cOntEntS · 10.5 Approach to Auditing in a CIS/Computerised Environment 302 10.6 The Control concerns arising from use of IT by Banks 303

I-13

cOntEntS

PAGE

Foreword I-3Recommended Reading I-5Syllabus I-7Chapter-heads I-11

MODULE A : INtrODUCtION AND typEs Of AUDIt

UNIT 1INTRODUCTION TO AUDITING AND TYPES OF AUDIT

1.1 Objectives 51.1.1 Introduction 51.1.2 Origin and Evolution 61.1.3 Definition of Auditing 81.1.4 Features of Auditing 91.1.5 Why is it important to have an audit ? 101.1.6 What is the main purpose of an audit ? 101.1.7 Scope of Audit 101.1.8 Objectives of Auditing 111.1.9 Advantages and inherent limitations of

Audit14

1.2 Types of Audit 161.3 Distinction between Accounting and Auditing 211.4 Distinction between Auditing and Investigation 221.5 Let us Sum up 23

I-14

PAGE

1.6 Key Words 231.7 Check your Progress 241.8 Answers to Check your Progress 25

UNIT 2BANK AUDIT AND VARIOUS TYPES OF AUDITS IN BANKS

2.0 Objectives 292.1 Bank Audit 29

2.1.1 Meaning 292.1.2 Introduction 292.1.3 Emergence of Risk-based Internal Audit

and its significance31

2.2 Types of Bank Audits 312.2.1 Concurrent audit 322.2.2 Internal Audit/Information Systems

Audit35

2.2.3 Statutory Audit 412.2.4 Various types of audit undertaken by

Banks (other than Concurrent Audit, Internal Audit & Statutory Audit)

44

2.3 Let us Sum up 522.4 Key Words 522.5 Check your Progress 522.6 Answer to Check your Progress 54

UNIT 3RISK-BASED SUPERVISION - A NEW APPROACH

3.0 Objectives 573.1.1 Introduction 57

CONTENTS

I-15

PAGE

3.1.2 Definition 583.1.3 Objectives of RBS 583.1.4 Focus of RBS 593.1.5 Reasons for switch over to RBS 593.1.6 Supervisory Tools 60

3.2 Risk Based Supervision - A Supervisory Programme for Assessment of Risk & Capital (SPARC)

61

3.2.1 SPARC Framework 613.2.2 Salient Features of SPARC 623.2.3 Stages in SPARC 633.2.4 Risk Discovery Process (RDy) 63

3.3 Integrated Risk and Impact Scoring(IRISc) Model

64

3.3.1 Scope 643.3.2 Functioning of IRISc Model 643.3.3 Supervisory Rating and Action/Inter-

vention matrix 65

3.3.4 Supervisory Capital Prescription 653.3.5 Supervisory Stance/Intervention 663.3.6 Revised Prompt Corrective Action

Framework66

3.4 Let us sum up 693.5 Key Words 703.6 Check your Progress 703.7 Answers to Check your Progress 72

MODULE b : INtErNAL AUDIt

UNIT 4INTERNAL AUDIT - ROLE IN OVERALL GOVERNANCE

4.0 Objectives 79

CONTENTS

I-16

PAGE

4.1 Internal Audit 794.2 Evolution of Internal Audit 804.3 Role of Internal Audit 824.4 Facets of Internal Audit 834.5 Latest Developments - Indian Scenario 834.6 Internal Audit as an invaluable source to the

Management and Audit Committee in Corpo-rate Governance Mechanism

87

4.7 Let us Sum up 874.8 Key Words 884.9 Check your Progress 884.10 Answers to Check your Progress 90

UNIT 5RISK-BASED INTERNAL AUDIT IN BANKS

5.0 Objectives 955.1 Introduction 955.2 What is risk-based auditing ? 965.3 Need for adoption of Risk Based Internal Audit

in Banks97

5.4 Objectives of Risk-based Internal Audit 985.5 Scope of Risk-based Internal Audit 985.6 Comparison of RBIA with Traditional Internal

Audit100

5.7 Reserve Bank of India (RBI)/Ministry of Finance, Govt. of India (MOF, GOI) Guidelines

103

5.8 Implementation of RBIA 1045.9 Standards for Internal Auditors 1175.10 Skills needed to perform Risk Based Internal

Audit117

5.11 Code of Ethics 118

CONTENTS

I-17

PAGE

5.12 Confidentiality 1185.13 Benefits and drawbacks of RBIA 1185.14 Difference between Functions of Risk Man-

agement Department (RMD) and Role of Risk Based Internal Audit (RBIA)

120


UNIT 6RISK BASED INTERNAL AUDIT PROCEDURES

6.0 Objectives 1376.1 The Internal Audit Process - Theory Part 137

6.1.1 Planning Process (Three stages) 1386.1.2 Planning Process - Procedure Part 1386.1.3 Execution Process - Theory Part 1406.1.4 Execution Process - Procedure Part 143

6.2 Risk-Based Internal Audit (RBIA) Policy for Branch Audit (Domestic)

143

6.2.1 RBIA documentation 1446.2.2 RBIA Procedure Document 1446.2.3 RBIA - Five Dimensions 1456.2.4 The methodology and the parameters

used for the assessing the risk rating of Branches

147

6.2.5 Usage of Risk Score 1536.2.6 Audit Prioritization/Updation of Risk

and Audit Universe (RAU)153

CONTENTS

I-18

PAGE

6.2.7 Developing an Internal Audit Plan and obtaining Approval of the Audit Com-mittee

153

6.2.8 Submission of RBIA Reports 1546.2.9 Compliance and Follow up for Com-

pliance of Audit Report, Updated Risk Profile

155

6.2.10 Level of Authority for closure of Audit Reports

156

6.3 Role of Audit Committee of the Board 1576.4 How to tackle difficult situations faced by the

Internal Auditors during the course of Internal Audit assignment ?

158

6.4.1 Modern Approach 1626.4.2 Case Study on Root Cause Analysis 163

6.5 Analytical Procedures 1676.5.1 Nature and purpose of Analytical

Procedures 168

6.5.2 Use of “data analytics” on the audit front 1696.6 The Way Forward Future of Audit 1706.7 ICAI’s Standards on Internal Audit (SIA) 1736.8 Let us Sum up 1776.9 Key Words 1786.10 Check your Progress 1786.11 Answers to Check your Progress 180

UNIT 7RISK MANAGEMENT

7.0 Objectives 1997.1 Definition of Internal Auditing & Risk Manage-

ment199

CONTENTS

I-19

PAGE

7.2 Relationship between Internal Audit and Risk Management

201

7.3 Risk Management Architecture 2027.3.1 An effective risk management system -

Requirements202

7.3.2 Risk focused approach 2087.4 Role of Internal Audit in Risk Management and

reporting areas on Management of Risks208

7.4.1 Internal Auditor’s Role 2097.4.2 Internal Audit Process 2107.4.3 What is the Organization’s ‘Risk Matu-

rity’ ?211


UNIT 8DATA ANALYTICS AND CONTINUOUS CONTROLS MONITORING

8.0 Objectives 2238.1 Introduction 2238.2 Data analytics for business decision making 224

8.2.1 Business side of Analytics 2258.2.2 Audit side of Analytics 227

8.3 Computer aided audit techniques (CAATs) 2278.3.1 Data analytics matrix 2328.3.2 The different types of CAATs 233

CONTENTS

I-20

PAGE

8.3.3 Three types of General Audit Software for Data Analysis

234

8.3.4 Benford’s Law of Digital Analysis - Law of expected digital frequencies

234

8.4 Continuous Controls Monitoring and Continu-ous Auditing

236

8.4.1 Need for Continuous controls monitor-ing and Continuous auditing

237

8.4.2 How to best implement continuous auditing to benefit the organization?

238

8.4.3 Difference in Continuous Monitoring and Continuous Auditing

238

8.4.4 Benefits of Continuous Monitoring and Continuous Auditing

239


MODULE C : AUDIt IN COMpUtErIsED ENvIrONMENt

UNIT 9AUDIT IN COMPUTERISED INFORMATION SYSTEM (CIS) ENVIRONMENT - AN INTRODUCTION

9.0 Objectives 2559.1 Understanding CIS Environment 255

9.1.1 Introduction 2559.1.2 Definition and Meaning of Terminolo-

gy used257

CONTENTS

I-21

PAGE

9.1.3 Difference between Data and Informa-tion

258

9.1.4 Relationship between Systems 2599.2 CIS Auditing Objectives 2599.3 Scope of Audit in CIS Environment/Impact of

CIS on Auditing259

9.4 Impact of changes on Business Process (Due to Automation)

264

9.5 Impact of changes on data processing, sharing & storage/file system and organizational structure & Internal Control base

266

9.6 Impact of changes in business process, data pro-cessing & storage/file system on auditing

271

9.7 Audit Approach in CIS Environment 2729.8 Auditing Standards 2759.9 Let us Sum up 2799.10 Key Words 2809.11 Check your Progress 2809.12 Answers to Check your Progress 282

UNIT 10AUDIT IN COMPUTERISED ENVIRONMENT

10.0 Objectives 28510.1 Introduction 285

10.1.1 Types of Computer Systems 28610.1.2 Classification of Computer Systems and

its description286

10.2 Effects of Computers on Internal Control and Auditing

291

10.2.1 Effects of Computers on Internal Con-trol

291

10.2.2 Effects of Computers on Audit 295

CONTENTS

I-22

PAGE

10.3 Internal Controls in a CIS/Computerised Envi-ronment

296

10.3.1 Consideration of Controls Attributes by the Auditors

298

10.4 Internal Control Requirements under CIS/Com-puterised Environment

299

10.5 Approach to Auditing in a CIS/Computerised Environment

302

10.6 The Control concerns arising from use of IT by Banks

303

10.7 RBI guidelines on conduct of is Audit suitable to the IT environment

305

10.8 Various Circulars issued by RBI on matters per-taining to Risk Management & Controls in CIS environment

306


MODULE D : AUDIt AspECts Of fINANCIAL stAtEMENts Of bANks

UNIT 11AUDIT ASPECTS OF ADVANCES

11.0 Objectives 31711.1 Introduction 317

11.1.1 Amounts disclosed in the Balance Sheet under the head ‘Advances’

317

11.1.2 Balance Sheet Disclosure 318

CONTENTS

I-23

PAGE

11.1.3 Classification of Advances as per RBI Prudential Norms

320

11.2 Audit of Advances - Audit Approach in general 32111.2.1 Gist of areas covered by auditors 32111.2.2 Audit procedures generally adopted by

the auditor in case of Audit of Advances321

11.2.3 Substantive Procedures 32411.3 Audit of Agriculture Advances 325

11.3.1 Type of Agriculture Advances 32511.3.2 NPA Norms - Agricultural Advances 32611.3.3 Agriculture Advances affected by Natu-

ral Calamities327

11.3.4 Audit approach for Agriculture Advances

327

11.4 Audit of Advances - Other than Agriculture Advances

329

11.4.1 Nature & Type of advances (other than Agriculture)

329

11.4.2 Regulatory Aspects 33111.4.3 Audit of advances (other than Agricul-

ture Advances) procedures336

11.4.4 How to Plan comprehensive coverage of advances

337

11.4.5 Computation of Drawing Power/Limits in respect of stocks hypothecated

338

11.4.6 Long Form Audit Report (LFAR) 33911.4.7 Examining the validity of Recorded

Amounts340

11.4.8 Examination of Loan Documents 34011.4.9 Review of operation of account 341

CONTENTS

I-24

PAGE

11.4.10 Inter Bank Participation Certificates (IBPCs)

342

11.4.11 Verification of Security against Advances

342

11.4.12 Examination of Advances classified as ‘Secured’

345

11.4.13 Verification of different types of securi-ties against advances generally accepted by Banks

346

11.5 Verification of Provision for Non-performing assets

347

11.5.1 Asset Classification 34711.5.2 Drawing Power Calculation 35011.5.3 Lending under Consortium Arrange-

ment/Multiple Banking Arrangements350

11.5.4 Retail Assets 35111.5.5 Restructuring of cases 35111.5.6 Audit procedure for accounts falling

under CDR Programme353

11.5.7 Scheme for Sustainable Structuring of Stressed Assets (S4A)

354

11.5.8 Resolution of Stressed Assets - Revised Framework

354

11.5.9 Non-applicability of the guidelines on revised framework for resolution of stressed assets issued by RBI on 12/02/2018

357

11.5.10 Sale/Purchase of NPAs 35711.6 Let us Sum up 35811.7 Key Words 35911.8 Check your Progress 36011.9 Answers to Check your Progress 362

CONTENTS

I-25

PAGE

UNIT 12AUDIT ASPECTS OF BANK’S FINANCIAL STATEMENTS - ASSETS SIDE (OTHER THAN ADVANCES)

12.0 Objectives 36712.1 Disclosure requirement under Banking Regula-

tion Act, 1949367

12.1.1 Introduction 36712.1.2 Balance Sheet Disclosure 36812.1.3 Balances with RBI and with other Banks 36912.1.4 Money at call and short notice 37012.1.5 Fixed Assets 37012.1.6 Other Assets 371

12.2 Audit Approach/Procedures 37212.3 Let us Sum up 38612.4 Key Words 38612.5 Check your Progress 38712.6 Answers to Check your Progress 389

UNIT 13AUDIT ASPECTS OF CAPITAL, RESERVES & SURPLUS AND BORROWINGS & DEPOSITS

13.0 Objectives 39313.1 Introduction 39313.2 Balance Sheet Disclosure 39313.3 Contents of Schedules 1 and 2 (Capital and

Reserves & Surplus)396

13.4 Audit Approach and Procedures 40513.5 Let us Sum up 41013.6 Key Words 410

CONTENTS

I-26

PAGE

13.7 Check your Progress 41013.8 Answers to Check your Progress 412

UNIT 14AUDIT ASPECTS OF OTHER LIABILITIES & PROVISIONS AND CONTINGENT LIABILITIES

14.0 Objectives 41714.1 Other liabilities and provisions and contingent

liabilities417

14.1.1 Introduction 41714.1.2 Balance Sheet Disclosure 418

14.2 Contents of Schedules 5 and 12 and their au-thentication

418

14.2.1 Schedule 5 - Other Liabilities and Pro-visions

418

14.2.2 Schedule 12 - Contingent Liabilities 42014.2.3 Bills for Collection 422

14.3 Audit Approach and Procedures 42314.3.1 Schedule 5 - Other Liabilities and Pro-

visions423

14.3.2 Schedule 12 - Contingent Liabilities 42314.3.3 Bills for Collection 427


UNIT 15AUDIT ASPECT OF TREASURY OPERATIONS - FOREX & DERIVATIVE TRANSACTIONS

15.0 Objectives 433

CONTENTS

I-27

PAGE

15.1 Overview of Treasury Operations in a Bank 43315.1.1 Core functions of Treasury Operations 43315.1.2 Increasing Regulation and Compliance

Requirements434

15.2 Investments (Schedule 8) 43515.2.1 Disclosure requirements 43515.2.2 Statutory and Regulatory Requirements 43615.2.3 Legal Requirements 43815.2.4 Guidelines of the RBI regarding transac-

tions in Securities439

15.2.5 Audit Approach and Procedures (Invest-ments)

440

15.3 Classification of Investments as NPI/Income Re- cognition Norms

445

15.3.1 Non-Performing Investments (NPI) 44515.3.2 Classification of Govt. Guaranteed In-

vestments as NPI446

15.3.3 Audit Aspects (NPI) 44615.3.4 Income Recognition (Investments) 447

15.4 Forex and Derivatives 44815.4.1 RBI Guidelines on Derivatives 44815.4.2 Audit Approach (Forex & Derivatives) 450

15.5 CRR and SLR requirements under B.R. Act, 1949 45715.5.1 Compliance with CRR and SLR require-

ments457

15.5.2 Audit Approach and Procedures 45915.6 Let us Sum up 46015.7 Key Words 46115.8 Check your Progress 46115.9 Answers to Check your Progress 463

CONTENTS

I-28

PAGE

UNIT 16AUDIT ASPECTS OF PROFIT AND LOSS ACCOUNT

16.0 Objectives 46716.1 Preparation of Profit and Loss Account in Pre-

scribed Format467

16.1.1 Introduction 46716.1.2 Disclosures 46716.1.3 Accounting Policies/Accounting Stan-

dards468

16.2 Contents of Various Schedules to Form B 46916.3 Audit Approach and Procedures 470

16.3.1 Audit procedures in case of income and expenditure

471


UNIT 17DISCLOSURE REQUIREMENTS IN FINANCIAL STATEMENTS

17.0 Objectives 48917.1 Importance of ‘Disclosures’ in financial statements 489

17.1.1 Introduction 48917.1.2 Classification of Disclosure Requirements 49017.1.3 Minimum Disclosures prescribed by RBI 49017.1.4 Disclosure Required under Accounting

Standards (AS)490

CONTENTS

I-29

PAGE

17.1.5 Requirements of statutes 49117.1.6 Requirements of Listing Agreement 491

17.2 Presentation (Schedules 17 & 18) 49117.3 Audit Approach 49617.4 Let us Sum up 49717.5 Key Words 49817.6 Check your Progress 49917.7 Answers to Check your Progress 501

UNIT 18AUDIT ASPECTS OF CONSOLIDATION OF BRANCH ACCOUNTS

18.0 Objectives 50518.1 Consolidation of Branch Accounts 505

18.1.1 Introduction 50518.1.2 Process of Consolidation 506

18.2 Audit Approach 50718.2.1 Audit Approach at RO/ZO level 50718.2.2 Audit Approach to be followed by Finan-

cial Statements Consolidating Auditor507

18.2.3 Audit Approach to be followed by the Statutory Central Auditors

507

18.2.4 Consolidation of Overseas Branches’ Financial Statements

508


CONTENTS

I-30

PAGE

UNIT 19AUDIT ASPECTS OF CONSOLIDATION OF FINANCIAL STATEMENTS

19.0 Objective 51519.1 Guidelines on Consolidated Accounting/Consoli-

dated Supervision515

19.1.1 Introduction 51519.1.2 Consolidated Financial Statements (CFS) 51519.1.3 Components of Consolidated Financial

Statements (CFS)516

19.1.4 Format of Consolidated Financial State-ments (CFS)

516

19.1.5 Responsibility of a Bank 51719.1.6 Responsibility of the Statutory Central

Auditor517

19.2 Audit Approach and Procedures 51819.3 Let us Sum up 52019.4 Key Words 52119.5 Check your Progress 52119.6 Answers to Check your Progress 522

UNIT 20AUDIT ASPECT OF INTER-OFFICE TRANSAC-TIONS

20.0 Objectives 52720.1 Inter-Office Transactions 527

20.1.1 Introduction 52720.1.2 Major transactions which occur between

Branches and HO527

CONTENTS

I-31

PAGE

20.1.3 Major types of error in inter-Branch Transactions

528

20.2 Audit Approach/Procedures 52920.3 Let us Sum up 53220.4 Key Words 53320.5 Check your Progress 53320.6 Answers to Check your Progress 533

UNIT 21LONG FORM AUDIT REPORT OF BANK BRANCHES

21.0 Objective 53721.1 LFAR 537

21.1.1 Introduction 53721.1.2 Definition of LFAR 53721.1.3 Latest RBI guidelines on submission of

LFAR by Concurrent Auditors538

21.2 Audit Approach/Procedures 53821.2.1 Important aspects of LFAR which require

special attention while reporting in Long Form Audit Report

538

21.2.2 Do’s and Don’ts in preparation of the LFAR

539

21.2.3 Some Important Areas to be considered by the Branch Statutory Auditor at the time of compilation of LFAR

540

21.2.4 Illustrative list/Information which is required for compilation of LFAR by Branch Statutory Auditor

541

21.2.5 Management Representation Letter to be obtained from the Branch Management

542

CONTENTS

I-32

PAGE


UNIT 22LONG FORM AUDIT REPORT OF HEAD OFFICE

22.0 Objectives 56922.1 LFAR 569

22.1.1 Need to obtain LFAR from the Statutory Auditors

569

22.1.2 Importance of LFAR 56922.1.3 Coverage of LFAR & Audit Aspects 57022.1.4 Additional areas which needs to be con-

sidered by the Statutory Auditors573

22.1.5 Income Tax Liability 57422.1.6 Employee Benefits (AS 15) 57422.1.7 Off-Balance Sheet exposures 574

22.2 Ghosh Committee Recommendations 57422.2.1 Implementation of Ghosh Committee

Recommendations574

22.3 Jilani Committee Recommendations 57522.3.1 Implementation of Jilani Committee

Recommendations575

22.3.2 RBI’s Recommendations 57622.4 Responsibility of Implementation of the Ghosh

and the Jilani Committee Recommendations576

22.4.1 Responsibility of the Management 57622.4.2 Responsibility of the Statutory Auditors 57722.4.3 Audit Procedures 577

CONTENTS

I-33

PAGE

22.5 Let us Sum up 57822.6 Key Words 57822.7 Check your Progress 57822.8 Answer to Check your Progress 579

UNIT 23BASEL III REGULATIONS AND DISCLOSURES

23.0 Objectives 60523.1 Need to have Capital Adequacy Norms 605

23.1.1 Basel Capital Adequacy Norms 60623.1.2 The major changes made in Basel III

over Basel II606

23.1.3 Capital to Risk-weighted Assets Ratio (CRAR)

607

23.1.4 Treatment of certain Balance Sheet items 60823.1.5 Credit agencies accredited for the purpose

of risk weighting the Banks’ claims for Capital Adequacy purposes

608

23.2 Disclosure (Pillar 3) Framework 60923.3 RBI Guidelines on Basel III - Capital Regulations 609

23.3.1 Role of Statutory Auditors of Banks 60923.3.2 Scope of Statutory Audit 61023.3.3 Role of Branch Statutory Auditors 61023.3.4 Role of Statutory Central Auditors 61123.3.5 Illustrative Audit Checklist for Capital

Adequacy611


CONTENTS