Projects on bank audit

7/29/2019 Projects on bank audit

1/95

Control System And Bank Audit

1

INTRODUCTION

BANK AND CONTROL

AUDITING

BANK AUDIT

1


2/95


INTRODUCTION TO BANK AND CONTROL SYSTEM

BANKING:

Banking has been defined in section 5 of the act as the accepting,for the purpose of lending or investment, of deposits of money from the public, repayable

on demand or otherwise, and withdraw able by cheque, draft, order or otherwise.

A Banking company or a Bank means any company, which transacts the

business of banking in India, and includes a foreign company, engaged in the business of

banking in India.

There are four types of banking institutions in India. These are:

1) Commercial banks

Commercial banks are the most prevalent banking

institutions in India. Commercial banks operating in India can be divided into two

categories based on their ownership-public sector and private sector banks.

2) Regional rural banks (RRBs) -

RRBs have been established with a view to

developing the rural economy by providing credit and other facilities, particularly

to the farmers.

3) Co-operative Banks -

Co-operative banks are the banks in the Co-operative

sector, which cater predominantly to the needs of the farming, and allied sectors.

Co-operative banks include central Co-operative banks, state Co-operative banks,

primary Co-operative banks and land development banks.

4) Development banks -

Development banks were started for providing only long-

term finance for development purposes; they are also referred as Term-lending

institutions.

2


3/95


Important features

Banks have the following characteristics, which distinguish them from most other

commercial enterprises.

1. They have custody of large quantum of monetary items, Including cash and

negotiable instruments, whose physical security has to be ensured This applies to

both the storage and the transfer of monetary items and makes banks vulnerable to

misappropriation and fraud. They, therefore, need to establish formal operating

procedures, well-defined limits for individual discretion and rigorous systems of

internal control

2. They engage in a large quantum and variety of transactions in terms of both

number and value. This therefore requires complex accounting and internal

control systems.

3. They generally operate through a wide network of branches and departments

which are geographically dispersed.

4. Banks are regulated by governmental authorities and the resultant regulatory

requirements often influence accounting and auditing practices in the banking

sector.

Regulatory framework

There is an elaborate regulatory framework governing banks in

India. The principal enactments which govern the functioning of various types of banks

are:

Banking Regulation Act, 1949

Banking Companies (Acquisition and Transfer of Undertakings) Act, 1970

Banking Companies (Acquisition and Transfer of Undertakings) Act, 1980

SBIAct, 1955

SBI (Subsidiary Banks) Act, 1959 Regional Rural Banks Act, 1976

Companies Act, 1956

Co-operative Societies Act, 1912 or the relevant state Co-operative Societies Act.

3


4/95


INTRODUCTION-an overview of Auditing

Economic decisions in every society must be based upon the information available

at the time the decision is made. For example, the decision of a bank to make a loan to abusiness is based upon previous financial relationships with that business, the financial

condition of the company as reflected by its financial statements and other factors

If decisions are to be consistent with the intention of the decision makers, the information

used in the decision process must be reliable. Unreliable information can cause inefficient

use of resources to the detriment of the society and to the decision makers themselves. In

the lending decision example, assume that the bank makes the loan on the basis of

misleading financial statements and the Borrower Company is ultimately unable to

repay. As a result the bank has lost both the principal and the interest. In addition,

another company that could have used the funds effectively was deprived of.the

money.

As a means of overcoming the problem of unreliable information, the decision-

maker must develop a method of assuring him that the information is sufficiently reliable

for these decisions. In doing this he must weigh the cost of obtaining more reliable

information against the expected benefits.

A common way to obtain such reliable information is to have some type of verification

(audit) performed by independent persons. The audited information is then used in the

decision making process on the assumption that it is reasonably complete, accurate and

unbiased.

The word Audit is derived from the Latin word Audire which means to

here. In olden days, whenever the owner of the business suspects the frauds, they

appoint independent and impartial person who uses to hear the explanation given by the

accountant. Such person was known as Auditor.

Auditing may be defined as,

A careful and critical examination of books of accounts by a

properly qualified person on the basis of proper evidence so as to express an opinion (i.e.

views) about the truth and fairness of financial statements.

4


5/95


TYPES OF AUDIT

The entire process of audit depends upon the type of audit. Type of audit to be

conducted is to be selected carefully, keeping in mind the objects of audit in each and every

case. Hence it is essential to study the various types of audit before laying down the

programme for any audit work.

5

CHART SHOWING DIFFERENTCLASSES OF AUDIT

BASED ON

AUTHORITY

Y

BASED ON

SCOPE

BASED ONTIME

BASED ON OTHEROBJECT TYPES

Statutory Non-Statutory InternalAudit Audit Audit

Complete PartialAudit Audit

Continuous Final InterimAudit Audit Audit

Special Cost Management SocialAudit Audit Audit Audit

Balance Sheet Occasional Audit In Cash Operational

Audit Audit Depth Audit Audit


6/95


BASED ON AUTHORITY:

1) Statutory Audit

It is the audit, which is compulsory under the law*Appointment ofauditors,

removal, Remuneration, rights, duties, and liabilities are governed as per the

provisions 'of the respective law applicable to the organisation. Scope of audit work

and all other terms are as laid down by the law. It can be conducted only by a

qualified Chartered Accountant.

2) Non-Statutory Audit

Non-statutory audits are voluntary audits. These audits are not compulsory under

any law. Terms and conditions of audit are determined as per the agreement made between

the auditor and proprietor for e.g. financial audit of a sole trader or partnership firm. It also

includes non-financial audits e.g. internal audit, management audit, Operational audit,

Social audit, etc.

a) Private Audit

The audit which is done for the satisfaction of the owner Is called

private audit. This type of audit is not compulsory at all. It may be conducted by

sole proprietors, partnership firms, family trusts, private trusts, etc. The various types of

private audit are

i) Audit of Sole Proprietor

Audit of accounts of a sole-proprietor is not compulsory. However, he

may get his books audited for various reasons. Some of the reasons are: -

1) For obtaining loan from bank and financial institutions.

2) For presenting authentic data to income tax and Sales tax authorities.

3) For his own satisfaction that his employees have written the books of accounts

properly and that there are no frauds and errors.

ii) Audit of partnership firms

1) Under partnership Act it is not compulsory to audit the accounts. However in actual

practice it is not only advisable but even necessary to get them audited

2) It helps to prevent disputes among the partners.

3) It facilitates borrowing frombanks

4) Audited accounts are preferred by income tax and sales tax departments.

5) Audited accounts can be helpful in case of litigation.

6


7/95


3) Internal Audit

This type of audit is also optional. It is conducted by the internal auditor who is

appointed by the proprietor. Even the employee of the organisation may be appointed as

an internal auditor to examine the books of accounts. All the terms and conditions of audit

work are determined by the agreement. The basic purpose of internal audit is not only to

examine the books of accounts but also to review the present working and make valuable

suggestions to improve it.

BASED ON SCOPE:

1) Complete Audit

In complete audit the auditor have to check each and every transaction,

voucher document etc. relating to the transactions of business. This types of audit

is not possible in case of large business organizations.

2) Partial Audit

Sometimes auditor may be called upon to audit few books and give his

finding thereon. Sometimes he may be called upon to audit only the payment

side of cashbook or receipts side only. This is called as Partial Audit. Auditor has

to be very careful when he undertakes this type of audit. Usually this type ofaudit is called for when a fraud or misappropriation is" suspected. While

submitting the report auditor should clearly mention -the scope and documents

or books made available to him for his audit. Partial audit is not practical. Such

an audits possible where audit is not a legal necessity.

BASED ON TIME:

1) CONTINUOUS AUDIT

One where the auditor, or his staff, is constantly engaged in checking the

accounts during the whole period or where the auditor or his staff attends at regular or

irregular intervals during the period.

Continuous audit means an audit at regular intervals throughout the

accounting year. Continuous audit, accounting and auditing work is done side by

side.

7


8/95


(2) FINAL /ANNUAL /PERIODICAL / COMPLETED AUDIT:

Periodic audit is also known as 'final or completed audit'. Final audit is carried out

continuously until it is completed. It is a past accounts audit. In case of a final audit, the

auditor gets hold of all the books of accounts and the vouchers for the, accountingPeriod. He is in possession of all the facts and figures relating to the accounting period for

which the audit is being conducted. In case of this audit, the auditor visits the clients place

only once and remains there till the audit is over.

Generally this type of audit is appropriate for smaller business concerns. Generally

majority of audits are in the nature of Final Audits.

(3) INTERIM AUDIT:

It is a kind of audit, which is conducted in between the annual or final audits. It is

conducted to find out the interim profit and know the financial 'position at the end of a

part of the accounting year. This is usually carried out at half yearly intervals. Hence, this is

also called as half yearly audit.

BASSED ON OBJECT :

1) SPECIAL AUDIT

Under section 233 A of companies Act, the central government has power to direct

special audit under following circumstances:

a) When the affairs of any company are not managed as per the sound business

principles.

b) When the financial position of the company is such as to endanger its solvency.

c) When company is being managed in a manner which is likely to cause serious

injury or damage to the interest of trade or industry

The auditor appointed by the government is required to report to the government.

2) COST AUDIT

It is a type of audit, which involves verification of cost records maintained by the

organisation. Under section 233 B of the companies Act, 1956 the central government may

direct an audit of cost records by a person who is qualified. Appointment of auditor is done

by the board of director subject to the approval of the central government. The auditors repot

8


9/95


to the government, the copy of the report is send to the company. It has been defined as the

verification of the correctness of cost accounts and of adherence to the cost accounting plan.

3) Management audit:-

'Management auditing is concerned with review of operations and performance of

management to improve efficiency and effectiveness of the organisation. It is, thus, an

extension of internal audit function. Some authors use the terms management auditing

and operational auditing interchangeably because of the close resemblance of

methodology employed. But it may be noted, although operational auditing is also

concerned with review of operations of an entity, management auditing, in addition to it

also includes review of managerial performance. Secondly, the frame of reference of a

management audit is derived, generally, from the expectations of the external

participants and not of organisation's management as in case of operational auditing.

4) Social audit

Social audit is a recent development in the field of at it is based on the

modern concept of social responsibility of business. Social audit examines to what extent

the business is discharging the social responsibilities. It examines the contribution of the

concern to the society at large.

Other types:

1) Balance sheet Audit

Balance Sheet audit is of a recent origin. It has acquired popularity in U.S.A.

As the very name suggests, balance sheet audit consists of verification of all the items

appearing in the balance sheet such as assets, capital, reserves and liabilities of the business.

Under 'balance sheet audit, the auditor commences audit on the basis of the Balance sheet,

and he works back to the books of original entry and other evidences. Though balance sheet

audit concentrates mainly on balance sheet items, it also includes an examination of those

transactions, which are appearing in the Profit and Loss Account because balance of Profit

and Loss Account appears in the balance sheet. Thus, in balance sheet audit all the items

contained in the balance sheet and other related or allied items are verified completely. The

auditor' will check up general ledger also

9


10/95


(2) Occasional audit: -

This type of audit is carried out occasionally as per the need of the business, T1V

applicable to the proprietary concerns such as sole traders and partnerships, it is just a need-

based audit. It is conducted at the desire of the owner of the business. This of audit is not

possible in case of Joint Stock Company as the annual au; compulsory as provided in

Companies Act, 1956.

(3) Audit in Depth

Under this type of audit, the auditor examines thoroughly selected transactions

right from their origin to the conclusion. All records and documents pertaining to the

transactions are checked in detail. The basic purpose of this type of audit is to

whether the system of internal check or control system is effective. This type of audit

enables the auditor to suggest to the management a better procedure for recording the

transactions to avoid any loopholes for committing frauds.

4) Cash Audit

Here the auditor examines only cash transactions. He examines cash receipts and cash

payments. Cash transactions are checked with the help of receipts and vouchers and other

evidences. The receipts and payments may be capital or revenue in nature.

5) Operational Audit

Operational audit goes beyond financial audit. It is conducted to see that the business

operations are improved in future. It guides the management in achieving

organizational objectives

10


11/95


INTRODUCTION TO BANK AUDIT

Bank Audit is a time bound exercise and it is full of challenges and

responsibilities. For those who approach this exercise with scientific methods and properplanning The auditor has very limited option as far as the availability of time is

concerned, therefore, the only option he has is to carry out the audit in a very scientific

manner so that he is able to conduct a purposeful audit in the limited time.

Generally, the appointment letters are received in second or third week of March

and the auditors are expected to commence the audit in the first week of April and to

complete the audit, in one visit and in all respect, by the end of second week of April.

Therefore, the time available for the completion of audit in all respects is generally in the

range of 4-5 days to a maximum of a week or 10 days, irrespective of the size of the

branch, volume of business and nature of activities.

The banks are taking effective measures to address this issue and some banks

have allowed the auditors of large and very large branches to visit the respective branches

before the close of the year. Such visits help the auditors to gather lot of first hand

information and insight about the branch and its business profile, performance, NPA

profile, client profile, level of computerization, etc.

Generally, banks circulate detailed closing instructions to the branches and the

auditors well in advance. It is important to review the instructions and to incorporate the

significant instructions in the audit plan/programme/checklist.

With the latest information available at the touch of button, it is very important that to

keep update about the significant developments in the banking sector and to incorporate

all the significant developments in the audit programme/checklist.

As the concept of Peer Review is already put in place, it is important that while

carrying out the attest function due emphasis is given to Auditing & Assurance Standards

and other pronouncements of the Institute while discharging the attest function. Apart

from this, it is also important to preserve all the required documents/representations etc.

for future reference.

11


12/95


13/95


14/95


2

CONTROL SYSTEMS

BANKING REGULATION ACT, 1949

CORPORATE GOVERNANCE

GOSH COMMITTEE RECOMMENDATIONS

AUDITING & ASSUARANCE STANDARDS(AAS)XX

14


15/95


Controls and Regulations (banking regulation act, 1949)

CAPITAL RESERVES

Section 11 of the Banking Regulation Act lays down the requirements regarding

the minimum paid-up share capital and reserves of banking companies. Similar

requirements in the case of cooperative banks are laid down in section 56(h). These

provisions are not applicable to rural banks, nationalised banks, and the State Bank Of

India and its subsidiaries.

Under section 12(1), the subscribed capital of a banking company should not be

less than one-half of its authorized capital and the paid-up capital not less than one-half of

the subscribed capital. If the capital is increased, it should comply with these conditions

within a stipulated time period. Further, the capital of a banking company should consist

of ordinary shares alone, the only exception being in the case of preference shares issued

prior to July 1, 1944. These provisions do not apply to a banking company incorporated

before January 15, 1937 or to a nationalised bank, a regional rural bank, a cooperative

bank, and the State bank Of India and its subsidiaries.

A banking company incorporated outside India is required to deposit with the

Reserve bank in the form of cash and/or approved securities, (a) an amount not less than

the minimum paid-up capital and reserves as prescribed under section 11(2) of the

Banking Regulation Act (1949), and (b) an amount equal to 20 percent of its profits for

each year in respect of all business transacted through its branches in India. However, the

central government may, on the recommendation of the Reserve Bank, exempt a banking

company from these requirements for a specified period having regard to the adequacy of

the total amounts deposited by it with the Reserve Bank in relation to its deposit

liabilities.

Restriction on commission, brokerage, discount, etc. on sale of shares.

Notwithstanding anything to the contrary contained in 3[Secs. 76 and 79 of the

Companies Act, 1956 (1 of 1956)], no banking company shall pay out directly or

indirectly by way of commission, brokerage, discount of remuneration in any form in

respect of any shares, issued by it, any amount exceeding in the aggregate two and one-

half per cent. of the paid-up value of the said shares.

15


16/95


17/95


Cash reserve.

Every banking company, not being a scheduled bank, shall maintain in India by

way of cash reserve with itself or by way of balance in a current account with the Reserve

Bank or by way of net balance in current accounts or in one or more of the aforesaid

ways, a sum equivalent, to at least three percent Of the total of its demand and time

liabilities in India as on the last Friday of the second preceding fortnight and shall submit

to the Reserve Bank before the twentieth day of every month a return showing the amount

so held on alternate Fridays during a month with particulars of its demand and time

liabilities in India on such Fridays or if any such Friday is a public holiday under the

Negotiable Instruments Act, 1881(26 of 1881), at the close of business on the preceding

working day.

Restrictions on loans and advances.

(1) Notwithstanding anything to the contrary

contained in Sec. 77 of the Companies Act, 1956 (1 of 1956), no banking company shall,

(a) Grant any loans or advances on the security of its own shares, or

(b) Enter into any commitment for granting any loan or advance or advance to or on

behalf of

(i) Any of its directors,

(ii) Any firm in which any of its directors is interested as partner, manager,

employee or guarantor, or

(iii) Any company (not being a subsidiary of the banking company or a company

registered under Sec. 25 of the Companies Act, 1956 (1 of 1956), or a Government

company)] of which 2[or the subsidiary or the holding company of which] any of the

directors of the banking company is a director, managing agent, manager, employee or

guarantor or in which he holds substantial interest, or

(iv) Any individual in respect of whom any of its directors is a partner or

guarantor.

(2) Where any loan or advance granted by a banking company is such that a commitment

for granting it could not have been made if Cl.(b)of sub-section (1) had been in force on

the date on which the loan or advance was made, or is granted by a banking company

after the commencement of Sec. 5 of the Banking Laws (Amendment) Act, 1968 (58 of

1968), but in pursuance of a commencement of Sec. 5 of the Banking Laws (Amendment)

Act, 1968(58 of 1968), but in pursuance of a commitment entered into before such

17


18/95


commencement, steps shall be taken to recover the amounts due to the banking company

on account of the loan or advance together with interest, if any, due thereon within the

period stipulated at the time of the grant of the loan or advance, or where no such period

has been stipulated, before the expiry of one year from the commencement of the said

Sec. 5:

(3) No loan or advance, referred to in sub-section (2), or any part thereof shall be remitted

without the previous approval of the Reserve Bank, and any remission without such

approval shall be void and of no effect.

(4) Where any loan or advance referred to in sub-section (2), payable by any person, has

not been repaid to the banking company within the period specified in that sub-section,

then such person shall, if he is a director of such banking company on the date of the

expiry of the said period, be deemed to have vacated his office as such on the said date.

CONTROL OVER MANAGEMENT

36-AA. Power of Reserve Bank to remove managerial and other persons from office .

(1) Where the Reserve Bank is satisfied that in the public interest or for preventing the

affairs of a banking company being conducted in a manner detrimental to the interests

of the depositors or for securing the proper management of any banking company it is

necessary so to do, the Reserve Bank may, for reasons to be recorded in writing, by

order remove from office, with effect from such date as may be specified in the order

3[any chairman, director,] chief executive officer (by whatever name called) or other

officer or employee of the banking company.

(2) No order under sub-section (1) shall be made 4[unless the chairman, director] or chief

executive officer or other officer or employee concerned has been given a reasonable

opportunity of making a representation to the Reserve Bank against the proposed

order:

Provided that if in the opinion of the Reserve Bank, any delay would be detrimental to

the interests of the banking company or its depositors the Reserve Bank may, at the

time of giving the opportunity aforesaid or at any time thereafter, by order direct, that

pending the consideration of the representation aforesaid, if any 5[the chairman or, as

the case maybe director or chief executive officer] or other officer or employee, shall

not, with effect from the date of such order.

(a) 6[act as such chairman or director] or chief executive officer or other officer or

employee of the banking company;

18


19/95


(b) in any way, whether directly or indirectly be concerned with, or take part in

the management of, the banking company.

(3) If any person in respect of whom an order is made by the Reserve Bank under

subsection (1) or under the provison to sub-section (2) contravenes the provisions of

this section, he shall be punishable with fine which may extend to two hundred and

fifty rupees for each day during which such contravention continues.

(4) Any person appointed as 1[chairman, director or chief executive officer] or other

officer or employee under this section shall

(a) Hold office during the pleasure of the Reserve Bank and subject thereto for a

period not exceeding three years or such further periods not exceeding three years at a

time as the Reserve Bank may specify;

(b) Not incur any obligation or liability by reason only of his being a 5[chairman,

director or chief executive officer] or other officer or employee or for anything done

or omitted to be done in good faith in the execution of the duties of his office or in

relation thereto.

(5) Notwithstanding anything contained in any law or in any contract, memorandum or

articles of association, on the removal of a person from office under this section that

person shall not be entitled to claim any compensation the loss or termination of

office.

Power to inspect.

(1) The Reserve Bank shall, on being directed so to do by the Central Government or by

the High Court, cause an inspection to be made by one or more of its officers of a

banking company which is being wound up and its books and accounts.

(2) On such inspection, the Reserve Bank shall submit its report to the Central

Government and the High Court.

(3) If the Central Government, on consideration of the report of the Reserve Bank, is of

opinion that there has been a substantial irregularity in the winding-up proceedings, it

may bring such irregularity to the notice of the High Court for such action as the High

Court may think fit.

19


20/95


CORPORATE GOVERNANCE:

Goodcorporate governance is the only alternative available before the Indian

corporate sectary and more particularly, banks both commercial and co-operativesector to come atpar with international standards. But, some seriousthought has to

be given to bring certain amount of norm in governanceof the countryspolitical

system.

Corporate Governance has been defined in different ways by different thinkers

and experts.

According to noble Laureate Milion Friedman "Corporate Governance is to

conduct the business in accordance with owner or shareholders' desires, which generally

will be to make as much money as possible, while conforming to the basic rules of the

society embodied in law and local customs". This definition is narrow in scope as it gives

more importance to the owners' stake. Over a period of time, with fast developments in

the world, the .scope of the corporate governance has widened. It now encompasses the

interest of not only the owners but also many other stakeholders.

The OECD experts have defined, "Corporate Governance as the system by which

corporations are directed and controlled. The corporate governance specifies the

distribution of rights and responsibilities among different parties in the corporation, such

as, the Board, managers, shareholders and other stakeholders, and spell out the rules and

procedures for making decisions on corporate affairs. In simple words, corporate

governance is not just profit making, but behaving responsibly, protecting environment,

promoting healthy competition and preventing networth erosion. Corporate governance

cannot be explained by a set of hard and fast rules or standards. The crux of corporate

democracy lies in the accountable business leadership. Its main aim-is to maintain a

balance between economic and social goals and between individual and commercial

goals. According to Mr. J. Wclfensohn, President, World Bank, "Corporate Governance is

about promoting corporate fairness, transparency and accountability".

20


21/95


HISTORICAL BACKGROUND:

The emergence of modern corporate governance is traced back to the Watergate

Scandal in USA. At that time, on investigation, the U.S. regulatory and legislative bodies

were able to highlight control failures that had allowed several major corporations to

make illegal political contributions and to bribe government officials. As a consequence

to this. Foreign and Corrupt Practices Act of 1977 was introduced in USA. that contained

specific provisions regarding the establishment, maintenance and review of a system of

internal controls. Thereafter, a number of other measures were initiated for internal

financial controls and the most important was Headway Commission after the collapse of

Savings and Loans in USA. The 'Headway Commission submitted its report in 1987 and

stressed for the need for a proper control environment, independent audit committees and

an objective Internal Audit Function.

The corporate world in India cannot remain indifferent to the development around

the world. The collapse of South East Asian economies in 1997 made corporate

governance a very vital issue for corporate world. With the fast growth of economy,

corruption is bound to emerge and it is considered as a part of growing economy. In

developing countries, the resources have to be prioritized as required by the policy

makers. Corruption and economic development cannot go hand in hand. If a country is

considered to be corrupt, it may not attract foreign investment. Good corporate

governance is important for running a business on sound ethical values. In the words of

Mr. Deepak Parekh, ethics means, "Not doing a thing one would be ashamed of if it

becomes public".

The only good governance available in the banking sector was the ground rules

and Code of Ethics known as G R A CE, indection of professional directors, redressal of

custom complaints through Ombudsman and functioning of Audit committee of the

Board. The banks enjoyed full protection. They were not exposed to any competition and

there was hardly any concept of transparency and accountability. This became a breeding

ground for malpractices and led to inefficiency due to economic compulsions and

pressure, the Government of India compelled to open Indian economy and introduce

prudential Accounting Norms, as suggested by Narasimham Committee in its report

21


22/95


submitted to RBI in 1990. A new challenge emerged, which led to reform in the Indian

banking system so as to bring it at par to international standards as required under BIS

norms.

CRITICAL ISSUES: -

Apart from the emerging challenges, a few issues having policy implications

continue to remain shrouded in controversy. primarily, they relate to the following areas:

a) Government Ownership: government ownership of the banking sector creates a

number of problems for RBI as the regulator. The problems are particularly

complex because the government often acts as quasi-regulator. Therefore, it is to

be decides whether good governance is compatible with government ownership.

b) Checks and Balances: in India, in most banks, the chairman and CEO positions

are combined. This may create concentration of power in a single individual. It

has been suggested that the roles of the Chairman and CEO be separated.

c) RBI and Government nominee directors: whether RBI can effectively perform

its role as supervisor, when it is also represented on the board through its nominee

director, which may lead to conflict of interest with its regulatory function. More

so, since the nominee of RBI and government are treated as superior to other

directors.

d) Sectoral representation: considering the current trend of liberalization, the

reorientation given to various interest groups in the board for protection of there

sectional economic interests, may have to be reviewed.

e) Quality and proportion of non-executive director: only individuals of proven

professional competence and experience and with special insight into specific

economic activities may be appointed as non-executive directors. The optimum

proportion of executive and non-executive directors continues to be a matter of

debate.

f) Delay in Filling up vacancies in the board: In many cases There is long delay in

filling up the vacancies in the board, which cripples its efficient functioning.

g) Ceiling on number of members in board: the size of the board should be too un

wieldy so as hamper its cohesiveness.

h) Disparities in remuneration of whole time directors: normally, the whole time

directors of PSU banks are remunerated very poorly compared to there private

22


23/95


24/95


25/95


3.4 Precautions for averting frauds in

areas of letters of

credit, issue of

guarantees and co-

acceptance facilities

The RBI vide its Cir. No. DBOD. No. GC.

SIC. BC. 97/C.408(A)-83 date 26-11-1983 has

advised the banks to follow the following

precautions for opening LCs, issuing BGs

and co-acceptance of Bills.

(a) LCs, BGs facility should be given only

to the customers having regular credit

facilities and if the customers do not

have regular credit facilities, the

proposal should be appraised like any

other credit proposal.

(b) Before establishing LC, the bank

should examine the financial position

of the customer, his ability to meet the

required funds for retirement of bills onpresentation.

(c) The bank should obtain suitable margin andother security.

(d) If the customer is enjoying credit facilities orhaving account with other banks, withoutreference and concurrence of such other

bank, LC should not be opened.

(e) LC should not be established on theguarantee of another bank.

(f) For performance guarantee, the bank shouldexamine the capacity and means to

perform the obligation under guarantee.(g) With respect to co-acceptance of

bills, the following guide-lines are

given by RBI.

i) The need for sanctioning such

facility should be thoroughly

examined and sanctioned only

to the customers having other

credit facilities.

ii) Genuine trade bills only to be

co-accepted, it should be

ensured that the stocks covered

bills are reflected in the stock

statements of the customer.

iii) Accommodation bills, house bills,

bills of group concerns should

not be co-accepted.

iv) Proper records are to bemaintained for recording the bills

25


26/95


8.14 Monthly certificateof assisted units and

on stocks pledged/

hypothecated to

bank.

co-accepted.v) The powers to co-accept bills,

beyond certain limits must beexerc ised by two officers jointly.

The RBI vide its circular No. DBOD. No.

Com. BC. 28/C.408(A)-81 dated 23-02-1981

has advised the banks to lay down a system

of submitting periodical returns/certificates

to the controlling offices, say monthly,containing the information to show name of

the borrowers, limits sanctioned, short

description and value of the securities

charged to the bank, date of inspection

thereof names and signatures of the officials

who carried out the inspection as also

serious defects if any, observed by the

officials during such inspection. The auditor

should examine whether the branch is

submitting such return to the controlling

office every month.

9.10 Fraud cases up to Rs.25,000/-having

involvement of an

insider should not

be reported to Police,

where the recovery isnot doubtful.

With a view to expedite cases and award of

punishments, the Committee desired that

where a fraud for an amount not exceeding

Rs. 25,000/- involving an employee of the

bank is detected, and the recovery of the

amount is not in doubt, the matter shouldnot be reported to the police.

26


27/95


AUDITING AND ASSUARANCE STANDARD (AAS) XX:

The auditor should obtain an understanding of internal control relevant to

the audit. The auditor uses the understanding of internal control to identify types of

potential misstatements, consider factors that affect the risks of material misstatement,

and design the nature, timing, and extent of further audit procedures. Internal control

relevant to the audit is discussed below.

Internal control, consists of the following components:

(a) The control environment.

(b) Control activities.

(c) Monitoring of controls.

Controls Relevant to the Audit

1) There is a direct relationship between an entity's objectives and the controls it

implements to provide reasonable assurance about their achievement. The entity's

objectives, and therefore controls, relate to financial reporting, operations and

compliance; however, not all of these objectives and controls are relevant to the audi-tor's risk assessment.

2) Ordinarily, controls that are relevant to an audit pertain to the entity's objective of

preparing financial statements for external purposes that give a true and fair view (or

are presented fairly, in all material respects) in accordance with the applicable

financial reporting framework and the management of risk that may give rise to a

material misstatement in those financial statements. It is a matter of the auditor's

professional judgment, subject to the requirements of this AAS, whether a control,

individually or in combination with others, is relevant to the auditor's considerations

in assessing the risks of material misstatement and designing and performing further

procedures in response to assessed risks. In exercising that judgment, the auditor

considers the circumstances, the applicable component and factors such as the

following:

The auditor's judgment about materiality.

The size of the entity.

27


28/95


The nature of the entity's business, including its organization and ownership

characteristics.

The diversity and complexity of the entity's operations.

Applicable legal and regulatory requirements.

The nature and complexity of the systems that are part of the entity's internal control,

including the use of service organizations.

3) Controls relating to operations and compliance objectives may, however, be relevant

to an audit if they pertain to data the auditor evaluates or uses in applying audit

procedures. For example, controls pertaining to non-financial data that the auditor

uses in analytical procedures, such as production statistics, or controls pertaining to

detecting non-compliance with laws and regulations that may have a direct and

material effect on the financial statements, such as controls over compliance with

income tax laws and regulations used to determine the income tax provision, may be

relevant to an audit.

4) Internal control over safeguarding of assets against unauthorized acquisition, use, or

disposition may include controls relating to financial reporting and operations

objectives. In obtaining an understanding of each of the components of internal

control, the auditor's consideration of safeguarding controls is generally limited to

those relevant to the reliability of financial reporting. For example, use of access

controls, such as passwords, that limit access to the data and programs that process

cash disbursements may be relevant to a financial statement audit. Conversely,

controls to prevent the excessive use of materials in production generally are not rel-

evant to a financial statement audit.

Control Activities

1) The auditor should obtain a sufficient understanding of control activities to assess the

risks of material mis-statement at the assertion level and to design further audit

procedures responsive to assessed risks. Control activities are the policies and

procedures that help ensure that management directives are carried out; for example,

that necessary actions are taken to address risks that threaten the achievement of the

entity's objectives. Control activities, whether within IT or manual systems, have

various objectives and are applied at various organizational and functional levels.

Examples of specific control activities include those relating to the following:

28


29/95


Authorization, Performance reviews, formation processing, Physical controls,

Segregation of duties

2) General IT-controls are policies and procedures that relate to many applications and

support the effective functioning of application controls by helping to ensure the

continued proper operation of information systems. General IT-controls that maintain

the integrity of information and security of data commonly include controls over the

following:

Data centre and network operations.

System software acquisition, change and maintenance.

Access security.

Application system acquisition, development, and maintenance.

The auditor should document:

The manner in which these matters are documented is for the auditor to

determine using professional judgment. In particular, the results of the risk assessment

may be documented separately, or may be documented as part of the auditor's

documentation of further procedures. Examples of common techniques, used alone or in

combination include narrative descriptions, questionnaires, check lists and flow

charts. Such techniques may also be useful in documenting the auditor's assessment of

the risks of material misstatement at the overall financial statement and assertions level.

For example, documentation of the understanding of a complex information system in

which a large volume of transactions are electronically initiated, recorded, processed, or

reported may include flowcharts, questionnaires, or decision tables. For an information

system making limited or no use of IT or for which few transactions are processed (say,

long-term debt), documentation in the form of a memorandum may be sufficient.

Ordinarily, the more complex the entity and the more extensive the audit procedures

performed by the auditor, the more extensive the auditor's documentation will be. AAS 3,

"Documentation" provides guidance regarding documentation in the context of the audit

of financial statements.

Effective Date

This Auditing and Assurance Standards is effective for audits related to

accounting periods beginning on or after 1st April, 2007.

29


30/95


31/95


PREPARATION AND PLANNING FOR AUDIT

The audit preparation and planning should start immediately on receipt of the

appointment letter and the auditor should not wait until actual commencement of audit forthe same. The various stages involved in audit preparation and planning and the other

related issues have been discussed below in detail.

STAGE I: AT THE OFFICE

UNDERSTANDING THE BASIC SCOPE OF AUDIT:

Broadly the scope of audit can be divided into three main parts:

1.Authentication of closing returns such as:

a) Balance Sheet.

b) Profit and Loss Account either for the full year or for two half years.

c) Master Summary of advances containing asset classification.

d) Statement of furniture/fixtures, computers, etc.and depreciation.

e) Statement of Capital Adequacy.

f) Statement of maturity pattern of loans & advances and deposits.

g) Statement of maturity pattern of foreign currency assets and liabilities.

h) Statement of maturity pattern of borrowings.

i) Statement of cash and bank balance on twelve odd dates.

j) Statement of lending to sensitive sectors.

k) Statement of movements in NPA.

1) Statement of advances made by rural branches.

2. Issuance of certificates in relation to:

a) Claim for PMRY subsidy.

b) Refund of DICGC claim.

c) Asset classification, income recognition and provisioning.

d) Memorandum of Changes (MOC) for previous year.

e) Investments, if any, held on behalf of Head office.

3. Issuance of reports including special purpose reports/certificates such as:

a) Auditors Report.

b) Long Form Audit Report.

c) Tax Audit Report.

31


32/95


d) Compliance certificate in respect of implementation of recommendations of Ghosh

& Jilani Committees.

The scope is illustrative and not exhaustive and it may differ from bank to bank.

COMMUNICATION WITH THE BRANCH

Generally, the appointment letter issued by the HO/CO also contains the details

like complete postal address and contact numbers of the branch, name of the branch head,

business portfolio of the branch, etc. If these details are not mentioned in the appointment

letter, the same must be obtained.

Depending upon the business profile of the branch, the auditor must issue written

communication for all the audit requirements to the branch.

PREPARATION OF AUDIT PROGRAMME

1. While preparing/updating audit programme due importance must be given to

a) Auditing & Assurance Standards and other pronouncements of the Institute.

b) Provisions of the governing statutes.

c) Latest closing instructions.

d) Latest business profile.

e) Audited and un-audited financial statements.

f) LFAR for the previous year.

g) Guidelines and circulars issued by RBI.

h) Past experience of bank audit.

2. Generally, the information about the closing returns to be signed and certificates and

reports to be issued is mentioned in the appointment letter and/or the closing instructions

issued by the HO/CO. It must be ensured that all this information is properly

updated/incorporated in the audit programme and all the related instructions for the

closing returns, certificates, reports, etc., are incorporated in the audit checklist.

3. As most of the branches/operations are computerized, due emphasis must be given

to the level of computerization at the branch level. The audit approach in case of a

computerized branch is totally different from the one adopted in case of the branch

maintaining manual records.

4. The audit programme must be flexible and have substantial scope for

modification/revision during the course of audit.

32


33/95


34/95


EXECUTION OF AUDIT

During execution of audit, following important aspects must be borne in mind:

1. The audit programme and the checklists must be suitably updated/ modified in the

light of the understanding gathered about the overall functioning of the branch.

2. The audit observations must be discussed on a daily basis.

4. The documentation and proper filing must be given due importance. All the audit

memos along with the supporting documents must be systematically filed on a daily

basis.

5. The final issues affecting the true and fair view and other disclosures must be

discussed with the branch management.

COMPLETION OF AUDIT

At the final stage, the following important aspects must be borne in mind:

1. The auditor must ensure that all the audited closing returns, reports and certificates

have been duly signed and stamped.

2. It must be ensured that LFAR has also been prepared and discussed with the branch.

3. Tax audit must also be completed during the course of statutory audit, as no separate

visit is allowed for the same.

4. The copies of the audited closing returns, reports and certificates are obtained for the

purpose of filing.

5. Necessary representation letter must be obtained from the branch management.

6. In case the Bank requires Attendance Certificate to be submitted along with the bill,

ensure that the same has been obtained in the prescribed format.

AUDIT OF BL. AND P&L:

The statutory audit of banks and their branches is generally described as Balance

Sheet Audit.The audit procedures followed in case of banks are to some extent different

from those followed in case of other entities. The reason being the system of accounting

followed and the nature of records maintained by the banks. Before we proceed with the

Balance Sheet and the Profit & Loss Account, it is advisable to gain an understanding of

accounting system and the nature of records of the branch.

34


35/95


36/95


SPECIFIC AUDIT APPROACH FOR MAJOR ITEMS OF BALANCE SHEET

PART I: ASSETS

1. Cash

a) Evaluate the effectiveness of internal controls being exercised by the branch by

making enquiries about the daily verification of cash at the opening and the

closing hours, maintenance of cash related registers and vault regi'ster, safety of

cash cabin, dual custody of cash, safe keeping of vault and cash box keys,

recording of movements of keys, dual custody of the keys, security arrangements

for cash movements, decoy money, daily cash holding and retention limit, etc.

b) Review the reports of the concurrent auditors to ascertain the level and

effectiveness of internal controls and also ascertain the frequency of cash

verification carried out by the concurrent auditors.

c) Verify the closing cash balance at the branch and the extension counter/ATM

center connected to the branch as on the last day of the year or as of any day

during the course of audit in the presence of the cashier and the manager.

2. Balances with Reserve Bank of India, State Bank of India and other Banks

Verify the balances as per the books with the balance confirmation certificates

received from these banks.Ensure that the matters to be reported in LFAR have been duly

verified and incorporated.

3. Money at call and short Notice

Generally these assets are not held or dealt with at the branch level.

4. Investments

Generally these assets are not held or dealt with at the branch level.

5. Advances

The audit approach in respect of advances is covered in detail in audit of

advances

6. Furnitures, fixtures, computers and office equipments

a) Evaluate the effectiveness of internal controls over acquisition, recording,

identification, safeguarding and periodic verification of these items.

b) Verify the major additions and deletions/disposals with the related supporting

documents such as invoices, challans, etc.

36


37/95


7. Other asset - Inter Office adjustments (NET)

a) Understand the basic nature of such transactions, the relevance thereof for the

overall presentation of financial statements and the procedure for recording such

transactions.

b) Ensure that the closing balance shown in the statement of the last day of the year

tallies with the corresponding balance in General Ledger.

c) Comment of very old and high value un-reconciled items.

8. Other asset - Interest accrued

Ascertain the system of accruing interest on advances in the computerized branch

in the light of RBI guidelines for monthly charging of interest.

9. Other asset - Suspense account

a) Understand the guidelines issued by HO for operating suspense account.

b) Obtain the details of entries/items outstanding as at the year-end.

c) Identify the provision to be made in respect of very old entries.

d) Ensure that the matters to be reported in LFAR have been duly verified and

incorporated.

10. Other asset - Stationery and stamps

Evaluate the effectiveness of internal controls exercised by the branch for

acquisition, recording, usage, physical verification, dual custody, access, etc., for stamps,

deposit receipts, drafts, pay-orders, cheque books, traveller's cheques, gift cheques, etc.

12. Other asset - Miscellaneous debits in Government accounts

Generally the balance outstanding in this account indicates the pending claims to

be received from the Government towards pension, provident fund, etc., paid by the

branch on behalf of the Government.

13. Other asset - Security deposits

It relates to telephone deposit, mobile deposit, electricity deposit, deposit paid to

the landlord for leased premises, etc.

PART II: LIABILITIES

1. Deposits

a) Ensure that the balances as per the subsidiary ledgers of various deposit accounts

are duly balanced and tallied with the respective balances in the general ledger. Any

difference in the balancing should be reported in the audit report.

37


38/95


b) Understand the types of various deposits held by the branch and the salient

features of those deposits with reference to the due dates for application, accrual,

compounding and payment of interest.

c) Ascertain that the branch has complied with the RBI guidelines related to opening

and maintenance of deposit accounts including NRI deposit accounts. More

emphasis should be given to KYC norms, operations in new accounts, heavy cash

deposits and withdrawals, etc. Any serious discrepancy in this regard should be

reported.

2. Borrowings

Generally borrowings are not held or dealt with at the branch level.

3. Bills payable

a) Generally bills payable relates to pay-order (PO), demand draft (DD),

telegraphic transfer (TT) and mail transfer (MT) and banker's cheque issued by the

branch. The balances in these accounts indicate progressive balance that is subject

to reconciliation at HO level.

b) Ensure that the details of lost demand drafts, if any, circulated by RO/HO is

readily available with the branch.

4. Inter-office adjustment (NET) For details refer item 7 of PART I.

5. Interest accrued

Ascertain the system of accruing interest on deposits in the computerized branch.

Generally interest on deposits is accrued at the last day of the month and is reversed on

the first day of the succeeding month.

7. Other liabilities - Rebate on Bills discounted

a) Ascertain that the branch has complied with the related accounting policy and

necessary accounting has been done in respect of discount received in advance for

the un-expired period of the bills outstanding as at the year-end.

b) In case the bill-wise details are not made available and the amount of rebate is

material, report the fact in the audit report.

38


39/95


8. Other liabilities - Tax deducted at source

`Normally tax is deducted at source as per the Income Tax Act, 1961 in respect of

interest on term deposit, staff salaries, rent, professional charges and payments made

to the contractors, etc.

9. Other Liability - unrealized interest on NPA

a) This account is also referred to as Interest Suspense, De-recognized Interest, etc.

b) Generally the branches are required to maintain subsidiary ledger/register for

recording account-wise details of unrealized interest.

10. Other liabilities Others

a) This could include sundry deposits, staff security deposit, margin money and

statutory dues such as deduction of professional tax, provident fund, ESI, etc.

b) In respect of the statutory dues, ensure that proper reporting has been done in the

Tax Audit Report.

PART III: CONTINGENT LIABILITY

1. Claims against the Bank not acknowledged as debts

a) Generally this includes disputed amounts of lease rent, property tax, etc., in respect

of premises taken on lease.

b) Obtain suitable representation from the branch about the completeness of the

disclosure of such contingent liabilities.

2. Guarantees and acceptances, endorsements & other obligations

Obtain the list of un-expired guarantees and letters of credit. In case the list is not

made available, report the fact in the audit report.

PART IV: BILLS FOR COLLECTION (CONTRA ITEMS)

a) Obtain the list of bills /or collection (inward and outward) outstanding as at the

year-end and verify the same with the related registers maintained by the branch.

b) Ascertain that age of the outstanding bills and the reasons for old items.

39


40/95


SPECIFIC AUDIT APPROACH FOR MAJOR ITEMS OF PROFIT AND LOSS

ACCOUNT

PART I: INCOME

1. Interest/discount on advances/bills

a) Evaluate the overall effectiveness of internal controls through the reports of

concurrent auditors and other agencies.

b) Ascertain the nature and the extent of revenue leakage detected by the

concurrent auditors.

c) Ascertain that the branch has complied with HO instructions for recognizing

penal interest and overdue interest.

2. Other income - commission, exchange and brokerage

a) It normally includes commission/exchange on letters of credit, guarantees,

remittances and transfer of funds through DD, TT, MT, etc., bills for collection and

Government business.

b) Ensure that the branch has complied with the provisions of Service Tax and

other taxes applicable on services.

3. Other income - profit on sale of fixed assets

a) It normally includes profit or loss (net) on sale of motor vehicle, furniture and

fixtures, computers and other fixed assets held by the branch.

b) Ensure that proper accounting has been done for the depreciation till the date

of disposal as per the accounting policy framed by the bank.

4. Other income - miscellaneous income

a) It normally includes locker rent, recovery of godown rent, income from bank's

property, security charges, etc.

b) In case locker rent is recovered in advance for a year or more, ensure that the

same is properly apportioned on time period basis or as per the accounting policy

advised by HO.

PART II: EXPENDITURE

1. Interest on deposits

a) Evaluate the overall effectiveness of internal controls through the reports of

concurrent auditors and other agencies.

b) Obtain copies of applicable interest rate circulars issued by HO and verify the

rate applied for certain deposit accounts. More emphasis should be given to changes

40


41/95


in the rates, premature closures, back-dated renewals, high value deposits, short-

term deposits, staff deposits, special category of deposits, tax deduction at source,

etc.

2. Salary & allowances to staff

a) Generally monthly salary and allowances to staff are processed centrally

either at RO or at any other main branches and the related records are also

maintained there. The monthly salary sheets are then passed on to the

respective branches and the payment is made by those branches. In such a situation,

it must be ensured that the branch has properly accounted the payments for the

entire year.

3. Rent

a) Obtain the details of the rented premises used by the branch either for the

branch operations or for the officers/managers and the copies of the rent

agreements.

b) In case the lessor has availed loan against the rent payable by the branch ensure

that the rent is properly appropriated towards the loan outstanding.

4. Electricity

a) Obtain the details of connections that are used for the branch premises and for

the staff premises.

b) Ensure that the payment is made as per the original bills held by the branch.

5. Printing & stationery

Generally HO or any centralised department of the bank ! supplies major

stationery items like security items, etc., to the branches. At branch level, these items are

recorded in the memorandum registers for the purpose of internal control. In case these

items are recorded in the main books, ensure that the same are properly accounted as per

the advices received from the HO.

6. Depreciation

a) Ensure that the depreciation has been charged as per the rates and the method

prescribed in the HO instructions especially with reference to additions and

deletions during the year. More emphasis should be given to inter branch transfer of

assets and the depreciation thereon.

41


42/95


b) Generally the branches commit mistakes in identifying revenue and capital

expenditure. In case such mistakes are observed during the course of audit, it is

advisable to identify the corresponding impact on the depreciation.

7. Legal charges

Ensure that these payments are made on the basis of the bills and other supporting

documents. More emphasis should be given to the approval/sanction of higher authorities

required for making such payments.

8. Postage, telegram & telephone

a) Obtain the list of telephone connections used in the branch premises and

residential premises of the staff, as per the policy of the bank.

c) Ensure that the payments are made as per the original bills held by the branch.

9. Repairs & Maintenance

Normally it includes expenditure incurred on repairs and maintenance of vehicles,

furniture, fixtures, premises, etc., and annual maintenance contracts (AMC) for

computers, air conditioners, etc.

10. Insurance

a) Normally it includes expenditure incurred on insurance of office equipments

installed at the branch like computers, air conditioners, etc.

d) Obtain the details of insurance policies, if any, held by the branch.

11. Other expenditure

It includes all other expenditure including professional charges, concurrent audit fees,

etc., that is not included in any of the specific heads.

42


43/95


44/95


PART III: IMPORTANT ASPECTS OF PRUDENTIAL NORMS

While verifying compliance of the prudential norms issued by RBI give more

emphasis on:

a) Operations in the accounts of the borrower.

b) Possibility of window dressing in the account.

c) Reversal of unrealised interest.

d) Identification of the date of NPA.

e) Valuation of security.

f) Accounts upgraded from NPA category to standard category.

g) Potential NPA.

h) Standard accounts with lowest credit rating

i) Standard accounts with negative net worth/under BIFR.

j) Asset classification by the other consortium members.

PRUDENTIAL NORMS ON ASSET CLASSIFICATION, INCOME

RECOGNITION AND PROVISIONING

I. VERIFICATION OF COMPUTERIZED CLOSING RETURNS

a) Presently many of the banks are using customised software for generation of master

summary and account-wise report on asset classification, income recognition and

provisioning. Such software facilitates more accuracy and consistency in compilation

of data on prudential norms, provided the same are thoroughly tested and approved.

b) As regards the system generated returns it is important to note that these returns do

not substitute the normal audit procedures that are to be performed by the auditor.

These returns only facilitate the audit to certain extent and hence the same must be

accepted after performing normal audit procedures.

c) Generally the system-generated returns contain lot of information that may be

relevant only for the purpose of management information. As this information is not

to be audited, it is advisable to state the fact in the relevant return that is to be

certified.

II. SALIENT FEATURES

1. Non-performing Assets :

44


45/95


a) An asset, including a leased asset, becomes non-performing when it ceases to generate

income for the bank. In other words, a non-performing asset (NPA) shall be a loan or

an advance where;

I) Interest and/ or installments of principal remain overdue for a period of more than

90 days in respect of a term loan;

II) The account remains 'out of order' as indicated below, in respect of an

Overdraft/Cash Credit (OD/CC);

III) The bill remains overdue for a period of more than 90 days in the case of bills

purchased and discounted;

IV) Interest and/or installment of principal remains overdue for two harvest seasons

but for a period not exceeding two half years in the case of an advance granted for

agricultural purposes; and

V) Any amount to be received remains overdue for a period of more than 90 days in

respect of other accounts.

e) The credit facilities backed by guarantee of the Central Government though overdue

may be treated as NPA only when the Government repudiates its guarantee when

invoked.

f) An account where the regular/ad hoc credit limits have not been reviewed/renewed

within 180 days from the due date/ date of ad hoc sanction will be treated as NPA.

d) In respect of accounts where there is potential threat of recovery due to erosion in the

value of security or no availability of security and existence of other factors, say,

fraud committed by the borrower, etc., the account should be classified as doubtful

asset or loss asset as appropriate, irrespective of the period for which it remained as

NPA.

2. Out of order

An account should be treated as 'out of order' if the outstanding balance remains

continuously in excess of the sanctioned limit/ drawing power. In cases where the

outstanding balance in the principal operating account is less than the sanctioned limit/

drawing power, but there are no credits continuously for 90 days as on the date of

Balance Sheet or credits are not enough to cover the interest debited during the same

period, these accounts should be treated as 'out of order'.

45


46/95


47/95


c) There is no objection to the banks using their own discretion in debiting interest

to an NPA account taking the same to Interest Suspense Account or maintaining

only a record of such interest in memorandum accounts.

5. Provisioning

Minimum Provision

a) Standard Asset:

The banks should make a general provision of a minimum of 0.25 per cent on

standard assets on global loan portfolio basis.

b) Sub-standard Asset:

A general provision of 10 per cent on total outstanding should be made without

making any allowance for DICGC/ECGC guarantee cover and securities available.

The 'unsecured exposures' that are identified as 'substandard' would attract additional

provision of 10 per cent, i.e., a total of20 per cent on the outstanding balance. Unsecured

exposure is defined, as an exposure where the realisable value of the security, as assessed

by the bank/ approved valuers/Reserve Bank's Inspecting Officers, is not more than 10

per cent, ab-initio,of the outstanding exposure. 'Exposure' shall include all funded and

non-funded exposures (including underwriting and similar commitments).

c) Doubtful Asset:

i) 100 per cent of the extent to which the advance is not covered by the realisable

value of the security to which the bank has a valid recourse and the realisable value is

estimated on a realistic basis.

ii) In respect of the secured portion, provision has to be made on the following basis

at the rates ranging from 20 per cent to 100 per cent of the secured portion depending

upon the period for which the asset has remained doubtful.

47


48/95


Period for the asset has remained in

doubtful category

Provision to be made (%)

Up to 1 year (Dl category)

More than 1 year but less than 3 years (D2

category)

More than 3 years (D3 category)

a) Outstanding in D3 category as on

31/03/2004

b) Classified in D3 category on or after

1/04/2004

20

30

50 (as on 31/03/2004)

60 with effect from 31/03/2005




iii) Banks are permitted to phase the additional provisioning consequent upon the

reduction in the transition period from sub-standard to doubtful asset from 18 to 12

months over a four-year period commencing from the year ending March 31, 2005, with a

minimum of 20 % each year.

Floating Provision

Some of the banks make a 'floating provision' over and above the specific

provisions made in respect of accounts identified as NPA. The floating provisions,

wherever available, could be set-off against minimum provisions as per above stated

provisioning guidelines. Considering that higher loan loss provisioning adds to the overall

financial strength of the banks and the stability of the financial sector, banks are urged to

voluntarily set apart provisions much above the minimum prudential levels as a desirable

practice.

Treatment of Interest Suspense AccountAmounts held in Interest Suspense Account should not be reckoned as part of

provisions. Amounts lying in the Interest Suspense Account should be deducted from the

relative advances and thereafter, provisioning as per the norms, should be made on the

balances after such deduction.

Advances Covered By ECGC

In the case of advances guaranteed by ECGC, provision should be made only for

the balance in excess of the amount guaranteed by ECGC. Further, while arriving at the

provision required to be made for doubtful assets, realisable value of the securities should

48


49/95


first be deducted from the outstanding balance in respect of the amount guaranteed by

ECGC and then provision made.

IMPORTANT ASPECTS

1. Advances under consortium arrangement

Asset classification of accounts under consortium should be based on the record of

recovery of the individual member banks and other aspects having a bearing on the

recoverability of the advances.

The banks participating in the consortium should, therefore, arrange to get their share of

recovery transferred from the lead bank or get an express consent from the lead bank for

the transfer of their share of recovery, to ensure proper asset classification in their

respective books.

2. Accounts where there is erosion in the value of security

i) An NPA need not go through the various stages of classification in cases of serious

credit impairment and such assets should be straightaway classified as doubtful or loss

asset as appropriate. Erosion in the value of security can be reckoned as significant

when the realisable value of the security is less than 50 per cent of the value assessed by

the bank or accepted by RBI at the time of last inspection, as the case may be. Such

NPA may be straightaway classified under doubtful category and provisioning should

be made as applicable to doubtful assets.

ii) If the realisable value of the security, as assessed by the bank/ approved valuers/RBI is

less than 10 per cent of the outstanding in the accounts, the existence of security should

be ignored and the asset should be straightaway classified as loss asset. It may be either

written off or fully provided for by the bank.

3. Loans with moratorium for payment of interest

In the case of housing loan or similar advances granted to staff members where

interest is payable after recovery of principal, interest need not be considered as overdue

from the first quarter onwards. Such loans/advances should be classified as NPA only

when there is a default in repayment of installment of principal or payment of interest on

the respective due dates.

4. Agricultural advances

A loan granted for short duration crops will be treated as NPA, if the installment of

principal or interest thereon remains overdue for two crop seasons. A loan granted for

long duration crops will be treated as NPA, if the installment of principal or interest

thereon remains overdue for one crop season.

49


50/95


4

TECHNOLOGY IN BANK AUDIT

AUDITING IN COMPUTERISED ENVIRONMENT

SYSTEM AUDIT

USE OF CAAT TOOLS : IDEA 2004

50


51/95


AUDITING INCOMPUTERISED ENVIRONMENT

Technology and its progress has often been linked to progress of civilization.

From the time man learnt to control fire to the iron and Bronze Age, we have notedthat the control over inventions like guns and cannons have given certain civilizations

the upper hand over the ones they conquered. It is not necessary for the inventions and

progress to be restricted to the field of military or defence. Progress in Banking is an

equal parameter of the cultural development of a civilization and like any other field;

this sector is not spared from the technical revolution, which has taken over other

sectors. This delves into the necessity of value added APPROACH to the traditional

audit and not solely dependent on the system auditors. These approaches are general

and can be applied to any environment whether LAN Branch or a core banking

situation.

Is the burden shifted to the system auditor?

There is unlikely any professional who will take this stand of shifting the burden

to the other auditor. There are a few checks you can do without undergoing intensive

training and examination! Please note that the computer system environment referred to

here is a minimum of LAN (Local Area Network) or even a Core system where the data

hub is at a Central Location and the branches/offices are connected to this data hub

despite being many cities away. Apart from the large corporations and multinationals,

many Banks, even large co-operative Banks have taken this option. Even the branch

auditor, thus, has to take certain precautions to ensure he gives justice to his work.

51


52/95


PHYSICAL

ACCESS

CONTROL

In case the site is a LAN, the Server should be secure since thesoftware and data is located in this device. Access to theServer room should be restricted and only senior managementshould permit 'outsiders' like software and hardware vendors

to enter the server room. Many of the frauds that have alreadyoccurred in India would have been prevented only if thisaccess was closely monitored.

ENVIRONMENTAL

SECURITY

Apart from protecting the server from bad intentionedpersons, we have to ensure it is protected from accidents offire and water by installation of smoke alarms in the serverroom and extinguishers outside the server room. In case ofcore banking, the devices used for communication should beaccorded the status of protection of the server.

SAFEGUARDING

OF ASSETS -UPS

Computers require electrical power for working and when the

environment is live, work comes to a standstill unless power isprovided though a UPS (Uninterrupted Power Supply) Thishas battery bank and is activated immediately when the powerfails providing a continuous power without any interruption.These machines heat when generating power and if properventilation is not provided, these UPS will provide service forshorter durations not only compromising the work but alsowasting the investment of the company. Simple rules ofmaintenance should also be followed and monitored.

OPERATING

SYSTEMCONTROLS

While all pay attention to the application software access,

many forget to police the access to the operating system. Filecopy, deletion even data manipulation (especially underdatabase environments) etc. are some potential disasters thatare possible unless controlled. You will have to ensure that thecompany holds the original license for using the operatingsystem software. Ensure whether the original OperatingSystem Media supplied by the vendor is available in theCompany. This is necessary to ensure reloading in case ofaccidental corruption. Only if the company has the system canit be loaded without waiting for the vendor's representative.

APPLICATIONSYSTEM

CONTROL

The application developed for the company should be encodedand not left in a manner that can be re-programmed by theuser. This will enable any person knowing a bit of

programming of that language to design trapdoors for fraudand these are later very difficult to identify. Over here,'Prevention is easier than the cure'.

52


53/95


PASSWORD AND

ACCESS

CONTROL

Password control is the 'logical' access to the computer. Thesystem should have passwords and these should be demanded

by the system to changed frequently ensuring that the lastpassword is not accepted, (not accepting last 12 is the least)Along with this, the 'internal control' should be ensured by the

system ensuring that the person creating the voucher shouldnot be permitted to authorize the voucher and withoutauthorization, no voucher (other than system generated vouch-ers) should be accepted by the system. The corollary of thisrequirement is to ensure (check) that each user has only oneidentity in the system otherwise one person will take theidentity of the clerk and with a change in short name takeanother identity of an officer thus effectively compromisingthe system.

Checklist for Audit of Computerized Operations

ENVIRONMENT

1. Securing thecomputers

The machines should be locked at the end of the day. Ensure thateither the furniture, which is adjusted for locking, is locked or thatthe hardware lock of the computer is used. This is a simple pointoften ignored. Unlocked computer means any one can start it andthe only hurdle after that is the password. Poor passwordmaintenance further compounds risk of unlocked computers.

2. Securingduringoperations

During computer operations especially during service hours, it isnot uncommon for the operator to leave his/her seat. The operatorand thus you as an auditor should ensure that the operator either

exits form the system or leaves it at a point where it cannot proceedwithout a password.

Password

Password is a key to something more valuable than cash - data

No. Check for Discussion on checkpoint

1, Passwordallotment

register

When a password is allotted, entry is made in this register. This issimilar to the key register where entries are made at time of giving

keys. Check here whether the password level is also specified.Authority to give password is to the branch manager and those whohold supervisor password.

2. PasswordChangeregister

Where software does not control change in password (where notonly warnings are given but user is disabled unless the password ischanged after specified date) a register has to be shown to you withdates of change of password. In absence of this register, you do nothave evidence that the passwords are changed frequently.

3. Two tothree

supervisorsonly

Supervisor password level permits the holder of this passwordunlimited access. Ensure there are a minimum of two and a

maximum of three such holders. Check the systems and proceduremanual of the Bank in case they specify a different figure.

53


54/95


55/95


OBJECTIVES OF SYSTEMS AUDIT

The basic objectives of Systems Audit are to ensure:

a) The assets are safeguarded in the system

b)Data integrity is maintained throughout the system

c) Organisational goals are effectively achieved by the system

d)Resources in the system are being consumed efficiently

Computer System Vs. Manual System

Any system, manual or computerised, must have some internal controls. These

internal controls ensure Asset Safeguarding, Data Integrity, Achievement

of Organisational Goals and Efficient Consumption of Resources within the

Organisation. However, nature of these internal controls and their

implementation may vary widely in Manual System and Computerised

System, for the following factors:

a) Separation of duties

b)Authority and responsibility

c) Dependable and skilled personnel

d)Authorisation

e)Availability of documents and records

f) Custody of assets and records

g)Management by supervisio

h)Verification of performance

Assessment of Controls :

In any system, controls play a very important role. They reduce possible losses by reducing

probabilities of component failure and also by reducing the amount of losses, if component

fails at all.

Auditor's task in a computerised system is complex because number and range of controls

are increased. A systems auditor should assess the following controls:

55


56/95


CONTROL CONTROL FUNCTIONS

To ensure correct identification of

objects

(e.g. the users, programs) by the system

To ensure correctness of data and accurate

processing in the system

To ensure protection

Projects on bank audit

Documents

Transcript of Projects on bank audit