Internal Audit of Banks

Indian banking sector is witnessing major changes in recent years, as a result of which new regulations are being brought into practice. With the implementation of Basel III requirements, more importance is given to risk-based bank audits. With more guidance and circulars from RBI for regulating the banking business in the country, bank’s management is focused to bring about a robust framework which will identify, assess and manage the financial risks. In order to achieve this target, the internal audit of banks is necessary.

A periodic Internal audit is required to monitor the bank’s system of internal control and procedures. Good internal audit process helps the management in the effective discharge of its responsibilities. It gives them the assurance of the risk and operational performance of the bank. Based on the volume and value of its transactions, every bank should conduct an internal audit to fulfil its responsibilities and to achieve its objectives.

Scope of Internal Audit

Generally, the scope of any bank’s internal audit revolves around the following:

• Evaluating the effectiveness of the internal control systems and monitor its application
• Review the adequacy of the risk management procedures and methodologies
• Checking the efficiency of routine operations of the bank
• Evaluate the reliability and accuracy of the financial records and reports
• Review the management information system and the efficiency of the electronic banking services
• Implementation of policies and procedures and ensure its effectiveness
• Ensure that the procedures comply with the legal and regulatory requirements
• The undertaking of fraud investigations, if required
• Ensuring the adequacy of procedures to safeguard the bank’s assets
• Monitoring the bank’s Non-Performing Assets (NPA) and alarming the management when required

Independent Functions of Internal Audit

• Bank’s internal audit function must be independent of the other audit activities –  concurrent audit and control process
• Internal audit team must be given the appropriate authority to carry out their functions with objectivity and must be free to report its findings.
• Internal audit team head should have the authority to communicate findings directly to the board of directors, external auditors, audit committee, etc.
• Internal audit function has to be impartial i.e. it should perform its functions free from bias and interference.
• Internal audit compensation scheme must be consistent with the objectives of the audit and they should be free from any conflict of interest with that of the bank.  

General Functions of Internal Audit

Audit Plan

Internal audit function begins with the audit plan drafted by the audit team in consultation with the management. This audit plan includes the timing and frequency of the internal audit work to be carried on and it is based on control risk assessment. Risk assessment examines all the bank’s activities and internal control system which exhibits the probable degree of risk present in these activities. The audit plan must be realistic and should take into account future developments and expected innovations. Audit plan should also state the time to be assigned for special investigation if any to be undertaken and other activities as and when required. The plan should cover the resources required for carrying out the audit activities in terms of personnel and other resources. Such an audit plan established by the internal audit team has to be approved by the bank’s management.

Audit procedures

The objectives framed in the audit plan are achieved through a detailed audit programme which lists down the procedure to be carried out for each specific audit area. These procedures are adapted according to the risks identified in every process across the bank’s operations. Based on the value and volume of the banking transactions, samples are selected in each of the core areas to be audited. Audit samples should also be selected on a random basis in certain areas, which will expose all the related risk. Listed below are some of the important areas to be covered in any of the bank’s internal audit:

• Cash Transactions – The deposits and withdrawals made, need to be tracked. Further, surprise verification of the cash balance on a particular day needs to be initiated.
• Loan – This is the most important division in banking services. Various types of loans and cash credits are given to customers. These need to be checked for necessary documentation and approvals. Checking the loan repayment schedules and examining the reported non-performing assets is also required.
• Documentation – Checking for the KYC norms and ensuring the sufficiency of the supporting documents is important.
• Charges – Analysing if all charges for various services rendered by the bank are collected from the customers per the head office circulars is required. If there are any revenue leakages, it should be reported.
• Tax – All the required withholdings and other tax deductions have to be executed promptly.
• Other Services – Other banking commercial services such as swift money transfers, the line of credit followed and much more should be ensured to be in place. This has to be carried out with required approvals, documentation, etc.
• Cost reduction through process improvements and reducing the non-value added activities should be worked on.

All the audit procedures carried out by the internal audit staff must be documented in working papers in a well-determined method.  Such working papers must list out the activities performed in checking the transactions along with the sampling details. Working paper must also exhibit the conclusion arrived which in-turn gets initiated by the audit supervisor.

Audit Report

A written audit report is drafted for each department and the executive summary is taken for discussion with the senior management. The audit report contains the scope and purpose of the audit along with the findings and the banks (auditee’s) response. It also provides the importance of the deficiencies found and related recommendations to the management to mitigate/reduce the associated risk.

Senior management ensures the audit concerns are addressed accordingly and recommendations made are implemented on a timely basis. The internal audit team checks that the recommendations given during the previous audits are implemented and adhered to in the next audit.  

Basel III requirements

Reserve bank of India has already instructed the implementation of Basel III requirements in the banking sector and all the banks are in the process of enhancing their reporting system accordingly. Some of the Basel implementation steps are listed below:

• Calculation of capital adequacy ratio and regulation of the economic capital
• Improve the supervisory framework
• Validate the internal rating models
• Improving risk management and credit approval methods
• Rigorous bank supervision and broader disclosure in the financials, etc.

With the volume of increasing bank frauds, RBI is bringing in more stringent controls to mitigate the risk involved in the banking sector. Internal audit function is undergoing major changes with the assimilation of international internal audit standards to the banks. It is important for the internal audit team to be vigilant and ensure all related risks are captured carefully.

Benefits of Internal Audit

Listed below are some of the benefits of having a good internal audit system in banks:

• Overall operational and control environment of the bank is improved
• Regular internal audit system increases the accountability of the employees
• Strong internal audit process enables early detection of fraud or probable fraud
• Identifies redundant procedures and recommends improvement which increases the operational efficiency
• Constant monitoring of the policies and procedures helps in reducing financial risks
• Surprise cash verification by the internal auditors will ensure all the cash transactions are accounted for correctly
• Ensures compliance with statutory law and regulations
• Systematic Internal audit assures the head office that all the banking procedures and rules are adhered to
• Good control over the bank’s non-performing assets
• Regular internal audit at banks gives better comfort and assurance to the statutory auditors too.

Related Articles                                                           

RBI’s guidance note on risk-based internal audit RBI’s master circular on Internal and other bank audits