Embed Size (px)
Citation preview
IOBOA PROMOTION MATERIALON
Inspection and Audit Policy
By Jeetendra Kumar Panda
Topics covered
1. Concurrent Audit2. Statutory Audit 3. Revenue Audit4. FEMA Audit5. Management Audit6. Forensic Audit7. Credit Compliance Audit8. Stock Audit9. Legal Audit10. Short Inspection11. Jewel Loan Inspection12. SACC -Self Assessment
Compliance Certificate
INSPECTION AND AUDIT POLICY
13. PVRO- Physical verification ofcompliance by RO
14. Offsite Control Audit System(OCAS) alerts
15. OAS-PROBE16. KYC Audit17. Self Audit of Income and
Expenditures18. IS Audit (Information System)19. RBIA- Risk Based Internal
Audit20. RIVA & RACE
Concurrent Audit:
➢The concurrent audit system of the bank should cover minimum60% of advance and 50% of deposit.
➢Concurrent Audit assignment Period- 1st July to 30th June offollowing year.
➢Concurrent Auditor should submit the report within 5 working daysor 7th of succeeding month whichever earlier.
➢Branch Manager or second-line (in absence of BM) shall accept thereport within next 2 working days from date of submission.
➢Rectification : Maker and Checker has 30 days time for rectification.
➢Rating of the Branch is done Quarterly.
➢Concurrent Audit review meeting should be conducted by ROwithin 20 days after the end of the quarter.
Concurrent Audit:
➢Remuneration of Concurrent auditors:
➢Delay in submission of report:
1. First instance : BM insist on timely submission
2. Second instance : RM Warning Letter
3. Third Instance : 20% fees reduction for the month
4. Fourth Instance : 50% fees reduction for the month
5. Fifth Instance : Recommend to GM Inspection for Termination.
Statutory Audit:
➢Statutory Audit of Branches are being done on quarterly as wellas annual basis.
➢For the purpose of quarterly audit of 20 branches plus branchesunder concurrent audit to be audited by SCA which should atleast cover 50% of the advances and 50% of the NPA.
➢For the purpose of Annual Audit of Branches, all Branches havingadvance of Rs.20 Cr and above are selected along with 20% ofremaining branches representing all category of Branches so thatat least 90% of advances are covered under the Audit.
➢The deficiencies are reported in LFAR for compliance.
➢Compliance is to be submitted to RBI within 60 days from thedate of report.
Statutory Audit:
➢The main objective of Statutory Audit is
1. Verification of P & L and Balance sheet which have impact
on income and expenditure of Bank
2. Proper classification of NPA and to ensure there is no bad
asset which are being shown as standard
3. Verification of provisioning for different kind of expenditure
including provisioning requirement for NPA
Revenue Audit:➢Revenue audit is conducted to ensure that :
1. To check the proper interest rate are applied.
2. Eligible service charges are collected.
3. Revenue and capital charges are authorized by authorities.
4. Arithmetically accuracy in computation of revenue.
➢It is done for the period Jan – Dec.
➢Branches where total Advances is 5 crore and above as on 31st Dec.
➢If the leakage detected and found that it occurred due to user negligence ,suitable staff accountability may be conducted and in such cases disciplinaryaction may be initiated against erring official
➢If the leakage detected and found that it occurred due to concurrent Auditors orRevenue Auditors, suitable disciplinary action may be initiated against erringofficial for such omission
• Branch is having time of 2 days for recovery or reason of non-recovery to RO
FEMA & Management Audit
FEMA:
➢It is conducted by concurrent auditor of AD branches.
➢It is done half yearly basis
➢Compliance of FEMA guidelines at AD branches are checked.
Management Audit:
➢CO departments, Regional Offices and specialized departments.
➢Review of policies in force
➢How effective functioning
➢It is conducted Yearly
Forensic Audit:
➢Forensic Audit is the examination of financial statements to extractevidences that can be used in a court of law or in a legalproceedings.
➢It is done to find facts that are admissible in court of law to provefinancial crime like diversion and siphoning of fund as well as fraud.
➢Forensic audit needs expert in Audit and Accounting as well asexpert of the legal implications of such audit reports.
➢To maintain the quality of reporting under Forensic Audit results,the panel of professionals having expertise and training in relevantfield are appointed as forensic Auditors.
➢The empanelment shall be in force for 2 years i.e. during 2 calendaryears.
Credit Compliance Audit
➢CCA is comprehensive credit monitoring and risk mitigation tools inline with the RBI guidelines.
➢All domestic advances having exposure of Rs.50 Lakh and above arecovered under this audit. 2% of advances between Rs.25 Lakh andRs.50 Lakh is also covered under CCA.
➢All overseas advances having exposure of Rs.100 Lakh and aboveare covered under this audit.
➢Loan against Deposit/Liquid Securities , Standalone term loan andNPA accounts are outside the scope of CCA.
➢CCA is conducted once in a year for all eligible accounts. However incase of fresh limits/enhanced limits sanctioned, it shall beconducted within two months from the date of first disbursement.
Credit Compliance Audit
➢Branches which covered under Concurrent Audit, the ConcurrentAuditor of that particular branch will be assigned for conducting theCCA'
➢The branches which were not covered under Concurrent Audit, theassignment of CCA is as follows:
1. Concurrent Auditor of Nearby Branch
2. CA From Panel
3. Ex Staff Taken for Branch Audit
➢Irregularities to be rectified within 15 days of report
Stock Audit:➢Stock Audit is conducted every year to verify :
1. The stocks and book debts to ensure proper valuation, availability of adequate, non-obsolete and movable stock, regular book debts which covers the bank’s exposure
2. Availability of margin as per the terms of sanction and overall analysis of the data
3. Checking for early warning signals (as detailed in RBI circular dated 07.05.2015) bycorrelating various parameters like ageing of book debts, obsolete stock,maintenance of records etc.
4. Working capital facilities(FB & NFB) having outstanding exposure of Rs.5.00 Cr andabove as on 31st March are eligible for stock audit except the following: Staff CC,MCC, CC-ETF CC-DEP
➢Stock audit also not to be done in following cases1. NPA accounts where no stock or receivable available
2. Consortium where we are not lead bank
3. Public Sector Undertakings
4. Multiple Banking where other banks already done the stock Audit
Stock Audit:➢The stock audit is to be conducted within One month from the date of
assignment.
➢A timeline of One month is allowed for submission of stock audit report afterconcluding the audit. The report is to be submitted in the specified format andnow made in online.
➢Thus the stock audit report is to be submitted within 2 months from the dateof assignment.
➢In case of any unethical behaviour by one auditor with the borrower, Branchcan submit recommendations for change of auditor through Regional Office.
➢The stock audit should be commenced within 15 days of receipt ofassignment and if the borrower/branch is not co-operating, the auditor has toinform the branch/RO on the same immediately under information to CreditMonitoring Department, CO.
Accountability for Revenue Leakage:➢Concurrent Auditor:
1. First Occasion, amount not more than 100000 or entire amount is recoveredby branch within same day of detection – Concurrent Auditor will becautioned.
2. Second Occasion, amount not more than 100000 or First occasion withaggregate amount 100000 and above but below 1000000, Penalty of 10000.
3. Third Occasion, Aggregate amount not more than 100000 or second occasion,aggregate amount 100000 & above and below 1000000 or aggregate amount1000000 and above – Termination of auditor & de-empaneled.
➢Revenue Auditor:
1. If the aggregate amount 100000 and above –auditor shall be de-empaneled.
Legal Audit➢All credit exposures of Rs.5 crore and above to periodic legal audit and re-
verification of title deeds with relevant authorities as part of regular auditexercise till the loan stands fully repaid.
➢In respect of standard asset accounts of RS.5Crore and above, Legal Auditexercise is to be done by RO/Branches once in twenty seven months until suchtime the Bank's dues therein are fully repaid.
➢In respect of non-performing Asset (NPA) accounts with RS.5.00Cr. and aboveoutstanding, Legal Audit is to be conducted once in twelve months till such timeRecovery Satisfied in respect of such NPA accounts.
➢If any subsequent enhancement is given in any existing Credit Exposure ofRS.5.00Cr. and above, then once again Legal Audit is to be done for the entirecredit exposure irrespective of the fact that the 27 months time period has notlapsed since completion of the previous Legal Audit. In such cases thesubsequent Legal Audit is to be conducted within 27 months from the date ofimmediately preceding Legal Audit which was done at the time ofenhancement.
Short Inspection
➢The Short inspection is an internal control tools which areconducted to find shortcomings and ensure compliance of very neartransaction event.
➢The audit is to be conducted on half year basis for the period Apr -Sep and Oct - Mar every financial year.
➢Short Inspection is exempted for Concurrent Audit, ERO Branchesand where Branches were subjected to RBIA during the month ofJan-Mar for March half year and Jul-Sep for Sep half year.
➢The auditor shall not be less than Scale III and undergone MultiPhase Credit Program or Intensive Credit Program.
➢Each Auditor shall not be given more than 5 branches to conductshort inspection for each half year.
Short Inspection
➢The maximum man-days is 2 days and no extension is permitted.
➢The report shall submit hard copy to Regional Office - Inspectiondepartment and soft copy to Zonal Office and Zonal Audit Office.
➢The Auditor shall be liable for not checking, if any deficiencies arefound during RBIA or any other audit / Investigations subsequent toBranch Short Audit.
➢Regional Manager shall record steps or corrective action to ensurerectification of observations.
Short InspectionDuring short Inspection, the designated auditor should:
1) Arrange for exchange of keys with duplicate set and safe deposit of set of keysused hitherto.
2) Verification of availability of all the loan documents physically and theirenforceability.
3) Verification of all the documents and appraisal notes, relating to loansgranted/reviewed/renewed during the intervening period from the lastinspection.
4) Compliance of all the norms of KYC, Information system audit and deficienciesidentified under various inspection like LFAR/RBIA/ RVO/KYC etc and any otherinspections/audits conducted in the said Branch.
5) Sample check of physical interest applied to selected loan accounts/ CCaccounts.
6) Recovery of all applicable service charges/ review renewal charges/ inspectioncharges and arresting any leakage of income.
Jewel Inspection➢Jewel Loan Inspection is to be conducted for every quarter in respect to all
jewel loans disbursed during previous quarter and outstanding as on date of
inspection, subject to jewel loan disbursal during the quarter being 200 or more
in numbers.
➢ If less than 200 in numbers, jewel loan inspection is to be conducted for two
quarters combined.
➢Jewel verification for its quality and net weight should be carried out by an
authorized jewel appraiser of our other Branch , other than who has appraised
the jewels while disbursing the said loan.
➢In case of non- availability of our Bank’s jewel appraiser of other Branch,
Auditors may accept the services of any other appraiser of other Banks, subject
to furnishing the copy of their appraisal/ appointment letter with due
introduction and compliance of KYC.
SACC- Self Assessment Compliance Certificate
➢SACC is one of the internal strengthening and preventive vigilancetool to be done by compliance officer of the Branch for Half Yearending June and December.
➢This should cover the preceding half year and sample to be selectedfrom the entire 6 months.
➢Minimum 5 samples to be taken for checking the compliance anddirective in the related aspect.
➢Even if one sample fails conclusion should be No.
➢In case of no testing done. NA should be mentioned.
➢While doing SACC , compliance officer should go through earlierinspection report to know the real position.
➢Any fraud during the audit period must be reported.
PVRO- Physical Verification of Compliance by RO
➢It is one of the internal strengthening and preventive vigilance toolto be done by officer nominated by Regional Office for Half Yearending March and September.
➢This should cover the preceding half year and sample to be selectedfrom the entire 6 months.
➢Minimum 5 samples to be taken for checking the compliance anddirective in the related aspect.
➢Even if one sample fails conclusion should be No.
➢In case of no testing done. NA should be mentioned.
➢While doing PVRO , the officer should go through earlier inspectionreport to know the real position.
➢Any fraud during the audit period must be reported
OCAS- Offsite Control Audit System➢OCAS works through a system of “Alerts”.
➢Alert is a notification of deviation which has been occurred in a transaction.
➢After day end transaction data for the day is processed in Ethic server, withreference to laid down procedures and guidelines.
➢Alert is generated for any deviation noticed and is made available to thebranches for rectification or reply. Branches have 15 days time for closure ofalerts.
➢After processing of Alert by Branch it moves to Regional office andInspectorate, for further processing and closure.
➢Low risk alerts pending more than 15 days at branches will be reassigned asMedium Risk and escalated to Regional Office for closure of alert.
➢Medium risk alerts are attended and closed by RO after rectification orjustification from the Branches.
➢For Various type of low and medium risk alert and process to be adopted forclosure is mentioned in details in inspection department circularMISC/436/2018-19 dated 05.10.2018.
Offsite Audit System: (PROBE)➢PROBE – Perpetual Remote Offsite Audit for Branch Excellence.
➢Process-➢The report generated from CBS gets uploaded in OAS.
➢OAS application sends emails to branches for compliance.
➢Branches have to enter the compliance in OAS application.
➢Offsite auditors to verify the compliance and close or reject.
➢Compliance Matrix:
Other Audits
KYC AUDIT:
➢Second line of the branch has to submit the KYC compliance Every
week to the branch manager
➢1st line of the branch has to submit KYC compliance certificate to
regional office within 5th of the succeeding month.
➢Regional Office to submit the consolidated report to CO by 10th of
succeeding month.
Other AuditsSelf Audit of Income & Expenditure:
➢Checking of applicable of correct interest rate
➢Correctness of income and expenditure
➢Second line has to submit before 4th of every month.
➢Branch to recover the income leakage and report to RO before 7th ofevery month.
➢RO to send consolidated data to CO before 15th of every month.
IS AUDIT (Information System)
➢Checking of systems and IT infrastructures, Procedures to mitigatethe associated technological risk.
➢Quarterly
➢Questionary to be filled up by second line of the branch and Reporthas to be submitted by 7th of succeeding month.
RBIA-Risk Based Internal Audit➢RBIA is conducted by CO inspectors and marks are allocated based on two
parameters:
• Business Risk Parameters-400 Marks
• Control Risk Parameters-600 Marks
➢Business Risk score and rating assigned:
• Low- if score is more than 40%
• Medium - if score is 20% or more but not more than 40%
• High - If score is less than 20%
➢Control Risk Score and Rating assigned:
• Low - if score is more than 60%
• Medium - if score is more than 40% and up to 60%
• High - If score is less than 40%
RBIA-Risk Based Internal Audit➢Over all Risk Rating and Frequency of Inspection :
➢ Low Risk Branches to be audited once in 15-18 months.
• Medium Risk Branches to be audited once in 12 to15 months.
• Business Risk-High and Control Risk is low or medium - once in 12 months.
➢Extremely High, Very High and where control risk is high risk rated branch shall beaudited in the interval of 9 Months.
RBIA-Risk Based Internal Audit➢High Risk Branches need Special attention:
1. RM visit within 3 working days and Change in Branch Management if required
2. Quarterly progress report till branch upgraded to Medium or low category
3. Introduction of concurrent Audit System if required.
➢Timeline to reply to the irregularity and filing FRC is 2 months from the date ofinspection report which can be relaxed by RM up to one additional month andif further time is required GM- inspection can give one additional month if he issatisfied with the reason furnished.
(Branch Point war Reply time period - within 45 days)
➢If there is no relaxation provided the timeline of two months to be followed.
• The reply should not contain any pending compliance under Zero toleranceareas.
• Any non compliance under Zero Tolerance areas will attract 50 negative marksunder control risk
RBIA-Risk Based Internal Audit➢Zero Tolerance area:
I. Mortgage and related formalities
II. Supplemental Narration
III. BPEC not held
IV. ROC not filed (though time is available as per Companies Act)
V. Leakage of Income
VI. Copy of RC Book with our Bank's clause
VII. Pari-Passu or No Objection letter
VIII. Continuation of limits under lapsed sanction without renewal/SRRP by concernedsanctioning authority.
IX. KYC related matters
X. CAF Submission and Review
XI. 2nd Line certificate
XII. Documents deficiencies
• Reviewing officer should verify all irregularities and 10% veracity verification.
• 10% veracity must include Zero Tolerance audit points, Serious irregularities and persisting irregularities.
RBIA-Risk Based Internal AuditSPECIAL REPORTS:
➢An observation made by Internal Auditors on serious irregularities, malpracticesthat has significant impact and result in loss, jeopardising the interest of thebank is reported as Special Report. The special reports are being issued in thefollowing area
RBIA-Risk Based Internal Audit➢Single Special Report may be issued by Internal Auditor based on observations if
Similar irregularities are found on multiple accounts under each type of loan.
➢Any irregularity that is fit to be reported as Vigilance Overtone, to be reported inVigilance Page Report and not required to be reported as Special Report, separately.
➢Internal Auditors can also issue special letter on security , system and procedure ,Branch Functioning , customer service and any other area which requires specialattention of the management.
➢The stipulated Turn Around Time (TAT) for Regional Office to monitor and recommendClosure of special report is 60 days from the date of Special Report.
➢Special Reports shall be for Concurrence to Close, under the following criteria:
All irregularities reported are rectified.
[OR]/[AND]
Action initiated for investigation for staff lapses or Reporting on Vigilance Overtone
[OR] I [AND]
Account Closed subject to satisfactory dealings by the Customer with or without Staff Accountability to the member involved.
RIVA- Risk Based Internal Virtual Audit➢RM Shall Identify and designate the following officers as RIVA auditors and
further plan the audit schedule:1. CM- Inspection or Inspection in charge at RO2. CM – Regional Office3. RVOs
➢RM shall Plan for RIVA in the following branches based on priorities:1. Very High Risk and High Risk Branches2. Branches where RM/2nd line RO not visited the branch for more than 9 months.3. Single Man Branches.4. Branches where RBIA is due in 3 months5. Branches having adverse/ Special Report in RBIA6. Branches having - high volatile business parameter, high number of OCAS alert pending,
high number of complaints, More number of inoperative to operative convertedaccounts, more BSBDA operation in single day, high number of pension accounts.
7. Branch with Fraud reporting.8. Branch having adverse remark from RVO.9. Branches with QMA and SMA slippages and also more than 15% NPA as a whole.
RACE
➢Regional Audit Committee of Executives
➢Members – Regional Manager, Zonal Audit Head & Other Executivesat regional office.
➢Chairman of committee – RM or ZAH whoever is senior.
➢Quorum- Min 2 members RM & ZAH
➢Convenor – Inspection Department Incharge at Regional Office
➢RACE shall have oversight and supervision of all audit matterswithin jurisdiction and Regional office
➢Meeting Schedule – Monthly Once between 10th to 15th date.
➢Minutes of meeting to be submitted to Audit Committee ofExecutive (ACE) at Central Office.
