AUDIT IN BANKS

 AUDIT 

BANK AUDIT

Disclaimer

The following Article is based on my experience as an Inspecting Official  and  I have purely elaborated my experience (what I was taught and what I learnt/ experienced)

 

Preamble:

Audit is a tool to measure the health of an Organisation. It will help the Management of the Organization  to assess the point where they stand and its Clients to foresee the growth of their benefits.  Besides, it is a mandatory requirement for the Organization to claim their legitimacy in the market for their survival

Any organization may it be Private or Public or Government undertaking is subject to this mandatory requirement.  Even a Proprietary/Partnership establishment is required to undergo this exercise in India.    

With a view to accomplish this task, there are many Charted Accountant firms and Tax consultants spread over the country.  Nowadays, many MNC auditing firms have also fallen in line with the other local resources to enable smooth auditing tasks.

While we are on the subject, I shall slightly deviate from the topic.  Let us have some idea about Audit functions in a Bank.  In India, Banks are coming under the control of Reserve Bank of India, generally called the "Central Bank" (RBI).  The RBI controls the key functions of Banks in India.  They issue various guidelines and regulations on various parameters like Rate of Interest - both on Deposits and Lending, SLR, CRR, lending norms, Assets and Liability Management System, Bad Debts / Non-performing Assets Management etc.  The Banks are required to strictly comply with the guidelines issued by RBI from time to time.  

VARIOUS TYPES OF AUDITS :

1.    Internal Audit - done by Staff of the Bank

2.    Statutory Audit - done by External Agencies

3.    Revenue Audit - done by External Agencies

4.    Stock Audit = done by External Agencies

5.    Concurrent Audit = done by External Agencies

6.    Information System Audit - done by both Internal and External agencies

7.    Credit Audit - Mostly entrusted to External Agencies

8.    Forensic Audit - In case of suspect fraud  

Bank Audit is conducted by various machinaries  - both Internally and externally.  As per the eligibility norms, the Banks may appoint external Agencies also to complete the process.  Bank audit is done for assessing the procedures and systems followed by a Bank Branch in the opening and conduct of a Deposit account and also following the lending norms while processing / sanctioning loans to its customers.  The Inspecting Official / firm will compile a Report and express their opinion as also the ways to overcome the Risks, may be in a structured format as prescribed by the Bank entrusting the task, wherein they point out the deviations observed and based on the observations, bring out the risk involved as also the health of the Bank Branch.

The Bank shall have a Centralised and Regionalised set up for conducting the Audits who in turn consolidate the Reports, after a thorough verification, and transmit the same to the Central Bank (RBI).  After assessing the consolidated report, the RBI may call for explanations from the concerned Bank for rectification progress, steps taken for immediate improvement and staff involvement / accountability etc. so that the Bank does not derail or the public money is safeguarded. 

However, to assess the health of the Banks, the Central Bank (RBI) has laid down a structured policy of Auditing.  Audit in Banks may differ from one another.  Nevertheless, the ultimate aim is to have the best control mechanism on the functioning.  Widely, the following pattern is followed in Banks while forming the Audit Policy.

 

RISK BASED AUDIT :

 

The Audit risk is mainly divided into two categories viz.

• Business Risk

• Control Risk

 

Business Risk comprises of various parameters like the position of the Bank Branch, viz. Actual achievements vis-a-vis Targets allocated by Higher Offices.  This includes various components like Deposits, Advances, Profitability etc.   A few major areas of Business Risk assessment are given below :

Business Risk: Business Risk is based on the inspection and findings of the Inspecting Official with regard to the following vital areas and compilation of Bank Branch Profile, which may mostly contain the data obtained :

• Composition of Advances
• Analysis of Non-performing Assets 
  
• Composition of Deposits
  
• Frauds (if any, already reported and steps taken)
• Customer Base
• Customer Complaints
• Growth in Deposits
• Growth in Advances / Credit / Lending
• NPA Management
• Profitability
• Performance in respect of Third Party products

 

i)    Composition ofAdvances of the Bank Branch :

•         % of Exposure to Sensitive Sector with regard to total / gross  advances
•         Top Advances, say 15 to 25 (depends upon the guidelines of the Bank)
•         % of Exposure to Group borrowers in respect of total / gross  advances
•          % of Unsecured Advances (advances without any security)
•         % of Contingent Liabilities invoked to total outstanding of Bank Guarantees and Letters of Credit
•         % of advances to Non-Priority Sector 
•        Spurt in advances
•        % of Time barred debts to total Non-Performing Assets
•        Share of High risk exposure to total exposure
•        % of Leakage of Income detected / recovered to total business 
  

 

ii)    Control over Bad Advances (NPA Management) :

• Ratio of Assets falling under "Standard" category to Total Advances
• Share of Advances in NPA portfolio - Sector-wise
• % of Early Alert System Advances and Special Mention Advances to Total Advances
• Analysis of Quick Mortality Accounts  

• % of Gross NPA to total Credit portfolio 

 

iii) Coming to the Deposits portfolio of the Bank Branch, the following parameters are analysed and data obtained :

 

Ratio of CASA deposit to Total Deposits

Risk category of Deposit accounts and its share in total deposits

Retail Deposit percentage to Total Deposits

Computing the Non-Interest Income and Net Interest Income and their percentage to Total Income

Analysis of Interest Income whether it has increased or decreased over the last audit period.

 

iv) Analysis of Fraud prone areas: Areas of fraud are defined in the Bank's guidelines and certain parameters are to be taken into account for computing the Risk.

 

v) Profitability - Target vis-a-vis Achievement: The Bank Management will give some targets, either quarterly, half-yearly or annual targets.  The Inspecting Officer is required to cull out the data from the System and analyse whether the Branch has achieved the goals as per the expectations of the Higher Offices.  The shortcomings, if any, should be give proper attention and accordingly arrive at the Risk.

 

Control Risk : - Control Risk is based on the inspection and findings of the Inspecting Official in respect of the following major areas and compilation of marks awarded, which mostly contain the data obtained :

1. Risk parameters involved in Lending
2. Control parameters in Credit Management
3. Control over other Banking Operations
4. Opening of Deposit Accounts
5. Monitoring of Deposits Accounts
6. Cash Management system
7. Remittances - both Inward and Outward remittances
8. Collection of Bills / Cheques
9. Cheque Purchases
10. Clearing Department
11. Government Business operations
12. Parabanking activities
13. Statutory Compliances
14. Security measures and Administrative lines
15. Monitoring of Frauds
16. Compliance with regard to Audit irregularities 
17. Observance of Information Technology guidelines
18. Customer Service
19. Processing Credit applications
20. Sanctioning of Credit Proposals
21. Monitoring of Advances portfolio
22. Minimising NPA Portfolio of the Bank Branch

 

The Overall Risk Rating is arrived at by the Inspecting Officials is categorised as -

 

1. Low Risk
2. Medium Risk
3. High Risk
4. Very High Risk 

Broadly speaking, the Risk assessment is made based on the combination of Business risk and Control Risk.  

 

The performance of the Bank Branch in respect of the above major parameters would be taken into consideration while arriving at the Risk factor.   

 

Matrix of Risk:

 

Business Risk	Control Risk	OVERALL RISK
Low	Low	LOW
Low	Medium	MEDIUM
Low	High	HIGH
Medium	Low	MEDIUM
Medium	Medium	HIGH
Medium	High	VERY HIGH
High	Low	HIGH
High	Medium	VERY HIGH
High	High	EXTREMELY HIGH

  

The above Matrix is explained as under :

 Category 1 : 

• A Bank Branch is categorized under "LOW RISK" category if both the Business Risk and Control Risk are "Low", based on the assessment of above parameters.

•  If either of the Business Risk or Control Risk is assessed "LOW" and the other one is coming under "MEDIUM", the overall Risk is finalised as "MEDIUM".

•  While the Business Risk is "LOW" and Control Risk is "HIGH", then the overall Risk of the Branch comes under "HIGH" Risk category.

 Category 2 :

• A Bank Branch is categorized under "MEDIUM RISK" category if the Business Risk is "MEDIUM" and the Bank Branch has good control over the norms, as a result the Control Risk falls under "LOW", then the overall Risk is computed as "MEDIUM".

• If both the Business Risk and Control Risk are assessed "MEDIUM", the overall Risk of the Bank Branch is arrived at "MEDIUM". 

• While the Business  Risk is "MEDIUM" and Control Risk is "HIGH", then the overall Risk of the Branch comes under "VERY HIGH" Risk category.

 Category 3 :

• If the Business Risk comes under "HIGH RISK" and if the Control Risk is "LOW", overall the Branch falls within the norms of HIGH RISK and it can be said that the Bank Branch has got good control over the norms. 

• While the Business Risk is computed to be at "HIGH RISK" and Control Risk is assessed "MEDIUM", the overall Risk of the Bank Branch is arrived at "VERY HIGH".  The shows that the Bank Branch has been lacking behind in achieving the allocated Business targets as well as has got laxity in keeping adequate control over the stipulated norms in most of the parameters.

• A Bank Branch is categorised as having "EXTREMELY HIGH" risk Audit ranking when both Business Risk and Control Risk are falling within "HIGH RISK" norms.  This shows that the Bank Branch is very poor in business portfolio and also in having proper control mechanism.  

Based on the observations made by the Inspecting Official, he will have detailed discussion with the Bank Branch Head to ascertain the reasons and give suggestions to overcome the situation and would also appreciate the efforts taken for pruning down the Risk Factor by one notch or more.

The Inspecting Official would thereafter submit his findings in the form of a Report to their Head Office.  The HO would, in turn, send the report to the Controlling Office of the Bank Branch, seeking their immediate action for rectifying the irregularities pointed out in the Audit Report in a time bound manner and their reply about rectification by the Bank Branch. 

The Audit Committee at appropriate level will convene a meeting thereupon and close the Audit Report for the respective Audit period.