VARIOUS TYPES OF AUDIT IN THE BANK BY BALJEET KUMAR SHARMA Asstt Gen Manager SBLC, DEHRADUN
AUDIT FUNCTION CREDIT AUDIT: CODUCTED BY INSPECTION & MANAGEMENT AUDIT DEPARTMENT, CORPORATE CENTRE, HYDERABAD INFORMATION SYSTEMS (IS) AUDIT: CONDUCTED BY INSPECTION & AUDIT DEPARTMENT, CORPORATE CENTRE, HYDERABAD STATUTORY AUDIT: CONDUCTED BY OUTSIDE CHARTERED ACCOUNTANTS EMPANELLED BY RBI CIRCLE AUDIT: CONDUCTED BY CIRCLE AUDIT DEPARTMENT CONCURRENT AUDIT: CONCURRENT AUDITORS ARE POSTED IN GROUP-I AND OTHER SELEXCT BRANCHES INCOME AUDIT: WILL BE ORDERED BY CGM AT SELECT BRANCHES AT THE INSTANCE OF CORPORATE CENTRE AUDIT UNDER SECTION 35: CONDUCTED BY RBI INSPECTORS UNDER SECTION 35 OF BANKING REGULATION ACT FEMA AUDIT: CONDUCTED BY RBI AS PER SECTION 12 OF FEMA ACT GOVERNMENT AUDIT MANAGEMENT AUDIT RFIA: RISK FOCUSED INTERNAL AUDIT, CONDUCTED BY INSPECTION & MANAGEMENT AUDIT DEPARTMENT, CORPORATE CENTRE, HYDERABAD
GENESIS OF RISK FOCUSED INTERNAL AUDIT RBI in its monetary policy Statement for the year 2001-02 announced the move towards Risk Based Supervision (RBS) of Banks In the light of changing trends in the international banking scenario due to globalization, RBI introduced RBS in the banks Risk Based Internal audit is a part of RBS
NEED TO MOVE TO RFIA Deregulation and liberalization of Indian Financial sector New financial markets and products, Higher Risk Internal control system, Internal audit function conforming to BASEL norms New BASEL CAPITAL ACCORD Providing necessary checks and balances
WHAT IS INTERNAL AUDIT? Internal audit must review and report upon the control environment as a whole It is the process by which Risks are identified, analyzed and managed Reports on the reliability and integrity of corporate management function, and Comments on compliance with rules and regulations
WHEN WAS RFIA INTRODUCED IN SBI? As part of introduction of RBS, State Bank of India introduced Risk Focused Internal Audit (RFIA) of all branches w.e.f. 01.04.2003 based on the recommendations of the Management Audit Group headed by Shri S N Sawaikar, Dy.MD (Retd) (Also called Sawaikar Committee)
SALIENT FEATURES OF RFIA Shift from the system of full scale transaction testing to risk identification, prioritization of audit areas and allocation of audit resources based on risk management Risk identification (Grouping of branches) Rigour/Frequency of Audit based on Risk profile emerging Functionally independent in all areas of Audit The SIGH portion of erstwhile inspection report format has also been modified in tune with parameters contained in Audit Report Formats with new code numbers and has been renamed SDRM (Serious Deviations in Risk Management systems) Concept of Management Letter, generation of Heat Maps and submission of special reports
BRANCH CATEGORISATION UNDER RFIA As per initial audit plan, branches have been categorized into three groups based on perception of inherent risks assessed on bank’s products, services, volume of business, complexity of business and contribution to bank’s income. Group I (High Risk), Group II (Medium Risk) and Group III (Low Risk). Review of grouping has been done with effect from 01.04.2006 after completion of one audit cycle and on the basis of feedback received.
THE MAJOR CHANGES INITIATED IN RFIA w.e.f. 01.04.2006 Regrouping of branches Business Parameters de-linked from Risk assessment. Coe parameters in Set I and Set II have been replaced by Risk and Business Parameters Three rating system introduced Separate ARFs for various types of branches and BPR entities Separate ARFs for Bank Master and CBS branches designed I.S.Audit formats in tune with IT / IS security policies developed Focused audit queries added in customer service, fraud prevention, control environment, branch management, marketing efforts, etc. Rating / scoring pattern changed Rationalization the integration of credit audit score for credit risk management with cc audit report Provision for capturing trend of risk over previous two audits (To assess whether increasing / stable / decreasing)
Significance of regrouping of branches now Grouping of branches is a dynamic concept and based on the actual risk experience, the branches in the group would need to be reviewed at periodical intervals. Our Operational Risk Management (ORM) Consultants, M/s. Deloitte & Touche, suggested that the number of Group I branches should be brought down. And we need to update the grouping on recent business data because the business data used by Sawaikar committee was as on 31.03.2001
THE NUMBER OF BRANCHES CATEGORISED UNDER GROUP I AND THE REVISED NORMS FOR CATEGORIZATION As per the revised norms given below, 314 branches were categorized under Group I having share of 32% of deposits, 57% of advances, 52% of Interest Income, 52% of Other Income and 89% of Forex Income. (Based on figures as on 31.03.2005) All DGM & Above Incumbency Branches All CAG, MCG & SAMG Branches All Branches with Non Food Advances exceeding Rs.100 Crore Branches with aggregate Non Food and Non-C&I advances of Rs.50 Crore and above Branches with Other Income of Rs.10 Crore and above (and not included in items above)
REVISED RISK RATING SYSTEM GRADE WELL CONTROLLED ADEQUATELY CONTROLLED NEEDS IMPROVEMENT UN-SATISFACTORY SCORE RANGE 85% & above Between 70% % <85% Between 50% & < 70% Less than 50%
REVISED GENERAL EFFICIENCY RATING SYSTEM w.e.f. 01.10.2008 RATING SCORE RANGE RISK RATING & SCORE (MINIMUM) A PLUS W C – 850 A A C -700 B PLUS N I – 500 B U S - …..
REVISED PERIODICITY OF RFIA WITH EFFECT FROM 01.04.2006 RISK TAKING GROUP I (within) GROUP II GROUP III Well controlled 18 months 21 months Adequately controlled 15 months Needs improvement 12 months Unsatisfactory 6 to 8 months Newly opened branches