Bank Branch Audit under Core Banking System Hosted by Hyderabad Branch of SIRC of ICAI

Bank Branch Audit under Core Banking System

Hosted by Hyderabad Branch of SIRC of ICAI

CA. Kuntal Shah, Ahmedabad 2

Table of Contents

Softwares used by Banking Industry Traditional Auditing Approach Auditing through CBS

What is Core Banking System? Some basic concepts of CBS Audit activity through CBS (Case Specific)

Audit through “Finacle” Software Capital Adequacy / Risk Weighted Assets and

Credit Risk Calculation Certification


Softwares used by Banking Industry

Base Software: Core Banking Software

Add-on Softwares for, Credit Risk Calculation as per Basel – II Norms Risk Weighted Assets / Capital Adequacy

Computation Asset Classification and NPA Provisioning

computation Classification of Priority / Non-priority / Sensitive

Sector Advances


Table of Contents






Traditional Auditing Approach

Verification of Documents Physically

Availability of Hard Copies for each transaction

Number of Transactions for Audit

In nutshell

“Computerization does not affect Audit objectives. It only requires change in Audit Methodology.”


Table of Contents






Auditing through CBS

Understand the Core Banking Software Review Internal Controls in CBS Carry out Risk Assessment (viz. Manual Interventions

in transaction processing, Modification of Master Data without proper documentations, Lack / non availability of Audit Trail)

Review Transaction Flow & Audit Trails Apply Exception Approach Determine Sample Size based on review Carry out substantive procedures in & around CBS Documentation of Audit Procedures Prepare report on Audit Findings and prepare final

Report


What is Core Banking System?

Centralised Database

Transactions take place at various locations

Updation of Central Database on Real Time Basis

Report Generation at Back-End

Access Control


What is CBS – An Overview

Central Server

Phone Banking

Internet Banking

Mobile Banking

Branch

Back Office

ATM Switch

Data Warehouse Credit-Card

System


Table of Contents






Core Banking System - Concepts

Master Level Configuration

Account Level Configuration

Separate series of Account Nos. for different Types of Accounts E.g. An Account No. 0099 05 014678 – is made

up of Branch Code i.e. “0099”, Account Type – “05” say Current Account and Account No. – “014678”

Auditor should seek details of formation of Account No. during discussion with Branch Head.

Cont…


Core Banking System - Concepts Interest Calculation and Application Maker – Checker Concept (Different Stages for a

Transaction)Created by, Entered by, Authorised by, Posted by, Modified by, Deleted by

SOL ID & SET ID Concept (SOL – Service OutLet ID i.e. Branch, Back

Office etc.) (SET ID – Branch / Back Office who initiated the transaction)

Pointing Type Office Accounts Auto generation of Exception Reports at EOD Generation of various Tailor-made Reports from

Back-End / MIS Server


What is CBS – Auditors’ Checklist

Document list of Softwares, Applications and interface details associated with CBS

Review Usage Manual (if available at Branch) or Document Software navigation options and Menu Codes.

Document list of Reports available in CBS and its menu codes.

Review Exception Reports / MIS Reports generated by Data Center.


Table of Contents






Audit Activity through CBS

Customer Master Level and Account Level Updations for Loans / CC Accounts What to verify?

Interest Parameters (Regular & Penal Interest) Repayment Instructions Standing Instructions (SI) Parameters DP / SL monitoring Customer wise Limit Lookup Stock / Debtors Statements Tracking and

calculation of DP

When to verify? At the time of verification of Documents for

Advance



Analysis of Advance Accounts What to verify?

Turnover of CC Account based on Borrower’s Business profile

In case of Loan accounts ACTUAL recovery of Installments and Interest

When to verify? After / during verification of Advances

Documentation



NPA Analysis What to verify?

Reports on NPA and Probable NPA generated (if any) from CBS or CIS (Credit Information System)

NPA Account, Probable NPA Account, Other Advance Accounts with some irregularities: Transactions & Account Scrutiny for Correct Classification


Documentation



NPA Account Verification What to verify?

Classification of NPA Date of NPA Calculation of Provisioning (out of

System) Reversal of Revenue charged


Documentation



Security details updation What to verify?

Whether Lien is marked in System for Fixed Deposits Accounts?

Whether details of security obtained are mentioned in Master Details?


Documentation



Office Accounts (Inter Branch) Accounts What to verify?

Entries outstanding in Office Accounts as on date.

Long Outstanding entries. Improper reversal of Office Account

entries

When to verify? During verification of LFAR Compliance



TDS Related Records What to verify?

Debit to Charges Accounts and relevant entries to TDS Account.

Reversals in TDS Account. Whether by Constructive Payment or otherwise?

Account Code List / Name of Expense (charges) accounts Liable for TDS should be obtained from BM

When to verify? During verification of Income Tax

Compliance



Fixed Assets & Depreciation Entries What to verify?

Verify Calculation of Depreciation (mostly done out of the system)

Entries passed in FA Accounts Check Repairs & Maint. A/c and other

relative account for entries pertaining to Purchase of New Fixed Asset

When to verify? During verification of Income Tax

Compliance



Logical Access Controls: Creation / Deletion / Amendment in User

Profile, Powers done centrally. If not, verify the compliances as follows. Records for User – ID Creation properly

maintained? Records for Deletion of user-ID with proper

authorisation available? Other issues like security of password,

compulsory change of password, Transaction Limit for employees etc.



Output Controls: Whether Hard copies of Accounts available? Whether such reports are signed?

Security of Data: Whether the encryption software is available in

Server / Backup Server (If data is stored) Whether the computers are having Antivirus

Software? Whether the AV Software is updated on regular

basis?



Backups Important Activity for Non CBS Branches Backup should be stored on Off-site Location Backup should have been tested at periodical

intervals Backup Register should be maintained



Auto Generated Reports Exception Report:

Reports for the month end and two days prior and after month end should be verified.

Exceptions of following natures should be closely verified.– Balance exceeded Account Limit– Manual debits to Income Account– Value Dated Transactions– Manual entry for SI Failure cases– Instrument passed against Clearing



Irregularity Report: Reports for the month end and two days prior

and after month end should be verified. Report contains details of Accounts where

Balance in Accounts are greater than the Limits Sanctioned. Check whether the same is due to,– Application of Interest– Granting of Intra Day TOD– Passing of Instruments against Clearing Effects



Accounts where Interest Code is ‘0’: Interest will not be charged from Accounts

where Interest Code is selected as ‘0’. Hence, a detailed checking is required. Possible reasons can be,– Whether NPA Account– Accounts with Moratorium?

Interest Collection Flag as “No”: If Interest Collection Flag is selected as “No”,

Software will not consider the account for calculation and entry for Debit Interest.



Debit Interest SI Failed Report: Failure of Standing Instruction for Debit Interest

should be closely verified. If the SI is failed the Account will not be debited for Interest. SI Failure can be for any reason like– Non availability of Balance in Account (In case of TOD in

Operative Account)– Non availability of Limit in Account– Technical Snag in execution

Whether Branch has manually passed the entry for all such cases should be verified.

Loan Installment SI Failed Report: Same as above



Report containing all Advance Accounts with Limits: Generally, CBS Software generate a Report

wherein details of all Advance Accounts are listed.

Excel can be used to verify cases of DP > SL, Margin Requirement etc.


Table of Contents






Finacle – Core Banking Software

Overview and Implementation Structure

Some features of Transaction processing

Audit Procedures and Menu Codes

Generation of Reports through Finacle


Finacle in IDBI Bank

Source: www.infosys.com


Finacle - Overview

Some of the Banks using Finacle are Bank of Baroda Bank of India Union Bank of India Canara Bank Federal Bank IDBI Bank ICICI Bank Axis Bank ABN Amro Vijaya Bank UCO Bank








Finacle - Features in Transaction Processing

Features: Each Transaction has unique Tran ID. Combination of Tran ID and Date of Transaction

is required to locate a Tran Tran Type, Sub Type are useful to Identify Nature

of Transaction (like Cash Deposit, Withdrawal) Facility of exploring a Tran during Account

Scrutiny [Drill Down Approach] - press CTRL + E on a Tran during scrutiny of Account.

Driven by various Inter-linked menus

Cont…


Finacle - Features in Transaction Processing (Cont…)

Pointing Type Office accounts (Useful in review of outstanding / part reversed Office Account entries)








Finacle – Audit Procedure

Verification Menu Code

Account Scrutiny ACLI

Customer Master CUMM

Account Level Inquiry ACM / ACI

Transaction Inquiry TI / TM

Fin. Tran. Inquiry – Criterion Search FTI

Inquire on Transaction (Office Accounts) IOT

Bills Module (Inland) BM

Foreign Bills Module – Single Case FBM

Foreign Bills Inquiry – Criterion Search FBI




Guarantee Inquiry GI

Query on Documentary Credits - Criterion Search DCQRY

Docu. Credits (LC) Maintenance Module ODCM

Account Search based on predefined Criteria – (May not be available or Slow)

ACS

TDS Inquiry TDSIP

Pending Installment List PLIST

Loan Overdue Position Inquiry LAOPI

Account Turnover Report ATOR




TOD Inquiry – Account specific ACTODI

List of Pending and Dishonored Bills FBPADB

The list is only for guidance and the menu codes may not be applicable in all the banks.









Report Generation Menu Code

Printing of Office Accounts ACLPOA

Bill Balancing Report – Based on GL Code BR

All Bills Balancing Report BRBPR

Foreign Bills Balancing Report FBBR

Exception Report EXCPRT


Table of Contents






Credit Risk / Risk Weighted Assets Computation

Various softwares for computation of Credit Risk / Risk Weighted Assets

CRisMAC by D2K Technologies The software is used by

Bank of Baroda Bank of Maharashtra Punjab National Bank The Bank of Rajasthan SBICI Vijaya Bank Dena Bank Deutsche Bank(Details as per Company’s website)


Features of Credit Risk / Risk Weighted Assets computation softwares

Asset classification and provision computation as per IRAC Guidelines

Sectorwise Asset Classification Credit Risk Calculation Risk Weighted Assets / Capital Adequacy

Calculation


Inconsistencies generally observed

Data as per one statement do not agree with the other statement E.g. Total amount of Advance figure as per

Balance Sheet do not agree with Sectorwise or Classification of Advancewise Report

Change in Date of NPA leading to incorrect Provisions

Borrowerwise Asset Classification not followed. Manual Intervention between CBS and Risk

Computation Software E.g. Security obtained for Advance Account

needs to be entered manually


Inconsistencies generally observed

Long Outstanding entries in Office Account / Sensitive Accounts

Routing of cash shortages / other manipulation through Office Account / Inter Branch / Sensitive Accounts

Improper reversal of entries of Sensitive Account leading to loss of Audit Trail E.g. Partial Reversal / Doubly reversal /

Reversal exceeding entry amount etc. Restructured (other than CDR) proper

updation not carried out in CBS / Risk Comp. Software

Thank You