RISK BASED INTERNAL AUDIT TOOL

INTRODUCTION

The Risk Based Internal Audit Tool devised in excel is compatible only in Microsoft Excel 2007
and above.

The tool is protected and only selected cells are open to users for punching of data.

The users are advised not to alter or tamper with the tool and use only the specified cells for
preparing the audit report under the new format.

WORK FLOW

Following is the suggested workflow under the new format for the user-

The user is to fill the worksheets in the following order_

1. Branch Profile
2. Business Risk Checklist
3. Control Risk Checklist
4. Risk Matrix – Last RBIA Score
5. Forex, if any
6. Currency Chest, if any

While working on the checklists aforementioned, the user may simultaneously fill the following
sheets -

a. Appendices
b. Revenue Leakage
c. Statement of charges

On completion of the above, the following worksheets get automatically filled up-

1. Coversheet
2. Certificate
3. Business Risk Scorecard
4. Control Risk Scorecard
5. Forex Scorecard
6. Risk Matrix
7. Trends
The user need not work on the automatic filled up sheets.

Thereafter, the user may complete the following worksheets-

1. Fair Practice Code

2. Tax Certificate
3. Unit Visit Report

Subsequently, the user may fill the following worksheets to complete the risk based audit-

1. Flash Report
2. Ex- Summary
3. Risk Mitigation Steps
4. Exit Meeting
5. MAP
6. Index- change Pg nos need based

PAGE-TO-PAGE GUIDANCE
Cover Sheet

By default, page numbers are mentioned but if the user utilizes more worksheets then he may
change the page number order. He may also add new headings by inserting rows in Row 46.

Certificate

The certificate gets generated automatically. However, the user and branch manager needs to
sign the hard copy.

Flash Report

Although the Flash Report is to be submitted along with the RBIA Report, however, if the
inspector finds some glaring irregularities in the working of the branch, he may send the special
flash report at that point of time as well.

The inspector can increase the row size in this sheet if the information he is providing exceeds
the existing row size.

Executive Summary
The basic data of the branch is already filled in by the user in branch profile and will flow
automatically to the executive summary. For eg- Branch Name, Branch Code, Zonal Office,
Total Deposit Figures, Advances Figures, Income/Expenditure Figures, Recovery Figures, etc.

Certain cells have a facility of selecting an option from drop down list which get indicated as
soon as the cursor falls on it. To select an option from the drop down list, the user may click the
drop down menu ‘button’ on the right hand corner of the cell with such a list and then select the
relevant option for the branch under audit.

He may also use keys “Alt+ Arrow Down” to select the appropriate option from the drop down
list.

Branch Profile

The user is to fill this sheet cautiously as the information provided in this sheet will flow to the
other worksheets like Business Risk Checklist, Control Risk Checklist, Certificate, Ex-Summary,
Coversheet, etc.

Highlighted fields worked in the sheet are to be filled in compulsorily as the information will
either flow into the other worksheets or it will allot marks in the Business Risk & Control Risk
Checklist.

Caution

Any compulsory field left blank may not allot the desired marks to the branch and may lead to
incorrect classification of Risk Profile.

Certain cells have a facility of selecting an option from drop down list which get indicated as
soon as the cursor falls on it. To select an option from the drop down list, the user may click the
drop down menu ‘button’ on the right hand corner of the cell with such a list and then select the
relevant option for the branch under audit.

He may also use keys “Alt+ Arrow Down” to select the appropriate option from the drop down
list.

Protected Cells

The user will not be allowed to punch data in the protected field and we suggest the user to not
intervene in the functionality of the protected cells.

The fields in the branch profile meant for numeric fields are restricted for numeric values and the
user should not try to punch characters or other special characters to such fields.

The user should fill in all the cells open to them and not leave anything blank as far as possible.
Business Risk & Control Risk Checklist

The marks to highlighted risk areas will automatically get allotted on the basis of information
provided in branch profile provided the user has filled up all the specified cells as the chart given
below.

There is inbuilt functionality of selecting a risk area as Applicable or Not Applicable(NA) by

selecting the appropriate option from the Drop Down List in column ‘C’.

By selecting ‘NA’ option for a particular risk area, the maximum applicable marks shall get
reduced to zero and the marking will be done proportionately.

Cells which do not flow from Branch Profile or are not based on statistical data of the branch
should be given marks as follows-

1. Where the risk area is based on sample data

2. Where the risk area is objective and is based on Yes/No

1)The user is required to punch in his sample size in the column ‘No. of items checked’ and the
deviations noted in the column ‘No. of Deviations’ so as to enable the system to automatically
allot marks proportionately.

The deviation size cannot be more than the sample size and the user should first fill up the
sample size before filing up the deviation size. Both these columns are numeric fields, thus, the
user to punch in only numeric values into these columns.

The deviations noted should form part of the appendices. New appendix may be inserted
preferably at the end of the report so that the existing page numbers are retained if the need
arises.

2)Marking Scheme in objective risk area is based on Yes/No/NA.

The user only needs to select either Yes, No or NA to provide appropriate marks pertaining to
that risk area.

Generally, No, will give Zero marks, Yes, will give full marks and NA, will reduce the
maximum applicable marks to Zero unless otherwise specified vice versa in a particular Risk
Area.
The major positive and negative factors may be detailed in area specified specifically for the
same at the end of each risk profile.

The information thereby provided may be used to form ‘ Monitorable Action Plan(MAP)’.

Business Risk Checklist

In case of Response time and Fraud Detection and recovery in the fraud cases, the option given
are a,b,c,d,e which may be selected as per parameters given in the particular columns.

Control Risk Checklist

Compliance of various audit reports by the branch highlighted in green in cell nos (C,D,E-324 to
327) should be mentioned by the inspector which will flow to Executive Summary point 33.

Business Risk Scorecard/ Control Risk Scorecard

This scorecard is a summary of scores allotted in Business Risk Checklist and Control Risk
Checklist. The user need not work on this sheet.

Risk Matrix

The user is required to fill score awarded in last RBIA Report. The current RBIA score will flow
from Business Risk Scorecard and Control Risk Scorecard.

The matrix will highlight the composite risk profile of the branch as per the scores allotted. The
user need not select the composite risk profile in the matrix given.

Level of Risk Scores as a % of Total

Low Risk 65% and above
MediumRisk 40% to less than 65%
HighRisk less than 40%

Trends

The trends will be calculated as per the information provided by the user for last RBIA and
marks allotted in current RBIA. The trend will get highlighted in the table automatically without
user intervention.

Variation of marks ( Business Risk /Control Risk) in the same category upto + 3% or -3% of the
marks obtained in Last on-site audit, indexed to 1000 as explained above, shall be considered as
STABLE. Variation of marks in the same category more than this will be considered as
decreasing/ increasing as the case may be.

The inspecting officer is to sign the sheet in hard copy.

Forex

To be filled by only branches authorized to deal in foreign exchange.

By default, the sheet is marked ‘NA’ (Not Applicable). The authorized branch may select all the
columns as applicable before working on this work sheet.

Marking criteria is based on sample size and deviation size. Please refer to business risk checklist
and control risk checklist for further details.

Forex Scoring Sheet

This scorecard is a summary of scores allotted in Foreign Exchange Checklist. The user need not
work on this sheet.

Fair Practice Code

The user only needs to select Yes, No, NA (Not Applicable) relevant to the branch under audit.
A brief description regarding non-compliance of the code, if any be mentioned at the end of the
sheet in the space provided.

Currency Chest

To be filled in by Branches with whom currency chest has been attached.

By default, the sheet is marked ‘NA’ (Not Applicable). The authorized branch may select all the
columns as applicable before working on this work sheet.

Marking criteria is based on sample size and deviation size. Please refer to business risk &
control risk checklist for further details.

Tax Certificate

Two rows below each certification statement is open to user to comment upon.

He may also give his observations in point wise deviations, specifically provided towards the end
of the sheet.

Inspecting officer needs to sign the Tax Certificate in hard copy.

Revenue Leakage & Statement of Charges

Revenue Leakage detected & recovered during the period under audit may be reported in
Revenue Leakage and Statement of Charges Sheet. The inspecting officer should sign the hard
copy of this worksheet.
Appendices 1 to 20

Any irregularities observed in the branch under audit be reported under the specific appendix
allotted.

The user may insert rows if the data exceeds the rows provided in the format.

Risk Mitigation Steps, Exit Meeting &Monitorable Action Plan

The user may summarize his audit observations in these worksheets.

The user is allowed to increase the row size depending upon his requirement.

Visit Report

Separate sheet is required to be filled for each visit unit.

Multiple sheets can be created by user which is explained under the head special commands

SPECIAL COMMANDS

S.N. Particulars Shortcut

1 Move Around the Sheet Ctrl+ Page up/ Page down
Alternatively, user can reach a particular
work sheet by clicking on the page name
specified in the index.

2 To go to Second line within the same cell Alt+ Enter

3 Insert Rows Home> Insert> Insert Sheet Rows
Shortcut (Alt HIR)

4 Format Cell Home> Format> Row Height

Shortcut (Alt HOH)

5 Insert Worksheet Click button at the end of all worksheets

for inserting worksheet
Shortcut (Shift + F11)
6 Copy Visit Report Right click on the:
Tab name- ‘Visit Report’,
Select ‘Move or Copy’,
Then select ‘ Move to End’ in the table
‘Before Sheet’
Then Tick ‘Create a copy’
And Press ‘Ok’
7 How to write A/c Number starting with zero Please use ‘1’ apostrophe before writing
the a/c no. starting with zero.
8 Fill Date Please use either ‘-‘ dash or ‘/’ Front
slash to enter date in the cells specified
for date. Please do not use ‘.’ dot while
entering any date.
9 How to save as pdf File> Save as> Select pdf in Save as
type> Check Option. Then select entire
workbook in publish what.
Press Ok and then save
10 How to Print Shortcut=Ctrl + P
Select print entire workbook
Then Press ‘Ok to Print’
To print particular pages keep selected
‘Print Entire Workbook’ and specifically
mention the page nos. in pages ‘from’
and ‘to’ column.
Alternately, print can be given of the pdf
document after saving the file as pdf.
.