JAIIB AFM Module-A Unit 11 : Bank Audit & Inspection

24/08/2023

Table of Contents

JAIIB Paper 3 AFM Module A Unit 11 : Bank Audit & Inspection (New Syllabus)

IIBF has released the New Syllabus Exam Pattern for JAIIB Exam 2023. Following the format of the current exam, JAIIB 2023 will have now four papers. The JAIIB Paper 3 (Accounting and Financial Management for Bankers) includes an important topic called “Bank Audit & Inspection”. Every candidate who are appearing for the JAIIB Certification Examination 2023 must understand each unit included in the syllabus. In this article, we are going to cover all the necessary details of JAIIB Paper 3 (AFM) Module A (ACCOUNTING PRINCIPLES AND PROCESSES ) Unit 11 : Bank Audit & Inspection Aspirants must go through this article to better understand the topic, Bank Audit & Inspection and practice using our Online Mock Test Series to strengthen their knowledge of Bank Audit & Inspection. Unit 11 : Bank Audit & Inspection

Introduction

Book: “An Introduction to Indian Government Accounts and Audit”
Issued by: The Comptroller and Auditor General of India,
Defines audit as: “An instrument of financial control. It acts as a safeguard on behalf of the proprietor (whether an individual or group of persons) against extravagance, carelessness or fraud on the part of the proprietor’s agents or servants in the realization and utilisation of the money or other assets and it ensures on the proprietor’s behalf that the accounts maintained truly represent facts and that the expenditure has been incurred with due regularity and propriety. The agency employed for this purpose is called an auditor.”

In India, the Companies Act, makes audit of company accounts compulsory.
Chapter X of the Companies Act, 2013 deals with the appointment of auditors, their removal, resignation, eligibility, qualification, disqualification, remuneration, powers and duties and auditing standards.

Role Of Audit and Inspection

With the increase in the size of the companies and the volume of transactions, the main objective of audit shifted to ascertaining whether the accounts were true and fair, rather than true and correct.
Hence the emphasis was not on arithmetical accuracy but on a fair representation of the financial efforts.
The later developments in auditing pertain to the use of computers in accounting and auditing.
With the advent of technology and rapid changes taking place in technology and emergence of various risks, the importance of data analysis has increased to a great extent.

Computer Aided Audit Techniques (CAATs) have become a part of the audit to process data of audit significance and to improve the effectiveness and efficiency of the audit process.

Thus, while the overall objective and scope of audit do not change simply because the
data is maintained on computers,
the procedures followed by the auditor in his study and evaluation of the accounting system and related Internal Controls
the nature, timing and extent of his other audit procedures are affected in a Computerised Information System environment.
Audit procedures are now transformed from ‘Auditing around the computer’ to ‘Auditing through the computer’.
The incidental objectives of auditing are detection and prevention of errors and frauds.

Limitations:

The auditor’s work involves exercise of judgment and he can only express an opinion. He has to depend on explanations by others.
Certain non-monetary facts can’t exhibit the true position.
Auditor can’t check each and every transaction.
Audit involves a systematic and scientific examination of the books of account and records of a business entity to confirm that the profit and loss account and the Balance Sheet are properly drawn up to exhibit a true and fair picture of the financial state of affairs of the business and results of the financial period.
It is also meant to cross check that the applicable regulatory provisions have been adhered to.
Audit provides comfort to the users of the financial statements of a business that the information available in the statements can be relied upon.
Banking sector deals with large amounts of public monies exposed to various risks in its operations. It is important that the banking sector stays healthy, safe and stable.
Quality bank audit plays a crucial role to ensure this.
Banking operations are mainly conducted at the branches, while other offices act as controlling authorities or administrative offices.
These offices lay down policies, systems and Internal Control procedures so that the conduct of business is in compliance with the statutory/regulatory provisions and in compliance of accepted accounting principles and practices that cover all transactions and economic events.

The transactions in banks are voluminous and it should be ensured that in the system of recording, transmission and storage of information/data, is free of risks of errors, omissions, irregularities and frauds.
Bank managements continuously endeavour to make the internal control systems robust, safe and secure.
Bank audit is the procedure of reviewing the financial statements, services and procedures adopted by Banks as required under various legislations and the guidelines of Reserve Bank of India.
It is the routine procedure that all banks must undergo in order to ensure that they are in compliance with industry standards and regulatory norms.

Emergence Of Risk-Based Internal Audit (RBIA) and Its Significance

The internal audit system in banks, historically, concentrated on

Transaction testing,
Testing of accuracy
Reliability of accounting records and financial reports,
Integrity, reliability and timeliness of control reports,
Adherence to legal and regulatory requirements.

However, in the changing scenario, the scope of internal audit has widened to evaluate the adequacy and effectiveness of risk management procedures and internal control systems adopted by the banks.

Thus, RBI vide circular dated December 27, 2002, had introduced Risk-Based Internal Audit (RBIA) system in Scheduled Commercial Banks.

(SCBs) as part of their internal control framework.

This was further supplemented vide circular dated January 07, 2021.

This framework relies broadly on

Well-defined policy for internal audit,
Functional independence with sufficient standing,
Effective channels of communication
Adequate audit resources with sufficient professional competence.

The internal audit function of banks is expected to proactively identify the new risks to ensure that appropriate controls are in place to mitigate them.

The Guidance Note of Reserve Bank of India on RBIA/RBS states that the audit function should provide high quality counsel to management on effectiveness of risk management and internal controls including regulatory compliance by the Bank.

The Risk-Based Internal Audit would not only offer suggestions for mitigating current risks but also anticipate areas of potential risks and plays an important role in protecting the bank from various risks.
The implementation of Risk-Based Internal Audit would mean that greater emphasis is placed on the internal auditor’s role in mitigating risks.
Risk-Based Internal Auditing is a methodology that links internal auditing to an organisation’s overall risk management framework.
RBIA allows internal audit to provides an assurance to the Board of Directors and the Senior Management on the quality and effectiveness of bank’s internal controls, risk management and governance related systems and processes.
RBIA is not about auditing risks but about auditing the management of risk.
It focuses on the process applied by the management team to respond to risks.
Focus is shifted from the historical internal audit system of fullscale transaction testing to risk identification, prioritization of audit areas and allocation of audit resources in accordance with the risk assessment.
Not only covers assessment of risks at the branch level but also covers,
- as an independent assessing authority,
- assessment of risks at the corporate level
- overall process in place to identify, measure, monitor and control risks.
Banks are encouraged to adopt the International Internal Audit standards, like those issued by the Basel Committee on Banking Supervision (BCBS) and the Institute of Internal Auditors (IIA).

To bring uniformity in approach followed by the banks, as also to align the expectations on Internal Audit function with the best practices, RBI has issued instructions to the banks, a gist of which is as under:

Authority, Stature and Independence
Competence
Staff Rotation
Tenor for appointment of Head of Internal Audit
Reporting Line
Remuneration
Outsourcing
Documentation

Types Of Bank Audits

As banks accept deposit from the public and also lend funds, authenticity and reliability of accounts is a must for public confidence. Keeping this view in mind, banks are subjected to multiple types of audit. Bank Audit can be classified into three broad categories: –

Concurrent Audit
Internal Audit/Information System Audit
Statutory Audit

Concurrent Audit

Concurrent audit is an examination which is contemporaneous with the occurrence of transactions or is carried out as near thereto as possible.
It attempts to shorten the interval between a transaction and its examination by an independent person.
It is a continuous audit, which goes on all the year around, usually conducted by external auditors (chartered accountants) on a monthly basis.
In Concurrent Audit, daily basic transactions are examined and checked. This ensures that any irregularities are nipped in the bud. There is an emphasis in favour of substantive checking in Key areas rather than test checking.
Through Concurrent Audit, any irregularities or non-conformities are easily found out as and when they happen and are rectified immediately; thereby avoiding the piling up of irregularities which may become a huge problem for any branch when the year-end audit comes around.
Concurrent Auditors check daily maximum cash balance adherence compliance, KYC norms compliance, proper documentation of new loan disbursements, whether new loans have been made as per rules and regulations, revenue leakages etc. among other things like putting any new RBI instructions to work. Any exceptions are reported in the Concurrent Audit Report.
Concurrent Audit is a measure to help a Branch to work smoothly and rectify any mistakes to avoid the cascading effect of the irregularities.

RBI’s Guidelines on Concurrent Audit System in Commercial Banks

RBI has revised the guidelines on Concurrent Audit System in Commercial Banks vide RBI Circular Reference No. DBS.CO.ARS.No.BC.01/08.91.021/2019-20 dated 18th September 2019. Concurrent audit aims at shortening the interval between a transaction and its independent examination. It is, therefore, integral to the establishment of sound internal accounting functions and effective controls and is regarded as part of a bank’s early warning system to ensure timely detection of serious errors and irregularities, which also helps in averting fraudulent transactions and preventive vigilance in banks.

The revised guidelines cover the following:

Coverage
Appointment of Auditors
Accountability
Tenure
Remuneration
Review of effectiveness of Concurrent Audit
Reporting System

Internal Audit/Information Systems Audit

Internal Audit

Internal Audit is generally undertaken by bank’s own staff and to some extent by the firms of Chartered Accountants.

Aimed: At ensuring the accuracy and correctness of the books of account of banks.
One of the broad objectives: Detection of frauds, along with detection of errors, omissions, irregularities etc.,
Internal auditor’s job in banks: Invariably include detection of perpetrated frauds.
It cannot be denied that frauds have virtually engulfed the entire banking sector be it public, private or foreign banks.
Considering the adoption of liberalised policy in the Indian Economy and the sweeping changes in the banking scenario, an auditor’s priorities should centre around detection of frauds inter alia other important objectives of the audit of banks.
Many banks are conducting Internal Audits instead of Concurrent Audits or even in addition to the Concurrent Audits.

Important aspects to be considered about Internal Audit are:

Internal Audit’s important role in overall governance mechanism of the Banks,
Role of Risk-Based Internal Audit in evaluating & improving the effectiveness of Risk Management and governance processes
Risk-Based Internal Audit Procedures
Role of Internal Audit in Risk Management
Evaluation of Financial Information through analysis of non-financial data
Auditing and Assurance Standards.

Information Systems Audit (IS)

In the past decade, with the increased technology adoption by Banks, the complexities within the IT environment have given rise to considerable technology related risks requiring effective management.
This led the Banks to implement an Internal Control Framework, based on various standards and their own control requirements and the current RBI guidelines.
As a result, Bank managements and RBI, need an assurance on the effectiveness of internal controls implemented and expect the IS Audit to provide an independent and objective view of the extent to which the risks are managed.

IS Audit is a process of collecting and evaluating evidence/information to determine whether a computer system could:

Safeguard its assets (hardware, software and data) through adoption of adequate security control measures;
Maintain data integrity;
Achieve goals of the organisation effectively; and
Result in the efficient use of the available information System resources.

Reserve Bank of India Guidelines on Information Systems Audit

Reserve Bank of India has been taking many initiatives in sensitising Banks to the risks and concerns that emerge from adoption of information Technology. Various Committee reports, instructions and circulars have been issued from time to time towards assisting banks in adopting sound Information System Audit policy framework and practices on Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds.

Final guidelines in these areas were issued by RBI vide its circular dated 29th April, 2011. These Guidelines cover the following areas:

Information Technology (IT) Governance
Information Security
Information Systems Audit
Information Technology (IT) Operations
Information Technology (IT) Services
Outsourcing
Cyber Fraud
Business Continuity Planning
Customer Awareness Programmes & Legal aspects

Scope of IS Audit

Determining effectiveness of planning and oversight of IT activities
Evaluating adequacy of operating processes and Internal controls
Determining adequacy of enterprise-wide compliance efforts, related to IT policies and Internal Control procedures
Identifying deficient controls, recommend corrective action to address deficiencies and follow-up and to ensure that the management effectively implements the required actions.

Computer-Assisted Audit Techniques (CAATs)

IS Audit Function needs to enhance the use of CAATs, particularly for critical functions or processes carrying financial or regulatory or legal implications. The extent to which CAATs can be used will depend on factors such as efficiency and effectiveness of CAATs over manual techniques.

CAATs may be used in critical areas like:

Detection of revenue leakages
Treasury Functions
Assessing impact of control weaknesses
Monitoring customer transactions under AML requirements
Areas where large volume of transactions are reported

CAATs may be used to perform the following audit procedures among others:

Test of transactions and balances, such as recalculating interest
Analytical Review procedures, such as identifying inconsistencies or significant fluctuations
Compliance tests of general controls: testing set up or configuration of the operating system or access procedures to the programme libraries
Sampling programmes to extract data for audit testing
Compliance tests of application controls such as testing functioning of a programmed control
Re-calculating entries performed by the entity’s accounting Systems
Penetration testing

Statutory Audit

Introduction As per the Banking Regulation Act, 1949, annual Financial Statements in the form of Profit and Loss Account and Balance Sheet are required to be audited in accordance with the requirements of applicable statutes.

Salient Features

It is conducted by a ‘Statutory Auditor’ – the word ‘Statute’ means – mandated or compulsorily required by any law or Act.
In case of Banks, sub-section (1) of Section 30 of the Banking Regulation Act, 1949 requires that the Balance Sheet and Profit and Loss account of a banking company should be audited.
Independent audit of financial statements of Banks is important for a healthy, safe and sound banking system.
Statutory audit does not look at the intricacies of the banking transactions (which are looked into by concurrent and Internal audits); instead they rely on the concurrent audit & internal Audit Reports and test checking to form their opinion.
Statutory audit mainly looks at the loans and advances, Compliance with Priority Sector Lending (PSL) requirements, CRR, SLR, CRAR

Stages in Statutory Audit

There is a sea change in banking as use of technology and its continuous evolution has enabled banks to provide its customers comfort of anytime, anywhere banking. The auditor should not assume that the system generated information is correct and can be relied upon without evidence.

The stages in Bank/Statutory audit are:

Initial consideration by the statutory auditor
Identifying and assessing the Risks of Material Misstatements
Understanding the Risk Management Process
Engagement – Team Discussions
Establishing the overall Audit strategy
Developing the Audit Plan
Preparation of Audit Planning Memorandum
Determining Audit Materiality
Assessment of ability to continue as Going Concern
Assessing the Risks of Fraud including Money Laundering
Assessing Specific Risks
Assessing Risks Associated with Outsourcing of Activities
Response to the Associated Risks
Conformity to Basel III framework
Reliance on/review of other reports
Classification of NPAs (It should be based on the record of recovery)
Asset classification (It should be Borrower-wise and not facility-wise) In carrying out his Substantive procedures, the auditor should examine all large advances while other advances may be examined on a sampling basis.

Types of Audit Reports to be issued by Statutory Auditors

Statutory Audit Report (As per SA 700/705/706 Issued by ICAI)
Long Form Audit Report (As per the requirements of RBI guidelines)
Tax Audit Report (As per Income-tax Act, 1961) RBI has revised the format of Long Form Audit Report vide its circular dated September 05, 2020

Appointment of Statutory Auditors in Banks

Sub-section (1) of section 30 of the Banking Regulation Act, 1949 requires that the Balance Sheet and Profit and Loss of a banking company should be audited by a person duly qualified under any law for the time being in force to be auditor of companies. RBI prepares a panel of Chartered Accountants eligible for conducting statutory audit of banks based upon the data obtained from the Institute of Chartered Accountants of India. Inputs of Comptroller & Auditor General of India are also obtained before finalising the list. As per the provisions of relevant enactments:

The auditors of Private Banks are appointed at the Annual General Meeting of the shareholders.
The auditors of Public Sector Banks are appointed by their Board of Directors. (As per RBI guidelines)

Some of the Important Auditing, Review and Other Standards applicable to the audit of Financial Statements as prescribed by the Institute of Chartered Accountants of India are given below:

300 (Revised) Planning and Audit of Financial Statements
220 (Revised) Quality Control for an Audit of Financial Statements
210 (Revised) Agreeing to terms of Audit Engagement
510 (Revised) Initial Audit Engagements – Opening balances
315 Identifying and Assessing the Risks of Material Misstatements through Understanding the entity and its environment
299 Responsibility of Joint Auditors
600 Using the work of Another Auditor
250 Consideration of Laws and Regulations in an Audit of Financial Statements
240 The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements
330 The Auditors Responses to Assessed Risks

Various Other Types Of Audits Undertaken By Banks

Other than Concurrent Audit, Internal Audit & Statutory Audit, banks undertake the following types of audits:

Revenue Audit (known as Income & Expenditure audit) Revenue Audit is usually conducted at Exceptionally Large/Very Large/Large and Medium branches and is aimed at identifying cases related to leakage of interest and other charges.
Stock and Receivables Audit In terms of extant RBI guidelines, stock audits may be assigned to qualified professionals (Chartered Accountants/Cost Accountants/consultants) periodically, say annually to check on the stock and book debts statements submitted by the borrowers to the bank. Only large borrower accounts are normally are subjected to this audit.
Forensic Audit Forensic Audit is an examination and evaluation of a firm’s or individual’s financial information for use of evidence in court. Concept of Forensic Audit may be defined as “A concentrated audit of all the transactions of the entity to find the correctness of such transactions and to report whether or not any financial benefit has been attained by way of presenting an unreal picture.
Management Audit Management Audit is an assessment of methods and policies of an organisation’s management in the administration and the use of resources, tactical and strategic planning and employee and organisational The main objective of management audit is to see how far the objectives of management are fulfilled. It aims to ascertain whether sound management prevails throughout the organisation and evaluates its efficiency in the system of its operation.
Tax Audit including Goods and Services Tax (GST) Audit This is an analysis of the tax returns submitted by an individual or business entity, to see if the tax Information and resulting income tax payment is valid. Statutory auditors of Banks usually deal with provision for Taxation & GST.

Download PDF

JAIIB AFM Module A UNIT 11 – Bank Audit & Inspection (Ambitious Baba)