Embed Size (px)
Citation preview
VARIOUS TYPES OF AUDIT IN THE BANK
BYBALJEET KUMAR SHARMA
Asstt Gen ManagerSBLC, DEHRADUN
AUDIT FUNCTION• CREDIT AUDIT: CODUCTED BY INSPECTION & MANAGEMENT AUDIT DEPARTMENT,
CORPORATE CENTRE, HYDERABAD
• INFORMATION SYSTEMS (IS) AUDIT: CONDUCTED BY INSPECTION & AUDIT DEPARTMENT, CORPORATE CENTRE, HYDERABAD
• STATUTORY AUDIT: CONDUCTED BY OUTSIDE CHARTERED ACCOUNTANTS EMPANELLED BY RBI
• CIRCLE AUDIT: CONDUCTED BY CIRCLE AUDIT DEPARTMENT
• CONCURRENT AUDIT: CONCURRENT AUDITORS ARE POSTED IN GROUP-I AND OTHER SELEXCT BRANCHES
• INCOME AUDIT: WILL BE ORDERED BY CGM AT SELECT BRANCHES AT THE INSTANCE OF CORPORATE CENTRE
• AUDIT UNDER SECTION 35: CONDUCTED BY RBI INSPECTORS UNDER SECTION 35 OF BANKING REGULATION ACT
• FEMA AUDIT: CONDUCTED BY RBI AS PER SECTION 12 OF FEMA ACT
• GOVERNMENT AUDIT
• MANAGEMENT AUDIT
• RFIA: RISK FOCUSED INTERNAL AUDIT, CONDUCTED BY INSPECTION & MANAGEMENT AUDIT DEPARTMENT, CORPORATE CENTRE, HYDERABAD
GENESIS OF RISK FOCUSED INTERNAL AUDIT
RBI in its monetary policy Statement for the year 2001-02 announced the move towards Risk Based Supervision (RBS) of Banks
• In the light of changing trends in the international banking scenario due to globalization, RBI introduced RBS in the banks
• Risk Based Internal audit is a part of RBS
NEED TO MOVE TO RFIA
• Deregulation and liberalization of Indian Financial sector
• New financial markets and products, Higher Risk
• Internal control system, Internal audit function conforming to BASEL norms
• New BASEL CAPITAL ACCORD
• Providing necessary checks and balances
WHAT IS INTERNAL AUDIT?
• Internal audit must review and report upon the control environment as a whole
• It is the process by which Risks are identified, analyzed and managed
• Reports on the reliability and integrity of corporate management function, and
• Comments on compliance with rules and regulations
WHEN WAS RFIA INTRODUCED IN SBI?
As part of introduction of RBS, State Bank of India introduced Risk Focused Internal
Audit (RFIA) of all branches w.e.f. 01.04.2003 based on the
recommendations of the Management Audit Group headed by Shri S N Sawaikar,
Dy.MD (Retd) (Also called Sawaikar Committee)
SALIENT FEATURES OF RFIA
• Shift from the system of full scale transaction testing to risk identification, prioritization of audit areas and allocation of audit resources based on risk management
• Risk identification (Grouping of branches)• Rigour/Frequency of Audit based on Risk profile
emerging• Functionally independent in all areas of Audit• The SIGH portion of erstwhile inspection report format
has also been modified in tune with parameters contained in Audit Report Formats with new code numbers and has been renamed SDRM (Serious Deviations in Risk Management systems)
• Concept of Management Letter, generation of Heat Maps and submission of special reports
BRANCH CATEGORISATION UNDER RFIA
As per initial audit plan, branches have been categorized into three groups based on
perception of inherent risks assessed on bank’s products, services, volume of business,
complexity of business and contribution to bank’s income. Group I (High Risk), Group II
(Medium Risk) and Group III (Low Risk). Review of grouping has been done with effect from
01.04.2006 after completion of one audit cycle and on the basis of feedback received.
THE MAJOR CHANGES INITIATED IN RFIAw.e.f. 01.04.2006
• Regrouping of branches• Business Parameters de-linked from Risk assessment. Coe
parameters in Set I and Set II have been replaced by Risk and Business Parameters
• Three rating system introduced• Separate ARFs for various types of branches and BPR entities• Separate ARFs for Bank Master and CBS branches designed• I.S.Audit formats in tune with IT / IS security policies developed• Focused audit queries added in customer service, fraud prevention,
control environment, branch management, marketing efforts, etc.• Rating / scoring pattern changed• Rationalization the integration of credit audit score for credit risk
management with cc audit report• Provision for capturing trend of risk over previous two audits (To
assess whether increasing / stable / decreasing)
Significance of regrouping of branches now
Grouping of branches is a dynamic concept and based on the actual risk experience, the branches in the group would need to be
reviewed at periodical intervals.Our Operational Risk Management (ORM)
Consultants, M/s. Deloitte & Touche, suggested that the number of Group I branches should be
brought down. And we need to update the grouping on recent business data because the
business data used by Sawaikar committee was as on 31.03.2001
THE NUMBER OF BRANCHES CATEGORISED UNDER GROUP I AND THE REVISED NORMS
FOR CATEGORIZATIONAs per the revised norms given below, 314 branches were categorized
under Group I having share of 32% of deposits, 57% of advances, 52% of Interest Income, 52% of Other Income and 89% of Forex Income. (Based on figures as on 31.03.2005)
• All DGM & Above Incumbency Branches• All CAG, MCG & SAMG Branches• All Branches with Non Food Advances exceeding Rs.100 Crore• Branches with aggregate Non Food and Non-C&I advances of
Rs.50 Crore and above• Branches with Other Income of Rs.10 Crore and above (and not
included in items above)
REVISED RISK RATING SYSTEM
SCORE RANGE• 85% & above
• Between 70% % <85%
• Between 50% & < 70%
• Less than 50%
GRADE• WELL CONTROLLED
• ADEQUATELY CONTROLLED
• NEEDS IMPROVEMENT
• UN-SATISFACTORY
REVISED GENERAL EFFICIENCY RATING SYSTEM w.e.f. 01.10.2008
RATING SCORE RANGE RISK RATING & SCORE
(MINIMUM)
A PLUS W C – 850
A A C -700
B PLUS N I – 500
B U S - …..
REVISED PERIODICITY OF RFIA WITH EFFECT FROM 01.04.2006
RISK TAKING
GROUP I
(within)
GROUP II
(within)
GROUP III
(within)Well controlled 18 months 21 months 21 monthsAdequately controlled
15 months 18 months 18 months
Needs improvement
12 months 12 months 12 months
Unsatisfactory 6 to 8 months
6 to 8 months
6 to 8 months
Newly opened branches
12 months 12 months 12 months
