accounting has been done for the depreciation till the date
of disposal as per the accounting policy framed by the bank.
4. Other income - miscellaneous income
a) It normally includes locker rent, recovery of godown rent, income from bank's
property, security charges, etc.
b) In case locker rent is recovered in advance for a year or more, ensure that the
same is properly apportioned on time period basis or as per the accounting policy
advised by HO.
PART II: EXPENDITURE
1. Interest on deposits
a) Evaluate the overall effectiveness of internal controls through the reports of
concurrent auditors and other agencies.
b) Obtain copies of applicable interest rate circulars issued by HO and verify the
rate applied for certain deposit accounts. More emphasis should be given to changes
40
7/29/2019 Projects on bank audit
41/95
Control System And Bank Audit
in the rates, premature closures, back-dated renewals, high value deposits, short-
term deposits, staff deposits, special category of deposits, tax deduction at source,
etc.
2. Salary & allowances to staff
a) Generally monthly salary and allowances to staff are processed centrally
either at RO or at any other main branches and the related records are also
maintained there. The monthly salary sheets are then passed on to the
respective branches and the payment is made by those branches. In such a situation,
it must be ensured that the branch has properly accounted the payments for the
entire year.
3. Rent
a) Obtain the details of the rented premises used by the branch either for the
branch operations or for the officers/managers and the copies of the rent
agreements.
b) In case the lessor has availed loan against the rent payable by the branch ensure
that the rent is properly appropriated towards the loan outstanding.
4. Electricity
a) Obtain the details of connections that are used for the branch premises and for
the staff premises.
b) Ensure that the payment is made as per the original bills held by the branch.
5. Printing & stationery
Generally HO or any centralised department of the bank ! supplies major
stationery items like security items, etc., to the branches. At branch level, these items are
recorded in the memorandum registers for the purpose of internal control. In case these
items are recorded in the main books, ensure that the same are properly accounted as per
the advices received from the HO.
6. Depreciation
a) Ensure that the depreciation has been charged as per the rates and the method
prescribed in the HO instructions especially with reference to additions and
deletions during the year. More emphasis should be given to inter branch transfer of
assets and the depreciation thereon.
41
7/29/2019 Projects on bank audit
42/95
Control System And Bank Audit
b) Generally the branches commit mistakes in identifying revenue and capital
expenditure. In case such mistakes are observed during the course of audit, it is
advisable to identify the corresponding impact on the depreciation.
7. Legal charges
Ensure that these payments are made on the basis of the bills and other supporting
documents. More emphasis should be given to the approval/sanction of higher authorities
required for making such payments.
8. Postage, telegram & telephone
a) Obtain the list of telephone connections used in the branch premises and
residential premises of the staff, as per the policy of the bank.
c) Ensure that the payments are made as per the original bills held by the branch.
9. Repairs & Maintenance
Normally it includes expenditure incurred on repairs and maintenance of vehicles,
furniture, fixtures, premises, etc., and annual maintenance contracts (AMC) for
computers, air conditioners, etc.
10. Insurance
a) Normally it includes expenditure incurred on insurance of office equipments
installed at the branch like computers, air conditioners, etc.
d) Obtain the details of insurance policies, if any, held by the branch.
11. Other expenditure
It includes all other expenditure including professional charges, concurrent audit fees,
etc., that is not included in any of the specific heads.
42
7/29/2019 Projects on bank audit
43/95
7/29/2019 Projects on bank audit
44/95
Control System And Bank Audit
PART III: IMPORTANT ASPECTS OF PRUDENTIAL NORMS
While verifying compliance of the prudential norms issued by RBI give more
emphasis on:
a) Operations in the accounts of the borrower.
b) Possibility of window dressing in the account.
c) Reversal of unrealised interest.
d) Identification of the date of NPA.
e) Valuation of security.
f) Accounts upgraded from NPA category to standard category.
g) Potential NPA.
h) Standard accounts with lowest credit rating
i) Standard accounts with negative net worth/under BIFR.
j) Asset classification by the other consortium members.
PRUDENTIAL NORMS ON ASSET CLASSIFICATION, INCOME
RECOGNITION AND PROVISIONING
I. VERIFICATION OF COMPUTERIZED CLOSING RETURNS
a) Presently many of the banks are using customised software for generation of master
summary and account-wise report on asset classification, income recognition and
provisioning. Such software facilitates more accuracy and consistency in compilation
of data on prudential norms, provided the same are thoroughly tested and approved.
b) As regards the system generated returns it is important to note that these returns do
not substitute the normal audit procedures that are to be performed by the auditor.
These returns only facilitate the audit to certain extent and hence the same must be
accepted after performing normal audit procedures.
c) Generally the system-generated returns contain lot of information that may be
relevant only for the purpose of management information. As this information is not
to be audited, it is advisable to state the fact in the relevant return that is to be
certified.
II. SALIENT FEATURES
1. Non-performing Assets :
44
7/29/2019 Projects on bank audit
45/95
Control System And Bank Audit
a) An asset, including a leased asset, becomes non-performing when it ceases to generate
income for the bank. In other words, a non-performing asset (NPA) shall be a loan or
an advance where;
I) Interest and/ or installments of principal remain overdue for a period of more than
90 days in respect of a term loan;
II) The account remains 'out of order' as indicated below, in respect of an
Overdraft/Cash Credit (OD/CC);
III) The bill remains overdue for a period of more than 90 days in the case of bills
purchased and discounted;
IV) Interest and/or installment of principal remains overdue for two harvest seasons
but for a period not exceeding two half years in the case of an advance granted for
agricultural purposes; and
V) Any amount to be received remains overdue for a period of more than 90 days in
respect of other accounts.
e) The credit facilities backed by guarantee of the Central Government though overdue
may be treated as NPA only when the Government repudiates its guarantee when
invoked.
f) An account where the regular/ad hoc credit limits have not been reviewed/renewed
within 180 days from the due date/ date of ad hoc sanction will be treated as NPA.
d) In respect of accounts where there is potential threat of recovery due to erosion in the
value of security or no availability of security and existence of other factors, say,
fraud committed by the borrower, etc., the account should be classified as doubtful
asset or loss asset as appropriate, irrespective of the period for which it remained as
NPA.
2. Out of order
An account should be treated as 'out of order' if the outstanding balance remains
continuously in excess of the sanctioned limit/ drawing power. In cases where the
outstanding balance in the principal operating account is less than the sanctioned limit/
drawing power, but there are no credits continuously for 90 days as on the date of
Balance Sheet or credits are not enough to cover the interest debited during the same
period, these accounts should be treated as 'out of order'.
45
7/29/2019 Projects on bank audit
46/95
7/29/2019 Projects on bank audit
47/95
Control System And Bank Audit
c) There is no objection to the banks using their own discretion in debiting interest
to an NPA account taking the same to Interest Suspense Account or maintaining
only a record of such interest in memorandum accounts.
5. Provisioning
Minimum Provision
a) Standard Asset:
The banks should make a general provision of a minimum of 0.25 per cent on
standard assets on global loan portfolio basis.
b) Sub-standard Asset:
A general provision of 10 per cent on total outstanding should be made without
making any allowance for DICGC/ECGC guarantee cover and securities available.
The 'unsecured exposures' that are identified as 'substandard' would attract additional
provision of 10 per cent, i.e., a total of20 per cent on the outstanding balance. Unsecured
exposure is defined, as an exposure where the realisable value of the security, as assessed
by the bank/ approved valuers/Reserve Bank's Inspecting Officers, is not more than 10
per cent, ab-initio,of the outstanding exposure. 'Exposure' shall include all funded and
non-funded exposures (including underwriting and similar commitments).
c) Doubtful Asset:
i) 100 per cent of the extent to which the advance is not covered by the realisable
value of the security to which the bank has a valid recourse and the realisable value is
estimated on a realistic basis.
ii) In respect of the secured portion, provision has to be made on the following basis
at the rates ranging from 20 per cent to 100 per cent of the secured portion depending
upon the period for which the asset has remained doubtful.
47
7/29/2019 Projects on bank audit
48/95
Control System And Bank Audit
Period for the asset has remained in
doubtful category
Provision to be made (%)
Up to 1 year (Dl category)
More than 1 year but less than 3 years (D2
category)
More than 3 years (D3 category)
a) Outstanding in D3 category as on
31/03/2004
b) Classified in D3 category on or after
1/04/2004
20
30
50 (as on 31/03/2004)
60 with effect from 31/03/2005
75 with effect from 31/03/2006
100 with effect from 31/03/2007
100 with effect from 31/03/2005
iii) Banks are permitted to phase the additional provisioning consequent upon the
reduction in the transition period from sub-standard to doubtful asset from 18 to 12
months over a four-year period commencing from the year ending March 31, 2005, with a
minimum of 20 % each year.
Floating Provision
Some of the banks make a 'floating provision' over and above the specific
provisions made in respect of accounts identified as NPA. The floating provisions,
wherever available, could be set-off against minimum provisions as per above stated
provisioning guidelines. Considering that higher loan loss provisioning adds to the overall
financial strength of the banks and the stability of the financial sector, banks are urged to
voluntarily set apart provisions much above the minimum prudential levels as a desirable
practice.
Treatment of Interest Suspense AccountAmounts held in Interest Suspense Account should not be reckoned as part of
provisions. Amounts lying in the Interest Suspense Account should be deducted from the
relative advances and thereafter, provisioning as per the norms, should be made on the
balances after such deduction.
Advances Covered By ECGC
In the case of advances guaranteed by ECGC, provision should be made only for
the balance in excess of the amount guaranteed by ECGC. Further, while arriving at the
provision required to be made for doubtful assets, realisable value of the securities should
48
7/29/2019 Projects on bank audit
49/95
Control System And Bank Audit
first be deducted from the outstanding balance in respect of the amount guaranteed by
ECGC and then provision made.
IMPORTANT ASPECTS
1. Advances under consortium arrangement
Asset classification of accounts under consortium should be based on the record of
recovery of the individual member banks and other aspects having a bearing on the
recoverability of the advances.
The banks participating in the consortium should, therefore, arrange to get their share of
recovery transferred from the lead bank or get an express consent from the lead bank for
the transfer of their share of recovery, to ensure proper asset classification in their
respective books.
2. Accounts where there is erosion in the value of security
i) An NPA need not go through the various stages of classification in cases of serious
credit impairment and such assets should be straightaway classified as doubtful or loss
asset as appropriate. Erosion in the value of security can be reckoned as significant
when the realisable value of the security is less than 50 per cent of the value assessed by
the bank or accepted by RBI at the time of last inspection, as the case may be. Such
NPA may be straightaway classified under doubtful category and provisioning should
be made as applicable to doubtful assets.
ii) If the realisable value of the security, as assessed by the bank/ approved valuers/RBI is
less than 10 per cent of the outstanding in the accounts, the existence of security should
be ignored and the asset should be straightaway classified as loss asset. It may be either
written off or fully provided for by the bank.
3. Loans with moratorium for payment of interest
In the case of housing loan or similar advances granted to staff members where
interest is payable after recovery of principal, interest need not be considered as overdue
from the first quarter onwards. Such loans/advances should be classified as NPA only
when there is a default in repayment of installment of principal or payment of interest on
the respective due dates.
4. Agricultural advances
A loan granted for short duration crops will be treated as NPA, if the installment of
principal or interest thereon remains overdue for two crop seasons. A loan granted for
long duration crops will be treated as NPA, if the installment of principal or interest
thereon remains overdue for one crop season.
49
7/29/2019 Projects on bank audit
50/95
Control System And Bank Audit
4
TECHNOLOGY IN BANK AUDIT
AUDITING IN COMPUTERISED ENVIRONMENT
SYSTEM AUDIT
USE OF CAAT TOOLS : IDEA 2004
50
7/29/2019 Projects on bank audit
51/95
Control System And Bank Audit
AUDITING INCOMPUTERISED ENVIRONMENT
Technology and its progress has often been linked to progress of civilization.
From the time man learnt to control fire to the iron and Bronze Age, we have notedthat the control over inventions like guns and cannons have given certain civilizations
the upper hand over the ones they conquered. It is not necessary for the inventions and
progress to be restricted to the field of military or defence. Progress in Banking is an
equal parameter of the cultural development of a civilization and like any other field;
this sector is not spared from the technical revolution, which has taken over other
sectors. This delves into the necessity of value added APPROACH to the traditional
audit and not solely dependent on the system auditors. These approaches are general
and can be applied to any environment whether LAN Branch or a core banking
situation.
Is the burden shifted to the system auditor?
There is unlikely any professional who will take this stand of shifting the burden
to the other auditor. There are a few checks you can do without undergoing intensive
training and examination! Please note that the computer system environment referred to
here is a minimum of LAN (Local Area Network) or even a Core system where the data
hub is at a Central Location and the branches/offices are connected to this data hub
despite being many cities away. Apart from the large corporations and multinationals,
many Banks, even large co-operative Banks have taken this option. Even the branch
auditor, thus, has to take certain precautions to ensure he gives justice to his work.
51
7/29/2019 Projects on bank audit
52/95
Control System And Bank Audit
PHYSICAL
ACCESS
CONTROL
In case the site is a LAN, the Server should be secure since thesoftware and data is located in this device. Access to theServer room should be restricted and only senior managementshould permit 'outsiders' like software and hardware vendors
to enter the server room. Many of the frauds that have alreadyoccurred in India would have been prevented only if thisaccess was closely monitored.
ENVIRONMENTAL
SECURITY
Apart from protecting the server from bad intentionedpersons, we have to ensure it is protected from accidents offire and water by installation of smoke alarms in the serverroom and extinguishers outside the server room. In case ofcore banking, the devices used for communication should beaccorded the status of protection of the server.
SAFEGUARDING
OF ASSETS -UPS
Computers require electrical power for working and when the
environment is live, work comes to a standstill unless power isprovided though a UPS (Uninterrupted Power Supply) Thishas battery bank and is activated immediately when the powerfails providing a continuous power without any interruption.These machines heat when generating power and if properventilation is not provided, these UPS will provide service forshorter durations not only compromising the work but alsowasting the investment of the company. Simple rules ofmaintenance should also be followed and monitored.
OPERATING
SYSTEMCONTROLS
While all pay attention to the application software access,
many forget to police the access to the operating system. Filecopy, deletion even data manipulation (especially underdatabase environments) etc. are some potential disasters thatare possible unless controlled. You will have to ensure that thecompany holds the original license for using the operatingsystem software. Ensure whether the original OperatingSystem Media supplied by the vendor is available in theCompany. This is necessary to ensure reloading in case ofaccidental corruption. Only if the company has the system canit be loaded without waiting for the vendor's representative.
APPLICATIONSYSTEM
CONTROL
The application developed for the company should be encodedand not left in a manner that can be re-programmed by theuser. This will enable any person knowing a bit of
programming of that language to design trapdoors for fraudand these are later very difficult to identify. Over here,'Prevention is easier than the cure'.
52
7/29/2019 Projects on bank audit
53/95
Control System And Bank Audit
PASSWORD AND
ACCESS
CONTROL
Password control is the 'logical' access to the computer. Thesystem should have passwords and these should be demanded
by the system to changed frequently ensuring that the lastpassword is not accepted, (not accepting last 12 is the least)Along with this, the 'internal control' should be ensured by the
system ensuring that the person creating the voucher shouldnot be permitted to authorize the voucher and withoutauthorization, no voucher (other than system generated vouch-ers) should be accepted by the system. The corollary of thisrequirement is to ensure (check) that each user has only oneidentity in the system otherwise one person will take theidentity of the clerk and with a change in short name takeanother identity of an officer thus effectively compromisingthe system.
Checklist for Audit of Computerized Operations
ENVIRONMENT
1. Securing thecomputers
The machines should be locked at the end of the day. Ensure thateither the furniture, which is adjusted for locking, is locked or thatthe hardware lock of the computer is used. This is a simple pointoften ignored. Unlocked computer means any one can start it andthe only hurdle after that is the password. Poor passwordmaintenance further compounds risk of unlocked computers.
2. Securingduringoperations
During computer operations especially during service hours, it isnot uncommon for the operator to leave his/her seat. The operatorand thus you as an auditor should ensure that the operator either
exits form the system or leaves it at a point where it cannot proceedwithout a password.
Password
Password is a key to something more valuable than cash - data
No. Check for Discussion on checkpoint
1, Passwordallotment
register
When a password is allotted, entry is made in this register. This issimilar to the key register where entries are made at time of giving
keys. Check here whether the password level is also specified.Authority to give password is to the branch manager and those whohold supervisor password.
2. PasswordChangeregister
Where software does not control change in password (where notonly warnings are given but user is disabled unless the password ischanged after specified date) a register has to be shown to you withdates of change of password. In absence of this register, you do nothave evidence that the passwords are changed frequently.
3. Two tothree
supervisorsonly
Supervisor password level permits the holder of this passwordunlimited access. Ensure there are a minimum of two and a
maximum of three such holders. Check the systems and proceduremanual of the Bank in case they specify a different figure.
53
7/29/2019 Projects on bank audit
54/95
7/29/2019 Projects on bank audit
55/95
Control System And Bank Audit
OBJECTIVES OF SYSTEMS AUDIT
The basic objectives of Systems Audit are to ensure:
a) The assets are safeguarded in the system
b)Data integrity is maintained throughout the system
c) Organisational goals are effectively achieved by the system
d)Resources in the system are being consumed efficiently
Computer System Vs. Manual System
Any system, manual or computerised, must have some internal controls. These
internal controls ensure Asset Safeguarding, Data Integrity, Achievement
of Organisational Goals and Efficient Consumption of Resources within the
Organisation. However, nature of these internal controls and their
implementation may vary widely in Manual System and Computerised
System, for the following factors:
a) Separation of duties
b)Authority and responsibility
c) Dependable and skilled personnel
d)Authorisation
e)Availability of documents and records
f) Custody of assets and records
g)Management by supervisio
h)Verification of performance
Assessment of Controls :
In any system, controls play a very important role. They reduce possible losses by reducing
probabilities of component failure and also by reducing the amount of losses, if component
fails at all.
Auditor's task in a computerised system is complex because number and range of controls
are increased. A systems auditor should assess the following controls:
55
7/29/2019 Projects on bank audit
56/95
Control System And Bank Audit
CONTROL CONTROL FUNCTIONS
To ensure correct identification of
objects
(e.g. the users, programs) by the system
To ensure correctness of data and accurate
processing in the system
To ensure protection