INTERNAL AUDIT DIVISIONInternal Audit Division

Networks & Communication Audit UnitDatabases & Applications Audit UnitSystems & Operations Audit UnitPolicy Coordination & Implementation UnitCommercial Audit UnitImplementation Unit -IIManagement Audit Team-IIManagement Audit Team -IPlanning & Coordination UnitImplementation & coordnation UnitInformation System Audit Dept.Field Audit DepartmentCorporate Audit DepartmentImplementation Unit-I

AIMSAppraisal of operations and control to determine whether policies and procedures are being followed carefully and all resources are used efficiently and judiciallyObjectives Review and appraise the soundness, adequacy, and application of accounting and financial control and promoting effective control at reasonable cost Ascertain the extent of compliance with established policies, plans and procedures. Ascertain to the extent to which the bank assets are accounted for and safeguarded from losses of all kinds Ascertain the quality of performance in carrying out assigned responsibilities Ascertain the reliability of management data developed within the bank Conduct/Arrange audit of H.O. departments & H.O. units in the field Recommend operational improvements

FUNCTIONS Carry out systematic examination of books of accounts and records maintained by theZonal Offices/branches through Audit Zones in order to high-light deviations from rules and regulations Over-see and exercise vigilance over Field operations of the Bank. Check that financial powers are exercised judiciously by the competent authority. Appraise the quality of performance in carrying out assigned responsibilities. Recommend operational improvements. Ensure that systematic examination/audit of books of accounts, vouchers and otheroperations of the Branch is carried out by the Audit Zones as per AuditManual/standing instructions and to high-light deviation from rules, regulations andprocedures Examine the SVP's reports of the branches, Management Audit reports of the zonal offices, Special Audit Reports and Project Audit reports and to take appropriate action. Identify scope of improvement in the operational efficiency of the Bank. Prepare memo for Audit Committee of DOD and for other meetings based on reports the Audit Zones. Issue circulars/circular letters on Audit Policy matters. Deal with administrative matters of Audit Dept. at HO/Field Audit Zones. Coordinate with Audit Zones and other departments at H.O. Prepare periodical Audit Report of the Bank. Ensure correct processing and investigation of loan cases by the Field functionaries in the branches through Audit Zones in the field. Conduct/arrange audit of H.O. departments and H.O. units in the Field. Audit the management, planning and organization of Information Systems Strategy.

CORPORATE AUDIT DEPARTMENT

CORPORATE AUDIT DEPARTMENT

Management Audit Team -IImplementation & Coordination Unit

Management Audit Team -II

AIMThorough scrutiny of H.O. financial transactions to ensure efficient and judicious use of Bank's resourcesOBJECTIVES Conduct periodical review of organizational set-up, changes if any introduced in the set up. Delegation of Authority, policies and procedures, business plans and operational strategies devised by Management, keeping in view, the approved Corporate Mission. Conduct/arrange Annual Audit of H.O. Departments and H.0 units in the field Ensure that the expenditures are sanctioned as per the financial and administrative powers assigned within the budgetary provisions and Bank's rules and regulations are d y observed. Ensure that payment is made to genuine payee, properly acknowledged, correct y classified and recorded. Ensure that errors and omissions are promptly rectified. Arrange periodical verification of stock and depreciation charged thereon with a view to check its accuracy. Detect weaknesses in system and to recommend remedial measures thereof based On Audit reports in respect of H.O. Departments and Audit units in the Field. Handing over/taking over of relevant files and records where functions have been transferred from one unit to another, from one department to another or from one Division to another. Perform administrative functions for the department such as sanctions of leaves, approval of tour programs, etc.

1. Implementation and Coordination Unit1.1 Pursue the departments at H.O. and audit / H.O. units in the Field to ensure compliance of audit observations.1.2 Arrange settlement of audit paras.1.3 Keep updating of statistics of audit observations raised/settled and pending audit paras. 1.4 Deal with administrative matters of the Department including preparation of budget, maintenance of leave record etc. and other miscellaneous administrative matters.1.5 Perform administrative functions for the Department such as sanction of leaves, approval of tour programs, approval of travel allowance etc.Post Audit Section Check the vouchers and ensure the booking of expenditure against the proper G Head. Ensure that the expenditures are properly sanctioned within the budgetary provision and to verify the authenticity of bills/receipts. Ensure that all pre-requisites of payment have been completed. Check the genuineness of payee and proper acknowledgement. Check that all the relevant documents are attached with the vouchers. Verify arithmetical accuracy and check that all procedural formalities have beencompleted. Ensure that vouchers/advices have been signed by the authorized officers.2.Management Audit Team - I &II2.1 Conduct Annual Audit of the departments at H.O. in the light of applicable rules, regulations, policies and procedures with a view to assess that all functionaries are performing their duties efficiently and judiciously.2.2 Conduct the Annual Audit zones and other H.O. units located in the field2.3 Periodical verification of capital items and depreciation charged at H.O.

FIELD AUDIT DEPARTMENT Planning & Coordination UnitImplementation Unit-IFIELD AUDIT DEPARTMENT

Commercial Audit UnitImplementation Unit-II

AIMAppraisal of operations and control to determine whether policies and procedures are being followed carefully and all resources are used efficiently and economicallyOBJECTIVES From the Internal audit perspective, document the Internal Control System designed andput in effect by the Management. Understand and evaluate internal control at the Entity Level and at the Process, Transaction or Application Level on an ongoing basis. Keep track of changes vis--vis internal controls introduced by Management from time to time and update audit working manual. Establish evaluation system of overall effectiveness of Internal Control System, identify areas for improvement and enforce suitable audit methodology. Prepare Annual Audit Plan, keeping in view, Credit, Operational, Compliance and Market risks etc. Coordination with concerned divisions and departments for assessment of risk profile of the Bank and align the audit approach with the risk appetite and mitigation system implemented by Management. Conduct review of the changes in Systems and Procedures developed by Business Development & Marketing Department as an ongoing process. Review and appraise the extent of compliance with established policies, plans and procedures.

INFORMATION SYSTEM AUDIT DEPARTMENTNetworks & Communication Audit UnitDatabases & Applications Audit UnitSystems & Operations Audit UnitPolicy Coor. & Implementation UnitINFORMATION SYSTEMS AUDIT DEPARTMENT

AIM Determine the adequacy of security and controls in the Information Systems environment by assessing technology practices, policies, procedures.

Provide reasonable assurance that business objectives are reasonably achieved.Suggest measures with the objective that undesired events are prevented or detected and corrected.OBJECTIVESProvide reasonable assurance that ZTBL's IT infrastructure, control and governance processes are adequate and functioning in a manner to ascertain quality output. - Sufficiently evaluate control environments in computer application development, implementation and maintenance process.FUNCTIONS1. Conduct periodical audit of IT infrastructure and operational practices to Provide reasonable assurance for adequate functioning of Bank's IT infrastructure to ascertain: Risks are appropriately identified and managed. Important financial, managerial and operating information is framed as per Bank's rules/ regulations and standing instructions. User actions are compliant to the system and procedures prescribed for the purpose. IT resources are acquired economically, used efficiently and adequately protected. Programs, plans and objectives are achieved. Quality and continuous improvement are fostered in the control process.

2Sufficiently evaluate control environment in computer application development, implementation and maintenance process and database implementation/ administration covering areas like: Software development/acquisitions standards Database control procedures Change control procedures Source code and executable libraries Documentation SOPs Pre and post implementation reviews3.Determine whether network and associated components are securely placed into production, the network re-sources are appropriately monitored and adequate control are in place to ensure the security and recoverability of the networks.

2. DATABASE & APPLICATIONS AUDIT UNIT

2.1Conduct audit of information systems application development environment and of database designing & administration. Sufficiently evaluate control environments in computer application development, implementation and maintenance process and database administration.2.2Review user interface of systems, subsystems and software applications.2.3 Assess information technology control elements to mitigate information technology risks regarding the confidentiality, integrity and availability of business information by reviewing areas like: Software development standards Database security control Change control procedures Source code and executable libraries Documentation SOPs Pre and post implementation reviews

2.4Assess the utilization, integration, maintenance and enhancement of software applications.2.5Prepare audit findings regarding the efficiency, accuracy and security of software programs and databases.2.6Review the efficiency and effectiveness of basic operational areas e.g. Access Permission Security & Confidentiality Business Continuity Management Budget & Procurements Projects & Feasibilities Managing the change Process re-engineering Trainings

2.7Prepare audit reports in a timely manner.

3. NETWORKS & COMMUNICATION AUDIT UNIT1. Plan and manage network communication audits to determine whether network s and associated components are securely placed into production, the network's resources are appropriately monitored, and adequate controls are in place to ensure the security and recoverability of the networks.2. Audit activities associated with a LAN/WAN/Internet. Review network design and installation, monitoring and analysis of existing hardware and software and evaluation of network security controls.3. Plan and manage network and communication audits covering areas like: LAN/WAN design/ topology Security architecture Firewalls IDS Routers4. Audit the tuning and capacity planning activities associated with the performance of network resources.5. Review operating systems and security software utilized on the network including the addition of new users to the network and the establishment of rights and privileges.

6. Review the efficiency and effectiveness of basic operational areas e.g. Access Permission Security & Confidentiality Business Continuity Management Budget & Procurements Projects & Feasibilities Process re-engineering Trainings Managing the change

7. Prepare audit reports in a timely manner.4. POLICY, COORDINATION & IMPLEMENTATION UNIT Deal with all administrative, financial, policy and miscellaneous matters of the Department. Coordinate with other departments at Head Office to dispose of official matters. Evaluate/analyze audit reports received from Audit Teams. Pursue for arranging compliance of outstanding audit observations from the concerned offices. Prepare plan of audit teams and implementation thereof.