VARIOUS TYPES OF AUDIT IN THE BANK

Report
VARIOUS TYPES OF AUDIT
IN THE BANK
BY
BALJEET KUMAR SHARMA
Asstt Gen Manager
SBLC, DEHRADUN
AUDIT FUNCTION
•
•
•
•
•
•
•
•
•
•
•
CREDIT AUDIT: CODUCTED BY INSPECTION & MANAGEMENT AUDIT DEPARTMENT,
CORPORATE CENTRE, HYDERABAD
INFORMATION SYSTEMS (IS) AUDIT: CONDUCTED BY INSPECTION & AUDIT
DEPARTMENT, CORPORATE CENTRE, HYDERABAD
STATUTORY AUDIT: CONDUCTED BY OUTSIDE CHARTERED ACCOUNTANTS
EMPANELLED BY RBI
CIRCLE AUDIT: CONDUCTED BY CIRCLE AUDIT DEPARTMENT
CONCURRENT AUDIT: CONCURRENT AUDITORS ARE POSTED IN GROUP-I AND OTHER
SELEXCT BRANCHES
INCOME AUDIT: WILL BE ORDERED BY CGM AT SELECT BRANCHES AT THE INSTANCE OF
CORPORATE CENTRE
AUDIT UNDER SECTION 35: CONDUCTED BY RBI INSPECTORS UNDER SECTION 35 OF
BANKING REGULATION ACT
FEMA AUDIT: CONDUCTED BY RBI AS PER SECTION 12 OF FEMA ACT
GOVERNMENT AUDIT
MANAGEMENT AUDIT
RFIA: RISK FOCUSED INTERNAL AUDIT, CONDUCTED BY INSPECTION & MANAGEMENT
AUDIT DEPARTMENT, CORPORATE CENTRE, HYDERABAD
GENESIS OF RISK FOCUSED
INTERNAL AUDIT
RBI in its monetary policy Statement for the
year 2001-02 announced the move
towards Risk Based Supervision (RBS) of
Banks
• In the light of changing trends in the
international banking scenario due to
globalization, RBI introduced RBS in the
banks
• Risk Based Internal audit is a part of RBS
NEED TO MOVE TO RFIA
• Deregulation and liberalization of Indian
Financial sector
• New financial markets and products,
Higher Risk
• Internal control system, Internal audit
function conforming to BASEL norms
• New BASEL CAPITAL ACCORD
• Providing necessary checks and balances
WHAT IS INTERNAL AUDIT?
• Internal audit must review and report upon
the control environment as a whole
• It is the process by which Risks are
identified, analyzed and managed
• Reports on the reliability and integrity of
corporate management function, and
• Comments on compliance with rules and
regulations
WHEN WAS RFIA INTRODUCED
IN SBI?
As part of introduction of RBS, State Bank of
India introduced Risk Focused Internal
Audit (RFIA) of all branches w.e.f.
01.04.2003 based on the
recommendations of the Management
Audit Group headed by Shri S N Sawaikar,
Dy.MD (Retd) (Also called Sawaikar
Committee)
SALIENT FEATURES OF RFIA
• Shift from the system of full scale transaction testing to
risk identification, prioritization of audit areas and
allocation of audit resources based on risk management
• Risk identification (Grouping of branches)
• Rigour/Frequency of Audit based on Risk profile
emerging
• Functionally independent in all areas of Audit
• The SIGH portion of erstwhile inspection report format
has also been modified in tune with parameters
contained in Audit Report Formats with new code
numbers and has been renamed SDRM (Serious
Deviations in Risk Management systems)
• Concept of Management Letter, generation of Heat Maps
and submission of special reports
BRANCH CATEGORISATION
UNDER RFIA
As per initial audit plan, branches have been
categorized into three groups based on
perception of inherent risks assessed on bank’s
products, services, volume of business,
complexity of business and contribution to
bank’s income. Group I (High Risk), Group II
(Medium Risk) and Group III (Low Risk). Review
of grouping has been done with effect from
01.04.2006 after completion of one audit cycle
and on the basis of feedback received.
THE MAJOR CHANGES
INITIATED IN RFIA
w.e.f.
01.04.2006
Regrouping of branches
•
• Business Parameters de-linked from Risk assessment. Coe
parameters in Set I and Set II have been replaced by Risk and
Business Parameters
• Three rating system introduced
• Separate ARFs for various types of branches and BPR entities
• Separate ARFs for Bank Master and CBS branches designed
• I.S.Audit formats in tune with IT / IS security policies developed
• Focused audit queries added in customer service, fraud prevention,
control environment, branch management, marketing efforts, etc.
• Rating / scoring pattern changed
• Rationalization the integration of credit audit score for credit risk
management with cc audit report
• Provision for capturing trend of risk over previous two audits (To
assess whether increasing / stable / decreasing)
Significance of regrouping of
branches now
Grouping of branches is a dynamic concept and
based on the actual risk experience, the
branches in the group would need to be
reviewed at periodical intervals.
Our Operational Risk Management (ORM)
Consultants, M/s. Deloitte & Touche, suggested
that the number of Group I branches should be
brought down. And we need to update the
grouping on recent business data because the
business data used by Sawaikar committee was
as on 31.03.2001
THE NUMBER OF BRANCHES CATEGORISED
UNDER GROUP I AND THE REVISED NORMS
FOR CATEGORIZATION
As per the revised norms given below, 314 branches were categorized
under Group I having share of 32% of deposits, 57% of advances,
52% of Interest Income, 52% of Other Income and 89% of Forex
Income. (Based on figures as on 31.03.2005)
•
•
•
•
All DGM & Above Incumbency Branches
All CAG, MCG & SAMG Branches
All Branches with Non Food Advances exceeding Rs.100 Crore
Branches with aggregate Non Food and Non-C&I advances of
Rs.50 Crore and above
• Branches with Other Income of Rs.10 Crore and above (and not
included in items above)
REVISED RISK RATING SYSTEM
GRADE
• WELL CONTROLLED
• ADEQUATELY
CONTROLLED
• NEEDS IMPROVEMENT
• UN-SATISFACTORY
SCORE RANGE
• 85% & above
• Between 70% %
<85%
• Between 50% & <
70%
• Less than 50%
REVISED GENERAL EFFICIENCY RATING
SYSTEM w.e.f. 01.10.2008
RATING
SCORE RANGE
RISK RATING & SCORE
(MINIMUM)
A PLUS
W C – 850
A
A C -700
B PLUS
N I – 500
B
U S - …..
REVISED PERIODICITY OF RFIA
WITH EFFECT FROM 01.04.2006
RISK
TAKING
GROUP I
(within)
18 months
GROUP II GROUP III
(within)
(within)
21 months 21 months
Adequately
controlled
15 months
18 months
18 months
Needs
improvement
12 months
12 months
12 months
Unsatisfactory
6 to 8
months
12 months
6 to 8
months
12 months
6 to 8
months
12 months
Well controlled
Newly opened
branches

similar documents