RISK BASED AUDIT IN BANKS

(with relevance to bank branch)(with relevance to bank branch)

Outcomes

• Understanding RBIA

• Understanding approach and methodology of RBIA

• Comprehending various vulnerable areas of control lapses to

be seen audit

Change in approach in concurrent Audit

Earlier- transaction testing Now Risk based auditing

• Reliability of

accounting •Assessment of

Business risk in • Integrity Timeliness of

control reports

• Adherence to

regulatory norms

•Transaction testing

Business risk in

activities undertaken

by bank.

•Evaluation of Control

Risk

Scope of RBIA

• It should report

– Proper recording and reporting of Major excess

and exceptions

• The extent of transaction testing would be

on the basis risk profile of the bank/branch.on the basis risk profile of the bank/branch.

• Identification of risk in functions

• Evaluation of risk • Evaluation of risk

• Making an assessment of level and direction

of various risk

• Drawing up Risk matrix of the branch.l

Risk Classification

Risk at Branch level

Risk Classification

Business Risk Control Risk

Business Risk

Credit Risk Operational Risk

Earning Risk

Control Risk

Business/

Operational management

Compliance Branch Management

management

Credit Function

Non credit

Function

Computer Function

General Security

Risk score methodology(Illustrative)

Business Risk

Individual

Parameter

Risk Scale Risk score

Fresh slippage in

NPA’s (Amt wise %)

0%

>0% to 0.50%

>0.50% to 1%

>1%

0-20

21-40

41-60

61-70

Total Business Risk

score

xxx

score

Control risk

Parameter Risk weight

(1-5)

Marks

Scale

(2-10)

Risk

score

(WXM)

Adherence to

loaning power

5 5 25

Total control risk

score

xxx

Upto 30% Score Upto 30% ScoreLow Risk

Business Risk Control Risk

Risk categories and Scale (Illustrative)

30-60% Score 30-50% Score

>60% Score >50% Score

Medium Risk

High Risk

BUSINESS

RISK

CONTROL RISK

Maximum Marks 1000 1000

Marks Obtained

Overall Risk Summary

Risk score

(Marks Obtained as %age

of max Marks)

Risk Category

DIRECTION OF RISK

Risk MatrixB

usi

ne

ss R

isk High

A

High

Risk

B

Very High

Risk

D

Medium

D

High

F

Very High

C

Extremely High

Risk

Inh

ere

nt

Bu

sin

ess

Ris

k

Medium

Low

Medium

Risk

High

Risk

Very High

Risk

F

High

Risk

H

Medium

Risk

G

Low

Risk

Control Risks

CREDIT RISK

Portfolio Risk Default Risk

Internal Factors

•Deficient loan policies

•Deficient Administration

•Absence of Prudential Credit Policy norms

•Absence of Credit Concentration limit

•Inadequate lending limits to officers

•Deficiency in appraisal

•Excessive dependence on collaterals

•Inadequate risk pricing

•Absence of loan review

•Deficient Post Sanction Surveillance

External Factors

•Economy

•Price Swings of Commodities

•Foreign Exchange Rate

•Interest Rates

•Trade Restrictions

Business risk-Credit function

• Credit Growth

– No of new Accounts from earlier period

– Migration of Accounts

• Composition & credit concentration

– Segment/Industry

– Borrower wise– Borrower wise

– Sensitive sectors

• Credit quality

– %Gross NPA to Total Advances

– Fresh Slipages

– Irregular Accounts to Total Advances

– Infant mortality

• Credit risk of off balance sheet Items

RECENT INDUSTRY OUTLOOK AS PER ICRA

(Valuable for auditors for identification of credit (Valuable for auditors for identification of credit

risk)

Industry Outlook Key Issues

Real Estate &

Construction

Negative •No respite on raw material front

•Shortage of labour and funds

•Difficulty in accessing bank funding

•Increased reliance on Non-traditional

sources (NBFCs, Private Equity Funds,

etc.)etc.)

Auto

Ancillaries

Stable •Increased focus on cost compression

•Slow demand recovery

Cement Positive •Increase in demand owing to recovery

in economy, low base effect, etc.

Industry Outlook Key Issues

Oil & Gas Stable •Favorable domestic demand-supply

scenario

•Proposed rise in natural gas price

•Downstream players expected to

witness fall in under-recovery levels

•Regulatory clarity on the powers of The

Petroleum and Natural Gas Regulatory Petroleum and Natural Gas Regulatory

Board(PNGRB) is required.

Textiles Negative •Companies face risk emanating from

policy changes by China for cotton

procurement

•This might affect export demand of

Indian yarn

Industry Outlook Key Issues

Auto Positive •Recovery in volume of commercial

vehicles supported by replacement

demand, reduction in excise duty, low

base effect, etc.

•Increased focus on exports by OEMs

(Passenger Vehicles)

Telecom Positive •Restoration of pricing powers

•Continued uptick in the data services

•Leveraging of leading telcos increased

driven mainly by debt funding (auction-

determined payouts & sizeable capital

expenditure)

•Gradual organic de-leveraging is

expected

Earnings risk- Business strategy risk

• Low cost deposit target achievement

• Increase/Decrease in low cost deposit(SF+CA)

• Credit % budget achievement

• Priority sector advance (% Budget Achievement)

• Profit (% Budget Achievement)

• Disbursement in Retail lending (% Budget Achievement)

• Average cost of deposit

• Average return on advances

• Non Interest income growth

• Avg business per employee

• Revenue leakage(% to total profits during review period)

• Reduction in controllable expenses

Operational Risk

• Depositors with >1% share

• Non-Compliant A/c

• Instances of Window Dressing

• Alternate Delivery Channels(Mobile, • Alternate Delivery Channels(Mobile,

Internet, POS, ATM, NEFT, RTGS, Credit/

Debit Card)

• Record maintaining & Loss Data

• Cases lodged to Ombudsman

• Penalties imposed in courts, IT, Consumer

forum, etc.

• Frauds detected & recovery made

• Outsourcing/ Other Service Providers

– Maintenance of ATM/ Computer

– Courier– Courier

– Security Guard

– Maintenance of SFF lockers

– Recovery Agents

– Other services like Sweepers

Control Risk

Control RiskControl RiskControl RiskControl Risk

�Credit function•Exercise of loaning power

•Pre sanction appraisal

•Documentation & creation of charge

•Mortgages•Mortgages

•Post sanction monitoring and follow-ups

•Bill purchased/ Discounted

•NPA management

•Revenue audit in credit

Non miss-out areas in credit audit

Credit:

• Pre sanction

• CIBIL not checked and Negative CIBIL settlement must be justified in writing + NOC (FS)

• RBI default list, KYC, statement of Bank A/c, other returns like IT,VAT must be confirmed.(FS)

• Assessment done on old B/s.

• B/s Sheet sensitive items

– Unsecured loans– Unsecured loans

– No impairment of assets, No accounting policies , no bank name in B/s disclosure for charges created.

– No justification of qualified audit reports.

– No disclosure/assessment of contingent liab.

– High variations in sales +sales not commensurate with Credit summations.

– FD against BG to be considered as non current Asset.

– Proper calculation of NWC.

– Unmoved advances to supplier- Non current

•

Contd

• Credit report in current account is also required.

• Business cycle assessment not done.

• No justification obtained for sudden shift of figures (sales, Profit, Debtors, stock) in projections given and actual B/s submitted.

• Assigned LIC policies under sec.6 of Married women’s Property Act.Property Act.

• Guidelines of takeover of loans followed.

• Diversion of short term funds to long term assets must be justified in writing.

• EMI’s to residual income in the hands of borrowers.

• Valuer’s qualification and approved jewelers.

Post sanction:

• End use of funds not checked with proof (ND)

• Original title deeds, valuation report to be kept on record.

Valuation may be done on renewal also.(ND).large accounts

vetting by advocate for validity of documentation

• Overdue renewals- No follow up , renewal on old balance• Overdue renewals- No follow up , renewal on old balance

sheets, Provisional B/s and actual differs significantly.

• Adhoc limits given only in eligible cases with justification

from borrower in writing must be obtained. No loaning

power has been exceeded (ND)

• Stock statement not received/checked over 3 mnths

still operations are allowed.(FS)

• Limitation expired during next 12 months

• Acknowledgement of debts & Balance confirmation

taken from borrowers and from legal heirs in case oftaken from borrowers and from legal heirs in case of

death of borrower regularly.(ND)

• Changes in partnership/director – deed must be

obtained on every review/renewal –change in internal

environment of the borrower

• Non claiming subsidy on eligible loan accounts

• Visit report: must address business risk of the

borrower ,

• Bill discounted : LR of only approved transporters+

Accomodation bills are not purchased

• BG’s are properly worded and recorded in Bank

registers + limitation clause must be entered .

• Delay in insurance -Un-insured period, all risks not

covered

• In case of staff veh.loan joint registration is

obtained+ in case of staff loan Int rate modified after

retirement or resignation.(FS)

• No process of balance confirmation from debtors at

borrowers level

• Diversification of funds

• Overdue accounts brought in limit temporarily and

subsequently allowed to be withdrawn.

• Creation of charge-latest documents must be obtained

and on renewal also it must be obtained.(FS)

• Limits to be adjusted especially when industry faces

problem or slowdown.

• Half yearly rating should be done for large borrowers,

so that upward/ downward movement can be tracked.

• If there is no variation in rating inspite of industry

issue, then financials of the borrower are not

correct.

• Take over case turning into NPA(Potential

weakness)

• Large no of cash withdrawals in CC account

which does not seems to be need based.

• Erosion of primary/collateral security is seen at

the time of visit and reported

�Non credit function

• Cash Management

• ATM

• Suspense account

• Sundry Account

• Checking of Reports & • Checking of Reports &

Morning checking

• Opening of a/c & KYC norms

ACCOUNT OPENING

Non miss out audit areas

• Non generation and checking of Control reports , exception report , statement of ALM,,DD purchased and returned unpaid., loans sanctioned under BM’s power.(FS)

• Pendency in signature scanning(FS)

• Confirmation of actions of officiating manager by permanent incumbent(ND)

• Proper registers are being maintained for cash and checked at prescribed intervals.at prescribed intervals.

• Proper control over tokens is being exercised.

• Daily reconciliation of Clearing Imprest account; Parking difference in a dummy account not allowed.

• Timely clearance of sundry and suspense Accounts(FS)

• Overdependence on outsourced service.

• Failure /success report of interest application not checked.

•

Non miss-out areas• Non implementation of KYC guidelines

• Nomination is signed by witness

• Correct risk classification of customer not done

– Very High Risk- Politically exposed person and relatives

– High risk – NRI’s, HNI’s, businessmen of antique dealers, dealers in arms etc. firms with sleeping partners, Trusts, charities, NGO etccharities, NGO etc

– Medium risk- Current account having Dr/cr summation of Rs.50 lakh pa, whom they do not provide enough documentary proof etc.

– Low risk- salaried person, small accounts.

• Introducer’s procedure is prudently

• Risk fencing in case of doubtful or Non KYC compliant customers . Ex, stopping chq book issue,ATM cards etc. system also displays “Caution” while making payment.

• Conduct & maintenance of a/c and Records

• Security Forms Inventory Management

• Bills for collection, DD Receivables & Parcels

• Conduct of Govt. Business

• Safe Deposit Vault

�Computer function

• Environmental Assessments

• Physical/ Logical Accesses

• Maintenance & Business Continuity

Controls

• Networking Controls• Networking Controls

• Operational Controls

�Compliance functions

• Status of previous Insp. Report

• Submission of Crucial Returns

• Communication & Response

• Regulatory Compliance

�Brach management

• GeneralI. Staff Knowledge

II.Upkeep of Branch Premises

III.Expenditures

IV.Punctuality/ Discipline

V.Rotation of Duties

& Placement of Staff& Placement of Staff

• SecurityI. Security Infrastructure

II.Security Manpower & Equipments

III.Security Procedure

IV.Fire Safety

Relevant Provisions

Banking Regulations Act,

1949 for auditors at 1949 for auditors at

branch

Section Important clauses

20 Restriction on loans and advances:

No banking company shall-

• Grant loans or advances on security of its own

shares

• Enter into any commitment for granting any loan

or advance to-

I. Directors

II.Firm in which director is interested as II.Firm in which director is interested as

partners, managers, employee or guarantor

III.Any director of banking company is a director,

managing agent, employee or guarantor, or in

which he holds substantial interest

IV.Any individual in respect of whom any of its

directors is a partner or guarantor

Section Important clauses

20 No cooperative bank shall:

I. Make loans and advances on security of own

shares

II. Grant un-secured loans or advances to-

• Directors

• To firms of private company in which any of its • To firms of private company in which any of its

directors is interested as partner of managing

agent or guarantor

• To company in which chairman of BOD of co-

operative bank is interested

Section Important clauses

23 RBI permission required for:-

• Opening new place of business in India.

Temporary place of business allowed only for

1month be operated on occasion of mela,

Exhibition, conference

26 Returns of unclaimed deposits to be submitted for

accounts which are not operative for 10 years

RRB’s to furnish details to sponsoring bank RRB’s to furnish details to sponsoring bank

45ZB No notice of claim of other person than depositor shall

be receivable by bank for payment except in case of

decree, certificate from court of jurisdiction

45ZC The bank shall return the articles in the safe custody to

the nominee, But in case of minor- any other person

appointed to receive the articles. Inventory must be

taken

Section

Number

Important clauses

45ZE •Hirer of locker may nominate a person to

have access to the locker in case of death of

hirer

•In case of joint owners it can be operated

under the joint signatory of owners only and

•In case of death of any one or both owners

then only -Nominee then only -Nominee

47A(5) Power of RBI to impose penalty:

• Payment of penalty within 14 days from the

date on which notice by RBI is served on the

banking company

Vigilance risks

• AML

– Unusually large transactions

– Account is opened by customer far from his house without

acceptable reason

– The trend/pattern of transaction does not fit economic

rationalerationale

– Unusually high value transactions other than cash

– Unexplained transfer between multiple accounts

– Customer often operates safe deposit locker immediately

before cash deposits

Customer service risk

Securitisation And Reconstruction Of Financial Assets

And Enforcement Of Security Interest Act, 2002

• SARFAESI Act empowers secured creditors to recover their

dues without the intervention of court.

• Under this Act, banks, upon default, can seize the underlying

securities

• Preconditions:

� Debt is secured and classified as NPA.� Debt is secured and classified as NPA.

� O/s Dues >= 1 Lakh and account for 20% of Principle and Interest

thereon.

� Enforceable security can even be a Mortgaged house, but not an

agricultural land (Other exceptions include Personal

Belongings).

• Banks to give a notice to the defaulter for discharge of

liabilities within 60 days and on non-compliance, initiate

action.

AWARDING VALUE TO BUSINESS IS NEVER BY

MERE CHANCE, IT IS RESULT OF

KNOWLEDGE AND APPLICATIONS WORKING KNOWLEDGE AND APPLICATIONS WORKING

TOGETHER

Nititn Alshi & Associates

Nitin D. Nitin D. AlshiAlshi

B.com, B.com, ACMA., ACMA., FCA, DISA(ICA),PGDERM.FCA, DISA(ICA),PGDERM.