branch bank audit - wirc branch audit 2011.pdfare the co-operative banks. co-operative banks in...

iWestern India Regional Council of The Institute of Chartered Accountants of India

Bank Branch Audit Seminar Series 2011

Western India Regional Council of The Institute of Chartered Accountants of India

Seminar Series 2011Audit

BankBranch

iiWestern India Regional Council of The Institute of Chartered Accountants of India


Opinions expressed in this book are those of the Contributors. Western India Regional Council of The Institute of Chartered Accountants of India, does not necessarily concur with the same.

Published by CA. Shriniwas Y. Joshi, Chairman, Western India Regional Council of The Institute of Chartered Accountants of India, ICAI Bhawan, 27, Cuffe Parade, Colaba, Mumbai-400 005. Tel.: 39893989 • Fax : 39802954 / 39802953 E-mail : WIRC : [email protected] Website : http://www.icai.org

We acknoWledgeS the contribution of folloWing memberS

© WesTern IndIa regIonal CounCIl oF The InsTITuTe oF CharTered aCCounTanTs oF IndIa

Printed byfinesse graphics & Prints Pvt. ltd.309, Parvati Industrial Premises, Sun Mill Compound, Lower Parel (West), Mumbai 400 013.Tel.: 40364600, 40376700 Fax : 24962297

iiiWestern India Regional Council of The Institute of Chartered Accountants of India


Western India Regional Council 2011-12

ChairmanCA. Shriniwas Y. Joshi

Vice ChairmanCA. Bhailal Patel

SecretaryCA. Shardul Shah

TreasurerCA. Julfesh Shah

MembersCA. Anil BhandariCA. Ashok JainCA. Chandrakant PawarCA. Dhiraj KhandelwalCA. Dilip ApteCA. Dinesh GandhiCA. Durgesh KabraCA. Jay ChhairaCA. Makarand JoshiCA. Mangesh KinareCA. Nandkishore HegdeCA. Neel MajithiaCA. Parag RavalCA. Rajesh ShahCA. Sanjeev LalanCA. Shruti ShahCA. Sunil PatodiaCA. Vishnu Agarwal

Ex-officio MembersCA. Jaydeep Shah, Vice President, ICAICA. Atul BhedaCA. Bhavna DoshiCA. Dhinal ShahCA. Jayant GokhaleCA. Mahesh SardaCA. Nilesh VikamseyCA. Pankaj JainCA. Rajkumar AdukiaCA. Sanjeev MaheshwariCA. Shivaji ZawareSmt. Usha Narayanan

Banking, Insurance & Pension Committee 2011-12

ChairmanCA. Shardul Shah

ConvenorCA. Bhailal Patel

Office BearerCA. Shriniwas Y. Joshi

Regional Council MembersCA. Dilip Apte CA. Rajesh Shah CA. C. V. Pawar CA. Ashok Jain

vWestern India Regional Council of The Institute of Chartered Accountants of India


FOREWORD

March 4, 2011

Dear Members,

Banking sector has major contribution to the India’s Growth story over the past one decade. The banking industry is currently undergoing reforms strategy to function on the basis of operational flexibility and functional autonomy to enhance efficiency, productivity and profitability. Industry will face several challenges in the form of increased competition due to entry of various industrial groups and foreign banks into banking sector. Changes in capital adequacy norms and CRR, SLR and strictness of KYC norms will require introduction of effective risk management systems, new practices of supervision & control and strict implementation of prudential norms. Adoption of modern technology and diversification of portfolio in retail, insurance, credit cards and introduction of virtual banking along with better customer service would be required to stay in competition.

As usual, the Western Region will have series of seminars to update members and improve their skill set required to complete bank audit assignments efficiently. We have included the papers in this compilation on traditional topics like – Advances, NPA, LFAR, Audit in Core Banking environment, Profit & Loss, Assets, Sensitive Accounts, etc. To give synopsis of the Industry, we have included topics like – Overview of the Indian Banking Industry, Risk Based Audit, Basel II & CRAR, List of recent RBI Circulars, etc. To help Chartered Accountants to do the audit of specialized branches, we have included topics like - Audit of Foreign Exchange Transactions and Audit of Treasury Transactions, We have introduced a new topic viz. Frauds in Banks to understand the Statutory Auditors’ responsibility if such event is detected during the year under review.

I sincerely thank the contributors on behalf of Banking, Insurance and Pension Committee of WIRC of ICAI, for giving an excellent guidance on the subject.

Wish you a very happy learning and prosperous year ahead.

Shriniwas Y. JoshiChairman - WIRC

viWestern India Regional Council of The Institute of Chartered Accountants of India


PREFACE

March 4, 2011

Dear Friends,

It is the month of March, 2011 and the time of the year when we all are geared up to do the Bank Branch Audit. It is in this regards that WIRC of ICAI has decided to come up with this updated and refreshed publication. Bank Branch Audit provides a major professional opportunity to Chartered Accountants not only in major cities but also in mofussil areas in India.

The banking sector has grown tremendously in recent times and will continue to grow as the Indian economy remains vibrant and exciting. Chartered Accountants play a very crucial role in conducting Bank Branch Audit. It is important for Chartered Accountants that they are updated regularly about the important areas such as planning and detailing of the Bank Branch Audit, preparation of the various audit reports, including reports as per Jilani & Ghosh Committee recommendations and ensuring that vigilance is maintained at the time of verifying the bank advances, identifying the non performing assets and the latest RBI circulars are kept in mind. The audit and reporting of certain important transactions especially that relating to foreign exchange needs to be reported and identified while carrying out the Bank Branch Audit. In today’s time Bank Branch Audit is carried out in a computerized environment with special reference to core banking, our members need to ensure that they are updated about the latest auditing techniques in this regard. The global banking scenario is changing and it is important that our members are versatile to this change.

The various updates and details provided in this publication would indeed provide a practical guide to Chartered Accountants and students and readers at large. I am sure that all the information provided in this publication would act as a ready reckoner for further study and act as a guide to the audit process.

I am extremely thankful to the contributors who have spared their valuable time and shared their valuable knowledge by contributing in this publication.

Thanks and best regards.

Shardul ShahChairman Banking, Insurance & Pension WIRC of ICAI

viiWestern India Regional Council of The Institute of Chartered Accountants of India


InDExS. Subject Pg. No. No.

Seminar Series 2011 Bank Branch Audit – Compilation of Papers

1 OVERVIEW OF ThE INDIAN BANKING INDuSTRY ...................................................... 1 CA. RAhul JoglekAR

2 RISK BASED AuDIT ............................................................................................. 9 CA. JATIN loDAYA

3 BASEL II & CRAR ...............................................................................................23 CA. MRuDul gokhAle

4 BANK BRANCh AuDIT PLANNING .........................................................................41 CA. uDAY SAThAYe

5 VARIFICATION OF ADVANCES .............................................................................51 CA. VIPul ChokSI

6 AuDIT OF AGRICuLTuRAL ADVANCES ....................................................................61 CA. DIlIP DIXIT

7 PRuDENTIAL NORMS ..........................................................................................65 CA. Dr. MITIl ChokSI / CA. NIleSh JoShI

8 LFAR ..............................................................................................................77 CA. ABhAY V. kAMAT

9 PROFIT & LOSS VERIFICATION .............................................................................83 CA. keTAN D. SAIYYA

10 SENSITIVE ACCOuNTS/ RECONCILIATION AND FIXED ASSETS .................................89 CA. NIRANJAN JoShI

11 AuDIT REPORT, AuDIT CERTIFICATES AND ............................................................93 GhOSh & JILANI COMMITTEE’S RECOMMENDATIONS CA. ISMAIl B. SoNAWAllA

12 CORE BANKING ENVIRONMENT ............................................................................97 CA. RAMeSh keDIA

13 AuDIT OF FOREIGN EXChANGE TRANSACTIONS ...................................................127 CA. AShuToSh PeDNekAR

14 AuDIT OF TREASuRY OPERATION.......................................................................149 CA. AkhIl MASTeR

15 FRAuDS IN BANKS ............................................................................................155 CA. NITANT TRIlokekAR

16 INDEX OF RECENT RBI NOTIFICATIONS ...............................................................161 CA. SANDIP WellINg

1Western India Regional Council of The Institute of Chartered Accountants of India

Overview of the Indian Banking Industry

Banking in India has its roots in the last decades of the 18th century. For the understanding of the readers, this discussion paper has been structured in three broad phases, the beginning and growth of the Indian banking industry, the present scenario and the future outlook.

Dawn and development of banking in India (Early 1800 to 1960)Though the earliest records suggest that the first bank to be set up in India was the General Bank of India in the year 1789, the notable development in the Indian banking industry was the setting up of the Bank of Bengal in 1809, Bank of Bombay in 1840 and Bank of Madras in 1843 by the East India Company. These three banks were known as the Presidency Banks. This was the first time Banks having joint stock and limited liability were formed in India.

The three Presidency Banks were merged in the year 1921 and it led to the formation of the Imperial Bank of India. Imperial Bank of India performed all the normal functions which a commercial bank was expected to perform and in addition also acted as the Central Bank in India performing the important task of being the Banker of last resort. For 14 long years the Imperial Bank of India performed the dual role of a commercial as well as the Central Bank till the formation of the Reserve Bank of India (RBI). The Central banking responsibilities were vested in the RBI. Immediately after independence, the Government of India passed the Banking Regulation Act in 1949 to bring all banking business within the gamut of regulation. In the year 1955, through an Act of the Parliament of India, the State Bank of India (SBI) came into existence. The RBI acquired a controlling stake in the Imperial Bank of India and its business was vested in the SBI. Meanwhile, the princely states in India had their own Banks independent from the banking industry in rest of India. Later, the State Bank of India (Subsidiary Banks) Act

was passed in 1959 which enabled the SBI to make the seven former State-associated banks as its subsidiaries.

Another stream of banking business in India are the co-operative banks. Co-operative banks in India started functioning almost 100 years ago. They are an important constituent of the banking sector. Judging by the role assigned to the co-operative movement in India, the expectations the co-operative sector is supposed to fulfil are really widespread. The co-operative banks in India play an important role even today in rural financing. The businesses of co-operative banks in the urban areas also have increased phenomenally in recent years due to the sharp increase in the number of primary co-operative banks. Co-operative Banks in India are registered under the Co-operative Societies Act. The co-operative banks are also regulated by the RBI. They are governed by the Banking Regulations Act, 1949 and Banking Laws (Co-operative Societies) Act, 1965. The exponential growth of co-operative Banks in India is attributed mainly to their better local reach, personal interaction with customers and their ability to catch the nerve of the local clientele.

Nationalisation of Banks, private players and other forms of Banking (1969 to 1995)Being predominantly an agriculture based economy, the need was to make finance available to farmers at cheap rates. A major player of the financial cycle were the banks, which were then controlled by a closely held group. Therefore, the first phase of nationalisation of banks happened in 1969 by the then Prime Minister Indira Gandhi. The major objective behind nationalisation was to spread banking infrastructure in rural areas and make cheap finance available to Indian farmers. 14 banks were nationalized in 1969 followed by another 7 in the year 1980 taking the total number of state owned banks to 22, 21 nationalised banks and the State

Overview of the Indian Banking IndustryCA. Rahul Joglekar



Bank of India. At this stage the Government control over the Indian Banking Industry touched its peak at 91%. After the economy was greatly opened up in the industrial and financial policies of 1991, banking sector also witnessed a paradigm change. In 1994, the RBI issued a policy of liberalization to licence limited number of private banks, which came to be known as New Generation tech-savvy banks. Today, the private sector banks are not far behind in the competition to attract new customer by introducing various schemes to attract depositors as well as borrowers.

Another arm of the banking sector is the development banks. Development banks were set up in India at various points of time starting from the late 1940s to cater to the medium to long-term financing requirements

of industry as the capital market in India had not developed sufficiently. The endorsement of planned industrialization at the national level provided the critical enticement for organization of Development banks at both all-India and State levels. In order to perform their role, Development Banks were extended funds in the shape of Long Term Operations (LTO) Fund of the Reserve Bank of India and government guaranteed bonds, which constituted main sources of their funds. Funds from these sources were not only available at concessional rates, but also on a long- term basis with their maturity period ranging from 10-15 years. Besides providing direct loans, these institutions also extend economic assistance by way of underwriting and direct contribution and by issuing guarantees.

A broad structure of the Indian Banking industry is given the diagram below:

Reserve Bank of India

Commercial Banks Co-operative Banks Development Banks

Nationalised Private Short-term credit Long-term credit

Agricultural Credit

Urban Credit EXIM Industrial Agricultural

Recently the RBI has come out with detailed guidelines on branch authorizations. The existing system of granting authorisations for opening individual branches from time to time has been replaced by a system of giving aggregated approvals, on an annual basis, through a consultative and interactive process. Banks’ branch expansion strategies and plans over the medium-term would be discussed by the RBI with individual banks. The medium-term framework and the specific proposals would cover the opening, closing, shifting, merger and conversion of all categories of branches.

• Capital adequacy regime in India

The Narasimhan Committee endorsed the internationally accepted norms for capital adequacy standards, developed by the Basel Committee on Banking Supervision (BCBS). BCBS initiated Basel I norms in 1988, considered to be the first move towards risk-weighted capital adequacy norms. In pursuance of the Narasimhan Committee recommendations India adopted Basel I norms for scheduled commercial banks in April 1992, and its implementation was spread over the next three years. It was stipulated



that foreign banks operating in India should achieve a CRAR of 8% by March 1993 while Indian banks with branches abroad were required to achieve the 8% norm by March 1995. All other banks were to achieve a capital adequacy norm of 4% by March, 1993 and the 8% norm by March, 1996. In its mid-term review of Monetary and Credit Policy in October, 1998, the RBI raised the minimum regulatory CRAR requirement to 9%, and banks were advised to achieve this 9% CRAR level by March 31, 2000. Thus, the capital adequacy ratio for India’s commercial banks is higher than the internationally accepted level of 8%.

Presentstructureof thebanking industry(1995 to 2010)The present tense of the Banking industry can be synonymous with competition. With majority of the Banking activities more or less free, wide discretion is left to the Boards of individual Banks to make various policy decisions within the overall supervisory framework of the RBI. Being a “scheduled” bank i.e. a Bank listed in the second Schedule to the RBI Act, gives added benefits to the Banks including access to accommodation by RBI during the times of liquidity constraints. However, these are also subject to stricter norms and regulation by the RBI as certain circulars of the RBI are only meant for Scheduled Banks. A recent survey conducted by FICCI has brought out the following aspects:

1. Regulatory systems of Indian banks were rated better than China, Brazil, Russia, and UK at par with Japan, Singapore and Hong Kong where as all the respondents felt that Indian banking system is above par or at par with USA.

2. Respondents rated India’s Risk management systems more advanced than China, Brazil and Russia; 75% of the respondents opined that we are above or at par with Japan, 55.55% with Hong Kong, Singapore & UK and 62.5% with USA.

3. Credit quality of banks has been rated above par than China, Brazil, Russia, UK and USA but at par with Hong Kong and Singapore and 85.72% of the respondents feel that we are at least at par with Japan.

4. Technology systems of Indian banks have been rated more advanced than Brazil and Russia but below par with China, Japan, Hong Kong, Singapore, UK and USA.

• Implementation of technologysolutions

In the last 15 years, India has witnessed a paradigm shift in the use of information technology. Banks are undoubtedly on the forefront in implementing cutting-edge technology solutions in their operations. The concept of Branch banking is slowly losing its sheen with the implementation of Core Banking Solutions by almost all the major Banks in India. Branches have purely become business centres, with all non-revenue generating activities like cheque clearing, demat, etc. shifting to the back-end or famously known as the “central processing centres”. The RBI has also laid down detailed guidelines for implementation of technology solutions in banking sector. However, an important threat posed by technology is its misuse, either deliberate or unintentional. Frauds related to misuse of technology are one of the main reasons of failure of some of the banks in India.

• NPA risks andprudential normsAnother risk that has increased in the last few years owing to the global financial crisis is the risk of non-performing assets (NPAs). Banks are bearing the brunt of bad loans in the form of higher provisioning requirement for NPAs as also the higher capital adequacy requirements on such loans. However, due to strict regulatory conditions imposed by the RBI, Indian banks have been successfully able to sail through the global financial crisis without a single bank running into bankruptcy



unlike in the other countries, which witnessed a fall of big banks. NPAs expose the banks to not just credit risk but also to liquidity risk. Considering the implications of the NPAs and also for imparting greater transparency and accountability in banking operations and restoring the credibility of confidence in the Indian financial system, RBI introduced prudential norms and regulations. The prudential norms which relate to income recognition, asset classification and provisioning for bad and doubtful debts serve two primary purposes – firstly, they bring out the true position of a Bank’s loan portfolio, and secondly, they help in controlling its deterioration.

• ImplementationofBasel IIThe final RBI guidelines on Basel II implementation were released in 2007. A major shift in Basel II as compared to Basel I is the introduction of rating related risk weights and a requirement of additional capital for operational risk. According to these guidelines, banks in India will initially adopt Standardised Approach for credit risk and Basic Indicator Approach for operational risk. Under the revised regime of Basel II, Indian banks will be required to maintain a minimum CRAR of 9% on an ongoing basis. Further, banks were required to achieve a tier I CRAR of at least 6% by March 2010. Basel II prescribed stringent capital adequacy conditions thereby causing the Banks to build up sufficient capital to absorb various shocks to its overall advances portfolio.

• AssetLiabilityManagement in BanksThe critical role of managing risks has now come into the open, especially against the experience of various economic crises in the world, where markets fell heavily because banks did not accurately measure the risk spread that should have been reflected in their lending activities. Nor did they manage such risks or provide for them in their balance sheets. In India, the Reserve Bank has issued comprehensive guidelines to banks for putting in place an asset liability management system. The uncertainty of interest rate

movements gave rise to interest rate risk thereby causing banks to look for processes to manage their risk. In the wake of interest rate risk, came liquidity risk and credit risk as inherent components of risk for banks. The recognition of these risks brought Asset Liability Management to the centre-stage of financial functioning in the country.

• BaseRate regimeIn order to bring in more transparency in the pricing of the loans made by Banks, the RBI introduced base rate system w.e.f. 1st April, 2010. Presently Banks determine their actual lending rates on loans and advances with reference to the Base Rate. Base Rate includes all those elements of the lending rates that are common across all categories of borrowers. While each bank decides its own Base Rate, some of the criteria that go into the determination of the Base Rate are: (i) cost of deposits; (ii) adjustment for the negative carry in respect of CRR and SLR; (iii) unallocable overhead cost for banks such as aggregate employee compensation relating to administrative functions in corporate office, directors’ and auditors’ fees, legal and premises expenses, depreciation, cost of printing and stationery, expenses incurred on communication and advertising, IT spending, and cost incurred towards deposit insurance; and (iv) profit margin. The actual lending rates charged to borrowers are the Base Rate plus borrower-specific charges, which includes product-specific operating costs, credit risk premium and tenor premium. Therefore BPLR as a benchmark rate has lost its relevance in present scenario of Banking in India.

• Increased importanceofKYCnormsDue to widespread financing of terrorism through banking channels, RBI has mandated strict KYC conditions for Banks. RBI has stipulated that Banks should formulate various policies for customer identification, customer acceptance, monitoring of transactions and regulatory reporting to RBI about the suspicious transactions. RBI directed all banks to ensure that they are fully compliant with the provisions of RBI guidelines before



December 31, 2005. The purpose was to prevent money laundering, terrorist financing, theft and so on.

• Reduction in CRR and SLRrequirements

The Narasimhan Committee had argued for reductions in SLR on the grounds that the stated government objective of reducing the fiscal deficits will prevent the need for a large portion of the current SLR. Similarly, the need for the use of CRR to control secondary expansion of credit would be lesser in a regime of smaller fiscal deficits. The committee offered the route of Open Market Operations to the Reserve Bank of India for further monetary control beyond that provided by the (lowered) SLR and CRR reserves. Ultimately the SLR was brought down to 25% in the year 1996-97. Subsequently in a move to pump up liquidity in the economy, the RBI further reduced the SLR to 24% in 2009.

• Increased stress on lending topriority sectors

After nationalization of banks in 1969 and 1980, thrust was given on social orientation of banking and administrative intervention of stipulating targets and sub-targets, credit generation and re-finance facilities for financing the preferred sectors of the economy known as Priority sectors. This sector included agriculture, small scale industries, small businesses, small transport operators, retail traders, housing and education. Introduced in the late 70s, the concept of mandatory priority sector lending has been the vehicle of bringing credit facilities to the hitherto neglected sectors of the economy and thereby fastening its development. Presently, Banks are required to maintain total priority sector advances of 40% of Adjusted Net Bank Credit (ANBC) or credit equivalent amount of Off-Balance Sheet Exposure, whichever is higher as on the last reporting Friday of the financial year with sub-limits laid down for various sectors of the economy within the overall ceiling of 40%.

• Thrust onCorporateGovernanceTo a large extent, many risk management failures reflect a breakdown in corporate governance, which arise due to poor management of conflict of interest, inadequate understanding of key banking risks, and poor Board oversight of the mechanisms for risk management and internal audit. Corporate governance is, therefore, the foundation for effective risk managements in banks and also the foundation for a sound financial system. In view of recent corporate failures, ensuring Corporate Governance has become the prime aim of regulators. Managements have realized that poor Corporate Governance can cause lot of harm to individual Banks and the Banking industry as a whole. Therefore the risks of failure of corporate governance mechanisms are a harsh reality and these can never be nullified. In terms of the World Bank governance indicators developed by Kaufman, Kraay and Mastruzzi, India ranked at about 46th percentile in 2009 based on a range of indicators, implying that more than half of the 210 countries studied scored better on governance as compared to India. Therefore, the choices which banks make when they establish their risk management and corporate governance systems have important ramifications for financial stability. However, a culture of corporate governance has to be imbibed in the thinking and cannot be taught or imposed upon.

• ForeignBanks in India

In 2005, the Reserve Bank released the “Road map for presence of foreign banks in India” which was divided into 2 phases, one from March, 2005 to March, 2009 and the other after analyzing the experience gained during the first phase. However, when the time came to review the experience gained in the first phase, global financial markets were in turmoil and there were uncertainties surrounding the financial strength of banks around the world. Therefore the present practice is being continued while the analysis of experience gained through the first phase is underway.



During the first phase, foreign banks were permitted to establish presence by way of setting up a wholly owned subsidiary (WOS) or conversion of the existing branches into WOS. The WOS should maintain a minimum capital of ` 300 crore i.e. ` 3 billion with an ongoing CRAR of at least 10% and would need to ensure sound corporate governance.

Futureoutlookof thebanking industryIt is expected that going forward the PSU banks will face great hurdle in terms of retail banking. In retail, private banks have developed leadership. It may be very likely that the small efficient private sector banks will be acquired by foreign banks and these foreign banks will acquire expertise of these private banks in the areas of retail. A lot of challenges are waiting for PSU banks. Survival of tech savvy, good global sized, with huge capital and smart skilled manpower bank is guaranteed while a bank having characteristic contrary to this will be acquired by big banks.

The “India Vision 2020” prepared by the Planning Commission, Government of India, is an important document, which is likely to guide the policy makers, including the banking sector reforms in the years to come.

• Introductionof IFRSUndoubtedly, the most talked of transition within the banking industry is the introduction of IFRS. Whilst IFRS would become mandatory from 1st April, 2011 in a phased manner for other than banking companies, the applicability for Banks has been deferred to the year commencing from 1st April, 2013 keeping in view the special position of Banks and the expected finalization of IFRS 9 somewhere in mid 2011. Towards this end, amendments need to be made to existing laws and regulations, notably the Companies Act, 1956 provisions and schedules that detail the requirements of financial statements need to be harmonized with IFRS requirements and converged Indian Accounting Standards (Ind AS) need to be notified under section 211(3C) of the said Act. Additionally there are also issues relating to taxation under an

IFRS converged environment which need to be tackled before actual convergence.

Apart from the accounting issues involved in implementation of IFRS, various non-accounting issues would also need to be addressed. Most Banks in India have either already migrated or are in the process of migrating to Core Banking Solutions. Data integrity and data validity would be of critical importance especially due to data intensive requirements of IFRS converged standards. The present system of compilation and submission of data which forms the backbone of preparation of financial statements at times compromises on data quality. The scope of erroneous data entry or even malicious, wrong reporting cannot be ruled out. Lack of adequate data results in absence of information at various levels and for segmental reporting. Incorporating suitable capability in CBS for enabling automated data flow/generation of MIS would be required before actual convergence with IFRS.

• Consolidation throughmergers andacquisitions

The regulatory framework for M&As in the banking sector is laid down in the Banking Regulation Act, 1949. For voluntary amalgamation, section 44A of the Act provides that the scheme of amalgamation of a banking company with another banking company is required to be approved individually by the board of directors of both the banking companies and subsequently by the shareholders representing two-thirds (in value) of both the banking companies. Further, section 44A of the Act requires that after the scheme of amalgamation is approved by the requisite majority in number representing two-thirds in value of shareholders of each banking company, the case can be submitted to the Reserve Bank for sanction. However, the Reserve Bank has the discretionary powers to approve the voluntary amalgamation of two banking companies under section 44A of the Act.

With increased competition and stringent capital requirements would force many



smaller Banks to ultimately merge their operations with larger banks, the most recent example being the acquisition of Bank of Rajasthan with ICICI Bank. However, banking consolidation in the long run would give rise to several challenges, of which the implications on financial stability and monetary policy are important ones. Operational risk could increase with the size of operations, as the distance between management and operational personnel is expected to widen. The increased potential for systemic risk further intensifies the concerns for these banks being considered ‘too-big-to-fail’.

• Increased customer preferencethrough technological advancement

Bill Gates has once said – “Banking is necessary but banks are not”. This statement is all set to become reality in the coming years. Instead of the customers coming to the branches, the Branches would reach to the masses for providing timely, reliable and effective services. This would call for seamless connectivity across systems and operating units. Technological advancements like mobile banking would become the centre stage of the entire Banking industry. Technology will further open up existing markets and create new markets, new products and services and efficient delivery channels for the banking industry. Information Technology will provide banking industry with the ability to deal with the challenges of the new economy. Banks will have to undertake Business Process Re-engineering to change their business processes, delivery models, as also information processing systems. They will have to have a integrated approach to reap full benefits of technology upgradation in the banks. They will have to fully re-engineer their business processes as per the CBS software. Just recently, RBI has come up with guidelines for permitting cash withdrawals through ATM without the ATM card being present. Such a development would require implementation of sophisticated hardware and software solutions and at the same time building of customer awareness

since the transactions would be exposed to risks of theft and frauds. To survive intense competition from peers, banks would become more customer-centric than ever before which means the branches function as purely business centres with all back office functions transferred to the centralised data centres.

• Initiatives in electronic paymentsystems

RTGS, NEFT and ECS are today, the most widely accepted payment systems in the country. According to the Deputy Governor of RBI, Dr. K.C. Chakrabarty, the next stage of payment systems rationalization identifies the new frontiers and a road map for implementation of new projects. The road map includes implementation of a new RTGS system which would provide additional features including that for liquidity management, India MoneyLine – a 24x7 system for one-to-one funds transfers, India Card – a domestic card initiative, redesigned ECS to function as a truly Automated Clearing House (ACH) for bulk transactions, and mobile payments settlement network.

Subsequent to issuance of the guidelines on prepaid payment instruments, there has been a huge development in this area. Banks as well as non-banks currently operate in the prepaid payments segment. Currently, on an average 5 lakh payment transactions are processed by these entities. Reserve Bank would promote the activities of these players so as to make the payments scenario more vibrant. According to the report on Central Bank Oversight of Payment and Settlement Systems published by the Committee on Payment and Settlement Systems (CPSS) the general principles of oversight are (i) transparency (ii) international standards (iii) effective powers and capacity (iv) consistency and (v) co-operation with other authorities. RBI would contribute to international oversight and co-operation initiatives as a member of the CPSS, the SAARC Payments Council and other such bodies.



• Advanced capital adequacyrequirements–Basel III

In July 2010, the BCBS came out with a comprehensive paper indicating the broad agreement reached on the Basel III proposals. Broadly, these reforms will require banks to hold more and better quality capital and to carry more liquid assets, will limit their leverage and mandate them to build up capital buffers in good times that can be drawn down in periods of stress. The Basel III process is not yet complete. In particular, the actual calibration of the measures and

their phasing in is yet to be determined. This will be done by RBI after an in-depth assessment of the reasonableness of these measures and their impact on banks’ balance sheets as well as the economy as a whole. As on June 30, 2010, the average CRAR of the Indian banking system stood at 14.40% of which Tier I capital constituted 10.00%. It is unlikely that Basel III requirements will be higher than the above figures. The estimated CRAR of Indian Banks under Basel III is given below (source www.rbi.org.in)

Parameter Basel-III ActualvalueforIndianbanks requirement asonJune30,2010

Under Base-II Under Basel-III

Total CRAR 10.50% 14.40% 11.70%

Of which

Tier I Capital 8.50% 10.00% 9.00%

ConclusionThe future of Indian Banking is certainly bright. However, the risks associated with advanced technology and global operations need to be managed effectively. With greater thrust on customer orientation, competition will increase leading to greater chances of things going wrong. Banks managements need to be sensitized about the risks and risk management systems and the concept of profiteering should not be allowed to creep in. Towards this end, the chartered accountant community has a lot to contribute.

Right from traditional concurrent audits to the advanced IT systems audit, all will play a role in not only ensuring that systems are laid down to prevent errors and frauds from being perpetrated but also that those systems are being effectively monitored and any red flags raised are appropriately dealt with. The Chartered Accountant community also needs to be technically and academically geared up to embrace these risks bravely and to set high standards of professional conduct in practice.

AA


Risk based Audit in Banks

PerspectiveThe financial crisis, the economic downturn, the rise in fraudulent activities, the recent scams, the Satyam debacle are few stressed scenario which has not only impacted the respective entities/industries but the respective governance stakeholders such as regulators and auditors. Enhanced technological developments have added another dimension which is shrinking the world, bringing counterparties more closer, making processes speedier and has increased the ability to handle higher volumes. Hence there is the tendency to do more in lesser time. In all these developments, the underlying regulatory framework also has got enhanced with close monitoring by the regulators. With shrinking timelines and heightened management expectations, the auditors have same or lesser time to get their attestation work executed. Hence it is only appropriate that the current auditing framework moves over from traditional audit process to risk based audit process. Having said, this is not something new and many auditors have already adopted this concept for some time now. Apart from the process changes it entails, it is a mindset change too. Through this article, the paper writer has attempted to briefly highlight these aspects which can be food for thought for the audit fraternity.

BackgroundBanking, what used to be mere acceptance of deposits and lending the same to needy borrower (especially at branch levels), has evolved over the years. Surely many of the high end products are centrally deployed and monitored. Technology has become a substantial enabler and surely diluting the visibility of the traditional audit trail. Also geographies have shrunk, outsourcing has taken over, centralization of accounting has made concepts such as interbranch redundant. The product variants have outlined new challenges on revenue recognition. KYC,

AML and combating terrorist financing have highlighted a renewed focus on customer due diligence and documentation. Customer appropriateness has given a new perspective to the world of derivatives. Global trade has changed the landscape of trade finance products. Renewed Basel guidelines have evolved the needs for capital and liquidity in banks. Competition is growing rapidly and customer service standards are becoming the key differentiator amongst banks. Also with the mushrooming of various non banking outfits, the world of financial products has expanded like never before. For the customer the differentiation between a bank and a NBFC is getting blurred. The bank’s risk appetite has gradually expanded and focus on operational risk has got enhanced.

The evolvement of financial instruments and markets has enabled banks to undertake varied risk exposures. In the context of these developments and the progressive deregulation and liberalization of the Indian financial sector, having in place effective risk management and internal control systems has become crucial to the conduct of banking business. Further Basel II lays specific emphasis on risk management. Having said, the complexities in today’s banking and related audit needs are increasing. Overall competition is growing, newer banks are starting their operations in India, branch expansion is happening and above all technology has became a strong enabler to banking operations. In such an ever changing landscape it would be counterproductive to adopt the traditional approach to auditing such a dynamic industry. Risk based auditing (RBA) is the way forward to combat this phenomenon. Apart from satisfying the auditor’s fulfilment of its objectives, it also adds value to the bank in terms of more in less time.

This paper on risk based audit is an attempt to demystify some of the aspects involved. The attestation responsibility and the audit focus is still remaining same – to provide a

Risk based Audit in BanksCA. Jatin Lodaya



true and fair opinion – only the approach is being modified – from a traditional approach to a contemporary approach – the risk based approach such that more can be achieved in less without compromising on the overall ethics, quality and substance. The quantum of audit work is getting rationalized by doing more of smart and less of hard work. It is the higher application of judgment which is being made rather than mere facts and figures. This is important considering that the banks not only want their auditors to audit the financial numbers but also the internal controls which attribute to the population of such numbers and day-to-day operations across the bank.

IntroductionRisk, plays a key role in the world of Auditing. Audit risk, represents risk to an auditor/audit firm, as the risk of paying damages to a client arising out of negligent work when trying to show a true and fair view of a set of company accounts. All audit work involves some level of risk; this may be because a set of company accounts have been misstated due to error or fraud, or the auditor failed to detect the errors or fraud. In addition, these problems may have occurred due to inadequate sample sizes when determining the level of risk or the auditor failed to use proper auditing policies.

The RBA is superior to traditional audit approaches for two reasons. First, it focuses on risks, the underlying causes of financial surprises, not just the accounting records. Second, the RBA shifts the focus from inspecting the quality of the financial information that is recorded in the financial statements to building quality into the financial reporting process and adding value to the bank’s operations.

The RBA, which focuses on both recorded and unrecorded risk, improves financial statement assurance and the financial statement reporting process. The RBA focuses on business risk and the processes for controlling these risks. Hence logically, higher the risk area, the more audit time and client controls

are required. Inherent risks form part of this risk assessment.

Understanding the banking business

Banking, which most of us do every day, sounds simple. Hence auditing a bank may sound simple, but isn’t so. Gone are those days when banking was only taking deposits and giving advances; treasury activities were involved only at head office, corporate lending was backed by identifiable security, etc. The modern day banking has evolved and is not restricted to brick and mortar structure. ATMs, internet banking, mobile banking, 24 X 7 branches, Sunday banking, drop boxes, intermediaries (e.g., Western Union), remote branches, increase in inward remittances in foreign currency, RTGS, NEFT, primary dealership, depository services, derivatives, wealth management, bank’s selling mutual funds & insurance policies, portfolio management, etc. Accepting deposits and lending advances is only the beginning. There are many products which give risk to off balance sheet amounts. Most of the banks are networked internally and within each other. A customer is entitled to use any ATM and have access to its own funds without walking to the nearby branch.

In order to identify bank’s business risks, the auditor must obtain a thorough understanding of the overall governance structure, inherent risks associated with banking business, internal control mechanism, financial condition, sources of revenues, expenditures, competition and other business risks. The auditor should review minutes of various governance meetings, understand the risk appetite/profile of the bank, review the monitoring of various statutory ratios/limits to evaluate the discipline factor, review the fines & penalties amount and also read through various audit reports to identify early on any known issues. The first goal of the RBA is to identify when a bank has failed to consider an important risk, economic event or transaction. The second goal is to assure that banks have focused on emerging risks that may not yet be well understood or managed.



It is also critical for the auditor to see the big/overall picture before reaching any early conclusions. By having appropriate interactions and referring to background material, the auditor should gauge the management style, understand the bank’s policies and procedures, understand the regulatory relationship status, evaluate the market standing, probe into frauds/past losses, chart out the financial trends over the past year/s, exclude one offs, assess the soundness of the accounting policies, and amongst some other parameters at least check out the capital adequacy and NPA ratios so as to get a feel of the financial soundness. Before plunging into the audit field work, the auditor should evaluate the robustness of the internal controls by inquiring into GL controls, TB review process, reconciliation process, access controls to premises/systems, transaction monitoring systems, overall IT infrastructure, data archival process and arrangement with vendors including outsourcing.

Risk based vs Risk focusedThe terms do get used interchangeably but there is a slight difference. Risk based approach helps in identifying where the risks lie and after which the focus can be on high and medium risks to carry out the actual audit work. Hence risk based approach precedes a risk focused audit approach.

The RBA requires a greater understanding of the bank and more knowledge of the bank’s business environment than required in a traditional audit. Whenever possible, the RBA approach tests and relies upon the Bank’s process for controlling risks that could affect the financial statements. In traditional audits, the auditor substantiates account balances rather than relying on a bank’s controls. This means that the auditor should evaluate the effectiveness of bank’s internal control system and leverage on bank’s control system whenever possible.

By focusing on the client’s control processes, the RBA should add value to the bank by:

• addressing risks affecting the bank and their financial reporting;

• providing services that help the bank manage its business and risks;

• communicating with the bank on important issues;

• improving identification of financial statement misstatement;

• improving assessment of the banks business viability;

• improving identification of fraud; and

• improving quality and timeliness of reporting.

The above is a representative sample. Basically this means that RBA lead the auditor in not only meeting the audit objectives but also by gaining more insight into the bank’s business and thus identifying areas where it can provide more value added services to the bank, thereby enhancing its revenue generation model. In today’s competitive world, like a bank, even the auditors can differentiate themselves by the work quality – the higher the value add they can do, higher their acceptance value. Audit process, though driven primarily by mandatory requirements, is looked at differently by the banks. Apart from meeting the statutory requirements, they expect value add from the auditors in terms of early identification of control gaps, sharing best practices, giving timely advice on accounting and taxation matters and similar permissible services. Basically be a critical sounding board. In a large bank many of these expectations would be from the central auditors, especially on account of centralization of key functions.

Bank audits – risk methodologyIn a bank audit, the audit focus areas will ideally include – advances, investments, treasury activities, deposits, revenue recognition, interest/period cost accrual and loan impairment. Areas such as fixed assets may be important area but in a bank audit



it may not be relatively important as the fixed assets value as a percentage to the balance sheet size will be negligible – it is all relative. Depending on the size of the balance sheet, the auditor will need to deploy resources – people and time. Branches which have higher deposits, advances, and overall volume of transactions are bound to get more attention. Based on risk assessment, the auditor will arrive at a conclusion on the audit focus areas – be it balance sheet captions or branch coverage. It is possible that a particular branch may get picked up due to a one off or a series of frauds or known control gaps. To identify these the branch revenues, expenditure, interest revenue, interest cost, advances, deposits, number of staff (new and attrition), number of frauds, number of other operational losses, number of customer complaints are some of the factors considered important to rank. The auditor may design an information capture from such that similar important information is captured for each location, product, & process as the case may be. Sometimes the management expects a certain audit focus on a particular branch or a particular business product/vertical which they would usually indicate in the opening meeting. This also sometimes drives the audit focus. Sudden growth or fall pattern are also signals to identify need for focus. KYC, AML, customer complaints (most relate to service issues, but there could be issues with customer appropriateness say for derivative transactions or private banking (say for high net worth clientele)), thefts, and robberies are some other parameters which are important while considering risk focus. Changing regulations (and interpretation thereof), changing systems (e.g., implementation of core banking), more than normal system downtime, change in accounting policies, are some other pointers for adopting a risk focused approach.

It is critical that the audit staff invests sufficient time at the audit planning stage by meeting critical bank management staff, going through the basic quantitative data and their movements over the past quarter/

year. The auditor should refer critical MIS data such as board papers, ALCO papers, budget vs actual, KRIs, KPIs, internal audit reports, concurrent audit reports, special audit reports, RBI inspection reports, action trackers, risk management meeting papers, risk profile templates, risk assessment matrix (of the internal auditors), stressed accounts reports, media reports (e.g., to identify any negative reporting), comparatives with peer group, LFAR/certificates (if the auditors were different in earlier years), correspondence with the regulators, etc. This list can get exhaustive depending on the auditors’ risk assessment and comfort levels. More the experience of the auditor with a particular bank, higher the awareness and confidence levels. Such investment (say 40% of the total audit time) can reap benefits in terms of bringing audit focus to high and medium risk items have constructive and meaningful conversations with the management, stay away from mundane/redundant tests, spend least energy on low risk items, and overall add value to the complete attestation process. This will enhance the audit quality, bring in better efficiency within the audit team, and overall less time and higher output will be experienced. Where the auditor perceives relatively lesser risk, it can adopt alternative audit checks such as getting external confirmations, performing analytical reviews (e.g., period costs such as rent, salary etc.), perform logic checks (e.g., net interest margins, general provisions, PCR, depreciation, interest costs on savings account using average balances, etc.). The auditor can also consider transaction testing with an element of surprise in respect of low risk areas which would be audited at relatively longer intervals. Unusual swing in suspense account balances is another factor to be considered while focusing on other assets/liabilities. Also the audit manager can allocate audit responsibilities such that all the high risk areas are allocated to experienced team members. This can also enhance the overall audit quality and can appease the bank staff too. Sounds logical but related logistics need to be managed at the planning stage.



The auditor should also focus on areas such as – customer complaints to evaluate any unaccounted potential customer liabilities, staff related issues based on relationship with unions so as to evaluate any potential unaccounted liability, legal issues to evaluate any non-accrual of legal fees or non disclosure of a contingent liability, compliance issues for any potential penalties, statutory/regulatory limits (such as PSL, SBL, GBL, SLR, CRR, CAR, CME) to evaluate any non compliance issues, past tax assessments to gauge any over/under provisioning and deferred tax accounting, analyse ageing of sundry/suspense/nostro/unclaimed/dormant accounts to identify any unexplainable vintage items, unexplained systems downtime. Some of these areas can give early lead to the auditors in relatively much lesser time frame. This helps the auditor to approach risk focused audit.

Banking in India is highly regulated. Internal audits, concurrent audits, regulatory audits/inspections continue to happen parallel to the external audits. To avoid potential duplication and to leverage on work already performed by other professionals it makes logical sense for the external auditor to review the reports of these audits, reviews & inspections. This will also accelerate the auditors understanding of the bank thereby helping him to easily adopt risk based audit.

The IT system in a bank is quite intricate. It is networked internally with individual systems and also externally connected with other systems including payment gateways, regulator’s applications, and other global networks. It is possible that the data centres of these banks are located centrally at an offsite location or at a vendor site. Where system access is feasible, the auditor can deploy some of the CAATs to perform audit through the computer. This way larger volume can get covered in shorter time duration thus enhancing the auditors comfort levels. This is critical considering that the bank’s transaction volumes are huge and dispersed across the geography. This can

get complicated if the record keeping and/or processing is centralized in which case the auditor needs to deploy another model. Visiting branches then serves less of a purpose as they are mere marketing centres which collect documents from the customers and send it across to zonal/regional collection/processing centres which finally send them to centralized processing centres. In such a case the audit focus has to be shifted to the operations shop where most of the action happens. Even though the bank prefers to outsource its routine activities, its underlying risks cannot get outsourced i.e. the bank is still responsible for each activity. Peripheral controls such as logistics arrangements, adherence to outsourcing arrangements, indemnity clauses (if outsourced to external agencies), termination clauses-etc. need to be looked into. The error logs need to be verified and correlated with customer complaints and performance matrices. Each bank has their unique risk control standards, RCSAs, KRIs and KPIs. Each of these can provide embedded red flags to the auditor and thus give direction to the risk focus areas.

Interaction with the technology team is crucial. IT audits are important part of the complete chain of audits. There are specific guidelines of the RBI on the scope and coverage (including specific checklists) of IT audits and controls. The auditor should either perform such audits or review the reports issued by any other auditor and identify any further checks the auditor deems necessary to perform. It is possible that the bank may have many systems, some of which may not interface with the core banking system. Hence hands off, batch processing, etc. become critical aspects to the audit approach. Any root cause issue getting resolved can resolve many a transactional level queries simultaneously. If the bank is heavily dependent on using electronic spreadsheets, it becomes important that the bank has deployed robust controls surround management of such spreadsheets e.g. password protection, critical cell locking, periodic backups, etc.



Risk based audit does not any way cut out basic substantive tests – it just helps in moderating the same based on risk identification and assessment. It helps in channelizing resources in the right direction. Sample testing for test of controls will continue as part of the audit process.

Risk identificationAs is true in the world of risk management any risk is inevitable – so tolerate, treat, transfer or terminate it. Before embarking upon risk management it is critical to identify and evaluate the intensity of the risk involved. Based on the auditors risk appetite, future course of action can be decided. Hence business understanding is a critical parameter involved. At the outset the auditor should evaluate and understand the big picture. Usually preconceived notions cloud the thinking process. Rather than mere focus on ‘form’ over ‘substance’, the auditor can evaluate the reverse way too i.e. ‘substance’ over ‘form’ as that way the focus does not merely stay on certain parameters (such as documentation) only.

To evaluate the level of risk related to specific areas of the audit, three components can help:

1) Inherent risk where environmental factors, (background knowledge of the bank and where past audits indicate no difficulties) are considered against whether or not they would lead to a material error, before considering the ‘function of internal controls’.

2) Control risk where the ‘system of internal controls’ is assessed against the possibility of preventing material error, or detecting it in time using internal controls.

3) Detection risk where the auditors procedures may fail to detect a material error not picked up by the internal controls.

In the bank there are primarily three types of risks – credit risk, market risk,

and operational risks. These can further be split into various types of risks such as – operations, accounting or financial, taxation, legal, regulatory, forensic, property, people, technology, and supplier. This is a representative list as each bank may have further risk classifications. From an audit perspective all these risks can terminate into a financial risk. The degree of intensity could vary; hence it is important to carry out risk assessment in terms of probability and impact.

Risk assessment

The prime purpose of risk assessment is to formulate the risk based audit plan. This risk assessment is undertaken at various levels – at corporate level, at branch level, at product level, and at process level. This is done to identify, measure, monitor and control the risks.

The risk assessment process should include identification of inherent business risks, evaluation of the effectiveness of the control systems for monitoring the inherent risks and drawing up a risk matrix for taking into account inherent and control risks. The basis for determination of the level (i.e., high, medium and low) and trend (i.e., increasing, decreasing, stable) of inherent and control risks should be clear. The risk assessment may make use of both – quantitative and qualitative approaches. In order to focus attention on areas of greater risk to the bank, it is advisable that an activity wise and location wise identification of risk is undertaken. To facilitate this process a standard checklist/questionnaire can be developed and certain parameters across each location are gathered.

The risk assessment methodology should include some of these parameters:

• Previous audit reports and compliance thereof (includes internal audit reports, concurrent audit reports, RBI inspection reports, action tracker and compliance thereof)



• Proposed changes in business structure, verticals, focus areas

• Involvement of head/regional office in policy framework creation

• Significant changes in management structure or key personnel

• Industry trends and other environmental/economic factors (e.g., $/Rs movement, inflation, oil prices, GDP growth, exports/imports trade)

• Volume of business and complexity of activities

• Budgetary control and performance reviews

• Process by which risks are identified and managed in various areas

• Overall control environment in various areas

• Gaps, if any, in control mechanism which might lead to frauds, identification of fraud prone areas

• Data integrity, reliability

• Internal and external compliance

• Internal checks and balances including transaction testing/verification of assets to the extent considered necessary.

Needless to say access to MIS and overall data integrity is key to the success of this risk

based audit approach. Also the auditor should keep constant touch with key management personnel so as to keep track of the recent changes and developments. Of course this becomes a challenge if the audit appointment is part of the panel process which takes time and is usually allocated few days or weeks before the actual audit commencement. Also stiff timelines are fixed which may not allow the auditor from investing additional time in audit planning thereby skipping a very important step and directly jumping onto audit field work. RBA is more suitable where the auditor has a longer tenure. The branch auditors may get rotated each year thereby not giving them enough opportunity to comprehend the bank branch business in its entirety and hence have to embark upon a quick audit. In such a situation the risk focused approach is critical as it allows the auditor to focus on critical audit areas in the limited time available.

Considering the size of the bank’s operations the throughputs in the general ledger is very high. Hence a trial balance review could be a good starting point especially to isolate any one offs or large ticket items. Policy matters such as revenue recognition, waivers are critical to evaluate any revenue leakage aspects. Of course the initial parameter to assess the size of the branch is the deposits and advances.

A typical risk audit matrix will be as under:

High (A) High (M), Low (F) (B) High (M), Medium (F) (C) High (M), High (F) = High risk = very high risk = extremely high risk

Medium (D) Medium (M), (E) Medium (F), Medium (F) Medium (M), High Low (F) = medium risk (F) = high risk (F) = very high risk

Low (G) Low (M), Low (F) (H) Low (M), Medium (I) Low (M), High (F) = low risk (F) = medium risk = high risk

Low Medium High

Control risks, frequency of risk (F), probability

Inh

ere

nt

risk

s,

mag

nit

ud

e o

f ri

sk (

M),

im

pact



Inherent business risks indicate the intrinsic risk in a particular area/activity of the bank and could be grouped into low, medium and high categories depending on the severity of the risk. Control risks arise out of inadequate control systems, deficiencies/gaps and/or likely failures in the existing control processes. The control risks could also be classified into low, medium and high categories.

In the overall risk assessment both the inherence and control risks should be factored in. The overall risk assessment as tabulated above implies:

(A) High risk – although the control risk is low, this is a high risk area due to high inherent risks

(B) Very high risk – the high inherent risk coupled with medium control risk makes this a very high risk area

(C) Extremely high risk – both the inherent and control risk are high which makes this an extremely high risk area. This area would require immediate audit attention, maximum allocation of audit resources besides ongoing monitoring

(D) Medium risk – although the control risk is low, this is a medium risk area due to medium inherent risk

(E) High risk – although the inherent risk is medium, this is a high risk area because of control risk also being medium

(F) Very high risk – although the inherent risk is medium, this is a very high risk area due to high control risk

(G) Low risk – both the inherent and control risk are low

(H) Medium risk – the inherent risk is low and the control risk is medium

(I) High risk – although the inherent risk is low, due to high control risk this becomes a high risk area

It should also be analyzed if the inherent and control risks are showing a stable, increasing

or decreasing trend. As an example, if an area falls within B or F (as defined/portrayed above) of the risk matrix and the risks are showing an increasing trend, then these areas would also require immediate audit attention, maximum allocation of audit resources, besides ongoing monitoring. This risk matrix should be prepared for each business activity/location.

This preparatory work can become an arduous task if the auditor has to do it on its own. The auditor will seek appropriate data inputs from the bank so as to generate this risk matrix. Eventually this methodology may range from a simple analysis of why certain areas should be audited more frequently than others in case of a small sized bank undertaking traditional banking business, to more sophisticated assessment systems in large sized banks undertaking complex business activities.

Based on the above, the audit plan should prioritize audit work to give greater attention to the areas of:

1. High magnitude and high frequency

2. High magnitude and medium frequency

3. Medium magnitude and high frequency

4. High magnitude and low frequency

5. Medium magnitude and low frequency

Risk based audit planning & reporting

The role of an external auditor is primarily to show a true and fair view of the company accounts and to abide by the auditing standards. Recently the risk-based approach has become as valued as auditing standards and adopted by most. The reason for it becoming so popular is that this audit approach helps the auditor to evaluate the level of risk to a particular area of the audit, i.e. specific accounts and transactions. Consequently, auditors can avoid both over and under auditing and can distribute work more evenly throughout the year.



Besides, focusing on the level of risk the risk-based method helps to evaluate and build value into the financial reporting process and the bank. In order to do this the auditor must have an upto date insight of the clients business and activities. This knowledge is gained by understanding the way the bank operates their business, management and internal and external environments. The knowledge gathered can help to design the audit programme that includes the most effective and efficient combination of tests responsive to each client’s unique circumstances. For this reason, the risk-based approach is superior to traditional auditing methods.

From a financial statements perspective, the auditor should also consider the management time spent in preparing the financials, the checks and balances ensured, the internal review process, the overall closure process and the nature of audit adjustments required. This will give the auditor the extent of robustness followed by the management based on which it can derive certain levels of comfort. Before getting into specifics, an analytical review (YoY movements, key ratios) will assist the auditor to identify the key swings and key focus areas. Also on the grounds of materiality it can consider to lay lower focus on certain areas thus achieving more coverage in less time. Budget vs actuals analysis will give a perspective on management control over the financials. Average balances and NIMs will give a logic check on the interest earned/spent, thus accuracy aspect of the accounting aspect.

The bank’s management will surely expect a trained team undertaking the audit, that is well aware of recent regulatory updates, has taken the efforts to understand the business and governance structure of the bank, has met key officials across various functions (beyond the accounts team), has been sufficiently briefed on developments within the bank and within the industry, is clear on the audit assertions (such as completeness, existence, accuracy, valuation, ownership, and presentation aspects) for each material/

identified auditable area, has prepared specific audit programmes to ensure consistency, is going to combine substantive procedures with relevant analytical procedures and will ensure timely escalation so as to mitigate any surprise element. Accordingly inquire, observe (including spending time in the banking hall, conducting mystery shopping, shadowing), review and verify should be the audit mantra.

During the audit resourcing stage, the audit team should have appropriate resources and staff to achieve its objectives under the risk based approach. The staff possessing the requisite skills only should be assigned the job of undertaking risk based audit. Further, the auditors should also be trained periodically to enable them to understand the bank’s business, operating procedures, risk management and control systems and relevant MIS. Sufficient interaction with bank’s management should be initiated well in advance such that any knowledge gap can be bridged at the earliest. Leveraging the vast data available on the internet is also advisable. Also for routine tasks checklists should be developed such that the learning curve is reduced and work gets carried out at a much swifter pace. Where necessary meet the other auditors and stakeholders to exchange views about the bank’s risks and controls.

As part of audit planning, the auditor would consider the risk assessment. This can be stated in the audit programme itself. Where the inherent risk and control risks are high, those areas can be then focused during the audit field work stage. Also based on the results, the risk assessment for the next audit can accordingly be modified, if the need be.

In its reporting, the auditor should clearly specify the audit approach adopted such that there is no expectation gap. It is known that the intent of any audit is not to identify any frauds and errors i.e. the audit programme is not developed to identify such aspects, but in the normal course if the auditor does come across some transactions, events or processes which are or seem to be out of sync, he may wish to bring to the attention



of the bank at the earliest such that any change in the audit focus can be made in a timely manner. Also while reporting the auditor can consider materiality aspect. Any aspects which distort the financial position can be rectified using adjustment entries. Any aspect which highlights only control weakness can get reported to the bank’s management via a management letter wherein the auditor can highlight the finding, its potential risk and implication, any recommendation and seek management response. At the end of the audit, the auditor may also seek a management representation letter from the bank covering those aspects which are judgemental and management has taken appropriate calls.

The communication channels between the audit staff and management should encourage reporting of negative and sensitive findings. All serious deficiencies should be reported to the appropriate level of management as soon as they are identified. Significant issues posing a threat to the bank’s business should be promptly brought to the notice of the board of directors, audit committee or the senior management as applicable. The Long Form Audit Report (LFAR) is the report wherein the auditor will highlight such significant aspects.

RBI perspectiveRBI had in August 2001 for the first time, introduced the concept of risk-based supervision of banks by way of a discussion paper. The discussion paper was issued to all scheduled commercial banks except regional rural banks and was made a subject matter of debate by the board of directors of all banks. Following that, in December 2002, the RBI issued a circular to all scheduled commercial banks, introducing the system of RBIA in those banks and urging them to make adequate preparation for successful implementation of the system.

The RBI has reviewed the implementation of the RBIA in various banks and observed that there are certain gaps/deficiencies which need to be addressed in order to ensure that

the RBIA framework is effective. Some of the gaps/deficiencies from the original guidance note on RBIA are:

(a) The risk assessment of branches should be carried out on the basis of the inherent business risks and control risks.

(b) The risk assessment should not only indicate the level of risk as High, Medium and Low but also the trend of risk in terms of increasing, decreasing or stable.

(c) The risk assessment should invariably be undertaken on a yearly basis.

(d) The auditor should ideally undertake 100% transaction testing if an area falls in cell C - Extremely High Risk; of the risk matrix. The auditor may also consider 100% transaction testing if an area falls in cell B - Very High Risk; or F - Very High Risk, and the risks are showing an increasing trend. The auditor may also consider transaction testing with an element of surprise in respect of low risk areas which would be audited at relatively longer intervals. As regards the areas falling in other cells (viz., ‘A—High Risk’, ‘D—Medium Risk’, ‘E-High Risk’, ‘G- Low Risk’, ‘H—Medium Risk’, ‘I—High Risk’) of the risk matrix, the auditor has to decide on the level of transaction testing based on its risk based internal audit policy duly approved by the Board/audit committee. The external auditor can also do risk audit matrix on these principles and arrive at its risk assessment thereby formulating the audit programme.

(e) The auditor has to prepare a Risk Audit Matrix which would be based on the magnitude and frequency of risk.

The RBI had advised the auditors to review the methodology of conducting the RBIA and the policy in this regard so as to align the same with the guidelines. Banks were instructed to form a Task Force comprising senior executives and entrust them with the responsibility of chalking out an action plan for switching over to RBIA.



ICAI perspectiveICAI has provided guidance on how the auditor should approach a typical audit. They have published guidance note on bank audits. They have also published write ups on specific topics which are of focus in a typical bank branch audit. Though there is no specific guidance on risk based audit but there is a technical guide (TG) available on risk based internal audit. The broad concepts of auditing can be absorbed from this guide. The broad audit principles would remain same whether the intent is to carry out an internal audit or a periodic statutory audit.

With a view to equip the members in appropriately understanding the concept of RBIA in banks and discharging their duties as internal auditors, the Committee on Internal Audit has brought out a TG. The TG deals with the significant aspects of RBI in a simple and lucid manner. The TG is divided into four chapters. Chapter 1, Introduction, explains the concept of internal audit, need for internal audit in banks, the concept of RBIA in banks, the cost-benefit analysis of internal audit, key audit decisions of a RBIA, advantages of RBIA and the distinction between RBIA and risk management function. Chapter 2, discusses in details, the steps involved in RBIA in banks, for example, preparation, identification of auditable units, conducting risk assessment, preparation of RBIA, identification of auditable units, preparation of risk matrix, key factors relevant for risk assessment, identification of inherent business risks. Chapter 3 deals with other related considerations such as functional independence, communication, performance evaluation, relationship with the external auditor. The last Chapter deals with the way forward. In addition, the appendices to the TG contain the relevant circulars of the RBI on the subject.

Perceived benefits and potential pitfallsMost of the large banks including audit firms have adopted the risk based audit approach. It has proven to be a tried and tested method whereby without compromising the audit responsibilities, risks and controls

have been effectively tested and significant misstatements and control weaknesses have been identified by the auditors. This approach is more suitable where the auditors have access to the bank over a series of time i.e. they are able to perform certain internal control checks during the interim audits and then focus on the financial disclosures and other checks and balances during the final visit. It becomes difficult to perform audit using risk based if the audit opinion needs to be delivered within a shorter duration, in which case the risk focused audit approach works better so as to get an enhanced coverage. Ironically when time is short, this method has proved to be an appropriate one as the focus then goes on high and medium risk items and keeping materiality in mind.

Although the new approach of auditing has become more popular over the years there are obvious advantages and disadvantages that need to be considered. For example, the aim of this risk-based approach is to assess and identify the high-risk areas, while at the same time, the auditor is minimising the risk of negligence. Therefore, this can speed up the audit and help to allocate specialists to specific areas of the audit. However, this process can cause more time to be spent on the audit and raise costs, not making economic sense. Unfortunately, another problem faced by auditors when adopting the risk-based approach is when identifying high-risk areas, auditors must decide what evidence should be required and in how much detail.

An auditor’s duty is to give a fair and truthful view of a client’s set of bank’s accounts, but auditors cannot guarantee that the bank’s accounts are entirely free of errors and irregularities. Therefore, in their audit planning auditors must identify and assess the inherent risk that they have not discovered, or will not discover material items. If an item is discovered, auditors must consider the context and presentation of the item and then decide whether it affects the true and fair view of the accounts. The Statements of Auditing Standards, states that auditors



should consider materiality and its relationship with audit risk when conducting an audit. In order to avoid materiality, it should be taken into account at the planning stage of an audit and re-evaluated if the outcomes of tests, enquiries or examinations differ from expectations.

Materiality is fundamental to accounting and is a matter of professional judgment with both quality and quantity dimensions. Auditing materiality is also known as tolerable error. Tolerable error is considered the maximum error in a population (sample size) that auditors are prepared to except and still conclude that the audit objectives have been achieved. The level of tolerable error is normally determined at the planning stages. Throughout the audit, tests are then carried out on these levels such that they provide evidence that the actual errors in the population are less than the tolerable error.

The objective of any sampling method is to draw conclusions from a large set of data. The objective of audit sampling is to establish with reasonable confidence that a number of factors are free from material misstatement. This means drawing conclusions from an entire set of data that may be a set of account balances (population) and then testing a representative sample of items (sampling units). Nonetheless, it is not required of auditors to check all transactions and balances of a business, but they must be practical and be aware of materiality. It would take too long to complete a check; because by the time they had reached the public they would be history. In some cases a 100%, check is still necessary, for example high-risk areas.

There are two methods of sampling the first is judgment sampling; the auditor selects an appropriate sample based on what the auditor judges as desirable. Next is the more popular and objective of the two, statistical sampling. This method of sampling is more commonly used as a scientifically and mathematically appropriate sample is selected. In order for the auditor to reach a conclusion based on the sample, he or she must select a sample

that is representative of the underlying population. Various methods can be used to select a representative sample, but all have a basic need to select a random sample.

When deciding on the appropriate sample sizes for any given population there are several factors to consider. Confidence levels must be taken into consideration when looking at the extent to which the auditor is justified in believing that the sample drawn at random reflects (with a stipulated range) the attributes of the population from which it was taken. Therefore, from the sample results and a given level of confidence the auditor can reasonably be assured that the error rate lies within certain boundaries, in addition this means that the auditor can never be 100% certain and confidence levels are seen to be complimentary to risk. Furthermore, because an auditor cannot be 100% certain, there must be a measure for the potential error rate in the population. Determining the precision area depends on the auditor’s own assessment of the situation, it can be seen that the confidence levels and precision are strongly interconnected.

The audit risk approach has grown significantly in recent years. This is a result of auditing firms making their audit work more cost effective, whilst still maintaining audit quality. Compared to the older substantive testing and system based auditing, risk based auditing takes account of substantive test risks and includes, inherent risk, control risk, detection risk and sampling risk as well as analytical control risk. This system of assessing risk and focusing the audit on the high-risk areas minimises the auditor’s risk against paying damages to a client through negligent work.

Assessing the risk of material misstatement at the financial statement level as well as at the planning stage, adds to and clarifies the direction on performing a combined assessment of inherent, and control risk, leaving the ability for the auditor to assess other risk factors in an audit. This approach to auditing has also changed the view of substantive procedures performed by auditors.



For example, the use of statistical sampling has significantly reduced, but remains an important part of auditor’s substantive procedures and one they wish to ensure is efficient and effective. In order to improve the risk-based approach, ways must be identified in which auditors’ judgment of inherent risk and control risk can become more accurate and consistent.

Having said the RBA relies a lot on the auditor’s business understanding, past experience and overall judgment. By adopting this approach, it is possible that the auditor may miss out something material/critical. There is no push of a button approach to RBA as audit is not a science but an art. Lastly there are management expectations and regulatory expectations – so by doing lesser (read as more value add & meatier work areas), the auditor has to also satisfy the expectation levels too such that no compromise is made in taking calculated risks.

Reference materialImplementation guide to risk based audit by AASB of ICAI

ICAI guidance note on bank audit

Various auditing standards such as SA 240, 300, 315, 330

RBI circular DBS.CO.PP.BC.17/11.01.005/ 2004-05 dated 1st February, 2005

RBI circular DBS.CO.PP.BC.10/11.01.005/ 2002-03 dated 27th December, 2002

RBI circular DBS.CO.RBS.58/36.01.002/ 2001-02 dated 13th August, 2001

Related articles published in ICAI/BCA journalsThis paper is meant to be a brief overview of the risk based audit approach which can be adopted by the auditing fraternity in the banking industry. As it is not a comprehensive paper readers are expected to make reference to relevant circulars, notifications and guidelines of RBI/ICAI and any other relevant regulator.

About the paper writer: CA Jatin J. Lodaya currently works in a foreign bank and has exposure to auditing & risk management while working in the bank and also as an auditor of various multinational banks in and outside India. The views expressed here are collated from various sources including personal experiences. They are personal views and need not represent the view of the organizations, current or past, where the author has been associated with. Any feedback, views, additional matters and suggestions can be sent to the paper writer at [email protected]

AA



NOTES


Basel Accord and Capital Adequacy Ratios

Great Global Credit Crisis of 2008–2009 has proved that no country is immune to the global reach of financial instability. Main causes of crisis were:

• Excess liquidity and too much leverage

• Inadequate capital with poor quality of resources for tiding over liquidity risk

• Systemically important financial institutions being interconnected

• Shortcomings in risk management, market transparency, corporate governance and compensation structure

• Inadequate or poor quality of regulatory supervision

Now that the worst is supposed to be over, officials and regulators, all over the world, are analysing the reasons for the crisis and strategy for preventing the crisis in future.

Most big banks operate in more than one country, affording them the opportunity to relocate their operations and employees. When the United Kingdom moved to tax bankers’ bonuses, the bankers in question threatened to move to Geneva. When the European Union began to contemplate strict regulation of hedge funds, fund managers proposed moving their operations to New York. Not only is disagreement among national regulators over priorities and strategies a source of potential conflict, but it threatens to vitiate their efforts to make the world a safer financial place.

While the Basel Committee has traditionally focused on ensuring that banks have enough capital to weather shocks, over the time it has also considered a variety of other stability-related issues. Its signature achievement is the Basel Accord for Capital Adequacy for Internationally Active Banks. Basel II has been adopted by a growing list of countries. Unfortunately, the financial

crisis has exposed the flaws in the Basel Accord, and especially the updated version, Basel II, published in 2004. Basel II overemphasized the rating technology. Basel II allowed banks to hold less capital against assets that received investment-grade ratings from commercial credit rating agencies. As ratings are revised upward in good times and downward in bad times, this practice was strongly procyclical. It encouraged even more lending when lending was booming and more retrenchment when financial institutions were retrenching. It ignored the conflicts of interest to which the rating agencies were subject. It also allowed banks to use their own internal models–later proved to be problematic–to evaluate the risk of losses and the amount of capital that had to be held against those risks. It bought into the bankers’ arguments that they could safely reduce their own funds held in reserve (so-called Tier 1 capital) to little more than 2 percent of bank assets. During the early “liquidity phase” of the financial crisis that began in 2007, many banks – despite adequate capital levels – still experienced difficulties because they did not manage their liquidity in a prudent manner.

Thus, evolved Basel III, designed to address the shortcomings. The framework includes firm-specific approaches and incorporates macro prudential measures to help address systemic risk and interconnectedness. It introduces capital buffers that can help protect the banking sector against credit bubbles and that can be drawn down during times of stress. It has provided for leverage ratio.

The Basel Committee’s oversight body - the Group of Central Bank Governors and Heads of Supervision (GHOS) - agreed on the broad framework of Basel III in September 2009 and the Committee set out concrete proposals in December 2009. These consultative documents formed the basis of the Committee’s response to the financial crisis and are part of the global initiatives to


CA. Mrudul Gokhale



strengthen the financial regulatory system that have been endorsed by the G20 Leaders. The GHOS subsequently agreed on key design elements of the reform package at its July 2010 meeting and on the calibration and transition to implement the measures at its September 2010 meeting.

Basel III is part of the Committee’s continuous effort to enhance the banking regulatory framework. It builds on the International Convergence of Capital Measurement and Capital Standards document (Basel II).

The Basel III requirements will begin to take effect from the beginning of 2013 and will be

progressively phased in by 2019. Given below are highlights of Basel III framework:

A. Increased capital requirements The minimum requirement for common

equity, the highest form of loss absorbing capital, will be raised from the current 2% level, before the application of regulatory adjustments, to 4.5% after the application of stricter adjustments. This will be phased in by 1 January 2015. The Tier 1 capital requirement, which includes common equity and other qualifying financial instruments based on stricter criteria, will increase from 4% to 6% over the same period.

Common equity Tier I Capital Total Capital (after deduction)

Minimum 4.5 6 8

Conservation Buffer 2.5

Minimum + conservation Buffer 7 8.5 10.5

Counter cyclical Buffer Range 0 - 2.5

GHOS also agreed that the capital conservation buffer above the regulatory minimum requirement be calibrated at 2.5% and be met with common equity, after the application of deductions. The purpose of the conservation buffer is to ensure that banks maintain a buffer of capital that can be used to absorb losses during periods of financial and economic stress. While banks are allowed to draw on the buffer during such periods of stress, the closer their regulatory capital ratios approach the minimum requirement, the greater the constraints on earnings distributions.

A countercyclical buffer within a range of 0% - 2.5% of common equity or other fully loss absorbing capital will be implemented according to national circumstances. The purpose of the countercyclical buffer is to achieve

the broader macroprudential goal of protecting the banking sector from periods of excess aggregate credit growth.

These capital requirements are supplemented by a non-risk-based leverage ratio that will serve as a backstop to the risk-based measures described above.

B. Transition and implementation The standards will be phased in gradually

so that the banking sector can move to the higher capital and liquidity standards while supporting lending to the economy. With respect to the leverage ratio, the Committee will use the transition period to assess whether it’s proposed design and calibration is appropriate over a full credit cycle and for different types of business models. Based on the results



of a parallel run period, any adjustments would be carried out in the first half of 2017 with a view to migrating to a Pillar 1 treatment on 1 January 2018 based on appropriate review and calibration.

Both the Liquidity Coverage Ratio (LCR) and the Net Stable Funding Ratio (NSFR) will be subject to an observation period and will include a review clause to address any unintended consequences.

C. Liquidity Coverage Ratio (LCR) Objective is to ensure that a bank

maintains an adequate level of unencumbered, high-quality liquid assets that can be converted into cash to meet

its liquidity needs for a 30 calendar day time horizon under a significantly severe liquidity stress scenario specified by supervisors.

Phase-in arrangements (shading indicates transition periods) (all dates are as of 1 January)

2011 2012 2013 2014 2015 2016 2017 2018 2019

Leverage ratio Supervisory Parallel Run 2013-2017 Migration monitoring Disclosure Starts 1 Jan 2015 Pillar I

Minimum common 3.5% 4% 4.5% 4.5% 4.5% 4.5% 4.5% equity capital ratio

Capital conversion 0.625% 1.25% 1.875% 2.5% buffer

Minimum common 3.5% 4% 4.5% 5.125% 5.75% 6.37% 7% equity+ Capital conversion buffer

Phase-in of 20% 40% 60% 80% 100% 100% deductions from CET1

Minimum Tier 1 4.5% 5.5% 6% 6% 6% 6% 6% Capital

Minimum Total 8% 8% 8% 8% 8% 8% 8% Capital

Minimum Total 8% 8% 8% 8.625% 9.25% 9.875% 10.5% Capital plus conservation buffer

Liquidity coverage Observation Introduceratio period minimum begins standard Net stable funding Observation Introduceratio period minimum begins standard



Definitionof the standard

Stock of high-quality liquid assets

Total net cash outflows over the ≥ 100% next 30 calendar days

Banks are expected to meet this requirement continuously and hold a stock of unencumbered, high-quality liquid assets as a defense against the potential onset of severe liquidity stress. Assets are considered to be high-quality liquid assets if they can be easily and immediately converted into cash at little or no loss of value. The liquidity of an asset depends on the underlying stress scenario, the volume to be monetised and the timeframe considered.

While the LCR is expected to be met and reported in a single common currency, banks are expected to be able to meet their liquidity needs in each currency and maintain high-quality liquid assets consistent with the distribution of their liquidity needs by currency.

All high-quality liquid assets should ideally be central bank eligible8 for intraday liquidity needs and overnight liquidity facilities in a jurisdiction and currency where the bank has access to the central bank.

The term total net cash outflows13 is defined as the total expected cash outflows minus total expected cash inflows in the specified stress scenario for the subsequent 30 calendar days. They are calculated by –

• Multiplying the outstanding balances of various categories or types of liabilities and off-balance sheet commitments by the rates at which they are expected to run off or be drawn down.

• Multiplying the outstanding balances of various categories of contractual receivables by the rates at which they are expected to flow in under

the scenario up to an aggregate cap of 75% of total expected cash outflows.

Banks will not be permitted to double count items – i.e. if included as part of the “stock of high-quality liquid assets” (i.e. the numerator), the assets cannot also be counted as cash inflows.

D. To promote more medium and long-term funding of the assets and activities of banking organisations, the Committee has developed the Net Stable Funding Ratio (NSFR). The NSFR standard is structured to ensure that long term assets are funded with at least a minimum amount of stable liabilities in relation to their liquidity risk profiles. The NSFR aims to limit over-reliance on short-term wholesale funding during times of buoyant market liquidity and encourage better assessment of liquidity risk across all on- and off-balance sheet items. Besides, it offsets incentives for institutions to fund their stock of liquid assets with short-term funds that mature just outside the 30-day horizon for that standard.

E. Monitoring tools These metrics, together with the

standards, provide the cornerstone of information that aid supervisors in assessing the liquidity risk of a bank. In addition, supervisors may need to supplement this framework by using additional tools and metrics tailored to help capture elements of liquidity risk specific to their jurisdictions.

The metrics discussed in this section include the following:

• Contractual maturity mismatch - The contractual maturity mismatch profile identifies the gaps between the contractual inflows and outflows of liquidity for defined time bands. These maturity gaps indicate how much liquidity a bank would potentially need to raise in each



of these time bands if all outflows occurred at the earliest possible date.

• Concentration of funding - This metric is meant to identify those sources of wholesale funding that are of such significance that withdrawal of this funding could trigger liquidity problems. The metric thus encourages the diversification of funding sources recommended in the Committee’s Sound Principles.

Definition and practical applicationof the metricA. Funding liabilities sourced from each

significant counterparty

The bank’s balance sheet total

B. Funding liabilities sourced from each significant product/instrument

The bank’s balance sheet total

C. List of asset and liability amounts by significant currency

A “significant counterparty” is defined as a single counterparty or group of connected or affiliated counterparties accounting in aggregate for more than 1% of the bank’s total balance sheet, although in some cases there may be other defining characteristics based on the funding profile of the bank.

A “significant instrument/product” is defined as a single instrument/product or group of similar instruments/products that in aggregate amount to more than 1% of the bank’s total balance sheet.

A currency is considered “significant” if the aggregate liabilities denominated in that currency amount to 5% or more of the bank’s total liabilities.

The above metrics should be reported separately for the time horizons of less than one month, 1-3 months, 3-6 months, 6-12 months, and for longer than 12 months.

• Available unencumbered assets: This metric provides supervisors with data on the quantity and key characteristics, including currency denomination and location, of banks’ available unencumbered assets. These assets have the potential to be used as collateral to raise additional secured funding in secondary markets and/or are eligible at central banks and as such may potentially be additional sources of liquidity for the bank.

In addition to providing the total amounts available, a bank should report these items categorised by significant currency. a bank must report the estimated haircut that the secondary market and/or relevant central bank would require for each asset.

• LCR by significant currency

Foreign Currency LCR = Stock of high-quality liquid assets in each significant currency /Total net cash outflows over a 30-day time period in each significant currency

(Note: Amount of total net foreign exchange cash outflows should be net of foreign exchange hedges)

This metric is meant to allow the bank and supervisor to track potential currency mismatch issues that could arise in a time of stress.

• Market-related monitoring tools for supervisors :

— Market-wide information : Supervisors can monitor information both on the absolute level and direction of major markets and consider their potential impact on the financial sector and the specific bank

— Information on the financial sector

— Bank-specific information



While responding to regulating Indian Banks, the Reserve Bank has issued guidelines related to prudential norms on capital adequacy from time to time. The guidelines are being constantly updated in line with internationally used best practices. The latest master circular on the subject is RBI/2010-11/62, DBOD.No.BP.BC.15/21.06.001/2010-11dated July 1, 2010, which is a comprehensive document covering all aspects of management and evaluation of risks.

All commercial banks excluding RRBs are required to comply with prudential norms for capital adequacy. Banks are required to maintain a minimum CRAR of 9 percent on an ongoing basis, both at solo level and on consolidated basis. The Reserve Bank will take into account the relevant risk factors and the internal capital adequacy assessments of each bank to ensure that the capital held by a bank is commensurate with the bank’s overall risk profile. The Reserve Bank will consider prescribing a higher level of minimum capital ratio for each bank. Banks are expected to operate at a level well above the minimum requirement.

It has been decided that all commercial banks in India (excluding Local Area Banks and Regional Rural Banks) shall adopt

Standardised Approach (SA) for credit risk and Basic Indicator Approach (BIA) for operational risk. Banks shall continue to apply the Standardised Duration Approach (SDA) for computing capital requirement for market risks. Foreign banks operating in India and Indian banks, having operational presence outside India, have migrated to the above approaches under the Revised Framework with effect from March 31, 2008. All other commercial banks have migrated to these approaches under the Revised Framework by March 31, 2009.

RBI has laid down a time frame for implementation of the advanced approaches in India. This would enable the banks to plan and prepare for their migration to the advanced approaches for credit risk and operational risk, as also for the Internal Models Approach (IMA) for market risk. While deciding time frame RBI has considered the likely lead time that may be needed by the banks for creating the requisite technological and the risk management infrastructure, including the required databases, the MIS and the skill up-gradation, etc., The following time schedule has been laid down for implementation of the advanced approaches for the regulatory capital measurement:

Indian Scenarios

Sr. Approach The earliest Likely date of No. date of making approval by the application by RBI banks to the RBI

a. Internal Models Approach (IMA) for April 1, 2010 March 31, 2011 Market Risk

b. The Standardised Approach (TSA) for April 1, 2010 September 30, Operational Risk 2010

c. Advanced Measurement Approach (AMA) April 1, 2012 March 31, 2014 for Operational Risk

d. Internal Ratings-Based (IRB) Approaches April 1, 2012 March 31, 2014 for Credit Risk (Foundation- as well as Advanced IRB)



Thus, banks are required to internally assess their readiness to switch to advanced approaches. And only after obtaining RBI approval, they can migrate to advanced approaches as per timeframe given above.

Important principles for arriving at CRAR (Capital to Risk –Weighted Assets Ratio) have been listed below.

Banks are required to maintain, at both solo and consolidated level, a Tier I CRAR of at least 6 per cent. CRAR is a function of four elements- regulatory capital, credit risk weighted assets, market risk weighted assets and operational risk weighted assets.

I. Regulatory Capital The main objective of capital adequacy

norms is that the banks should have adequate capital at all the times to absorb the losses, if any, arising from the inherent risks in the business. For supervisory purposes capital is split into two categories: Tier I and Tier II. These categories represent different instruments’ quality as capital.

Tier I capital is a core capital. And Tier II capital is supplemental capital which includes some items having characteristics of capital plus debt. The list of items eligible for considering as a regulatory capital for Indian Banks and Foreign Banks operating in India has been well defined in the master circular. From these items deductions as specified to be effected to arrive at regulatory capital. Care must be taken to consider the caps or limits specified for tier 2 capital items.

II. Credit Risk weighted assets: Credit risk is most simply defined as

the potential that a bank’s borrower or counterparty may fail to meet its obligations in accordance with agreed terms. It is the possibility of losses associated with diminution in the credit

quality of borrowers or counterparties. For most banks, loans are the largest and the most obvious source of credit risk. Other sources of credit risk exist throughout the activities of a bank, including in the banking book and in the trading book, and both on and off balance sheet. Banks increasingly face credit risk (or counterparty risk) in various financial instruments other than loans, including acceptances, inter-bank transactions, trade financing, foreign exchange transactions, financial futures, swaps, bonds, equities, options and in guarantees and settlement of transactions.

Under the Standardised Approach, the rating assigned by the eligible external credit rating agencies will largely support the measure of credit risk. The Reserve Bank has identified the external credit rating agencies that meet the eligibility criteria specified under the revised Framework. Banks may rely upon the ratings assigned by the external credit rating agencies chosen by the Reserve Bank for assigning risk weights for capital adequacy purposes as per the mapping furnished in the guidelines.

RBI approved Rating Agencies are:

Domestic -

a) Credit Analysis and Research Limited;

b) CRISIL Limited;

c) FITCH India; and

d) ICRA Limited.

International-

a) Fitch;

b) Moodys; and

c) Standard & Poor’s

Refer to RBI guidelines in the master circular for scope of application, use of ratings (including multiple rating assessments) and mapping process. As a general rule, banks



should use only solicited rating from the chosen credit rating agencies. No ratings issued by the credit rating agencies on an unsolicited basis should be considered for risk weight calculation as per the Standardised Approach. Banks must disclose the names of the credit rating agencies that they use for the risk weighting of their assets

Step by step approach to calculate Credit Risk Weighted Assets:

1) Classify assets, other than investments, into balance sheet and off-balance sheet categories

2) Balance Sheet category assets are required to be further grouped as under:

a) Claims on Domestic Sovereigns :

i) Both fund based and non fund based claims on the central government will attract a zero risk weight. Central Government guaranteed claims will attract a zero risk weight.

ii) The Direct loan /credit /overdraft exposure, if any, of banks to the State Governments and the investment in State Government securities will attract zero risk weight. State Government guaranteed claims will attract 20 per cent risk weight’.

iii) The risk weight applicable to claims on central government exposures will also apply to the claims on the Reserve Bank of India, DICGC and Credit Guarantee Fund Trust for Small Industries (CGTSI). The claims on ECGC will attract a risk weight of 20 per cent.

The above risk weights for both direct claims and guarantee claims will be applicable as long as they are classified as ‘standard’/

performing assets. Where these sovereign exposures are classified as non-performing, they would attract risk weights as applicable to NPAs.

b) Claims on Foreign Sovereigns : This will attract risk weights as per the rating assigned to those sovereigns /sovereign claims by international rating agencies. Claims denominated in domestic currency of the foreign sovereign met out of the resources in the same currency raised in the jurisdiction7 of that sovereign will, however, attract a risk weight of zero percent.

c) Claims on Public Sector Entities (PSEs): Claims on domestic public sector entities will be risk weighted in a manner similar to claims on Corporates. Claims on foreign PSEs will be risk weighted as per the rating assigned by the international rating agencies.

d) Claims on MDBs, BIS and IMF : Claims on the Bank for International Settlements (BIS), the International Monetary Fund (IMF) and the eligible Multilateral Development Banks (MDBs) evaluated by the BCBS will be treated similar to claims on scheduled banks meeting the minimum capital adequacy requirements and assigned a uniform twenty percent risk weight. Similarly, claims on the International Finance Facility for Immunization (IFFIm) will also attract a twenty per cent risk weight.

e) Claims on Banks: The claims on banks incorporated in India and the branches of foreign banks in India (other than the ones which are subsidiaries, associates and under group companies), will be risk weighted depending on CRAR of the bank and the quantum



of investment in the entity. Risk weights for claims on foreign banks will be as per the ratings assigned by international rating agencies.

The exposures of the Indian branches of foreign banks, guaranteed /counter-guaranteed by the overseas Head Offices or the bank’s branch in another country would amount to a claim on the parent foreign bank and would also attract the risk weights as per Table given in the guidelines. However, the claims on a bank which are denominated in ‘domestic’ foreign currency met out of the resources in the same currency raised in that jurisdiction will be risk weighted at 20 per cent provided the bank complies with the minimum CRAR prescribed by the concerned bank regulator(s).

f) Claims on Primary Dealers: They shall be risk weighted in a manner similar to claims on corporate.

g) Claims on Corporates, AFCs and NBCF-IFCs shall be risk weighted as per the ratings assigned by the rating agencies registered with the SEBI and accredited by the Reserve Bank of India. Risk weights vary depending on the nature of claim- short term and long term.

Risk weight on claims on AFCs would continue to be governed by credit rating of the AFCs, except that claims that attract a risk weight of 150 per cent under NCAF shall be reduced to a level of 100 per cent. No claim on an unrated corporate may be given a risk weight preferential to that assigned to its sovereign of incorporation. The Reserve Bank may increase the standard risk weight for unrated claims where a higher risk weight is warranted by the overall default experience. As part of the

supervisory review process, the Reserve Bank would also consider whether the credit quality of unrated corporate claims held by individual banks should warrant a standard risk weight higher than 100 per cent.

The claims on non-resident corporates will be risk weighted as per the ratings assigned by international rating agencies.

h) Claims included in the Regulatory Retail Portfolio (other than NPAS) shall be assigned a risk-weight of 75 per cent for non performing assets. RBI has given certain qualifying tests for a portfolio to be considered under this category.

i) Claims secured by residential property: Lending to individuals meant for acquiring residential property which are fully secured by mortgages on the residential property that is or will be occupied by the borrower, or that is rented, shall be risk weighted as indicated below, provided the loan to value ratio (LTV) is not more than 75 per cent, based on Board approved valuation policy.

Amount of loan Risk weight (%)

Up to ` 30 lakh 50

` 30 lakh and above 75

Where LTV ratio is more than 75%, it will attract risk weight of 100%.

All other claims secured by residential property would attract the higher of the risk weight applicable to the counterparty or to the purpose for which the bank has extended finance.

Restructured housing loans should be risk weighted with an additional risk weight of 25 per cent to the



risk weights prescribed above. Loans /exposures to intermediaries for on-lending will not be eligible for inclusion under this head, but will be treated as claims on corporates or claims included in the regulatory retail portfolio as the case may be.

Investments in mortgage backed securities (MBS) backed by exposures will be governed by the guidelines pertaining to securitisation exposures.

j) Claims classified as Commercial Real Estate Exposure will attract risk weight of 100%. Investment in mortgage backed securities having exposure to commercial real estate will be governed by the guidelines pertaining to securitization exposure.

k) Non- Performing Assets – NPAS - The unsecured portion of NPA (other than a qualifying residential mortgage loan), net of specific provisions (including partial write-offs), will be risk-weighted as follows:

(i) 150 per cent risk weight when specific provisions are less than 20 per cent of the outstanding amount of the NPA;

(ii) 100 per cent risk weight when specific provisions are at least 20 per cent of the outstanding amount of the NPA;

(iii) 50 per cent risk weight when specific provisions are at least 50 per cent of the outstanding amount of the NPA

For the purpose of computing the level of specific provisions in NPAs for deciding the risk-weighting, all funded NPA exposures of a single counterparty (without netting the value of the eligible

collateral) should be reckoned in the denominator. Further detailed guidelines have been given regarding recognition of collateral to be recognized for credit risk mitigation purpose.

l) Specified Categories: These include the exposures other than the ones covered above. They are risk weighted as follows:

Fund based and non-fund based claims on Venture Capital Funds- 150 per cent

Consumer credit, including personal loans and credit card receivables but excluding educational loans, will attract a higher risk weight of 125 per cent or higher, if warranted by the external rating (or, the lack of it) of the counterparty.

‘Capital market exposures’ will attract a 125 per cent risk weight or risk weight warranted by external rating (or lack of it) of the counterparty, whichever is higher.

The claims on rated as well as unrated ‘Non-deposit Taking Systemically Important Non-Banking Financial Companies (NBFC-ND-SI), other than AFCs and NBFC-IFCs, regardless of the amount of claim, shall be uniformly risk weighted at 100 per cent.

All investments in the paid up equity of non-financial entities, which are not consolidated for capital purposes with the bank, shall be assigned a 125 per cent risk weight. All Investments in the paid up equity of financial entities (other than banks) which are not consolidated for capital purposes with the bank, where such investment is upto 30 per cent of the equity of the investee entity, shall be assigned a 125 per cent risk weight or a risk weight



warranted by the external rating (or the lack of it) of the counterparty, whichever is higher.

m) Loans and advances to bank’s own staff which are fully covered by superannuation benefits and/or mortgage of flat/house will attract a 20 per cent risk weight

3) Off-Balance Sheet Items The total risk weighted off-balance

sheet credit exposure is calculated as the sum of the risk-weighted amount of the market related and non-market related off-balance sheet items. The risk-weighted amount of an off-balance sheet item that gives rise to credit exposure is generally calculated by means of a two-step process:

(a) the notional amount of the transaction is converted into a credit equivalent amount, by multiplying the amount by the specified credit conversion factor or by applying the current exposure method, and

(b) the resulting credit equivalent amount is multiplied by the risk weight applicable to the counterparty or to the purpose for which the bank has extended finance or the type of asset, whichever is higher.

Where the off-balance sheet item is secured by eligible collateral or guarantee, the credit risk mitigation guidelines may be applied. The credit equivalent amount in relation to a non-market related off-balance sheet item like, direct credit substitutes, trade and performance related contingent items and commitments with certain drawdown, other commitments, etc. will be determined by multiplying the contracted amount of that particular transaction by the relevant credit conversion factor (CCF).

Where the non-market related off-balance sheet item is an undrawn or partially undrawn fund-based facility, the amount of undrawn commitment to be included in calculating the off-balance sheet non-market related credit exposures is the maximum unused portion of the commitment that could be drawn during the remaining period to maturity. Any drawn portion of a commitment forms a part of bank’s on-balance sheet credit exposure.

In the case of irrevocable commitments to provide off-balance sheet facilities, the original maturity will be measured from the commencement of the commitment until the time the associated facility expires. The credit conversion factors given by RBI have to be applied to off-balance sheet as per the transaction nature.

The credit risk on market related off-balance sheet items is the cost to a bank of replacing the cash flow specified by the contract in the event of counterparty default. This would depend, among other things, upon the maturity of the contract and on the volatility of rates underlying the type of instrument. Market related off-balance sheet items would include interest rate contracts, foreign exchange contracts and any other market related contracts specifically allowed by the Reserve Bank which give rise to credit risk. After considering certain exemptions granted, CCF has to be applied to the exposures. RBI has also specified a method for assessing credit exposure for failed transactions.

4) Securitisation Exposure Banks are required to hold regulatory

capital against all of their securitisation exposures, including those arising from the provision of credit risk mitigants to a securitization transaction, investments in asset-backed securities, retention of a subordinated tranche, and extension of a liquidity facility or credit



enhancement. Repurchased securitisation exposures must be treated as retained securitisation exposures. Refer to RBI guidelines regarding detailed rules and process for deduction from capital, credit enhancement treatment, application of external ratings, recognition of credit risk mitigants and treatment for off-balance sheet exposures to calculate the risk weighted assets.

5) Credit Risk Mitigation techniques - Collaterals and guarantees obtained towards reducing credit are recognized subject to conditions specified. The haircuts are used to adjust for volatility, adjustments are to be made where collateral and exposure are in different currencies with maturity mismatch and formulae specified should be applied to arrive at value of exposure after risk mitigation.

In the case where a bank has multiple CRM techniques covering a single exposure (e.g. a bank has both collateral and guarantee partially covering an exposure), the bank will be required to subdivide the exposure into portions covered by each type of CRM technique (e.g. portion covered by collateral, portion covered by guarantee) and the risk-weighted assets of each portion must be calculated separately. When credit protection provided by a single protection provider has differing maturities, they must be subdivided into separate protection as well.

6) Counterparty credit risk for repo and reverse repo style transaction is a risk of default by counterparty. Risk weight is applied depending on the type of securities, collaterals and haircut applicable.

7) On-balance sheet netting is confined to loans/advances and deposits, where banks have legally enforceable netting arrangements, involving specific lien with proof of documentation. Net exposure is

calculated by using the formula given provided all conditions specified are fulfilled.

III. Measurement of capital charge for interest rate risk

The capital charge for interest rate related instruments would apply to current market value of these items in bank’s trading book. Since banks are required to maintain capital for market risks on an ongoing basis, they are required to mark to market their trading positions on a daily basis. The current market value will be determined as per extant RBI guidelines on valuation of investments.

The minimum capital requirement is expressed in terms of two separately calculated charges, (i) “specific risk” charge for each security, which is designed to protect against an adverse movement in the price of an individual security owing to factors related to the individual issuer, both for short (short position is not allowed in India except in derivatives) and long positions, and (ii) “general market risk” charges towards interest rate risk in the portfolio, where long and short positions (which is not allowed in India except in derivatives and Central Government securities) in different securities or instruments can be offset.

For the debt securities held under AFS category, in view of the possible longer holding period and attendant higher specific risk, the banks shall hold total capital charge for market risk equal to greater of (a) or (b) below:

a) Specific risk capital charge, computed notionally for the AFS securities treating them as held under HFT category (as computed according to Table 16: Part A/C/E, as applicable) plus the General Market Risk Capital Charge.



b) Alternative total capital charge for the AFS category computed notionally treating them as held in the banking book.

Capital Charge forSpecificRiskThe capital charge for specific risk is designed to protect against an adverse movement in the price of an individual security owing to factors related to the individual issuer. The specific risk charges for various kinds of exposures would be as applied as detailed in RBI guidelines. The securities would be classified as HFT and AFS category and further depending on type of issuer and the rating of the issuer, specific risk capital as a percentage of exposure to be applied.

General Market RiskThe capital requirements for general market risk are designed to capture the risk of loss arising from changes in market interest rates. The capital charge is the sum of four components:

i. the net short (which is not allowed in India except in derivatives) or long position in the whole trading book;

ii. a small proportion of the matched positions in each time-band (the “vertical disallowance”);

iii. a larger proportion of the matched positions across different time bands (the “horizontal disallowance”), and

iv. a net charge for positions in options, where appropriate

The Basle Committee has suggested two broad methodologies for computation of capital charge for market risks. One is the

standardized method and the other is the banks’ internal risk management models method. As banks in India are still in a nascent stage of developing internal risk management models, it has been decided that, to start with, banks may adopt the standardised method. Under the standardised method there are two principal methods of measuring market risk, a “maturity” method and a “duration” method.

A maturity /re-pricing schedule is used to evaluate the effects of changing interest rates on a bank’s economic value by applying sensitivity weights to each time band. Typically, such weights are based on estimates of the duration of assets and liabilities that fall into each time band. Duration is measure of the percentage change in the economic value of a position that will occur given a small change in the level of interest rates. It reflects the timing and size of cash flows that occur before the instrument’s contractual maturity.

As “duration” method is a more accurate method of measuring interest rate risk, it has been decided to adopt standardized duration method to arrive at the capital charge. Accordingly, banks are required to measure the general market risk charge by calculating the price sensitivity (modified duration) of each position separately. Modified duration which is a standard duration divided by 1 + r where r is the level of market interest rates – is an elasticity. As such it reflects the percentage change in the economic value of the instrument for a given percentage change in 1 + r. As with simple duration, it assumes a linear relationship between percentage changes in value and percentage changes in interest rates. Under this method, the mechanics are as follows:



Table 1 - Duration method – time bands and assumed changes in yield

Time Bands Assumed Time Bands Assumed Change in Yield Change in Yield

Zone 1 Zone 3

1 month or less 1.00 3.6 to 4.3 yrs 0.75

1 to 3 months 1.00 4.3 to 5.7 yrs 0.70

3 to 6 months 1.00 5.7 to 7.3 yrs 0.65

6 to 12 months 1.00 7.3 to 9.3 yrs 0.60

Zone 2 9.3 to 10.6 yrs 0.60

1.0 to 1.9 yrs 0.90 10.6 to 12 yrs 0.60

1.9 to 2.8 yrs 0.80 12 to 20 yrs 0.60

2.8 to 3.6 yrs 0.75 Over 20 yrs 0.60

Table 2 Horizontal Disallowances

Zones Time band Within the Between Between zones adjacent zones 1 zones and 3

Zone 1 1 month or less 40% 40%

1 to 3 months

3 to 6 months

6 to 12 months 40% 100%

Zone 2 1.0 to 1.9 years 30%

1.9 to 2.8 years

2.8 to 3.6 years

Zone 3 3.6 to 4.3 years 30%

4.3 to 5.7 years

5.7 to 7.3 years

7.3 to 9.3 years

9.3 to 10.6 years

10.6 to 12 years

12 to 20 years

over 20 years



Capital charge for interest rate derivativesThe measurement of capital charge for market risks should include all interest rate derivatives and off-balance sheet instruments

in the trading book and derivatives entered into for hedging trading book exposures which would react to changes in the interest rates, like FRAs, interest rate positions etc.

Summary of treatment of interest rate derivatives

Instrument Specificrisk GeneralMarketrisk charge Charge

Exchange-traded future

- Government debt security No Yes, as two positions

- Corporate debt security Yes Yes, as two positions

- Index on interest rates (e.g. MIBOR) No Yes, as two positions

OTC forward

- Government debt security No Yes, as two positions

- Corporate debt security Yes Yes, as two positions

- Index on interest rates (e.g. MIBOR) No Yes, as two positions

FRAs, Swaps No Yes, as two positions

Forward Foreign Exchange No Yes, as one position in each currency

Options

- Government debt security No

- Corporate debt security Yes

- Index on interest rates (e.g. MIBOR) No

- FRAs, Swaps No

Treatment of OptionsIn recognition of the wide diversity of banks’ activities in options and the difficulties of measuring price risk for options, alternative approaches are permissible as under:

• those banks which solely use purchased options* will be free to use the simplified approach described in Section I below;

• those banks which also write options will be expected to use one of the intermediate approaches as set out in Section II below.

Banks which handle a limited range of purchased options only will be free to use the simplified approach.

Capital charge for interest rate risk in foreign currenciesDetails of computing capital charges for interest rate risks in foreign currencies are as under:

i. Capital charges should be calculated for each currency separately and then summed with no offsetting between positions of opposite sign.



ii. In the case of those currencies in which business is insignificant (where the turnover in the respective currency is less than 5% of overall foreign exchange turnover), separate calculations for each currency are not required. The bank may, instead, slot within each appropriate time-band, the net long or short position for each currency. However, these individual net positions are to be summed within each time-band, irrespective of whether they are long or short positions, to produce a gross position figure. The gross positions in each time-band will be subject to the assumed change in yield set out with no further offsets

Measurement of capital charge for equity riskThe capital charge for equities would apply on their current market value in bank’s trading book. This is applied to all instruments that exhibit market behavior similar to equities but not to non convertible preference shares (which are covered by the interest rate risk requirements). The instruments covered include equity shares, whether voting or non-voting, convertible securities that behave like equities, for example: units of mutual funds, and commitments to buy or sell equity.

Capital charge for specific risk (akin to credit risk) will be 9% and specific risk is computed on the banks’ gross equity positions (i.e. the sum of all long equity positions and of all short equity positions – short equity position is, however, not allowed for banks in India. The general market risk charge will also be 9% on the gross equity positions.

Specific Risk Capital Charge for banks’ investment in Security Receipts will be 13.5 per cent (equivalent to 150 per cent risk weight). Since the Security Receipts are by and large illiquid and not traded in the secondary market, there will be no General Market Risk Capital Charge on them.

Measurement of capital charge for foreign exchange and gold open positionsThe bank’s net open position in each currency should be calculated by summing:

• The net spot position (i.e. all asset items less all liability items, including accrued interest, denominated in the currency in question);

• The net forward position (i.e. all amounts to be received less all amounts to be paid under forward foreign exchange transactions, including currency futures and the principal on currency swaps not included in the spot position);

• Guarantees (and similar instruments) that are certain to be called and are likely to be irrecoverable;

• Net future income/expenses not yet accrued but already fully hedged (at the discretion of the reporting bank);

• Depending on particular accounting conventions in different countries, any other item representing a profit or loss in foreign currencies;

• The net delta-based equivalent of the total book of foreign currency options

Foreign exchange open positions and gold open positions are at present risk-weighted at 100 per cent. Thus, capital charge for market risks in foreign exchange and gold open position is 9 per cent. These open positions, limits or actual whichever is higher, would continue to attract capital charge at 9 per cent. This capital charge is in addition to the capital charge for credit risk on the on-balance sheet and off-balance sheet items pertaining to foreign exchange and gold transactions.

The capital charges for specific risk and general market risk are to be computed separately before aggregation.



IV Operational RiskIt is the risk of losses caused by failures in systems, processes, or staff or that is caused by external events, such as natural disasters. This definition includes legal risk, but excludes strategic and reputational risk. Legal risk includes, but is not limited to, exposure to fines, penalties, or punitive damages resulting from supervisory actions, as well as private settlements.

The New Capital Adequacy Framework outlines three methods for calculating operational risk capital charges in a continuum of increasing sophistication and risk sensitivity: (i) the Basic Indicator Approach (BIA); (ii) the Standardised Approach (TSA); and (iii) Advanced Measurement Approaches (AMA). Banks are encouraged to move along the spectrum of available approaches as they develop more sophisticated operational risk measurement systems and practices.

The Basic Indicator ApproachUnder the Basic Indicator Approach, banks must hold capital for operational risk equal to the average over the previous three years of a fixed percentage (denoted as alpha) of positive annual gross income. Figures for any year, in which annual gross income is negative or zero, should be excluded from both the numerator and denominator when calculating the average.

α = 15 per cent, which is set by the BCBS, relating the industry wide level of required capital to the industry wide level of the indicator.

Gross income is defined as “Net interest income” plus “net non-interest income”. It is intended that this measure should:

i) be gross of any provisions (e.g. for unpaid interest) and write-offs made during the year;

ii) be gross of operating expenses, including fees paid to outsourcing service providers, in addition to fees paid for services that are outsourced, fees received by banks that provide outsourcing services shall be included in the definition of gross income;

iii) exclude reversal during the year in respect of provisions and write-offs made during the previous year(s);

iv) exclude income recognised from the disposal of items of movable and immovable property;

v) exclude realised profits/losses from the sale of securities in the “held to maturity” category;

vi) exclude income from legal settlements in favour of the bank;

vii) exclude other extraordinary or irregular items of income and expenditure; and

viii) exclude income derived from insurance activities (i.e. income derived by writing insurance policies) and insurance claims in favour of the bank.

Banks are required to send quarterly reports to the Reserve Bank of India in the prescribed format. Besides banks are required to make qualitative and quantitative disclosures in line with Pillar III of Basel Framework. The master circular of RBI contains the formats in which disclosure is required to be made.

Eligible Tier I capital funds Tier I CRAR = --------------------------------------------------------------------------- Credit Risk RWA* + Market Risk RWA + Operational Risk RWA

Eligible Total Capital Funds Total CRAR = --------------------------------------------------------------------------- Credit Risk RWA+Market Risk RWA+Operational Risk RWA

AA



NOTES


Bank Branch Audit Planning

Banking Industry in India is developing and expanding day by day. The basic work culture in banks in India is fairly different as compared to banks in other countries. The customers (Deposit holders or borrowers) of the banks are being serviced now through Internet, Core Banking Solutions (CBS), etc. resulting very less personal interaction with bankers. Because of this changing face of banking industry it is very much necessary to properly plan Bank Branch Audit. Banking Industry is a facebook of Economy of the Country. It speaks about economic growth, its stability and soundness. Fortunately, due to regulations and controls, Indian Banking Industry could sustain when banks in others countries are facing problems due to threats like frauds, etc.

1. WHAT IS PLANNING? Planning means Advance Thinking. It

is an Attitude. Auditors must develop this attitude and properly plan for Bank Branch Audit allotted to them because of various reasons narrated below. In fact every Chartered Accountant plans the audit assignments but it is necessary to make the plan effective so as to generate and deliver proper and acceptable final result.

2. WHY PLANNING IS NECESSARY?

If you try to understand the importance and purpose of planning, you will come to know that planning will help the audit team to carry out the audit assignment more comfortably.

Plan is necessary because of following factors.

• Non Performing Assets (NPAs) and Frauds are required to be checked in limited time available and controls are also to be checked.

• Data is invisible. Access takes time.

• Banks are dealing with various products unlike earlier basic functions i.e. Acceptance of Deposits and giving Advances.

• Various legal and statutory requirements are required to be followed while reporting under Bank Branch Audit.

• Auditors today are required to consider working paper management risk for reasons like Peer Review.

To sum up planning is necessary for various reasons stated above particularly to meet the target in a given time limit.

3. WHAT IS TO BE PLANNED?• Timing- Starting Date – Detailed

Programme to be followed on each day during audit – Winding up.

• Man Power – Formation of team with proper combination of personnel like senior, junior, etc.

• Working Paper Management – To be decided considering continuity of assignment in future as well as Peer Review.

• Standardize Checklists, Formats of Letters and Reports to facilitate common and uniform understanding within the team.

• Samples selection method

• Analytical review procedure.

4. THINGS TO BE CONSIDERED WHILE PLANNING

Well before the Audit Team visit the branch, you must be ready with sufficient and required knowledge of applicable RBI Circulars. You should know in advance about the business mix at a branch allotted to you. You should be very well

Bank Branch Audit PlanningCA. Uday Sathaye



conversant with the latest guidelines and background materials published by Institute of Chartered Accountants of India (ICAI).

After having done the basic things as above, if possible, visit the branch before 31st March and obtain Audit Reports or any other reports related to business of the branch which will help you to prepare Audit Plan. Always involve everybody in the team right from the beginning in all activities from planning, execution till submission of report. This will help developing good audit team and remote control over plan will be possible.

Standardization in the form of checklists and/or bullet points may be of great help while conducting Bank Branch Audit. Preparation of such checklist is nothing but planning for Bank Branch Audit.

CONCLUSIONIt has become necessity today to consider the risk involved in any audit assignment to give comfort level to everybody involved in the process including Auditors. The end product of Audit is always an Audit Report which is a written document signed by a Chartered Accountant. A written communication/document committing ourselves that carries some responsibilities. Responsibility will always have built-in-risk which requires to be controlled at each point of time. Therefore the required knowledge is necessary to carry the responsibility which in turn requires personal involvement. Since the time and resources are limited for personal involvement, it is necessary to plan Bank Branch Audit.

AIM SHOULD BE TO DELIVER ACCURATE, COMPLETE AND TIMELY REPORT To recap, the key in a Bank Branch Audit Planning is -

1) An early start

2) Knowledge of banking business

3) Proper planning with a clear focus and vision knowing what is to be done, how, by whom, when and why and effective monitoring

4) Effective discussions with concerned branch officials

5) Testing of internal controls

6) Clarity on risks faced by the branch

7) Maintaining proper work papers

8) Effective audit sampling

9) Skilful use of MIS reports

10) Use of written representations

11) Obtaining Discussion Certificate from branch head

12) Ensuring compliance with RBI circulars especially regarding NPA identification, classification and provisioning

13) Detailed balance sheet and Profit and Loss scrutiny

14) Clear and specific replies to the questions in the LFAR and Ghosh Jilani Committee reports, mandatory certifications and signing off the tax audit report

15) Ensuring adherence to the deadlines

16) Giving appropriate disclaimers and issuing MOC, and qualifications wherever warranted.

An Illustrative Checklist is annexed for the benefit of the members which can be suitably modified/altered to suit the requirements of the users.



Bank Branch Audit Program/Illustrative Checklist Time & Manpower planning

Sr. Name of Designation & Estimated time Initials of No. theperson Qualifications forwork thePerson

Audit Programme

Sr. Area of Work Person responsible Done by Date No. at the Branch for whom that area

A General - Pre Audit Work

1 Review of Latest available inspection reports of Internal/Concurrent/RBI/Statutory Auditors and compliance thereof

2 Review of Closing Circular issued by Head Office

3 Study of Significant accounting policies of the Bank & computer system

4 Study of Business mix of the Branch & determination of the sample size and percentage of checking in each area

5 Compliance of Mandatory Accounting Standards/Auditing Standards and RBI circulars

6 Intimation in writing whether given to the Branch Manager regarding requirements for audit and documents to be kept ready for audit ,

B Physical Verification

1 Physical verification of Cash (in branch and in ATM), Adhesive stamp documents and postage and cross verification of the same with GL balances



2 Physical verification of Investments. (if lodged at Branch)

3 Physical verification of valuable stationery like cheque books, Demand Drafts, Pay Orders, etc.

C Verification of Returns and Reconciliation

1 Verification of returns submitted to RBI/HO/ZO (Monthly/Quarterly/Half Yearly/Yearly)

2 Verification of Annual Closing Returns

3 Verification of HO/Branches/Other Banks Reconciliation, Branch Adjustment Account, Suspense account, etc.

4 Verification of Statement of Fraud

5 Verification of NOSTRO reconciliation

D Verification of Balances

1 Checking of opening balances in GL with previous year audited Balance Sheet and Profit & Loss Account

2 Cross Verification of Trial Balance, Profit & Loss Account and Balance Sheet figures as on 31st March with GL figures

E Balance Sheet

1 Advances

100% coverage of advances in respect of which outstanding amount is in excess of 5% of the aggregate advances of the branch or ` 2 crores whichever is less

a. Credit Appraisal

b. Sanctioning and Disbursement

c. Documentation — Pre-sanction & Post Sanction




d. Monitoring/Review/Supervision by the Branch

1. Submission of financial statements

2. Submission of I.T. Returns

3. Timely submission of stock statements

4. Calculation of Drawing Power

5. Inspection of Godowns

6. Operations in the account —overdue/sticky accounts/diversion of funds/cheques duly honoured/limit not exceeded frequently

7. Renewal of documents due

8. Penal interest for default

9. Insurance coverage

10. Registration and Mortgage of property

11. Verification of data in CBS

2 Analysis of entries outstanding in suspense Account, Sundry Debtors, Sundry Creditors

3 1. Verification of assets classified as NPA

2. Verification of Upgraded Accounts earlier classified as NPA

4 Review of suit filed accounts/Decreed accounts & their follow-up

5 Checking of additions, deductions, transfer of fixed assets with relevant supporting

6 Verify that all balances are shown under proper heads




7 Verify that credit balances in OD, CC, inoperative current accounts are not netted off with advances and are shown separately under demand deposits

6 Verify that Interest accrued but not due on loans is not included in advances

9 Deposits

1. After the Balance Sheet date & till the date of audit whether there have been any unusual large movements in the aggregate deposits held at the year end

2. Verification of Staff Accounts

3. Check that guidelines issued by RBI for inoperative & dormant accounts are strictly followed

4. Verify that overdue, matured time deposits are shown in demand deposits

5. Verify that interest accrued but not due is not included in deposits but shown under other liabilities

10 Analysis of entries outstanding in Bills Payable/Sundry Deposits, etc.

11 Obtain list of contingent liabilities not acknowledged as debts by the branch. Check for correct reporting.

F Profit & Loss Account

1 Verification of provision of interest on standard, sub-standard, doubtful & loss assets and appropriate accounting treatment thereof

2 Checking of proper classification of revenue and expenditure items




3 Ratio Analysis and comparison with previous year figures

4 Verify whether there is any divergent trend in major items of income & expenditure and analysis of reasons thereof

5 Test checking of interest on deposits and advances

6 Test checking of commission and discount on bills, etc.

7 Verification of accounts of major heads of income & expenditure

8. Verification of provisions for prepaid and outstanding income & expenditure.

9. Verification of locker rent received and due and provision thereof

10 Verification of provision for depreciation on fixed assets

11 Checking of prior period expenses and income and provisioning thereof

12 Checking of provisions for ECGC/DICGC claims

G LFAR

1 Checking of items as per LFAR checklist

2 Preparation of annexures to LFAR

3 Preparation of LFAR

4 Special emphasis on restructured accounts/NPAs

H Tax Audit Report

1 Check the followings in detail-

1. Payments made to clubs

2. Details of revenue expenditure capitalised




3. Whether TDS has been remitted before the due date

4. Particulars of Income and Expenditure of earlier years debited/credited to Profit & Loss Account which are of material nature

5. Verify whether any repayment of deposits have been made in violation of section 269T of the Income-tax Act 1961.

2 Checking of Tax Audit Schedules

3 Preparation of Tax Audit Report

I Verification of Checklist of Jilani Committee Recommendations

J Verification of Checklist of Ghosh Committee Recommendations

K Collection of following certificates and statements from Branch

1 Physical verification of cash

2 Physical verification of Adhesive Stamp Documents, Postage, Security, etc.

3 Physical verification of Investments

4 Physical verification of Fixed Assets carried out by Branch

5 NPA Statement, Profit & Loss Account, Balance Sheet, Trial Balance certified by Branch Manager

6 Management Representation Letter

7 Certificate from Branch Manager for attendance of Audit

L Issue of Certificates

1 Certificate for Review of Loan Portfolio




2 Certificate relating to recoveries in claim paid accounts under small loan Guarantee Scheme, 1971 and Small Loan (SSI) Guarantee Scheme, 1981

3 Certificate in respect of subsidy utilised under the scheme Prime Minister’s Rojgar Yojana (PMRY) and correctness of claim made

4 Certificate regarding the implementation of Jilani & Ghosh Committee recommendations

5 Certificate regarding possession of investment documents on behalf of Head Office

6 Certificate for DICGC Claim

7 Movement of NPAs

8 Certificate of BASEL-II, if any

9 Advances to sensitive sectors

M Finalisation

1 Preparation of Draft of the following—

1 1. Audit Report

2. LFAR & Annexures

3. Tax Audit Report

4. Jilani Committee Recommen-dations

5. Ghosh Committee Recommen-dations

6. Memorandum of Changes

2 Discussion of Draft Report with Branch Manager

3 Preparation of Final Report

4 Submission of Final Report along with Copies of Signed Balance Sheet, Profit & Loss Account and certificates




N Review of work done by Audit Team

1 Senior

2 Junior

3 Articled Clerks

4 Employee


AA


Verification of Advances

Advances constitute the largest item on the asset side of the balance sheet of a bank and are a major source of its income. Further, the RBI also closely regulates the lending activity of banks. Therefore audit of advances is one of the most important part of bank audit.

I. OVERVIEW Before discussing the audit procedures

relating to advances, it is imperative to understand the salient features of various types of advances made by banks, nature of securities accepted by banks and mode of creation of security, nature of borrowing arrangements etc. The same are enumerated in following paragraphs.

(i) Nature of Advances

Funded Credit Facilities Funded credit facilities are those where

there is an actual transfer of funds from the bank to the borrower Examples of funded facilities are term loan, cash credit and overdraft.

Banks provide advances to their customers in various forms cash credit, term loans, overdrafts, and purchase or discounting of bills. The principal features of various types of advances are briefly described below.

Cash Credit Cash credit facility is provided mainly

to an entity engaged in manufacturing and trading activities for their working capital requirements and is repayable on demand. Borrower is sanctioned a limit and is allowed to draw money on the basis of drawing power worked on the basis of hypothecated security of stocks of goods, book debts representing genuine sales – all belonging to the borrower. These assets are ‘primary’ security for the advance.

Term Loans Loans are repayable in instalments

spread over a period of time. Loans with repayment periods beyond 36 months are usually called ‘term loans’ whereas loans with repayment period of upto 36 months are called ‘demand loans’. However, both term loans and demand loans are similar in many respects: both have pre-determined repayment schedule. The basic difference between the two is that term loans are for acquisitions of capital assets, which then become the security for the loan, i.e., end use of funds is fixed. The demand loans, on the other hand, are granted against the existing securities, which are readily realisable, e.g., term deposits, gold and shares, etc.

Foreign Currency Loans Banks are authorised to lend in foreign

currency. These loans are given as per the EXIM Policy and guidelines issued by Reserve Bank of India from time to time. Foreign Currency Loans may be in nature of Term loans or Working Capital loans.

Overdrafts Overdraft facility is granted to a current

account holder. Under the arrangement, the customer can draw upto an agreed sum in addition to his credit balance in the account. The overdraft facility may be either secured or clean (i.e., without security) and does not generally carry a repayment schedule. The most common form of security for an overdraft arrangement is term deposit receipts issued by the same branch where the overdraft is availed of.

Bills The finance against bills can be in any of

the below mentioned form:

Verification of AdvancesCA. Vipul K.Choksi



• Purchase of bills by the bank if these are payable ‘on demand’.

• Discounting of bills by the bank if these are usance (or time) bills.

• Advance against bills under collection from the drawees, whether sent for realisation through the bank or sent directly by the drawer to the drawees.

Export Credit

Facilities extended to exporters are in the form of ‘pre-shipment credit’ and ‘post-shipment credit’. In the first category, fall all advances required to finance the production cycle – from procurement of raw materials to bringing them to the port for despatch. The exporter usually adjusts the account by drawing bills of exchange on the foreign buyer, which are discounted by the bank under the letter of credit and the proceeds collected from the foreign bank. The post-shipment credit relates to financing of bills raised on the overseas buyer upon shipment of goods/services. The pre-shipment credit has to be liquidated out of the export proceeds only and cannot be adjusted out of rupee funds. The export proceeds have normally to be received within 180 days from the date of shipment. The period can be extended in genuine cases, with the approval of the bank (within the discretion available to it under the regulations in force at the relevant time) or of the RBI, as permitted by the Exchange Control Manual and the operating instructions issued by the Reserve Bank from time to time..

(II) TYPE OF SECURITIES

Primary and Collateral Securities

The term ‘primary security’ refers to the security acquired by the borrower with bank finance or the one against which credit has been extended by the bank. Primary security is the principal security for an advance. A collateral security, on

the other hand, is additional security, which provides a cushion to the bank in case of need. Banks accept various types of assets as collateral security.

Personal Security of Guarantor

The personal security of guarantor comprises a guarantee by a third party for payment of outstandings in the event of default by the borrower. No charge is created on the guarantor’s movable or immovable assets. The personal security of guarantor can be enforced only through the competent Court of law.

Fixed and Floating Charges

A fixed charge (also called ‘specific charge’) is a charge on some specific and ascertained assets. The creator of the charge (i.e., the borrower) cannot deal with the asset without the specific consent of the holder of the charge (i.e., the lender). A floating charge, on the other hand, is an equitable charge on the assets, present as well as future. A floating charge attaches to assets whose condition varies from time to time in the ordinary course of business (e.g., work-in-process). A floating charge crystallises (i.e., becomes a fixed charge) when money becomes repayable and the holder of the charge (i.e., lender) takes necessary steps for the enforcement of the security

(iii) Nature of Borrowing Arrangements

Sole Banking

In this arrangement, the borrower obtains credit from a single bank. This is the simplest form of tie-up and is operationally convenient for both the lender and the borrower.

Consortium Arrangement

In this type of arrangement, the number of lending banks is more than one. The lending banks form a formal consortium. Salient features of the arrangement are:



• The consortium has a formal leader, called the ‘lead bank’ (normally, the bank with the largest exposure).

• There is a common set of loan documents, which is obtained by the lead bank on behalf of other participating banks also.

• The lead bank is responsible for overall monitoring.

• The member banks of the consortium have rights over the security in an agreed proportion.

• The borrower maintains direct business relationship with all member banks of the consortium.

Multiple Banking In this type of arrangement, there is

no formal arrangement amongst the lending banks. Each of them has its set of loan documents, securities and mode of lending, independent of other lending banks. The borrower has to deal with each of the banks separately.

II. AUDIT OF ADVANCES Following paragraphs narrates the audit

evidence which auditor needs to obtain, how to obtain the evidence and overall approach for verification of advance:

1. Obtain appropriate audit evidence about the following:

• Amounts included in balance sheet in respect of advances are outstanding at the date of the balance sheet.

• Advances represent amount due to the bank.

• Amounts due to the bank are appropriately supported by Loan documents and other documents as applicable to the nature of advances.

• There are no unrecorded advances.

• The stated basis of valuation of advances is appropriate and properly applied, and that the recoverability of advances is recognised in their valuation.

• The advances are disclosed, classified and described in accordance with recognised accounting policies and practices and relevant statutory and regulatory requirements.

• Appropriate provisions towards advances have been made as per the RBI norms, Accounting Standards and generally accepted accounting practices.

2. How to obtain appropriate audit evidence?

The auditor can obtain sufficient appropriate audit evidence about advances by study and evaluation of internal controls relating to advances, and by:

• examining the validity of the recorded amounts;

• examining loan documentation;

• reviewing the operation of the accounts;

• examining the existence, enforceability and valuation of the security;

• checking compliance with RBI norms including appropriate classification and provisioning; and

• carrying out appropriate analytical procedures.

3. Evaluation of Internal Control

Auditor need to examine following important aspects for evaluation of internal control,

• Existence of clearly laid down delegation of authority.



• Existence of clearly laid down eligibility criteria for loans.

• Existence of system of communicating the terms of sanction to the borrower.

• Existence of system of execution of documents before disbursement.

• Existence of system of post disbursement monitoring and reporting irregularity.

• Existence of system for implementation of IRAC Norms.

• Adequate control on changing of interest; etc. in CBS environment.

4. ExtentofVerification

• Due to the large volume of accounts, its not possible for auditors to verify all the accounts of advances and therefore auditors may select samples on following basis.

• All large advances whose year-end balance is in excess of ` 2 crores or 5% of the aggregate year-end advances of the branch, whichever is less (All large advances are required to be commented in LFAR and therefore all large advances need to be verified).

• Advances which are adversely commented by RBI inspection team, concurrent auditors, bank’s internal inspection, etc.

• Advances which are sanctioned during the year.

• The accounts identified to be problem accounts. Such accounts can be identified from control returns which are sent periodically to controlling offices.

• Other small advances on a selective basis

5. StagesofVerification

Broadly the areas of verification of advance can be divided in to four stages as under:

i. Pre sanction – Credit appraisals, etc.

Before sanctioning a loan, bank has to ascertain various aspects like credit worthiness of borrower, viability of the project/business for which the loan is proposed to be sanctioned, review of project report, future projections, realisability of amount, quality of securities offered etc. Verification of all these important aspects is known as credit appraisal. Officer of the bank who does credit appraisal need to have sound knowledge of credit and related aspects.

Some of the important aspects which need to be verified by auditor to ensure that appraisal is done properly are:

• Whether prescribed Application Form has been received from the borrower for fresh or renewal proposal

• KYC Compliance has been done as Per RBI Requirements

• Evaluation of latest audited financial statements is done by the officer who does appraisal

• Review of Project Report Projected Profit & Loss Account, Balance Sheet



& Cash Flow – Whether realistic? This can be done by comparison with the standards of particular industry, past performance vi-a-vis future projections, etc.

• Verify that important Financial ratios are satisfactory such as

– Debt Equity ratio

– Debt service Coverage ratio and other ratios

• Board Resolution for the availment of the facility being obtained

• Availability of relevant statutory documents like industrial license, registration with pollution control board, Sales Tax Authorities, etc.

• Latest Income Tax Returns of Borrower

• Details of associates and sister concerns

• Latest Income Tax and wealth tax returns of guarantor and their net worth statement.

• In case borrower is shifting his account from one bank to another then Confidential report and NOC from the existing banker should be obtained.

• CIBIL Report to ensure that prospective borrower has not defaulted in the past, Title clearance report & valuation report in respect of property being mortgaged.

• Confirm the adequacy of security cover

• Verify whether Exposure limit (including derivative instruments) is within the limits fixed by Bank- group wise, Industry wise & policy of Bank

• Whether Appraisal done by Competent person

ii. Sanction, Documentation and disbursement

a) Sanction:

After the appraisal, if the account is found suitable for disbursement of loan then the loan would be sanctioned. But the loan would be sanctioned depending on the amount of loan sanctioned. Sanctioning authority could be the Branch Manager or it could be the Board. Some of the important aspects which need to be verified are:

• Proposal has been routed through a p p r o p r i a t e a u t h o r i s a t i o n levels and recommendations are properly documented and noted

• Limits sanctioned are within the discretionary powers of the sanctioning authority.

• In case where the sanctions are beyond the discretionary powers, the same has been reported



to appropriate authorities and ratified within specified period

• Any change in the terms of sanction is ratified by appropriate authority

b) Documentation:

This is one of the important aspect of verification of advances. If documents are not executed properly then it could create a difficult situation for bank in case of litigation. Some of the important aspects of verification of documentation are:

• All loan documents, as required by the sanction letter and loan policy have been executed (eg., DP Note, loan Agreement, Letter of guarantee, h y p o t h e c a t i o n Agreement, etc). Each bank has its own set of rules regarding the documents to be obtained from various types of borrowers and in respect of different kinds of facilities.

• Whether loan documents are complete in all respects. Many a times it is observed that officers have tendency of keeping documents blank

and some times it is filled by more than two persons at different point of time resulting in change in handwriting. This may create legal complication and therefore auditor need to report on this aspect.

• Loan documents are properly executed and approved by legal department or advocates on panel of bank. This again is very important aspect especially in case of large advances. Auditor is not supposed to be an expert in verifying whether documents are adequately stamped etc. Therefore it is very important that documents are approved by legal experts.

• Fresh loan documents are obtained on change in limit, change in the constitution of the borrower.

• Original agreement, share certificate, title deeds, title clearance certificate valuation report are held on record.

• Charge on securities offered have been registered with registrar



of companies/appropriate authority

• Lien marking in case of loan against fixed deposit.

• In case negative lien is marked in case of a property then NOC of housing society should be on record.

• In case of consortium advance original documents are kept by the lead Bank. The member bank must have copy of these documents.

• Some of the banks have now started system of maintaining documents at a centralized location and therefore documents may not be available at the branch for verification. Auditor in such situation would be required to visit such location and verify document or get them at the branch.

• Some banks also execute documents in local language i.e. documents are not executed in English language. Therefore if auditor does not know that language, it would be difficult for him to verify the validity of documents. In such situation he

may have to insist for translation or confirmation of validity of such documents by an expert.

• Verify that documents are not time barred

c) Disbursement:

It must be ensured that disbursement is not done without execution of documents. Some of the other aspects which need to be verified in respect of disbursement are:

• Pre disbursement unit inspection has been carried out & report held on record.

• Acceptance of the borrower confirming the terms & conditions of sanction is obtained.

• Verify that Disbursement done only after compliance of all terms of Sanction terms and conditions.

iii. Monitoring/Supervision

Post disbursement, monitoring of an account is of paramount importance and if an account is monitored properly it may turn NPA. Therefore auditors need to verify that the account is properly monitored by the concerned official of the bank and following important aspects need to be checked by auditors and offer their comments.



• Critically review operations in account, specially at month end, quarter end. Whether turnover in account is healthy? If there are accounts of group companies in the same branch then auditor may verify whether there are many transactions with such group companies. Because of paucity of time it may not be possible for auditor to verify operation of all the accounts but only critical accounts which are perpetually overdrawn may be verified.

• Fund disbursement has been utilised towards the object for which limit was sanctioned i.e. Not diverted to group companies/associates or used to pay of existing overdues

• Stock & Debtors statements, QIS etc are submitted in time by borrowers and scrutinised by concerned officer to identify non moving stock and old debtors and eliminate such assets while calculating drawing power. Also verify that drawing power is calculated as per guidelines of the bank

• Periodic review of i rregular/overdue/NPA accounts has been done at the appropriate level

• Whether physical inspection of units and stock verification is done by bank as per its policy

and discrepancies noticed on such visits have been properly addressed.

• Whether all the assets hypothecated/mortgaged have been adequately insured with Bankers’ clause

• Whether penal interest is charged if there is delay in submission of stock statement, account is continuously overdrawn, etc.

• Verify annual audited financial statement of the borrower with the monthly stock statement for the last month of the year.

• In case stock audit/inspection is done by an independent firm of Chartered Accountant. Whether discrepancies pointed out by them have been properly clarified by borrower.

iv. R e v i e w / R e n e w a l /Enhancement.

All the limits which are sanctioned by bank have to be reviewed/renewed at the end of each year. This exercise is done with a view to review general performance of the account of the borrower and whether necessary credit discipline is maintained by him. In case borrower fails to achieve the projections given by him or does not maintain necessary discipline, at times bank may reduce the limit or recall the advance also. Similarly a borrower may need additional facility due to expansion of business. For



such enhancement also review of accounts is done. As per prudential norms, if banks don’t review accounts within 180 days from the due date, they are liable to become NPA. Therefore banks have become very conscious for review/renewal of accounts. Auditors need to verify that accounts have been reviewed as per due dates and they need to verify on test check basis that review is properly done.

III. VERIFICATION OF NON FUNDED FACILITIES

Non-funded facilities are those, which do not involve disbursement of money from bank to the borrower. Examples of non-funded facilities are letters of credit, bank guarantees, etc. A non-funded facility may subsequently turn into a funded facility, e.g., where the bank makes payment under a letter of credit issued by it. Various types of non funded facilities are explained below:

i) Letter of Credit, Bank Guarantees and Letters of Comfort

Letters of credit and bank guarantees constitute two of the principal items of contingent liabilities of a bank. Besides, banks also sometimes issue what are commonly known as ‘letters of comfort’.

Letters of Credit Letters of credit are an important

payment mechanism especially in international trade. The customers open letters of credit to facilitate import or purchase of goods. By means of such letters, the customers take advantage of the credibility of the bank in as much as the exporter or the seller relies upon the promise of a reputed bank

instead of the customer. A letter of credit (LC) is an undertaking by a bank to the payee (the supplier of goods and/or services) to pay to him, on behalf of the applicant (the buyer) any amount up to the limit specified in the LC, provided the terms and conditions mentioned in the LC are complied with and the documents specified in the LC are submitted by the payee to the LC opening bank through the medium of a bank.

Bank Guarantees Issuance of guarantees is an

important earning activity for banks. Bank guarantees are required by customers for submission to their buyers to guarantee the performance of contractual obligations undertaken or satisfactory performance of goods supplied by them or for submission to certain departments like, Excise & Customs, Electricity Boards, or to suppliers of materials, etc. in lieu of the stipulated security deposits. A bank guarantee is a contract between the bank and the beneficiary of the guarantee which is independent of the contract between the bank and its customer on whose behalf the guarantee is issued by the bank. This implies that in case the beneficiary makes a demand on the bank for payment of any monies under the guarantees, the bank is obliged to unconditionally pay the sum so demanded, within the amount guaranteed, provided the guarantee has been invoked by the beneficiary strictly in accordance with the terms outlined in the guarantee deed. The guarantees are for a specified amount and a specified period. Banks are expected to get back the original guarantee deeds from the beneficiary within



a reasonable period after their expiry of the period of guarantee or on completion of the obligations thereunder, whichever occurs earlier, and to mark off the liability in their books. In practice, however, banks remove this item from their books of account shortly after the expiry of the period of validity of the guarantee and sending a letter to the beneficiary to that effect.

Letters of Comfort Banks issue a letter normally to

their correspondents to confirm that they have created charges on securities of the correspondent’s borrowers, on the strength of which the said correspondent releases financial assistance to the borrower. Such letters are called ‘letters of comfort’.

ii) Audit of Non funded facilities

• The process for sanction of non fund based facilities is the same as those applicable for fund based facilities. Large borrowers generally have both the funded and non funded facilities Therefore, verification for sanction of non funded facilities will have to be done while verifying funded facilities. Needless to mention that in cases where only non funded facilities are sanctioned, steps of verification of appraisal, documentation, securities etc will have to be done.

• As explained above, Non Funded facilities are known as ‘Off Balance Sheet’ items, are in the nature of contingent liabilities and are reflected as such in the financial statements of banks. Banks have system of passing contra entries in respect of non funded facilities and outstanding balance in these

accounts are reflected as contra items in both assets and liabilities sides of balance sheet of banks. Therefore it should be verified that bank guarantees which have expired are reversed after due process of getting original guarantee document back. In case of letter of credit auditor need to verify that letter of credit is reversed after its validity period.

• Auditors should verify that in non funded facilities appropriate margin has been obtained from borrower as per terms of sanction.

• It should be verified that guarantee commission/LC opening charges etc have been recovered from the borrowers. It should also be verified that income has been recognized as per accounting policy of bank.

• In case guarantee is invoked/customer does not make payment before due date of LCs, then bank is liable to make payment. In such cases verify that necessary documents are executed for funded facilities , necessary interest is charged by bank and also adequate security is created to cover this funded facility.

NOTE: Verification of advance being a very vast subject only important aspects from audit perspective are covered in this article. It is therefore suggested that reader should refer “Guidance Note on Audit of Banks” issued by the Institute of Chartered Accountants of India and various Master Circulars in respect of advances/non funded facilities issued by Reserve Bank of India on 1st July, 2010 and subsequently.

AA


Audit of Agricultural Advances

A. Introduction Indian economy is basically an

agricultural economy. 70% of Indian population depends on agriculture. Modernization and mechanization of agriculture and allied activities is a must, which needs finance. Green and While revolution of the 70’s have paved the way for development and improvement in agriculture.

Direct and Indirect Agriculture Finance

Government has recognized the importance of adequate and timely finance for agriculture. For the purpose of classification of finance, the agriculture activities are divided into Direct Agriculture and Allied Activities and Indirect Agriculture.

a. Finance for following activities is treated as Direct Agriculture Finance

• Reclamation and development of land

• Construction and deepening of walls

• Developing various irrigation systems

• Purchase of farm equipments, implements and machinery

• Construction of farm buildings, storage facilities, etc.

• Processing of hybrid seeds

• Crop loans, purchase of fertilizers, pesticides, seeds, etc.

• Plantation and horticulture

b. Apart from the above, following activities are treated as Allied to Direct Agriculture

• Dairy, poultry, fishery, piggery, bee-keeping, sericulture, vermiculture, stud farms (excluding breeding of race horses)

• Biogas Plants

• Establishing cold storages

c. Finance for following activities is treated as Indirect Agriculture Finance:

• Credit for financing distribution of fertilizers, pesticides, seeds, cattle feeds, etc.

• Loans to electricity boards for providing low tension connections to individual farmers for energizing their walls.

• Loans to farmers through the medium of various institutions like FSS

• Deposits held by banks in RIDF

• Subscription to REC/NABARD bonds

• Loans to NCDC

• Advances to State sponsored corporations for onward lending to weaker sections

• Many other miscellaneous activities where finance is given to intermediaries for providing various services to farmers

d. In addition to above activities, some Agri-Hi-Tech Activities have come to be financed by the banks during last few years. These are normally routed though Agri Hi-tech branches, specially opened for this purpose and are classified under

Audit of Agricultural AdvancesCA. Dilip Dixit



direct agriculture. Following are the illustrative instances:

• Plant tissue culture projects

• Floriculture – Green house cultivation of flowers and their export

• Brackish water prawn farming, inland fish culture and ornamental fisheries

• Mushroom cultivation, processing and trade

• Bio-technological ventures

• Cultivation of medicinal, aromatic plants and herbs

• Seed production with Hi-tech application under National Seed Projects

• Animal/Poultry product processing and trade

• Post-harvest technology for fruit and vegetable processing, inland and export trade of fruits and vegetables

Following are the ceilings to treat certain accounts as agriculture:

• Aggregate advances to partnership firms, corporates and institutions only up to ` 1 crore will be direct agricultural finance.

• Loans granted only up to ` 40 lakhs for purchase and distribution of inputs for allied activities will be treated as finance to agricultural activities.

• Finance only up to ` 30 lakhs to dealers in drip irrigation/sprinkler irrigation or agricultural machinery.

• Overdrafts up to ` 25000 per account granted against no

frills accounts in rural and semi-urban areas.

B. RBI Guidelines on Agricultural Finance

The RBI has issued following guidelines to public sector/commercial banks, in respect of agricultural finance

a. Charging of Interest

• Compounding of interest could be done only in respect of agricultural advances, wherein the interest and principal is in default.

• Interest on agricultural advances in respect of long duration crops should be at annual rests instead of quarterly or longer rests.

• Penal interest should not be levied on loans up to ` 25000.

• For DRI advances, interest is chargeable at 4%. Advances under other subvention schemes would also qualify for lower interest. These advances, though below the base rate, would not be considered to violate the said guidelines.

b. Agricultural Debt Waiver & Relief Scheme, 2008:

Government of India had announced Agricultural Debt Waiver and Debt Relief Scheme, 2008 under which the waiver and/or relief was granted as per the scheme. So far as the statutory branch audit for the financial year 2010-11 is concerned, no record is required to be seen at the branch level since all the accounts wherein waiver was granted were transferred to Central Office, whereas the agricultural


Audit of Agricultural Advances

advances to which relief was granted will be treated as NPA at branches if the amount of farmer’s share is not received.

C. Peculiarities of Agricultural Finance While the principles of assessment and

monitoring of advances for agriculture will be similar to those for general advances discussed earlier, there are some peculiarities of finance to agriculture, which will have to be kept in view, while conducting the audit of this portfolio.

a. Scale of Finance

Short-term credit granted for meeting the current expenditure in connection with raising of crops is known as crop loan. An essential feature of crop loan system is that a farmer’s eligibility for a loan and the size of the loan are determined not with reference to the value of land or any other tangible security, but on the basis of the size of the holding that he cultivates and the cost of cultivation of crops which he proposes to grow.

The scale of finance is normally decided under the guidance of SLBC by the Technical group at the district level. In case refinance is decided to be obtained, guidelines given by the refinance institution will have to be followed.

b. Margin to be maintained

Margin in case of crop loans need not necessarily be in cash. The cost of labour of the farmer and his family and the cost of their inputs not financed by the bank can constitute the margin. Margins for schemes under refinance agencies will be as per their guidelines. Where subsidy is available the same may be treated as margin.

c. Rate of interest

Specific rates have not been stipulated by RBI. It is expected that charging of interest should be linked to crop season. Interest should be compounded only on defaulted principal/interest and not on the total outstanding. Where interest is not linked to crop season, it could be charged at monthly intervals also, like other normal advances.

d. Repayment period

In respect of some of the activities (e.g., land development, dug well, plantation and horticulture, etc.) the gestation period may be very long and repayment period has to be stipulated accordingly. It should be ensured that the activity financed is self repaying one. Seasonal sub l imits should be adjusted after harvesting/marketing of crops.

e. Disbursement in cash

As per bank’s policy smaller loans, loans for consumption/domestic needs may be disbursed in cash.

f. Type of borrowers

The borrowers could be individual farmers, self help groups, joint l iability groups, registered partnership firms, companies, registered farming co-operative societies owning agricultural land registered tenants/share croppers with recorded rights.

g. Type of securities

In addition to the usual security like hypothecation of assets created, mortgage of land/property, the advance could be against storage receipts/produce for marketing. Loans against gold ornaments and



other jewellery for agricultural purposes are also very common.

h. Commodities under Selective Credit Control (SCC)

As per the master circular – Loans and Advances – statutory and other restrictions DBOD No. Dir.BC.9/13.03.00/2007-08 dtd. 2-7-2007, only following commodities are covered under selective credit control:

• Buffer stock of Sugar with Sugar Mills

• Unreleased stock of Sugar with Sugar Mills

The stipulations are in respect of margin, valuation of stock, interest rates and other operations stipulations. Many other commodities, which were earlier under SCC, have now been exempted. These exempted commodities include pulses, oil and oil seeds, paddy and rice, wheat, cotton and kapas, gur and khandsari, etc.

As such, the Audit of Agricultural Advances Portfolio will have to be conducted, keeping in view the above peculiarities.

AA


Prudential Norms

Prudential NormsCA. Dr. Mitil Chokshi, CA. Nilesh Joshi

RBI Master Circular No. DBOD.No.BP.BC.21/21.04.048/2010-11 issued on 1st July, 2010 there are different criteria which are to be applied for determining the status of various types of credit facilities. The examples of each of the criteria along with the applicable clause of the aforesaid circular are cited below:

A) CLASSIFICATION

I) Term Loans

Clause No. 2.1.2 (i)

Condition If interest and/or installment of principal remain overdue for a period of more than 90 days.

Case Study 1 Interest overdue: A company was granted a term loan of Rs.3 lacs

Date Narration Amount (Dr) Amount (Cr) Balance (Rs.)

2,15,000

31/12/2010 Interest Run 1500 2,16,500

31/01/2011 Interest Run 1502 2,18,002

28/02/2011 Interest Run 1505 2,19,507

31/03/2011 Interest Run 1507 2,21,014

Conclusion Since interest is overdue for more than 90 days account will beclassifiedasNPA.


Case Study 2 Installment Overdue: A company was granted a term loan of Rs.5 lacs and repayment with monthly installment of Rs.50,000/-


2,15,000

31/12/2010 Interest Run 1500 2,16,500

08/01/2011 Interest Collection 1500 2,15,000

31/01/2011 Interest Run 1501 2,16,501


28/02/2011 Interest Run 1505 2,16,505


31/03/2011 Interest Run 1507 2,16,007

Conclusion Since installment is overdue for more than 90 days account will beclassifiedasNPA.



II) Cash Credit

Clause No. 2.1.2 (ii)

Condition Cash Credits and Overdrafts: A cash credit or overdraft account is treated as NPA if it remains out of order.

Case Study 1 If the outstanding balance remains continuously in excess of the sanctioned limit/ drawing power.Eg. A company had a sanctioned limit of Rs.2,50,000/- and its Drawing Power during the period was Rs.2,10,000/-


2,10,000

31/12/2010 Interest Run 1500 2,11,500

31/01/2011 Interest Run 1502 2,13,002


28/02/2011 Interest Run 1501 2,13,003


31/03/2011 Interest Run 1504 2,13,005

Conclusion Since the outstanding balance is continuously in excess of the lower of the sanctionedlimit/drawingpower,theaccountwillbeclassifiedasNPA.


Case Study 2 In cases where the outstanding balance in the principal operating account is less than the sanctioned limit/drawing power, but there are no credits continuously for 90 days as on the date of Balance Sheet.Eg. A company had a sanctioned limit of Rs.2,50,000/- and its Drawing Power during the period was Rs.2,10,000/-


1,02,000

31/12/2010 Interest Run 750 1,02,750

04/01/2011 NEFT 2000 1,04,750

12/01/2011 Clearing 4200 1,08,950

31/01/2011 Interest Run 762 1,09,712

28/02/2011 Interest Run 764 1,10,476

31/03/2011 Interest Run 766 1,11,242

Conclusion Hence, even when the outstanding balance is less than the lower of the sanctionedlimit/drawingpower,theaccountwillbeclassifiedasNPAsince there are no credits continuously for 90 days as on the date of Balance Sheet.


Prudential Norms


Case Study 3 In cases where the outstanding balance in the principal operating account is less than the sanctioned limit/drawing power, but credits are not enough to cover the interest debited during the same periodEg. A company had a sanctioned limit of Rs.2,50,000/- and its Drawing Power during the period was Rs.2,25,000/-


2,15,000

31/12/2010 Interest Run 1500 2,16,500

31/01/2011 Interest Run 1501 2,18,001


18/02/2011 Clearing 2000 2,18,501

23/02/2011 NEFT 3500 2,22,001

28/02/2011 Interest Run 1504 2,23,505


31/03/2011 Interest Run 1506 2,23,510

Conclusion Hence, even when the outstanding balance is less than the lower of the sanctionedlimit/drawingpower,theaccountwillbeclassifiedasNPAsince the credits are not enough to cover the interest debited during the same period.


Condition Stock statements relied upon by the banks for determining drawing power should not be older than three months. The outstanding in the account based on drawing power calculated from stock statements older than three months, would be deemed as irregular.

Case Study 4 Eg. A company had submitted the stock statement last for the month of July,2010 and since then no statements were received till 31st March, 2011.

Conclusion HencetheaccountwillbeclassifiedasNPA.


Condition If the regular/ ad hoc credit limits are not reviewed/ renewed within 180 days from the due date/ date of sanction.

Case Study 5 Eg. A company had been sanctioned credit limits which had expired on 31st July, 2010. However, the borrower did not submit any information/ documents for renewal and there was no evidence which showed that the renewal of the limits was in process as on 31st March, 2011.




III) Bills Discounted

Clause No. 2.1.2 (iii)

Condition Account will slip into NPA category if bills are overdue for more than 90 days.

Case Study Eg. Bill lodgment date: 12.10.2009Due date : 19.02.2010

Conclusion Since the bill is not paid on due date and it is overdue for more than 90 days(till20.05.2010),theborrower’saccountshallbeclassifiedasNPA.

IV) Agricultural Advances

Clause No. 2.1.2 (iv)

Condition The installment of principal or interest thereon remains overdue for two crop seasons for short duration crops.

Case Study A crop loan is due for repayment on 31st March, 2010, not paid till date 31st March,2011 where one crop season is of six months .

Conclusion Since the advance remains overdue for two crops seasons, account will be classifiedasNPA.

Clause No. 2.1.2 (v)

Condition Agricultural advances: The installment of principal or interest thereon remains overdue for one crop season for long duration crops.

Case Study A crop loan is due for repayment on 31st March, 2010 and unpaid till 30th September,2011 and one crop season is of 18 months.

Conclusion Since the advance remains overdue for one crops season, account will be classifiedasNPA.

V) Erosion in Value of Security


Condition If the realisable value of the security, as assessed by the bank/ approved valuers/ RBI is less than 10 per cent of the outstanding in the borrowal accounts, the existence of security should be ignored and the asset should bestraightawayclassifiedas lossasset. Itmaybeeitherwrittenoffor fully provided for by the bank.

Case Study The value of the security at the time of sanctioning of the credit facility was Rs.5.00 Crores. However, the same had declined to just Rs.30 lacs as on the date of Balance sheet which indicates an erosion in the value of security by more than 90%.

Conclusion HencetheaccountwillbeclassifiedasLoss.


Prudential Norms


Condition Erosion inthevalueofsecuritycanbereckonedassignificantwhenthe realisable value of the security is less than 50 per cent of the value assessed by the bank or accepted by RBI at the time of last inspection, as the case may be. Such NPAs may be straightaway classified under doubtful category and provisioning should be made as applicable to doubtful assets.

Case Study The value of the security at he time of sanctioning of the credit facility was Rs.5.00 crores. However, the same had declined to just Rs.1 crore. as on the date of Balance sheet which indicates an erosion in the value of security by more than 90%.

Conclusion HencetheaccountinNPAcategorywillbeclassifiedasdoubtfuldirectly.

VI) Advances Guaranteed by Government

Clause No. 4.2.14

Condition The credit facilities backed by guarantee of the Central Government though overdue may be treated as NPA only when the Government repudiates its guarantee when invoked.

Case Study 1 A company had been sanctioned credit limits of ` 5.00 crores which had been backed by guarantee of the Central Government.

Conclusion The facility became overdue and the government repudiated its guarantee wheninvoked.Hence,theaccountwillbeclassifiedasNPA.

Case Study 2 A company had been sanctioned credit limits of ` 5.00 crores, which had been backed by guarantee of the Central Government to the extent of 80%.

Conclusion ThefacilitybecameoverdueandhenceonlyRs.1cri.e.theunguaranteed portionoftheadvancewouldbeclassifiedasNPA.

Clause No. 4.2.14

Condition State Government guaranteed advances and investments in State Government guaranteed securities would attract asset classification and provisioning norms if interest and/or principal or any other amount due to the bank remains overdue for more than 90 days.

Case Study Eg. The credit facilities or investments in State Government guaranteed securities would attract normal asset classification as applicable to advances/ investments to/ in a company which is not guaranteed by State Government.




VII) Restructuring

Clause No. 14.2Condition During the pendency of the application for restructuring of the advance withthebank,theusualassetclassificationnormswouldcontinuetoapply. Theprocessofreclassificationofanassetshouldnotstopmerelybecause the application is under consideration. However, as an incentive for quick implementation of the package, if the approved package is implemented by thebankasperthefollowingtimeschedule,theassetclassificationstatus may be restored to the position which existed when the reference was made to the CDR Cell in respect of cases covered under the CDR Mechanism or when the restructuring application was received by the bank in non-CDR cases:(i) Within 120 days from the date of approval under the CDR Mechanism.(ii) Within 90 days from the date of receipt of application by the bank in cases other than those restructured under the CDR Mechanism.Case Study 1 Proposal was admitted in CDR cell on 01/11/10, however, the same was not approved and implemented upto 01/03/2011. Conclusion Hence,regularassetclassificationnormswouldapplyforsuchasset.Case Study 2 Proposal was admitted by bank on 01/11/10, however, the same was not approved and implemented upto 01/02/2011.Conclusion Hence,regularassetclassificationnormswouldapplyforsuchasset.

Clause No. 14.2.2Condition When a bank restructures an account a second (or more) time(s), the account will be considered as a ‘repeatedly restructured account’. However, if the second restructuring takes place after the period upto which the concessionswereextendedunderthetermsofthefirstrestructuring,that account shall not be reckoned as a ‘repeatedly restructured account’.

Case Study Term Loan of ` 50 lakhs was sanctioned with repayment schedule with moratorium period of 6 months. However company could not repay the installments within the stipulated period. The repayment schedule was changed and further moratorium of 8 months was given. The company was still not able to repay the revised Installments. Further reschedulment was requested by the borrower. (` In Lakhs Initial Restructure Repeated Restructure Month Amount Month Amount Month Amount Apr 10 5.00 May 10 5.00 Jun 10 5.00 Jul 10 5.00 Aug 10 5.00 Aug 10 2.50 Sep 10 5.00 Sep 10 2.50 Oct 10 5.00 Oct 10 2.50 Nov 10 5.00 Nov 10 2.50 Nov 10 1.50 Dec 10 5.00 Dec 10 2.50 Dec 10 1.50 Jan 11 5.00 Jan 11 2.50 Jan 11 1.50 Feb 11 5.00 Feb 11 2.50 Feb 11 1.50Conclusion This subsequent restructuring of repayment schedule will be considered as Repeated Restructuringandhencewillbeclassified asNPA.


Prudential Norms

Clause No. 11.2.4

Condition Incase,however,satisfactoryperformanceafterthespecifiedperiodisnot evidenced,theassetclassificationof therestructuredaccountwouldbe governed as per the applicable prudential norms with reference to the pre restructuring payment schedule.

Case Study The Bank has granted restructuring to A Ltd. by postponing the repayment start date by to 28/02/2010 instead of 30/09/2010, however A ltd. fails to pay installments and interest on 31/01/2011 and 28/02/2011 and fails to achievefinancialresultsasspecifiedinrestructuringpackage.

Conclusion HencetheaccountwillbeclassifiedasNPAfrom31/05/2010.

VIII)Project Finance

a)ForInfrastructureProject

Clause No. 4.2.15.3

Condition A loanforan infrastructureprojectwillbeclassifiedasNPAduringanytime before commencement of commercial operations as per record of recovery (90 days overdue), unless it is restructured and becomes eligible forclassificationas‘standardasset’.

Case Study 1 The borrower company was granted a term loan of Rs.25 crores. However, the borrower could not pay the interest / installment overdue.

Conclusion HencetheaccountwouldbeclassifiedasNPAunlessitisrestructured.

Condition A loanforan infrastructureprojectwillbeclassifiedasNPA if it fails tocommence commercial operations within two years from the original Date of Commencement of Commercial Operations) DCCO, even if it is regular as per record of recovery, unless it is restructured and becomes eligible forclassificationas‘standardasset’.

Case Study 2 The borrower company was sanctioned a term loan of Rs.25 crores. The DCCO of the project was 01/04/2007. However, the company commenced the commercial operations on 30/09/2009 i.e. after two years from the original DCCO and continued to pay the interest/ installments regularly.

Conclusion TheaccountwouldbeclassifiedasNPAaspertheaforesaidRBIguidelines,unlesstheaccountisrestructured.

Condition Ifaproject loanclassifiedas ‘standardasset’ is restructuredany timeduring the period up to two years from the original date of commencement of commercial operations (DCCO), it can be retained as a standard asset.

Case Study 3 The borrower company was sanctioned a term loan of Rs.25 crores. The DCCO of the project was 01/04/2007. However, the account was restructured on 30/09/2008 i.e. within 2 years from DCCO.

Conclusion Hencetheassetclassificationoftheaccountwouldberetainedasstandard.

Condition For infrastructure projects involving court cases, the loan would be classified as NPA if it fails to commence commercial operations up to another 2 years (beyond the existing extended period of 2 years i.e total extension of 4 years), in case the reason for extension of date of commencement of production is arbitration proceedings or a court case.



Case Study 4 The borrower company was sanctioned a term loan of Rs.25 crores. The DCCO of the project was 01/04/2007. The commencement of production got extended because of arbitration proceedings or a court case to 28/02/2011.

Conclusion Hence, theaccountwouldnotbeclassifiedasNPAasper theaforesaidRBIguidelinessincetheproductionhasstartedwithin4yearsfromthedateoforiginalDCCO.

Condition For infrastructure projects delayed for other reasons beyond the control ofPromoters(inotherthancourtcases),the loanwouldbeclassifiedasNPA if it fails to commence commercial operations up to another 1 year (beyond the existing extended period of 2 years i.e. total extension of 3 years),.

Case Study 5 The borrower company was sanctioned a term loan of Rs.25 crores. The DCCO of the project was 01/04/2007. The commencement of production got extended because of other reasons beyond the control of Promoters (in other than court cases) to 28/02/2010.

Conclusion Hence theaccountwouldnotbeclassifiedasNPAasper theaforesaidRBIguidelinessincetheproductionhasstartedwithin3yearsfromthedateoforiginalDCCO.

b) For Non-Infrastructure Project

Clause No. 4.2.15.4

Condition AloanwillbeclassifiedasNPAduringanytimebeforecommencementofcommercial operations as per record of recovery (90 days overdue), unless it isrestructuredandbecomeseligibleforclassificationas‘standardasset’.

Case Study 1 The borrower company (undertaking non-infrastructure project) was granted a term loan of Rs.25 crores. However, the borrower could not pay the interest / installment overdue.

Conclusion Hence the accountwould be classified asNPA unless it isrestructured.

Condition A loan will be classified as NPA if it fails to commence commercial operations within six months from the original DCCO, even if is regular as per record of recovery, unless it is restructured and becomes eligible for classificationas‘standardasset’.

Case Study 2 The borrower company (undertaking non-infrastructure project) was sanctioned a term loan of Rs.25 crores. However, the company commenced the commercial operations only after 1 year (i.e. after six months) from the original DCCO and continued to pay the interest/ installments regularly.

Conclusion Still,theaccountwouldbeclassifiedasNPAaspertheaforesaidRBIguidelines,unlesstheaccountisrestructured.

Condition If the delay in commencement of commercial operations extends beyond the period of six months from the date of completion as determined at thetimeoffinancialclosure,bankscanprescribeafreshDCCO,andretainthe“standard”classificationbyundertakingrestructuringofaccounts in


Prudential Norms

accordance with the provisions contained in this Master Circular, provided the fresh DCCO does not extend beyond a period of twelve months from the original DCCO. This would among others also imply that the restructuring application is received before the expiry of six months from the original DCCO, and when the account is still “standard” as per the record of recovery.

Case Study 3 Original date for commencement of operations was 31st Dec 2009, however delay in commencement of operations on 15 July 2010.Fresh DCCO by the Bank is 01 February 2011.

Conclusion Accountwill be classified asNPA as per the aforesaidRBIguidelines,unlesstheaccountisrestructured.

IX) Others

a) TODs

Case Study Adhoc TOD was sanctioned to the borrower. Same was not regularized for more than 90 days after the date of expiry of TOD facility. Thus, the account will be classified as NPA.

b) LC Devolved/BG invoked

Case Study LC of ` 1 lakh of a borrower was devolved which was subsequently converted into Funded Term Loan at ROI applicable for normal borrower. Principal and/ or Interest was overdue for more than 90 days and hence, the account will be classified as NPA.

Case Study BG of ` 1 lakh of a borrower was invoked and subsequently converted into Funded Term Loan at ROI applicable for normal borrower. Principal and/ or Interest was overdue for more than 90 days and hence, the account will beclassifiedasNPA.

b) STL

Case Study Eg. STL of ` 1 lakh was sanctioned for 6 months to the borrower. Same was not repaid for more than 90 days after 6 months period. Thus, the accountwillbeclassifiedasNPA.

c) Loan to Sugar Industry under Scheme

The interest payable on the credit facilities extended to the sugar industries is repayable by Central Government and the account would not beclassifiedasNPAhowever,theinterestincomeisrecognizedonreceiptbasis.

d) Derivatives

In respect of derivative exposure, receivable representing positive mark-to-marketandoverdueformorethan90daysisalsotobeclassifiedasNPA.Principleofborrower-wiseassetclassificationwouldbeapplicableonly inrespect of overdue arising from forward contracts and plain vanilla swaps and options. Thus, receivable in respect of other derivative instruments maybeclassifiedasNPAifoverdueformorethan90days,however,theotherfacilityoftheborrowerneednotbeclassifiedasNPAbasedontheborrower wise classification.



e)SaleofNPA(tosecuritization/assetreconstructioncompany)

Clause No. 7.6

Condition The nonperforming financial asset purchased, may be classified as ‘standard’ in the books of the purchasing bank for a period of 90 days from the date of purchase. Thereafter, the asset classification status of thefinancialassetpurchased,shallbedeterminedby therecordofrecoveryinthebooksofthepurchasingbankwithreferencetocashflowsestimated while purchasing the asset which should be in compliance with requirements in Para 7.5 (iv).

The asset classification status of an existing exposure (other than purchased financial asset) to the same obligor in the books of the purchasing bank will continue to be governed by the record of recovery of that exposure and hence may be different.

Case study a) X Bank Ltd. purchased NPA of A ltd. from Y Bank at Rs.5 crores.

b) X Bank Ltd. already have exposure in nature of Term Loan of Rs.7 crores which is NPA in D2 category.

In the books of X bank ltd. , as per above Guidelines newly acquired NPA of `5croresmaybeclassifiedasStandardfor90daysandexistingTermLoan of ` 7 crores will continue to follow normal guidelines.

B) PROVISIONING

I) NPA

TheclassificationofNPA intovariouscategories i.e.Substandard,D-1,D-2,D-3and lossbased on NPA dates and the provision requirement for NPAs are as under:

Classification NPAdatebetween Provisioning (both days inclusive) norms

From To Secured Unsecured Unsecured, ab initio

Substandard 01-04-10 31-03-11 10% 20% 20%

D-1 01-04-09 31-03-10 20% 100% 100%

D-2 01-04-07 31-03-09 30% 100% 100%

D-3 31-03-07 100% 100% 100%

Loss 100% 100% 100%

Notes:

a) Valuation of Security:

Loan Amount Nature of Security Requirement

Above 5 crores Stock Stock Audit once a year

Above 5 crores Immovable Property Valuation by empanelled valuer once in three years


Prudential Norms

b) ECGC

Condition InthecaseofadvancesclassifiedasdoubtfulandguaranteedbyECGC,provision should be made only for the balance in excess of the amount guaranteed by the Corporation. Further, while arriving at the provision required to be made for doubtful assets, realizable value of the securities shouldfirstbedeductedfromtheoutstandingbalance inrespectof theamount guaranteed by the Corporation and then provision made.

Case Study 1) Outstanding balance is Rs.5 crores, 2) Account is in D2 category

3) ECGC cover 50%

4) Value of security 2 crores

Provision would be

Unsecured Balance Rs.3 crores, Less ECGC cover @50% i.e. 1.5 crores

Hence provision would be 2.10 crores {1.5 crores( 100% on unsecured) & 0.60 crores (30% on secured)}

II) Standard Assets

Nature of Advance Provision Required

Direct Advance to Agricultural & SME Sectors 0.25%

Advance to Commercial Real Estate 1.00%

Home Loans at concessional rate of interest (Teaser Rate Loans) 2.00%

Other Advances 0.40%

Note:IncaseofProjectfinanceifDCCOhasbeenextended,asper4.2.15.3(iii)&4.2.15.4(iv) provision would be made as standard

Infrastructure ProjectsUntil two years from the original DCCO 0.40%

During the third and the fourth years after the original DCCO. 1.00%

Non infrastructure Projects

Until Six months from the original DCCO 0.40%

During the next six months 1.00%

III)Provision for diminution in the fair value of restructured advances

1) Term Loan

The erosion in the fair value of the advance should be computed as the difference between the fair value of the loan before and after restructuring. Fair value of the loan before restructuringwill be computed as the present value of cash flows representingthe interest at the existing rate charged on the advance before restructuring and the principal, discounted at a rate equal to the bank’s BPLR as on the date of restructuring



plus the appropriate term premium and credit risk premium for the borrower category on the date of restructuring. Fair value of the loan after restructuring will be computed as the present value of cash flows representing the interest at the rate charged on theadvance on restructuring and the principal, discounted at a rate equal to the bank’s BPLR as on the date of restructuring plus the appropriate term premium and credit risk premium for the borrower category on the date of restructuring.

2) Working Capital

In the case of working capital facilities, the diminution in the fair value of the cash credit / overdraft component may be computed as indicated in para (i) above, reckoning the higher of the outstanding amount or the limit sanctioned as the principal amount and taking the tenor of the advance as one year. The term premium in the discount factor would be as applicable for one year. The fair value of the term loan components (Working Capital TermLoanandFundedInterestTermLoan)wouldbecomputedasperactualcashflowsand taking the term premium in the discount factor as applicable for the maturity of the respective term loan components.

3) Total dues to bank(s) are less than rupees one crore

Ifdueto lackofexpertise/appropriate infrastructure,abankfinds itdifficulttoensurecomputation of diminution in the fair value of advances extended by small / rural branches, as an alternative to the methodology prescribed above for computing the amount of diminution in the fair value, banks will have the option of notionally computing theamountofdiminution inthefairvalueandprovidingtherefor,atfivepercentofthetotal exposure, in respect of all restructured accounts where the total dues to bank(s) are lessthanrupeesonecroretill thefinancialyearendingMarch2011.Thepositionwouldbe reviewed thereafter.

4) Re-computingNPVeveryyear

The diminution in the fair value may be re-computed on each balance sheet date till satisfactory completion of all repayment obligations and full repayment of the outstanding in the account, so as to capture the changes in the fair value on account of changes in BPLR, term premium and the credit category of the borrower. Consequently, banks may provide for the shortfall in provision or reverse the amount of excess provision held in the distinct account.

C) INCOME RECOGNITION

On accrual Basis On receipt Basis

Standard Advances NPAs

Restructured Assets in Advances to Sugar Companies under scheme standard category

Govt. guaranteed NPA Advances

Restructured Assets in NPA category

AA


Long Form Audit Report

1. IntroductIon Reserve Bank of India (RBI) directs,

supervises and monitors Banking Industry in India. Audit assumes an important role in assisting the Regulator to supervise and monitor Banking Industry in India. There are different types of audits carried out in banks viz. Statutory audit, Concurrent audit, revenue leakage audit, stock audit, etc. Among these audits, statutory audit of the bank is an annual exercise.

The statutory Auditor of the Bank is required to submit Audit Report as per the requirements of the Banking Regulation Act, 1949. However, this report does not necessary communicates the lacunae in the operations and internal control system at the bank. Hence RBI advised Public Sector Banks to obtain Long Form Audit Report (LFAR) from the auditor since 1985. LFAR is a separate report to be submitted to the Management in the format, prescribed by the RBI. The format of LFAR was revised in the year 2003 and the present format is effective from 31st March, 2003.

2. Features oF LFar The Reserve Bank of India has

prescribed Two formats for LFAR viz. LFAR for Bank as a whole and LFAR for branches of the Bank. The branch auditors are expected to submit the LFAR in the format prescribed for the branches of the bank. The Central Statutory Auditor is expected to review the LFARs submitted by the branch auditors and draft his LFAR in the format prescribed for the bank as a whole. Therefore, it is necessary for the branch auditors to draft the LFAR carefully and with clarity so that relevant point if any, at the branch is not missed by the Central Statutory Auditor.

The format of LFAR is in a questionnaire form. These questions are to be

answered clearly. These questions are only indicative and not exhaustive. Therefore the auditor should not limit the report to only answering the questions. But any relevant point which the auditor feels necessary to mention, he may mention the same in LFAR.

LFAR is not a substitute for Statutory Audit Report. Nor it is deemed to be a part of Statutory Audit Report. Thus the main report is a self contained document and the auditor should not make any reference to LFAR in the report. The matters in the main report may be elaborated in the LFAR. Any adverse comment made by auditor in LFAR, the auditor should consider whether qualification in the main report is required. It is not necessary that every adverse comment in LFAR will result into a qualification in main report. Therefore the auditor should use his judgment in the facts and circumstances in each case.

3. Major cLauses In LFar The format of LFAR as applicable to

the bank branch audit consists of the questions on four major areas. Such as:

A. Assets

1. Cash

2. Balances with RBI, SBI and other Banks

3. Money at call and Short Notice

4. Investments

5. Advances

6. Other Assets

B. Liabilities

1. Deposits

2. Other Liabilities

3. Contingent Liabilities

Long Form Audit Reportca. abhay V. Kamat



C. Profit and Loss Account

D. General

1. Books and Records2. Reconciliation of Control and

Subsidiary records3. Inter branch Accounts4. Audits/Inspections5. Frauds6. Miscellaneous

In addition to these questions is also gives questionnaires applicable to specialized branches

• Dealing in Foreign Exchange Transactions

• Dealing in very large advances in excess of ` 100 crores.

• Dealing in NPAs such as Asset Recovery Management Branches.

• Dealing in clearing house operations, normally referred to as service Branches

Additionally, there is a format for Annexure for Large/Irregular/Critical Advances. Normally this annexure is to be filled up by the branch management and the auditor should verify the details mentioned in the Annexure. The details will be pertaining to the advance granted in excess of ` 100 crores.

Some of the matters mentioned in the LFAR needs compilation of information at the branch. It is the responsibility of the concerned branch to compile the information and hand it over to the auditor for verification. The auditor should verify the correctness of information and include the same in his LFAR. In case, auditor faces any problem in getting such information or has a doubt about the correctness of information, he should report the same in his LFAR.

4. rePortInG under sPecIFIc cLauses

4.1 cash The branch is expected to maintain the

cash balance within the limit prescribed

by the controlling authority. In case, the branch holds cash in excess of the retention limit, the auditor should report the same. Such excess balance should also be reported to the controlling authority within the prescribed time frame. The reasons for such excess cash balance should be inquired into.

Normally the global Insurance Policy for cash-in-custody or cash-in-transit is taken at the head office level. The head office of the bank normally sends confirmation to that effect to the branches.

The branch should hold cash in joint custody of the cashier and the Branch Manager. The Branch Manager is also expected to verify the cash periodically and put his signature to that effect. The auditor should report whether these directions are followed properly or not.

Apart from answering the questions in the LFAR format the auditor should comment on identification and disposal of soiled notes, counterfeit notes, stapling of notes, use of ultra violet lamps, Note counting machines etc.

4.2 Balances with rBI, sBI and other Banks

In case the branch maintains the account with RBI, SBI or any other bank the auditor should see whether the reconciliation statement for the year end balances is prepared or not. He should peruse the Reconciliation statement and find out the long outstanding entries in the statement. An explanation from the branch for pending entries should be obtained. In case any revenue item which is required to be adjusted or written off in the accounts, the same should be reported in LFAR.

The auditor should give the details of entries outstanding in the Reconciliation statement which are outstanding for more than six months with specific details of outstanding entries for more



than one year. The auditor may ask the bank to compile such information and verify the same before giving it in LFAR. The continuous failure of the branch to obtain the balance confirmation certificates and/or preparing reconciliation statements should also be reported in LFAR.

4.3 Money at call and short notice Normally money at call and short

Notice are accounted for at the treasury department, Head office. However, in case such transactions are located at the branch, the auditor should examine the balances held at the branch with reference to the general or specific authority and instructions/guidelines from the controlling authority. The cases of non compliance of relevant instructions should be reported including unauthorized deposits or deposits in excess of authorized limit.

4.4 Investments There are separate questionnaires for

the branches in India and for branches outside India. Though the reporting is to be done separately, the points to report are more or less the same.

The auditor should obtain a certificate from branch regarding investments held by the branch on behalf of the head office. The auditor should verify them physically. In case the security is not available physically, the holding certificate/confirmation to that effect should be obtained. The income on investment should be reported to head office. The auditor should see that accounting of such income is done properly. The matured investments should be encashed and the RBI guidelines for valuation should be followed properly. In case of any deviation the auditor should report the same. For valuation of investment, the auditor should refer to the master

circular on “Prudential Norms for Classification, Valuation and Operation of Investment portfolio by banks” issued by RBI.

4.5 advances The reporting under advances is to be

done under four broad categories viz.

• Credit Appraisal,

• Sanctioning and Disbursement,

• Documentation,

• Review/Monitoring and Supervision.

This topic is dealt in detail separately. Hence these aspects are not dealt in detail over here. The auditor should go through the questionnaire and try to deal with them appropriately. In statutory audit, verification of advances is one of the major areas. However the auditor should not overlook other areas too.

4.6 other assets The Balance Sheet of the bank contains

residual items about the assets which are not specified above, such as Stationery and Stamp, Sundries, Suspense A/c. etc. In case of stationery and stamps the auditor should check the control on custody and issue of stationery items, stamps, etc. The auditor should review the process and registers for the same. Stationery items will include Term deposit receipts drafts, pay orders, cheque books, traveller cheques, Gift Cheques, etc. The auditor should offer the suggestions for better control in maintenance and use of stationery. The instances of lost or missing stationery should also be mentioned in the report.

In case of Sundries and Suspense Accounts, the auditor should obtain the details of agewise analysis of pending entries in the account. Inquire about reason for entry being pending for



unreasonable period. Assess the position of recoverability of the amount. The auditor should exercise his judgment about making necessary provision against such amounts. In case any unusual items are notice while perusing the account the auditor should report the same. The auditor should not restrict his checking only to the pending entries but he should also look into the entries which are squared off during the audit period.

4.7 Liabilities – deposits A deposit accepted from the public is a

liability for the bank. Inoperative deposit accounts could be viewed as one of the fraud prone areas. Therefore there are certain guidelines for operations in inoperative accounts. The auditor should see whether operations in operative accounts are carried out as per the guidelines issued. In case, the guidelines are not followed, the details of deposits should be given viz. name of the party, the amount due, due date, nature of the deposits, etc.

The auditor should also review the deposit accounts both operative and inoperative to find out whether there are any unusual large movements (whether increase or decrease) in the aggregate deposits held at the year end. In such situation the explanation from the branch management should be obtained. The movements without proper explanation should be reported in LFAR.

Similarly, the auditor should obtain a list of overdue/matured deposits at the end of the year. The amount of overdue/matured deposits should be mentioned in LFAR.

4.8 other Liabilities – Bills payable, sundry deposits, etc.

The auditors should obtain age wise details of pending entries in bills payable, sundry Deposits Accounts from the branch management. The details

obtained should be scrutinized to find out whether there exists any unusual items or material withdrawal/debits.

4.9 contingent Liabilities The auditor should see that there exists

a system which gives a reasonable assurance that all contingent liabilities are identified and properly disclosed. The auditor should mention the list of major items of contingent liabilities (Other than constituent’s liabilities such as guarantees, Letters of Credit, acceptances, endorsements, etc.) not acknowledged by the branch. In addition, the auditor should obtain representation from branch management that all contingent liabilities have been disclosed and that the disclosed contingent liabilities do not include any contingencies which are likely to result in a loss and which therefore, require consequent adjustments of assets and liabilities.

4.10Profit andLossAccount The auditor should review the system at

the branch to compute the discrepancy in interest, discounts or commission and for timely adjustment thereof. The auditor should see the guidelines of controlling office in this regard. The interest and commission should be checked on test check basis to find out whether there exists proper system to compute them correctly. The income recognition Norms issued by RBI should be followed at the branch. The auditor should report any deviation in that regard. The report should also mention whether there is a system to estimate and provide interest accrued on the overdue/matured deposits.

The auditor should carry out the analytical procedure to find out whether there are any divergent trends in major items of income or expenditure. A suitable explanation should be asked for any divergent trend from the branch



management. In case the auditor is not satisfied with the explanation he should mention the same in his report with proper details for the said divergent trend.

4.11 Books and records In most of the situations, nowadays,

the books are maintained in the computerized environment. If the books are maintained manually, the auditor should peruse them to find out whether they are maintained properly. The balancing is done and it is properly inked out. The books are to be authenticated by proper signatory at the branch.

In respect of computerized environment, the hard copies of certain accounts should be printed regularly. The auditor should also mention the extent of computerization and adequacy of the access and data security measures and other internal controls. The auditor may review the process of creation of new logins, change of password the administrative control to access different files or reports through computerized system. There should be maker checker system. Updation of the master data should be under supervisory control. The modification in the master data should be registered to Branch Manager only. The auditor should also review the contingency and disaster recovery plan for the computer system. Timely backups, offsite backups, etc. should be reviewed to understand the backup procedure. The auditor should also mention any suggestion for efficient operation of the computer system.

4.12 reconciliation of control and subsidiary records

The auditor should see whether the subsidiary records are tallied with the control accounts. In case there are differences the same should be reported. He should also mention the date up to which the control and subsidiary records are balanced.

4.13 Inter branch accounts

Normally the inter branch transactions are passed through Head office account. The balance in Head Office Accounts as shown in the statement should be in agreement with the Head Office Account in General Ledger. In case of any difference, the reconciliation statement should be obtained. The pending entries should be scrutinized to report whether there is a system of responding the entry promptly. The outstanding debit entries in the Head Office Account should be mentioned. The items of double response in Head Office Account should also be reported. The report will also give old/large outstanding debit entries as at the year end which remains unexplained.

4.14 audits/Inspections

The auditor should review the audit reports for concurrent audit, RBI inspection special audit, Internal audit, credit audit, etc. and find out whether they are complied properly. While finalizing the report the auditor should consider the major adverse comments arising out of these reports.

4.15 Frauds The auditor should peruse the fraud

Register and report particulars of Frauds discovered during the year under audit at the branch. The auditor can also give suggestions to minimize the possibility of their occurrence.

4.16 Miscellaneous

The auditor should mention about the adequacy of control and maintenance of records in relation to the Fixed Assets at the branch. The Fixed Asset Register should be updated. The calculation of depreciation should be checked properly and any deviation should be reported.



The auditor should report whether examination of accounts indicate possible window dressing. The auditor should review the transactions near to the balance sheet date to look into the possibility of window dressing in the account.

The auditor can also mention any other matter which he would like to bring to the notice of the management or Central Statutory Auditors.

4.17 Questionnaire applicable to specialized branch

Now-a-days the banks prefer to have branches on the basis of specialised functions such as branches having foreign exchange transactions, branches for large advances Asset Recovery, Management Branches, Service Branches, etc. The LFAR also provides separate questionnaire for audit of such specialized branches. The auditor is supposed to report additionally as per applicable questionnaire.

While answering these questionnaires, the auditor should understand the functions and working of these branches properly and use his audit checks.

5. Finalisation of LFar• The auditor should study the

contents of LFAR questionnaires thoroughly and plan for preparation of his LFAR of the branch.

• Though the main report and LFAR are two separate reports, it will be advisable to finalize the Audit Report and LFAR simultaneously.

• LFAR is a descriptive report, which will communicate the observations

to the Central Statutory Auditors to finalize his final report. Hence the comments in Bank Branch LFAR should not be vague and they should be properly supported by the incidences/observations.

• It is advisable to discuss the contents of LFAR with the branch head and get his responses before finalizing the same. The objective is to ensure correct presentation so as to state facts which have been verified during the course of audit.

• Do not copy the LFAR of the last year for the current year. The observations given in the LFAR should be properly supported by the incidences/observations which the auditor comes across.

• The documents to support the observations mentioned in the LFAR should be maintained in the working paper file. The working paper file should be preserved for future reference.

6. concLusIon With the spread of Banking activities,

the audit in the bank assumes utmost importance. The Stakeholders, Management, Regulator and the Society at large have lot of expectations from the auditors. With the changing technology and complexity of operation in the bank, audit assumes more and more risks. Therefore as an auditor, it is not only important to carry out the audit diligently and meticulously but also to develop a meaningful Audit Reporting Process.

AA


Profit and Loss Account Verification in Bank Branch Statutory Audit

Generally in bank branch statutory audit more focus is on verification of advances. At times less important is given to verification of the Profit and Loss Account. Effectively we certify the financial statement as true and fair, profit and loss account is integral part of it. Hence verification of other aspects such as interest income and expenses etc. are equally important as is advances verification. Also in view of numbers of fraud happening we need to be very cautious while carrying out bank branch audit.

Many banks still prepares two half yearly profit and loss accounts i.e. half year ended 30th September and 31st March at the branch level and auditors have to certify both half year’s profit and loss account.

Due to paucity of time available, we have to be well planned in carrying out the audit. We need to decide our test checks criteria, selection of sample etc. We need to begin the audit with comparative analysis and Ratio Analysis of current period figures with previous corresponding periods.

Previous year’s report and internal audit report such as RBI Report, Income Audit, Revenue Audit, Concurrent Audit and Internal Audi will also provide useful information for selecting samples from each head. Based on it we may be able to identify problematic / gray areas. Areas where we need to give more thrust.

Before we begin the audit of Profit and Loss Account, We must get an idea about accounting policies of the bank with regards to recognition of income, expenses, overdue interest on term deposits, booking of depreciation, gain / loss on asset sold, Broken period interest / commission on bills, guarantee and such advances. Booking of investment income, provision of bad and doubtful debt, employee related provisions such as gratuity, pension etc. Based on accounting policies the plan for verification should be created. Appropriate disclosures

needs to be given for non-provisions of some of the expenses at branch level.

Income Major part of income of the bank is from interest on advances. We need to find out type of advances given by the bank and average prevailing interest rate charged by the bank.

We need to verify 100% of the charging of interest in Major Advances Accounts and in rest on test check basis. One can verify overall interest income earned on the basis of the average monthly advances outstanding in each category of advances and percentage of such average interest earned.

This should be calculated for current year as well as previous year. This is found to be very useful tool for avoiding any gross errors in interest calculations. Even computer software bugs such as debiting / crediting interest twice erroneously or omitting interest booking (revenue leakage) can be easily caught by these analyses.

The changes in interest rates are communicated by way of circular from the head office to branches. Such circulars should be obtained and changed rates’ effective dates should be verified.

On the new advances, we need to examine processing fees is charged or not? On the advances not utilized, commitment charges needs to be recovered.

In case of certain advances schemes discontinued by the bank, the interest rates are to be updated manually, also in general also interest data is fed centralized thus the interest has to be calculated manually on test check basis. Errors may happen in calculation of interest or feeding of interest rate or value date etc or updation of interest rates. Accounts where manual interest is fed should be given more weight age while test checking.


CA. Ketan D. Saiya



In case of interest on advances against which subsidy is received, the interest is calculated on outstanding balance after adjusting the subsidy balance. Hence such interest is calculated manually. Thus such accounts should be checked in depth.

In case of recovery in written off accounts based on bank’s policy, if income is credited to other income, proper updation of dummy ledgers should be checked. Sundry creditors or other liabilities should be scrutinized to check whether any recovery in written off account is credited therein. Any such amount should be credited to income.

Penal interest charged can be verified on selective basis with respect to different types of defaults and non-compliances for delay in submission, non-submission of periodical data such as late submission of financial statement and other period data – stock/book debt statement etc. Not providing information for renewal of facility will also attract penal interest. Also in case of cash credit accounts, penal interest needs to be charged if the outstanding balance in the account exceeds its drawing power.

Method of charging renewal fees and its actual debits needs to be examined. For verification of other income like Commission on DD etc. applicable rates needs to be taken and it needs to be verified on test check basis. In certain cases DD issued to staff, valued customers etc are not recovered or recovered at concessional rates, authorization for this need to be verified.

In respect of accounting of commission on guarantees or L/C, it has been observed that banks follow different practices for accounting commission as income. Some banks account as and when income is collected, whereas some banks account income over the period of guarantee, thus commission for unexpired period of guarantee is treated as ‘received as advance’ and is shown as liability. Thus one should ensure that the accounting policy adopted by the bank is consistently followed by the branch.

We need to check that bank has not considered unrealised interest on any NPA (including Government guaranteed advances), irrespective of the fact whether the NPA has been subjected to any restructuring, rescheduling or renegotiation of terms.

Interest on NPA can be booked only upon realization. However it should not be out of fresh/ additional credits. The realization has to be genuine.

Interest on exempted advances against Fixed deposits, NSCs, KVPs and life Insurance Policies (LIC) can be booked as income, provided adequate margin is available in accounts

We need to verify, whether any fees or commission earned by the banks as a result of re-negotiations or rescheduling of loans is in line with the RBI Circular.

In case of lockers, recovery of rental by debiting to respective savings account of the locker holders needs to be verified in general. Statement of outstanding locker rent needs to be obtained.

Commission on Government business needs to be checked with Head office RBI confirmation.

Income on Forex transactions need to be verified based on type of branch and type of income.

Income on other activities such as investments activities like PMS, Mutual Fund, Insurance marketing, interest on investments, on balances with RBI and other inter-bank funds, needs to be accrued in books.

To verify income of extension counter (if any) of the branch and also we need tom verify balance reconciliation with extension counter.

To verify amount received from court due to settlement of cases.

To verify profit booked on sale of land, buildings and other fixed assets.

Expenditure:

We need to verify Interest expenses on various types of deposits like savings, fixed-



term, recurring etc. Interest has to be as per prevailing rates as per bank’s circular. We need to examine that whether interest has been changed time to time as per head office guidelines or not?

We need to verify the bank’s policy with regards to booking of expenses

All Establishment expenses also need to be verified on test check basis. We need to see that expenses are booked based on the accounting system of the bank say if mercantile system, expenses for whole year needs to be provided. Some Bank’s have wrong notion of booking expenses of twelve months i.e. from March of previous year to February of current year, which needs to be corrected.

Expenses like salary needs to be verified on test check basis. For all other expenses we need to verify authority available to branch manger. In case of higher expenses head office approval needs to be verified.

We need to carry out physical verification of stationery and if required need to call for provision for old obsolete stationery items.

Many branch premises are on rentals, we need to verify agreement of lease and debit of rent as per the prevailing agreements. In many cases agreements have expired and dispute exists between the branch and landlord. Which are mainly going on for increase in rental or any other term, in such cases appropriate provisions needs to be done. The requirements of AS - 29, ‘Provisions, Contingent Liabilities and Contingent Assets’ should be referred to in such case.

Based on accounting policies, provision of all known expenses and losses needs to be examined. In case of fraud un-recovered amount needs to be provided fully.

We need to verify head office interest received / paid by the branch based on internal policy for the same.

To verify various Tax audit requirements mainly TDS on interest payments and on applicable expenses. Normally it is seen branches making defaults in timely deduction of TDS.

To verify currency chest expenses (if any) is there in the branch.

To verify expenses of extension counter (if any) of the branch.

To verify legal fees paid to advocate is in respect of which legal cases, these might give details of potential liabilities of the branch.

While verification repairs & maintenance, auditors should verify that capital expenses are not debited to profit & loss account, and expenses of revenue nature are not capitalized as assets.

We can take Management Representation letter on booking of all known liability and expenses and all other issues.

We need to examine entries passed for last year Memorandum of changes suggested by the last year auditors.

Also we need to take engagement letter for audit.

We need to see depreciation policy of the bank and accordingly audit plan needs to be designed.

Applicability of other accounting standards needs to be examined and accordingly audit plan and reporting needs to be seen.

To verify foreign exchange valuation Gain or loss booked.



CHECKLISTSS.No Particulars To be Checked by

/ reviewed by

Checklist of income

1 Check Accounting Policies of bank / branch for booking of various income and expenses.

2 Study Internal, Concurrent, Income, Revenue and RBI Audit Reports

3 Obtain data for volume in various categories of income and expenses such as no. of accounts opened / closed in each category.

4 Obtain the latest circular for interest income on various types of advances such as priority sector / non-priority sector etc.

5 To verify major advances 100% and other advances on Test check basis.

6 Obtain data for average interest earned on each type of advances and average monthly advances given in each category,

7 To verify processing fees on new advances

8 To verify commitment charges on unutilized advance limits.

9 To verify Interest received on NPA specifically RBI guidelines which says credits in the respective accounts towards interest should not be out of fresh/additional credit facilities sanctioned.

10 To verify unrealized interest in case of fresh NPA

11 To verify availability of Margin in case of exempted advances such as against NSC,LIC, FD, etc.

12 To verify recovery of fees / commission on re-negotiations or rescheduling of loans

13 To verify recovery of locker rent and outstanding locker rent.

14 To verify Head office interest earned.

15 To verify the other income

16 Branches having InvestmentsIncome on investments interest, dividend etc. is to be verified

17 Branches having Government businessWe need to verify booking of the Government commission based on the policy of the bank.

18 To verify income of extension counter (if any) of the branch.



S.No Particulars To be Checked by / reviewed by

19 To verify amount received from court due to settlement of cases

20 Commission on Government business needs to be checked with Head office RBI confirmation.

21 Income on Forex transactions need to be verified based on type of branch and type of income.

22 Income on other activities such as investments activities like Mutual Fund, Insurance marketing needs to be accrued in books.

Checklist of expenditure

1 Obtain the latest circular for interest expenses on savings account, on fixed deposit, on all other type of deposit.

2 To study bank’s policy on booking of expenses

3 To verify expenses are booked as per accounting policies.

4 To Verify application of interest in all deposit accounts for the year.

5 To verify interest paid on Major deposits

6 To verify other expenses including salary

7 To verify rest on test check basis

8 To carry out ratio and comparative analysis on various types of deposits and check its reasonableness.

9 To verify lease agreements of the branch and payment of Rent, TDS (if any) thereon.

10 To give adequate disclosures in Audit report on non booking of expenses at branch level

11 To take MR from branch management wherever required

12 To verify currency chest expenses (if any) is there in the branch.

13 To verify various Tax audit requirements mainly TDS on interest payments and on applicable expenses. Normally it is seen branches making defaults in timely deduction of TDS.

14 To verify expenses of extension counter (if any) of the branch.

15 To verify legal fees paid to advocate is in respect of which legal cases, these might give details of potential liabilities of the branch.

16 To verify foreign exchange valuation Gain or loss booked.

AA



NOTES


Sensitive Accounts & Reconciliations

Sensitive accountsThere are certain accounts in the bank branch which require special attention from auditors for close examination due to the sensitivity attached with them. These accounts needs tremendous monitoring since these are fraud prone accounts.

Sensitive accounts includes:

Suspense Account Sundry Deposit Account Demand Draft/Pay Slip Payable Account Clearing Adjustment Account Inter Branch Account

Most easy task for any bank staff is to debit suspense—under any name say Current Deposits, Miscellaneous account, Suspense account. Difference in Books account, Staff Advances, Legal Expenses, Difference in Clearing, Frauds and Embezzlement, etc. Auditors should verify year-wise break-up of old outstanding entries in such accounts and the reasons for such entries remaining unreconciled/unresponded. Report the inadequacies in liquidating the old outstanding entries lying in such accounts. Non-recoverable debit balances shall require reporting in the Main Audit Report/M.O.C. for making adequate provisions. The debit balances, which are not explained along with documentary evidence to the satisfaction of the auditor, should be qualified.

The auditors should carry out ledger scrutiny of these accounts and identify any unusual entry in the account, which does not have a corresponding debit or credit transaction or reconciliation. Auditor has to determine whether such unusual items are required to be reported in the Main Audit Report.

Auditor must examine the system followed by the branch in recording transactions in such accounts. The operations in these accounts must be thoroughly examined by the auditors with respect to delegation of powers, authorization required.

Process of Reconciliation of entries outstanding in these accounts needs to be verified by the auditors. The details of transactions outstanding such as Date of transactions, narration, amount, etc. must be verified and reasons for recording such transactions in these sensitive accounts must be ascertained.

The vouching and verification of transactions recorded in these sensitive accounts must be properly planned by auditors to ascertain the correctness of the transactions posted therein. The vouchers should be thoroughly checked for the transactions and also the genuineness of the corresponding adjusting entry should be verified. Reasons for outstanding entries should be ascertained so as to enable auditors to form opinion whether the entries outstanding could have been adjusted to the appropriate account heads. Outstanding entries should be scrutinized with emphasis on reasons for pendency. Adjustment entries passed during the year in these sensitive accounts also needs to be verified thoroughly.

Entries long outstanding needs extra attention so as to verify the unreconciled transactions are properly recorded and sufficient details of transactions are available for verification. These unreconciled transactions must have been reported by the branch to concerned controlling offices and the follow up action taken should be thoroughly verified by the auditors.

Auditor should evaluate the existence, effectiveness and continuity of internal control over transactions in such sensitive accounts.

ReconciliationsThere are various types of reconciliations prepared at the branch and branch auditor has to verify and comment on the same. Some of these reconciliations are as under:

Bank Account Reconciliation

Auditor has to obtain reconciliation statement prepared by the branch and comment

Sensitive Accounts & Reconciliations

CA. Niranjan Joshi



about any cash transaction remaining unresponded, any revenue item requiring adjustment/accounting or any old transactions remained unadjusted/unaccounted. The auditor is expected to obtain age-wise list of reconciliation items and the above details should be given based on such information. Decide whether the same needs to be qualified in the Auditors Report or not depending on the materiality of the amount. Apart from materiality of item, the auditor should also determine the nature of item so as to qualify the report. If any item deserved special attention of the management, the same may be reported. Persistent default by the branch in not getting confirmation certificate and no recon ciliation by the branch of the account should be reported. Material, long period, unadjusted item should be reported together with nature, amount and period.

Reconciliation of Control and Subsidiary Records

Verify the figures of the control and subsidiary records at the year-end and check whether the same are reconciled. If not, check the last date up to which such figures have been reconciled and report the difference in respective account heads. Where subsidiary records have not been balanced then it should be reported indicating dates up to,

which records are not balanced. Also verify the reconciliation of control and subsidiary records throughout the year under audit on test check basis to review the system of reconciliation.

Inter Branch Accounts

The auditor should check the balance in Head Office Account with the ledger balance and also cross verify it with reconciliation statement prepared by the branch. If there are any outstanding debits in the Head Office Account in respect of branch transactions, check the basis of reconciliation and verify necessary adjustment vouchers. Branch has to expeditiously comply with/respond to the communications from the designated cell/Head Office as regards unmatched transactions. Auditor should verify whether there are any unresponded/uncomplied queries or communications at the year end. If so, details of the said should be thoroughly verified. The auditor should take confirmation from the branch that it had expeditiously complied with/responded to the communication from the designated cess/head office as regards unresponded/uncomplied queries. He should also verify the same with the documentary evidences. If auditor comes across items of double responses in Head Office Account, it should be checked on the basis of head office reconciliation statement.

AA


Fixed Assets

Fixed Assets in bank branch comprises premises, furniture and fixtures, Computers, Safe Deposit Vaults, Electrical Fittings, Vehicles, Office Equipments etc.

Most of the Fixed Assets at the branch are purchased through centralized system by Controlling Office. In some cases the Furniture and fixtures are also provided by bank to staff and the account for the same is maintained at the respective branch where the staff is posted.

There is no uniformity amongst various banks in maintaining records for the fixed assets. In some cases the records are maintained at the controlling offices and in some cases the same is maintained at the Head Office. Depreciation on these fixed assets is charged as per calculation provided by the respective offices maintaining records for the fixed assets and branch records the same based on the advise received.

Fixed Assets are disclosed as Premises and Other Fixed Assets as per the Third Schedule to the Banking Regulation Act, 1949.

Original Cost of Fixed Assets as on 31st March of preceding year, additions thereto and deductions there from during the year and total depreciation to date is to be disclosed in the financial statements.

No rates of Depreciation on fixed assets have been prescribed by the Banking Regulation Act, 1949. It is expected from the auditors to examine the rates of depreciation are appropriate in the context of expected useful life of respective fixed assets and the same has been calculated correctly. Reserve Bank

of Ind ia has directed that in respect of computers and data processing equipments, the depreciation should be provided over three year period.

Auditors should verify the Fixed Assets Register and comment on the discrepancies noticed at the time of physical verification. It is also expected from Auditors to verify whether the records maintained for fixed assets records all the fixed assets acquired and held by the branch irrespective of whether the values thereof or depreciation thereon have been centralized. Documents of title in relation to the fixed assets should also be verified by the auditors.

Auditor should verify the opening balances as per the schedule of fixed assets in the financial statements and the fixed asset register. Additions and deductions should be vouched with reference to authorization, record of payment / receipt etc. Auditor should also examine the balances as per the register / records and financial statements.

In case of furniture, office equipments, computers transferred from one branch to another, auditor should verify the amount of fixed assets and accumulated depreciation are correctly transferred to the respective branch.

Proper classification of fixed assets must be verified by the auditors.

Auditor should refer to Accounting Standard 26 for Intangible Assets such as Software.

Auditor should refer to Accounting Standard 28 for Impairment of Assets to ensure that the assets are carried at not more than their recoverable amount.

Fixed AssetsCA. Niranjan Joshi

AA



NOTES


Audit Reports and Certificates

IntroductionWhile the audit of a bank is like the audit of any other entity, a unique aspect of it is that there are a number of stakeholders and all of them depend on one independent entity – the Statutory Auditor — to provide them with the reports required by each one of them. As a result, besides the regular reports that are required to be given, an auditor can has to provide specific reports/certificates to comply with the requirements of these stakeholders.

While all these reports/certificates to these stakeholders are to be provided by the Central Statutory Auditors, these auditors in turn have to rely on the Branch Statutory Auditors to provide them most of these reports/certificates. Hence, at the branch level, a number of reports/certificates have to be issued by the Branch Auditor, some of which are as follows:

• Statutory Audit Report

• Branch Returns

• Memorandum of Changes (MOC)

• Long Form Audit Report (LFAR)

• Tax Audit Report

• Misc. Certificates

Statutory Audit ReportThe statutory audit report is the key report issued by the Branch Auditor. ICAI has issued comprehensive guidelines on the standards of auditing to be followed by the Auditor for the purpose of auditing and issue of audit report.

It is to be noted that this is an independent report and all the critical issues arising during the audit have to be covered here. Moreover, this should be a standalone report and hence matters reported here should not give a reference to some other report.

Generally, the bank provides a specimen of the Audit Report to be submitted. However, it is recommended that the Auditor should draft his own report and include all qualifications that are required to be reported.

Based on the accounting systems followed by the banks, a number of provisions are made only at the central office level – for example, provision for NPAs, audit fees, bonus, gratuity, income tax, etc. Since the report issued by the Branch Auditor is an independent report, it is necessary for the Branch Auditor to state this fact and quantify these amounts, if feasible.

In extreme cases, where the Auditor has not been able to carry out the audit satisfactorily or no or inadequate records have been produced to him or there are major inconsistencies in the records, etc. making it difficult for the Auditor to give an unqualified report, the Auditor should issue a qualified report regarding the “true and fair view” of the accounts under audit. However, in such an event, it is imperative on the Auditor to substantiate the facts and reasons for giving a qualified report.

Branch ReturnsIn order to effectively consolidate the accounts at the central office level, each bank has devised a set of standard formats, collectively called Branch Returns. The Branch Auditor has to verify and certify each of these returns, even if the data in the said Return is “Nil” or “Not Applicable”.

These Returns are prepared by the branch, but have to be verified by the Branch Auditor.

While verifying these Returns, the Branch Auditor has to check the following:

• The primary documents in these Branch Returns are Trial Balance and/or Balance Sheet and Profit & Loss Account of the Branch. These documents are forwarded to regional/zonal office, prior to the completion of the audit, for the purpose of consolidation and hence banks do not allow any modifications in these statements.

• The above returns and all other returns have to be verified with the relevant subsidiary records/accounts at the branch.

Audit Reports and CertificatesCA. Ismail B. Sonawalla



• All overwritings, deletions, etc. should be properly authenticated by the authorized branch officials.

• In case any error is noticed, the same should not be changed in the Return, but should be noted in the Memorandum of Changes (MOC).

Memorandum of Changes (MOC)Generally, a bank prescribes three types of MOC formats to report the discrepancies noted in the accounts by the Auditor

1. Assets and Liabilities

2. Income and Expenditure

3. Changes in Asset classification

Like the Branch Returns, submission of MOC, duly certified by the Auditor is mandatory. If there are no changes to be made, the Auditor is required to submit a ‘NIL’ MOC.

These MOCs are required to be signed by the Branch Manager as a token of acceptance of the changes being recommended in the MOCs.

However, it may happen that the Branch Manager does not agree with the changes suggested by the Auditor and may not sign the MOCs. In that case, the Auditor is required to submit the MOC without the Branch Manager’s concurrence, giving explanations why he is recommending those changes. In such a case, the regional office would call for separate explanation from the Branch Manager to put the same before the Central Statutory Auditors.

Long Form Audit Report (LFAR)The LFAR is a report to the management of the bank, unlike the Statutory Audit Report, which is for the shareholders of the bank. Hence, while drafting the LFAR, the Auditor should keep in mind the following issues:

1. Since LFAR is a management report, it should be addressed to the management of the bank with a copy to the Central Statutory Auditors.

2. For the purpose of standardized report, a specific format has been prescribed for LFAR. The Auditor should ensure that his report is in the prescribed format only.

3. The LFAR is not a substitute for the Statutory Audit Report. Many a times, the Branch Manager may suggest that certain critical matters should be covered only in the LFAR and not the Statutory Audit Report. This is not correct. All critical comments, though covered in the LFAR, should be repeated in the Statutory Audit Report.

4. Though LFAR and Statutory Audit Report are two different documents, nevertheless, they are comments on the same accounts and hence they should not contradict each other. For example, in LFAR, adverse comments about the chance for recovery of a particular advance is given, but in the NPA statement, the same is classified as Standard Asset and no reference of the same is given in the Statutory Audit Report.

5. In order to give the management a fair idea about the irregularities noted, some examples/illustrations should be given in the LFAR, though it may not be feasible to give an exhaustive list.

6. However, it is necessary that comments given should be specific to enable the management to take corrective steps. Vague comments do not help anybody.

Tax Audit ReportThis report has to be given under section 44AB of the Income-tax Act and hence the Auditor has to ensure that all the requirements prescribed for this report by the Income Tax authorities is complied with.

Quite a few issues in this report relate to the central office only. Nevertheless, the Auditor should verify the information available at the branch level. For example,


Audit Reports and Certificates

1. All the columns are filled up or ‘Not Applicable’ is noted.

2. All deviations, which are required to be reported are checked and reported accordingly.

3. Verification of purchase, transfer, sale and write off of fixed assets

4. Compliance of statutory deductions and its deposit in time with the concerned authorities like

• Provident fund, profession tax and staff income tax

• Non-deduction of TDS or deduction of TDS and its timely deposit on payment of rent, professional fees, contract charges, etc.

5. Repayment of deposits of more than ` 20.000/- in cash.

Misc. CertificatesBased on the type of loans/business being handled by the branch, the certificates to be provided by the Branch Auditor may differ from branch to branch. However, in order to ensure that none of the certificates are missed out, the banks insist that if a particular type of business is not transacted at the branch, the Branch Auditor should issue a “NIL” or “Not Applicable” certificate.

Some of the certificates required by the bank are –

1. Cash position on different dates

2. Verification of Friday statements

3. Investments held on behalf of central office

4. Certificate for claim under DICGC

5. Certificate for claim under Prime Minister Rojgar Yojana (PMRY)

6. Certificate under Agricultural Debt Waiver and Debt Relief Scheme, 2008

7. Certificate for compliance of Ghosh & Jillani Committee recommendations

Conclusion

The Central Statutory Auditor compiles his report about the bank on the basis of similar reports issued by the Branch Auditor. Therefore, it is very necessary that the Branch Auditor ensures that the various reports and certificates issued by him are as specific and clear as feasible.

If certain matters are unclear to the Branch Auditor, he should bring out the same clearly in his Statutory Audit Report to enable the Central Auditor to take an informed decision on the same.

AA



BackgroundSince time immemorial, the banking sector has been facing the threat of frauds and slackness in implementation of internal systems and controls.

To study these two major issues and give recommendations to minimize the same, the Reserve Bank of India (RBI) set up two high level committees.

The first committee under the chairmanship of Mr. A. Ghosh, the then Deputy Governor of RBI, was given the mandate to enquire into the various aspects of frauds and malpractices in the banks and to give recommendations to minimize the same.

The second committee, under the Chairmanship of Mr. Rashid Jilani, former CMD Punjab National Bank, was asked to review the internal control, inspection and audit systems in banks.

Both the committees conducted an in-depth study of the banking system covering the respective areas assigned to them and submitted their reports.

RBI accepted the report of Ghosh Committee in 1993 and that of the Jilani Committee in 1996. Based on these reports, RBI came out with an extensive questionnaire which is popularly known as “Ghosh & Jilani Reports”. There are separate set of questions for the branches and the supervisory offices.

These questionnaires are answered by the branch and the same have to be verified and certified by the Branch Auditor.

Ghosh Committee’s RecommendationsAs stated earlier, the Ghosh Committee’s recommendations relate to frauds and malpractices in the bank. Its main objective is to ensure the existence of proper systems in banks, to ensure safety of assets, compliance of laid down policies and procedures, accuracy and completeness of the accounting and other records, proper segregation of duties

and responsibilities of the staff and timely prevention and detection of frauds and malpractices. The questionnaire requires a clear “Yes” or “No” answer to be given for each question.

Of the total 97 recommendations, branches are required to report on 27 recommendations, branches as well as RO/ZO/CO are required to report on another 27 recommendations, while RO/ZO/CO are required to report on the balance 43 recommendations.

Jilani Committee’s RecommendationsAs stated earlier, Jilani Committee’s recommendations relate to review the internal inspection and audit systems in banks with a view to strengthen supervisory system and to ensure reliability of data.

There are three broad categories of recommendations based on areas of operations.

a. EDP environment in banks.

b. Inspection/Internal audit in banks.

c. Miscellaneous

The questionnaire formulated contains 25 questions to be answered as “Implemented” or “Not Implemented”. It is to be filled up at the branch level, at RO/ZO level and finally consolidated at the central office level

ConclusionBoth these reports are very important to give a bird’z eye view of the systems being followed in the branch and its weakness, which may lead to malpractices and fraud.

Central Statutory Auditors have reported in the past that these reports received from the branches are at times a replica of the previous year’s report. Auditors may note that they are accountable for the answers given in these report and they can be pulled up, if it is proved that they were negligent in their verification.

AA

Ghosh and Jilani Committees’ Recommendations

CA. Ismail B. Sonawalla


Bank Branch Audit in Core Banking Environment

Over the last decade, the impact of technology and automation in banking sector has been so rapid that the way the banking transactions were conducted a decade ago has almost become a part of history. In our country in particular, in all spheres of operations in banking sector unprecedented automation has taken place, beginning from Partial Branch Automation (PBA) to Total Branch Automation (TBA) and finally to Core Banking Solutions (CBS).

All of us have witnessed this transition as customers and constituents as well as auditors of the banks. However, in our role as auditors we not only need to be aware of this transition but must be able to understand its impact, benefits and risks and ways and means to mitigate the risk on our work as auditors. It is in this context that we need to appreciate the strengths and pitfalls of this environment. We also need to understand the modifications required in our approach to audit under such an environment. The object of this paper is to help you understand the peculiarities of the core banking environment and its impact on our audit techniques and methodology.

Requirements of Auditing Assurance Standard (AAS) and Computerised Information Systems (CIS):

AAS are mandatory with reference to conduct of audit in a fashion similar to Accounting Standards for preparation of financial statements. AAS 6 dealing with Risk Assessment and Control and AAS 29 dealing with Audit in CIS Environment lay down various requirements with regard to audit in computerised environment. The auditors of the branches of banks must also adhere to the requirements of these standards in conduct of the audit.

Understanding the core banking environment and the difference between partial and total automation:

Partial Branch Automation (PBA) was the first step in automation in the banking sector. At this stage, some parts of the functions of the bank were automated through use of computer and other technology devices, but a large part of operations remained manual. Under such circumstances the focus of automation was primarily at the branch level and each branch had its own independent IT set up. However, the programmes which were used by the branches were similar. Inter-branch connectivity and information exchange was by and large manual. In the present scenario very few small branches may be having this type of environment.

Total Branch Automation (TBA) was the second stage of the automation process wherein almost all operations barring a few areas were automated through use of computer and information technology. However, even at this stage the focus of automation was primarily at the branch level and all the information databases relating to a particular branch were localized at the branch. Anywhere banking, multi branch banking or real time banking was not possible under such environment as the connectivity between various branches was either non-existent or offline in batch mode. You may still encounter such branches particularly in smaller banks who have not fully switched over to core banking as yet. The following diagram shows typical the set up in TBA environment:


CA. Ramesh Kedia



Core Banking Environment:

Core Banking is an environment which provides complete end-to-end connectivity amongst all geographical locations and branches and makes possible environment of anywhere, any-time, real time banking. This environment is based upon Client-Server architecture. The following diagram shows a typical set up in such an environment:

This environment is based on a centralized database which is connected to various service outlets or branches through various interfaces.

At the heart of the core banking solution is the Data Centre or IT or CBS Hub of the bank. In this place one or more (actually an array of) servers are deployed. These servers have two principal components residing in them. One section of the servers contains the Core Banking Application which is used as an interface to connect with the data base. These servers make the CBS Application available across the entire network of the bank. The other section of the servers contains the database where the actual transaction data are stored in the form of normally a Relational Database Management System (RDBMS). These two principal components, i.e. the Application Servers and the Database Server are constantly in interconnection with each other providing a seamless environment for carrying out the banking operations. In actual practice depending on the size and complexity of the network of the bank there may be one or more data centres deployed

at diverse geographic location which are connected in real time.

Each of the offices and branches including the ATMs and other public interfaces to the banking system of the bank are technically referred to Service Outlets or SOLs. These SOLs are connected to the centralized hub or data centre by way of dedicated and/or public communication lines through various kinds of network connectivity.

The typical set-up at any branch of the bank (which is an important component of the banking network and would be a subject matter of the audit by the branch auditors) consist of one or more branch servers and various application nodes through which the application and database is accessed and transactions are actually carried out.

The branch server typically houses a copy of the Application Client Software component of the banking application which resides in the central application server. The branch server also contains a replica of the data base of the transactions as far as it relates to the transactions of that particular branch or SOL.

This branch server is in turn connected with the centralized hub in real time. Similarly the nodes at the branches are connected to the branch server and through branch server to the centralized hub in real time.

Each of the nodes has a copy of the Application Client Software from the branch server and connects to the branch server to use the file and print services as may be required by them.

The central server continuously pushes branch transaction and information to the branch server to update the information for offline services. Similarly the branch server continuously pushes the transactions carried out at the branch to the central servers and database for constant online updating.

In order to make any banking transaction in this system, the user approaches any of the SOL (including internet banking) and carries out transaction. The user interacts in



real time with the entire network right up to the central data centre. By implication the transaction data pass through the entire chain and link of the network which connects this entire infrastructure.

Any time during this interaction process and flow of data, the data are susceptible to interception, modification, theft, manipulation, diversion and all kinds of unauthorized changes which may lead to grave financial risks, disruption of service, frauds and colossal financial loss to the organization. Therefore, in an IT enabled banking environment it is of paramount importance to ensure in a foolproof way that the entire flow of data from end to end, i.e. from SOL to CBS and back is carried out in a safe and secured manner so that these risks are mitigated. The entire gamut of CIS controls put together are primarily designed to take care of these additional risk factors which may come in this environment in addition to the normal risks to which the banking industry whether IT enabled or not is generally susceptible.

CBS has brought significant changes in the work flow, accounting activities, house-keeping and security aspects in the banking sector. It has also significantly impacted the internal controls in the banking sector.

The focus in CBS is to exercise centralised control for the entire bank so far as it is feasible and possible. This centralised control is exercised at the data centre. However, various activities and functions which need to be exercised at the service outlets are carried out at various locations. For example periodical runs / mass activities such as control over user accounts, system parameters, updation of global parameters, balancing and reconciliation of ledgers, interest applications at periodic intervals, etc, are carried out at the data centre. Routine banking transactions like payment of cheques, issuance of deposit slips, creation of clients of master parameters, updation of various parameters in various masters from time to time etc. are carried out and controlled at the service locations and branches.

Since the transactions have no geographical boundaries, information travels through various kinds of secured and unsecured mediums. In this environment confidentiality, integrity and availability (CIA) of the system and its data assumes a special significance and is of paramount importance.

The following diagram depicts typical core banking system with all its interfaces.

From the above, you can understand that it is a very complex system with multiple operating platforms, software functionalities and connectivity. Various controls are required at each of the entry and exit point in this system to ensure the adherence to the CIA principles. In order to appreciate and understand this complex environment, the auditors need to continuously update their knowledge and understand its impact on their audit functions. The auditors should be able to understand typical controls which exist and are required under such an environment. They should also be able to use the inherent strengths of this environment while taking adequate precautions against the possible pitfalls and risks of such an environment.

Various controls and necessary modifications required in the audit approach under such environment are discussed in the following paragraphs.

General Administration & House-Keeping

Migration Controls

Many of the banks are in the process of switching over to CBS from TBA or PBA



in a phased manner. This is referred to as the migration process and needs to be handled very carefully because all data and information need to be fed in the new system from the old system. Any error that might creep in at this stage can have a devastating impact. If the branch has migrated from a previous system to CBS, then, in order to ensure consistency and integrity of data migrated, it is essential that adequate data validation procedures like verification of master-data, mapping of accounts (linking of accounts with appropriate tables/ scheme codes/GL or SL heads), confirmation of accounts, verification of arrears of loan instalments, etc. have been carried out at the Branch. Migration is a crucial exercise from the audit and control point of view as any lapse or inadequacy of procedures may not only lead to misleading results, but also result into several monetary and legal implications. For instance: incorrect mapping of TDS rates table may result in non-compliance of tax laws attracting punitive actions. Most banks have a process of migration audit when data migration takes place. The migration audit is generally carried out by auditors who specialise in Information Systems Audit. They may be external auditors or may be employees of the bank

Audit Process for Migration Controls

• If migration audit is carried out by external auditors their report and its compliance must be carefully examined by the auditor to see no errors remain unattended or unresolved and all recommendations have been followed.

• If migration process has been undertaken in the supervision of controlling office team the auditor must check their report and the process followed by them.

• In either case the auditor must check and comment whether Certificate of Verification of Integrity and Consistency of data migrated has been preserved on branch records.

• The auditor must also check from printed copies of reports held on branch

records whether migrated data has been verified by the branch for integrity and consistency and the procedures undertaken by the branch have been supervised and documented adequately.

• In case of inadequacy/ineffectiveness of procedures carried out, an independent Migration Audit may be recommended.

Control over Software Updates (New features).

Various changes in the software functionalities are necessitated due to changing environment such as compliance with regulatory requirements, new functionalities demanded by introduction of new products and services, changes in reporting and controls and so on. These changes in CBS environment are carried out by a process of updates or customisations in software. At the branch level, these updates mainly relate to various actions/accounting processes to be undertaken at branches and have control implications. It is essential for the branch auditors to keep themselves updated with these and to assess their impact on their audit. For example the bank may change the application of processing charges and annual review charges in loan accounts by the system at Data Centre instead of the branch. This will require a patch / update to the banking application and will have an impact on the branch audit.

Audit Process for Control over Software Updates

• The auditor must check whether list of such updates/ customisations have been maintained in chronological order at the branch.

• The auditor must also check whether these have been applied in the manner prescribed and all actions prescribed for branches have been taken, documented and controlled.

• Any adverse findings must be suitably reported.



Day-Beginning and Day–End Controls

In any computerised environment in general and in CBS environment in particular, beginning of the day and day-end process are crucial. The beginning of the day process triggers the start of a new cycle of transaction processing for a fresh day or transaction cycle. Similarly the day end processes signal the close of the transaction cycle of the day or period after which no transactions are permitted unless a new day beginning process is run. These processes are vital for safety and security of the transactions and are undertaken at branches in supervision of a designated official (System Administrator/ Computer Officer). In core banking environment if the end of the day (EOD) processes are not carried out by the SOLs by a particular cut-off time the data centre forces an automatic EOD. Various control reports are generated to ensure integrity of the transactions and also to ensure whether transactions are in conformity with the Bank’s guidelines/system of authorisations (maker-checker). These reports reveal the exceptions and anomalies encountered during the day. Some of the vital reports generated by these processes are:

a. Exception report

b. List of users

c. Access Logs

d. Rejected/Cancelled transaction entries

e. Over-limits/TOD Report

f. GL affected Balances Report

g. Report on large cash transactions/KYC, and anti money laundering checks.

These are just few illustrations and many more reports may be generated by the banks each of which might be very useful to the auditor.

Audit Process for Day-Beginning and Day–End Controls

• The auditor must obtain a comprehensive list of such reports generated by the system.

• The auditor must check whether all the mandatory reports are taken daily including on Sundays and holidays, as ATM transactions are carried out on these days also, and are scrutinised adequately.

• The auditor must check whether exceptions/ anomalies, if encountered during the day, have been duly noted and disposed of.

• Any adverse findings must be suitably reported.

Control Over Periodical/Mass-Runs (System Generated Transactions)

In CBS environment, various periodic mass transactions relating to customers, for example computation and application of interest to individual customer accounts, are run at the Data Centre. The branches are expected to verify the reports on these runs/system generated transactions for their correctness because most of the time branches are monitoring and responsible for changes in the various parameters based on which the system carries out the mass run. There can be various examples of these runs such as the application of interest, application of service charges, updation of global parameter, balancing and reconciliations and classification of inoperative accounts etc.

Though these runs are controlled centrally at the Data Centre, yet there are several reasons of failure /incorrect output of such runs. For instance, interest application run might result in incorrect/non-application of interest owing to the following reasons:

• Incorrect mapping of interest rates - for example, interest rate of housing loan to staff may be wrongly linked to interest rate of vehicle loan to staff.

• Interest rate field kept as “Zero”.

• Interest collection flag kept as “N” instead of “Y”.

• Next interest demand date not changed and kept same as date of application of interest.



• Account remained unconfirmed.

• Account wrongly marked as Past-due/”NPA”

These are just a few illustrations. There may be many more such factors resulting into errors in mass run transactions and as such the auditor need to carefully test check them for any evidence of errors and irregularities.

Audit Processes for Control Over Periodical/Mass-Runs (System Generated Transactions)

• The auditor must obtain comprehensive listing of such runs/system generated transactions, conveyed to the branch from time to time, which are being applied at the Data Centre.

• The auditor must check whether print reports of such runs/system generated transactions are taken and scrutinised by the branch for correctness

• The auditor must suitably report if discrepancies / inconsistencies are fount and if the same are not duly noted and disposed of.

• The auditor must check specifically and comment whether interest test-check has been carried out at the branch to verify the correctness and worksheets of such verification procedures have been preserved on branch records.

Specific Error prone Areas

Control Over Inter-SOL Transactions

In CBS environment, various transactions are initiated by the Service Outlets (SOLs) for other SOLs and by other SOLs for the SOL. These transactions are reconciled centrally at The Data Centre as a part of EoD (End of day) process. At the end of EoD run exception reports are generated for verification.

Audit Processes for Control Over Inter-SOL Transactions

• The auditor must check whether exception reports on such transactions

are generated and kept on record. He should also verify that the reconciliations are taken and scrutinised regularly for correctness.

• The auditor must also verify whether these transactions have been authorised by competent staff only. Any deviations may be enquired into and reported suitably.

• In case any charges are to be applied the auditor must also test check if the applicable charges have been applied and if any concessions are given they are properly authorised by competent authority.

Control Over Dummy/Temporary Parking Transactions

It is common during a normal working day that some transactions may not be verified and thus may remain to be posted to their ultimate destination. For example, an inward remittance received requires to be credited to the beneficiary account but in case of any difficulty in ascertaining the details of the beneficiary, the transaction will have to be parked temporarily to a dummy account pending final resolution and ultimate posting to the beneficiary account. There can be many more such transactions which need to be parked to dummy/temporary accounts during a normal working day. Since day end process cannot be suspended until resolution of all these transactions these transactions are posted in a pre-designated accounts referred to as Proxy/Parking Accounts. These transactions, generally, can be classified into two categories:

i) System Generated Entries: These are transactions which take place during various system runs. For example, if the data centre runs the execution of SI (Standing Instruction) on the last day of the month, it might happen that some of the SOL have been closed for the day by running EoD process for the day. Thus the entries pertaining to them may not be posted and will remain posted



in Proxy Account until they are finally passed on to the SOLs.

ii) User-Generated: These are transactions which are initiated by the user, but for any reasons may not be posted / authorised and kept in proxy/parking transactions account. For example, if a depositor has made excess payment of RD instalments (in excess of the cumulative instalments) the excess may not be posted in RD Account and be posted in Proxy/parking transactions account and reversed subsequently.

Audit Processes for Control Over Dummy/Temporary Parking Transactions

• These transactions are very important for the auditor because they are temporarily parked and may have a significant impact on any head of income/expense or asset or liability. The auditor mist carefully examine whether reports on such transactions are regularly taken as a part of day end process and are scrutinised for prompt reversal.

• If any old outstanding entries are pending for any reasons the auditor will have to closely examine the reasons for non-reversal and its likely impact on financial statements, if any.

• Pending items are also required to be suitably reported.

Control over Impersonal/Office Accounts

These are omnibus accounts which are opened by the Bank for their own operational purposes and are of impersonal nature. Sundry Credit Accounts, Sundry Deposit Accounts, Suspense Account and H.O Accounts are all examples of such accounts. All banks have prescribed detailed reporting statements as a part of annual financial statements in respect of these transactions. Proper control over accounting and the adjustments of these accounts is very important and sensitive. All of these transactions are required to be closely monitored and disposed off regularly by the management at senior levels.

Audit Processes for Control over Impersonal/Office Accounts

• The auditor must check whether these accounts have been mapped to correct GL Sub heads and entries in the accounts have been done correctly. For example, postings in sundry credit accounts and sundry deposit accounts must have been duly verified by the branches. Similarly, deposits from public and deposits from banks must have been shown correctly in appropriate GL Subheads.

• The auditor must also ensure that credit balances in loan accounts have not been shown in sundry deposit account.

• It must be checked that these transactions are regularly scrutinised by the branch for correctness and for prompt adjustment.

Advances and Foreign Exchange

Securities Master Maintenance

Generally, the credit limits are administered through security register maintenance. Value of various securities i.e. stocks, book-debts, plant and machineries and Land & Buildings etc. are updated at the branch and drawing powers are administered accordingly.

Audit Processes for Securities Master Maintenance

• The auditor must check whether values of various securities are updated promptly and drawing powers are allowed on current value of such securities.

• The auditor must also check whether periodical reports on securities master are taken and scrutinised for verification of various fields i.e. value of securities, date of inspection, insurance, date of valuation, etc.

Linking of Credit-limits

In CBS environment, in order to know the consolidated outstanding and value of assets



of a customer under various credit-limits, all limits are linked to central/common node. Thus, drawing powers are administered under various limits. Besides, in order to comply with the prudential IRAC norms, this feature plays a vital role in CBS environment for effective asset classification for adhering to prudential IRAC norms.

Audit Processes for Linking of Credit-limits

• The auditor must check whether this limit linking has been done and checked adequately for correctness and have been linked to a central/common node for arriving at drawing powers under various limits.

Income-Recognition & Asset– Classification by System

In CBS environment, periodical runs relating to income-recognition and asset classification are carried out by the system and branches are advised to verify the system classification.

Audit Processes - Income-Recognition and Asset Classification by System

• The auditor must verify whether asset classification done by the system has been verified by the branch for correctness.

• It should also be seen that any modifications in system based classification have been duly authorised adhering to the IRAC Norms.

• The auditor must check whether past–due status has been marked to all NPA accounts.

• If provisioning has also been done by the system, it must be verified that this is in accordance with the provisioning norms of RBI.

Control over Forex Business

In CBS environment, various periodical statements/returns to be submitted to RBI/ regulatory bodies are generated and extracted from the system. Banks seek these

statements/returns verified from their Internal Audit function. Some of the vital returns are:

R-Returns XOS (Outstanding export bills) State-5 (FCNR Accounts) Stat-8 (NRE Accounts) Stat-109 (RFC Accounts) BEF (Import transactions) TFD 1 (Turnover of Forex Business)

Audit Process in respect of Control over Forex Business

• The auditor must check whether these statements are scrutinised by the branch for their correctness.

• It must also be verified whether other controls have been exercised adequately, such as,

— Application of Interest on different types of Non-Resident Accounts, etc has been verified for correctness.

— Classification of accounts into inoperative accounts as per norms.

Deposits

Mapping of Accounts

It implies linking of accounts to various scheme code/tables/GL Subheads etc. For instance, linking of applicable interest rate table to SB (General), SB (Staff), SB (Pensioners). Incorrect mapping may lead not only to misleading results but may cause other consequences also.

Audit Processes for Mapping of Accounts

• The auditor must obtain print copies of verification sheets and check whether these have been verified by the branch adequately for correctness.

Auto-Renewal of Overdue Term Deposits

The CBS has a feature to permit auto renewal of most of the fixed deposits on maturity dates, if permitted by the clients.



Audit Process for Auto-Renewal of Overdue Term Deposits

• The auditor must check whether auto–renewal of overdue TDRs has been enabled and comment whether report on such effective renewals and failures and on application of interest have been taken and scrutinised by the branch for correctness.

Legal Compliances and Other Controls

TDS

TDS is applicable on various payments made to different types of depositors and other deductees as per the prevailing tax laws. The auditor need to verify that the transactions attracting TDS have been verified for correctness in terms of TDS Rules.

Audit Process for TDS Compliance

• The auditor must check whether adequate care has been taken for mid-year amendment in the TDS rate, if any.

• It should be seen whether accounts of customers submitting Form 15G/15H have been linked to correct TDS Table.

• It should also be verified whether all accounts of the customer have been linked to a customer-id for the purposes of TDS.

Compliances of Tax Laws FBT, BCTT and Service Tax

Besides TDS, various other types of taxes and levies are also collected and paid by the banks.

Audit processes for Compliances of Tax Laws FBT, BCTT and Service Tax

• The auditor must check whether eligible expenditures under FBT Laws have been debited in appropriate pre-designated account head under appropriate GL Subhead and reports generated have been verified.

• Similarly, it should be verified that adequate control over BCTT and service tax accounting has been exercised.

For instance: Care has been taken for availing credit for Input service tax correctly.

ATM Transactions and Internet Banking

ATM and Internet Banking are high technology – real time – remote transactions areas which are traditionally fraud prone. It is therefore essential to have a close look at these transactions.

Audit checks for ATM Transactions and Internet Banking

• The auditor must verify that ATM Cash has been verified periodically and ATM transactions are reconciled periodically.

• It should be checked whether adequate control over physical inventories of ATM cards has been exercised.

• There should be adequate validation procedures such as verification of data relating to customer profile i.e. Identity and address proof, nature of constitution and mode of operations etc. fed into system.

How to approach and begin audit in such environment?

The above is only an illustrative list of some of the areas requiring special attention. Besides this, a complete evaluation of logical and physical controls over information system and information assets must be understood, evaluated and reported if any inadequacy or weakness is noted. These include passwords and user managements processes, access control tables and authority based access, physical security of information assets, protection against intrusion and virus attacks, and disasters recovery programs and lots more.

The first step to carry out the audit in such environment is to understand the environment. Besides having basic knowledge of overall environment, the auditors need to acquire specific knowledge about the auditee or the unit being audited by him. This should be the first step in the beginning of the audit.



You should start your audit by discussing and understanding the environment with the System Administrator of the branch. In order to understand the actual environment of the branch and the level and compliance of various controls, interview with the System Administrator should be followed by an interview with the branch head to know and gauge the level of awareness and understanding of various controls at the highest level in the branch.

Based on these discussions, interviews and observations, the auditor should design his tests of compliance and carry out the tests using the full potential and power of the system based on the principle of exception reporting. This can be very effectively done because the system provides various kinds of exception reports and other MIS reports which will enable the auditor to pinpoint and find out the high risk areas and isolate them from a mass volume of transactions.

Documentation and Reporting

Appropriate documentation is a must providing complete details of how the auditor has assessed the internal controls and has carried out his audit. Documentation is an integral and important part and is mandatory

as per AAS also. All actions and decisions should be properly documented in writing and management explanation and representation should also be invariably obtained on critical issues.

Based on the findings and reporting requirements, the auditor can easily comply with his reporting obligations.

Reference Check List for CIS Environment

For your ready reference, I have compiled a comprehensive check list that may be used by you evaluate the CIS environment at the branch and modify your audit approach accordingly. This Check List is enclosed as Annexure A.

General Guidelines for framing audit program in CIS Environment

In addition to the area specific information included in the article hereinabove, I have also compiled some general guidelines and considerations that can be used by the auditors to appropriately frame their audit program for effectively conducting the Audit using the CIS environment. These guidelines are given in Annexure B.

I wish you all a happy, useful and effective audit experience in the CBS Environment.



Annexure A

QUESTIONNAIRE CUM CHECK LIST FOR ENSURING COMPLIANCE WITH AAS 28-AUDITING IN A COMPUTERIZED INFORMATION SYSTEMS ENVIRONMENT IN CASE OF A BANK BRANCH / BANK

Name of the bank: _____________________________________________________________

Particulars of branch: ___________________________________________________________

Period during which audit/review was carried out:____________________________________

Review carried out by:__________________________________________________________.

No Audit review carried out Findings Working paper reference

1. Understanding the CIS Environment

1.1 Software Environment

1.1.1 Please furnish an overview of the CIS environment prevalent in the bank and in particular specify the following separately: • Indicate separately each software application used by the bank/branch at any time during the year under review • If core banking solutions are used along with separate ATMs, Internet banking or other software applications indicate each of the software used and their respective functional areas. • Indicate the period for which each of the software is being used. • If different versions of the software were used by the bank/branch during the year, furnish details for each item of such software and the period for which a particular version was used. • If no such details are available at the branch, please mention where such details are maintained by the bank and from where the same can be obtained. Please also mention as to how and by whom the application software used by the branch are installed and maintained and whether the branch has any control over the same.

1.1.2 User manuals/ help documents: • Are user manuals / help documents available for each of the application software at bank/branch? • Are they current and up-to-date? Indicate the date of last revision of the important help documents/ user manuals. • Are user manuals / documents available in soft copy or hard copy? If soft copy documents are available please furnish a copy of the same.



1.1.3 Problem Resolution / Trouble Shooting · Is any problem resolution mechanism in place with regard to problems faced by the branch in Application Software? · Please describe the trouble shooting mechanism/ routine to be followed by branch in case of any difficulty in any application software. · Is the branch maintaining any record / log of the software / applications issues raised and resolved / not resolved so far? If yes please provide a listing/ copy of the issues raised by the branch during the year and their resolution or in case the issue(s) remains unresolved – the reason why the same has not been resolved so far.

1.1.4 Manual Transactions · Are there any areas/activities/transactions/ instruments which are handled manually or outside the system? · If yes, how is each such item handled? · How each of the manual transaction incorporated in the system and the frequency of the same. · What is the frequency of reconciliation of the manual records with the system? What is the last date on which such reconciliation – if any, has been done?

1.2 Hardware Environment

1.2.1 Please furnish an overview of the hardware environment available with the bank/branch. In particular please furnish the following details: · The no of application servers / back up servers etc installed and their location. · No of client nodes / workstations installed at the branch. · Typical hardware configuration of each of these systems (need only be provided with reference to a particular class of system and not for each of the individual system). · How many network devices such as routers/ switches/hubs are deployed? Please list out the capacity and location of each such device along with measures taken to prevent unauthorised access to each device. · The date from which each of the above items is being used. · How many ATMs, if any, are under control of the branch? Provide a list of all such installations with




location of each of them. · Has any system independent access to outside connectivity – such as removable media / internet access etc? If yes list out such system together with the control over use of such features to prevent unauthorised use / and prevent any spyware, malware or virus risk. · What controls are exercised over removable hard disk, flash drives, CDs and DVDs, floppy disks or any other removable media used by branch, if any? · Does the branch have any backup / ups support in case of power failures?

1.2.2 Vendor Support System · Details of the relevant manufacturers, warranty available, annual maintenance contract etc. for each of the hardware. · Is the branch having a list/record of each of the hardware vendor / support provider along with details of key contacts / contacts in case of emergency? If yes, please provide a copy thereof. · Are support incidents / visits of support staff logged / documented / monitored? Please provide the details of the no of visits made and key hardware issues faced by the branch during the year and how the same were resolved? · Are all hardware, equipments and network under maintenance contracts? Are they being serviced and maintained regularly? · Is any of the support agency appointed by the branch? What is the mechanism for appointment and regulation of such contracts? · Are all support contracts in force as on date or has any of them become overdue for renewal? If any key support contract is not renewed in time – the reasons thereof may be mentioned.

1.3 Network and Connectivity

1.3.1 Type of Network and network layout · What kind of network connectivity is used by the branch? (For example leased lines, public network like PSTN, Satellite / wireless connectivity etc). · What is the networking system (IP based system or Novell Netware or any other networking system) used by branch?




· Are network maps / diagrams / layouts available with the branch for the branch installations? If yes furnish a copy of the same. · What is the procedure to add any new node/ workstation/installation to the network? Who authorises / executes / monitors the same?

1.3.2 Network Availability · What steps are taken to ensure that the system and the connectivity are available at all the time of operations? · Has the network connectivity link built in redundancy (For example more than one network connectivity routes are used simultaneously or an alternative connectivity route is available in case of need or switched automatically if one route fails). · Has the branch experienced any blackouts (periods when connectivity with central servers was lost) or grey outs (periods of slow connectivity) during the year? Whether such incidents are documented or logged? If yes, please provide the number of incidents and duration thereof in each case. · What is the fall back mechanism in the branch? a) In case of black out b) In case of grey out

1.3.3 Network Access Control · What is the control over access to network availability? (For example: user id or password based or always on connectivity or any other mechanism). · How unauthorized access to network connectivity is prevented? · In case user id and password access controls are in place whether default passwords and ids have been changed? How network passwords and user id allocation is controlled? · If always on network connectivity is available how unauthorized access to network is prevented? (For example firewall implementation, encryption, digital id based authentication etc.)

1.3.4 Network Security · What measures are put in place to prevent unauthorised access / manipulation of data while passing through network channels?




· What security measures are put in place to prevent network attacks such as virus attack / malware / Denial of Service / Phishing attacks and other kinds of network attacks? · What kind of protection is provided to ensure that Virus, Spyware, Adware, Malware, Trojans etc are not present in the network? · Whether any kind of firewall implementation is in place? If yes who maintains and reviews the same? · What data encryption / security measures are in place to ensure secure, smooth, uninterrupted and quick data flow through the network channels? · Perimeter security - How is the bank’s network infrastructure and server infrastructure protected? Has anyone tested the routers, firewall, gateway, bridge configuration parameters? Has anyone done a penetration and intrusion testing on these? What are the results? · Were there any reported cases of hacking and or compromise of any kind of the computer systems during the year? If so, please furnish details.

1.4 IT Administration

1.4.1 Authority structure of the I.T. Infrastructure: · Whether specific branch officers/employees are entrusted with specific I.T. related functions and duties? · If yes, provide the names, designations and the details of the duties entrusted to each one of them. · How many persons are deployed by the branch in-house for I.T. Infrastructure / network maintenance / connectivity and other related activities? · Are documented procedures / instructions / manuals / guidelines available with the branch for IT related tasks to be carried out by the branch?

1.4.2 System Administration and Business Application Administration Tasks · What is the name and designation of the system administrator of the branch I.T. Infrastructure? (i.e. the person overall having authority and responsibility for maintenance and running of all I.T. Infrastructure of the branch). · What is the name and designation of the banking application administration of the branch? (i.e. the person who is having authority and




responsibility for business decision controls and other banking activity related controls in the system). · Are the system administration and business application administration task performed by the same person? · How are administrator’s details managed? How are the details managed when a system or business application administrator is on leave?

1.5 Data Migration

· Did the bank migrate from an earlier legacy system to the current system during the year? If so, furnish details of the old software, and date of migration. · Who actually carried out the Data Migration (Branch official / Data Centre /IT department / Outside Agency or any combination of the above). · Whether Data migration was done manually or through application utilities? If through application utilities, have these utilities been tested to ensure correctness of the data migration process and accuracy of data. · Whether a pre migration / post migration review/ audit carried out? · Who carried out the pre-migration/post-migration review / audit? (for example in-house or IT Department/Data Centre employees / Outside experts/Agency). · Has anyone reviewed the pre and post migration reports to ensure consistency and integrity of data migrated to new system? · If any data was not available in earlier legacy system, explain the process by which they were collected and input into the new system. · Was there a parallel run before which the new system went live? · What are the issues and problems unresolved as per post migration review / audit / still pending in the post live environment? Please also furnish reasons of pendency in such matters.

1.6 Previous Audit Observations

1.6.1 Information Systems Audit · Has the bank carried out any IS audit during the year?




· If yes by whom? Independent outside auditors or in house audit by IT department? · What is the scope of the review, the period covered, and the frequency of such audit? · What are the salient observations and the corrective actions taken by the bank as a result thereof? · Please summarise any pending observations and the reason for non compliance. · Please provide a copy of the last IS Audit Report.

1.6.2 Comments of statutory auditors/internal inspectors/ concurrent auditors/RBI inspectors regarding information infrastructure: · Are there any observation relating to IT and IT infrastructure by any of the other auditors of the bank any time during the previous year or before? · What are the steps taken by the bank to ensure compliance with the audit observations? · Are there any pending comments not yet complied with? If so reasons thereof. · Please provide a copy of all reports where there are any such material comments

2. Application Software Access and Authentication Controls (This should be reviewed separately for each application software)

2.1 Authentication Controls

2.1.1 Users ids · When a new user is created in the system, by whom the user id is generated? · Are the user details encrypted in the database · How many employees are there in the branch? Does each one of them have a separate user id or any one of them is using any group Id? · Please provide a list of employees mapped to individual user ids. · Are there any inactive user ids? · How many total active/inactive user ids are in use in the branch database? Please provide a reconciliation of total no of user active ids, total number of active employees, total no of temporarily inactive ids and total number of temporarily inactive employees. · Does the data base still contain user ids of employees who are no more with the branch (death/retirement/transfer/termination or for




any other reason)? How user records of those who have quit or transferred are handled in the application? · How frequently and by whom the user ids are reviewed and reconciled with the actual number of employees working in the branch. · How are temporary users handled in the system? How such ids are monitored and deactivated as soon as there is no further need of such id? · How vendors/visitors from other branches (e.g. head office) are provided access to the application / network?

2.1.2 Passwords · When a new user is created in the system, by whom the default password is generated? · Is the user forced to changed the system generated password / first password on first login? · How is the password generated communicated to the end-user? · What is the minimum and maximum length of passwords? Are they case sensitive? Are users forced to use alphanumeric/ special characters in the passwords? · Can user names and passwords be the same? · How are passwords transferred in the application to the database? · Is there a password policy; If so, are users aware of the same? · Can passwords be reused, if so at what frequency? · Are number of changes to password in a day restricted? · Are one-way hashes or any other encryption used to store and compare the passwords? · Are entered passwords decrypted to be compared with the one stored in the database? · How is password loss handled?

2.1.3 Super user / Administrative User Ids and Passwords · How many Administrative / Super user ids are being used in the branch presently? · Provide a list of employees who are provided super user rights / administrative rights along with their ids and the authority attached / special powers given to each super user/ administrative id. · By whom a super user /admin id is created and by whom the default password is generated?




· What control is exercised for preventing unauthorised creation / use of such ids? · How are the ids / passwords communicated to such users? Are there any additional checks in addition to the ones in use for normal ids? · Are any super user ids/admin ids and corresponding passwords created and stored for emergency use / operations? If yes describe the controls thereon to prevent misuse thereof.

2.1.4 Session Control · Does the system lock out users on ‘x’ number of login attempts? If so, how is the same controlled by the Application administrator? · Is the session expiry time and other authentication related parameters configurable? · Are failed login attempts logged? · Is the previous login information flashed on login? · Does it show the duration of the session? · Is remote access to applications provided? If so, how are security issues are handled? · If remote access is provided, are there any secure communication channel established?

2.2 Access Control

2.2.1 Access Rights and user Authorisation Matrix · Does the system grant and regulate the access on “Need to know Basis”? · Are access rights defined on the basis of per user or per group or a combination of both? · How and by whom are user groups maintained? · How read/write /view /copy/print /modify/ change /delete or any such type of access given to a module to any person? · Does the system allow auto authorisation? · Provide a matrix setting out the authorisation limits for accessing each module (data entry, verify, cancel, reverse, view etc.). · Is application access logged? How often this log is reviewed for any intrusions?

2.2.2 Maker Checker / End Of Day(EOD)-Beginning Of Day (BOD) /Holiday and Non Working hour access · Is there a maker-checker process in place? If so, set out details · How is maker-checker met when the assigned checker is not available?




· Can software applications be accessed during holidays and non-working hours? Is such access logged and reviewed? If yes how frequently and by whom? Provide a test log of such access and its review. · Are there any EOD and BOD operations? · Who authorises and initiates EOD/BOD operations? · Can a transaction be input after the EOD and before BOD? · Please provide a list of all reports generated and controls exercised at the time of EOD and BOD respectively listing out details of all major activities carried out during EOD and BOD. · How are failures in EOD/BOD handled? · Are there multiple resources authorised to run the EOD/BOD?

3 Data Security and Data Integrity

3.1 Database Security · What is the security provided to the database? · Is there a separate database administrator at the Branch? If yes, please provide his name and nature of authority enjoyed. · How does the application access the database? · Can users access the database using any other utility or directly? If yes, by whom such access is authorised and monitored? · Is a log created / maintained of the person accessing the same and date/time / location from where such access using outside utility was granted and the records accessed / modified/viewed/ changed by the user?

3.2 Data Integrity · Are there any back-end changes made in applications and or Databases? · Are back end changes resorted to only occasionally with adequate reasons or are there a number of them (This may indicate a larger problem with system / database stability and integrity)? · Is there a record of changes made, date of change, person who authorised the same, person who made the change, table readings before and after the change? · What are the available documents /logs in this respect? Whether the same have been reviewed? If yes, by whom and how frequently?




· How is transmission of sensitive information handled in the systems? · Are any standard encryption algorithms used for the same? · Are all user activities logged?

4 Parameter Controls, Audit Logs and Exception Reports

4.1 Parameter Controls · Are all changes to master information captured and logged in the system? · Have any one reviewed changes to master information carried out during the year and are you satisfied that they are in order? · Have you verified all changes to interest / tax masters / income parameters with reference to circulars received from central office along with the date of their validity? · Please provide sample listing of parameter changes control reports generated if any.

4.2 Audit Logs· Please set out briefly all audit logs available in the system. · In what form the audit logs are maintained? (Hard copy/system files/text reports stored in system or any other format). · Who has access to Audit Logs? · Have such logs been generated and reviewed periodically? If yes by whom and how frequently? · Are there any special utilities required or used to access the audit logs? If yes who controls access to such utilities?

4.3 Exception Reports · Furnish a list of all Exception Reports generated by the system. · List out separately the title of each exception report / the purpose for which such report is generated / by whom generated/ frequency of generation / by whom reviewed and frequency of review. · Have the prescribed exception reports generated / monitored / reviewed periodically? · List out the major discrepancies noted on perusal of such exception reports any time during the year and how the same have been resolved?




5 Accounting Entries

· Please provide a summary of all system generated entries in the following format: a) Accounting Head b) Nature of entry c) Frequency of Passing d) Whether initiated at Branch / Data Centre? e) Whether any report of such entries generated / Printed/ stored? f) Whether the correctness of entries is reviewed independently with reference to source data? If yes by whom and when? · Is there a system in place to review the accounting entries passed by the system to ensure their correctness? · Are there any value or back dated entries and what is the mechanism to control the same? · Is there a record of all value or back dated entries? · Can value or back dated entries be passed for a closed accounting period? · Is it possible to reconcile balances in accounts prior to and post passing of value or back dated entries? (Note: The auditor must take a sample of entries passed by the system and verify its calculations and correctness (particularly calculations of interest/fees paid or charged etc. While selecting sample of accounts to be verified, please ensure that all types of loan and deposit accounts are covered- fixed deposits, FCNR, NRE, RFC, recurring deposits, cumulative deposits, term loans, term loans where repayments are made by EMI, cash credit, PC, PCFC, bills, foreign bills, LCs, bank guarantees etc. Sample must cover cases where payment of interest/ instalment, receipt of stock statements etc are delayed. Document the same. In case an audit of treasury is involved, all calculations of profit/loss on sale of securities, pay outs on derivatives etc are to be test verified. )

6. Reconciliation of ATM balances, Control and Subsidiary Accounts and Dummy, Omnibus or Temporary parking Accounting heads

· Have there been instances where cash as per ATM did not match with books? If so, furnish full details. · Are all control accounts and subsidiary ledgers compared and reconciled? If yes, by whom and the frequency thereof.




· Please furnish a list of all unreconciled control and subsidiary accounts along with the balances outstanding as per Control Account and Subsidiary Account and the reason for no reconciliation. · Are there any instances of the same data as per different sets of reports being different and inconsistent? · List out all dummy, omnibus or temporary parking accounting heads used in the system along with the breakup of their balances and the date of ultimate clearance of the same. · Are there any long outstanding entries pending in such accounts? If yes provide a summary of number of entries and total amount involved separately for each account head. · Are there any unprocessed transactions outstanding as at the year end? If so give details and how are they proposed to be handled? · Are there any manual transactions outside the main application which need to be incorporated? If yes whether the same have been appropriately accounted for and reconciled. Please provide a summary of all such ledger heads where manual transactions are incorporated – giving the breakup of no of entries and the total amount involved under each such head.

7. Complaints / Frauds due to Malfunction of Computer Systems

· Have there been complaints from customers regarding wrong balances/transactions in their accounts? If so, please furnish details of each of them. · Have any frauds or irregularities been detected due to malfunction of the computer systems?

8. Documentation

· Is all information in electronic form properly indexed, labelled and maintained in a readily retrievable form?

The Following areas are by and large applicable to the Data Centre Audit and the Head Office or the Central Office of the Banks but may be examined at the branch level also to the extent applicable

9. Backups, Business Continuity and Disaster Recovery Plans

9.1 Back Up and handling of contingencies · What are the backup procedures that are in place? · Where the backups are stored, what is the backup media used and what is the frequency of recycling the backup media?




· Are periodic readability tests performed on the backup media and are logs of the same maintained? · What are the service level agreements with vendors and the Information System Department of the bank for uptime of applications? · Are vital and statutory documents printed regularly or backed-up electronically? · Are databases mirrored? · In case of server crashes, what is the contingency plan in place? · Was there any crash in the computer system during the year? If so, how were the application software and data base restored? · Were any consistency checks made before restoring the application software and data base?

9.2 Business Continuity Plan (BCP) and Disaster Recovery(DR) · Is there a BCP in place for the bank/branch? · Is there a periodic review of the BCP related activities?· Is there a documented DR plan in place? Is a copy of the same available at the branch? · Where is the DR site located? Is it in the same building / site /city where the main Data Centre is located or geographically different location? · How is the live production environment replicated on a DR site? · Is this tested regularly? · Is this facility manned? · What kind of security process is implemented in a DR site? · What kind of communication links are provided at the DR site? · How is the switch over from the live site to DR site planned? Has this been tested? How often is this tested? Are these tests documented? · Are there any teams responsible for BCP and DR activities? · Has any mock drill carried out any time to test the DR plan?

10. Application Development, Testing, Deployment and Modification Controls

· Is there a process in place to carry out a formal testing of all new software/versions of the same before being incorporated into the production environment? · Has the bank reviewed the test cases comprising of the expected results and the results generated from the new system to ensure their




accuracy and consistency? · Are the test and production environment clearly segregated and demarcated? · Were formal signoffs issued for each item of new software/version? · Are there any known bugs in the software/ functionality? If yes how are these controlled so that the integrity of the application and databases is not compromised by these bugs? · Are there any documented procedures for change requests, change management, release to test area from development and release to production area from test environment? · What change requests are pending completions from the software vendor? Do any of these reveal any bugs or deficiencies in the application software? · How are adjustments/corrections, if any, handled in the applications? · Does the testing area application is in sync with the production area (which includes the application software, any middleware, database objects, reports etc)? · Is the bank/branch maintaining an inventory and control over use/deployment of all software (including general purpose software, office suites utilities and other tools used by the bank / branch)? · Are all software (including general purpose software, office suites utilities and other tools used by the bank / branch) licensed? How is this monitored? Are there any documents / database to monitor licenses? How is software license usage audited? · How and what is the process of ensuring latest database and application files are updated on all servers, desktops, laptops? Are these being monitored?

11. IT Policies and Infrastructure at the Bank

11.1 IT Policies and RDBMS Security · What is the Access Matrix Policy followed? Is there a defined Access matrix / Policy? · On what basis are roles organised in the RDBMS from a security perspective? · How are users groups maintained and ensured not part of sensitive groups like root, system etc. · Who creates the user accounts and assigns folder access rights in the main database of the Bank? · Is there a User Id creation Policy / guideline in place? Is it documented? Is it communicated to all branches / offices/ organs of the bank? How is




the same administered and monitored? · Are there any guidelines on users from the computer policy and planning department (CPPD) or any such department of your bank? If yes please furnish a copy of the same. · Is there a centralised password policy if so what is it? Has it been communicated to all branches / organs of the bank? How the same is administered and monitored? · Is there a policy in place to handle vendors/visitors from other branches (e.g. head office)/support staff / public interfaces for providing access to the resources of the bank and its network? Is it documented? Is it communicated to all branches / offices/ organs of the bank? How is the same administered and monitored? · Have Default passwords of RDBMS, Application Software, Operating systems, Networking Software and Network Routes been changed? · How are the RDBMS and Server Space monitored and administered to prevent crashes and ensure business continuity? · Are any system administration utilities used? How the deployment and use of the same monitored? · Is there a centralised backup policy in place? How often are the application and the database backed up Is it daily incremental or daily full? How is the back policy deployed, monitored and administered? Are back up logs maintained, monitored, and reviewed? · Is there a policy in place for storage/retention and destruction of backup media? How is backup media life monitored / tested? Are there any logs for creation / destruction of backup media? · Is there a policy in place for recruitment, training, deployment, and movement of all human resources required for IT infrastructure of the bank? Are roles and responsibilities clearly defined and monitored? What precautions are in place to prevent / handling Social Engineering Attacks? · What is the infrastructure and mechanism to continuously train and empower the end users on using the application software and IT infrastructure of the Bank? How is it implemented and monitored? How often is the same reviewed? How are users trained on new modules/enhancements? · Is there a centralised Help Desk for end users?




Is there any framework for classifying, redressing and monitoring all user requests/complaints/queries etc within a time bound schedule? · Is there a DATA MIGRATION POLICY? Are any procedures in place in case of switch over of branches/offices from legacy systems to Core Banking? How is the same implemented, deployed and monitored across the network of banks offices and branches?

11.2 Network Security and Hardware Policies · Is there a Network Security Policy in place? · What security measures are put in place to prevent network attacks such as virus attack / malware / Denial of Service / Phishing attacks and other kinds of network attacks? · What kind of protection is provided to ensure that Virus, Spyware, Adware, Malware, Trojans etc are not present in the network across the entire IT Infrastructure? · What measures are in place for Perimeter security? How is the bank’s network infrastructure and server infrastructure protected? Is there a process to periodically test the routers, firewalls, gateway, and bridges configuration parameters? Is there a process to do periodical penetration and intrusion testing on IT infrastructure of the Bank? Have the results been monitored and loopholes, if any effectively plugged in?? · Were there any reported cases of hacking and or compromise of any kind of the computer systems during the year? If so, please furnish details. · Is there a Hardware Procurement / deployment / replacement policy in place? How the bank ensures that all hardware equipments, network are under appropriate working condition and are maintained, upgraded and replaced as per their expected lifecycle? · What steps are taken by the bank to continuously educate and create awareness of IT enabled banking amongst end users? What steps are taken to prevent IT related frauds?




Annexure BThe following general guidelines can be used by the auditors to appropriately frame their audit program for effectively conducting the audit using the CIS environment.

1. Identification of transactions for substantive checking

· Use the data available in the computer system to identify large transactions; select a sample, transactions which are outside the mean value by a significant percentage may be specifically examined. · Use of CAATs, and generalised audit software and utilities can be done depending upon the requirements and cost effectiveness. For example, the data base can be down loaded into excel , which could then be sorted, arranged in ascending/descending order to facilitate identification of transactions which are large or outside the mean value by a significant percentage. · In a like manner, the targeted sample can be drawn from the data base across all types of operational areas and can be independently verified using Audit tools. · Verify all important changes made in the Parameters and verify whether the same are authenticated at appropriate user levels and are cross checked. · Verify that charges calculated manually for accounts when function is not regulated through parameters are properly accounted for and authorised. · The maker cannot be the checker of the transaction. This is a very important basic premise of the control framework in the banking industry in particular. Obtain a list and verify all important transactions which are created and authorised by the same persons.

2. Use of reports generated by system

· Before relying on any report generated by the system, carry out independent validation checks (including manual verifications if required) to ensure that the same is complete and correct. · This could be done by identifying a sample of transactions, validating them with the base records in the system and cross checking the results arrived at by the system. · Do not take all reports which are generated by the system at its face value. There may be bugs or deficiencies in the report generated or there may be interventions by the bank staff while generating the report (by down loading data to excel or any



other software and making corrections to certain fields before they are handed over for audit). · The Exception Reports generated by the System are important and integral part of Controls in CIS environments. A careful and selective perusal of the same can reveal a lot about the state of health and accuracy of transactions and discrepancies noted from time to time. This can help in substantially reducing the substantive checks to be performed. · Exception reports are the major audit tool. Anything that is not allowed in the normal course of business is reflected in the exceptional reports. The auditor can for example verify exceptional transactions report where details of dishonoured cheques, large withdrawals, overdrawn accounts etc. are recorded to ensure that they are being authorised and verified on a daily basis by the branch officials. · A number of Exception Reports cover crucial information on which the auditor would like to focus. The following is an Illustrative list (by no means exhaustive as it varies from software to software and bank to bank) of Exception Reports generally generated which the auditor may find useful. a) Debit /Credit balance change b) Maturity record deleted c) Inactive accounts reactivated d) Excess allowed over limit e) Debits to Income head accounts f) Overdue bills and bills returned g) Withdrawal against clearings h) Deposits accounts debit balance i) Temporary O/D beyond sanction limit j) Standing instruction failed in day · Operations in inoperative / dormant accounts needs special mention as often these accounts are used in perpetration and hiding of frauds and tracks of the fraudsters. Intelligent use of exception reports can help the auditor in identifying quickly all such transactions and examining them for appropriateness and authentication.

AA



NOTES


Audit of FOREX transactions at Bank Branches

I Introduction Audit of foreign exchange transactions is an important component of statutory bank audit. Forex transactions, if not monitored properly, may lead to drainage of the scarce forex reserves of a country which will have a direct impact on the economy. In India, Reserve Bank of India has the direct responsibility to regulate the inflows and outflows of foreign exchange through proper legislations. Foreign Exchange Management Act, 1999, being the most important legislation in this respect, was introduced in our country for the purpose of facilitating external trade and payment and for promoting the orderly development and management of foreign exchange market in India. In addition, there are multiple laws, guidelines, policies, rules and notifications in regards to the foreign exchange operations in bank. Therefore, it is expected of an auditor to be well informed on the various forex regulations and procedures before commencing an audit.. This paper attempts to capsulate the various facets of a Fx operations in a bank branch.

II Types of Fx Transactions Normally, forex audit covers the following broad areas:—

• Accounts of Non-Residents and Foreign Exchange Accounts of Residents

• Trade Services, which further encompass:—

Export transactions

(1) Fund based facilities

(2) Pre and Post shipment Finance

(3) Non Fund based facilities

(4) Export Guarantees

Import transactions

(1) Non Fund based facilities

(2) Issuing Letters of Credit, Guarantees and Standby Credits – arranging for trade credits and external commercial borrowings.

(3) Handling Import collections

Remittances

• Inward remittances

• Outward remittances

Dealing/Treasury operations this activity is usually carried out as a centralised function at the corporate office. Most of the banks in India have integrated treasuries which conduct dealing operations. The central statutory auditor covers these operations.

III Permissible Foreign Currency Deposit Accounts by Non-Resident

Various facilities are available in India to persons of Indian Nationality or Indian origin living abroad (NRIs) and overseas corporate bodies (OCBs) predominantly owned by such persons. The facility includes maintenance of bank accounts and investment in shares and securities, business, investment in immoveable properties, etc. Basically there are the following three types of accounts that can be maintained by non-residents:

• Foreign Currency (Non-Resident) Account (Banks) Scheme (FCNR(B) Account)

• Non-Resident (External) Rupee Account Scheme (NRE Account)

• Non-Resident Ordinary Rupee Account Scheme (NRO Account)


CA. Ashutosh Pednekar



The features of these accounts are given below:

Features of various Deposit Schemes available to Non-Resident Indians (NRIs)

Particulars Foreign Currency Non-Resident Non-Resident (Non-Resident) (External) Rupee Ordinary Rupee Account (Banks) Account Scheme Account Scheme (FCNR(B) (NRE Account) Scheme (NRO Account) Account)

(1) (2) (3) (4)

Who can NRIs (individuals/entities NRIs (individuals/ Any person open an of Bangladesh/Pakistan entities of Bangladesh/ resident outside account nationality/ownership require Pakistan nationality/ India (other than prior approval of RBI) ownership require prior a person resident approval of RBI) in Nepal and Bhutan). (individuals/ entities of Bangladesh/ Pakistan nationality/ ownership as well as erstwhile OCBs require prior approval of RBI)

Joint In the names of two or In the names of two or May be held account more non-resident more non-resident jointly with individuals individuals residents

Nomination Permitted Permitted Permitted

Currency in Pound Sterling, US Dollar, Indian Rupees Indian Rupees which Japanese Yen, Euro, account is Canadian Dollar and denominated Australian Dollar

Repatriable Repatriable Repatriable Not repatriable except for the following in the account — 1) current income 2) up to USD 1 million per financial year (April-March), for any bonafide purpose out of the balances in the account/



sale proceeds of assets in India acquired by way of inheritance/ legacy inclusive of assets acquired out of settlement subject to certain conditions

Type of Term Deposit only Savings, Current, Savings, Current, Account Recurring, Fixed Deposit Recurring, Fixed Deposit

Period for For terms not less than At the discretion of the As applicable to fixed 1 year and not more than bank resident accounts deposits 5 years

Rate of Subject to cap : Subject to cap : Banks are free to Interest LIBOR/SWAP rates minus Fixed Deposits : determine interest 75 basis points for the LIBOR/SWAP rates, rates for term respective currency/ as on the last working deposits corresponding maturities. day of the previous month, for US Dollar of corresponding maturities with effect from close of business on April 24, 2007. Savings Bank Account Interest rate shall be at the rate applicable to domestic savings account with effect from close of business in India on 17-11-2005

Operations Operations on the Operations on the Operations on by account in terms of account in terms of the account in Power of Power of Attorney is Power of Attorney is terms of Power of Attorney restricted to withdrawals restricted to Attorney is in favour of for permissible local withdrawals for restricted to a resident payments or remittance permissible local withdrawals for by the to the account holder payments or permissible local non- himself through normal remittance to the payments or resident banking channels account holder remittance to the account himself through account holder holder normal banking himself through channels normal banking channels

(1) (2) (3) (4)



Loansa. In India i) to the Permitted up to Permitted up to Permitted Account ` 20 lakhs ` 20 lakhs holder ii) to Third Permitted up to Permitted up to Permitted Parties ` 20 lakhs ` 20 lakhs

b. Abroad

i) to the Permitted Permitted Not Permitted Account holder

ii) to Third Permitted Permitted Not Permitted Parties

c. Foreign Currency Loans in India

i) to the Permitted up to Not Permitted Not Permitted Account ` 20 lakhs holder

ii) to Third Not Permitted Not Permitted Not Permitted Parties

Purpose of i) Personal purposes or for i) Personal purposes or Personal requirementLoan carrying on business for carrying on and/ or business activities business activities purpose

a. In India

i) to the ii) Direct investment in ii) Direct investment in Account India on non-repatriation India on non- holder basis by way of repatriation basis by contribution to the capital way of contribution of Indian firms/ to the capital of Indian companies firms/companies

iii) Acquisition of flat/ iii) Acquisition of flat/ house in India for his house in India for own residential use his own residential use

(1) (2) (3) (4)



ii) to Third Fund based and/or Fund based and/ Personal Party non-fund based facilities for or non-fund based requirement and/ personal purposes or for facilities for personal or business carrying on business purposes or for carrying purpose activities on business activities

b. Abroad

To the Fund based and/or Fund based and/or Not permitted account non-fund based facilities non-fund based facilities holder and for bonafide purposes for bonafide purposes Third Party

(1) (2) (3) (4)

IV Audit of Non Resident Accounts It is pertinent that the KYC procedures

adopted by a bank are robust, particularly in case of non-resident accounts. An Auditor needs to verify that while opening the accounts branch has confirmed the Non-Resident status of the account holders. These include but are not limited to verification of validity of passport, visa, and purpose of stay abroad and wherever necessary proper introduction is obtained.

The fact that the source of remittance is from abroad is also to be verified. It is also necessary that the remittance is from freely convertible currencies. An exception is given in case of NRO Accounts where existing resident account are converted to NRO status.

An auditor needs to conduct substantive verification to assess that whenever there is transfer of fund from one NRE account to another NRE account, there is a certificate as to NRE status of funds from paying bank. In respect of old accounts an auditor needs to verify whether necessary steps are taken to review the non-resident status of the account holder.

Operations in the account either debit or credit are to be allowed only as per the instructions contained in Exchange Control Manual and transactions are reported to RBI wherever required. The

Auditor has to conduct procedures to verify that the Bank is adhering with such regulatory requirements.

It is expected that the bank has an effective system to record the residential status of the NRI depositor periodically, say once in every six months through letters or by any other communication.

V Permissible Foreign Currency Deposit Accounts by Residents

Persons resident in India are permitted to maintain foreign currency accounts in India under the following three Schemes:

• Exchange Earner’s ForeignCurrency Account :-

• Resident Foreign CurrencyAccount

• Resident Foreign Currency(Domestic) Account

5.1 Exchange Earners Foreign Currency Accounts

All categories of resident foreign exchange earners can credit up to 100 per cent of their foreign exchange earnings, as specified in the paragraph 1(A) of the Schedule to Notification No.FEMA.10/2000-RB dated 3rd May, 2000 and as amended from time to time, to their EEFC Account with an authorised dealer in India. Funds held in EEFC account can be utilised for all permissible current account transactions



and also for approved capital account transactions as specified by the extant Rules/Regulations/Notifications/Directives issued by the Government/RBI from time to time. EEFC account holders can now maintain outstanding balances to the extent of USD 1 million in the form of term deposits up to one year maturing on or before 31st October, 2008. Banks are free to determine the rate of interest. .

5.2 Resident Foreign Currency Accounts: Returning Indians, i.e., those Indians,

who were non-residents earlier, and are returning now for permanent stay in India, are permitted to open, hold and maintain with an authorised dealer in India a Resident Foreign Currency (RFC) Account to keep their foreign currency assets. Assets held outside India at the time of return can be credited to such accounts. The foreign exchange (i) received or acquired as gift or inheritance from a person referred to sub-section (4) of section 6 of FEMA, 1999 or (ii) referred to in clause (c) of section 9 of the Act or acquired as gift or inheritance therefrom or (iii) received as the proceeds of life insurance policy claims/maturity/surrender values settled in foreign currency from an insurance company in India permitted to undertake life insurance business by the Insurance

Regulatory and Development Authority may also be credited to this account.

The funds in RFC account are free from all restrictions regarding utilisation of foreign currency balances including any restriction on investment outside India.

5.3 Resident Foreign Currency (Domestic) Account

A person resident in India can open, hold and maintain with an authorized dealer in India, a Resident Foreign Currency (Domestic) Account, out of foreign exchange acquired in the form of currency notes, Bank notes and travellers cheques from any of the sources like, payment for services rendered abroad, as honorarium, gift, services rendered or in settlement of any lawful obligation from any person not resident in India. The account may also be credited with/opened out of foreign exchange earned like proceeds of export of goods and/or services, royalty, honorarium, etc., and/or gifts received from close relatives (as defined in the Companies Act) and repatriated to India through normal banking channels. The account shall be maintained in the form of Current Account and shall not bear any interest. There is no ceiling on the balances in the account.

Features of various foreign currency deposit schemes available to Resident Indians

Particulars ResidentForeign ResidentForeign ExchangeEarner’s Currency Account Currency (Domestic) Foreign Currency (RFC Account) Account (RFC(D) Account (EEFC Account) Account)

Who can Any person resident Resident Individuals Any person resident inopen an in India Indiaaccount

Sources of 1. Foreign exchange Foreign exchange A 100% ExportFunds received as pension/ acquired : Oriented Unit or a unit superannuation/other 1. while on a visit in (a) Export benefits from abroad processing Zone or employer abroad 2. from any person (b) Software



2. Reaslisation of assets on visit to India Technology park or (c) held abroad or honorarium or Electronic Hardware 3. Foreign exchange gift or for services technology park may acquired as gift or or settlement of Credit up to 100% and inheritance from any lawful any other person person who was NRI obligation resident may credit 3. by way of up to 50% of their honorarium or gift foreign exchange while on a visit earnings.(d) abroad Professional like 4. representing unspent scientists, professors foreign exchange of Indian Universities, acquired during economists, lawyers, travel abroad doctors, artists, 5. as gift from a close architects, engineers, relative consultants, Cost/ 6. by way of earning Chartered Accountants, through export of Directors of Boards of goods/services or as overseas companies, royalty honorarium etc. who render or by any other services in their lawful means. individual capacities 7. representing the outside India, may disinvestment credit up to 100% of proceeds received their earnings by the resident a/c holder on conversion of shares held by him to ADRs/GDRs under the sponsored ADR/GDR scheme approved by the FIPB of Govt. of India

Joint Not permitted Not permitted Not permittedaccount of two or more residents

Joint account Not permitted Not permitted Not permittedwith NRI

Types of Savings Current Account Current Accountaccount Current Fixed Deposit




Period for Like any resident N.A. N.A.fixed accounts banks may deposits fix the period

Rate of The banks are free to No interest is No interest is payable.interest determine interest rates payable

End Use No restrictions, including For permissible For bonafide purposes investments overseas current and capital as per Notification No. account transactions FEMA 10/2000-RB dt. 3-5-2000

Loans & Foreign currency loans Not permitted Not permittedOverdrafts permittedIn India


VI Export transactions Export trade is regulated by the

Directorate General of Foreign Trade (DGFT) and its regional offices, functioning under the Ministry of Commerce and Industries, Department of Commerce, Government of India. Policies and procedures required to be followed for exports from India are announced by the DGF. Export of Goods and Services from India is allowed in terms of clause (a) of sub-section (1) and sub-section (3) of section 7 of the Foreign Exchange Management Act, 1999, read with Notification No. G.S.R. 381(E) dated May 3, 2000 viz. Foreign Exchange Management (Current Account) Rules, 2000 as amended from time to time.

Section 7 of FEMA 1999 and Notification No. 23 prescribe that exporter should realise full payment for his exports within the prescribed time limit in the prescribed manner. Delay in realisation, realising reduced value or ‘write off’ of export receivables can be permitted/approved by the authorised dealer under their delegated powers. In case of overdue export bills beyond the

prescribed time limit, AD is advised to report such transactions to Reserve Bank. The stipulated period as stated above from the date of export, as under:

i. By Units in Special Economic Zones (SEZs): No specific time period has been stipulated;

ii. By Status Holder Exporters as defined in the Foreign Trade Policy: Within a period of twelve months from the date of export;

iii. By 100% Export Oriented Units (EOUs) and units set up under Electronic Hardware Technology Parks (EHTPs), Software Technology Parks (STPs) and Biotechnology Parks (BTPs) schemes : Within a period of twelve months from the date of export on or after September 1, 2004;

iv. Goods exported to a warehouse established outside India: As soon as it is realized and in any case within fifteen months from the date of shipment of goods; and

v. In all other cases: With effect from June 3, 2008, this period



of realization and repatriation to India has been enhanced to twelve months from the date of export till further review.

An Auditor has to assess the mechanism by which banks monitor the export realisations as well as exercise the delegated authority with due diligence and reports the overdue export bills in time to Reserve Bank. The life cycle of appraisal, sanction, documentation, disbursement, monitoring and recovery of Export Credit/non fund based transactions are to be covered by audit. Deviations, if any would need to be highlighted in the Audit report.

VII Pre shipment Credits Pre Shipment Finance is issued by a

bank institution when the seller want the payment of the goods before shipment. The main objectives behind preshipment finance or pre export finance is to enable exporter to:

• Procure raw materials.

• Carry out manufacturing process.

• Provide a secure warehouse for goods and raw materials.

• Process and pack the goods.

• Ship the goods to the buyers.

• Meet other financial cost of the business.

Types of Pre Shipment Finance• Packing Credit

• Advance against Cheques/Draft, etc. representing Advance Payments.

Pre shipment finance is extended in the following forms :

• Packing Credit in Indian Rupee

• Packing Credit in Foreign Currency (PCFC)

Requirement for Getting Packing Credit

This facility is provided to an exporter who satisfies the following criteria

• A ten digit importer exporter code number allotted by DGFT.

• Should not be in the caution list of RBI.

• If the goods to be exported are not under OGL (Open General Licence), the exporter should have the required licence/quota permit to export the goods.

Packing credit facility can be provided to an exporter on production of the following evidences to the bank:

• Formal application for release the packing credit with undertaking to the effect that the exporter would ship the goods within stipulated due date and submit the relevant shipping documents to the banks within prescribed time limit.

• Firm order or irrevocable L/C or original cable/fax/telex message exchange between the exporter and the buyer.

• Licence issued by DGFT if the goods to be exported fall under the restricted or canalized category. If the item falls under quota system, proper quota allotment proof needs to be submitted.

The confirmed order received from the overseas buyer should reveal the information about the full name and address of the overseas buyer, description quantity and value of goods (FOB or CIF), destination port and the last date of payment.

Eligibility Pre shipment credit is only issued to that

exporter who has the export order in his



own name. However, as an exception, a bank can also grant credit to a third party manufacturer or supplier of goods who does not have export orders in their own name. In this case some of the responsibilities of meeting the export requirements have been outsourced to them by the main exporter. In other cases where the export order is divided between two more than two exporters, pre shipment credit can be shared between them.

The amount sanctioned is normally based on the amount of the LC or an expected order. Banks determine the percentage of margin, depending on factors such as:

• The nature of Order.

• The nature of the commodity.

• The capability of exporter to bring in the requisite contribution.

Pre Shipment Finance - Lifecycle

Appraisal and Sanction of Limits1. As part of the appraisal process a

bank checks for different aspects like product profile, political and economic details about country. The bank also looks in to the status report of the prospective buyer, with whom the exporter proposes to do the business. To check all these information, banks can seek the help of institutions like ECGC or International rating agencies.

The following are ensured before a bank extends packing credit facilities :—

a. The exporter is a regular customer, a bona fide exporter and has a goods standing in the market.

b. Whether the exporter has the necessary licence and quota permit (as mentioned earlier) or not.

c. Whether the country with which the exporter wants to deal is under the list of Restricted Cover Countries (RCC) or not.

Disbursement of Packing Credit Advance2. Once the proper sanctioning of the

documents is done, bank ensures whether exporter has executed the list of documents mentioned earlier or not. Disbursement is normally allowed when all the documents are properly executed.

Sometimes an exporter is not able to produce the export order at time of availing packing credit. So, in these cases, the bank provide a special packing credit facility known as Running Account.

The following is checked with documents before a bank disburses packing credit facilities :—

a. Name of buyer

b. Commodity to be exported

c. Quantity

d. Value (either CIF or FOB)

e. Last date of shipment/negotiation

f. Any other terms to be complied with

The amount of finance is fixed depending on the FOB value of contract/LC or the domestic values of goods, whichever is found to be lower. Normally insurance and freight charged are considered at a later stage, when the goods are ready to be shipped.

In this case disbursals are made only in stages and if possible not in cash. The payments are made directly to the supplier by drafts/



bankers/cheques.

The bank decides the duration of packing credit depending upon the time required by the exporter for processing of goods.

The maximum duration of packing credit period is 180 days, however bank may provide a further 180 days extension on its own discretion, without referring to RBI.

Follow up of Packing Credit Advance3. Exporter needs to submit stock

statement giving all the necessary information about the stocks. It is then used by the banks as a guarantee for securing the packing credit in advance. Bank also decides the rate of submission of this stocks.

Apart from this, authorized dealers (banks) also physically inspect the stock at regular intervals.

Liquidation of Packing Credit Advance4. Packing Credit Advance needs to

be liquidated out of as the export proceeds of the relevant shipment, thereby converting preshipment credit into post shipment credit.

This liquidation can also be done by the payment receivable from the Government of India and includes the duty drawback, payment from the Market Development Fund (MDF) of the Central Government or from any other relevant source.

In case if the export does not take place then the entire advance can also be recovered at a certain interest rate. RBI has allowed flexibility in to this regulation under which substitution of commodity or buyer can be allowed by a bank without any reference to

RBI. Hence in effect the packing credit advance may be repaid by proceeds from export of the same or another commodity to the same or another buyer. However, bank need to ensure that the substitution is commercially necessary and unavoidable.

Overdue Packing5. Bank considers a packing credit

as overdue, if the borrower fails to liquidate the packing credit on the due date. And, if the condition persists then the bank takes the necessary step to recover its dues as per normal recovery procedure.

Special Cases

Packing Credit to Sub Supplier1. Packing Credit can only be shared

on the basis of disclaimer between the Export Order Holder (EOH) and the manufacturer of the goods. This disclaimer is normally issued by the EOH in order to indicate that he is not availing any credit facility against the portion of the order transferred in the name of the manufacturer.

This disclaimer is also signed by the bankers of EOH after which they have an option to open an inland L/C specifying the goods to be supplied to the EOH as a part of the export transaction. On basis of such an L/C, the sub supplier bank may grant a packing credit to the sub supplier to manufacture the components required for exports. On supply of goods, the L/C opening bank will pay to the sub supplier’s bank against the inland documents received on the basis of the inland L/C opened by them.

The final responsibility of EOH is to export the goods as per guidelines. Any delay in export order can bring



EOH to penal provisions that can be issued anytime.

The main objective of this method is to cover only the first stage of production cycles, and is not to be extended to cover supplies of raw material, etc. Running account facility is not granted to sub suppliers.

In case the EOH is a trading house, the facility is available commencing from the manufacturer to whom the order has been passed by the trading house.

Banks however, ensure that there is no double financing and the total period of packing credit does not exceed the actual cycle of production of the commodity.

Running Account facility2. It is a special facility under which

a bank has right to grant pre shipment advance for export to the exporter of any origin. Sometimes banks also extent these facilities depending upon the good track record of the exporter. In return the exporter needs to produce the letter of credit/firms export order within a given period of time

Pre shipment Credit in Foreign Currency (PCFC)3. Authorised dealers are permitted

to extend Pre shipment Credit in Foreign Currency (PCFC) with an objective of making the credit available to the exporters at internationally competitive price. This is considered as an added advantage under which credit is provided in foreign currency in order to facilitate the purchase of raw material after fulfilling the basic export orders.

The rate of interest on PCFC is linked to London Interbank Offered Rate (LIBOR). According to guidelines, the final cost of exporter must not exceed 0.75% over 6 month LIBOR, excluding the tax.

The exporter has freedom to avail PCFC in convertible currencies like USD, Pound, Sterling, Euro, Yen, etc. However, the risk associated with the cross currency truncation is that of the exporter.

The sources of funds for the banks for extending PCFC facility include the Foreign Currency balances available with the Bank in Exchange, Earner Foreign Currency Account (EEFC), Resident Foreign Currency Accounts RFC(D) and Foreign Currency(Non-resident) Accounts.

Banks are also permitted to utilize the foreign currency balances available under Escrow account and Exporters Foreign Currency accounts. It ensures that the requirement of funds by the account holders for permissible transactions is met. But the limit prescribed for maintaining maximum balance in the account is not exceeded. In addition, Banks may arrange for borrowings from abroad. Banks may negotiate terms of credit with overseas bank for the purpose of grant of PCFC to exporters, without the prior approval of RBI, provided the rate of interest on borrowing does not exceed 0.75% over 6 month LIBOR.

Packing Credit Facilities to Deemed Exports4. Deemed exports made to

multilateral funds aided projects and programmes, under orders secured through global tenders for



which payments will be made in free foreign exchange, are eligible for concessional rate of interest facility both at pre and post supply stages.

Packing Credit facilities for Consulting Services5. In case of consultancy services,

exports do not involve physical movement of goods out of Indian Customs Territory. In such cases, pre shipment finance can be provided by the bank to allow the exporter to mobilize resources like technical personnel and training them.

Advance against Cheque/Drafts received as advance payment6. Where exporters receive direct

payments from abroad by means of cheques/drafts, etc. the bank may grant export credit at concessional rate to the exporters of goods track record, till the time of realization of the proceeds of the cheques or draft, etc. The Banks however, must satisfy themselves that the proceeds are against an export order.

VIIIPost shipmentfinance Post Shipment Finance is a kind of

loan provided by a bank to an exporter or seller against a shipment that has already been made. This type of export finance is granted from the date of extending the credit after shipment of the goods to the realization date of the exporter proceeds. Exporters don’t wait for the importer to deposit the funds.

The features of post-shipment finance are:

• PurposeofFinance

• Post shipment finance is meant to finance export sales receivable after

the date of shipment of goods to the date of realization of exports proceeds. In cases of deemed exports, it is extended to finance receivable against supplies made to designated agencies.

• BasisofFinance

• Post shipment finance is provided against evidence of shipment of goods or supplies made to the importer or seller or any other designated agency.

• TypesofFinance

• Post shipment finance can be secured or unsecured. Since the finance is extended against evidence of export shipment and bank obtains the documents of title of goods, the finance is normally self liquidating. In that case it involves advance against undrawn balance, and is usually unsecured in nature.

Further, the finance is mostly a funded advance. In few cases, such as financing of project exports, the issue of guarantee (retention money guarantees) is involved and the financing is not funded in nature.

• Amount of Finance

• Post shipment finance can be extended up to 100% of the invoice value of goods. In special cases, where the domestic value of the goods increases the value of the exporter order, finance for a price difference can also be extended and the price difference is covered by the Government. This type of finance is not extended in case of pre shipment stage. Banks can also finance undrawn balance. In such cases banks are free to stipulate margin requirements as per their usual lending norm.



• Period of Finance

• Post shipment finance can be off short-term or long-term, depending on the payment terms offered by the exporter to the overseas importer. In case of cash exports, the maximum period allowed for realization of exports proceeds is six months from the date of shipment. Concessive rate of interest is available for a highest period of 180 days, opening from the date of surrender of documents. Usually, the documents need to be submitted within 21 days from the date of shipment.

Financing for Various Types of ExportBuyer’sCredit

Post-shipment finance can be provided for three types of export :

• Physical exports: Finance is provided to the actual exporter or to the exporter in whose name the trade documents are transferred.

• Deemed export: Finance is provided to the supplier of the goods which are supplied to the designated agencies.

• Capital goods and project exports: Finance is sometimes extended in the name of overseas buyer. The disbursal of money is directly made to the domestic exporter.

Supplier’sCredit Buyer’s Credit is a special type of loan

that a bank offers to the buyers for large scale purchasing under a contract. Once the bank approved loans to the buyer, the seller shoulders all or part of the interests incurred.

Types of Post Shipment Finance The post shipment finance can be

classified as:

1. Export Bills purchased/discounted.

2. Export Bills negotiated

3. Advance against export bills sent on collection basis

4. Advance against export on consignment basis

5. Advance against undrawn balance on exports

6. Advance against claims of Duty Drawback

1. Export Bills Purchased/Discounted(DP & DA Bills)

Export bills (Non L/C Bills) is used in terms of sale contract/order may be discounted or purchased by the banks. It is used in indisputable international trade transactions and the proper limit has to be sanctioned to the exporter for purchase of export bill facility.

2. Export Bills Negotiated (Bill under L/C)

The risk of payment is less under the LC, as the issuing bank ensures the payment. The risk is further reduced, if a bank guarantees the payments by confirming the LC. Because of the inborn security available in this method, banks often become ready to extend the finance against bills under LC.

However, there are two major risk factors for banks:

1. The risk of non-performance by the exporter, when he is unable to meet his terms and conditions. In this case, the issuing banks do not honour the letter of credit.

2. The bank also faces the documentary risk where the issuing bank refuses to honour its commitment. So, it is important for the negotiating bank, and the lending bank to properly check all the necessary documents before submission.



3. Advance Against Export Bills Sent on Collection Basis

Bills can only be sent on collection basis, if the bills drawn under LC have some discrepancies. Sometimes exporter requests the bill to be sent on collection basis, anticipating the strengthening of foreign currency.

Banks may allow advance against these collection bills to an exporter with concessional rates of interest depending upon the transit period in case of DP Bills and transit period plus usance period in case of usance bill.

The transit period is from the date of acceptance of the export documents at the banks branch for collection and not from the date of advance.

4. Advance Against Export on Consignments Basis

Bank may choose to finance when the goods are exported on consignment basis at the risk of the exporter for sale and eventual payment of sale proceeds to him by the consignee.

However, in this case bank instructs the overseas bank to deliver the document only against trust receipt/undertaking to deliver the sale proceeds by specified date, which should be within the prescribed date even if according to the practice in certain trades a bill for part of the estimated value is drawn in advance against the exports.

In case of export through approved Indian owned warehouses abroad the times limit for realization is 15 months.

5. Advance against Undrawn Balance It is a very common practice in export

to leave small part undrawn for payment after adjustment due to difference in rates, weight, quality, etc. Banks do finance against the undrawn balance, if undrawn balance is in conformity with the normal level of balance left undrawn

in the particular line of export, subject to a maximum of 10 per cent of the export value. An undertaking is also obtained from the exporter that he will, within 6 months from due date of payment or the date of shipment of the goods, whichever is earlier surrender balance proceeds of the shipment.

6. Advance against Claims of Duty Drawback

Duty Drawback is a type of discount given to the exporter in his own country. This discount is given only, if the in- house cost of production is higher in relation to international price. This type of financial support helps the exporter to fight successfully in the international markets.

In such a situation, banks grants advances to exporters at lower rate of interest for a maximum period of 90 days. These are granted only if other types of export finance are also extended to the exporter by the same bank.

After the shipment, the exporters lodge their claims, supported by the relevant documents to the relevant government authorities. These claims are processed and eligible amount is disbursed after making sure that the bank is authorized to receive the claim amount directly from the concerned government authorities.

Crystallization of Overdue Export Bills

Exporter foreign exchange is converted into Rupee liability, if the export bill purchase/negotiated/discounted is not realized on due date. This conversion occurs on the 30th day after expiry of the NTP in case of unpaid DP bills and on 30th day after national due date in case of DA bills, at prevailing TT selling rate ruling on the day of crystallization, or the original bill buying rate, whichever is higher.



IX Auditors Tasks in Relation to Export Transactions

An auditor needs to verify following — in all cases by reviewing the in-house system and procedure of the bank and compliance thereof and by substantive verification of sample transactions and the appropriateness of their supporting documentation:—

• In applications/correspondence with the Reserve Bank, the specific identification number as available on the GR, PP and SOFTEX forms are cited.

• In the case of declarations made on SDF form, the port code number and shipping bill number is cited.

• After the documents have been negotiated/sent for collection, banks report the transaction to Reserve Bank in statement ENC under cover of appropriate R-Supplementary Return.

• In the case of exports made under deferred credit arrangement or to joint ventures abroad against equity participation or under rupee credit agreement, the number and date of Reserve Bank approval and/or number and date of the relative RBI circular should be recorded at the appropriate place on the GR form

• Randomly check of the relevant duplicate forms (GR/SDF/PP) to ensure that non-realisation or short realisation allowed, if any, is within the powers delegated to them or has been duly approved by Reserve Bank, wherever necessary.

• The number on the duplicate copy of a GR form presented to them is the same as that of the original which is usually recorded on the Bill of Lading/Shipping Bill and the duplicate has been duly verified and authenticated by appropriate Customs authorities.

• The Shipping Bill No. on the SDF form should be the same as that appearing on the Bill of Lading.

• In the case of CIF, C & F, etc. contracts where the freight is sought to be paid at destination, that the deduction made is only to the extent of freight declared on GR/SDF form or the actual amount of freight indicated on the Bill of Lading/Airway Bill, whichever is less.

• The documents submitted do not reveal any material inter se discrepancies in regard to description of goods exported; export value or country of destination.

• Where marine insurance is taken by the exporters on buyer’s account to verify, that the actual amount paid is received from the buyer through invoice and the bill.

• To accept Bill of Lading/Airway Bill issued on ‘freight prepaid’ basis where the sale contract is on f.o.b., f.a.s., etc. basis provided the amount of freight has been included in the invoice and the bill.

• To negotiate documents, in cases where the documents are being negotiated by a person other than the exporter who has signed GR/PP/SDF/SOFTEX Form for the export consignment concerned, after ensuring compliance with the relevant regulations under Foreign Exchange Management (Export of Goods and Services) Regulations, 2000.

• To accept the variations in the value declared to the customs authorities and that is reflected on the export documents which stem from the terms of contract, on production of documentary evidence after verifying the arithmetical



accuracy of the calculations and on conforming the terms of underlying contracts.

• Banks maintain Export Bills Register, in physical or electronic form. Details of GR/SDF/PP/SOFTEX form number, due date of payment, the fortnightly period of R Supplementary Return with which the ENC statement covering the transaction was sent to Reserve Bank, are available.

• Banks should ensure that all types of export transactions are entered in the Export Bills Register and are given bill numbers on a financial year basis (i.e., April to March).

• The bill numbers should be recorded in ENC statement and other relevant returns submitted to Reserve Bank.

• Banks furnish to the Reserve Bank of India, on a half-yearly basis, a consolidated statement in Form XOS giving details of all export bills outstanding beyond six months from the date of export as at the end of June and December every year. The statement should be submitted in triplicate within fifteen days from the close of the relative half-year.

• In case of write offs of unrealised amount the auditor should check that the aggregate amount of write off allowed by the bank during a financial year does not exceed 10 per cent of the total export proceeds realised by the concerned exporter through the concerned bank during the previous financial year, the relevant amount has remained outstanding for one year or more and satisfactory documentary evidence is furnished in support of the exporter having made all efforts to realise the dues;

X Import Transactions Import trade is regulated by the

Directorate General of Foreign Trade (DGFT) under the Ministry of Commerce & Industry, Department of Commerce, Government of India. Authorised Dealer Category-I banks should ensure that the imports into India are in conformity with the Foreign Trade Policy in force and Foreign Exchange Management (Current Account Transactions) Rules, 2000 framed by Government of India vide Notification No. G.S.R. 381 (E) dated May 3, 2000 and the Directions issued by Reserve Bank under Foreign Exchange Management Act, 1999 from time to time. AD Category-I banks should follow normal banking procedures and adhere to the provisions of Uniform Customs and Practices for Documentary Credits (UCPDC), etc. while opening letters of credit for import into India on behalf of their constituents moreover, compliance with the provisions of Research & Development Cess Act, 1986 may be ensured for import of drawings and designs.

Value of forex outflow for import of goods and services should be covered equally with matching physical import of goods or services. The time limit within which import payments should be remitted is also prescribed by Reserve Bank. For normal imports it is six months from the date of shipment, except in cases where amounts are withheld towards guarantee of performance, etc.. To enable the importers for availing cheaper credit facilities at international market rates, importers are allowed to raise trade credits or external commercial borrowings from recognised overseas sources. The time limits for remittances in these cases may extend beyond 3 months but has to be within 3 years for date of shipment. Importers are also allowed to remit advance payments. While simplifying the procedures and



relaxing most of the regulations, Reserve Bank has prescribed certain conditions to ensure end use.

XI Auditors Tasks in Relation to Import Transactions

An auditor needs to verify following - in all cases by reviewing the in-house system and procedure of the bank & compliance thereof and by substantive verification of sample transactions & the appropriateness of their supporting documentation:—

• The documents evidencing import, e.g. Exchange Control copies of Bills of Entry or Postal Appraisal Forms or Customs Assessment Certificates, etc.

• AD Category-I bank forwards a statement on half-yearly basis as at the end of June and December of every year, in form BEF furnishing details of import transactions, exceeding USD 100,000 in respect of which importers have defaulted in submission of appropriate document evidencing import within 6 months from the date of remittance, to the Regional Office of Reserve Bank under whose jurisdiction the AD Category-I bank is functioning, within 15 days from the close of the half-year to which the statement relates.

• Where imports are made in non-physical form, i.e., software or data through internet/datacom channels and drawings and designs through e-mail/fax, a certificate from a Chartered Accountant that the software/data/drawing/design has been received by the importer, is obtained.

• No LC or remittance is allowed for items in negative list under Foreign Trade policy.

• In case of advance remittance for imports exceeding USD 100,000 or its equivalent, an unconditional, irrevocable standby Letter of Credit or a guarantee from an international bank of repute situated outside India or a guarantee of an AD Category–I bank in India if such a guarantee is issued against the counter-guarantee of an international bank of repute situated outside India.

• AD Category – I banks submit a report of all advance remittances made without a bank guarantee or standby Letter of Credit, where the amount of advance payment is equivalent to or exceeds USD 5,000,000, to the Chief General Manager, Reserve Bank of India, Foreign Exchange Department, Trade Division, Central Office , on a half yearly basis, as at the end of September and March every year, within 15 days from the close of the respective half year.

• Where interest is paid on import bill it should be for less than three years and at the rate prescribed for trade credit from time to time or LIBOR.

XII Remittances

12.1 Inward Remittances Receipt of foreign exchange in India is

called Inward remittance. Apart from exports there are other transactions, which generate inward remittance. For example Non-resident Indian staying abroad may remit foreign exchange to their relatives in India. Inward remittances are usually in the nature of foreign currency notes, foreign currency traveller cheques, foreign currency cheques/foreign currency demand drafts and inward telex transfers.



There are no restrictions on receiving remittances from abroad through authorised dealers in foreign exchange in India.

a. Persons resident in India are also permitted to receive directly from persons resident outside India foreign exchange in the form of bank drafts or traveller’s cheques issued outside India or cheques drawn on banks situated outside India provided the instruments so received are surrendered to an authorised dealer in foreign exchange in India within a period of seven days from date of receipt.

b. Persons resident in India are also permitted to receive from any person resident outside India and who is on a visit to India payment in foreign currencies for services rendered or in settlement of any lawful obligations — subject to the condition that the foreign currencies so received will be surrendered to an authorised dealer in foreign exchange within seven days of receipt.

c. Exporters in India are permitted to receive directly from the overseas buyers during their visit to India foreign exchange in the form of bank drafts, personal cheques, currency notes, pay orders, banker’s cheques and traveller’s cheques in payment of goods already exported or to be exported. The exporters must surrender these foreign currency instruments to an authorised dealer in foreign exchange in India within a period of seven days from date of receipt. Authorised dealers have been advised by RBI to treat such payments as realisation of export proceeds.

d. If the amount of inward remittance exceeds ` 1,00,000 (or its

equivalent in foreign exchange), then the purpose of remittance should be ascertained by the authorised dealer. This information should be reported to RBI in the supplementary statement annexed to R-Returns.

e. Authorised dealers should issue foreign Inward Remittance Certificate (FIRC) in the prescribed form if requested by the beneficiary.

Inward remittances through normal banking channel are freely permitted under the Foreign Exchange Management Act 1999 (FEMA). There is, however, another law in the country and it is called Foreign Contribution (Regulation) Act, 1976. This law is administered by the Ministry of Home Affairs, Government of India, New Delhi and not by Reserve Bank of India. Beneficiaries of inward remittances are advised to comply with the provisions of this law wherever considered necessary. This law applies to Associations having a definite cultural, economic, educational, religious or social programme. These types of associations must be registered with the Home Ministry of Central Government before they could accept foreign contribution. Branches should communicate with IBD Chennai and obtain prior approval and instructions before opening accounts for such associations when receiving inward remittances from abroad.

12.2 Outward Remittance Release of foreign exchange to persons

resident in India for various current account transactions, Authorised Dealer banks are to be guided by the Rules made by the Govt. of India under section 5 of the Foreign Exchange Management Act, 1999 which are detailed in the Foreign Exchange Management (Current Account Transactions) Rules, 2000 notified by the Government of India vide



Notification No. G.S.R.381 (E) dated 3rd May, 2000 (Rules).

Private Travel

Foreign exchange up to US $ 10,000 is permissible in any calendar year for tourism or private travel to any country other than Nepal and Bhutan on the basis of self-certification. When travelling to Nepal and Bhutan, you can carry as much Indian currency as you wish, except currency notes with denominations of ` 500 and above. Study Abroad/Medical treatment abroad/Employment abroad/Emigration/Maintenance of close relatives abroad. Foreign exchange up to US $ 100,000 is permissible on the basis of self-certification. For students the limit of $ 100,000 is applicable for each academic year. For medical treatment in addition to $ 100,000, foreign exchange up to US$ 25,000 can be taken for meeting boarding/lodging/travel expenses of the patient and also for the accompanying attendant on self-certification. Amounts in excess of the limits can be released on basis of documentary evidence of requirement.Remittance for Miscellaneous Purposes up to US$ 5000. Remittances can be made up to US $ 5000, for any miscellaneous purpose, without furnishing documents. Donations Donations can be made to anybody up to US$ 5,000 every year per remitter on self certification.International Credit Cards. International Credit Cards can be used for:

• meeting expenses or making purchases while abroad without any limit.

• making payments in foreign exchange for purchase of books and other items through the Internet. Residents holding a foreign currency account in India

or with an overseas bank, are free to obtain ICCs issued by overseas banks and other reputed agencies. Surrender of Foreign Exchange on ReturnForeign exchange up to US$ 2,000, in the form of foreign currency notes or travellers’ cheques (TCs) can be retained indefinitely for future use. Amounts in excess of $2000 have to be surrendered to a bank within 90 days and TCs within 180 days of return or credited to RFC(D) account. Foreign coins can be retained indefinitely without any limit.

XIII Audit Procedures of Fx Transactions The following is a brief list of the

audit procedures that could be adopted in conducting a statutory bank branch audit:—

• Check the foreign bills negotiated under letters of credit.

• Check FCNR and other non-resident accounts to see whether debits and credits are permissible under the rules.

• Check inward/outward remittances have been properly accounted for.

• Examine extension and cancellation of forward contracts for purchase and sale of foreign currency. Ensure that they are duly authorised and all necessary charges are recovered.

• Ensure that over bought/oversold position maintained in different currencies are reasonable, considering the volume of foreign exchange operations.

• Ensure adherence to guidelines by RBI/HO in relation to dealing room operations.

• Ensure verification and reconciliation of Nostro and Vostro account transactions/balances.



• Check foreign bill negotiated under letter of credit. Also check rates of conversion and whether the terms of letter of credit have been adhered to.

• As regards bill negotiated not under L/C also check necessary sanction has been obtained from corporate office.

• Check realisations of foreign bill for payments/foreign bill for collection (conversion rate), booking of income thereon and recovery of necessary charges. Ensure crystallisation of FBPs on specified days as per FEDAI rules.

• Check outward bills are promptly dispatched and documents to title are drawn in favour of bank as consignee and not imported unless full payment is received by the bank.

• Prompt reporting of export/import/remittance transactions and forward contracts for sale/purchase of currency to treasury, which shall have impact on the currency position.

• Proper ECGC cover is taken for export advances like pre and post shipment advances or bank guarantees, unless expressly waived by Corporate Office.

• Ensure drawee wise limits set by ECGC are adhered and extension is sought when time limit exceeded.

• Check FCNR and other NR accounts to ensure debits and credits are as per rules.

• Check that inward and outward remittances are properly accounted and promptly reported to corporate office.

• Ensure that the system of daily vouching of FOREX transaction is in place.

• Ensure forward Fx transactions are for the purpose of hedging genuine risks and are booked properly. All charges on cancellation or early delivery are are recovered.

• Ensure that the foreign contributions are not credited to accounts of association/organisations unless they obtain registration or prior permission under FCRA 1976.

• BOE verification are done at half yearly basis.

• Check credit reports of overseas buyers/sellers for high value transactions. (i.e. 1 Lakh and above.)

• Returns and forms like R return, XOS, ENC, BEF, Form A1, etc., are filled with RBI in time.

• Check whether endorsements have been made on LCs advance licences etc. properly for utilisation.

The Bank’s branch concurrent auditor is also expected to cover the entire gamut of Fx operations. The monthly concurrent audit reports and compliance actions thereon are a valuable source of information for the branch statutory auditor. These reports also indicate the general health of recording Fx transactions and their propriety. Similar information is also received from a perusal of the internal inspection reports. These reports can aid in determining the extent of sample to be selected by the branch auditors and also the extent to which reliance can be placed on analytical procedures. It is however, important for the auditor to first obtain knowledge of the extant regulations and the manner in which they are implemented in the Bank.

I acknowledge the information from the Guidance Note on Bank Audit of the ICAI as well as other paper writers in earlier publications on Bank Branch Audit.

AA



NOTES


Audit of Treasury Operations of Banks

Traditionally, the treasury function in banks was limited to funds management, i.e. maintaining adequate cash balances to meet day-to-day requirements and deploying surplus funds from operations.

The treasury in a bank is also responsible for maintenance of reserve requirements (Cash Reserve Ratio and Statutory Liquidity Ratio). Treasury was considered as a service centre and liquidity management was its main function.

The scope of treasury has now expanded beyond liquidity management and treasury has now evolved as a profit centre with its own trading and investment activity.

Over the past years, treasury operations have become complex with increasing focus of the regulators, sophistication of products, challenges of external environment and significant dependence on automation.

The audit of treasury operations is critical and requires comprehensive understanding of the bank’s business, its treasury operations, dependence on technology and skilled/knowledgeable team to execute the audit.

The following paragraphs highlights key characteristics of treasury operations, some of the general products offered, risk management aspects and audit approach.

A. Key features One of the key contributors to the success of a bank is the strength of the internal control system of its treasury department. Some of the key characteristics associated with a bank’s treasury department are:

• Specialised expertise and experience of treasury teams;

• Large volume of transactions;

• Significant dependence on technology

Trading activities require appropriate segregation of responsibilities to provide

reasonable assurance that all trades transacted will be duly authorised, recorded on the accounting records accurately, and properly settled. The traders, who both commit the enterprise to the exchange and authorise (to their trading limits) could well misappropriate the bank’s assets if they could control settlement on their deals. Similarly, were those individuals who effect settlement also empowered to instruct and account for settlements, they would be in a position to misdirect payments and prevent detection of their having done so. Thus, the minimal segregation of duties any trading operation should exhibit are that the following functions be segregated:

• Trading;

• Effecting settlement;

• Accounting for trades and settlements (including counterparty confirmation and reconciling activity in cash and custodial accounts to the accounting records).

Generally, majority of the treasury operations are conducted from the head office of the Bank, including trade execution, risk monitoring and management, and settlement and accounting. Activities at the branch are restricted to purchase and sale of foreign exchange, maintenance and monitoring of RBI balances and nostro balances, maintenance of statutory ratios, etc. Further, the organizational set-up and segregation of treasury operations between the head office and branch may differ from bank to bank, depending on whether it is a foreign bank branch, private sector or public sector bank.

Typically, an ideal structure of the bank’s treasury function in terms of implementing best practice from a control environment standpoint is given below:

• Front Office — trade execution

• Middle Office — risk monitoring and management


CA. Akeel Master



• Back Office — settlements and accounting

Further, the treasury front office has specialized desks for conducting various activities:

• Proprietary Trading desk — conducts trading activities for the bank’s own account and capital;

• Asset Liability Management desk — manages the risk of interest rate mismatch and liquidity;

• Fixed Income and Money Market desk — dealing in fixed income and money market instruments;

• Foreign Exchange and Derivatives desk — dealing with foreign exchange and derivative structures;

• Capital Markets or Equities desk — dealing with equity securities

B. Treasury Risk Management

Banks are highly sensitive to treasury risks, as the risks arrive out of high leverage treasury business enjoy. The risks of losing capital are much more than the credit business.

Treasury broadly faces four kinds of risks, viz., interest rate risk, liquidity risk, foreign exchange risk and counterparty/credit risk. A Bank uses a combination of tools to measure these risks, namely:

• Duration gap analysis;

• Simulations;

• Value at Risk (VAR) based methodology;

• Convexity;

• Stress testing;

• Back testing;

• Net overnight Open Position Limits;

• Stop Loss limits.

C. Products The Reserve Bank of India (RBI) have issued directives on the nature of instruments/products in which investments can be made, and the extent of investment in a particular type of instrument/product or in a particular company/group of companies. A unique feature of investments of banks is that a large proportion of the investments are made in pursuance of the requirement to maintain a certain minimum level of ‘liquid assets’ as required under statute and compliance with directives of RBI.

Some of the common investments made by a bank include the following:

• Securities of the Central and State Governments and other approved securities;

• Shares (both equity as well as preference);

• Debentures and bonds;

• Interest rate and foreign exchange derivatives – forwards, swaps and options; and

• Other investments such as commercial papers, Certificate of Deposits, Security Receipts, Pass Through Certificates, units of mutual funds, venture capital funds and real estate funds.

D. Approach to Audit Treasury Operations

The audit of treasury operations in any bank entails:

1. Obtaining an understanding of the treasury function, investment policy and processes/controls surrounding the capture/recording of transactions;

2. Obtaining an understanding of the information technology involved in processing transactions;

3. Obtaining an understanding of the accounting aspects related to treasury operations;



4. Obtaining an understanding of the regulatory guidelines and impact on treasury operations.

Understanding the treasury function, investment policy and processes/controls surrounding the capture/recording of transactionsPrior to commencing an audit of treasury operations of a bank, it is critical to obtain an understanding of the treasury function. This would include obtaining an understanding of the framework of treasury function, in particular:

— assessment of adequacy and appropriateness of the set-up and role of the front office, mid-office and back office;

— appropriateness and adequacy of reporting structure;

— appropriateness of delegation of authority and segregation of duties;

— understanding operations which are centralised and decentralized within the bank.

In addition, the auditor should understand the extent of funds deployed by the bank in various treasury products such as government

securities, equity shares, foreign exchange products, etc. and the investment strategy of the investment committee and treasurer and correlate it with market environment.

The functioning of treasury operations is driven by policies and procedures formulated by senior management of the bank. It is of paramount priority for a bank to frame a suitable investment policy to ensure that treasury operations are conducted in accordance with regulatory guidelines, investment strategy of the bank, robust internal control framework and sound business practices. Further, the RBI has also mandated every bank to frame suitable investment policy and has provided guidelines which need to be incorporated in the investment policy of a bank.

The next step for an auditor is to understand the process and internal controls surrounding the capturing/recording of transactions. A deal initiated by the front office passes through a series of processes and control checks before it gets recorded in the financial ledger of the bank. Some of key controls surrounding the capturing/recording of transactions which would enable an auditor obtain sufficient and appropriate audit evidence over the audit objective are as follows:

Control Process/Audit approach

Limit monitoring Majority of the banks establish a credit line for each of the counterparties with whom the bank trades regularly to control the risk that a deal will be made with a counterparty unable to deliver securities purchased or cash for securities sold.

An auditor should check the controls to ensure that the limits are regularly reviewed taking into account the counterparties’ credit standing.

Suitability and For derivative deals executed by the bank with counterparties, theAppropriateness of RBI has issued directives on the suitability and appropriateness ofunderlying underlying documentation.documentation With increased regulatory focus in this area and current derivative

market, an auditor should verify the underlying documentation for all such deals.



Deal ticket Whenever a trade is made, some form of transaction ticket (generally called a deal ticket) is prepared, showing all particulars of the transaction. This ticket is sequentially numbered and usually requires approval by a second party, such as the chief trader.

An auditor should check whether tickets are sequentially numbered, the sequence is accounted for on a daily basis, controls over alteration of deal tickets, and that missing deal tickets are logged and investigated.

Confirmation of trades Exchange of written confirmations between the parties forms a vital part of the internal control of treasury function. This control should be kept completely separate from the dealers and is performed by the back office.

An auditor should check the existence of the trade by reviewing the process of incoming and outgoing confirmations. Other methods of validating the existence of a trade include Voice Recording Systems (VCR), dealer conversation slips and review of nostro balances for cash inflow/outflow on trades.

Reconciliation of front There may be instances of delay between the execution of the tradeoffice and back office by the front office and recording by the back office.records Review by an auditor of day end reconciliations between FO and

BO systems is crucial to ensure completeness of trades.

Settlement of trades Once a trade is affected by the front office on trade date, automated entries impacting notro accounts are passed on the settlement date.

An auditor should examine whether the settlement is done through appropriate networks – CCIL/RTGS/SWIFT networks. Rejection of deals should be reviewed carefully as it may indicate incorrect deal entry. Further, the auditor should check the adequacy and appropriateness of system controls over auto generation of entries on settlement date and intimations sent to the customer on settlement of the trade.

Understanding of the information technology involved in processing transactionsOne of key contributors to a successful functioning of a treasury operation in a bank is the existence of a robust information system platform. In today’s environment, all banks have embarked upon large scale computerisation, which has resulted in changes in the processing and storage of information and affects the organisation and procedures employed by the bank to

achieve adequate internal control. Hence, it is imperative for an auditor to perform audit procedures such as understanding of the IT control environment, systems (internal/external) used for processing data, flow of data from various systems to general ledger, IT application level controls (access controls, password controls) established by management, etc. in order to achiery the desired audit objective.



Accounting aspects related to treasury operations There are various phases involved in accounting of a treasury transaction. Hence it is important for an auditor to obtain a complete understanding of the scheme of accounting from the front office system to the general ledger. Key areas where audit procedures should be performed are:

— The RBI has prescribed prudential norms relating to classification, valuation, provisioning and presentation of investments. The accounting guidance for treasury transactions undertaken by a bank is largely governed by the accounting principles laid down by the Reserve Bank of India. An auditor should ensure that guidelines for accounting and presentation in the financial statements have been complied with by the bank.

— Further, in addition to verifying compliance with the RBI guidelines on accounting aspects, an auditor should verify, in detail, the valuation of securities, foreign exchange and derivative products. Key audit procedures surrounding the valuation would include obtaining an understanding of the bank’s valuation policy, ensuring compliance with RBI guidelines and bank’s accounting policy, verifying appropriateness of the inputs used for valuation (such as yields, market quotes, etc), verifying the appropriateness of the source from where inputs are obtained, etc.

— Understanding the nature of the control/suspense account used for routing transactions, ageing of unreconciled entries in these accounts and balance

sheet classification are some of the important procedures which should be performed by the auditor.

- An auditor should also review the Nostro and Vostro reconciliations, verify ageing of unreconciled balances, provisioning policy of unreconciled debit balances and management review process.

Regulatory guidelines and impactThe Reserve Bank of India has issued directives which lays down the products which can be transacted by a bank as well as prescribed exposure norms for certain category of investments. Further, every bank is required to maintain Cash Reserve Ratio (CRR) and Statutory Liquidity Ratio (SLR) based on guidance provided by the RBI from time to time.

The treasury team plays an important role in ensuring compliance with the regulatory requirement as well as reporting regulatory returns to the RBI. Some of these activities may be performed at the branch office. The auditor should verify compliance with the regulatory requirements and report breaches to the management and the regulator through the financial statements, statutory certificates and Long Form Audit Report (LFAR).

E. Conclusion The key to a successful audit begins with

understanding of the treasury function by an experienced team. Given the significant volume of transactions done by the treasury business and technology intensive approach, the auditor should adopt a risk based approach to audit the treasury operations, with specific focus on regulatory compliance and review of technology/systems.

AA



NOTES


Frauds In Banks

As one attempts to discuss such bold a subject, it is not out of place to announce at the outset that this discussion is an attempt to power up the informed statutory Bank Auditor to alert the Bank Management perhaps by traversing the extra mile beyond Balance Sheet audit, though this discussion is neither exhaustive nor a tutorial to the perpetuator. It is also an accepted fact that the Indian Bank Statutory Auditor has very little time to even complete his fundamental terms of appointment leave alone even look at any extra mile to traverse. However, each time such an auditor signs a Bank Balance Sheet, the issue of accountability looms in his mind in case a fraud is being perpetuated in the very same period of audit while the audit report remains silent on the issue. One does recall the introduction to the subject of auditing which compared the auditor to a ‘watchdog’ in specific exclusion of a ‘bloodhound’. While this and many other terms of appointment may exonerate the auditor, the professional in the auditor may want to at least issue a warning to the management of ‘something being out of place’ which warrants deeper study by the Management of the Bank.

Some of the cases discussed here are age old and admittedly, it would be a concern if such would go undetected. Therefore, this article attempts to expose areas/operations which are fraud prone. Emphasis is on the word prone because such situations may exist and mere existence does not imply fraud unless someone has exploited the situation. A

whirlwind tour of some of the known Banking frauds displays with a suggestion of how to identify it in the smallest period of time. You may determine some better and faster path also.

Bank frauds are can be divided on the basis of the relation of the person perpetuating the fraud:

1. External: Person who is not part of the Bank’s organization or staff. Such a person can be Customer, Contractors like security, ATM Cash supplier, etc.

2. Staff or internal. A large portion of the established frauds have been committed either by the staff or in connivance with the Bank staff. There is a popular notion on appreciation of the internal controls of Banks that these being so strong, no outsider can break it unless insider (staff) co-operates. However, with the advent of computerization, the same strength of internal control cannot be assumed without proper study.

Events/areas of operation based frauds are discussed in detail to permit the auditor to incorporate warning of these areas in his/her audit and Long Form Audit Report (LFAR). Appropriate indication is given at each stage with the subtle reminder that some questions of the LFAR are not merely for answering Yes/No or copied from the last report or just an administrative answer. It would be mature of the auditor to think beyond the main question especially as indicated in the first case.

Frauds In BanksCA. Nitant Trilokekar

Case 1 Loan given free of charge

Description Cashier hands over cash to his known contact at the beginning of the day without making entry in his books. The person returns the cash at the end of the Banking hours thus effectively using the cash for daily business without paying the Bank any interest. Of course the cashier gets his consideration for co-operation. This fraud normally committed in the market area branches is often unearthed automatically when the person using the cash does not return in time to replace the cash and thus the end of day



cash does not tally with the books, making the cashier responsible for the misappropriation.

Symptoms 1. Surprise cash inspection in the middle of operations was not done anytime in the period of audit by the Senior officer/Branch manager. This can be verified with the cashier’s registers or a surprise inspection register which some Banks have a procedure to maintain.

2. (More important symptom) Large amount of cash is withdrawn from the safe every day and replaced. If the auditor calculates the payments made daily, the cash withdrawn from the dual control safe to the cashier is ALWAYS much more than warranted. For example, if there are average payments of ` 10 lacs and the cash withdrawn daily is ` 50 lakh, then this is a striking symptom.

When can the While the auditor is answering the point of whether the Branch hasAuditor see the maintained sufficient balance, it is normal to look at situations of‘red flag’ ‘insufficient’ balance. But excess cash holding itself is not a symptom unless

supported by adequate records and that without exception, such excess cash is withdrawn from the safe and handed to the cashier.

Suggestive While the audit is on, no-one in would be brazen to continue such a fraud.reaction Therefore the auditor can alert the management to review the quantum of

cash withdrawn from safe because no rule prevents multiple withdrawals from safe and in such circumstances, the senior officer can conduct a surprise check to verify if more cash is really needed to be withdrawn from the safe.

Moral Ensure proper registers and supervision for all processes that convert from Dual Control to Single control

Case 2 Withdrawal from Dormant Account

Description This fraud can be perpetuated either by a third party (non Bank staff) or by an insider (Bank staff). Old balances lying either unused or forgotten by depositors are withdrawn by third party without authorisation. This is an old type of fraud which is preventable only if proper policy is in place. After computerization especially CBS (Core Banking System) some of the age old practices may be compromised under some misplaced apprehension of impossibility of action.

Symptoms Absence of control of dormant accounts is a red flag. Sometimes other controls also fail and combination of such is conducive for such a fraud. Some Banks have a stricter definition of dormant by marking them ‘inactive’ when no transaction is executed by the account holder six months continuously. The word dormant in this point is used to include this status. In most applications, marking or flagging of such accounts is a procedure which is activated manually.

1. Dormant accounts are not flagged regularly in the application system (CBS). Flagging them dormant will ensure system demands dual authorisation for any transaction in these accounts especially from the


Frauds In Banks

Branch Manager. If these are not flagged by the system, this control will not be activated.

2. Voucher totals are not done for vouchers of the day. This trifle control point is actually not so trifle because some fraudsters follow the modus operandi of first ‘transfer’ from the victim’s account to their own and then withdraw. The logic here is that the fraud perpetuator feels that more care is taken by the cash authorizing officers (though may not always be so) when the cash is withdrawn and the perpetuators assume no-one pays critical attention to internal (account to account) transfers. In such cases, during forensic study, it is found that the transfer vouchers are normally missing. Thus, the voucher total on the voucher cover would have highlighted the numeric mismatch on the same day itself.

3. No care is taken by the branch staff to identify the person asking for balance. Here, it is the third party who has learnt of a dormant account and wants to know whether there is balance sufficient enough to take effort for the fraud. Only known parties should be entertained for their balance or some identity asked for by the staff.

When can the During the statutory audit, this ‘extra mile’ can be traversed by the auditorAuditor see the when:‘red flag’ 1. The auditor verifies the quality of voucher filing.

2. The auditor verifies the practice of dormant marking of the accounts.

Suggestive Not marking the accounts dormant is a fraud prone area and a suggestivereaction comment to this effect is justified by the auditor. Another remark may

be regarding absence of care taken while giving information over the counter which may also amount to delivery of confidential information to unauthorized person.

Moral All controls should be appreciated and effected by the Bank Branch.

Case 3 ATM fraudulent withdrawal

Description Cash is withdrawn by an authorised person from an account via ATM. This can be perpetuated by a third party usually courier or staff.

Symptoms The ATM issuance procedure is not secure.

When can the When the branch is critical to the process of issuance of ATM card, theAuditor see the process can be shared by the Bank branch with the auditor. When the‘red flag’ auditor notes weakness in the process, the area becomes fraud prone

because if any person other than the account holder takes control of ATM card as well as the PIN number, withdrawal can be made. The first PIN Number is allotted by the Bank and this is where it should be seen ensured that the ATM card and PIN Numbers are never in possession of one person any time before the delivery to the account holder. The secure practice by most Banks is to deliver the card and PIN number either separately by different couriers to the account holder or PIN number is delivered by



courier and ATM Card by the branch. This prevents both being handled by the same person at any time of process of the issue.

Suggestive The auditor can alert the management with the observation that thereaction process may be reviewed by the Bank management to modify it to a more

secure process.

Moral When dual control is replaced by single control, the system works only because of the person and not in spite of the person – and any fraud not already occurred is around the corner.

Case 4 Kite flying fraud

Description When withdrawal is permitted against clearing which in reality does not get cleared it is called a Kite flying fraud. Since the Banks ‘ASSUME’ instrument to be clear unless returned within a set period of time, this fraud is designed on preventing the return of the instrument. Therefore the Bank whose instrument is issued is also covered by the fraudster by deposit of another Bank cheque. A ring of Banks is this affected. This is an old modus operandi.

Symptoms Cheque purchase is the only facility of the account holder. This is normally an ad hoc facility.

When can the Cheque purchase facility is very high especially ad hoc and the Branch hasAuditor see the not obtained other documents of the borrower. Other zeroing in vision is‘red flag’ obtained by ratio of miscellaneous income against the Interest levied on

advances. The Miscellaneous income in such situations is sometimes even more than the interest on advances which is not a logical situation.

Suggestive The auditor can recommend obtaining certificate of payment/clearancereaction from the Bank against whose cheque the advance is given. This will alert

the other Bank who is also a victim of the fraud and will confirm the similar facility of the borrower at the other Bank. Another alert that the auditor can issue will be to recommend only sanctioned facility to regular parties enjoying cheque purchase and reduce ad hoc facility to person taking regular benefit of Cheque/Bill purchase. This will permit the Bank to verify all aspects of the borrower and permit them to take a studied risk decision.

Moral Borrowers willing to pay high interest/cost for finance without attempt to regularize temporary facility are comfortable because they never intend to either pay the cost or even return the capital borrowed sum.

Case 5 Interest charged less than sanctioned rate to borrowers or not charged interest at all

Description This is a purely Computer based fraud possible even in CBS environment. In this fraud, interest rate is manipulated for certain borrowers. However, if the auditor takes a print of any report as on March 31, with the interest rate of the borrowers, the auditor will note the displayed rate to be the same as that sanctioned. The procedure of levy of interest is exploited


Frauds In Banks

here. The normal procedure is to permit the branches to take a trial run of interest and then the final run of interest is done by the Data Centre (DC) which actually levies interest. The other procedure is to set a specific day say end of the month or if the end of month is a holiday, the next day as the day of levy of interest. Just before the levy of final run, the interest rate of certain borrowers is reduced to a nominal rate and after the interest levy, rate is normalized. Naturally, this fraud works only on application systems which calculates interest at the end of the cycle and not on those systems which calculate interest on a daily basis.

Symptoms Easily visible symptoms are rare. The auditor can find if rates of interest can be changed at the branches. If so, then this section can be acted upon by the auditor.

When can the Where audit trails are available (in very few cases) changes to mastersAuditor see the can be observed to be done repeatedly for some accounts. However, the‘red flag’ audit trails under CBS are available for a few days span at a time since the

system takes time to search for changes done at the branch. If the auditor chooses a few days before and after each interest levy on advances while demanding the audit trail, the favoured accounts can be seen.

Another easy to observe method especially without recourse to any audit trail will be to manually verify the interest levied on accounts sanctioned with the highest rate of interest in the Branch. Such a sample check is part and parcel of LFAR to report whether the revenue calculations are correct. If such accounts are chosen for sample check, then the auditor can kill two birds with one stone.

Suggestive Since the unauthorized changes are identified by the auditor, this list canreaction be given to the management as a sample for a detailed investigation to

be done in that direction. It would be the call of the auditor however to determine what to mentioned in the section of LFAR on whether there were any frauds in the year under audit!

Moral Cost reduction at any cost is the policy of a few.

These are a few OBVIOUS cases which can be easily ‘smelt’ by the statutory auditor. If such category of frauds are not either noted by the auditor or alerted by him, the profession as a whole will suffer damage of reputation. These cases are to spur the auditor into inclusion of many more areas of fraud which can be sighted by ‘just a little shading of the eyes’ (marginal effort). The enlightened auditor thus should no longer be oblivious to the obvious.

AA



NOTES


Frauds In Banks

As one attempts to discuss such bold a subject, it is not out of place to announce at the outset that this discussion is an attempt to power up the informed statutory Bank Auditor to alert the Bank Management perhaps by traversing the extra mile beyond Balance Sheet audit, though this discussion is neither exhaustive nor a tutorial to the perpetuator. It is also an accepted fact that the Indian Bank Statutory Auditor has very little time to even complete his fundamental terms of appointment leave alone even look at any extra mile to traverse. However, each time such an auditor signs a Bank Balance Sheet, the issue of accountability looms in his mind in case a fraud is being perpetuated in the very same period of audit while the audit report remains silent on the issue. One does recall the introduction to the subject of auditing which compared the auditor to a ‘watchdog’ in specific exclusion of a ‘bloodhound’. While this and many other terms of appointment may exonerate the auditor, the professional in the auditor may want to at least issue a warning to the management of ‘something being out of place’ which warrants deeper study by the Management of the Bank.

Some of the cases discussed here are age old and admittedly, it would be a concern if such would go undetected. Therefore, this article attempts to expose areas/operations which are fraud prone. Emphasis is on the word prone because such situations may exist and mere existence does not imply fraud unless someone has exploited the situation. A

whirlwind tour of some of the known Banking frauds displays with a suggestion of how to identify it in the smallest period of time. You may determine some better and faster path also.

Bank frauds are can be divided on the basis of the relation of the person perpetuating the fraud:

1. External: Person who is not part of the Bank’s organization or staff. Such a person can be Customer, Contractors like security, ATM Cash supplier, etc.

2. Staff or internal. A large portion of the established frauds have been committed either by the staff or in connivance with the Bank staff. There is a popular notion on appreciation of the internal controls of Banks that these being so strong, no outsider can break it unless insider (staff) co-operates. However, with the advent of computerization, the same strength of internal control cannot be assumed without proper study.

Events/areas of operation based frauds are discussed in detail to permit the auditor to incorporate warning of these areas in his/her audit and Long Form Audit Report (LFAR). Appropriate indication is given at each stage with the subtle reminder that some questions of the LFAR are not merely for answering Yes/No or copied from the last report or just an administrative answer. It would be mature of the auditor to think beyond the main question especially as indicated in the first case.

Frauds In BanksCA. Nitant Trilokekar

Case 1 Loan given free of charge

Description Cashier hands over cash to his known contact at the beginning of the day without making entry in his books. The person returns the cash at the end of the Banking hours thus effectively using the cash for daily business without paying the Bank any interest. Of course the cashier gets his consideration for co-operation. This fraud normally committed in the market area branches is often unearthed automatically when the person using the cash does not return in time to replace the cash and thus the end of day



cash does not tally with the books, making the cashier responsible for the misappropriation.

Symptoms 1. Surprise cash inspection in the middle of operations was not done anytime in the period of audit by the Senior officer/Branch manager. This can be verified with the cashier’s registers or a surprise inspection register which some Banks have a procedure to maintain.

2. (More important symptom) Large amount of cash is withdrawn from the safe every day and replaced. If the auditor calculates the payments made daily, the cash withdrawn from the dual control safe to the cashier is ALWAYS much more than warranted. For example, if there are average payments of ` 10 lacs and the cash withdrawn daily is ` 50 lakh, then this is a striking symptom.

When can the While the auditor is answering the point of whether the Branch hasAuditor see the maintained sufficient balance, it is normal to look at situations of‘red flag’ ‘insufficient’ balance. But excess cash holding itself is not a symptom unless

supported by adequate records and that without exception, such excess cash is withdrawn from the safe and handed to the cashier.

Suggestive While the audit is on, no-one in would be brazen to continue such a fraud.reaction Therefore the auditor can alert the management to review the quantum of

cash withdrawn from safe because no rule prevents multiple withdrawals from safe and in such circumstances, the senior officer can conduct a surprise check to verify if more cash is really needed to be withdrawn from the safe.

Moral Ensure proper registers and supervision for all processes that convert from Dual Control to Single control

Case 2 Withdrawal from Dormant Account

Description This fraud can be perpetuated either by a third party (non Bank staff) or by an insider (Bank staff). Old balances lying either unused or forgotten by depositors are withdrawn by third party without authorisation. This is an old type of fraud which is preventable only if proper policy is in place. After computerization especially CBS (Core Banking System) some of the age old practices may be compromised under some misplaced apprehension of impossibility of action.

Symptoms Absence of control of dormant accounts is a red flag. Sometimes other controls also fail and combination of such is conducive for such a fraud. Some Banks have a stricter definition of dormant by marking them ‘inactive’ when no transaction is executed by the account holder six months continuously. The word dormant in this point is used to include this status. In most applications, marking or flagging of such accounts is a procedure which is activated manually.

1. Dormant accounts are not flagged regularly in the application system (CBS). Flagging them dormant will ensure system demands dual authorisation for any transaction in these accounts especially from the


Frauds In Banks

Branch Manager. If these are not flagged by the system, this control will not be activated.

2. Voucher totals are not done for vouchers of the day. This trifle control point is actually not so trifle because some fraudsters follow the modus operandi of first ‘transfer’ from the victim’s account to their own and then withdraw. The logic here is that the fraud perpetuator feels that more care is taken by the cash authorizing officers (though may not always be so) when the cash is withdrawn and the perpetuators assume no-one pays critical attention to internal (account to account) transfers. In such cases, during forensic study, it is found that the transfer vouchers are normally missing. Thus, the voucher total on the voucher cover would have highlighted the numeric mismatch on the same day itself.

3. No care is taken by the branch staff to identify the person asking for balance. Here, it is the third party who has learnt of a dormant account and wants to know whether there is balance sufficient enough to take effort for the fraud. Only known parties should be entertained for their balance or some identity asked for by the staff.

When can the During the statutory audit, this ‘extra mile’ can be traversed by the auditorAuditor see the when:‘red flag’ 1. The auditor verifies the quality of voucher filing.

2. The auditor verifies the practice of dormant marking of the accounts.

Suggestive Not marking the accounts dormant is a fraud prone area and a suggestivereaction comment to this effect is justified by the auditor. Another remark may

be regarding absence of care taken while giving information over the counter which may also amount to delivery of confidential information to unauthorized person.

Moral All controls should be appreciated and effected by the Bank Branch.

Case 3 ATM fraudulent withdrawal

Description Cash is withdrawn by an authorised person from an account via ATM. This can be perpetuated by a third party usually courier or staff.

Symptoms The ATM issuance procedure is not secure.

When can the When the branch is critical to the process of issuance of ATM card, theAuditor see the process can be shared by the Bank branch with the auditor. When the‘red flag’ auditor notes weakness in the process, the area becomes fraud prone

because if any person other than the account holder takes control of ATM card as well as the PIN number, withdrawal can be made. The first PIN Number is allotted by the Bank and this is where it should be seen ensured that the ATM card and PIN Numbers are never in possession of one person any time before the delivery to the account holder. The secure practice by most Banks is to deliver the card and PIN number either separately by different couriers to the account holder or PIN number is delivered by



courier and ATM Card by the branch. This prevents both being handled by the same person at any time of process of the issue.

Suggestive The auditor can alert the management with the observation that thereaction process may be reviewed by the Bank management to modify it to a more

secure process.

Moral When dual control is replaced by single control, the system works only because of the person and not in spite of the person – and any fraud not already occurred is around the corner.

Case 4 Kite flying fraud

Description When withdrawal is permitted against clearing which in reality does not get cleared it is called a Kite flying fraud. Since the Banks ‘ASSUME’ instrument to be clear unless returned within a set period of time, this fraud is designed on preventing the return of the instrument. Therefore the Bank whose instrument is issued is also covered by the fraudster by deposit of another Bank cheque. A ring of Banks is this affected. This is an old modus operandi.

Symptoms Cheque purchase is the only facility of the account holder. This is normally an ad hoc facility.

When can the Cheque purchase facility is very high especially ad hoc and the Branch hasAuditor see the not obtained other documents of the borrower. Other zeroing in vision is‘red flag’ obtained by ratio of miscellaneous income against the Interest levied on

advances. The Miscellaneous income in such situations is sometimes even more than the interest on advances which is not a logical situation.

Suggestive The auditor can recommend obtaining certificate of payment/clearancereaction from the Bank against whose cheque the advance is given. This will alert

the other Bank who is also a victim of the fraud and will confirm the similar facility of the borrower at the other Bank. Another alert that the auditor can issue will be to recommend only sanctioned facility to regular parties enjoying cheque purchase and reduce ad hoc facility to person taking regular benefit of Cheque/Bill purchase. This will permit the Bank to verify all aspects of the borrower and permit them to take a studied risk decision.

Moral Borrowers willing to pay high interest/cost for finance without attempt to regularize temporary facility are comfortable because they never intend to either pay the cost or even return the capital borrowed sum.

Case 5 Interest charged less than sanctioned rate to borrowers or not charged interest at all

Description This is a purely Computer based fraud possible even in CBS environment. In this fraud, interest rate is manipulated for certain borrowers. However, if the auditor takes a print of any report as on March 31, with the interest rate of the borrowers, the auditor will note the displayed rate to be the same as that sanctioned. The procedure of levy of interest is exploited


Frauds In Banks

here. The normal procedure is to permit the branches to take a trial run of interest and then the final run of interest is done by the Data Centre (DC) which actually levies interest. The other procedure is to set a specific day say end of the month or if the end of month is a holiday, the next day as the day of levy of interest. Just before the levy of final run, the interest rate of certain borrowers is reduced to a nominal rate and after the interest levy, rate is normalized. Naturally, this fraud works only on application systems which calculates interest at the end of the cycle and not on those systems which calculate interest on a daily basis.

Symptoms Easily visible symptoms are rare. The auditor can find if rates of interest can be changed at the branches. If so, then this section can be acted upon by the auditor.

When can the Where audit trails are available (in very few cases) changes to mastersAuditor see the can be observed to be done repeatedly for some accounts. However, the‘red flag’ audit trails under CBS are available for a few days span at a time since the

system takes time to search for changes done at the branch. If the auditor chooses a few days before and after each interest levy on advances while demanding the audit trail, the favoured accounts can be seen.

Another easy to observe method especially without recourse to any audit trail will be to manually verify the interest levied on accounts sanctioned with the highest rate of interest in the Branch. Such a sample check is part and parcel of LFAR to report whether the revenue calculations are correct. If such accounts are chosen for sample check, then the auditor can kill two birds with one stone.

Suggestive Since the unauthorized changes are identified by the auditor, this list canreaction be given to the management as a sample for a detailed investigation to

be done in that direction. It would be the call of the auditor however to determine what to mentioned in the section of LFAR on whether there were any frauds in the year under audit!

Moral Cost reduction at any cost is the policy of a few.

These are a few OBVIOUS cases which can be easily ‘smelt’ by the statutory auditor. If such category of frauds are not either noted by the auditor or alerted by him, the profession as a whole will suffer damage of reputation. These cases are to spur the auditor into inclusion of many more areas of fraud which can be sighted by ‘just a little shading of the eyes’ (marginal effort). The enlightened auditor thus should no longer be oblivious to the obvious.

AA



NOTES


Index of Recent RBI Notifications

Index of Recent RBI Notifications Applicable to Staturory Bank Branch Audit

CA. Sandip Welling

Sr. Subject Circular Reference Date No 1 Guidelines on the Base Rate DBOD. No. Dir. BC 88 / 9-Apr-10 13.03.00/2009-10 2 Prudential Norms on Income DBOD.No.BP.BC.21 / 1-Jul-10 Recognition,AssetClassification 21.04.048/2010-11 and Provisioning pertaining to Advances 3 Priority Sector Lending-Credit RPCD.SP.BC.No.3/09.09.01/ 1-Jul-10 facilities to Scheduled Castes 2010-11 (SCs) & Scheduled Tribes (STs) 4 DetectionandImpoundingof DCM(FNVD)No.G.4/ 1-Jul-10 Counterfeit Notes 16.01.05/ 2010-2011 5 Collection of Direct Taxes- OLTAS DGBA.GAD.No. H. 1 / 1-Jul-10 42.01.034/2010-116 ExposureNorms DBODNo.Dir.BC.14/13.03.00/ 1-Jul-10 2010-11 7 Instructions relating to deposit DBOD.No.Dir.BC.11 / 1-Jul-10 heldinFCNR(B)Accounts 13.03.00/2010-118 Guarantees and Co-acceptances DBOD. No. Dir. BC.12/ 1-Jul-10 13.03.00/2010-11 9 Interest Rates on Rupee Deposits DBOD.No.Dir.BC.10/ 1-Jul-10 held in Domestic, Ordinary 13.03.00/2010-11 Non-Resident (NRO) and Non- Resident (External) (NRE) Accounts 10 Loans and Advances – DBOD.No.Dir.BC.13/ 1-Jul-10 Statutory and Other Restrictions 13.03.00/2010-11 11 MasterCircularonHousingFinance DBOD.No.DIR.(HSG). 1-Jul-10 BC. 07/08.12.001/2010-11 12 PrioritySectorLending-Credit RPCD.SP.BC.No.4/ 1-Jul-10 FacilitiestoMinorityCommunities 09.10.01/2010-1113 BankFinancetoNon-Banking DBOD.BP.BC.No.5/ 1-Jul-10 FinancialCompanies 21.04.172/2010-1114 Schemeof1%interestsubvention RPCD.SME&NFS. 9-Aug-10 on housing loans upto BC. No. 16 /06.11.01/ Rs. 10 lakh - Guidelines 2010-11 15 PrudentialGuidelineson DBOD.BP.No.49/ 7-Oct-10 RestructuringofAdvancesby 21.04.132/2010-11 Banks16 EndUseofFunds-Monitoring DBS.CO.PPD.BC.No.5/ 14-Jan-11 11.01.005/2010-11 17 Classificationof loansagainst RPCD.CO.Plan.BC. 2-Feb-11 goldjewellery 51/04.09.01/2010-11

AA



NOTES


Index of Recent RBI Notifications

NOTES



NOTES