Control System And Bank Audit      

1

INTRODUCTION
 BANK AND CONTROL  AUDITING  BANK AUDIT

1

Control System And Bank Audit 

INTRODUCTION TO BANK AND CONTROL SYSTEM
BANKING: Banking has been defined in section 5 of the act as “the accepting, for the purpose of lending or investment, of deposits of money from the public, repayable on demand or otherwise, and withdraw able by cheque, draft, order or otherwise.” A Banking company or a Bank means any company, which transacts the business of banking in India, and includes a foreign company, engaged in the business of banking in India. There are four types of banking institutions in India. These are: 1) Commercial banks – Commercial banks are the most prevalent banking institutions in India. Commercial banks operating in India can be divided into two categories based on their ownership-public sector and private sector banks. 2) Regional rural banks (RRB’s) RRB’s have been established “with a view to developing the rural economy by providing credit and other facilities, particularly to the farmers.” 3) Co-operative Banks Co-operative banks are the banks in the Co-operative sector, which cater predominantly to the needs of the farming, and allied sectors. Co-operative banks include central Co-operative banks, state Co-operative banks, primary Co-operative banks and land development banks. 4) Development banks Development banks were started for providing only longterm finance for development purposes; they are also referred as ‘Term-lending institutions’.

2

Control System And Bank Audit 

Important features Banks have the following characteristics, which distinguish them from most other commercial enterprises. 1. They have custody of large quantum of monetary items, Including cash and negotiable instruments, whose physical security has to be ensured This applies to both the storage and the transfer of monetary items and makes banks vulnerable to misappropriation and fraud. They, therefore, need to establish formal operating procedures, well-defined limits for individual discretion and rigorous systems of internal control 2. They engage in a large quantum and variety of transactions in terms of both number and value. This therefore requires complex accounting and internal control systems. 3. They generally operate through a wide network of branches and departments which are geographically dispersed. 4. Banks are regulated by governmental authorities and the resultant regulatory requirements often influence accounting and auditing practices in the banking sector. Regulatory framework There is an elaborate regulatory framework governing banks in India. The principal enactments which govern the functioning of various types of banks are: • • • • • • • Banking Regulation Act, 1949 Banking Companies (Acquisition and Transfer of Undertakings) Act, 1970 Banking Companies (Acquisition and Transfer of Undertakings) Act, 1980 SBIAct, 1955 SBI (Subsidiary Banks) Act, 1959 » Regional Rural Banks Act, 1976 Companies Act, 1956 Co-operative Societies Act, 1912 or the relevant state Co-operative Societies Act.

3

views) about the truth and fairness of financial statements”. the decisionmaker must develop a method of assuring him that the information is sufficiently reliable for these decisions. accurate and unbiased. As a result the bank has lost both the principal and the interest. Such person was known as ‘Auditor’. the decision of a bank to make a loan to a business is based upon previous financial relationships with that business. “A careful and critical examination of books of accounts by a properly qualified person on the basis of proper evidence so as to express an opinion (i. In doing this he must weigh the cost of obtaining more reliable information against the expected benefits. Unreliable information can cause inefficient use of resources to the detriment of the society and to the decision makers themselves.e. A common way to obtain such reliable information is to have some type of verification (audit) performed by independent persons. they appoint independent and impartial person who uses to hear the explanation given by the accountant. The audited information is then used in the decision making process on the assumption that it is reasonably complete.Control System And Bank Audit  INTRODUCTION-an overview of Auditing Economic decisions in every society must be based upon the information available at the time the decision is made. In the lending decision example. As a means of overcoming the problem of unreliable information. In addition. whenever the owner of the business suspects the frauds. the information used in the decision process must be reliable. 4 . assume that the bank makes the loan on the basis of misleading financial statements and the Borrower Company is ultimately unable to repay. another company that could have used the funds effectively was deprived of. In olden days. Auditing may be defined as. The word ‘Audit’ is derived from the Latin word “ Audire” which means ‘to here’. For example. the financial condition of the company as reflected by its financial statements and other factors If decisions are to be consistent with the intention of the decision makers.the money.

keeping in mind the objects of audit in each and every case. CHART SHOWING DIFFERENTCLASSES OF AUDIT BASED ON AUTHORITY BASED ON SCOPE BASED ON TIME BASED ON OBJECT OTHER TYPES Statutory Audit Y Non-Statutory Audit Internal Audit Complete Audit Partial Audit Continuous Audit Final Audit Interim Audit Special Audit Cost Audit Management Audit Social Audit Balance Sheet Audit Occasional Audit Audit In Depth Cash Audit Operational Audit 5 .Control System And Bank Audit  TYPES OF AUDIT The entire process of audit depends upon the type of audit. Type of audit to be conducted is to be selected carefully. Hence it is essential to study the various types of audit before laying down the programme for any audit work.

private trusts. However. 3) It facilitates borrowing from banks 4) Audited accounts are preferred by income tax and sales tax departments. and liabilities are governed as per the provisions 'of the respective law applicable to the organisation. This type of audit is not compulsory at all. internal audit. etc. ii) Audit of partnership firms 1) Under partnership Act it is not compulsory to audit the accounts. partnership firms. 2) For presenting authentic data to income tax and Sales tax authorities. The various types of private audit are i) Audit of Sole Proprietor Audit of accounts of a sole-proprietor is not compulsory.g. 5) Audited accounts can be helpful in case of litigation. 3) For his own satisfaction that his employees have written the books of accounts properly and that there are no frauds and errors. Terms and conditions of audit are determined as per the agreement made between the auditor and proprietor for e. Scope of audit work and all other terms are as laid down by the law. However in actual practice it is not only advisable but even necessary to get them audited 2) It helps to prevent disputes among the partners. rights. Remuneration. removal. It can be conducted only by a qualified Chartered Accountant. management audit. These audits are not compulsory under any law. which is compulsory under the law*Appointment of auditors. Social audit. 2) Non-Statutory Audit Non-statutory audits are voluntary audits.Control System And Bank Audit  BASED ON AUTHORITY: 1) Statutory Audit It is the audit. Operational audit. financial audit of a sole trader or partnership firm. a) Private Audit The audit which is done for the satisfaction of the owner Is called private audit. Some of the reasons are: 1) For obtaining loan from bank and financial institutions. It may be conducted by sole proprietors. duties.g. 6 . family trusts. etc. It also includes non-financial audits e. he may get his books audited for various reasons.

It is conducted by the internal auditor who is appointed by the proprietor. voucher document etc. 2) Partial Audit Sometimes auditor may be called upon to audit few books and give his finding thereon. checking the accounts during the whole period or where the auditor or his staff attends at regular or 7 . Such an audit’s possible where audit is not a legal necessity. This is called as Partial Audit.Control System And Bank Audit  3) Internal Audit This type of audit is also optional. is constantly engaged in irregular intervals during the period. Auditor has to be very careful when he undertakes this type of audit. Continuous audit. Even the employee of the organisation may be appointed as an internal auditor to examine the books of accounts. Usually this type of audit is called for when a fraud or misappropriation is" suspected. accounting and’ auditing work is done side by side. Partial audit is not practical. All the terms and conditions of audit work are determined by the agreement. BASED ON TIME: 1) CONTINUOUS AUDIT “One where the auditor. or his staff. Sometimes he may be called upon to audit only the payment side of cashbook or receipts side only. While submitting the report auditor should clearly mention -the scope and documents or books made available to him for his audit. This types of audit is not possible in case of large business organizations.” Continuous audit means an audit at regular intervals throughout the accounting year. The basic purpose of internal audit is not only to examine the books of accounts but also to review the present working and make valuable suggestions to improve it. BASED ON SCOPE: 1) Complete Audit In complete audit the auditor have to check each and every transaction. relating to the transactions of business.

It is conducted to find out the interim profit and know the financial 'position at the end of a part of the accounting year. b) When the financial position of the company is such as to endanger its solvency. the central government has power to direct special audit under following circumstances: a) When the affairs of any company are not managed as per the sound business principles. The auditors repot 8 .Control System And Bank Audit  (2) FINAL /ANNUAL /PERIODICAL / COMPLETED AUDIT: Periodic audit is also known as 'final or completed audit'. BASSED ON OBJECT : 1) SPECIAL AUDIT Under section 233 A of companies Act. the auditor gets hold of all the books of accounts and the vouchers for the. Generally this type of audit is appropriate for smaller business concerns. Final audit is carried out continuously until it is completed. the auditor visits the clients place only once and remains there till the audit is over. which involves verification of cost records maintained by the organisation. Under section 233 B of the companies Act. this is also called as half yearly audit. He is in possession of all the facts and figures relating to the accounting period for which the audit is being conducted. It is a past accounts audit. 2) COST AUDIT It is a type of audit. Appointment of auditor is done by the board of director subject to the approval of the central government. 1956 the central government may direct an audit of cost records by a person who is qualified. Hence. c) When company is being managed in a manner which is likely to cause serious injury or damage to the interest of trade or industry The auditor appointed by the government is required to report to the government. accounting Period. This is usually carried out at half yearly intervals. which is conducted in between the annual or final audits. In case of a final audit. (3) INTERIM AUDIT: It is a kind of audit. In case of this audit. Generally majority of audits are in the nature of Final Audits.

As the very name suggests. Though balance sheet audit concentrates mainly on balance sheet items. Secondly. But it may be noted. It has acquired popularity in U. 4) Social audit Social audit is a recent development in the field of at it is based on the modern concept of social responsibility of business. from the expectations of the external participants and not of organisation's management as in case of operational auditing.S. it also includes an examination of those transactions. in balance sheet audit all the items contained in the balance sheet and other related or allied items are verified completely. Other types: 1) Balance sheet Audit Balance Sheet audit is of a recent origin. which are appearing in the Profit and Loss Account because balance of Profit and Loss Account appears in the balance sheet.A. although operational auditing is also concerned with review of operations of an entity. generally. Thus. 3) Management audit:'Management auditing is concerned with review of operations and performance of management to improve efficiency and effectiveness of the organisation. The auditor' will check up general ledger also 9 . and he works back to the books of original entry and other evidences. in addition to it also includes review of managerial performance. thus.Control System And Bank Audit  to the government. the copy of the report is send to the company. Some authors use the terms management auditing and operational auditing interchangeably because of the close resemblance of methodology employed. Social audit examines to what extent the business is discharging the social responsibilities. It has been defined as” the verification of the correctness of cost accounts and of adherence to the cost accounting plan. an extension of internal audit function. Under 'balance sheet audit. reserves and liabilities of the business. balance sheet audit consists of verification of all the items appearing in the balance sheet such as assets. capital. the auditor commences audit on the basis of the Balance sheet. management auditing. It is. It examines the contribution of the concern to the society at large. the frame of reference of a management audit is derived.

The receipts and payments may be capital or revenue in nature. compulsory as provided in Companies Act. 1956. This type of audit enables the auditor to suggest to the management a better procedure for recording the transactions to avoid any loopholes for committing frauds. it is just a needbased audit. the auditor examines thoroughly selected transactions right from their origin to the conclusion. T1V applicable to the proprietary concerns such as sole traders and partnerships. (3) Audit in Depth Under this type of audit. Cash transactions are checked with the help of receipts and vouchers and other evidences. This of audit is not possible in case of Joint Stock Company as the annual au. The basic purpose of this type of audit is to whether the system of internal check or control system is effective. It guides the management in achieving organizational objectives 10 .Control System And Bank Audit  (2) Occasional audit: This type of audit is carried out occasionally as per the need of the business. He examines cash receipts and cash payments. It is conducted to see that the business operations are improved in future. 5) Operational Audit Operational audit goes beyond financial audit. All records and documents pertaining to the transactions are checked in detail. It is conducted at the desire of the owner of the business. 4) Cash Audit Here the auditor examines only cash transactions.

Such visits help the auditors to gather lot of first hand information and insight about the branch and its business profile. The banks are taking effective measures to address this issue and some banks have allowed the auditors of large and very large branches to visit the respective branches before the close of the year. the appointment letters are received in second or third week of March and the auditors are expected to commence the audit in the first week of April and to complete the audit.Control System And Bank Audit  INTRODUCTION TO BANK AUDIT Bank Audit is a time bound exercise and it is full of challenges and responsibilities. the only option he has is to carry out the audit in a very scientific manner so that he is able to conduct a purposeful audit in the limited time. For those who approach this exercise with scientific methods and proper planning The auditor has very limited option as far as the availability of time is concerned. 11 . Generally. it is very important that to keep update about the significant developments in the banking sector and to incorporate all the significant developments in the audit programme/checklist. NPA profile. level of computerization. in one visit and in all respect. It is important to review the instructions and to incorporate the significant instructions in the audit plan/programme/checklist. banks circulate detailed closing instructions to the branches and the auditors well in advance. Generally. With the latest information available at the touch of button. it is also important to preserve all the required documents/representations etc. etc. it is important that while carrying out the attest function due emphasis is given to Auditing & Assurance Standards and other pronouncements of the Institute while discharging the attest function. Apart from this. therefore. irrespective of the size of the branch. client profile. As the concept of Peer Review is already put in place. by the end of second week of April. volume of business and nature of activities. the time available for the completion of audit in all respects is generally in the range of 4-5 days to a maximum of a week or 10 days. Therefore. performance. for future reference.

documents and voucher's. As mentioned earlier. in the case of such banks. audit of branches is also carried out by the auditors appointed for the bank as a whole. The auditors of RRB's are to be appointed by the bank concerned with the approval of the Central Government. a subsidiary of SBI/or a regional rural bank has the same powers as those of company auditor in the matter of access to the books. 1976.e. 12 . The auditors of the SBI are to be appointed by the RBI in consultation with the Central Government. accounts. auditor of a nationalised bank is to be appointed by the bank concerned acting through its Board of Directors. In the case of a banking company. He is also entitled to require from the officers of the bank such information and explanations as he may think necessary for the performance of his duties. the SBI Act. by the company in general meeting or in such manner as the company in general meeting may determine). In the case of RRB's. the auditors' remuneration is to be determined by the bank concerned with the approval of the Central Government/.. he is entitled to receive notice relating to any general meeting. He is also entitled to attend any general meeting and to be heard there at on any part of the business. Besides. which concerns him as auditor It may be noted that the Regional Rural Banks Act. specifically provides for appointment of two or more auditors. does not contain any provisions relating to audit of branches. approval of the Reserve Bank is required before the appointment is made.Control System And Bank Audit  Appointment of Auditor The auditor of a banking company is to be appointed at the AGM of the shareholders. nationalised banks and subsidiaries of SBI also generally appoint two or more firms as joint auditors. Remuneration of Auditor The remuneration of auditor of a banking company is to be fixed in accordance with the provisions of section 224 of the Companies Act. (The remuneration of auditors of nationalised banks and SBI is to be fixed by the RBI in consultation with the Central Government. 1955. • Powers of Auditor: The auditor of a banking company or of a nationalised bank. Accordingly. 1956 \i. In either case. The auditors of the subsidiaries of the SBI are to be appointed by the SBI. The remuneration of auditors of subsidiaries of SBI is to be fixed by the latter. SBI.

should be brought to the notice of the shareholders of the company. is required to state in his report. Whether or not the transactions of the company which have come to his notice have been within the powers of the company. regional rural banks and the State Bank of India and its subsidiaries. if any appointed by the law establishing constituting or forming the banking company concerned. 13 . Any other matter. (a) (b) (c) (d) (e) Whether or not the information and explanations required by him have been found to be satisfactory. before appointing. Whether the profit & loss account shows a true balance of profit or loss for the period covered by such account. reappointing or removing any auditors. (2) The auditor shall have the powers of. obtain the previous approval of the Reserve Bank. which he considers. 1956 and auditors. (1C) and (2) also apply to nationalized banks. exercise the functions vested in.Control System And Bank Audit  AUDIT (Legal provisions) The provisions of section 30 of the Banking Regulation Act relating to audit apply to the banking companies. which under the aforesaid act the auditor. and discharge the duties and be subject to the liabilities and penalties imposed on. Section 30 reads as below: (1) The balance sheet and profit and loss account prepared in accordance with section 29 shall be audited by a person duly qualified under any law for the time being in force to be an auditor of companies. Sub-section (1B). Whether or not the returns received from branch offices of the company have been found adequate for the purposes of his audit. every banking company shall. (1-A) Not withstanding anything contained in any law for the time being in force or in any contract to the contrary. auditors of companies by section 227 of the Companies Act. (3) In addition to the matters.

Control System And Bank Audit  2 CONTROL SYSTEMS     BANKING REGULATION ACT. 1949 CORPORATE GOVERNANCE GOSH COMMITTEE RECOMMENDATIONS AUDITING & ASSUARANCE STANDARDS(AAS)XX 14 .

and the State Bank Of India and its subsidiaries. A banking company incorporated outside India is required to deposit with the Reserve bank in the form of cash and/or approved securities. discount of remuneration in any form in respect of any shares. (a) an amount not less than the minimum paid-up capital and reserves as prescribed under section 11(2) of the Banking Regulation Act (1949). However. the central government may. nationalised banks. etc. a regional rural bank. 1937 or to a nationalised bank. 1949) CAPITAL RESERVES Section 11 of the Banking Regulation Act lays down the requirements regarding the minimum paid-up share capital and reserves of banking companies. 15 . 1956 (1 of 1956)]. the subscribed capital of a banking company should not be less than one-half of its authorized capital and the paid-up capital not less than one-half of the subscribed capital. Restriction on commission.–– Notwithstanding anything to the contrary contained in 3[Secs. a cooperative bank. and (b) an amount equal to 20 percent of its profits for each year in respect of all business transacted through its branches in India. any amount exceeding in the aggregate two and onehalf per cent. on sale of shares.Control System And Bank Audit  Controls and Regulations (banking regulation act. the only exception being in the case of preference shares issued prior to July 1. and the State bank Of India and its subsidiaries. discount. 76 and 79 of the Companies Act. the capital of a banking company should consist of ordinary shares alone. Further. issued by it. it should comply with these conditions within a stipulated time period. brokerage. If the capital is increased. no banking company shall pay out directly or indirectly by way of commission. Similar requirements in the case of cooperative banks are laid down in section 56(h). 1944. on the recommendation of the Reserve Bank. of the paid-up value of the said shares. Under section 12(1). exempt a banking company from these requirements for a specified period having regard to the adequacy of the total amounts deposited by it with the Reserve Bank in relation to its deposit liabilities. These provisions are not applicable to rural banks. brokerage. These provisions do not apply to a banking company incorporated before January 15.

in the value of its investments in shares. 1956 (1 of 1956). amounts of losses incurred and any other item of expenditure not represented by tangible assets) have been completely written off. 29 and before any dividend is declared. transfer to the reserve fund a sum equivalent to not less than twenty per cent.] Reserve Fund. debenture or bonds (other than approved securities) in any case where adequate provision for such depreciation has been made to the satisfaction of the auditor of the banking company. Organization expenses. of such profit. share-selling commission. (ii) The depreciation. in any case where adequate provision for such debts has been made to the satisfaction of the auditor of the banking company. in the value of its investments in approved securities in any case where such depreciation has not actually been capitalized or otherwise accounted for as a loss. it shall. if any. report the fact to the Reserve Bank explaining the circumstances relating to such appropriation Provided that the Reserve Bank may. (iii) The bad debts. extend the said period of twenty-one days by such period as it thinks fit or condone any delay in the making of such report. (2) Where a banking company appropriates any sum or sums from the reserve fund of the share premium account. if any. within twenty-one days from the date of such appropriation. if any. 16 . out of the balance of profit of each year as disclosed in the profit and loss account prepared under Sec. in any particular case. 5[(1) No banking company shall pay any dividend on its shares until all its capitalised expenses (including preliminary expenses. brokerage.Control System And Bank Audit  Restrictions as to payment of dividend. (1) Every banking company incorporated in India shall create a reserve fund and shall. a banking company may pay dividends on its shares without writing off–– (i) The depreciation. 1[(2) Notwithstanding anything to the contrary contained in sub-section (1) or in the Companies Act.

shall maintain in India by way of cash reserve with itself or by way of balance in a current account with the Reserve Bank or by way of net balance in current accounts or in one or more of the aforesaid ways. manager. or a Government company)] of which 2[or the subsidiary or the holding company of which] any of the directors of the banking company is a director. 1956 (1 of 1956). 5 of the Banking Laws (Amendment) Act. or (iii) Any company (not being a subsidiary of the banking company or a company registered under Sec. Restrictions on loans and advances. or (iv) Any individual in respect of whom any of its directors is a partner or guarantor. but in pursuance of a commitment entered into before such 17 . (ii) Any firm in which any of its directors is interested as partner. employee or guarantor or in which he holds substantial interest. a sum equivalent. to at least three percent Of the total of its demand and time liabilities in India as on the last Friday of the second preceding fortnight and shall submit to the Reserve Bank before the twentieth day of every month a return showing the amount so held on alternate Fridays during a month with particulars of its demand and time liabilities in India on such Fridays or if any such Friday is a public holiday under the Negotiable Instruments Act. (1) Notwithstanding anything to the contrary contained in Sec. 1956 (1 of 1956).Control System And Bank Audit  Cash reserve. manager. but in pursuance of a commencement of Sec. 25 of the Companies Act. at the close of business on the preceding working day.(b) of sub-section (1) had been in force on the date on which the loan or advance was made. 1881(26 of 1881). managing agent. or is granted by a banking company after the commencement of Sec. 1968(58 of 1968). (2) Where any loan or advance granted by a banking company is such that a commitment for granting it could not have been made if Cl. Every banking company. or (b) Enter into any commitment for granting any loan or advance or advance to or on behalf of–– (i) Any of its directors. 1968 (58 of 1968). (a) Grant any loans or advances on the security of its own shares. employee or guarantor. 77 of the Companies Act. 5 of the Banking Laws (Amendment) Act. not being a scheduled bank. no banking company shall.

director] or chief executive officer or other officer or employee concerned has been given a reasonable opportunity of making a representation to the Reserve Bank against the proposed order: Provided that if in the opinion of the Reserve Bank. (2) No order under sub-section (1) shall be made 4[unless the chairman. by order direct. at the time of giving the opportunity aforesaid or at any time thereafter. then such person shall. if any 5[the chairman or. for reasons to be recorded in writing. CONTROL OVER MANAGEMENT 36-AA. with effect from such date as may be specified in the order 3[any chairman. referred to in sub-section (2). director. Power of Reserve Bank to remove managerial and other persons from office. (1) Where the Reserve Bank is satisfied that in the public interest or for preventing the affairs of a banking company being conducted in a manner detrimental to the interests of the depositors or for securing the proper management of any banking company it is necessary so to do. if he is a director of such banking company on the date of the expiry of the said period. that pending the consideration of the representation aforesaid.Control System And Bank Audit  commencement. the Reserve Bank may. due thereon within the period stipulated at the time of the grant of the loan or advance. or where no such period has been stipulated. payable by any person. 18 . steps shall be taken to recover the amounts due to the banking company on account of the loan or advance together with interest. if any. before the expiry of one year from the commencement of the said Sec. be deemed to have vacated his office as such on the said date. any delay would be detrimental to the interests of the banking company or its depositors the Reserve Bank may. or any part thereof shall be remitted without the previous approval of the Reserve Bank. and any remission without such approval shall be void and of no effect.— (a) 6[act as such chairman or director] or chief executive officer or other officer or employee of the banking company. as the case maybe director or chief executive officer] or other officer or employee.] chief executive officer (by whatever name called) or other officer or employee of the banking company. by order remove from office. has not been repaid to the banking company within the period specified in that sub-section. shall not. with effect from the date of such order. (4) Where any loan or advance referred to in sub-section (2). 5: (3) No loan or advance.

cause an inspection to be made by one or more of its officers of a banking company which is being wound up and its books and accounts. (2) On such inspection. 19 . is of opinion that there has been a substantial irregularity in the winding-up proceedings. (3) If any person in respect of whom an order is made by the Reserve Bank under subsection (1) or under the provison to sub-section (2) contravenes the provisions of this section. he shall be punishable with fine which may extend to two hundred and fifty rupees for each day during which such contravention continues. on being directed so to do by the Central Government or by the High Court. it may bring such irregularity to the notice of the High Court for such action as the High Court may think fit. or take part in the management of. (4) Any person appointed as 1[chairman. whether directly or indirectly be concerned with. (b) Not incur any obligation or liability by reason only of his being a 5[chairman. memorandum or articles of association. on consideration of the report of the Reserve Bank. (5) Notwithstanding anything contained in any law or in any contract. the banking company.Control System And Bank Audit  (b) in any way. Power to inspect. director or chief executive officer] or other officer or employee under this section shall–– (a) Hold office during the pleasure of the Reserve Bank and subject thereto for a period not exceeding three years or such further periods not exceeding three years at a time as the Reserve Bank may specify. on the removal of a person from office under this section that person shall not be entitled to claim any compensation the loss or termination of office. — (1) The Reserve Bank shall. the Reserve Bank shall submit its report to the Central Government and the High Court. (3) If the Central Government. director or chief executive officer] or other officer or employee or for anything done or omitted to be done in good faith in the execution of the duties of his office or in relation thereto.

such as. The OECD experts have defined. Corporate governance cannot be explained by a set of hard and fast rules or standards. while conforming to the basic rules of the society embodied in law and local customs". The corporate governance specifies the distribution of rights and responsibilities among different parties in the corporation. the . The crux of corporate democracy lies in the accountable business leadership. with fast developments in the world. some serious thought has to be given to bring certain amount of norm in governance of the country’s political system. but behaving responsibly. Corporate Governance has been defined in different ways by different thinkers and experts. corporate governance is not just profit making. This definition is narrow in scope as it gives more importance to the owners' stake. In simple words. Wclfensohn. managers. According to Mr. According to noble Laureate Milion Friedman "Corporate Governance is to conduct the business in accordance with owner or shareholders' desires. transparency and accountability". It now encompasses the interest of not only the owners but also many other stakeholders. and spell out the rules and procedures for making decisions on corporate affairs. "Corporate Governance is about promoting corporate fairness.scope of the corporate governance has widened. World Bank.Control System And Bank Audit  CORPORATE GOVERNANCE: Good corporate governance is the only alternative available before the Indian corporate sectary and more particularly. "Corporate Governance as the system by which corporations are directed and controlled. the Board. promoting healthy competition and preventing networth erosion. President. But. banks both commercial and co-operative sector to come at par with international standards. shareholders and other stakeholders. protecting environment. which generally will be to make as much money as possible. Its main aim-is to maintain a balance between economic and social goals and between individual and commercial goals. J. 20 . Over a period of time.

the Government of India compelled to open Indian economy and introduce prudential Accounting Norms. With the fast growth of economy. This became a breeding ground for malpractices and led to inefficiency due to economic compulsions and pressure. corruption is bound to emerge and it is considered as a part of growing economy. indection of professional directors. Foreign and Corrupt Practices Act of 1977 was introduced in USA. the U. As a consequence to this. The only good governance available in the banking sector was the ground rules and Code of Ethics known as G R A C E. it may not attract foreign investment.S. the resources have to be prioritized as required by the policy makers. Good corporate governance is important for running a business on sound ethical values. regulatory and legislative bodies were able to highlight control failures that had allowed several major corporations to make illegal political contributions and to bribe government officials. The banks enjoyed full protection. The collapse of South East Asian economies in 1997 made corporate governance a very vital issue for corporate world. independent audit committees and an objective Internal Audit Function.Control System And Bank Audit  HISTORICAL BACKGROUND: The emergence of modern corporate governance is traced back to the Watergate Scandal in USA. In the words of Mr. maintenance and review of a system of internal controls. Deepak Parekh. as suggested by Narasimham Committee in its report 21 . Thereafter. ethics means. a number of other measures were initiated for internal financial controls and the most important was Headway Commission after the collapse of Savings and Loans in USA. In developing countries. Corruption and economic development cannot go hand in hand. If a country is considered to be corrupt. on investigation. "Not doing a thing one would be ashamed of if it becomes public". that contained specific provisions regarding the establishment. The corporate world in India cannot remain indifferent to the development around the world. redressal of custom complaints through Ombudsman and functioning of Audit committee of the Board. They were not exposed to any competition and there was hardly any concept of transparency and accountability. The 'Headway Commission submitted its report in 1987 and stressed for the need for a proper control environment. At that time.

since the nominee of RBI and government are treated as superior to other directors. The optimum proportion of executive and non-executive directors continues to be a matter of debate. the whole time directors of PSU banks are remunerated very poorly compared to there private 22 . More so. The problems are particularly complex because the government often acts as quasi-regulator. It has been suggested that the roles of the Chairman and CEO be separated. This may create concentration of power in a single individual. the reorientation given to various interest groups in the board for protection of there sectional economic interests. e) Quality and proportion of non-executive director: only individuals of proven professional competence and experience and with special insight into specific economic activities may be appointed as non-executive directors. b) Checks and Balances: in India. Therefore. they relate to the following areas: a) Government Ownership: government ownership of the banking sector creates a number of problems for RBI as the regulator. f) Delay in Filling up vacancies in the board: In many cases There is long delay in filling up the vacancies in the board. h) Disparities in remuneration of whole time directors : normally. primarily. in most banks. c) RBI and Government nominee directors : whether RBI can effectively perform its role as supervisor. may have to be reviewed. the chairman and CEO positions are combined. when it is also represented on the board through its nominee director.Control System And Bank Audit  submitted to RBI in 1990. A new challenge emerged. which led to reform in the Indian banking system so as to bring it at par to international standards as required under BIS norms. g) Ceiling on number of members in board : the size of the board should be too un wieldy so as hamper its cohesiveness. which cripples its efficient functioning. d) Sectoral representation: considering the current trend of liberalization. a few issues having policy implications continue to remain shrouded in controversy. it is to be decides whether good governance is compatible with government ownership. CRITICAL ISSUES: Apart from the emerging challenges. which may lead to conflict of interest with its regulatory function.

1970. 23 . Many provisions of the Banking Regulation Act also apply to the nationalized banks. which lays down the form of the balance sheet and profit & loss account for other banks. A similar Act was passed in 1980. i. Proper framework should also be developed for remuneration of non-executive directors.Control System And Bank Audit  sector counterparts. CO-OPERATIVE BANKS Part V of the Banking Regulation Act (1949) specifies the extent to which this act is applicable to co-operative banks.e. co-operative societies carrying on the functions of the banking. REGIONAL RURAL BANKS Regional rural bank is set up under the sponsorship of an existing bank. The third schedule to the act. by the central government. Certain provisions of the Banking Regulation Act have been modified in their application to the co-operative banks. has been modified to a large extent in its application to the co-operative banks. and provide managerial and financial assistance. The sponsor bank implies to an existing bank. SPECIAL PROVISIONS GOVERNING: NATIONALISED BANKS The fourteen nationalized banks (nationalized in 1970) are governed by the provisions of the Banking Companies (Acquisitions and Transfer of Undertakings) Act. while certain others have been omitted. recruit and train its personnel for the first five years. The regional rural bank is a body corporate with perpetual succession and a common seal. which provided for the nationalization of another six banking companies. This act provided for the nationalization of fourteen major banking companies. which agrees to subscribe to the share capital of the regional rural banks.

1. TTs and Travelers cheques for Rs.2 Precautions against theft of cash . Some banks may have a practice of allotting the duties of 'May I Help u' duties to one of the employees. To prevent the violation of fiscal laws. (b) These transactions are to be reported in the prescribed format (TE-II) to RBI on the same day.and above should be issued only by debit to the account of the constituent and payment of such instruments should be by way of credit to the account of the constituent and cash transactions should not be allowed. Doubtful cases should be r e p o r t e d to higher authorities. Demand Drafts.8 This recommendation is applicable to branches having currency chests attached to them. The auditor during his stay may observe that the cashier do not indulge in conversation including staff while he is in cash counter and public are not approaching the cashier for enquiry. enquiry counters are not established in the branches.staff should not indulge in conversation/ answering queries. Recommendation as Action Points/Audit considerations No. summarized by RBI 1. POs/TCs in excess of Rs. MTs. RBI has advised the banks that the Pay Orders.Control System And Bank Audit  GOSH COMMITTEE RECOMMENDATIONS Rec. What is expected is that the cashier functions only from his allotted cash cabin and not from any other open desk.000/. but direct such persons to Enquiry Counter only.000/should be by way of debit to constituents account and not by cash. 50. other than cashier. 50. Except large branches. 24 . The Auditor should examine: (a) Deposits/withdrawals into currency chests are accounted on the same day. Periodical reporting of deposits/ withdrawals from currency chest to issue department of RBI 1.7 Precautions against misusing banking channels for tax evasion.

iv) Proper records are to be maintained for recording the bills 25 . (g) With respect to co-acceptance of bills. the following guide-lines are given by RBI. ii) Genuine trade bills only to be co-accepted. bills of group concerns should not be co-accepted. issue of guarantees and coacceptance facilities The RBI vide its Cir. issuing BGs and co-acceptance of Bills.4 Precautions for averting frauds in areas of letters of credit. No. (d) If the customer is enjoying credit facilities or having account with other banks. (a) LCs. iii) Accommodation bills. SIC. the bank should examine the financial position of the customer. it should be ensured that the stocks covered bills are reflected in the stock statements of the customer. (f) For performance guarantee. No. the proposal should be appraised like any other credit proposal. without reference and concurrence of such other bank. DBOD. his ability to meet the required funds for retirement of bills on presentation. BGs facility should be given only to the customers having regular credit facilities and if the customers do not have regular credit facilities. GC. i) The need for sanctioning such facility should be thoroughly examined and sanctioned only to the customers having other credit facilities.Control System And Bank Audit  3. (b) Before establishing LC. the bank should examine the capacity and means to perform the obligation under guarantee. (c) The bank should obtain suitable margin and other security.408(A)-83 date 26-11-1983 has advised the banks to follow the following precautions for opening LCs. BC. LC should not be opened. 97/C. house bills. (e) LC should not be established on the guarantee of another bank.

Control System And Bank Audit 

v)

co-accepted. The powers to co-accept bills, beyond certain limits must be exercised by two officers jointly.

8.14

Monthly certificate of assisted units and on stocks pledged/ hypothecated to bank.

The RBI vide its circular No. DBOD. No. Com. BC. 28/C.408(A)-81 dated 23-02-1981 has advised the banks to lay down a system of submitting periodical returns/certificates to the controlling offices, say monthly, containing the information to show name of the borrowers, limits sanctioned, short description and value of the securities charged to the bank, date of inspection thereof names and signatures of the officials who carried out the inspection as also serious defects if any, observed by the officials during such inspection. The auditor should examine whether the branch is submitting such return to the controlling office every month.

9.10

Fraud cases up to Rs. 25,000/-having involvement of an insider should not be reported to Police, where the recovery is not doubtful.

With a view to expedite cases and award of punishments, the Committee desired that where a fraud for an amount not exceeding Rs. 25,000/- involving an employee of the bank is detected, and the recovery of the amount is not in doubt, the matter should not be reported to the police.

26

Control System And Bank Audit 

AUDITING AND ASSUARANCE STANDARD (AAS) XX:
The auditor should obtain an understanding of internal control relevant to the audit. The auditor uses the understanding of internal control to identify types of potential misstatements, consider factors that affect the risks of material misstatement, and design the nature, timing, and extent of further audit procedures. Internal control relevant to the audit is discussed below. Internal control, consists of the following components: (a) The control environment. (b) Control activities. (c) Monitoring of controls. Controls Relevant to the Audit 1) There is a direct relationship between an entity's objectives and the controls it implements to provide reasonable assurance about their achievement. The entity's objectives, and therefore controls, relate to financial reporting, operations and compliance; however, not all of these objectives and controls are relevant to the auditor's risk assessment. 2) Ordinarily, controls that are relevant to an audit pertain to the entity's objective of preparing financial statements for external purposes that give a true and fair view (or are presented fairly, in all material respects) in accordance with the applicable financial reporting framework and the management of risk that may give rise to a material misstatement in those financial statements. It is a matter of the auditor's professional judgment, subject to the requirements of this AAS, whether a control, individually or in combination with others, is relevant to the auditor's considerations in assessing the risks of material misstatement and designing and performing further procedures in response to assessed risks. In exercising that judgment, the auditor considers the circumstances, the applicable component and factors such as the following: • The auditor's judgment about materiality. • The size of the entity.

27

Control System And Bank Audit 

The nature of the entity's business, including its organization and ownership characteristics.

• The diversity and complexity of the entity's operations. • Applicable legal and regulatory requirements. • The nature and complexity of the systems that are part of the entity's internal control, including the use of service organizations. 3) Controls relating to operations and compliance objectives may, however, be relevant to an audit if they pertain to data the auditor evaluates or uses in applying audit procedures. For example, controls pertaining to non-financial data that the auditor uses in analytical procedures, such as production statistics, or controls pertaining to detecting non-compliance with laws and regulations that may have a direct and material effect on the financial statements, such as controls over compliance with income tax laws and regulations used to determine the income tax provision, may be relevant to an audit. 4) Internal control over safeguarding of assets against unauthorized acquisition, use, or disposition may include controls relating to financial reporting and operations objectives. In obtaining an understanding of each of the components of internal control, the auditor's consideration of safeguarding controls is generally limited to those relevant to the reliability of financial reporting. For example, use of access controls, such as passwords, that limit access to the data and programs that process cash disbursements may be relevant to a financial statement audit. Conversely, controls to prevent the excessive use of materials in production generally are not relevant to a financial statement audit. Control Activities 1) The auditor should obtain a sufficient understanding of control activities to assess the risks of material mis-statement at the assertion level and to design further audit procedures responsive to assessed risks. Control activities are the policies and procedures that help ensure that management directives are carried out; for example, that necessary actions are taken to address risks that threaten the achievement of the entity's objectives. Control activities, whether within IT or manual systems, have various objectives and are applied at various organizational and functional levels. Examples of specific control activities include those relating to the following:

28

questionnaires. 29 . Effective Date This Auditing and Assurance Standards is effective for audits related to accounting periods beginning on or after 1st April. development. Performance reviews. or decision tables. The auditor should document: The manner in which these matters are documented is for the auditor to determine using professional judgment. Such techniques may also be useful in documenting the auditor's assessment of the risks of material misstatement at the overall financial statement and assertions level. or reported may include flowcharts. or may be documented as part of the auditor's documentation of further procedures. 2007. System software acquisition. long-term debt). • Application system acquisition. In particular. and maintenance. Segregation of duties 2) General IT-controls are policies and procedures that relate to many applications and support the effective functioning of application controls by helping to ensure the continued proper operation of information systems. the results of the risk assessment may be documented separately. For example. recorded. formation processing.Control System And Bank Audit  Authorization. processed. documentation of the understanding of a complex information system in which a large volume of transactions are electronically initiated. • Access security. Examples of common techniques. Physical controls. Ordinarily. questionnaires. change and maintenance. AAS 3. General IT-controls that maintain the integrity of information and security of data commonly include controls over the following: • • Data centre and network operations. "Documentation" provides guidance regarding documentation in the context of the audit of financial statements. For an information system making limited or no use of IT or for which few transactions are processed (say. check lists and flow charts. used alone or in combination include narrative descriptions. the more extensive the auditor's documentation will be. documentation in the form of a memorandum may be sufficient. the more complex the entity and the more extensive the audit procedures performed by the auditor.

Control System And Bank Audit  3 STATUTORY BANK AUDIT  PREPARATION AND PLANING FOR AUDIT  AUDIT OF BALANCE SHEET & PROFIT AND LOSS  AUDIT OF ADVANCES  PRUDENTIAL NORMS 30 .

f) Statement of maturity pattern of loans & advances and deposits. c) Master Summary of advances containing asset classification. e) Statement of Capital Adequacy. b) Refund of DICGC claim. d) Memorandum of Changes (MOC) for previous year. d) Statement of furniture/fixtures. i) Statement of cash and bank balance on twelve odd dates. 2. g) Statement of maturity pattern of foreign currency assets and liabilities. c) Asset classification. income recognition and provisioning. The various stages involved in audit preparation and planning and the other related issues have been discussed below in detail. 1) Statement of advances made by rural branches. STAGE I: AT THE OFFICE UNDERSTANDING THE BASIC SCOPE OF AUDIT: Broadly the scope of audit can be divided into three main parts: 1. if any. 3.and depreciation. e) Investments. Authentication of closing returns such as: a) Balance Sheet. computers. Issuance of reports including special purpose reports/certificates such as: a) Auditor’s Report. Issuance of certificates in relation to: a) Claim for PMRY subsidy. c) Tax Audit Report. 31 . h) Statement of maturity pattern of borrowings.Control System And Bank Audit  PREPARATION AND PLANNING FOR AUDIT The audit preparation and planning should start immediately on receipt of the appointment letter and the auditor should not wait until actual commencement of audit for the same. k) Statement of movements in NPA. j) Statement of lending to sensitive sectors. b) Long Form Audit Report. held on behalf of Head office. b) Profit and Loss Account either for the full year or for two half years. etc.

g) Guidelines and circulars issued by RBI. COMMUNICATION WITH THE BRANCH Generally. the same must be obtained. e) Audited and un-audited financial statements. the information about the closing returns to be signed and certificates and reports to be issued is mentioned in the appointment letter and/or the closing instructions issued by the HO/CO. due emphasis must be given to the level of computerization at the branch level. The audit programme must be flexible and have substantial scope for modification/revision during the course of audit. the appointment letter issued by the HO/CO also contains the details like complete postal address and contact numbers of the branch. business portfolio of the branch. As most of the branches/operations are computerized. etc. The audit approach in case of a computerized branch is totally different from the one adopted in case of the branch maintaining manual records. are incorporated in the audit checklist. name of the branch head. reports. f) LFAR for the previous year.. PREPARATION OF AUDIT PROGRAMME 1. the auditor must issue written communication for all the audit requirements to the branch. If these details are not mentioned in the appointment letter. d) Latest business profile.Control System And Bank Audit  d) Compliance certificate in respect of implementation of recommendations of Ghosh & Jilani Committees. c) Latest closing instructions. certificates. Generally. While preparing/updating audit programme due importance must be given to— a) Auditing & Assurance Standards and other pronouncements of the Institute. 4. 3. h) Past experience of bank audit. b) Provisions of the governing statutes. 32 . It must be ensured that all this information is properly updated/incorporated in the audit programme and all the related instructions for the closing returns. Depending upon the business profile of the branch. 2. etc. The scope is illustrative and not exhaustive and it may differ from bank to bank.

(d) The basic differences between the Automated Ledger Posting Machine (ALPM) branches. chances that the — 33 . The logbook must be reviewed to understand the implication of the systemic issues on the overall presentation of the financial statements. (c) More time is devoted on insignificant matters/areas. As the scope of audit is very wide and the time available is very limited. The team must review the report on System Audit. It must be ensured that the version being used by the branch is the latest version that is supplied by the controlling authorities. it is advisable that all the working papers including audit programme/checklist and audit memo/query sheet are standardized. if any. The branches are required to maintain logbook for recording any disruption/corruption/breakdown that may arise in the software/ hardware at the branch. Before commencing the audit. it is very important to understand the EDP environment at the branch. 5. The team must also review the reports of concurrent auditors. Total Branch Mechanization (TBM) branches and branches under Core Banking Solutions (CBS). RBI Inspectors and Internal Inspectors to understand the overall EDP environment at the branch.Control System And Bank Audit  STANDARDIZATION OF WORKING PAPERS 1. 2. 3. (b) The system of data processing and generation of various outputs at the branch. 2. the branches continue to use old version of the software even though latest version is supplied. STAGE II: AT THE BRANCH UNDERSTANDING THE EDP ENVIRONMENT 1. In order to avoid such possibilities. 4. conducted during the year. The audit team must be properly briefed about— (a) The approach of audit in the computerized environment. The team must interact with the EDP department at the branch to gain an understanding of the overall EDP environment. there are (a) Critical/important areas are either completely omitted or not audited thoroughly by the team. (c) The importance of proper understanding and verification of the output before placing reliance. (b) Proper noting of important issues observed is not made. At times.

6. 4.Control System And Bank Audit  EXECUTION OF AUDIT During execution of audit. In case the Bank requires Attendance Certificate to be submitted along with the bill. it is advisable to gain an understanding of accounting system and the nature of records of the branch. The audit procedures followed in case of banks are to some extent different from those followed in case of other entities. as no separate visit is allowed for the same. reports and certificates have been duly signed and stamped. the following important aspects must be borne in mind: 1. Necessary representation letter must be obtained from the branch management. The documentation and proper filing must be given due importance. 34 . AND P&L: The statutory audit of banks and their branches is generally described as Balance Sheet Audit. The audit observations must be discussed on a daily basis. The audit programme and the checklists must be suitably updated/ modified in the light of the understanding gathered about the overall functioning of the branch. following important aspects must be borne in mind: 1. 2. COMPLETION OF AUDIT At the final stage. The reason being the system of accounting followed and the nature of records maintained by the banks. Tax audit must also be completed during the course of statutory audit. The auditor must ensure that all the audited closing returns. ensure that the same has been obtained in the prescribed format. 2. Before we proceed with the Balance Sheet and the Profit & Loss Account. reports and certificates are obtained for the purpose of filing. The final issues affecting the true and fair view and other disclosures must be discussed with the branch management. 3. AUDIT OF BL. All the audit memos along with the supporting documents must be systematically filed on a daily basis. 5. It must be ensured that LFAR has also been prepared and discussed with the branch. 4. 5. The copies of the audited closing returns.

In case it is not made available the same should be obtained. the procedure adopted by the branch for revaluation or the fact that no such revaluation is done as at the year-end must be stated in the audit report. In case there are no stated guidelines for the same.. etc. 35 . 2. Foreign letter of credit. etc. cancellation. Generally. the branches are instructed to generate the hard copies of ledgers and other records as per the specified periodicity. 5. 4. the extract of significant accounting policies followed by the bank as a whole is provided to the branch and the branch auditor. the accounting entries thereof and the implication of balances appearing in those accounts. in the formats. Foreign currency loan and interest thereon. accruing interest on overdue deposits. (b) Ensure completeness of the data/output provided before commencement of verification thereof. In case there is overwriting. Generally. Many a times. it must be ensured that the year-end figures are revalued as per the prescribed procedures. These records are available for the purpose of verification by the auditors. It must be ensured that the branch does not violate the significant accounting policies followed by the bank. In respect of certain items of the balance sheet and profit and loss account that are expressed in foreign currency like FCNR deposits and interest thereon. It is advisable to— (a) Compare figures in the manual formats/closing returns prepared by the branch with the system generated outputs of the trial balance and groupings. it must be ensured that the same are properly stamped and initialled by the branch and the auditor. As the figures are inserted manually in the formats. overdue interest on advances. prepaid/unpaid expenses. (d) Identify the accounts to be verified in detail. 3.. (c) Understand the nature of unusual accounts. use of white ink.Control System And Bank Audit  The suggested audit approach in respect of the various items of the Balance Sheet and the Profit & Loss Account is as follows: GENERAL APPROACH 1. it is important to ensure these are free from totalling errors. discount on bills. etc. the branch follows different accounting policy specially while recognizing guarantee commission.

Cash a) Evaluate the effectiveness of internal controls being exercised by the branch by making enquiries about the daily verification of cash at the opening and the closing hours. fixtures. Advances The audit approach in respect of advances is covered in detail in audit of advances 6. Furnitures. 36 . safe keeping of vault and cash box keys. 5. b) Review the reports of the concurrent auditors to ascertain the level and effectiveness of internal controls and also ascertain the frequency of cash verification carried out by the concurrent auditors. computers and office equipments a) Evaluate the effectiveness of internal controls over acquisition. etc. daily cash holding and retention limit. Balances with Reserve Bank of India. recording.Control System And Bank Audit  SPECIFIC AUDIT APPROACH FOR MAJOR ITEMS OF BALANCE SHEET PART I: ASSETS 1. safety of cash cabin. 3. identification. maintenance of cash related registers and vault regi'ster. Money at call and short Notice Generally these assets are not held or dealt with at the branch level. dual custody of cash. 2. State Bank of India and other Banks Verify the balances as per the books with the balance confirmation certificates received from these banks. Investments Generally these assets are not held or dealt with at the branch level. b) Verify the major additions and deletions/disposals with the related supporting documents such as invoices. challans. safeguarding and periodic verification of these items. 4. c) Verify the closing cash balance at the branch and the extension counter/ATM center connected to the branch as on the last day of the year or as of any day during the course of audit in the presence of the cashier and the manager. security arrangements for cash movements.Ensure that the matters to be reported in LFAR have been duly verified and incorporated. decoy money. dual custody of the keys. recording of movements of keys. etc.

usage. paid by the branch on behalf of the Government. Other asset . recording. Any difference in the balancing should be reported in the audit report. for stamps. b) Ensure that the closing balance shown in the statement of the last day of the year tallies with the corresponding balance in General Ledger. 8. deposit paid to the landlord for leased premises. the relevance thereof for the overall presentation of financial statements and the procedure for recording such transactions. Other asset . electricity deposit. etc. b) c) d) 10.Interest accrued Ascertain the system of accruing interest on advances in the computerized branch in the light of RBI guidelines for monthly charging of interest. 9. Deposits a) Ensure that the balances as per the subsidiary ledgers of various deposit accounts are duly balanced and tallied with the respective balances in the general ledger. Other asset . access.Stationery and stamps Evaluate the effectiveness of internal controls exercised by the branch for acquisition. PART II: LIABILITIES 1. physical verification. traveller's cheques.Security deposits It relates to telephone deposit. gift cheques. Identify the provision to be made in respect of very old entries. 12. etc. cheque books. pay-orders. Other asset .. 13. mobile deposit. deposit receipts. Obtain the details of entries/items outstanding as at the year-end. provident fund. dual custody. drafts.Miscellaneous debits in Government accounts Generally the balance outstanding in this account indicates the pending claims to be received from the Government towards pension. etc. Other asset .. 37 . c) Comment of very old and high value un-reconciled items.Inter Office adjustments (NET) a) Understand the basic nature of such transactions. etc. Other asset .Control System And Bank Audit  7. Ensure that the matters to be reported in LFAR have been duly verified and incorporated.Suspense account a) Understand the guidelines issued by HO for operating suspense account.

c) Ascertain that the branch has complied with the RBI guidelines related to opening and maintenance of deposit accounts including NRI deposit accounts. The balances in these accounts indicate progressive balance that is subject to reconciliation at HO level. Interest accrued Ascertain the system of accruing interest on deposits in the computerized branch. 5. telegraphic transfer (TT) and mail transfer (MT) and banker's cheque issued by the branch. report the fact in the audit report. 2. Any serious discrepancy in this regard should be reported. Other liabilities . Bills payable a) Generally bills payable relates to pay-order (PO). More emphasis should be given to KYC norms. 38 . Inter-office adjustment (NET) For details refer item 7 of PART I. etc. heavy cash deposits and withdrawals. circulated by RO/HO is readily available with the branch. demand draft (DD). Generally interest on deposits is accrued at the last day of the month and is reversed on the first day of the succeeding month. 3. b) Ensure that the details of lost demand drafts. operations in new accounts. 4. Borrowings Generally borrowings are not held or dealt with at the branch level. 7. accrual. b) In case the bill-wise details are not made available and the amount of rebate is material.Rebate on Bills discounted a) Ascertain that the branch has complied with the related accounting policy and necessary accounting has been done in respect of discount received in advance for the un-expired period of the bills outstanding as at the year-end. compounding and payment of interest.Control System And Bank Audit  b) Understand the types of various deposits held by the branch and the salient features of those deposits with reference to the due dates for application. if any.

in respect of premises taken on lease. 9. endorsements & other obligations Obtain the list of un-expired guarantees and letters of credit. Other liabilities . rent. b) In respect of the statutory dues. provident fund. 10.Control System And Bank Audit  8. staff security deposit. De-recognized Interest. etc. etc. Other Liability . b) Obtain suitable representation from the branch about the completeness of the disclosure of such contingent liabilities. In case the list is not made available. staff salaries. Guarantees and acceptances. property tax. professional charges and payments made to the contractors. 2. PART IV: BILLS FOR COLLECTION (CONTRA ITEMS) a) b) Obtain the list of bills /or collection (inward and outward) outstanding as at the Ascertain that age of the outstanding bills and the reasons for old items. PART III: CONTINGENT LIABILITY 1.unrealized interest on NPA a) This account is also referred to as Interest Suspense. year-end and verify the same with the related registers maintained by the branch. etc. Other liabilities — Others a) This could include sundry deposits. report the fact in the audit report. Claims against the Bank not acknowledged as debts a) Generally this includes disputed amounts of lease rent. ensure that proper reporting has been done in the Tax Audit Report. ESI. 39 .. b) Generally the branches are required to maintain subsidiary ledger/register for recording account-wise details of unrealized interest. 1961 in respect of interest on term deposit. etc.Tax deducted at source `Normally tax is deducted at source as per the Income Tax Act. margin money and statutory dues such as deduction of professional tax.

More emphasis should be given to changes 40 . Other income .miscellaneous income a) b) It normally includes locker rent. recovery of godown rent. 4. MT. b) 3. income from bank's In case locker rent is recovered in advance for a year or more. etc.. etc. ensure that the property. computers and other fixed assets held by the branch. furniture and Ensure that proper accounting has been done for the depreciation till the date fixtures. 2. bills for collection and Government business.profit on sale of fixed assets a) b) It normally includes profit or loss (net) on sale of motor vehicle. PART II: EXPENDITURE 1. c) Ascertain that the branch has complied with HO instructions for recognizing penal interest and overdue interest. security charges.commission. rate applied for certain deposit accounts. Interest/discount on advances/bills a) b) Evaluate the overall effectiveness of internal controls through the reports of Ascertain the nature and the extent of revenue leakage detected by the concurrent auditors and other agencies.Control System And Bank Audit  SPECIFIC AUDIT APPROACH FOR MAJOR ITEMS OF PROFIT AND LOSS ACCOUNT PART I: INCOME 1. remittances and transfer of funds through DD. Interest on deposits a) b) Evaluate the overall effectiveness of internal controls through the reports of Obtain copies of applicable interest rate circulars issued by HO and verify the concurrent auditors and other agencies. TT. same is properly apportioned on time period basis or as per the accounting policy advised by HO. of disposal as per the accounting policy framed by the bank. Ensure that the branch has complied with the provisions of Service Tax and other taxes applicable on services. guarantees. Other income . concurrent auditors. Other income . exchange and brokerage a) It normally includes commission/exchange on letters of credit.

At branch level. etc. back-dated renewals. b) In case the lessor has availed loan against the rent payable by the branch ensure that the rent is properly appropriated towards the loan outstanding. etc. special category of deposits. shortterm deposits. In case these items are recorded in the main books. 41 . 2. More emphasis should be given to inter branch transfer of assets and the depreciation thereon.Control System And Bank Audit  in the rates. Salary & allowances to staff a) Generally monthly salary and allowances to staff are processed centrally either at RO or at any other main branches and the related records are also maintained there. Depreciation a) Ensure that the depreciation has been charged as per the rates and the method prescribed in the HO instructions especially with reference to additions and deletions during the year. 3. the staff premises. 6. staff deposits. Electricity a) b) 5. 4. it must be ensured that the branch has properly accounted the payments for the entire year. premature closures. The monthly salary sheets are then passed on to the respective branches and the payment is made by those branches. Printing & stationery Generally HO or any centralised department of the bank ! supplies major stationery items like security items. these items are recorded in the memorandum registers for the purpose of internal control.. tax deduction at source. ensure that the same are properly accounted as per the advices received from the HO. Rent a) Obtain the details of the rented premises used by the branch either for the branch operations or for the officers/managers and the copies of the rent agreements. Obtain the details of connections that are used for the branch premises and for Ensure that the payment is made as per the original bills held by the branch. to the branches. high value deposits. In such a situation.

. Legal charges Ensure that these payments are made on the basis of the bills and other supporting documents. Insurance a) Normally it includes expenditure incurred on insurance of office equipments installed at the branch like computers. 10.Control System And Bank Audit  b) Generally the branches commit mistakes in identifying revenue and capital expenditure. and annual maintenance contracts (AMC) for computers. Obtain the list of telephone connections used in the branch premises and Ensure that the payments are made as per the original bills held by the branch. etc. 8. etc. Postage. More emphasis should be given to the approval/sanction of higher authorities required for making such payments. etc. air conditioners. if any. d) Obtain the details of insurance policies. concurrent audit fees. Repairs & Maintenance Normally it includes expenditure incurred on repairs and maintenance of vehicles. Other expenditure It includes all other expenditure including professional charges. etc.. In case such mistakes are observed during the course of audit. 11. held by the branch. it is advisable to identify the corresponding impact on the depreciation. that is not included in any of the specific heads. 42 . furniture. telegram & telephone a) c) 9. fixtures. premises. as per the policy of the bank. air conditioners. residential premises of the staff. 7.

In view of the significance attached to this item. (g) Latest stock-audit report. if any. (b) Latest correspondence files. (k) Review/Renewal proposal. (d) Latest audited and un-audited financial statements. it is important for the auditor to thoroughly understand the scope of the audit and the reporting requirements. wherever applicable. (f) Latest valuation reports. (e) Quality of credit monitoring. It is advisable to review the following records/documents: (a) Latest sanction letter. It is advisable to standardise the basic format of the scope of audit and also the notes to be prepared by the team at every stage of the verification. (b) Regular submission of stock and book-debt statements. 2. (j) Minutes of consortium meetings. Prudential Norms of RBI and various certificates to be issued. (d) Adequacy of security coverage. QIS/ MSOD and audited and un-audited financial statements. for expired limits. (i) Latest inspection reports.Control System And Bank Audit  AUDIT OF ADVANCES PART I: INTRODUCTION Loans and advances constitute major portion of the assets of any branch and interest thereon is the major source of revenue for any branch. While verifying the advances it is important to keep in mind the requirements of LFAR. It is advisable to cover the following important aspects while verifying advances: (a) Compliance with terms and conditions as per the sanction letter. (h) Legal documents. (c) Adequacy of insurance coverage. wherever applicable. (c) Stock & book-debt statements. recommendations of Ghosh and Jilani Committees. (f) Regular renewal/review of limits. (e) Insurance policies. 43 . PART II: AUDIT PROCEDURE (Account level) 1.

provided the same are thoroughly tested and approved. i) Standard accounts with negative net worth/under BIFR. Valuation of security. income recognition and provisioning. Standard accounts with lowest credit rating Asset classification by the other consortium members. II. Accounts upgraded from NPA category to standard category. it is advisable to state the fact in the relevant return that is to be certified. Reversal of unrealised interest. VERIFICATION OF COMPUTERIZED CLOSING RETURNS a) Presently many of the banks are using customised software for generation of master summary and account-wise report on asset classification. Possibility of window dressing in the account.Control System And Bank Audit  PART III: IMPORTANT ASPECTS OF PRUDENTIAL NORMS While verifying compliance of the prudential norms issued by RBI give more emphasis on: a) b) c) d) e) f) g) h) j) Operations in the accounts of the borrower. SALIENT FEATURES Non-performing Assets : 44 . b) As regards the system generated returns it is important to note that these returns do not substitute the normal audit procedures that are to be performed by the auditor. 1. Potential NPA. These returns only facilitate the audit to certain extent and hence the same must be accepted after performing normal audit procedures. Identification of the date of NPA. c) Generally the system-generated returns contain lot of information that may be relevant only for the purpose of management information. PRUDENTIAL NORMS ON ASSET CLASSIFICATION. INCOME RECOGNITION AND PROVISIONING I. Such software facilitates more accuracy and consistency in compilation of data on prudential norms. As this information is not to be audited.

Control System And Bank Audit 

a) An asset, including a leased asset, becomes non-performing when it ceases to generate income for the bank. In other words, a non-performing asset (NPA) shall be a loan or an advance where; I) Interest and/ or installments of principal remain overdue for a period of more than 90 days in respect of a term loan; II) The account remains 'out of order' as indicated below, in respect of an Overdraft/Cash Credit (OD/CC); III) The bill remains overdue for a period of more than 90 days in the case of bills purchased and discounted; IV) Interest and/or installment of principal remains overdue for two harvest seasons but for a period not exceeding two half years in the case of an advance granted for agricultural purposes; and V) Any amount to be received remains overdue for a period of more than 90 days in respect of other accounts. e) The credit facilities backed by guarantee of the Central Government though overdue may be treated as NPA only when the Government repudiates its guarantee when invoked. f) An account where the regular/ad hoc credit limits have not been reviewed/renewed within 180 days from the due date/ date of ad hoc sanction will be treated as NPA. d) In respect of accounts where there is potential threat of recovery due to erosion in the value of security or no availability of security and existence of other factors, say, fraud committed by the borrower, etc., the account should be classified as doubtful asset or loss asset as appropriate, irrespective of the period for which it remained as NPA. 2. Out of order An account should be treated as 'out of order' if the outstanding balance remains continuously in excess of the sanctioned limit/ drawing power. In cases where the outstanding balance in the principal operating account is less than the sanctioned limit/ drawing power, but there are no credits continuously for 90 days as on the date of Balance Sheet or credits are not enough to cover the interest debited during the same period, these accounts should be treated as 'out of order'.

45

Control System And Bank Audit 

3.

Asset Classification Banks are required to classify non-performing assets into the following three

categories based on the period for which the asset has remained non-performing and the realisability of the dues: a) Sub-standard Assets b) Doubtful Assets c)Loss Assets a) Sub-standard Asset: A sub-standard asset is one, which has remained NPA for a period less than or equal to 18 months. With effect from 31 March 2005, a sub-standard asset would be one, which has remained NPA for a period less than or equal to 12 months. b) Doubtful Asset: A loan classified as doubtful has all the weaknesses inherent in assets that were classified as sub-standard, with the added characteristic that the weaknesses make collection or liquidation in full, on the basis of currently known facts, conditions and values, highly questionable and improbable. An asset is to be classified as doubtful, if it has remained NPA for a period exceeding 18 months. With effect from March 31, 2005, an asset would be classified as doubtful if it remained in the sub-standard category for 12 months. c) Loss Asset: A loss asset is one where the bank or internal or external auditors or the RBI Inspectors have identified loss but the amount has not been written off wholly. In other words, such an asset is considered uncollectible and of such little value that its continuance as a bankable asset is not warranted although there may be some salvage or recovery value. 4. Income Recognition a) If any advance, including bills purchased and discounted, becomes NPA as at the close of any year, interest accrued and credited to income account in the corresponding previous year, should be reversed or provided for if the same is not realised. This will apply to Government guaranteed accounts also. b) In respect of NPA, fees, commission and similar income that have accrued should cease to accrue in the current period and should be reversed or provided for with respect to past periods, if uncollected. 46

Control System And Bank Audit 

c) There is no objection to the banks using their own discretion in debiting interest to an NPA account taking the same to Interest Suspense Account or maintaining only a record of such interest in memorandum accounts. 5. Provisioning Minimum Provision a) Standard Asset: The banks should make a general provision of a minimum of 0.25 per cent on standard assets on global loan portfolio basis. b) Sub-standard Asset: A general provision of 10 per cent on total outstanding should be made without making any allowance for DICGC/ECGC guarantee cover and securities available. The 'unsecured exposures' that are identified as 'substandard' would attract additional provision of 10 per cent, i.e., a total of 20 per cent on the outstanding balance. Unsecured exposure is defined, as an exposure where the realisable value of the security, as assessed by the bank/ approved valuers/Reserve Bank's Inspecting Officers, is not more than 10 per cent, ab-initio, of the outstanding exposure. 'Exposure' shall include all funded and non-funded exposures (including underwriting and similar commitments). c) Doubtful Asset: i) 100 per cent of the extent to which the advance is not covered by the realisable value of the security to which the bank has a valid recourse and the realisable value is estimated on a realistic basis. ii) In respect of the secured portion, provision has to be made on the following basis at the rates ranging from 20 per cent to 100 per cent of the secured portion depending upon the period for which the asset has remained doubtful.

47

provisioning as per the norms. Advances Covered By ECGC In the case of advances guaranteed by ECGC. could be set-off against minimum provisions as per above stated provisioning guidelines. Further. while arriving at the provision required to be made for doubtful assets. The floating provisions. with a minimum of 20 % each year. realisable value of the securities should a) Outstanding in D3 category as on 60 with effect from 31/03/2005 20 More than 1 year but less than 3 years (D2 30 48 . provision should be made only for the balance in excess of the amount guaranteed by ECGC. should be made on the balances after such deduction. wherever available. Amounts lying in the Interest Suspense Account should be deducted from the relative advances and thereafter. banks are urged to voluntarily set apart provisions much above the minimum prudential levels as a desirable practice. Floating Provision Some of the banks make a 'floating provision' over and above the specific provisions made in respect of accounts identified as NPA. 2005. Treatment of Interest Suspense Account Amounts held in Interest Suspense Account should not be reckoned as part of provisions. Considering that higher loan loss provisioning adds to the overall financial strength of the banks and the stability of the financial sector.Control System And Bank Audit  Period for the asset has remained in Provision to be made (%) doubtful category Up to 1 year (Dl category) category) More than 3 years (D3 category) 31/03/2004 50 (as on 31/03/2004) 75 with effect from 31/03/2006 100 with effect from 31/03/2007 b) Classified in D3 category on or after 100 with effect from 31/03/2005 1/04/2004 iii) Banks are permitted to phase the additional provisioning consequent upon the reduction in the transition period from sub-standard to doubtful asset from 18 to 12 months over a four-year period commencing from the year ending March 31.

3. to ensure proper asset classification in their respective books. therefore. arrange to get their share of recovery transferred from the lead bank or get an express consent from the lead bank for the transfer of their share of recovery. the existence of security should be ignored and the asset should be straightaway classified as loss asset. 2. 49 . A loan granted for long duration crops will be treated as NPA. Such NPA may be straightaway classified under doubtful category and provisioning should be made as applicable to doubtful assets. 4. Erosion in the value of security can be reckoned as significant when the realisable value of the security is less than 50 per cent of the value assessed by the bank or accepted by RBI at the time of last inspection. It may be either written off or fully provided for by the bank. Accounts where there is erosion in the value of security i) An NPA need not go through the various stages of classification in cases of serious credit impairment and such assets should be straightaway classified as doubtful or loss asset as appropriate. as assessed by the bank/ approved valuers/RBI is less than 10 per cent of the outstanding in the accounts. ii) If the realisable value of the security. as the case may be. Such loans/advances should be classified as NPA only when there is a default in repayment of installment of principal or payment of interest on the respective due dates. Loans with moratorium for payment of interest In the case of housing loan or similar advances granted to staff members where interest is payable after recovery of principal. if the installment of principal or interest thereon remains overdue for two crop seasons. Agricultural advances A loan granted for short duration crops will be treated as NPA. IMPORTANT ASPECTS 1. if the installment of principal or interest thereon remains overdue for one crop season. The banks participating in the consortium should. Advances under consortium arrangement Asset classification of accounts under consortium should be based on the record of recovery of the individual member banks and other aspects having a bearing on the recoverability of the advances.Control System And Bank Audit  first be deducted from the outstanding balance in respect of the amount guaranteed by ECGC and then provision made. interest need not be considered as overdue from the first quarter onwards.

Control System And Bank Audit  4 TECHNOLOGY IN BANK AUDIT  AUDITING IN COMPUTERISED ENVIRONMENT  SYSTEM AUDIT  USE OF CAAT TOOLS : IDEA 2004 50 .

Is the burden shifted to the system auditor? There is unlikely any professional who will take this stand of shifting the burden to the other auditor. even large co-operative Banks have taken this option. There are a few checks you can do without undergoing intensive training and examination! Please note that the computer system environment referred to here is a minimum of LAN (Local’ Area Network) or even a Core system where the data hub is at a Central Location and the branches/offices are connected to this data hub despite being many cities away. thus. These approaches are general and can be applied to any environment whether LAN Branch or a core banking situation. has to take certain precautions to ensure he gives justice to his work. This delves into the necessity of value added APPROACH to the traditional audit and not solely dependent on the system auditors.Control System And Bank Audit  AUDITING IN COMPUTERISED ENVIRONMENT Technology and its progress has often been linked to progress of civilization. we have noted that the control over inventions like guns and cannons have given certain civilizations the upper hand over the ones they conquered. Even the branch auditor. Apart from the large corporations and multinationals. 51 . From the time man learnt to control fire to the iron and Bronze Age. this sector is not spared from the technical revolution. Progress in Banking is an equal parameter of the cultural development of a civilization and like any other field. which has taken over other sectors. It is not necessary for the inventions and progress to be restricted to the field of military or defence. many Banks.

OPERATING SYSTEM CONTROLS APPLICATION SYSTEM CONTROL 52 . Only if the company has the system can it be loaded without waiting for the vendor's representative. SAFEGUARDING OF ASSETS -UPS Computers require electrical power for working and when the environment is live. many forget to police the access to the operating system. This will enable any person knowing a bit of programming of that language to design trapdoors for fraud and these are later very difficult to identify. You will have to ensure that the company holds the original license for using the operating system software. File copy. Many of the frauds that have already occurred in India would have been prevented only if this access was closely monitored. Ensure whether the original Operating System Media supplied by the vendor is available in the Company. are some potential disasters that are possible unless controlled. we have to ensure it is protected from accidents of fire and water by installation of smoke alarms in the server room and extinguishers outside the server room. ENVIRONMENTAL Apart from protecting the server from bad intentioned SECURITY persons. This is necessary to ensure reloading in case of accidental corruption. the Server should be secure since the software and data is located in this device. The application developed for the company should be encoded and not left in a manner that can be re-programmed by the user. the devices used for communication should be accorded the status of protection of the server. Over here. These machines heat when generating power and if proper ventilation is not provided. 'Prevention is easier than the cure'. Access to the Server room should be restricted and only senior management should permit 'outsiders' like software and hardware vendors to enter the server room. Simple rules of maintenance should also be followed and monitored. deletion even data manipulation (especially under database environments) etc. While all pay attention to the application software access.Control System And Bank Audit  PHYSICAL ACCESS CONTROL In case the site is a LAN. In case of core banking. these UPS will provide service for shorter durations not only compromising the work but also wasting the investment of the company. work comes to a standstill unless power is provided though a UPS (Uninterrupted Power Supply) This has battery bank and is activated immediately when the power fails providing a continuous power without any interruption.

data No. Where software does not control change in password (where not only warnings are given but user is disabled unless the password is changed after specified date) a register has to be shown to you with dates of change of password. Password Change register 3. The corollary of this requirement is to ensure (check) that each user has only one identity in the system otherwise one person will take the identity of the clerk and with a change in short name take another identity of an officer thus effectively compromising the system.Control System And Bank Audit  PASSWORD ACCESS CONTROL AND Password control is the 'logical' access to the computer. This is a simple point often ignored. Ensure there are a minimum of two and a supervisors maximum of three such holders. which is adjusted for locking. The operator operations and thus you as an auditor should ensure that the operator either exits form the system or leaves it at a point where it cannot proceed without a password. 2. entry is made in this register. Password Password is a key to something more valuable than cash . Securing During computer operations especially during service hours. is locked or that the hardware lock of the computer is used. the 'internal control' should be ensured by the system ensuring that the person creating the voucher should not be permitted to authorize the voucher and without authorization. In absence of this register. 2. Password allotment register Discussion on checkpoint When a password is allotted. This is similar to the key register where entries are made at time of giving keys. Securing the The machines should be locked at the end of the day. Authority to give password is to the branch manager and those who hold supervisor password. 53 . Checklist for Audit of Computerized Operations ENVIRONMENT 1. Unlocked computer means any one can start it and the only hurdle after that is the password. Check for 1. Ensure that computers either the furniture. Two to Supervisor password level permits the holder of this password three unlimited access. Poor password maintenance further compounds risk of unlocked computers. The system should have passwords and these should be demanded by the system to changed frequently ensuring that the last password is not accepted. Check here whether the password level is also specified. (not accepting last 12 is the least) Along with this. you do not have evidence that the passwords are changed frequently. it is during not uncommon for the operator to leave his/her seat. no voucher (other than system generated vouchers) should be accepted by the system. Check the systems and procedure only manual of the Bank in case they specify a different figure.

System audit framework Need of Systems Audit: Since computer is so important for survival and progress of any organisation. Verify with date of receipt written on the letter of the account holder. System audit attempts to achieve this objective. It should be the same day. System audit does not deal with the computer system alone but it deals with the audit of the system as a whole. 2. Accounts having chequebook facility (savings/current) require having a specified minimum balance. Audit trail listing cheques out of range Audit trail for date Minimum balance charges Check if chequebooks issued are updated to the customer's master on the same and a record of the same is maintained. It is felt necessary because a computer system is an integral part of the total business system.Control System And Bank Audit  Cheque related transactions No. Ensure that stop payment instructions are updated immediately on receipt of the instruction. it is necessary to have suitable controls and regular checks on Computer Resources and Data Processing Activities. Check for Discussion on checkpoint 1. It is particularly relevant for our country because we have a business environment. Ensure minimum balance charges are levied in case the balance falls below the minimum level. this information is asked in the 'parameter' file and thus the charges are correctly levied either every month or every quarter. In good systems. System audit attempts to link computer systems and manual systems in the overall system. 3. Audit trail will give date of entry of such a stop payment. which is combination of computer system and manual system. 54 .

nature of these internal controls and their implementation may vary widely in Manual System and Computerised System. Achievement of Organisational Goals and Efficient Consumption of Resources within the Organisation. must have some internal controls. Manual System Any system. They reduce possible losses by reducing probabilities of component failure and also by reducing the amount of losses. if component fails at all. However. A systems auditor should assess the following controls: 55 . for the following factors: a) Separation of duties b)Authority and responsibility c) Dependable and skilled personnel d) Authorisation e) Availability of documents and records f) Custody of assets and records g)Management by supervisio h)Verification of performance Assessment of Controls : In any system. Auditor's task in a computerised system is complex because number and range of controls are increased. These internal controls ensure Asset Safeguarding.Control System And Bank Audit  OBJECTIVES OF SYSTEMS AUDIT The basic objectives of Systems Audit are to ensure: a) The assets are safeguarded in the system b) Data integrity is maintained throughout the system c) Organisational goals are effectively achieved by the system d) Resources in the system are being consumed efficiently Computer System Vs. controls play a very important role. manual or computerised. Data Integrity.

g.Control System And Bank Audit  CONTROL a) Authenticity b) Accuracy c) Completes d) Redundancy e) Privacy f) Audit Trail g) Existences Safeguarding h) Effectiveness CONTROL FUNCTIONS To ensure correct identification of objects (e. accidental Or unauthorised disclosure of data To ensure safe keeping of log of all activities in chronological order To ensure availability of all system resources at all the time 56 . programs) by the system To ensure correctness of data and accurate processing in the system To ensure protection against missing data or incomplete processing To ensure protection against entering or processing same data more than once To ensure protection against careless. the users.

This tool is mostly used by the external auditors who confront various computer environments of diverse characteristics. This enables the auditors to assess the quality of records in the system. Various tools and techniques are available to assist the auditors to collect evidences.Control System And Bank Audit  To ensure achievement of goal of a system Effectively i) Efficiently To ensure optimum utilisation of resources by the system for achievement of its goal TOOLS AND TECHNIQUES For evaluation of the computerised system. auditors must know the technique best suitable for a particular computerised system. • • • • Generalised Audit Software Other Audit Softwares Concurrent Audit Techniques Manual Techniques By using generalised audit softwares auditors can gain access to the data maintained in computer media. Following functions are available in generalised audit softwares: • • • • • • • File Access File reorganisation Selection Arithmetic Stratification and frequency analysis File creation and updating Reporting By carefully combining the above functional capabilities. the following audit tasks can be accomplished: i) Examination of the quality of data ii) Examination of the quality of system processing 57 . Out of the following tools and techniques. auditors must collect evidences.

users must select the same with lot of care. against additional payments. Although the price of these softwares are low. 58 . Finally.Control System And Bank Audit  iii) Examination of the existence of the entities the data purports to represent iv) Analytical review Limitations of Generalised Audit Softwares The limitations of generalised audit softwares may be listed as under : • • • It is suitable for ex-post auditing only It has very limited capability to verify processing logic which may. as selection of wrong one may cause ongoing opportunity costs due to lack of effectiveness and efficiency of auditing. Some of them may offer certain optional modules like interfaces to different database management systems. however. there may be some ongoing license fee. be overcome by parallel simulation. It has limited capability to determine the system's ability to cope with Change -Purchase of Generalised Audit Software: • Most of the generalised audit softwares cost around $2000.

logic. documentation and so on). With suitable utility software. PC/ FOCAUDIT. therefore. necessary to develop spreadsheet audit softwares to test the spreadsheet model independently (e. iii) System Software Auditors may decide to make use of system software utilities for the following reasons : Generalised audit software may not be available Functions of generalised audit Generalised audit software may not be efficient (i. absolute value. Other softwares. all parameter values. PANAUDIT Plus Workstation. APPLAUD-Audit. many systems auditors are using micro-computers and fourth generation languages.e. Other Softwares : Apart from generalised audit software there are some. CARS.g. IDEA. and so on. they may download a copy of the data required. PROSPECTOR. all spreadsheet packages cannot be accessed by the spreadsheet audit software. it may consume more resources software may be limited than acceptable) . However. which may be used by auditors for the purpose of evidence collection: i) ii) iii) iv) vi) Spreadsheet Audit Software High-level Languages System Software Specialised Audit Software Decision Support Software i) Spreadsheet Audit Software Several organisations incurred huge losses due to decisions based on erroneous spreadsheet models. It was.Utility softwares may present the data produced by one machine in suitable form for use of the same by another machine 59 . data may be manipulated as desired and reports may be prepared. With the help of currently available highly powerful statistical packages.Control System And Bank Audit  Some of the commonly used generalised audit software are: ACL Plus. ii) High-level Languages Recently.

However. maintenance of library may not be always practicable. There may be two ways for collection of audit evidences: i) A special audit module may be embedded in system software or application systems to collect. hash total approach or test data approach to ensure that the software was not modified unauthorisedly. process and print audit evidences. However. This increases confidence level of the auditors. the auditors may decide where they should concentrate for evidence collection efforts. In such case. to enable the auditors to examine this evidence at a later stage. Thereafter. The audit software must be protected against unauthorised modification. groups of internal and external auditors are now engaged in developing libraries of specialised audit software mainly for the following reasons: Alternative software may not be available Functions of the alternative software may be limited Alternative softwares may not run efficiently Auditors may understand the system better in course of development of a specialised software Once auditors develop their own software. By undertaking sensitivity analysis with the software. The techniques developed to achieve this objective is known as concurrent auditing techniques. Independently controlled library may be a good protection against such hazard. Specialised audit softwares are costlier than generalised ones. they are no longer dependent on others. . 60 . Control of Audit Software The independence of audit is preserved only when auditors have full control over the audit software. However.Control System And Bank Audit  iv) Specialised Audit Software Specialised audit software is developed keeping a specific audit tasks in view. at times they need to identify the problems in the computerised system by collecting evidences at the same time when processing occurs. v) Decision Support Software Decision support software may assist auditors to take decision regarding evidence collection and evidence evaluation. use of such software is not widespread. internal control points critical to overall reliability of the system may be determined. Concurrent Auditing Although most of the time auditors collect evidences and evaluate them much after the occurrence of the events. auditors may adopt blueprint approach. ii) Special audit records may be stored on application system files or on a separate audit file.

Control System And Bank Audit  It must be clear that although the evidence collection should be concurrent with processing. called SCARF master file. The auditors examine this information from time to time. Audit software modules are embedded within a host application system. The following types of information may be captured by SCARF: • • • Application System Errors Policy and Procedural Variances System Exceptions 61 . evidences can be collected to enable the auditors to examine such evidences at a later stage. By embedding audit routines and records into application systems. In such a system. A snapshot transaction is first tagged by the auditors to enable the software routine to identify on which transaction the audit trail will be printed. erroneous update process in one sub-system may cause whole lot of wrong processing for other sub-systems. Concurrent auditing techniques are felt necessary for the following purposes: • • • Continuous Monitoring Difficulties of Performing Walkthroughs Presence of Entropy in the System In advanced systems. In case a critical error is identified. resulting in incorrect decisions and heavy losses. by using software routines which are embedded at different points in the application system. which monitor the system's transactions continuously. subsystems may be tightly coupled by sharing the same database. reports indicating errors may be generated immediately by embedded audit routines. This enables auditors to review the contents of computer memory as transactions are processed. The information collected are written on to a special file. a part of computer memory can be printed out to show the data upon which a decision is made. the timing of reporting may be done later. ii) System Control Audit Review File (SCARF) SCARF is the most complex concurrent auditing technique. The following techniques are available for concurrent auditing: i) Snapshots/Extended Records ii) System Control Audit Review File (SCARF) iii) Continuous and Intermittent Simulation (CIS) i) Snapshots/Extended Records By using this technique. Before-image and after-image pictures are taken when a transaction flows through the system.

Control System And Bank Audit  • • • Statistical Samples Snapshots and Extended Records Performance Measurement The auditors should determine the structure of the SCARF reporting system based on the following decisions: • • • How the SCARF file will be updated Sort codes and report formats to be used The timing of report preparation This is a variation of SCARF technique. Identification of critical system within the organisation may be possible by interviewing the controller. clerks may indicate certain problems regarding data submission. iii) Continuous and Intermittent Simulation (CIS) 62 . if any fraud is discovered. There are three major manual techniques i) Interviews ii) Questionnaires iii) Control Flowcharts i) Interviews Auditors may interview various people for various reasons. Analysts may be interviewed for having a better understanding of functions and controls within the system. CIS may either prevent updation of the database or note the exception and allow continuation of the processing. When interviewed. to detect any discrepancy. Manual Techniques: Apart from Computer Assisted Audit Techniques. which instead of embedding the audit program in the application system involves modification of the database management system used by the application system. By interviewing operators. personnel may be interviewed for zeroing in the person who perpetrated the fraud. If discrepancy exists. Users of the system may provide feedback regarding impact of the system on quality of their working life. If decided so. CIS can replicate application system processing on the line of parallel simulation program. When database management system is invoked by the application system. evidences can also be collected manually as always done in a manual system. Manual techniques are suitable for evaluation of management controls in particular. Exceptions are noted by CIS in a log file for further action by the auditors. auditors may be able to identify abnormal consumption of resources at the time of system run. Finally. CIS decides whether to examine the transaction further.

Finally. and for communication regarding their understanding of the system with others. may be responded in seven-point scale (i. nature of information sought and administration of the questionnaire. If many questionnaires are available. Used to show the controls exercised internally to a program. or certain piece of information like make of a machine. If factual questions are asked. how to use it and what the responses mean. iii) Control Flowcharts Control flowcharts indicate controls existing in the system and also the locations of such controls. questionnaires are used to evaluate controls within systems. Auditors should know when to use the questionnaire. say system effectiveness. auditors must be able to evaluate the need and choose the best one suitable for the purpose.Control System And Bank Audit  ii) Questionnaires: Traditionally. The response scale chosen usually depends on the nature of question asked. auditors should know how the questionnaire responses and scores should be interpreted. Used to show the controls exercised at the physical or resource level in a system. If auditors themselves are to complete the questionnaire. Types of Flowcharts Document Flowchart Data Flow Diagram Flowchart Program Flowchart Purpose Used to show controls over the flow of documents through the manual components of a computer system. may be inserted. Certain questions. which increases the likelihood of errors.e. 63 . strengths and weaknesses of controls. response may be checked in form of 'yes' or 'no'. Used to show the controls exercised over the data flows through a system. Auditors may use them for better understanding of the system and controls in the system. Questionnaires should never be administered in hurry. they should be trained to fill it up. from 'low' to 'high'). Major aspects of questionnaire design are: Design of the questions Design of the response scale Design of the layout and structure of the questionnaire Design of questions should depend on the respondent group.

You can re-run all the tasks conducted on a file by converting the history into an IDEAScript. Manufacturing and Retail Sector with audit locations spread across the country have used automated audit routines to not only assure standard audit performance but also reduce the travel cost of auditors and improve quality of audit time at locations. The product was also transferred to professionals from "Caseware" whose single focus was to provide cutting edge business intelligence software for accountants and auditors. 64 . debug mode and dialog editor. IDEA Script has significantly enhanced features with over 400 methods and tools including a language browser.Interactive Data Extraction and Analysis is a data analysis software developed by a team of the Canadian Institute of Chartered Accountants and Auditors General of Canada in the mid eighties. allows the development of almost any type of application. IDEA pioneered the use of the intuitive graphical interfaces. the DOS version was changed into the user-friendly Windows platform. a Visual BASIC compatible programming language. Number of auditors in Insurance. users can incorporate all of the objects from Visual Basic into their scripts. Automate Audit Routines IDEA Script. or put into your Windows Scheduling tasks to run a script on a specific time or run it repetitively at regular intervals. Since IDEAScript is compatible with Visual Basic. wizards.Control System And Bank Audit  Use of CAAT Tools-Idea 2004: Some Advance Features IDEA .with the DOS version making way for the GUI based Windows technology. IDEA has seen several versions since inception . HTML Help and guides to execute tasks in audit tools. and you can run it against another file. as well as comprehensive context sensitive help. An example usable in any industry is given in the Exhibit IDEA Scripts can be compiled and run from Windows Explorer. IDEAScript can be generated by the Record mode or by converting the history (log) into an IDEAScript. Banking. Using core windows technology. enriched with IDEA'S functionality. You can also customize it in order to interact with the user.

Control System And Bank Audit  Implement Benford's Law Bedford’s Law is a method of analysis within "Digital Analysis". 65 . This procedure helps to identify 'irregularities' in a data range. irregularities are defined as numbers. In this context. It is a Exhibit: Screenshots from automated routines procedure. which. which analyses digits in numerical data.

9 6 6. may have been created through the (systematic) manipulation of data. ODBC.8 8 5. Wide Range of data access IDEA can natively read time fields from Excel.7 7 5. three first. Items that are beyond the bounds established need to be analysed for possible irregularities.6 IDEA allows the user to analyze simultaneously the first. 66 . An 'irregularity' is measured based on the scale of digit distribution in a 'natural' population corresponding to the empirical legalities of Bedford’s Law.1 2 17.1 9 4.Control System And Bank Audit  for example.5 4 9. Access. Frequency % 1 30. The first digit frequency is given in the table: Exhibit: 1st digit frequency First Digit .7 5 7. and the second digits. and all other file formats. An illustrative exhibit as run in a retail supermarket on collections on different cash tills is shown in the graph. two first.6 3 12.

Greater analysis capabilities .Search and Action Fields One can search for text or numeric values across selected fields in multiple databases. 67 . QuickBooks. Sage. New import components are constantly under development.Control System And Bank Audit       IDEA provides Import components in order to import Small and Mid-Size Accounting packages like Simply Accounting. and many more. Smart Stream. using standard search functionality like case sensitivity and whole word plus advanced techniques such as using Boolean expressions. create an action field on "Customer Number" in a customer database to link to related invoices. Search is a powerful tool for fraud detection. multiple characters and proximity. for example. Action field type allows you to set up relationships across multiple files. ACC-PAC. Great Plains. wildcards.

Control System And Bank Audit  5 FRAUD DETECTION  COMPUTERISED BANKING ENVIRONMENT  ALERT SIGNALS  WINDOW OF OPPORTUNITY  OCCURRENCE OF FRAUDS  FRAUD PREVENTIVE MEASURES 68 .

over dependence on the staff of computer vendors and laxity coupled with lack of IT knowledge paved way for occurrence of frauds. Computerised Banking Environment: The basic purpose of computerising and mechanisation of more and more business is to contain the occurrence of frauds due to manual intervention. monitoring system generated entries. In a most common modus operandi of committing the fraud the fraudster studies the procedures and processes adopted by a commercial entity for putting financial and funds transactions. O At the time of half-yearly crediting of interest in the huge operative savings bank account. internal audit has an advantage over the external audit in the sense that it has an understanding of how the system works so as to initiate quick steps. O Even after years of computerisation. besides improving overall efficiency for ensuring better customer service. 69 . printing of reports. are not performed as per the laid down guidelines. Fraud is considered as a white-collar crime.Control System And Bank Audit  FRAUD DETECTION AND AUDIT IN BANKS Vigilance and Fraud share a peculiar relationship. O Misappropriation of cash received at Single Window counter due to the absence of scroll/control mechanism. Maladies in any organisation are more due to non-adherence of internal control mechanism rather than the absence of it. ascertains the loopholes in the systems and then exploits it to the advantage in such a way that it does not come to light immediately. substantial amount may be credited by inflating interest paid on deposit account by erasing genuine debits/fraudulent credits in the relative accounts. normally. there is no limit as to how bad things can get. In the matter of preventing fraud. A vigilant internal audit team would be able to bring in the requisite transparency and through this. important functions like password secrecy. etc. it is only a question of time before it is detected. Some of the frauds and the modus operandi of the same are summarized below: O Significant exposure of the banking activities to the employee of a software vendor. exceptional reporting. However. In the case of frauds in the financial sector. Whichever works faster and better makes the difference. Internal audit would be privy to the dynamics of decision-making and the process behind them in an organization. maintenance. checking of the output/reports. while later is providing the maintenance service. proper accountability. But.

if not brought to nil. data before it becomes too late for any action. and it is better to capture and catch them so that at least the impact is minimized.. With long queues and rush indiscipline. Window of opportunity for perpetration of fraud In banking sector. • Creation/storage of surrogate specimen signatures in some of the benami/fraudster's/collat-eral security in the system with an intention to pass fraudulent financial transactions. It is a common knowledge that no fraud can take place without a window of opportunity for the same. Branch Audit. Some such signals are detailed herein below: • Scrutinise various reports such as Internal Inspection. • Non-rotation of jobs and some gaining roots in to the functioning of certain business oriented functional departments. there is a tendency to overlook certain procedural aspects and overall control systems get automatically relaxed. Long Form Audit. immediately • Deep probing of any abnormality of movement. Concurrent Audit. etc. 70 . (2) Customers and (3) outsiders or strangers. not fully appreciating the attendant vulnerabilities. ordinary bank employees and customers are under the impression that mere computerisation is sufficient security. transactions. • No individual is bigger than the institution and while keeping faith on people working on the systems there should be no.Control System And Bank Audit  Alert Signals Normally certain alert signals are thrown by the system if the environment is fraud-prone. • With large scale of computerisation. have to handle huge rush of customers during the first week or 10 days in a month. Statutory Audit. frauds are perpetrated basically by three classes of people: (1) Employees. meant to throw light on the weakness in the system and vulnerable areas and ensure that the shortcomings are duly attended to/rectified. relaxation and compromise on the systems and procedures. Supervisory/Regulatory inspection. particularly the public sector ones. • Banks. Let us examine the window of opportunity and the environment because of which fraud takes place in banks.

• Entertaining accommodation of Bill of Exchange transactions and wrongful encashment of loan proceeds through unauthorised withdrawal. In the past one and a half decade. demand draft. • Encashment of forged/ stolen instruments such as cheque. M S Shoes. • Allowing frequent overdrawing in the current or operative limits and not reporting to the higher authorities and not getting it regularised. etc. India has seen a number of scams relating to financial deal in general and capital market in particular as could be noticed from the alleged deals of Harshad Mehta. • Release of the securities in an unauthorised manner before ensuring liquidation of direct or indirect liability of a borrower/guarantor. Ketan Parekh. Improper appraiser of Jewels pledged to banks with the connivance of the Jewel Appraiser. CRB. database systems. Occurrence of frauds: Some of the large value frauds that occurred in Indian banking environment revealed that the following led to the occurrence of frauds. Credit Advice etc.Control System And Bank Audit  • Gaining access to operating systems. • • • Many frauds come to light only when the customer concerned brings the same to the notice of the bank. • Availing loans on the strength of forged documents/title deeds • After availing loans. application software by unauthorised persons would make a number of business and administrative areas fraud-prone. • Opening fictitious account for crediting proceeds of forged/unauthorised cheque for withdrawal immediately. 71 . the proceeds of the asset procured out of the loan not being deposited back to the bank or being routed through other banks for siphoning the funds. Pigmy/daily deposit collectors from small vendors and household sectors for the reason that the control exercised by banks on these is not adequate.

Law by itself cannot put a full stop to corruption and fraud. 'logical access controls' and environment controls. Proper verification is required • Implementation of segregation of duties. etc. However. roles and responsibilities in the computerised environment. legal audit. perpetration of fraud in computerised environment happens mainly by breaking any one or more or all of these Access Control Mechanisms. If the amount of the alleged fraud ranges between Rs. This is because. cases of fraud of the value of below Rs 1.Control System And Bank Audit  Fraud preventive measures Proper security in the computer systems can be achieved by exercising series of regulations such as 'physical access controls'. Bangalore and Kolkata would handle information/compliance of amount of alleged bank frauds in excess of Rs. Other cases would be referred to CBI The Banking Securities and Fraud Cell at Delhi. 5 crore. According to the prevailing guidelines. the information would be handled/investigated by the branch of CBI having territorial jurisdiction over the area. current asset audit should invariably be completed with different set of people. four-eye principle should be adopted. reference of such cases to Central Bureau of Investigation (CBI) would be necessary only if a bank official is suspected to be involved. Job rotation among the staff and availment of leave by the employees should be ensured. • • • Checking and balancing of books should never be entrusted to the same person at any point of time. • No one should have complete access to the entire operating cycle of any financial transactions and it should necessary pass through more than two or three officials. That is. Stipulated audit exercises such as credit audit. • • Full adherence to all the security and control standards prescribed. Conclusion: In the words of Mahatma Gandhi. Newly opened accounts needs to be put under close watch for any unusual and large volume of transactions. 1 crore to Rs. stock audit. 5 crore. Branches should be careful while issuing chequebooks on the basis of authorisation letters to avoid fraudulent usage of the same. but not for one's greed. there is enough in the world for every one's need..00 cr would be handed over to the local police. 72 . Mumbai.

Control System And Bank Audit  6 TAX AUDIT  AUDIT REPORT AND FORMAT  CLAUSES 73 .

pertaining to quantitative details of goods in case of trading concerns Clause .29 .25 .28 . This topic focuses on various issues involved in the Tax Audit of Bank Branches.7. are required to get their accounts audited from a Chartered Accountant.10 . 40 lacs during a financial year.pertaining to details of deductions admissible under chapter VIA Clause . etc. This audit is generally known as "Tax Audit". Of these.pertaining to details of amount borrowed on hundi Clause . address.pertaining to amounts deemed to be profits u/s 33AB etc. Clause-19. the entities. as follows: Clause .pertaining to details of tax on distributed pro fits u/s 115O 74 . 33ABA. the auditor expresses his opinion on the correctness of the particulars given in Form3CD.pertaining to a firm or AOP Clause .12 . Since generally the gross receipts of all the banks exceed Rs. Clause .pertaining to valuation of closing stock Clause-15-pertaining to amounts admissible under section 33AB. Form 3CD Part A It consists of 6 clauses relating to name.pertaining to profit on presumptive basis Clause . are generally appointed to carry out the tax audit assignment in respect thereof and submit their report in the prescribed format. etc. which are generally not applicable at the branch level. PartB It consists of 26 clauses. the statutory auditors of all the branches of such banks which are under audit. Audit Report & Format Form 3CA In this form. there are about 12 clauses.23 .Control System And Bank Audit  Issues in Tax Audit of Bank Branches Under section 44AB of the Income Tax Act.26 . which are all selfexplanatory.40 lacs during a previous year.pertaining to brought forward loss or depreciation allowance Clause . whose turnover or gross receipts exceed Rs.

Generally. The auditor. i. there are no items to be reported under this clause. In sub-clause (b). Hence. safe deposit vault rent. commission.31 . The method of accounting employed in the previous year refers to cash or mercantile system of accounting.e. the details of opening balance as per Income Tax Act are not available at the branch level. etc. commission & contribution to provident fund Sub-clause (a) regarding certain Payments to employees are generally not applicable at branch level. amount deducted. (e) and (f) have to be filled up at the head office level only. Clause-13: Amounts not credited to Profit & Loss account Generally. cash or mercantile and not a change in accounting policy. 75 . may state that as the details are not maintained at branch level the same are not filled in here. What is to be reported in clause 11 (b) is change in accounting method. exchange. due date and actual date of remittance. Clause-17: Details of expenses debited to P & L account that may be disallowed There are sub-clauses under clause 17.30 . the particulars of amount deducted by the branch from salary of staff members towards employees' contribution to Provident Fund has to be given. information required in sub-clause (a). (b). leave encashment benefits.pertaining to accounting ratios some of the clauses that need to be attended to are as follows: Clause—11: Method of accounting Though the banks generally follow mercantile system of accounting. therefore. with details such as date of deduction. Sub-clause (a) is regarding capital expenditure debited to Profit & Loss account. Normal principles differentiating between capital and revenue expenditure should be applied while reporting under this clause. fixed assets are controlled by the head office of the bank. Clause-16 Particulars of bonus. at the branch level.pertaining to cost audit Clause . 1944 Clause-32. Clause—14: Particulars of depreciation allowable Generally the only details provided by the branch are in sub-clause (d) regarding additions/ deductions during the year. there are a number of items in the bank which may be on cash basis income on NPA accounts. (c).pertaining to audit under Central Excise Act.Control System And Bank Audit  Clause . Thus.

000/-incurred otherwise than by way of crossed cheque or crossed bank draft. and deposit it with the Central Government within the stipulated period. These personal expenses exclude those which are payable to the employee under contractual obligation. etc. such payments are never made in cash. computers. modifications and improvements to existing assets are revenue in nature and need not be capitalized for e. re-polishing etc. professional fees. etc. which are for business development are not covered by this clause. medical aid. paid under contractual obligation should not be reported here. rent.g.is not applicable to banking company. LFC. Generally. cell phones are of capital nature and need to be capitalised. interior decorators for this purpose are considered revenue expenditure nature. leave encashment. etc.20. On the other hand. including the professional fees paid to architect. Expenses incurred in respect of service organisations like Bankers club. maintenance. Thus. Sub-clause (d) refers to expenditure incurred at clubs. re-wiring of branch. replacements. Sub-clause (b) is regarding expenditure of personal nature debited to profit and loss account. printers. Sub-clause (h) refers to expenditure exceeding Rs. re-flooring. Giants. 20. Petty items like calculators. Clause~21: Deductions requiring actual payment under section 43B Certain types of expenditure like tax. Lions. Clause-20: Profit chargeable to tax under section 41 Bad debts written off in the previous years and now recovered get covered under this clause. Clause-27: Delay in deposit of TDS Generally. etc. cess. interest provision on any loan or borrowing from any financial institution/ cor poration is allowed as deduction. telephone bill of residence. in a bank. payable under any law are allowed as a deduction in computing the total income only in the year in which it is actually paid.. are not of durable nature and should be treated as revenue expenditure. only if it is actually paid. All such expenses. briefcases. which is inadmissible under section 40A(3) read with rule 6DD. fire extinguisher. electric fans. etc. Rotary.Control System And Bank Audit  Items like new fire or security alarms. duty. interest on deposits.000/. 76 . payment to contractors. banks have to deduct tax at source from payment of salaries. all repairs. re-painting. Jaycees. Similarly. fees. Clause-24: Acceptance/repayment of deposits in cash exceeding specified limits Sub-clause (a) relating to acceptance of loan or deposit exceeding Rs.

Control System And Bank Audit  7 CONCURRENT AUDIT  SCOPE  ITEMS OF COVERAGE 77 .

This will include verification of relevant documents and authorization. major expenses incurred by cash payments and high value cash receipts and disbursements. d) Verification of procedure and documentation for opening new current. the following areas are covered by these guidelines: a) . savings. CC Accounts. statutory returns. Scope of Concurrent Audit: The guidelines issued by the RBI cover all the important areas of activities of the branch. Broadly stated. Similarly. verifying the authenticity of the transaction/activity on a regular basis so that any deviation from the laid down procedures can be noticed in the shortest possible time and remedial action can be taken. Most banks have prepared an Audit Manual for this purpose. If there are any unusual operations in these new accounts the same should be examined thoroughly and unusual-features should be reported. c) Physical verification of investments and verification of rates at which transactions are entered into. 78 . Returns. etc) Verification of statements. e) f) Verification of Advances-Overdrafts. H. devolvement. Over dues. is an audit or verification of transactions or activities of an organization concurrently as the transaction/activity takes place.C. It is not a pre-audit. examination of capital expenditure on purchase of capital assets as well as sales of such assets. and L. Bills Purchase. and compliance with requirements of government business (collection of tax and disbursements).. which is under concurrent audit. The concept in this audit is to verify the authenticity of the transaction/activity within the shortest possible time after the same takes place. as the name suggests. securities. calculation of capital adequacy ratio.Control System And Bank Audit  Concurrent Audit Concurrent audit. etc. other than the person involved in the operations. Term Loans. term deposit accounts./Guarantee. L. It is akin to internal audit which is a concept recognized under the Companies Act with the view of the complexities of economic activities it is now well recognized that there must be a system of someone.C.Daily cash transactions with particular reference to any abnormal receipts and payments. This include currency chest transactions. TOD. b) Purchase and sale of shares. Guarantees.O.

3. Proper accounting of currency chest transactions. Check whether inward/outward remittance have been correctly accounted for. its prompt reporting to the RBI. III. delivery of scripts. III. III. Check new accounts opened particularly current accounts. . Ensure that in respect of purchase and sale of securities the branch has acted within its delegated power having regard to its HO instructions. Daily cash transactions with particular reference to any abnormal receipts and payments. and compliance thereto. Ensure that the branch is complying with the RBI/HO guidelines regarding BRs. Ensure that the sale or purchase transactions are done at rates beneficial to the (C) Deposits I. LFAR relating to branch. 2.Check foreign bills negotiated under letters of credit. IV. 4. Operations in new Current/SB accounts may be verified in the initial periods to see whether there are any unusual operations. h) Whether clients' complaints are dealt with promptly. (D) Foreign Exchange transactions 1. documentation and accounting. SUGGESTED ITEMS OF COVERAGE: (A) Cash I. II. SQL forms. II.Control System And Bank Audit  g) Study of RBI and internal inspection reports. Ensure that the securities held in the books of the branch are physically held by it. Proper accounting of inward and outward cash remittances. Percentage check of interest paid on deposits may be made including calculation of Interest on large deposits. Check the transactions about deposits received and repaid. II. etc. Examine extension and cancellation of forward contracts for purchase and sale 79 Bank. (B) Investment I. statutory auditor's report. IV.Check FCNR and other non-resident accounts whether the debits and credits are permissible under rules. Expenses incurred by cash payment involving sizeable amount.

6. 5. 7. Ensure adherence to the guidelines issued by RBI/HO of the bank about dealing room operations.Ensure verification/reconciliation of Nostro and Vostro a/c transactions/balances.Control System And Bank Audit  of foreign currency. Ensure that they are duly authorized and necessary charges have been recovered. 8. 80 . Ensure that balances in Nostro accounts in different foreign currencies are within the limit as prescribed by the bank.Ensure that the over bought/oversold position maintained in different currencies is reasonable taking into account the foreign exchange operations.

Control System And Bank Audit  8 FOREX AUDIT     FOREX MARKET PRODUCTS NUTS AND BOLTS NOSTRO/VOSTRO CORPORATE GOVERNANCE 81 .

counterparty confirmations empanelment and ethical conduct of brokers. trade and exchange control.A challenging task Internal audit in banks and financial institutions is one area wherein there are numerous challenges emerging from the liberalisation in areas viz. settlement of funds. Nostro/Vostro . Mid office has also to play a due role in scrutiny of exchange control and other compliances and risk management functions. .Monitoring and Control To put through the transactions the banks have accounts in foreign currencies with other banks. Forex Audit . Such accounts are known as nostro accounts. experience and skill of persons in handling derivative products. The exchange control require a close monitoring of the funds flow in vostro so as to ensure transactions as permitted in the control and funding in lines with agency agreement/ volume of business.Nuts and Bolts The auditor in work situation has to give special attention to operations. documentation and supporting evidences. segregation of function of front and backup/accounting functionaries. economic. 82 . With it the philosophy of autonomy in management in general and forex management in special had been in process of shaping and stabilization. financial. infrastructure. Reconciliation of nostro and agewise analysis of unreconciled transactions is an essential control function. internal control..Control System And Bank Audit  AUDIT OF FOREX OPERATIONS.. The rupee account of overseas correspondent bank maintained by the bank in India is known as "Vostro" (Rupee) accounts.

Delegated authorities are documented and communicated. the following: • • • • • Governance processes that directly affect control such as establishing policies. Management process such as risk identification and assessment. Monitoring and learning processes such as continuous improvement and internal audit. strategic planning and communication. the Board of Directors consider among other things. Setting and implementation of compliance standards. 83 . plans and ethical values.Control System And Bank Audit  Corporate Governance and Internal Controls In establishing a system of internal control.

Control System And Bank Audit  9 STATUTORY AUDIT OF BANK TREASURY     TYPES OF TRADE CRR & SLR EVALUATION OF INTERNAL EDP CONTROL 84 .

Control System And Bank Audit  Statutory Audit Of Bank Treasury Audit of an integrated treasury is a complex task requiring high level of skills. interest rates will fall) is an example of a proprietary trade in the domestic market. at the close of business on any business day. be less than 25% of its 'Demand and Time Liabilities' in India as on the last Friday of the second preceding fortnight. The forex market is considered an over the counter (OTC) or Inter bank market. Buying US dollars and selling Japanese Yen is a cross-currency trade to profit from US dollar appreciation..02. Over-the-counter (OTC): Deals are struck with counter parties on phone and the same is later confirmed in writing. SLR: Recognising the need to maintain the confidence of the public in the banking system. Forex trading is not centralized on an exchange. Types of trades: Customer trades: These are deals between the bank and its customers. knowledge of market practices and the relevant regulatory environment.00 to the customer. the Banking Regulation Act stipulates that every bank shall maintain in cash. This paper makes an attempt to highlight the products and market practices in vogue. The profit or loss to the bank is the spread between its inter-bank buying rate and the selling rate to the customer. They could be in the domestic or overseas market. Proprietary trades: These are trades by the bank for its own account. Buying G-Sec for trading portfolio. gold or unencumbered approved securities. Channels: Transactions could be directly with a counter party or through an intermediary. For example. since transactions are conducted between two counter parties over the telephone or via an electronic network. as in the case of stocks and futures markets. 85 . a customer may place an order to buy USD 100.000. making a profit of Re.0. Treasury income constitutes a significant portion of a bank's income. predominantly in foreign exchange. many a time equal to the entire income received from advances and the extensive branch network of banks. involving intermediation fees. which an auditor of an integrated bank treasury operation will have to be aware of. The Bank buys @ Rs.48. an amount which shall not. Proprietary trades are done in the inter bank market.47. in the expectation that price will go up (i.e.98 in the market and sells @ Rs.

complete trail of all back end changes made are a must. It is important that operations of a treasury are effectively segregated among: Front office: Dealing in the financial markets for lending and borrowing funds. controls in place to prevent unauthorized usage of files. This calls for strict controls in such an environment. Robust software covering the entire gamut of functionality required for smooth functioning of treasury. exception reports. delivery. Evaluation of internal control: The existence of an effective system of internal control is a sine qua non for efficient treasury operations. well documented user and technical manuals. • An audit of Treasury includes an audit of all the three offices. audit trails in the software.Control System And Bank Audit  CRR: Cash reserve by way of balance in a current account with RBI or by way of net balance in current accounts a sum equivalent to 5% of its 'Demand and Time Liabilities' in India as on the last Friday of the second preceding fortnight to be maintained by every bank. accounting. Back office: Settlement. business continuity and disaster recovery plans. EDP controls (AAS 29): The extent of computerization is usually extensive in treasuries. custody and reconciliation Mid office: Risk monitoring and control. 86 . buying and selling in financial instruments. a proper security environment. start/end-of-the day process. systems. etc.

Control System And Bank Audit  10 LIST OF RBI CIRCULARS/GUIDANCE/DIRECTIVES RELEVANT FOR BANK AUDIT: S. 11. DBOD NO DIR. Dematerialization of banks' investment in equity.NO.001/2004-05 dated 27/8/2004 DBOD NO DIR.BC.BP.DIR.001/2004-05 DBOD.07. 040141/2004-2005 dated 2/9/2004 2. Circular No/Date 1.No.0 3.0 1.Prudential Norms on Capital Adequacy. DBS.37/21. DEOD NO DIRBC.BC.05/2004-2005 dated 17/8/2004. 3. 5. 18/13. 8 9. 23/12. Master Circular on CRR & SLR Master circular Loans and AdvancesStatutory and Other Restrictions.BC. Fraud.20/13. 4.00/2004-2005 dated 2 1/7/2004 DBOD NO.NO. 7. 2/23.ARS. 12. 12/2 1. 10.BC. Master Circular on Interest Rates on NRO & NRE Accounts Master Circular on Interest Rates on FCNR(B) Accounts Master Circular on Interest Rates on Advances.03.BC. DBODNOREFBC. 32/13.00/2004 -05 dated 8/7/2004 Master Circular. Master Circular-Exposure Norms 14/13.00/2004-05 dated 16/07/2004 DBOD NO DIR. Master circular on Guarantees and Co acceptances.01.NO.03.03. 4/08.00/2004-2005 dated 30/7/2004.04.002 /2004-2005 dated 19/07/2004 DBOD DIR BC 9/13.BC. DBOD. 6.BP. 87 .00/2004-2005 dated 23/7/2004.001/2004-05 dated 7/8/2004.Classification and Reporting.91.03.BC.FRMC.8/13. DBS.03.BC. Contents Prudential Norms for Classification Of Investment Portfolio by Banks Terms and condition for appointment Of statutory/ concurrent/internal auditors.00/2004 -05 dated 14/07/2004 DBOD DIR BC 6/13.

04. 1 1/21.11 -2003 DBOD. dated 7-6-2004 UBD. Valuation and Operation of Investment Portfolio by Banks DBOD NO.04.BP.BP.001/2003-04.067/2003-04. dated 17-7-2004 for Classification.BC 93/21. DBOD NO. 20 21 22 23 24 25 26 DBOD. dated 22-9-2003 DBOD NO. dated 17-7-2004 Income Recognition. dated 29-3-2003 Prudential Guidelines on Banks' Investment in Non-SLR securities Prudential Guidelines on banks' Investment in Non-SLR securities Entry of banks into Insurance Business Revised A/S 1 1 on Accounting for Effects of Changes in Foreign Exchange Rates Guidelines on Compliance Accounting Standards by Banks with 88 .BC. Asset Classification and Provisioning Norms Declaration of Dividend by Banks Guidelines on compliance with Accounting Standards by banks Revised Guidelines for Compromise Settlement of Chronic Non-Performing Assets of Public Sectors bank up to 10 crore Master Circular Activities on Para banking 15 16 17 18 19. Dated 1-6-2004 DBOD. PCB. dated 23-4-2004 DBOD NO BP BC 82/21.BC.048/2004-05.BP.12-2003 DBOD.043/2003-04. Master Circulars on Prudential Norms on 10/21. 1 1 7/2003-04. Dated 9-6-2004 SO 666 (E).BC. 56/24.0 4.NO. 53/21.04. 01.141/2004 Mater Circular on Prudential Norms -05.04.NO.BP. 1949-Power to exempt in certain cases Income Recognition.FSC. 89/ 21-04. 018/2003-04. 14. Asset Classification and Provisioning pertaining to Advances DBOD BP.01.BC.03/2003-04. 80/21.018/200304 Dated 30/4/2004 DBOD NO. 04.BC.04. dated 8-4-2003 DBOD NO. dated 12.018/2002-03.BC.BP.141 2003-04.BC.Control System And Bank Audit  13. dated 10-12-2003 DBOD.27/24.FSC.BC 66/2 1 .NO.NO. 141/2003-04. dated 05-2-2004 Amalgamation/Merger of non-banking finance companies with banks Section 53 of the Banking Regulation Act.02. 89/21. BP.018/2002-03. dated 12.44/21. NO. 49/12.BP. 02.BP. BC.05.

owed certain amount to the respondent by way of sale consideration towards goods imported by it. 1881 .whether permissible Legal Decisions Affecting Bankers Sil Import.Sections 138 and 142 . Two cheques. where notice under provision (b) of section 138 of the Negotiable Instruments Act has been served more than once. which were issued by the appellants in favour of the respondent.6.6.Control System And Bank Audit  CASE LAW 11 Negotiable Instruments Act. were dishonoured on the ground "no sufficient funds". The respondent filed a complaint before the Magistrate on 8. which was served on the appellant on 25. The respondent then sent a notice to the appellant by fax on 11. The appellant contested that the cause of action had arisen on the expiry of 15 days from the date of receipt of the fax (namely on 26. 89 .1996. As the complaint was filed within 45 days from the date of receipt of acknowledgement of the notice sent by registered post.Starting of limitation period notice by fax . Vs. Exim Aides Silk Exporters. the period of limitation for filing complaint under section 142 (a) of the Act commences from the date of receipt of the first notice by the drawer and not from the date of receipt of the latter notice.1996 in respect of the dishonour of cheques. the respondent was an exporter of silk goods. The question before the Magistrate was whether the petition had been filed within the period of limitation prescribed under section 138 of the Negotiable Instruments Act. Facts In this case. AIR 1999 SC 1609.1996. On the next day after sending the fax.S. Bangalore. the respondent again sent the same notice by registered post. (1999) 4 SCC 567 Principle In the case of dishonour of cheque. a company based in U. The appellant. U. which was received by the appellant on the same day.A.A. It is permissible for the drawer to send notice by fax.6.Limitation period for filing complaint regarding dishonour of cheque .S.1996) and hence the complaint was not within the stipulated time.8. the Karnataka High Court held that the complaint was within the period of limitation.

the Magistrate had no jurisdiction to take cognizance of the offence on the said complaint.1996. the complaint was filed only on 8. The respondent has no case that fax did not reach the appellant on the same date (11.Control System And Bank Audit  Observations of the Court Section 142 of the Negotiable Instruments Act prohibits the Court from taking cognizance of an offence unless the complaint is filed within one month of the date on which cause of action arises.1996). Public Financial Institutions and Negotiable Instruments Laws (Amendment) Act. 90 . In the instant case.7. Nowhere is it said that such notice must be sent by registered post or that it should be dispatched through a messenger. 1988. for otherwise he would not be in a position to count the period in order to ascertain the date when cause of action had arisen is erroneous in as much as it erases the starting date of the period of 15 days envisaged in provision (e) to Section 138. If the court were to interpret the words 'giving notice in writing" in the section as restricted to the customary mode of sending notice through postal service or even by personal delivery. to make a demand for payment "by giving notice in writing to the drawer of the cheque". was inserted in the Act as per the Banking. Facsimile (or fax ) is a way of sending handwritten or printed or typed material as well as pictures by wire or radio.Chapter XVII of the Act. Decision The appeal was allowed accordingly.1996. who receives the information regarding the return of the cheque unpaid. Completion of offence is the requires the payee. Hence. If no complaint was filed within one month there from the payee would stand forbidden from launching a prosecution thereafter. The High Court's view that the sender of the notice must know the date when it was received by the sendee. If a different interpretation is given the absolute prohibition incorporated in Section 142 of the Act would become superfluous.6. (Sections 138 to 142). Hence.8. the interpretative process would fail to cope up with the change of time. When the legislature contemplated that notice in writing should be given to the drawer of the cheque. Although the fast day when the respondent could have filed the complaint was 26. the legislature must be presumed to have been aware of the modern devices and equipment already in vogue and also in store for future. due to the clear interdict contained in Section 142 of the Act. on the date when the notice sent by fax reached the drawer of the cheque the period of 1 5 days (within which he has to make the payment) had started running and on the expiry of that period the offence was completed unless the amount had been paid in the meantime. the appellant has admitted that a written notice was sent by fax and was received by him on the same day.

you will see that we are the last major player to enter the market for raising capital. when news broke that State Bank of India had asked Mehta to return Rs.840 crores to Parekh's companies. This is despite our large presence and stature.500 crores he had illegally put to work on the stock markets ANZ Grindlays bank's (now Standard Chartered Grindlays) Ram Narayan Popli was another key player in the Mehta game.Control System And Bank Audit  12 BANK SCAM It is now just under a decade from April 1992. he diverted a Canara Bank banker's cheque worth Rs.10.5.84 crores and Rs. Both UCO Bank and ANZ Grindlays suffered separately. Ketan Parekh had access to almost Rs.05 crores favouring Grindlays Bank to Mehta's account. the banks had not learned much since their infamous liaison with Harshad Mehta in 1992. Madhavpura Mercantile Co-operative Bank (MMCB) regularly issued him credit against his overpriced stocks. SEBI's investigations reveal that by the end of March. primarily from banks.2. On March 18 and April 24 that year. Banks such as GTB and Standard Chartered had also given Parekh an over-draft facility. MMCB threw every canon of prudent banking by the wayside when it violated RBI regulations to provide about Rs. The scam is still chasing the bank is clear from Mr. We were actually waiting to sort out certain Canfina-related issues. This was indeed a long wait. it was with the connivance of banks only that Ketan Parekh perpetrate such a huge scam. this time with banker's cheques worth Rs. N. he pulled off the same trick.62 crores." It seems. which he used to recycle funds in the market. 000 crores of funds. This time too. 91 .7. Executive Director (canara bank) words: "If you consider banks in our peer group. That a few employees of these banks could routinely siphon off their employer's cash says not a little about the abysmal state of their supervisory apparatus. On one occasion in February 1991. Kantha Kumar.

A well conceived audit policy put to practice by those who are expected to discharge the onerous responsibility in the bank would depict that the audit operations is not mere ritual but a critical operation and need to be dealt with beyond numbers. then the job is done.. the auditor has to understand the purpose of audit. Experienced audit committee in bank do make sense and value edition when audit function is given a direction and indeed great comfort to all concerned with the bank. The report has to be drafted in such a manner that it should stand on the test of contents."Whether the report had added any value to the branch in smoothening the operations?' If the answer is' Yes'. there are number of seminars conducted.Control System And Bank Audit       13 Conclusion. In addition. To my mind the best test of audit is . 92 . conduct the audit with logical thinking and application of knowledge. Apart from the sources of knowledge made available. A Final Word The Bank Audit is a vast area. clarity and utility.

which in our opinion provides for physical verification of all the fixed assets at reasonable intervals.36.53. 93 .55. (iv) In respect of loans.94. There is also a system of periodic physical verification of leased assets by the Management. 2. (b) Some of the fixed assets were physically verified during the year by the Management in accordance with a programme of verification. At the yearend. taken by the Corporation from companies. (vi) In our opinion and according to the information and explanations given to us. with regard to the deposits accepted from the public.Control System And Bank Audit  ANNEXURE Auditors Report of HDFC Bank: (i) The nature of the Corporation’s business/activities during the year is such that clauses (ii). (v) In our opinion and according to the information and explanations given to us. including quantitative details and situation of fixed assets. 1956 and the Housing Finance Companies (NHB) Directions. the frequency of which is reasonable. granted by the Corporation to companies. firms or other parties covered in the Register maintained under Section 301 of the Companies Act. according to the information and explanations given to us: The Corporation has taken loans from 19 parties. firms or other parties covered in the Register maintained under Section 301 of the Companies Act.095 and the maximum amount involved during the year was Rs. (ii) In respect of its fixed assets: (a) The Corporation has maintained proper records showing full particulars. (iii) In respect of loans. 1956. 2. there are adequate internal control procedures commensurate with the size of the Corporation and the nature of its business for the purchase of fixed assets and for the sale of services and we have not observed any continuing failure to correct major weaknesses in such internal controls. secured or unsecured. 2001. According to the information and explanations given to us no material discrepancies were noticed on such verification. the outstanding balances of such loans taken aggregated to Rs. secured or unsecured.967. the Corporation has complied with the provisions of Sections 58 and 58AA of the Companies Act. 1956. (viii) and (xiii) of CARO. 2003 are not applicable.

debentures and other investments. R. 2005 (Membership No. in respect of statutory dues: (a) The Corporation has generally been regular in depositing undisputed statutory dues including Provident Fund. BILLIMORIA & CO. As explained to us. (b) There are no undisputed amounts outstanding as at March 31. securities. Incometax. 2005 for a period of more than six months from the date they became payable. Investor Education and Protection Fund. the provisions of clause 4(xiv) of the CARO. Sales-tax. Wealth Tax and Interest on lease tax which have not been deposited as on 31st March. (x) Based on the maturity profile of assets and liabilities with a residual maturity of one year. the liabilities are generally renewed on maturity and consequently the excess stated above does not reflect a mismatch in application of funds. as given in the Asset Liability Management report.1042 crores which is within the approved gap limit. (c) Details of disputed Sales-tax. the Corporation is not dealing in or trading in shares. the liabilities are in excess of assets by Rs. For S. Chartered Accountants P. Wealth Tax. 70928) 94 . Service Tax. B. Accordingly. the internal audit functions carried out during the year by firms of Chartered Accountants appointed by the Management have been commensurate with the size of the Corporation and the nature of its business. 2005 on account of any dispute are given below: (ix) In our opinion. cess and any other material statutory dues with the appropriate authorities during the year.Control System And Bank Audit  (vii) In our opinion. (viii) According to the information and explanations given to us. Ramesh MUMBAI Partner May 5. 2003 are not applicable to the Corporation.

20. banks may shift SLR securities to the HTM category any time.org.Control System And Bank Audit  Regulatory and Other measures Other Items Date of Publish: Nov 22. Consequently. (ii) To enable the above.16/16.(PCB) MC.20. 2004 The Chief Executive Officers of All Primary (Urban) Co-operative Banks INVESTMENT PORTFOLIO OF URBAN CO-OPERATIVE BANKS CLASSIFICATION AND VALUATION OF INVESTMENTS Please refer to the Master Circular on Investments by Primary (Urban) Co-operative Banks.in). as a one-time measure.00/2004-05 dated September 4. Ref. forwarded with our letter UBD. 2.00/ 2003-04 dated 23 December 2003 (available on website rbi. UBD. 95 .No. 2004 Selected circulars issued by the Reserve Bank of India during September 2004 reproduced below: Ref. 17 /13. 4/ 16. and b) the total SLR securities held in the HTM category is not more than 25 per cent of their NDTL as on the last Friday of the second preceding fortnight. No.00/2004-05 dated September 2.Cir. In the meantime. No. taking into account the unique requirement of maintenance of statutory reserve requirement of 25 per cent of the Net demand and time liabilities (NDTL) under Section 24 of Banking Regulations Act 1949.PCB. provided.Cir. 2004 The Chief Executive Officers of All Primary (Urban) Cooperative banks. Representations have been received from banks.PCB.04.BPD. Federation/Association of urban co-operative banks that the existing guidelines of classification of investments should be reviewed with a view to bringing them in alignment with international practices and current state of risk management practices in India. once more. it has been decided as under: (i) Banks may exceed the present limit of 25 per cent of a bank’s total investments under HTM category a) the excess comprises only of SLR securities. the Reserve Bank of India is setting up an Internal Group to review the existing guidelines and Report of the Group will be discussed in the Standing Committee on Financial Regulation. during the current accounting year.

Sign up to vote on this title
UsefulNot useful

Master Your Semester with Scribd & The New York Times

Special offer for students: Only $4.99/month.

Master Your Semester with a Special Offer from Scribd & The New York Times

Cancel anytime.