8/9/2019 eagebanking

1/4

1210 The Chartered Accountant February 2007

a u d i t i n g F o c u s o n B a n k i n g

New Age Banking and Auditing Its different

Banking Scenario:

In last one decade the Indian Banking sectorhas witnessed a very high level o conceptualrevolution in terms o organisation structure,business model, accounting, operations, controlenvironment, customer interace, customerservice, regulatory compliance, inormation

dissemination and a whole lot.

The banking sector has moved from:

l Traditional banking to high level nancialadvisory

l Traditional products o deposits andlending to boutique o nancial services/para-banking activities

l Branches to Service outlets

l Customer o branches to customer o bank

l Multi-level organisation to centralisedorganisation

l Decentralised data processing tocentralised-data processing

l Manual accounting to complexcomputerised-data processing andaccounting

In todays time a bank is driven by IT, Processesand Products and it operates in airly complexcontrol, compliance and regulatory rameworkand environment. In terms o IT, the bankingsector has rolled out highly sophisticated andcomplex IT systems. Majority o the banks todayare unctioning on Core Banking Solutions(CBS). CBS is an integrated sotware system that

acilitates integrated and real time processingo data.

Apart rom this there are lots o changesand challenges emerging in the Indian Bankingsector in terms o evolving Indian GAAP, adoptiono Corporate Governance Code (Clause 49 o thelisting agreement/SOX 404) and Translation o

Accounts (US GAAP/IFRS). All the banks listed onIndian Stock Exchanges are required to complywith Corporate Governance Code (Clause 49 othe listing agreement) and those banks whichare listed on New York Stock Exchange (NYSE)are required to comply with Sarbanes Oxley(SOX) Act 2002 and also prepare and presentthe nancial statements as per US GAAP.

In terms o Indian GAAP, there are lots orevisions o the existing standards that have

ar reaching impact or example revised AS15 (Revised) on Employee Benets. Recently,Exposure Drat o AS 30 and 31 on FinancialInstruments has also been issued by the ICAI.

This accounting standard is likely to have wideimpact o the nancial statements o the banks.

The paradigm shit in the banking sector hasresulted in reinvention o the audit approach.

The traditional audit approach in such a highlycomplex and computerised environment has

been rendered outdated and redundant. Theaudit raternity is grappling with the ear othe unknown while dealing with bank audits.In case o new generation private sector banksand oreign banks the complexities are muchlarger than those in public sector banks.

Key Challenges:

Roles and Responsibilities:

In public sector banks the audit is generallyconducted by multiple rms including centralauditors and branch auditors. In case o private

The transformation in the banking sector coupled with the high level of computeri-sation has brought to the fore the need to reinvent the overall audit approach as thetraditional approach has somewhat become outdated.

(The author is a Member of the Institute.

He can be reached at manoj.daga@

haribhaktigroup.com)

CA. Manoj Daga

8/9/2019 eagebanking

2/4

The Chartered Accountant 1211February 2007

a u d i t i n g F o c u s o n B a n k i n g

sector banks and oreign banks, the audit isconducted by a single rm due to centraliseddata base. Consequently, the responsibilities oauditors in such banks are much wider.

Books of Accounts:

The main emphasis in the audit report is onbooks o account, however, in view o highlevel o computerisation, theoretically there isno such thing as books o account. The datarecording, processing, interace, transmissionand storage is built within the system and thereare no physical books o account. At times theauditors dont have access to the main GL and

other sub-system, instead they are providedwith dump/archive les or the purpose o audit.Now it is really strange that we have to report onbooks o account however, what is provided isdump les.

Though the banking and auditing has taken a360-degree turn, the audit report still continuesto be traditional.

Management Representations:

The oral and written representationsprovided by the management during the courseo an audit help in orming an audit opinion, toa large extent. While the audit report act doesrecognises the signicance o managementestimates, it does not specically covermanagement representations. Though one mayargue that it is indirectly covered in the wordsinormation and explanations, still it deservesspecic reerence in the report.

Unique Business Model:In todays time the business model is largely

driven by products and each service is oeredas a product to its customers. Each product hasunique eatures and there is a separate teamor handling each o the products. For exampleis case o advances the portolio is broadlydivided into wholesale and retail banking andurther retail banking is divided into auto loans,mortgage loans, loan against shares, housing

loans, personal loans, credit cards, etc.

High Level of Fragmentation:

In many banks the operational activities arehighly ragmented in terms o the processesand there are dierent owners or eachragment. For example, the account openingorms or credit application orms are collectedat branches/service outlets, the processing oorms/applications is done at central processingcentres, customer data is maintained intransactions processing systems at some otherlocation, customer servicing is done rom someother location, documents are maintained atsome other locations and so on. Even at each othe locations dierent activities are handled by

dierent units/owners. Consequently or end toend mapping o activities/processes, one has toapproach multiple units/owners and there is noway one can have entire view o any activity atone place.

Complex IT Structure and Environment:

In todays time the banks operate in ahighly-complex IT structure and environment.In many banks there are multiple transaction

processing system whereas in some banks thereis integrated Core Banking System. The datarecording, processing, interace, transmissionand storage is handled through high level ocomputerisation.

Audit Approach:

The transormation in the banking sectorcoupled with the high level o computerisationhas brought to the ore the need to reinvent

the overall audit approach as the traditionalapproach has somewhat become outdated.In todays time the ocus o audit is more onprocesses, products and controls and less onnancial numbers. It would not be incorrect tostate that 80% o the time is devoted towardsmapping o business processes, understandingo industry developments, review o internalcontrols, capturing and review o IT environment,etc. and only 20% o the time is spent on

verication o nancial numbers.

8/9/2019 eagebanking

3/4

1212 The Chartered Accountant February 2007

a u d i t i n g F o c u s o n B a n k i n g

The ollowing paragraphs deal with someo the important audit procedures that arerecommendatory while conducting the audit oa large-sized computerised bank.

Processes and Products:

In todays time the banking operations arelargely driven by products and processes. Thebanks generally have robust systems in place ordening the products and processes and theseare well documented in the orm o operatinginstruction, guidelines and circulars.

While launching any new product, the banksgenerally carry out a detailed study rom the

point o compliance, controls and accountingimplications. The process ow o each and everyactivity related to those products is approvedand documented.

As an auditor it is important to review/assess/document:

l Process documents/manuals in respect oall the key/critical processes

l Internal guidelines, instructions andcirculars in respect o key products

l Internal accounting manuals, policydocuments, operating instructions, etc.

Internal Control Environment:

The banks generally have well denedand documented internal control systemand procedures. Moreover, in terms o RBIguidelines, the banks have either extendedthe scope o concurrent audit or have put inplace a complete system or Risk Based Internal

Audit. The internal audit unction in bank istotally in-house, partially in-house and partiallyoutsourced or totally outsourced.

It is interesting to note that in case ocompanies that are listed on NYSE, the SarbanesOxley (SOX) Act 2002 encompasses extensivetesting, implementation and documentationo internal controls. While conducting theaudit o banks in India that are listed onNYSE, the documentation or SOX testing and

implementation comes as a handy material oroverall assessment o internal controls. In the

uture, in view o the evolution o CorporateGovernance Code in India, similar importancewill be attached to eectiveness o controls inuture.

As an auditor it is important to assess/review/document:

l Overall internal audit approach (in-house oroutsourced)

l Scope and coverage o internal audit, auditplans or the year and reporting ormat.

l Risk Matrix/Proling or Risk Based InternalAudit

l Internal audit reports and system o ollowup/nal action/closure thereo

l System o reporting o signicant auditissues to the Audit Committee.

l Eectiveness o the critical controls byperorming walk-through/test o controls.

l SOX testing, implementation anddocumentation.

IT Environment:

The banks generally have well dened anddocumented IT structure and policy. Moreoverin terms o RBI guidelines, the banks have putin place well dened system o IT Audit. In viewo high level o computerisation, the traditionalapproach o transaction audit has lost itseectiveness and it has somewhat becomedifcult. More emphasis is, thereore, onassessing and documenting the eectiveness oIT controls. The basic approach should revolvearound the universal concept o test o controlsand substantive checking.

As an auditor it is important to assess/review/document:

l IT Structure and Policy

l IT environment (hardware and sotwareincluding new system/version/upgrade)

l IT controls (access, physical and logicalcontrols, back up system, disaster recoveryand business continuity plans, etc.)

l IT Audit Reports and the ollow-up thereo.

8/9/2019 eagebanking

4/4

The Chartered Accountant 1213February 2007

a u d i t i n g F o c u s o n B a n k i n g

l Processing o data (online/batch) andinterace o data (main and sub-system)

l Reconciliation o data (main GL and sub-systems)

Other Support Approaches:

Apart rom emphasis on processes, internalcontrols and IT, the auditor has to give dueimportance to the ollowing audit procedures:

l Review o critical manual applications andthe controls thereon.

l Continuous interaction with various processowners/heads/department.

l

Mapping o end-to-end processes andcontrols or closure o nancial statement.

l Review o critical operations outsourced toexternal agency.

l Review o work perormed by an expert.

l Review o Annual Financial Inspection

Report o RBI and the management repliesthereon.

l Continuous review o latest master circularsdisplayed on RBI website.

l Review o minutes o the Board o Directorsand various committees o the Board.

l Benchmarking o best practices within thebanking industry.

l Comprehensive comparative analysis.

Takeaways:

To conclude there are three importanttakeaways or the members who are involved in

the statutory audit o banks:I: Standardise the audit approach and

procedures.

II: Reinvent the audit approach and ocus moreon processes and controls.

III: Build strong documentation process.