INDEX

No Particulars Page No.

CH -1 Introduction To Bank 1

1.1 Introduction
1.2 History Of Bank
1.3 Defination
1.4 Types Of Bank
1.5 Regulation of Bank

CH-2 AUDITING 2

2.1 Introduction

2.2 Scope Of Audit

2.3 Features Of Audit

2.4 Objectives Of Audit

2.5 Principles of Audit

CH-3 AUDIT PLANNING 3

3.1 Meaning Of Audit Planning

3.2 Objectives of Audit Planning

3.3 Factor To Be Consider

3.4 Audit Programme

3.5Advantage and Disadvantage of Audit

CH-4 PROVISION RELATING AUDITOR 4

4.1 Introduction To Auditor

4.2 Appointment Of Auditor

4.3 Qualification & Disqualification of Auditor

4.4 Rights & Duties of Auditor

CH-5 BANK AUDIT 5

5.1 Introduction
 5.2 Role of RBI in Audit

5.3 Audit of Banking Company

CH-6 BANK AUDIT PROCESS 6

6.1 Audit of Incomes

6.2 Revenue of Audit Procedures

CH-7 TYPES OF AUDIT IN BANK 7

7.1 Statutory Audit

7.2 Internal Audit

7.3 Concurrent Audit

7.4 System Audit

8 CONCLUSION 9

9 BIBLOGRAPHY & WEBLOGRAPHY 10

 1.1INTRODUCTION TO BANK.
A bank is a financial institution that accepts deposits from the public and creates a demand
deposit while simultaneously making loans.[1] Lending activities can be directly performed by
the bank or indirectly through capital markets.
Because banks play an important role in financial stability and the economy of a country,
most jurisdictions exercise a high degree of regulation over banks. Most countries have
institutionalized a system known as fractional-reserve banking, under which banks hold
liquid assets equal to only a portion of their current liabilities. In addition to other
regulations intended to ensure liquidity, banks are generally subject to minimum capital
requirements based on an international set of capital standards, the Basel Accords.
Banking in its modern sense evolved in the fourteenth century in the prosperous cities
of Renaissance Italy but in many ways functioned as a continuation of ideas and concepts
of credit and lending that had their roots in the ancient world. In the history of banking, a
number of banking dynasties – notably, the Medicis, the Fuggers, the Welsers,
the Berenbergs, and the Rothschilds – have played a central role over many centuries.
The oldest existing retail bank is Banca Monte dei Paschi di Siena (founded in 1472), while
the oldest existing merchant bank is Berenberg Bank (founded in 1590)
1.2 History of banking began with the first prototype banks, that is, the merchants of the
world, who gave grain loans to farmers and traders who carried goods between cities. This
was around 2000 BCE in Assyria, India and Sumeria. Later, in ancient Greece and during
the Roman Empire, lenders based in temples gave loans, while accepting deposits and
performing the change of money. Archaeology from this period in ancient
China and India also shows evidence of money lending.
Many scholars trace the historical roots of the modern banking system to medieval and
Renaissance Italy, particularly the affluent cities of Florence, Venice and Genoa.
The Bardi and Peruzzi families dominated banking in 14th century Florence, establishing
branches in many other parts of Europe.[1] The most famous Italian bank was the Medici
Bank, established by Giovanni Medici in 1397.[2] The oldest bank still in existence is Banca
Monte dei Paschi di Siena, headquartered in Siena, Italy, which has been operating
continuously since 1472.[3] Until the end of 2002, the oldest bank still in operation was
the Banco di Napoli headquartered in Naples, Italy, which had been operating since 1463.

1.3Definition
The definition of a bank varies from country to country. See the relevant country pages for
more information.
Under English common law, a banker is defined as a person who carries on the business of
banking by conducting current accounts for their customers, paying cheques drawn on them
and also collecting cheques for their customers.[17]
Banco de Venezuela in Coro.

Branch of Nepal Bank in Pokhara, Western Nepal.

In most common law jurisdictions there is a Bills of Exchange Act that codifies the law in
relation to negotiable instruments, including cheques, and this Act contains a statutory
definition of the term banker: banker includes a body of persons, whether incorporated or
not, who carry on the business of banking' (Section 2, Interpretation). Although this
definition seems circular, it is actually functional, because it ensures that the legal basis for
bank transactions such as cheques does not depend on how the bank is structured or
regulated.
The business of banking is in many common law countries not defined by statute but by
common law, the definition above. In other English common law jurisdictions there are
statutory definitions of the business of banking or banking business. When looking at these
definitions it is important to keep in mind that they are defining the business of banking for
the purposes of the legislation, and not necessarily in general. In particular, most of the
definitions are from legislation that has the purpose of regulating and supervising banks
rather than regulating the actual business of banking. However, in many cases, the
statutory definition closely mirrors the common law one. Examples of statutory definitions:

 "banking business" means the business of receiving money on current or deposit

account, paying and collecting cheques drawn by or paid in by customers, the
making of advances to customers, and includes such other business as the
Authority may prescribe for the purposes of this Act; (Banking Act (Singapore),
Section 2, Interpretation).
 "banking business" means the business of either or both of the following:

1. receiving from the general public money on current, deposit, savings or other
similar account repayable on demand or within less than [3 months] ... or
with a period of call or notice of less than that period;
2. paying or collecting cheques drawn by or paid in by customers.[18]
Since the advent of EFTPOS (Electronic Funds Transfer at Point Of Sale), direct
credit, direct debit and internet banking, the cheque has lost its primacy in most banking
systems as a payment instrument. This has led legal theorists to suggest that the cheque
based definition should be broadened to include financial institutions that conduct current
accounts for customers and enable customers to pay and be paid by third parties, even if
they do not pay and collect cheques.

1.4Different types of banking

An illustration of Northern National Bank as advertised in a 1921 book highlighting the opportunities
available in Toledo, Ohio

Banks' activities can be divided into:

 retail banking, dealing directly with individuals and small businesses;

 business banking, providing services to mid-market business;
 corporate banking, directed at large business entities;
 private banking, providing wealth management services to high-net-worth
individuals and families;
 investment banking, relating to activities on the financial markets.
Most banks are profit-making, private enterprises. However, some are owned by the
government, or are non-profit organisations.

Types of banks[edit]

National Bank of the Republic, Salt Lake City 1908

The BANK of Greenland, Nuuk

An office of Nordea bank in Mariehamn, Åland

ATM Al-Rajhi Bank

National Copper Bank, Salt Lake City 1911

A branch of Union Bank in, Visakhapatnam

 Commercial banks: the term used for a normal bank to distinguish it from an
investment bank. After the Great Depression, the U.S. Congress required that
banks only engage in banking activities, whereas investment banks were limited
to capital market activities. Since the two no longer have to be under separate
ownership, some use the term "commercial bank" to refer to a bank or a division
of a bank that mostly deals with deposits and loans from corporations or large
businesses.
 Community banks: locally operated financial institutions that empower
employees to make local decisions to serve their customers and partners.
 Community development banks: regulated banks that provide financial services
and credit to under-served markets or populations.
 Land development banks: The special banks providing long-term loans are
called land development banks (LDB). The history of LDB is quite old. The first
LDB was started at Jhang in Punjab in 1920. The main objective of the LDBs is
to promote the development of land, agriculture and increase the agricultural
production. The LDBs provide long-term finance to members directly through
their branches.[33]
 Credit unions or co-operative banks: not-for-profit cooperatives owned by the
depositors and often offering rates more favourable than for-profit banks.
Typically, membership is restricted to employees of a particular company,
residents of a defined area, members of a certain union or religious
organisations, and their immediate families.
 Postal savings banks: savings banks associated with national postal systems.
 Private banks: banks that manage the assets of high-net-worth individuals.
Historically a minimum of US$1 million was required to open an account,
however, over the last years, many private banks have lowered their entry
hurdles to US$350,000 for private investors.[34]
 Offshore banks: banks located in jurisdictions with low taxation and regulation.
Many offshore banks are essentially private banks.
 Savings banks: in Europe, savings banks took their roots in the 19th or
sometimes even in the 18th century. Their original objective was to provide
easily accessible savings products to all strata of the population. In some
countries, savings banks were created on public initiative; in others, socially
committed individuals created foundations to put in place the necessary
infrastructure. Nowadays, European savings banks have kept their focus on
retail banking: payments, savings products, credits, and insurances for
individuals or small and medium-sized enterprises. Apart from this retail focus,
they also differ from commercial banks by their broadly decentralised
distribution network, providing local and regional outreach – and by their
socially responsible approach to business and society.
  Building societies and Landesbanks: institutions that conduct retail banking.
 Ethical banks: banks that prioritize the transparency of all operations and make
only what they consider to be socially responsible investments.
 A direct or internet-only bank is a banking operation without any physical bank
branches. Transactions are usually accomplished using ATMs and electronic
transfers and direct deposits through an online interface.

1.5Regulation Of Banking.

Banking law is based on a contractual analysis of the relationship between the bank (defined
above) and the customer – defined as any entity for which the bank agrees to conduct an
account.
The law implies rights and obligations into this relationship as follows:

 The bank account balance is the financial position between the bank and the
customer: when the account is in credit, the bank owes the balance to the
customer; when the account is overdrawn, the customer owes the balance to the
bank.
 The bank agrees to pay the customer's checks up to the amount standing to the
credit of the customer's account, plus any agreed overdraft limit.
 The bank may not pay from the customer's account without a mandate from the
customer, e.g. a cheque drawn by the customer.
 The bank agrees to promptly collect the cheques deposited to the customer's
account as the customer's agent and to credit the proceeds to the customer's
account.
 And, the bank has a right to combine the customer's accounts since each account
is just an aspect of the same credit relationship.
 The bank has a lien on cheques deposited to the customer's account, to the extent
that the customer is indebted to the bank.
 The bank must not disclose details of transactions through the customer's
account – unless the customer consents, there is a public duty to disclose, the
bank's interests require it, or the law demands it.
 The bank must not close a customer's account without reasonable notice, since
cheques are outstanding in the ordinary course of business for several days.
These implied contractual terms may be modified by express agreement between the
customer and the bank. The statutes and regulations in force within a particular jurisdiction
may also modify the above terms and/or create new rights, obligations, or limitations
relevant to the bank-customer relationship.
Some types of financial institutions, such as building societies and credit unions, may be
partly or wholly exempt from bank license requirements, and therefore regulated under
separate rules.
The requirements for the issue of a bank license vary between jurisdictions but typically
include:

 Minimum capital
 Minimum capital ratio
 'Fit and Proper' requirements for the bank's controllers, owners, directors, or
senior officers
 Approval of the bank's business plan as being sufficiently prudent and plausible.

CH-2 AUDITING.

2.1 Introduction :
An audit is an "independent examination of financial information of any entity, whether
profit oriented or not, irrespective of its size or legal form when such an examination is
conducted with a view to express an opinion thereon.” [1] Auditing also attempts to ensure
that the books of accounts are properly maintained by the concern as required by law.
Auditors consider the propositions before them, obtain evidence, and evaluate the
propositions in their auditing report.[2]
Audits provide third-party assurance to various stakeholders that the subject matter is free
from material misstatement.[3] The term is most frequently applied to audits of the financial
information relating to a legal person. Other commonly audited areas include: secretarial
and compliance, internal controls, quality management, project management, water
management, and energy conservation. As a result of an audit, stakeholders may evaluate
and improve the effectiveness of risk management, control, and governance over the subject
matter.
Auditing has been a safeguard measure since ancient times,[4] and has since expanded to
encompass so many areas in the public and corporate sectors that academics have started
identifying an "Audit Society"

2.2 Scope Of Audit:

Authority for determination of scope and extent of audit
Under Section 23 of the CAG's ( D.P.C) Act, the scope and extent of audit shall be
determined by the Comptroller and Auditor General.
Scope of audit
 1. Within the audit mandate, the Comptroller and Auditor General is the sole
authority to decide the scope and extent of audit to be conducted by him or
on his behalf. Such authority is not limited by any considerations other than
ensuring that the objectives of audit are achieved.
2. In the exercise of the mandate, the Comptroller and Auditor General
undertakes audits which are broadly categorised as financial audit,
compliance audit and performance audit, as elucidated in Chapter 5, 6 and
7 respectively.
3. The scope of audit includes the assessment of internal controls in the
auditable entities. Such an assessment may be undertaken either as an
integral component of an audit or as a distinct audit assignment.
4. The Comptroller and Auditor General may, in addition, decide to undertake
any other audit of a transaction, programme or organisation in order to
fulfill the mandate and to achieve the objectives of audit.

The mandate of CAG includes audit of receipts and expenditure from the Consolidated
Fund of India/state/UTs.

 Transactions relating to Contingency Funds and Public Accounts.

 Trading manufacturing, profit and loss accounts and balance sheets, and other
subsidiary accounts kept in any Government Department.
 Accounts of stores and stock kept in Government offices or departments.
 Government companies as per the provisions of the Companies Act,
(1956)/2013.
 Corporations established by or under laws made by legislature.
 Authorities and bodies substantially financed from the Consolidated Funds.
 Anybody or authority even though not substantially financed from
Consolidated Fund, the audit of which may be entrusted.
 Grants & loans given by Government to Bodies and Authorities for specific
purposes.
 Panchayati Raj Institutions & Urban Local Bodies.
The audit mandate also provides for the periodic inspection of records and accounts of
Government Departments to supplement the audit of vouchers and sanctions that are
with the account offices.

Article 151, authorizes the CAG to submit his report relating to the accounts of Union
or State to the President or Governor of the state, as the case may be, who shall cause
them to be laid before each House of Parliament or Legislature of the state.

 The audit of accounts being in Union list of the Constitution of India, the Office
of the AG J&K was part of state Government’s own establishment till 30th
April 1958 on account of special Constitutional arrangement of the state as
embodied in Article 370 of the Constitution of India, However, on 1st May 1958,
the jurisdiction of CAG was extended to the state as well and this office as part
of the establishment of CAG has been performing the duties and exercising the
powers in relation to the accounts of the state in accordance with the CAG’s
mandate as above.
Cop
 2.3 Features Of Audit.

6 Essential Features of an Audit (Explained

with a Chart)
The audit is structured into activities that follow a logical sequence. The audit
will focus on the management and delivery of the electronic device, which
supposes fluxes of electronic devices and procedures of treatment specific
associated.

As the chart shows, an audit has six essential features or characteristics.

Audit features or characteristics are that; it is a systematic process,

involves 3rd parties (like company shareholders), the audit task focuses
on a specific subject matter, evidence collected for the auditing task,
evaluating the evidence based on established criteria, and gives a
professional opinion on the financial positions of the company.

6 essential features of auditing

1. Systematic process
 2. Three-party relationship
3. Subject matter
4. Evidence
5. Established criteria
6. Opinion

The essential features of auditing are explained below;

1. Systematic Process
Auditing is a systematic and scientific process that follows a sequence of
activities, which are logical, structured, and organized.

2. Three-party Relationship
The audit process involves three parties: shareholders, managers, and auditors.

3. Subject Matter
Auditors give assurance on a specific subject matter. However, the subject
matter may differ considerably, such as – data, systems or processes, and
behavior.

4. Evidence
The auditing process requires collecting the evidence, that is, financial and non-
financial data, and examining thereof.

5. Established Criteria
The evidence must be evaluated regarding established criteria, which include
International Accounting Standards, International Financial Reporting
Standards, Generally Accepted Accounting Principles, industry practices, etc.

6. Opinion
The auditor has to express an honest and professional opinion as to
the reasonable assurance of the entity’s financial statements.

Conclusion on Audit Features

The most important feature of any audit is that; it is a systematic
process of expressing a professional opinion financial position of a
company based on gathering and evaluating the evidence.

Audit features influence the objectives of the audit to refer to the security of the
information and systems, the protection of the personal data, and access to some
databases with a sensitive informational character.

2.4 Objectives Of Audit:

Auditing is the systematic examination of the books of accounts and the other
documents of the company, which is conducted with the main objective of knowing
whether the company’s financial statement shows a true and fair view of the
organization.
The objective of an audit is to get reasonable assurance that the entity’s
Financial Statements are free from Material Misstatement and to Provide a
Report on the Financial Statements following the auditor’s findings. The audit is
an independent and Systematic examination of Financial Statements and a
detailed investigation of Income and Expenses Reports, Accounting records such
as Sales, purchases, etc.
Auditors should keep in mind audit objectives at the time of the Examination of
financial statements and finalizing the Current market price of the Assets. They
are variable basis types of Audit.

Table of contents

 What are the Objectives of an Audit?

o 7 Types of Audit Objective
o Advantages
o Disadvantages
o Limitations of Audit Objectives
o Important Points to Note
o Conclusion
o Recommended Articles

7 Types of Audit Objective

Type of objective changes as per Type of Audit. Below is the list of 7 main types
of audits and their objectives:-
 1. External – To check whether the Financial Statements prepared by the
Management provide an accurate and fair view. Financial Statements
prepared are as per applicable Accounting and Auditing Standards.
2. Internal – To Check Internal Control over financial reporting, compliance
with Policies, compliance with Legal Aspects such as the applicability of
the Companies Act;
3. Forensic – Recognize fraud cases, Control and decrease instances of
fraud through the application of suggestions and recommendations and
internal Audit control in the entity,
4. Statutory – To check that an entity is following the rules and regulations
of the Act under which it is registered, they have to appoint the statutory
auditor to conduct the statutory audit.
5. Financial – To get reasonable assurance that the financial statements
are free of material misstatement.
6. Tax – Proper maintenance of the Books of Accounts and other records of
similar nature and to Maintain Proper records of Income and tax expenses
and deductions of the Taxpayers.
7. Special Objective: Conducted as per Laws, and objectives vary as per
laws.

2.5 Principals Of Audit:

Planning
An Auditor should plan his work to complete his work efficiently and well within
time. To plan work accordingly, an Auditor handles the following −

 Accounting system and policies.

 Internal control system of organization.
 Determination of audit procedures and coordinating audit work.

Honesty

An Auditor must have impartial attitude and should be free from any interest. He
should be honest and sincere to his work and he should do his work without any
bias and prejudice.

Secrecy

An Auditor should keep confidential all the information acquired by him during
his audit. He should not share the information with anyone without the
permission of the client and that too the information can be shared with the client’s
permission only when it is bound to be so.

Audit Evidence

An Auditor should adhere to substantive and compliance procedure for collecting

audit evidences before conducting an audit. Through substantive procedures, an
Auditor may collect evidences regarding accuracy, completeness and validity of
data; and through compliance procedure, he may collect evidences regarding
internal control system as used in the client’s organization.

Internal Control System

It is the primary responsibility of a company to keep adequate internal control

system in his organization. On the basis of such internal control system, an
Auditor can determine the nature, timing and audit procedure to be applied to
conduct his audit.

Skill and Competence

Audit should be done by trained, experienced and competent persons and audit
staff should be updated with all the developments in accounting, auditing and
legal rules and regulations as amended from time to time.

Work Done by Others

An Auditor is permitted to rely on work done by others but he should exercise due
diligence when referring to it. He should mention the source of reference thereof
in his report.

Working Papers

An Auditor should prepare and preserve all the necessary documents as obtained
during his audit. These documents can be used by him as audit evidences.

Legal Framework

All business activities should be run adhering to the rules and regulations
stipulated in the legal framework. This is to safeguard the interests and rights of
the interested parties.

Audit Report

On the basis of the review and assessment of the audit evidences, Auditor should
express his opinion regarding financial statements of an organization −
 Financial statements are prepared using acceptable accounting
principles.
 Financial statements comply all relevant statutory requirements.
 All material matters are disclosed and proper presentation of
financial statements are done subject to statutory requirements.

CH-3 AUDIT PLANNING.

3.1 Meaning Of Audit Planning:

Planning is required to complete the audit effectively within the specified time.
Audit planning is a process of deciding in advance what is to be done, who is to do
it, how it is to be done and when it is to be done by the auditor in order to have
efficient and effective completion of work.

Audit planning can be done only when, the auditor is having knowledge of the
business of the client. It helps in accomplishment of objectives of audit and enables
the auditor to cover different aspects of audit work in a systematic manner within
a preset time frame. It enhances the quality of audit work. Audit plans should
cover knowledge about client’s accounting systems and policies, internal control
procedures and coordinating the work to be performed. Plans should be flexible so
that they can be developed or revised as and when required by the auditor
3.2 Objectives of Audit Planning:

The main objectives of the audit are to examine the financial statements
and express opinions on the correctness of financial positions.

The objective of an audit is to express an opinion on financial statements, to give

the opinion about the financial statements, the auditor examines the financial
statements to satisfy himself about the truth and fairness of the financial
position and operating results of the enterprise.

There are certain inherent limitations of audit examination.

It would not be possible for any type of auditor to discover all errors and frauds
in the financial statements due to the limitations of his checking.

Such discovery is not the main objective of the audit. An audit has 2 objectives.

Two objectives of the audit are;

1. Primary Objectives of Audit 2. Subsidiary Objectives of Audit

 Primary Objectives of Audit

The main objectives of the audit are known as the primary objectives of the
audit. They are as follows:

1. Examining the system of internal checks.

2. Checking arithmetical accuracy of books of accounts, verifying posting,
casting, balancing, etc.
3. Verifying the authenticity and validity of transactions.
4. Checking the proper distinction between the capital and revenue nature of
transactions.
5. Confirming the existence and value of assets and liabilities.
Verifying whether all the statutory requirements are fulfilled or not.

Proving truth and fairness of operating results presented by income

statement and financial position presented by the balance sheet.

Subsidiary Objectives of Audit

These are such objectives that are set up to help in attaining primary objectives.
They are as follows:

1. Detection and prevention of errors

2. Detection and prevention of fraud
3. Under-or over-valuation of stock
4. Other objectives

Detection and prevention of errors

Errors are mistakes committed due to carelessness, negligence, lack of

knowledge, or without a vested interest.

Errors may be committed without or with any vested interest. So, they are to be
checked carefully. Errors are of various types. Some of them are:

 Errors of principle.
 Errors of omission.
 Errors of commission.
 Compensating errors.

Detection and prevention of fraud

Frauds are those mistakes that are committed knowingly with some vested
interest in the direction of top-level management.

Management commits frauds to deceive taxes, to show the effectiveness of

management, to get more commission, to sell a share in the market, or to
maintain the market price of the share, etc.

Detection of fraud is the main job of an auditor.

Such frauds are as follows:

 Misappropriation of cash.
 Misappropriation of goods.
 Manipulation of accounts or falsification of accounts without any
misappropriation.
Under-or over-valuation of stock

Normally such frauds are committed by the top-level executives of the business.
So, the explanation given to the auditor also remains false.

So, an auditor should detect such frauds using skill, knowledge, and facts

Other objectives

 To provide information to the income-tax authority.

 To satisfies the provisions of the Companies Act.
 To have a moral effect.

3.3 Factor To Be Consider:

The following factors should receive due consideration while planning:

· Size of the company and nature of its operations.

· Accounting system, internal control and adherence to standard.

· Environment in which the company operates.

· Previous experience with the client; and

· Knowledge of client’s business.

3.4 Audit Programme:

An audit program, also called an audit plan, is an action plan that documents
what procedures an auditor will follow to validate that an organization is in
conformance with compliance regulations.

The goal of an audit program is to create a framework detailed enough for any
outside auditor to understand. It should contain the following information:
  the official examinations that have been completed;

 conclusions reached; and

 the reasoning behind each conclusion.

The framework explains the audit's objectives, scope and timeline. The audit
program should also describe how working papers -- the documented audit
evidence -- will be collected, reviewed and reported.

Objectives of audit programs

When developing an audit program, the internal auditor and the associated
audit team members should first outline the audit's objectives, goals and
obligations.

Audit program objectives help direct planning of the audit report and are based
on the policies, procedures and guidelines unique to the company. These
objectives may relate to how the audit committee will maintain efficiency,
professionalism and a specific code of conduct during the audit procedure.

In addition to relevant regulatory compliance mandates, objectives for audit

programs should consider and incorporate the following:

 management priorities

 business intentions

 system requirements

 business structure

 legal and contractual mandates

 customer and other interested parties' expectations

 risk management vulnerabilities

 corrective actions from previous audits

Preparing an audit program

Audit program details are based on an organization's unique needs. Plan

preparation will consider the relevant regulatory deadlines, staff requirements,
the reporting structure and overall goals.

Audit goals take into account how a company will maintain regulatory
compliance using risk assessment and management procedures. The audit
program also includes a timeline detailing when specific aspects of the program
take place and how to prioritize them.

Audit program planning is usually a continual and iterative process. During

planning and development, companies build on lessons learned from previous
audits. They also implement new best practices that alleviate risk and maintain
compliance.

Audit development guidelines and best practices vary by industry. Local and
regional auditing certifications are available, as are internationally recognized
ones, such as the following:

 the Certified Internal Auditor designation offered by the Institute of

Internal Auditors;

 the Certified Information Systems Auditor designation offered by the

Information Systems Audit and Control Association; and

 International Register of Certificated Auditors membership.

Types of audit programs

A number of different types of audit programs exist.

Standardized audit programs

These audit programs are available for many different industries and are used
proactively to help organizations create their own internal compliance
framework and internal audit program.
For example, the International Federation of Accountants publishes financial
audit standards called the International Standards on Auditing. A standardized
audit program is different from a fixed audit program, which is defined as an
audit program that cannot be changed during the course of an audit.

Tailored audit programs

Tailored audit programs incorporate procedures designed to match the needs of

the auditing entity. These programs are customized to reference specific areas,
such as business procedures, financial statements, legal documents and assets.
Tailored programs target specific requirements, letting companies more easily
identify compliance lapses and develop internal controls to offset them.

Compliance audit programs

A compliance audit program outlines how an organization adheres to regulatory

guidelines. The details of these programs vary, depending on whether an
organization is public or private, what kind of data it handles, if it transmits or
stores sensitive financial data and similar factors. Audit programs can be
internal or external audits. Compliance audits are often carried out by an
external auditor.

3.5Advantage and Disadvantage of Audit:

Advantages of Audit
1. Assurance to Stakeholders:

This comes as one of the biggest advantages of auditing is that the final report of
the audit is accepted by all and provides a clear picture of the business's position.
The owners or investors get a proper idea of the accuracy of the books of accounts
and, eventually, the performance of the business. This also provides them with
satisfaction about the functioning of their employees and various departments.
They get an idea about the overall profitability and efficiency of the business; this
helps them be assured of their stake holding.

2. Fair Evaluation:

This process helps a business' evaluation be done fairly without any chance of
manipulation as the auditor responsible for examining the books of account gives
their viewpoint as an independent authority. The audit officer's remark is much
valued among the owners and investors of the business entity. All the documents,
financial statements, and inventory inspections are closely inspected and verified
for getting a fair report and do not involve any biasness.

3. Fraud Identification:

Fraud is intentional misconduct on the part of the individual. At the same time,
there is always a chance of unintentional mistakes by an individual. Both
situations can be easily noticed after an audit, and accountability can be sought in
both cases. Employees taking care of them might get examined for any of these
cases. So, this creates a responsibility among them to do their tasks honestly and
efficiently. The auditing process decreases the chance of committing fraud and
errors in the functioning of the business entity.

4. Moral Policing:

This process does the task of teaching a sense of moral accountability towards the
firm in the employees. They know their mistakes will be discovered, so this
generates the responsibility for being honest and always avoiding irregularities
and irresponsibility in their work.

5. Credibility:

Audit of the books of a firm allows their stakeholders, like creditors, investors,
banks, and debenture holders, to have more confidence in them. These are
important connections of a business entity as they help raise money, loans, and
capital accumulation, a much-needed resource for their growth. As the auditing
body has no agenda or biasness, the reports thus produced after analysis of the
financial statements, accounts, etc., have high credibility for the stakeholders.

6. Overall Improvement:

An audit is the best way to get an idea about the functioning of the sustaining
system and opportunities that can be grabbed for more development and business
performance. Auditing also helps implement changes in the present situation as
regular reports are obtained with overall performance.

7. Compliance With Rules and Standards:

The main objective of an audit lies in ensuring that all the policies and procedures
comply with the standard norms. Also, with the help of the process, a proper
analysis can be done to evaluate the company's conduct with that of good practices,
and effectivity can be measured against the expected one.
8. Helps in Building a Good Reputation:

Audit reports at regular periods ensure the stakeholders about the firm's conduct.
This builds a reputation for the firm in terms of teamwork, ethical working, and
conduct. This also helps in the further development of a firm.

9. Legal Proof:

The report obtained after auditing a business firm acts as legal proof. This record
can be used for the sake of insurance. Many firms like LIC, HUDCO, etc., consider
the previous year's audit report more reliable for their services.

10. Dispute Settlement:

This helps settle disputes and claims between management. This contains
independently done assessments about every transaction with defined all details.
Which becomes a source for the identification of any claim or disputes involved.

Disadvantages of Audit
1. Expensive:

This process puts a heavy monetary cost on a firm for execution. This requires a
cost of examination of all financial statements and records, which may include
duplication of records for easy access and availability, by an auditor. Auditing
firms charge a high fee for their services.

2. Not Suitable for Small Businesses:

An audit may not turn out to be of use for small-scale organizations, which include
very limited business transactions.

3. Chances of Uncertainty in the Report:

There can be cases where errors can be found in audit reports if the staff involved
is not careful or inexperienced and biased. The report helps in the future planning
for the business entity, so any mistake may turn out to be a disaster.

4. Lack of Certainty in Standards:

There are no rules or general standards followed in the audit process. For every
other firm, there must be a newly defined audit plan.

5. Lack of Participation:
The planning of an audit program does not include participation in terms of
suggestions by efficient and competent staff. So this prevents their application of
knowledge and caliber. Instead, turns into their harassment in a way.

6. Ignorance of Technology:

In modern times, the use of technology has been introduced in the process of
accounting. The audit process still depends on manual examinations and ignores
the internal control based on the particular technology used in the firm. The
difference in technology creates a problem, but this audit system does not include
prevention measures for these issues.

7. Less Guaranteed:

The report does not disclose any details about the data or figures involved in the
analysis. So the report does not guarantee any explanations. Most of the
components are based on information and disclosures made by departmental
personnel of concerned departments.
CH-4 PROVISION RELATING AUDITOR.

4.1 Introduction to Auditor:

An auditor is a person or a firm appointed by a company to execute an audit.[1] To act as an
auditor, a person should be certified by the regulatory authority of accounting and auditing
or possess certain specified qualifications. Generally, to act as an external auditor of
the company, a person should have a certificate of practice from the regulatory authority.

4.2 Appoitment to Auditor:

An auditor is person who review and verify all the financial documents of a
company. The main duty of an auditor is that whether the financial statements
of a company follow Generally Accepted Accounting Principles (GAAP). Every
company shall requires to appoint an individual auditor or audit firm as first
auditor and subsequent auditor. The auditor of a company protects the interest
of shareholders. Every company needs to appoint an auditor as per the
provisions of Companies Act, 2013.
All companies registered in India are required to appoint an auditor who audited
all the books of accounts of a company each year. Form ADT-1 is required to be
filed at the time of appointment of auditor as per Companies Act, 2013. This
form is uploaded on Ministry of Corporate Affairs (MCA) portal. The auditor is
compel by law to examine the books of accounts maintained by the director and
inform them about the true financial position of a company.

4.2 Qualification & Disqualification of

Auditor:
Qualifications for Auditors:
  In order to qualify as an auditor for a company in India, an individual
must be a Chartered Accountant (CA) in practice or a firm of Chartered
Accountants. The Chartered Accountant in practice must hold a valid
certificate of practice issued by the Institute of Chartered Accountants of
India (ICAI).
 The individual or firm must not have any disqualification specified under
the Companies Act, 2013. This means that they should not be facing any
disciplinary proceedings or have been debarred by ICAI from practicing as
a Chartered Accountant.

Disqualifications for Auditors:

The Companies Act, 2013 lays out several disqualifications for auditors in India.
These disqualifications are intended to ensure that the auditor is independent
and objective in their audit.

 An individual cannot be an officer or employee of the company or its

subsidiary. This is to avoid any potential conflicts of interest that may
arise if the auditor is also an employee of the company.
 An individual cannot hold any security of the company or its subsidiary,
except through a trustee or nominee. This is to avoid any potential
conflicts of interest that may arise if the auditor holds securities in the
company.
 An individual cannot be a promoter or director of the company or its
subsidiary. This is to avoid any potential conflicts of interest that may
arise if the auditor is also a decision-maker in the company.
 An individual cannot have any pecuniary interest in the company or its
subsidiary, except as a shareholder or creditor. This is to avoid any
potential conflicts of interest that may arise if the auditor has a financial
interest in the company.
 An individual cannot have been convicted of any offense or found guilty of
any fraud or misfeasance in connection with the promotion or formation of
any company. This ensures that the auditor has a good reputation and is
not involved in any illegal activities.
  An individual cannot have been a partner or an employee of the current
auditor in the preceding three years. This is to avoid any potential
conflicts of interest that may arise if the auditor has recently worked with
the current auditor.
 An individual cannot be a partner of an audit firm that has been debarred
from auditing any company by ICAI. This ensure the auditor's firm is not
debarred by the regulatory body.
 An individual cannot be an individual auditor of more than 20 companies.
This limit is to ensure that the auditor does not take on too many clients
and is able to provide adequate attention to each one.

It's also worth noting that the auditors are required to rotate every 5 years as
per the companies act 2013.

4.4 Rights and Duties Of Auditor:

Duties of an auditor
Section 143 sets out the powers and duties of the auditor. Every auditor of the
company shall have the right to inspect the books and records of the company at
any time, whether kept at the company’s registered office or elsewhere, and shall
have the right to request such information as he deems necessary for the
performance of his acts. Statements necessary for the duties of auditors and
inquiries about the following, such as:

1. Whether loans and advances made by the company by way of security

are properly secured and whether the terms of the loans and advances
are prejudicial to the interests of the company or its members;
2. Whether the company’s transaction represented solely by the booking is
detrimental to the company’s interests;
3. If the company is not an investment company or bank; whether most of
the company’s assets (including stocks, bonds, and other securities) are
being sold at a lower price than when the company purchased it;
4. Whether the loans and advances made by the entity have been recorded
as deposits;
 5. Whether personal expenses are included in the revenue account;
6. If the company’s books and documents indicate that shares were
distributed as cash, whether the distribution received cash, and if no
cash was received, whether the item is correct, regular, and not
misleading as indicated on the books and balance sheet.
The auditor of a company also has the power to examine the records of all its
subsidiaries in order to consolidate its accounts.

The auditor will report to the shareholders on its audited books and financial
statements to be submitted under this Act or to the company’s general meeting
of shareholders and prepare reports in accordance with the provisions of this Act,
the accounting and auditing standards, and the law or in accordance therewith.
The regulations enacted require matters to be included in the audit report and,
to the best of our knowledge and belief, declare that the above-mentioned
financial statements are a true and fair view of the company’s year-end profit
and loss and cash flow and other prescribed matters.

Rights of an auditor

The Companies Act gives extensive rights to an auditor. Specific provisions are specified
in the Act, which states that an auditor cannot be prevented by anyone from enjoying
his/her rights. Some of the rights are as follows: –

Right to access accounts

According to Section 143(1) of the Companies Act, every auditor has full rights to access
books related to accounts, vouchers, and other relevant company documents at all times
during his/her term of office. He also has full rights to go for surprise visits to check the
entries in the books of accounts. Overall, he/she can check all the documents which are
related to the company’s concern.

Right to make suggestions

The auditor has a right to suggest suitable modifications in methods of accounting, and
if such suggestions are made, then the director should comply with them. If such
compliance is not done, the auditor has full authority to report the same to the
members. However, the auditor has no authority to alter the company’s accounts in his
own accords.
Right to report

The auditor has a right as well as a duty to make a report to the members on the
account examined by him/her to state whether it is in his opinion and to the best of his
knowledge and explanation stated by him. Auditors must explain whether the financial
statement given is true and fair to the company’s business.

Right to sign the audit report

As per Section 145 of the Companies Act, 2013, The person appointed as the company’s
auditor shall sign or certify the company’s audit report or any other document
presented in the audit report in accordance with Section 141(2) and the qualifications,
opinions or comments relating to financial transactions which have any adverse effect
on the functioning of the company must be read before the general meeting of the
company and available for inspection by every member of the company.

Branch visits

As per Section 143(8) of the Companies Act, an auditor has full authority to visit the
branches to check all the works related to the company’s matter. However, the auditor
has no authority to visit foreign branches.

Right to receive a notice and attend meetings

As per Section 146 of the Companies Act, an auditor has full rights to receive the notice
and communications related to all the meetings during his/her term. The company
should send notice to the auditor even when his audited accounts are not discussed in
the meeting. As an auditor, he/she has full authority to attend the company’s meeting.
He/she can also speak at the meeting if any clarification is needed for any matter
related to the company’s concern.

Right to be indemnified

Under certain conditions, a company can take civil or criminal actions against the
auditor. If any legal action is taken against him, he generally defends himself against the
proceedings. However, if the judgment goes in his favour means in favour of the auditor,
then the company has to pay compensations for all the losses incurred by him during
the proceeding. These types of rights are general rights given in most cases.
Right to make representation

The retiring auditor has the authority to receive a copy of the special notice regarding
the removal or appointment of any other person as an auditor. He/she should have all
the knowledge beforehand. The retiring auditor has an absolute right to make his
representation through writing and request the same to be circulated among all the
members. If the same thing has not been circulated, then the representation will be read
at the company’s general meeting.

Right to receive remuneration

The company determines the auditor’s remuneration in the general meeting. However,
when the Board of Directors appoints the company’s first auditor, they can fix his
remuneration. The remuneration is in addition to the fees paid to him. It includes all
expenses incurred by the auditor as a result of the audit and all facilities granted to him.
However, this remuneration does not include amounts paid to him for services other
than auditing.

Right to seek legal and technical advice

Auditors are entitled to obtain expert advice on legal or technical issues at the
Company’s expense. But in his report, he should express his own opinion, not that of the
concerned experts.
 CH-5 BANK AUDIT.
5.1 INTRODUCTION OF BANK AUDIT
Banks play an important role in the development of any country. It’s like
an agent of the economy. Like all economic activities, the banking sector is
also exposed to various risks in its operations. It is of utmost importance to
ensure that the banking sector stays healthy, safe, and sound. For the safe
and sound banking sector, one of the most important factors is reliable
financial information supported by quality bank audits.

A Bank audit is a routine examination of the records and services of the

organization to ensure whether they are in compliance with the laws and
standards of the industry. Banks have to get many types of audits done
such as statutory audit, revenue audit, concurrent audit, etc. This may be
carried out by external or internal agencies. In this blog, we will have an
overview of the statutory audit of the Branch of the Bank that is carried
out as per guidance provided by RBI.

5.2 ROLE OF RBI BANK AUDIT:

The Reserve Bank's supervision, therefore, specifically focuses on audit quality
relating to identification of gaps, assessment of asset quality and the so-called
innovative accounting practices, if any, which could have a major impact on the
capital base of regulated entities and their viability as a going concern.

5.3 AUDIT OF BANKING COMPANY:

The audit of Banks is made compulsory under the enactments governing the
Banks. “Banking is such a unique industry where you do not want your
competitor to fail.” Banks and Financial Institutions (FIs) play a central role in
the economy. They hold savings of public provide a means of payment for goods
& services, finance the development of business and trade.

Therefore, Banks and FIs must command the confidence of the public and those
with whom they do business. Thus stability of the banking and financial
systems, both nationally and internationally, recognized as a matter of general
public interest.

As a result, naturally, stakeholders’ expectation from external or statutory

auditors of a bank and FI is much higher than audit of another entity. From local
view points, a number of high profile fraud/scam took place in recent years
involving a number of Banks and FIs in Bangladesh. Many such fraud/scams
took place due to the absence of robust risk management, internal control and
internal audit function in those banks. In some cases, although these functions
were present but it failed to operate effectively.

Aftermath of these scams/irregularities, as usual, along with others, criticisms

were also directed towards auditors of those banks/FIs.

Unfortunately, many of these criticisms towards auditors were driven by

emotion, and not by the fact. As a result, instead of constructive feedback/
criticism that could have assisted auditor to improve their quality, these were
turned out to be wholesale abuse and at times finding a scapegoat.

Having said that, it is also imperative to note that as per the local regulations,
roles and responsibilities of an auditor of Bank/FI are far greater than what is in
place in other countries.

Additional risk factors for Bank /FI audit

o Custody of large amount of monetary items

o Assets that can rapidly change in value

o Operate with high leverage (capital to assets)

o Short term deposit, solvency, and liquidity issue

o Complex accounting and IT systems

o Assume significant commitments

o Wide spread of branches and departments

o Highly regulated with strict enforcement

 CH-6. BANK AUDIT PROCESS.
6.1 AUDIT OF INCOMES:
The Income Audit allows a property to roll a business date while leaving it open
to handle new charges, adjustments and corrections as if these transactions
occurred during that business day. This allows a controller or income auditor to
go back into a day, look at the charges for guests still in-house, make
adjustments, and then run final reports. Once a guest is checked out, the charges
cannot be changed by the income auditor.
The End of Day Sequence procedures such as Arrivals Not Checked-In,
Departures Not Checked Out, Automatic Closure of Open Cashiers, Weather and
Notes, and Roll the Business Date etc. will run before the Income Audit in the
same order as the current End of Day Sequence regardless of whether or not the
property uses this feature.

Income Audit Process

 A business date can be rolled in the End of Day Sequence so that
new transactions will be charged to the new business date.
 Rolling the business date will cause the business date to match the
current system date.
 The End of Day Sequence or Income Auditor can print interim
reports and audit any business day that has not yet been closed.
 Adjustments, corrections and new charges can be made to checked
in guests on any open date using the Income Audit.
 The Income Auditor can verify charges, make changes to
transactions and then close the business date.
 The business dates must be closed in sequence.
  Closing of a date by the Income Auditor produces the Final Reports.

6.2 REVENUE OF AUDIT PROCEDURES:

Revenue audit is the audit of items governing income & expenditure of banks,
basically this type of audits is conducted with a view to verify the accuracy,
relevance of expenditure incurred & Incomes earned by the banks according to
applicable latest circulars, notification.

Auditors only required to concentrate on the areas which affect

revenue items of the banks.

Normal Procedure to conduct the revenue audit is as under

Pre commencement of audit:-

1. Study the relevant circulars pertaining to service charges given by bank,

[Go through the Format of Audit Report & Annexure attached to the audit report
(If any).]

2. Get Some Basic idea about branch’s banking software (i.e. Putting A/c No,
Period of Audit) so as to facilitate easy viewing of customer ledger.

During audit time:-

1. Don’t forget to carry Audit engagement letter given by head office. .

2. Auditors are advised to keep in mind the period of audit.

First of all ask the Bank manager to make available the following details.

Brief of Some Important accounts- ¨

· List of Total Cash Credit and Overdraft Accounts of Branch.

· List of Ad-hoc limit sanctioned during the period.

· List of Guaranties issued during the period. ¨ ¨

· Top 20 Current Accounts ¨

· Top 20 Depositors of bank. ¨ ¨ ¨

· List of NPA Accounts of branch and Recoveries made during audit period
against them.

List of areas to be covered & procedure for its audit are as under:- ¨

Incomes of Bank:-

a) Interest Earned On Advances.

b) Processing/Renewal charges.

c) Inspection charges.

d) Documentation charges.

e) Commitment charges (Important).

f) Equitable Mortgage charges.

g) CIBIL charges.

h) Ledger folio charges.

i) Locker rent.

j) Penal Interest on Overdue installments & On Late Submission of stock

statement. – (Generally 1% subject to maximum of 2%)

1.Interest Earned On Advances.

Ø See that interest is charged in accordance with latest circulars of RBI.

Ø Check the Interest Calculation on Selective basis.

Ø See that for special sanctioned interest is charged according to sanction letter.

Ø Check that revised interest rates are properly applied in system from relevant
date of applicability.

2. Processing/Renewal charges.

(A) Processing Fees:-

Processing fees is generally charged by the branch on following fresh advances

sanctioned during the audit period-

Term Loans, Housing Loans, Personal Loans, Vehicle Loans, Cash Credits
facility, Overdraft facility, Bank Guarantee etc.
 Scrutinize ledger of every sanction during the audit period & verify that
processing charges are debited accordingly to borrower’s ledger as per circular of
charges.

Read Sanction Letter for any special sanctions from controlling authorities &
verify that charges mentioned in Sanction Letter are debited to borrower’s
account accordingly.

If not debited accordingly than it revenue leakage of the bank.

(B) Renewal Charges:-

Cash Credit/OD limits and term loans should be renewed every year as per the
Banking regulations. So you have to verify that in every CC/OD/Term loan
Account, Renewal Charges are debited or not.

Renewal Charges are calculated on basis relevant service charges circular of the
bank.

Note:- There is a threshold limit for calculating renewal charges that you have to
be keep in knowledge and select the accounts that’s loan amount is more than
threshold limit.

If any discrepancy observed that should be noted.

3. Inspection charges.

Inspection Charges are charged on the accounts for which have the security of
stock and current assets, (generally CC and OD limits). Branch officials should
carry out inspection of borrower’s stock and other current assets at least once in
a quarter and debit the charges accordingly as per service charges circular.

Verify that the charges are properly debited in borrower’s ledger (At least 4
times in a year) as per circular of charges on basis of per inspection carried out.

If any discrepancy observed that should be noted.

4. Documentation charges.

Documentation charges is debited in relation to execution of security documents

by bank So, Documentation charges should be debited in each sanction during
the audit period as per the circular of charges.
And in every Cash credit/ OD limit at the time of enhancement of limit.

Documentation Charges is to be charged once in 3 years also.

If any discrepancy observed that should be noted.

5. Commitment charges (Important).

Commitment charges is charged by the bank if any borrower has not utilized the
sanctioned limit. It is charged on the un-utilized portion.

Since the amount is not utilized by the borrower, bank can’t earn interest upon
un-utilized portion and bank has it’s opportunity cost.

So bank levy the charge.

7. Equitable Mortgage charges.

CH-7.TYPES OF BANK AUDIT.

7.1 STATUTORY AUDIT:

Statutory audits of banks are carried out to check and ensure that the accounts

and financial statements presented to the stakeholders as well as the Income

Tax Department are fair and correct. It is mandated by the Income Tax

Department that banks conduct these audits regularly. The RBI (Reserve Bank

of India) along with the ICAI appoints qualified Chartered Accountants also

called the Statutory Auditors. These audits are conducted rigorously for every

branch of a bank at the end of the financial year.

Process of Statutory Audit

While issuing the reports, the auditors ensure that these reports follow the

essential requirements and auditing standards which include:

 SA (Standard of Auditing) 700: An opinion is formed, along with which
the financial statements are reported.
 SA (Standard of Auditing) 705: On the report provided by the Auditor,
various opinions regarding the modifications are offered.
  SA (Standard of Auditing) 706: In the report provided by the Auditor,
the emphasis is laid on matter paragraphs and others.

All these audits have to be conducted within a given frame of time by the

appointed auditors. The auditors intimate the banks in advance for the same

along with a list of details of the information that they would require during the

audits.

Elements to be verified during a Statutory Audit

The Auditor checks whether all the financial statements including the interests,

deposits, incomes, loans, advances and other such things in the report.

The elements that have to be verified during the Statutory Audits include:
 The procedure for cash verification
 Items related to tax
 Loan accounts and their verification

Cash Verification Procedure

Before the termination of the financial year, i.e. 31st March, the auditors have to

check the cash balance mandatorily for every branch of the bank. While verifying

the cash balance, the various points that one should consider includes:
1. Checking whether the department is open according to the timings
specified by the guidelines. Also, the branch manager must be present
while opening the bank each day.
2. Checking whether the joint custodians themselves are always opening
the cash safe/cash vault.
3. No unrecorded documents are placed in the cash safe or lockers.
4. A record has to be mandatorily maintained while collecting cash from
the people, along with proper checking of the currency for originality
and mutilation.
5. Checking whether the burglar alarm system is functioning or not.
6. While opening the cash room, all the other doors and entrances of the
bank have to be closed for security purposes.
7. No weapons are present inside the cash room.
8. Carry the cash in a locker box always.
9. Checking the condition of the lamps, and all the other machines along
with the cash-counting equipment.
Tax-related Items
The Auditor also has to check whether the bank follows all the items related to

tax, along with the compliances. These include:

1. During all the transactions and payments, the appropriate tax as per
the guidelines is applied or not.
2. On-time payments of all the taxes have to be done.
3. On-time filing of the tax returns is done.
4. Collection of TDS certificate along with the Form 15G/15H is done,
and timely submitted.
5. The RBI conducts the Checking of quality of the compliance and that
verification and audits for the branch earlier.
6. The branch must have an insurance policy.
7. Checking whether any outstanding entry has been made. If yes, then
the reasons for the same.
Verification Of Loan Accounts:

The loan accounts are quite a significant part of the transactions and finances of

the bank, due to which their confirmation takes place carefully in three steps,

including.
Preliminary Check

The bank must do this before accepting any loan-application. It involves

reviewing all the documents of the individual as well as the documents set by the

Government.
 Disbursement: All the terms and conditions of the sanction letter have
to be fulfilled under this procedure. And thereby, you will receive an
acceptance letter for the same.
 Post-disbursement Inspection: After all this, the final verification steps
will take place, including the checking of documents that are under the
custody of the bank.
 Statutory Audit Report and Long-form Audit Report: After the
successful completion of the audit, the auditors have to submit the
report as per the requirements under the RBI.

Conclusion

As such, the Government conducts these Audits for the proper functioning of the

banks under RBI and maintaining transparency in the system. It is also to

ensure there are ample internal checks and controls in place and the corporate

governance is thorough. Banks accept the savings of millions of people in the

form of deposits. So it is extremely important for them to function without any

blind side. Any blunder in corporate governance can wipe out the savings of an

entire class of people and plunge the economy into recession. This is why

statutory audits of banks are given a higher priority than normal statutory

audits and usually have more tight procedures and regulatory requirements

during the audits.

7.2 INTERNAL AUDIT:

Indian banking sector is witnessing major changes in recent years, as a result of

which new regulations are being brought into practice. With the implementation

of Basel III requirements, more importance is given to risk-based bank audits.

With more guidance and circulars from RBI for regulating the banking business

in the country, bank’s management is focused to bring about a robust framework

which will identify, assess and manage the financial risks. In order to achieve

this target, the internal audit of banks is necessary.

A periodic Internal audit is required to monitor the bank’s system of internal

control and procedures. Good internal audit process helps the management in

the effective discharge of its responsibilities. It gives them the assurance of the

risk and operational performance of the bank. Based on the volume and value of

its transactions, every bank should conduct an internal audit to fulfil its

responsibilities and to achieve its objectives.

Scope of Internal Audit

Generally, the scope of any bank’s internal audit revolves around the following:
  Evaluating the effectiveness of the internal control systems and

monitor its application

 Review the adequacy of the risk management procedures and

methodologies

 Checking the efficiency of routine operations of the bank

 Evaluate the reliability and accuracy of the financial records and

reports

 Review the management information system and the efficiency of the

electronic banking services

 Implementation of policies and procedures and ensure its

effectiveness

 Ensure that the procedures comply with the legal and regulatory

requirements

 The undertaking of fraud investigations, if required

 Ensuring the adequacy of procedures to safeguard the bank’s assets

 Monitoring the bank’s Non-Performing Assets (NPA) and alarming

the management when required

Independent Functions of Internal Audit

 Bank’s internal audit function must be independent of the other

audit activities – concurrent audit and control process

  Internal audit team must be given the appropriate authority to carry

out their functions with objectivity and must be free to report its

findings.

 Internal audit team head should have the authority to communicate

findings directly to the board of directors, external auditors, audit

committee, etc.

 Internal audit function has to be impartial i.e. it should perform its

functions free from bias and interference.

 Internal audit compensation scheme must be consistent with the

objectives of the audit and they should be free from any conflict of

interest with that of the bank.

General Functions of Internal Audit

Audit Plan

Internal audit function begins with the audit plan drafted by the audit team in

consultation with the management. This audit plan includes the timing and

frequency of the internal audit work to be carried on and it is based on control

risk assessment. Risk assessment examines all the bank’s activities and internal

control system which exhibits the probable degree of risk present in these

activities. The audit plan must be realistic and should take into account future

developments and expected innovations. Audit plan should also state the time to

be assigned for special investigation if any to be undertaken and other activities

as and when required. The plan should cover the resources required for carrying

out the audit activities in terms of personnel and other resources. Such an audit
plan established by the internal audit team has to be approved by the bank’s

management.

Audit procedures

The objectives framed in the audit plan are achieved through a detailed audit

programme which lists down the procedure to be carried out for each specific

audit area. These procedures are adapted according to the risks identified in

every process across the bank’s operations. Based on the value and volume of the

banking transactions, samples are selected in each of the core areas to be

audited. Audit samples should also be selected on a random basis in certain

areas, which will expose all the related risk. Listed below are some of the

important areas to be covered in any of the bank’s internal audit:

 Cash Transactions – The deposits and withdrawals made, need to

be tracked. Further, surprise verification of the cash balance on a

particular day needs to be initiated.

 Loan – This is the most important division in banking services.

Various types of loans and cash credits are given to customers. These

need to be checked for necessary documentation and approvals.

Checking the loan repayment schedules and examining the reported

non-performing assets is also required.

 Documentation – Checking for the KYC norms and ensuring the

sufficiency of the supporting documents is important.

 Charges – Analysing if all charges for various services rendered by

the bank are collected from the customers per the head office
 circulars is required. If there are any revenue leakages, it should be

reported.

 Tax – All the required withholdings and other tax deductions have

to be executed promptly.

 Other Services – Other banking commercial services such as swift

money transfers, the line of credit followed and much more should be

ensured to be in place. This has to be carried out with required

approvals, documentation, etc.

 Cost reduction through process improvements and reducing the non-

value added activities should be worked on.

All the audit procedures carried out by the internal audit staff must be

documented in working papers in a well-determined method. Such working

papers must list out the activities performed in checking the transactions along

with the sampling details. Working paper must also exhibit the conclusion

arrived which in-turn gets initiated by the audit supervisor.

Audit Report

A written audit report is drafted for each department and the executive

summary is taken for discussion with the senior management. The audit report

contains the scope and purpose of the audit along with the findings and the

banks (auditee’s) response. It also provides the importance of the deficiencies

found and related recommendations to the management to mitigate/reduce the

associated risk.
Senior management ensures the audit concerns are addressed accordingly and

recommendations made are implemented on a timely basis. The internal audit

team checks that the recommendations given during the previous audits are

implemented and adhered to in the next audit.

Basel III requirements

Reserve bank of India has already instructed the implementation of Basel III

requirements in the banking sector and all the banks are in the process of

enhancing their reporting system accordingly. Some of the Basel implementation

steps are listed below:

 Calculation of capital adequacy ratio and regulation of the economic

capital

 Improve the supervisory framework

 Validate the internal rating models

 Improving risk management and credit approval methods

 Rigorous bank supervision and broader disclosure in the financials,

etc.

With the volume of increasing bank frauds, RBI is bringing in more stringent

controls to mitigate the risk involved in the banking sector. Internal audit

function is undergoing major changes with the assimilation of international

internal audit standards to the banks. It is important for the internal audit team

to be vigilant and ensure all related risks are captured carefully.

Benefits of Internal Audit

Listed below are some of the benefits of having a good internal audit system in

banks:

 Overall operational and control environment of the bank is improved

 Regular internal audit system increases the accountability of the

employees

 Strong internal audit process enables early detection of fraud or

probable fraud

 Identifies redundant procedures and recommends improvement

which increases the operational efficiency

 Constant monitoring of the policies and procedures helps in reducing

financial risks

 Surprise cash verification by the internal auditors will ensure all the

cash transactions are accounted for correctly

 Ensures compliance with statutory law and regulations

 Systematic Internal audit assures the head office that all the

banking procedures and rules are adhered to

 Good control over the bank’s non-performing assets

 Regular internal audit at banks gives better comfort and assurance

to the statutory auditors too.

7.3 CONCURRENT AUDIT:

A financial entity requires continuous monitoring of transactions. For an entity

like a bank, the review mechanism must be robust and unabating. Hence the

need for a concurrent audit.

Concurrent audit means a parallel examination of the financial transactions, i.e.

examination at the time of the happening of the transaction. It is part of an early

warning system of a bank for ensuring timely detection of lapses or

irregularities.

As the name itself suggests, it is an audit that takes place at the moment when

transactions take place, that means it is parallelly conducted. Unlike most audits

that are post transactional review, the concurrent audit is as and when

transactions take place. It gives an early warning to ensure timely detection of

irregularities and lapses.

The concurrent audit covers all transactions of the bank. Hence to understand

how this audit needs to be conducted, an understanding of the processes of the

banks is imperative. Banking functions are inclusive but not limited to the

following:

 Acceptance of deposits

 Loans and advances

 Cash management

 Safety Lockers

 Forex

 Bill payment
To conduct a concurrent audit, functions of the bank must be fragmented to

transactions, and the necessary checks and balances must be assigned.

Acceptance of deposits is a core function of banks. The deposits are of varied

nature depending on the holder and purpose of the account. Nevertheless, the

process of acceptance of deposits can be summed up as follows:-

 Collection of details

 KYC and AML norms compliance

 Creation of account in Core Banking System (CBS)

The following steps must be adhered to ensure correctness:

The KYC norms will differ as per the status of the holder of the accounts. Hence

the document verification must be carried on accordingly.

Loans and advances

The lending of funds is the other core function of the bank. The bank accepts

deposits at a certain rate and lends at a higher rate. The margin is the bank’s

profit. Lending function ranks higher on the risk factor as there is a possibility of
the debt not being recovered. Hence there is a great significance and need for

proper documentation.

There are several loans and advances that a bank offers. However, the process

for disbursement remains more or less the same. The process for disbursement of

loan can be summed up as the following transactions:

 Building a relationship with the customer

  Collection of all requisite documents

 Checking the credibility of the customer

 Disbursing the loan and monitoring the loan

To reduce instances of defaults and fraudulent transactions, the following points

must be taken into consideration:

The documents required for loan processing will vary depending on the type of

loan. The auditor must verify all the documents and ensure that they are placed

safely. Post sanction, the loans and advances have to be monitored periodically

for warning signs of Non-performing Assets (NPA). The concurrent auditor must

closely examine the NPA management and report any discrepancies.

Cash management

Since the bank earns interest on the rupee it lends, maintaining a high cash

balance can result in interest losses. However, banks need to hold enough to

fund the ATMs. Hence the bank must achieve a balance. As an auditor, one

must:

Forex

For forex operations of a bank, the auditor must ensure the following checks:

 Rate of foreign exchange on the transaction date and correct entry in

books

 Adherence to RBI norms relating to forex

  Correct valuation of forex held in hand at the time of the audit

Bill payments

This is an add on service offered by banks; wherein a customer can make

payments towards public utilities through the bank. The auditor will have to

verify:

 If standing instructions have been received from customers, then

ensure that the same has been noted in the CBS to generate an auto

payment

 Ensure proper reconciliations of the utility accounts

Income leakage

For an auditor to ensure completeness of audit it is imperative to check that all

charges are collected, interest rates are inputted accurately in the CBS. The

auditor must generate MIS to analyze the various charges and interest

computations. Also, there has to be a documented process for changing the rates

in the system, and the same must be strictly monitored.

The concurrent audit aims at reducing the gap between the occurrence of a

transaction and its examination. A concurrent audit report covers all

transactions and hence is the second line of defense for a bank.

7.4 SYSTEM AUDIT:

Bill Gates once said, "For 21st Century Banking is essential not Banks".

The business processes for Indian banking have undergone a paradigm shift with
the increasing dependence on Information Technology. The IT has moved from
support function to process controller and is still moving forward forming the basis
of business operations.

Deployment of technology has not only enabled banks to perform efficiently but
also offer flexibility in the services offered. Days of definite banking hours have
gone, banking services are available 24x7 through ATM networks and Internet
Banking. The productivity has been improved. The vision of Customer of Bank has
come true and days are not far when the Bill Gates statement will come true.

However with the introduction of technology new risks and liabilities have been
introduced into the system. The threats of virus, hackers, frauds are realizing
frequently. Non-availability of services due to failure of power supply and
therefore computers, is not unheard of.

There are various reasons for these problems like; absence of Process re-
engineering due to deployment of technology, non addressing control structure
changes, lack of awareness and training, dependence on vendor and most
importantly absence of proper Information systems Audit.

The purpose of this article is to discuss the broad structure of Information Systems
and technology audits for Indian Banking.

The Basics.

Traditionally the word audit has been associated with accounts. The dictionary
meaning of the word Audit is: "Verification of records of financial transactions and
inspecting them for being in accordance with organization's policies and
procedures". However today it has broaden its meaning to include all the aspects
of business processes to mean the "Verification of processes that originates and
puts through the business transactions". The word transaction has also has broad
meaning as; "Any input into the process that changes the status of data or provides
output". It could be a decision by management, deployment of technology, or
providing services to the customer.

What is the difference between Information Systems Audit and Financial Audit?

Automation of systems with the help of Information technology has its own
rewards and penalties that have led the financial audit services to take cognizance
of it and Information System Audit immerged as a tool to maximize the
advantages and to provide a shell for avoidance of disadvantages. However
Information System Audit differs from financial and other types of audit.
  Primary difference is in approach. Financial audit is Post-mortem activity.
It verifies the transactions put through the system during predefined period
of time. e.g During the previous audit till the date of current audit, or
During previous financial year 1st April to 31st March. It focuses on the
validity of transactions based on the predefined set of business rules for
transaction processing. In other words it verifies the processes in past
upto here. The information systems audit focuses on controls in the
business process that has been applied through the technology and its
impact on the transactions from now and in future.

 Financial audit focuses on the 'amount transactions' whereas Information

System audit focuses on the process of transaction. e.g. The financial audit
will focus on the Balance in customer account to understand if the value
arrived is accurate or not. The information system audit will focus on the
process of computing balance as implemented by software and not the
actual value. In short financial audit looks for Quantitative value and
Information systems audit looks for Qualitative value.

 Financial audit can be conducted by ignoring the technology i.e. treating the
technology as black box and verifying the input and output for known
consistencies. (Also called as "Around the Computer Audit"). Information
systems audit cannot be conducted without considering technology.

 Both the audits can be conducted using CAAT - Computer Assisted Audit
Tools and Techniques, but these tools are different in either case. e.g ACL,
IDEA, SOFTCAAT etc are examples of Financial Audit CAAT, whereas
Output Analyzers, Firewall, Vulnerability assessment tools are CAAT for
Information systems audit.

Types of Information systems audits.

Information systems covers various processes associated with the receiving,

storing, retrieving, processing, communicating and destroying the information
assets of the business. It also covers various technologies converged for enabling
deployment of Information processes. e.g. Networked ATMs, Wireless LAN,
Interactive Website, Branchless banking (Any Where banking) etc.

The Technology systems that are designed and developed for carrying out the
information of and for Banks needs to be deployed very carefully. Traditionally
Banks have been subject to attack because "That is where the Money is". The
misuse and abuse of banking technology has already been reported worldwide
which has brought out various security issues in Technology deployment. Since
technology is indifferent in giving services, it the 'man behind machine' that needs
to be controlled. The Information systems audits are focused on verification of
controls.

Based on the technology deployment there could be various IS Audits. Some of

them illustrated below;

 Software Audit: Audit of the software to be used for the business processes
need to be audited before implementation in order to bring out the control
weaknesses. Depending upon the acquisition processes there could be
different audits viz.
o Acquired Packaged Software
o Acquired developed software
o In-house developed software
 Implementation Audit: The software needs to be implemented across the
business locations for final use of the customers - directly or through
employees. Banking application software needs setting of parameters
before implementing the software, and also during the use due to changes
in the environmental conditions like regulatory and/or statutory
requirements etc.
 Operations Audit: Use of information technology needs to be controlled for
preventing misuse/frauds. Hence defining the secure procedures and
auditing their compliance is essential. Depending upon the product there
could be different operations audits, viz.
o Branch operations audit
o ATM operations audit
o Network administration audits
o System access audits
o EDI and remote login audits
o Software development process audit
o Software testing audits
 Firewall and network audits: Where Banks are using the networks that
communicates with external entities for information receiving and
transmission, a firewall needs to be implemented and audited for ensuring
security of communications.
  Internet banking and web server audits: Internet banking allows the access
to the Banks database over the Internet, hence it is essential to protect the
access. Firewall can help in preventing unauthorized access, however
prevention of misuse by the authorized person is necessary. Audit of
Internet Banking focuses on secure procedures of identification,
authentication and authorization of users and providing proper access to
the data.
 Business continuity management audits: Business continuity planning and
Disaster recovery procedures clubbed and constantly monitored by the
business continuity management department. Since the Banks have more
than one office located at geographically dispersed areas, the need for BCM
is also different for each office/branch. However the audit of accepted
process of Business continuity management is essential part of information
system audit.
 PKI Audits: Use of Public key infrastructure is going to be common feature
of Banking. Management of private keys issued to the authorized employees
and secure storage of the same is essential.
 Combination audits: There could be combination of one or more audits
illustrated above. e.g. EDI audit may consider development and deployment
of software, or ATM operations audit may include the implementation audit
also.

This is an illustrative list and not the entire domain of IS Audit. Depending upon
the need and use of IT, one can define scope for IS Audit.

Standards for IS Audit.

The spread and diversification of use of information technology has really made it
difficult to master the complete knowledge of technology. Hence it is essential that
a proper skilled and knowledgeable person perform the IS Audit. Information
Systems Audit and Control Association (ISACA) has defined the standards for IS
Audits to be followed by auditors. These standards, described below in brief,
provide the essence of the IS Audit process an auditor needs to follow.

 Audit Charter
o Responsibility, Authority and Accountability: The
responsibility, authority and accountability of the information
systems audit function are to be appropriately documented in an
audit charter or engagement letter. It generally defines the scope of
audit also.
 Independence
 o Professional Independence : In all matters related to auditing,
the information systems auditor is to be independent of the auditee
in attitude and appearance. i.e. Auditor should not undertake the
assignment where he/she has any interest or have worked on the
project earlier.
o Organizational Relationship: The information systems audit
function is to be sufficiently independent of the area being audited to
permit objective completion of the audit. The auditee management
and Audit management should be functionally independent.
 Professional Ethics and Standards
o Code of Professional Ethics: The information systems auditor is
to adhere to the Code of Professional Ethics of the Information
Systems Audit and Control Association.
o Due Professional Care: Due professional care and observance of
applicable professional auditing standards are to be exercised in all
aspects of the information systems auditor's work.
 Competence
o Skills and Knowledge: The information systems auditor is to be
technically competent, having the skills and knowledge necessary to
perform the auditor's work. This is true particularly for technology
audits since one person cannot master entire gamut of latest
technology.
o Continuing Professional Education : The information systems
auditor is to maintain technical competence through appropriate
continuing professional education.
 Planning
o Audit Planning: The information systems auditor is to plan the
information systems audit work to address the audit objectives and
to comply with applicable professional auditing standards.
 Performance of Audit Work
o Supervision: Information systems audit staff are to be
appropriately supervised to provide assurance that audit objectives
are accomplished and applicable professional auditing standards are
met.
o Evidence: During the course of the audit, the information systems
auditor is to obtain sufficient, reliable, relevant and useful evidence
to achieve the audit objectives effectively. The audit findings and
conclusions are to be supported by appropriate analysis and
interpretation of this evidence.
 Reporting
o Report Content and Form: The information systems auditor is to
provide a report, in an appropriate form, to intended recipients upon
 the completion of audit work. The audit report is to state the scope,
objectives, period of coverage and the nature and extent of the audit
work performed. The report is to identify the organization, the
intended recipients and any restrictions on circulation. The report is
to state the findings, conclusions and recommendations and any
reservations or qualifications that the auditor has with respect to the
audit.
 Follow-Up Activities
o Follow-Up: The information systems auditor is to request and
evaluate appropriate information on previous relevant findings,
conclusions and recommendations to determine whether appropriate
actions have been implemented in a timely manner.

Risk based audit.

Generally audit process provides the assurance to the management that the
auditee is following the procedures defined by the management. However risk-
based audit approach goes beyond just compliance scope and tries to evaluate the
procedures and non-compliance as potential risk for the organization's
information assets. This is more pro-active approach for I S Audit, since because
of the nature of technology, procedures might be insufficient or may not consider
complex risks.

The auditor analyses the technology and business processes using that
technology and prepares a control matrix that points the impact of control on the
risk mitigation. It helps in analyzing the management's perception about the
risks and can point out possible risk perception discrepancies. A risk initially
perceived as minor may actually lead to disaster. e.g. Risk due to virus might be
low in case of independent LAN/server, but multiplies in many folds, moment
any node is connected to the Internet.
A most proactive approach for the management is to have a Risk management
and monitoring program in place implemented through incidence response
mechanism.

Outsourcing and Audit.

Deployment of Information Technology is not a main business domain for Banks,

hence there is a tendency to outsource many functions to vendor who has
capacity and expertise to handle such functions. However since Bank owns the
assets handled by the technology provided by vendors, it is prudent to address
the security issues before outsourcing. Apart from performance, secrecy and
fidelity, continuity etc., auditability of the vendor's processes that are housing
the Bank's assets, by the Bank appointed auditor should be the clause in the
outsourcing agreement.

Also there should be predefined and agreed upon procedure for monitoring the
performance. e.g. if the annual maintenance of Bank's hardware has been
outsourced with 99% business hours uptime requirement, the Banks should
devise a internal procedure to maintain the record of uptime or downtime of the
system. Auditing of compliance of such procedures should be part of operation's
audit.

However everything covered by the technology cannot be outsourced. e.g. User

Acceptance testing of the acquired developed software cannot be outsourced,
since it is the internal business function and the requirements from the software
are best known to the bank. Also it has been traditionally proven fact that the
software development requirements are never fixed and final, hence the testing
vendor will perform the testing only for the specifications provided to the
development vendor. Another part that cannot be effectively outsourced is the
development of Information Security Policy and procedures, since these needs to
be developed taking into consideration the culture of the organization. e.g.
Password sharing, if organization do not provide de-learning mechanism where
password sharing has been common feature, making policy will be ineffective. Or
if the systems administrator has not been given immunity from attending office
late, he will share the password in order to avoid creating of record by opening
sealed envelope containing his/her password.

Bank may decide to outsource the I S Audit function. In this case it is necessary
to ensure that the I S Auditor will be following the standards defined above and
have necessary expertise to carry out the audit. The best professionals comes at
best cost, hence to define the requirements is the key to get best at competitive
prices.

Self Audits.

In order to supplement the audit function banks management may come up Self
Audit or Control self assessment by the functional managers. This can be
particularly useful in case of operational audits. Considering the geographical
spread of bank's technology it may not be possible to follow the 'Workshop
method' hence the questionnaire approach is generally used for Self-audits. The
point to be noted in the questionnaire approach is that the defining questions
should ensure that necessary knowledge is being provided to the functional
manager. For example, if the questionnaire asks "whether adequate capacity
UPS has been provided?", then the person answering should know, What is
adequate capacity? How to ensure it is adequate? Are the UPS acquisition and
implementation documents accessible?

Internal IS Audit Function.

Considering the expertise required, Bank may decide not to have internal audit
function for the entire technology. Generally the internal auditors with
minimum training requirements can handle Operational I S Audits, since these
audits mainly focuses on compliance of predefined procedures and inherently has
short audit cycle. The properly trained I S auditors should handle complex
technological audits that have longer periodicity. The auditors for this can be
deployed as and when required, since there may not be a full time workload
available. Depending upon the size and spread, it is prudent to build the team of
technical auditors starting with small team, to conduct the I S Audits.

Some common confusions.

Based on the RBI's guidelines Indian Banks have implemented IS audit function
with help of Internal and external auditors. However there has been some
confusion observed in some cases.

The scope of IS audit covers entire gamut of technology and thus proper scope
cannot be defined. e.g. an advertisement requested quote for the scope covering
Software audit as well as operations audit, but ignored the implementation and
conversion audit. Software audit, Implementation audit, conversion audit and
operations audit are different types requiring different scope. Conversion audit is
mainly financial audit where as other audits are IS audits.
Operations audits are generally considered based upon the internal control
questionnaire, which is improper mix of technology audit and financial audit.
Actually operations audit can be of two types 1. Banking operations audit in
computerized environment and 2. Technical operations audit of Bank/branch.
Former is financial audit whereas later is I S Audit.
Operation audit questionnaire has questions covering technology (Does proper
access controls provided?) and also banking (Does dormant accounts flagged
properly? Or Interest being applied correctly?). Both these questions are
irrelevant if Software audit and Implementation audit has been carried out
properly. If not the scope need to cover these factors, but the management has
not considered the person hour requirements for the same.
Auditor's background also adds to it. An auditor from Banking background tends
to point out quantitative errors in technology audit, (e.g. quantum of interest is
incorrect) whereas auditor from IT background fails to understand the
significance of quantitative indicators in implementation audit. Also there is
difference in risks perceived by these two auditors. Former may consider
incorrect interest as high risk due to losses, where as later may perceive as low
risk due to compensating controls of day book checking.

Conclusion.The information systems have provided enormous leverage to the

Banks in improving the services by deploying the technology. However in order
to understand and address the risks arising out of use of technology, I S audit
has become a necessity and Banks need to address the risks and issues arising
out of absence of it. In order to build the internal I S audit function once can
start with small department of qualified auditors. In the meantime the I S Audit
function can be outsourced to expert vendors with internal auditors working with
them.