AUDIT OF BANKS

INTRODUCTION
A well-organised and efficient banking system is a pre-requisite for economic
growth. Banks play an important role in the functioning of organised money
markets. They act as a conduit for mobilising funds and channelising them for
productive purposes. The Indian banking system, like the banking system in
other countries, has played a significant role in the economic growth of the
country. In order to meet the banking needs of various sections of the society, a
large network of bank branches has been established. Presently, there are four
types of banking institutions in India. These are
Commercial banks
Regional rural banks
Co-operative banks
Development banks (more commonly known as term-lending institutions)
Besides, the Reserve Bank of India (hereinafter referred to as RBI) acts as the
central bank of the country.
Commercial banks are by far the most widespread banking institutions in India.
Typically, commercial banks provide the following major products and
services:

(a) Acceptance of Deposits; (b) Granting of Advances; (c) Remittances; (d)

Collections;
(e) Cash Management Product; (f) Issuance of Letters of Credit and
Guarantees; (g) Merchant Banking Business; (h) Credit Cards; (i) Technologybased Services; (j) Dividend / Interest / Refund Warrants; (k) Safe-keeping
Services; (l) Lockers; (m) Handling Government Business (n)
Participant

(DP)

Services;

Machines

(ATMs);

(o)

Automated

Depository
Teller

(p) Exchange of Notes, (q) Debit Cards, (r) Cross selling, (s) Auto Sweep
facility in saving account, (t) Third party advertisement on ATM network, (u)
Securitization of future lease rentals, (v) Derivative business.
Commercial banks operating in India can be divided into two categories based
on their ownership public sector banks and private sector banks. However,
irrespective of the pattern of ownership, all commercial banks in India function
under the overall supervision and control of the RBI.

Advanced Auditing and Professional Ethics

Public sector banks comprise the State Bank of India, its seven subsidiaries
(also called associate banks of State Bank of India; these are State Bank of
Bikaner and Jaipur, State Bank of Hyderabad, State Bank of Indore, State Bank
of Mysore, State Bank of Patiala, State Bank of Saurashtra, and State Bank of
Travancore) and nineteen nationalised banks.
The ownership of private sector banks is in private hands. They are of three
types:
1) Indian scheduled commercial banks other than public sector banks. (The term
scheduled commercial banks refers to commercial banks which are included
in the Second Schedule to the Reserve Bank of India Act, 1934.) It may be
noted that not all scheduled banks are commercial banks; some co-operative
banks are also scheduled banks. Commonly known as banking companies,
these banks are companies registered under the Companies Act, 1956 or an
earlier Indian Companies Act.
2) Non-scheduled banks.
3) Indian branches of banks incorporated outside India, commonly referred to as
foreign banks.
Regional Rural Banks have been established with a view to developing the
rural economy by providing, for the purpose of development of agriculture,
trade, commerce, industry and other productive activities in the rural areas,
credit and other facilities, particularly to the small and marginal farmers,

agricultural labourers and artisans and small entrepreneurs (Preamble to the

Regional Rural Banks Act, 1976).
Co-operative Banks are banks in the co-operative sector which cater primarily
to the credit needs of the farming and allied sectors. Co-operative banks
include central co-operative banks, state co-operative banks, primary cooperative banks and land development banks.
Development Banks were started with the objective of providing only longterm finance for development purposes; they are referred to as development
banks or term-lending institutions. There are a number of all-India level
term-lending institutions.

SPECIAL FEATURES

Banks have the following characteristics which distinguish them from most
other commercial enterprises:
They have custody of large volumes of monetary items, including cash and
negotiable instruments, whose physical security has to be ensured. This applies
to both the storage and the transfer of monetary items and makes banks
vulnerable to misappropriation and fraud. They, therefore, need to establish
formal operating procedures, well-defined limits for individual discretion and
rigorous systems of internal control.
They engage in a large volume and variety of transactions in terms of both
number and value. This necessarily requires complex accounting and internal
control systems.
They normally operate through a wide network of branches and departments
which are geographically dispersed. This necessarily involves a greater
decentralisation of authority and dispersal of accounting and control functions,
with consequent difficulties in maintaining uniform operating practices and
accounting systems, particularly when the branch network transcends national
boundaries.
They often assume significant commitments without any transfer of funds.
These items, commonly called 'off-balance-sheet' items, may not involve
accounting entries and, consequently, the failure to record such items may be

difficult to detect. They are regulated by governmental authorities and the

resultant regulatory requirements often influence accounting and auditing
practices in the banking sector.
Special audit considerations arise in the audit of banks because of:
the particular nature of risks associated with the transactions undertaken by
banks;the scale of banking operations and the resultant significant exposures
which can arise within short periods of time;the effect of the statutory and
regulatory requirements; andthe continuing development of new services and
banking practices which may not be matched by the concurrent development of
accounting principles and auditing practices.
The auditor should consider the effect of the above factors in designing his
audit approach.

LEGAL FRAMEWORK

There is an elaborate legal framework governing the functioning of banks in

India. The principal enactments which govern the functioning of various types
of banks are:
Banking Regulation Act, 1949
State Bank of India Act, 1955
Companies Act, 1956
State Bank of India (Subsidiary Banks) Act, 1959
Banking Companies (Acquisition and Transfer of Undertakings) Act, 1970
Regional Rural Banks Act, 1976
Banking Companies (Acquisition and Transfer of Undertakings) Act, 1980
Information Technology Act, 2000

Prevention of Money Laundering Act, 2002

Securitisation and Reconstruction of Financial Assets and Enforcement of
Security Interest Act, 2002
Credit Information Companies Regulation Act, 2005
Payment and Settlement Systems Act, 2007

Advanced Auditing and Professional Ethics

Besides, the above enactments, the provisions of the Reserve Bank of India
Act, 1934, also affect the functioning of banks. The Act gives wide powers to
the RBI to give directions to banks which also have considerable effect on the
functioning of banks.

FORM AND CONTENT OF FINANCIAL STATEMENTS

Sub-sections (1) and (2) of section 29 of the Banking Regulation Act, 1949,
deal with form and content of financial statements of a banking company and
their authentication. These sub-sections are also applicable to nationalised
banks, State Bank of India, subsidiaries of the State Bank of India, and
Regional Rural Banks.
Sub-section (1) of section 29 requires every banking company to prepare a
balance sheet and a profit and loss account in the forms set out in the Third
Schedule to the Act or as near thereto as the circumstances admit. These
financial statements have to be prepared as on the last working day of each
financial year (i.e., 31st March) in respect of all business transacted during the
year. A foreign banking company (i.e., a banking company incorporated
outside India and having a place of business in India) has to similarly prepare a
balance sheet and a profit and loss account every year in respect of all business
transacted through its branches in India.

Salient Features of the Third Schedule - Form A of the Third Schedule to the
BankingRegulation Act, 1949, contains the form of balance sheet and Form B
contains the form of profit and loss account.
The balance sheet as well as the profit and loss account are required to be
presented in vertical form. Capital and liabilities are to be presented under the
following five broad heads:
Capital
Reserves and Surplus
Deposits
Borrowings
Other liabilities and provisions
Assets are required to be presented under the following six broad heads:
Cash and Balances with Reserve Bank of India
Balances with Banks and Money at call and short notice
Investments
Advances
Fixed assets
Other assets
Details of items of capital, liabilities and assets are required to be presented in
the prescribed form in various schedules.

The aggregate amounts of contingent liabilities and bills for collection are to be
presented on the face of the balance sheet. While details of contingent
liabilities are to be presented by way of a schedule.

The following items are required to be presented on the face of the profit and
loss account.

Income
Interest earned Other income

Expenditure
Interest expended
Operating expenses
Provisions and contingencies

Profit (Loss)
Net profit (loss) for the year Profit/loss brought forward
IV. Appropriations
Transfer to statutory reserves Transfer to other reserves Transfer to
Government/Proposed Dividend Balance carried over to balance sheet

Prescribed details of interest earned, other income, interest expended and

operating expenses are required to be given by way of schedules to the profit
and loss account.
The Schedules of Balance sheet and Profit and Loss account are given in
Annexure II to this chapter.

Other Disclosures - In addition to the disclosures to be made in the balance

sheet and profitand loss account in pursuance of the requirements of the Third
Schedule to the Act, the RBI has directed to disclose some other information
specified by RBI by way of notes on accounts. These informations have been
given in Annexure II to this chapter.

Financial Statements, Auditor's Report and Directors Report of

Subsidiary - PublicSector Banks are also required to annex the balance sheet,
profit and loss account, report of the Board of Directors and Auditors Report
in respect of each of their subsidiaries, to their own financial statements. The
banking companies are required to attach the financial statements, directors
report and auditor's report to their own annual reports by virtue of section 212
of the Companies Act.

Notes and Instructions Issued by Reserve Bank of India - The Reserve

Bank of India hasissued notes and instructions for compilation of balance sheet

and profit and loss account. These notes and instructions provide an
authoritative interpretation of the requirements of the

Advanced Auditing and Professional Ethics

Third Schedule to the Act and are thus useful in preparation of financial
statements of banks. Notes and instructions are reproduced as Annexure II.
Signatures - Sub-section (2) of section 29 of the Act requires that the financial
statements of banking companies incorporated in India should be signed by the
manager or principal officer of the banking company and by at least three
directors (or all the directors in case the number is less than three). The
financial statements of a foreign banking company are to be signed by the
manager or agent of the principal office in India. It may be noted that the
accounts of a branch are usually signed by the manager of the branch and/or
the accountant.
The provision of sub-section (2) of section 29 are also applicable to
nationalised banks, State Bank of India, its subsidiaries, and regional rural
banks.
Requirements of Banking Regulation Act, 1949, vis a vis Companies Act,
1956 - The requirements of the Companies Act, 1956, relating to the balance
sheet and profit and loss account of a company, in so far as they are not
inconsistent with the Banking Regulation Act, 1949, also apply to the balance
sheet or profit and loss account, as the case may be, of a banking company

[sub-section (3) of section 29 of the Act]. It may be noted that this provision
does not apply to nationalised banks, State Bank of India, its subsidiaries and
regional rural banks. Banks listed on a stock exchange have to comply with the
requirements of the Listing Agreement as amended from time to time.

AUDIT OF ACCOUNTS
Sub-section (1) of section 30 of the Act requires that the balance sheet and
profit and loss account of a banking company should be audited by a person
duly qualified under any law for the time being in force to be an auditor of
companies. Similar provisions are contained in the enactments governing
nationalised banks [section 10 of the Banking Companies (Acquisition and
Transfer of Undertakings) Act of 1970/1980], State Bank of India [section 41
of the State Bank of India Act, 1955], subsidiaries of State Bank of India
[section 41 of the State Bank of India (Subsidiary Banks) Act, 1959], and
regional rural banks [section 19 of the Regional Rural Banks Act, 1976]. It is
important to note that section 41 of the State Bank of India Act, 1955,
specifically provides that the affairs of the bank shall be audited by two or
more auditors. Further, the members, while carrying out audit of a bank (head
office or branches) are required to comply with the Engagement and Quality
Control Standards1, issued by the Institute of Chartered Accountants of India. A
list of the Engagement and Quality Control Standards applicable to audit of
financial statements of a bank is given as Annexure

Qualifications of Auditor - According to section 226 of the Companies Act,

1956, a chartered accountant, a firm of chartered accountants, or a restricted
state auditor can be appointed as auditor of a company. However, the following
persons cannot be appointed as auditor of a company
a) Body corporate
b) An officer or employee of the company
c) A person who is a partner, or who is in the employment, of an officer or
employee of the company
d) A person who is indebted to the company for an amount exceeding one
thousand rupees, or who has given any guarantee or provided any security in
connection with the indebtedness of any third person to the company for an
amount exceeding one thousand rupees
e) A person holding any security means an instrument which carries voting
rights of the company.
It may be noted that in case of indebtedness in excess of the specified limit as
mentioned at
(d) above, the chartered accountant concerned (or the firm of chartered
accountants) becomes disqualified to audit any branch of the bank; the
disqualification is not confined to appointment as auditor of the particular
branch to which the debt is owed.
In the context of banks, the expression indebtedness would cover, inter alia,
the amounts outstanding in respect of credit cards issued by a bank. Thus,

where the credit card outstandings exceed the prescribed limit of Rs.1,000, the
chartered accountant in whose name the card is issued as well as the firm of
which he is a partner would be disqualified for appointment as auditor of the
issuing bank.

Appointment of Auditor
As per the provisions of the relevant enactments, the auditor of a banking
company is to be appointed at the annual general meeting of the shareholders,
whereas the auditor of a nationalised bank is to be appointed by the bank
concerned acting through its Board of Directors. In either case, approval of the
Reserve Bank is required before the appointment is made. The auditors of the
State Bank of India are to be appointed by the Reserve Bank of India in
consultation with the Central Government. The auditors of the subsidiaries of
the State Bank of India are to be appointed by the State Bank of India. The
auditors of regional rural banks are to be appointed by the bank concerned with
the approval of the Central Government.
As mentioned earlier, the State Bank of India Act, 1955, specifically provides
for appointment of two or more auditors. Besides, nationalised banks and
subsidiaries of State Bank of India also generally appoint two or more firms as
joint auditors.

Remuneration of Auditor - The remuneration of auditor of a banking

company is to be fixedin accordance with the provisions of section 224 of the
Companies Act, 1956 (i.e., by the company in general meeting or in such
manner as the company in general meeting may determine). The remuneration
of auditors of nationalised banks and State Bank of India is to be fixed by the
Reserve Bank of India in consultation with the Central Government. The
remuneration of auditors of subsidiaries of State Bank of India is to be fixed by
the latter. In the case of regional rural banks, the auditors remuneration is to be
determined by the bank concerned with the approval of the Central
Government.

Powers of Auditor - The auditor of a banking company or of a nationalised

bank, State Bankof India, a subsidiary of State Bank of India, or a regional
rural bank has the same powers as those of a company auditor in the matter of
access to the books, accounts, documents and vouchers. He is also entitled to
require from the officers of the bank such information and

Advanced Auditing and Professional Ethics

explanations as he may think necessary for the performance of his duties. In
the case of a banking company, he is entitled to receive notice relating to any

general meeting. He is also entitled to attend any general meeting and to be

heard there at on any part of the business, which concerns him as auditor.
It is important to note that under section 10 of the Banking Companies
(Acquisition and Transfer of Undertakings) Act, 1970/1980, the auditor of a
nationalised bank may employ accountants or other persons at the expense of
the bank to assist him in audit of accounts. Similar provisions exist in section
41 of the State Bank of India Act, 1955 and the State Bank of India (Subsidiary
Banks) Act, 1959. These provisions are aimed at facilitating the work of
auditors of these banks by empowering them to appoint the auditors of
branches and are particularly important in the context of the fact that the above
enactments do not contain any specific provisions for audit of branches of
these banks. This is unlike banking companies where audit of branches is
required under section 228 of the Companies Act, 1956. It may be noted that
the Regional Rural Banks Act, 1976, does not contain any provisions relating
to audit of branches. Accordingly, in the case of such banks, audit of branches
is also carried out by the auditors appointed for the bank as a whole.

Auditor's Report - In the case of a nationalised bank, the auditor is required to

make a reportto the Central Government in which he has to state the following:
a)whether, in his opinion, the balance sheet is a full and fair balance sheet
containing all the necessary particulars and is properly drawn up so as to

exhibit a true and fair view of the affairs of the bank, and in case he had called
for any explanation or information,
b)whether it has been given and whether it is satisfactory
c)whether or not the transactions of the bank, which have come to his notice,
have been within the powers of that bank
c)whether or not the returns received from the offices and branches of the bank
have been found adequate for the purpose of his audit
d)whether the profit and loss account shows a true balance of profit or loss for
the period covered by such account; and any other matter which he considers
should be brought to the notice of the Central Government.

The report of auditors of State Bank of India is also to be made to the Central
Government and is almost identical to the auditors report in the case of a
nationalised bank.
The auditors report in the case of subsidiaries of State Bank of India is
identical to the auditors report in the case of a nationalised bank, except that
all references to Central Government have to be construed instead as references
to the State Bank of India. Similar is the position in the case of regional rural
banks, except that the references are instead to the bank concerned.
In addition to matters on which he is required to report to the shareholders
under the Companies Act, 1956, the auditor of a banking company is required
to state in his report:

a) Whether or not the information and explanations required by him have been
found to be satisfactory
b) whether or not the transactions of the company which have come to his
notice have been within the powers of the company;
c)whether or not the returns received from the branch offices of the company
have been found adequate for the purpose of his audit;
d)whether the profit and loss account shows a true balance of profit or loss for
the period covered by such account; andany other matter which he considers
should be brought to the notice of the shareholders of the company.

It may be noted that in the case of a banking company, by virtue of the

provisions of clause (d) of sub -section (3) of section 227 of the Companies
Act, 1956, the auditor has to specifically report whether, in his opinion, the
profit and loss account and balance sheet of the banking company comply with
the accounting standards referred to in sub-section (3C) of section 211 of the
Companies Act, 1956.

Long Form Audit Report - Besides the audit report as per the statutory
requirements discussed above, the terms of appointment of auditors of public
sector banks, private sector banks and foreign banks [as well as their branches,
require the auditors to also furnish a long form audit report (LFAR)]. The

matters which the banks require their auditors to deal with in the long form
audit report have been specified by the Reserve Bank of India.
Books and Accounts - A banking company is required to maintain the books of
account in accordance with Section 209 of the Companies Act. There are,
however, certain imperatives in banking business they are the requirements to
maintain accurate and always up-to- date accounts. Banks, therefore, device
their accounting systems to suit these requirements. The main characteristics of
a banks system of book keeping are as follows:
a) Entries in the personal ledgers are made directly from vouchers instead of
being posted from the books of prime entry.
b) The vouchers entered into different personal ledgers each day are
summarised on summary sheet, the totals of which are posted to the control
accounts in the general ledger.
c) The general ledger trial balance is extracted and agreed every day.
d) All entries in the detailed personal ledgers and the summary sheets are
checked by persons other than those who have made the entries, with the
general result that most clerical mistakes are detected before another day
begins.
e) A trial balance of the detailed personal ledgers is prepared periodically,
usually every two weeks, and agreed with the general ledger control accounts.

f) Excepting for cash transactions, always two vouchers are prepared for each
transaction, one for debit and the other for credit. This system ensures double
entry at the basic level and obviates the possibility of errors in posting.

Principal books of account

General Ledger - It contains control accounts of all personal ledger, the profit
and loss account and different assets and liabilities accounts. There are certain
additional accounts known as contra accounts which is unique feature of bank
accounting. These contra accounts are maintained with a view to keeping
control over transactions which have no direct effect on the banks position,
e.g., letters of credit opened, bills received for collection, guarantees given, etc.

Profit and Loss Ledger - Some banks keep one account for profit and loss in
this general ledger and maintain separate books for the detailed accounts.
These are columnar books having separate columns for each revenue receipt
and expense head. Other banks keep separate books for debits and credits.
These books are directly posted from vouchers. The totals of debits and credits
posted are entered into the profit and loss account in the general ledger. In
some cases, the revenue accounts are also maintained in the general ledger
itself, while in some others, broad revenue accounts are kept in the general
ledger and the details are recorded in a subsidiary ledger. The account heads

are maintained in greater detail than those that appear in the banks published
profit and loss accounts.
Subsidiary Books of Accounts

Personal Ledgers - Separate ledgers are maintained by banks for different

types of accounts. For example, there are separate ledgers for current accounts,
saving accounts, fixed deposits (often further classified by length of period of
deposit), cash certificates, loans, overdrafts, etc. As has been mentioned earlier,
these ledgers are posted directly from vouchers and all the vouchers entered in
each ledger in a day are summarised into Voucher Summary Sheets. The
Voucher Summary Sheets are prepared in the department which originates the
transactions by persons other than those who write the ledgers. They are
subsequently checked, with the vouchers by different persons generally
unconnected with the writing up of ledgers or the preparation of Voucher
Summary Sheets.

Bill Registers - Details of different types of bills are kept in separate registers
which have suitable columns. For example, bills purchased, inward bills for
collection, outward bills for collection, etc. are entered serially day to day in
separate registers. In case of bills purchased or discounted, party-wise details
are also kept in normal ledger form. This is done to ensure that the sanctioned
limits of parties are not exceeded. Entries in these registers are made by

reference to the original documents. A voucher for the amount of transactions

of each day is prepared in respect of each register. The voucher is entered in the
Day Book. When a bill is realised or returned, its original entry in the register
is marked off. A daily summary of such realisations or returns is prepared in
separate registers whose totals are taken to vouchers which are posted in the
Day Book. In respect of Bills for collection, contra vouchers reflecting both
sides of the transactions are prepared at the time of the original entry, and this
entry is reversed on realisation. Outstanding entries are summarised frequently,
usually twice a month and their total is agreed with the balance of respective
control accounts in the General Ledger.

Other Subsidiary registers - There are different registers for various types of
transactions. Their number, volume and details which differ according to the
individual needs of each Bank. For example, there will be registers fora) Demand Drafts, Telegraphic and Mail Transfers issued on branches or
agencies.
b) Demand Drafts, Telegraph Transfers and Mail Transfers received from
branches and Agencies.
c) Letters of Credit.
d) Letters of Guarantee.
Entries into these Registers are made from original documents which are also
summarised on vouchers every day. These vouchers are posted into the Day

Book. Outstanding entries are summarised frequently and their total agreed
with the control heads in the General Ledger.

Departmental Journals - Each department of the Bank maintains a journal to

note thetransfer entries passed by it. These journals are memoranda books only,
as all the entries made there are also made in the Day Book, through Voucher
Summary Sheets. The purpose is to maintain a record of all transfer entries
originated by each department. For example, the Loans and Overdraft Section
will pass transfer entries for interest charged on various accounts every month,
and as all these entries are posted in the journal of the department, the officer
concerned can easily find out the accounts in respect of which the interest entry
has been passed. Since all the vouchers passed during the day are entered in the
Day Book only in a summary form, it may not be possible to get this
information from the Day Book without looking into the individual vouchers.

As has been mentioned earlier, two vouchers are generally made for each
transfer entry, one for debit and the other for credit. The vouchers are generally
made by and entered into the journal of the department which is accordingly
credited to the other departments. For example, if any amount is to be
transferred from Current Account of a customer to his Saving Bank Account,
vouchers will be prepared by the Current Account Department and entered in
the journal of that department.

(v) Other Memoranda Books - Besides the books mentioned above, various
departments of abank have to maintain a number of memoranda books to
facilitate their work. Some of the important books are described below:
Cash Department
Receiving Cashiers Cash Book.
Paying Cashiers Cash Book.
Main Cash Book.
Cash Balance Book.
The main cash book is maintained by a person other than cashiers. Each cashier
keeps a separate cash book. When cash is received, it is accompanied by pay-in
-slips or other similar documents. The cashier makes the entry in his book
which is checked by the chief cashier. The pay-in -slip then goes to the Main
Cash Book writer who makes an entry in his book. The cash book checker
checks the entry with the slip and then the counter- foil of the slip is returned
back to the customer and the foil is sent to the appropriate department for
entering into the ledger. The foil is used as a voucher. Cash is paid against a
cheque or otherdocuments (e.g. Travellers cheques, demand drafts, pay orders,
etc.) after it has been duly passed and entered in the appropriate account in the
ledger. Cheques, demand drafts, pay orders, etc. are themselves used as
vouchers.

Quick Payment System - Banks introduce different systems so that their

customers may receive payment of cash, etc. quickly. The most prevalent
system is the teller system. Under this system, tellers keep cash as well as
ledger cards and specimen signature cards of each customer in respect of
Current and Savings Bank Accounts, A teller is authorised to make payment
upto a particular amount say, Rs. 1000/-. On receipt of a cheque, he checks it,
passes it for payment, enters it in the ledger card and makes payment to the
customer. The teller also receives cash deposited in these accounts.
Outwards Clearing a)Clearing Cheques Received Book for entering cheques received from
customers for clearing.
b)Bank-wise list of the above cheques, one copy of which is sent to the
clearing house together with cheques.
A person checks the vouchers (foil of pay-in-slip) and list with the Clearing
Cheques Received Book. The vouchers are then sent to appropriate
departments, where customers accounts are immediately credited. If any
cheque is received back unpaid, the entry is reversed. Normally no drawings
are allowed against clearing cheques deposited the same day but exceptions are
often made by the manager in the case of established customers.
Inward Clearing - Cheque received are checked with the accompanying list.
These are then distributed to different departments and the number of cheques
given to each department is noted in a memo book. When the cheques are

passed and posted into ledger, their number is independently agreed with the
Memo Book. If the cheques are found unplayable, they are returned to the
Clearing House. The cheques themselves serve as vouchers.

Loans & Overdrafts Department

a)

Registers to record details of documents executed by the borrowers and

guarantors in respect of credit facilities.

b) Securities register for recording details of securities in respect of credit
facilities.
c)

Pending documents and document deficiency register.

d) Godown registers maintained by the godown -keepers of the bank.

e)

Price register giving the wholesale prices of commodities pledged with the

bank.
f)

Overdraft sanction register

g)

Drawing power book

h) Delivery order books

i)

Storage books

j)

Stock statements registers for loan accounts

K) Suit filed register

l)

Inspection registers for loan accounts.

Deposits Department

Account Opening & Closing registers.

For fixed deposits, rate register giving analysis of deposits according to rates.
Due Date Diary.
Specimen signature book.

Establishment Department

Salary and allied registers such as attendance register, leave register, overtime
register, etc.
Register of fixed assets e.g., furniture and fixtures, motor cars, vehicles, etc.
Stationery registers.
Old records register.

General
Signature book of banks officers.
Private Telegraphic Code and cyphers.
Back up registers for various types of returns/statements.
Safe Deposit Lockers/Safe Custody registers
Registers to record particulars of lost instruments (Draft, Cheques, etc) based
on details received from the head office.

Transit books through which instruments are sent to the cash department for
payment by the official authorizing such payment.
Registers to record particulars of outstanding inter-office entries received from
the reconciliation department of the bank which are to be responded to by the
branch.
Cheque books issued register.
Token register.

Statistical Books - Statistical records kept by different books are in accordance

with their individual needs. For example, there may be books for recording (1)
average balances in loans and advances etc. (2) Deposits received and amounts
paid out each month in the various departments (3) Number of cheques paid,
(4) Number of cheques, bills and other items collected.

Conducting an Audit -The audit of banks or of their branches involves the

followingstages -

1. Initial consideration by the Statutory auditor

2. Identifying and Assessing the Risks of Material
4. Understanding the Bank and Its Environment including
Control
6. Understand the Banks Accounting Process

3. Misstatements
5.

Internal

7. Understanding the Risk Management Process

8. Engagement Team Discussions
9. Establish the Overall Audit Strategy
10. Develop the Audit Plan
11. Audit Planning Memorandum
12. Determine Audit Materiality
13. Consider Going Concern
14. Assess the Risk of Fraud including Money Laundering
15. Assess Specific Risks
16. Risk Associated with Outsourcing of Activities
17. Response to the Assessed Risks
18. Stress Testing
19. BASEL II framework.

1. Initial consideration by the statutory auditor

Declaration of Indebtedness@
The RBI has advised that the banks, before appointing their statutory
central/circle/ branch auditors, should obtain a declaration of indebtedness in
proforma 'A' given in Annexure to the Notification No. RBI/2004/161 Ref
DBS.ARS No B.C. 09 /08.91.001/2003-04 dated April 20, 2004. In addition to
this, the RBI has further advised the banks that no credit facility (including

guaranteeing any facilities availed of by third party) should be availed of by the

proprietor/any of the partners of the audit firm/members of his/their families or
by firm/ company in which he/they are partners/directors.

Internal Assignments in Banks by Statutory Auditors@

The RBI, vide its circular no. Ref. DBS.ARS. No. BC. 02/ 08.91.001/ 2008-09
dated December 31, 2008 on Internal assignments in banks by statutory
auditors, decides that the audit firms should not undertake statutory audit
assignment while they are associated with internal assignments in the bank
during the same year. In case the firms are associated with internal assignment
it should be ensured that they relinquish the internal assignment before
accepting the statutory audit assignment during the year.

As the central auditors for private banks are appointed every year by their
shareholders in the Annual General Meetings (AGM), each bank is required to
obtain prior approval of the RBI in
terms of the provisions of Section 30 (1A) of the Banking Regulation Act,
1949 before making appointment/re-appointment of the auditors
Planning

Standard on Auditing (SA) 300 (Revised), Planning an Audit of Financial

Statements requires that the auditor shall undertake the following activities
prior to starting an initial audit:
a) Performing procedures required by SA 220, Quality Control for Audit Work
regarding the acceptance of the client relationship and the specific audit
engagement; and
b) Communicating with the predecessor auditor, where there has been a change of
auditors, in compliance with relevant ethical requirements

Communication with Previous Auditor

As per Clause 8 of the Part I of the first schedule to the Chartered Accountants
Act, 1949, a chartered accountant in practice cannot accept position as auditor
previously held by another chartered accountant without first communicating
with him in writing.

Terms of Audit Engagements

Standard on Auditing (SA) 210, Terms of Audit Engagements requires that
for each period to be audited, the auditor should agree on the terms of the audit
engagement with the bank before beginning significant portions of fieldwork.
It is imperative that the terms of the engagement are documented, in order to
prevent any confusion as to the terms that have been agreed in relation to the

audit and the respective responsibilities of the management and the auditor, at
the beginning of an audit relationship.

Initial Engagements
Standard on Auditing (SA) 510, Initial Engagements-Opening Balances 2,
paragraph 3 states that when the financial statements are audited for the first
time or when the financial statements for the preceding period were audited by
another auditor, the auditor should obtain sufficient appropriate audit evidence
that:

the closing balances of the preceding period have been correctly brought
forward to the current period;
the opening balances do not contain misstatements that materially affect the
financial statements for the current period; and
appropriate accounting policies are consistently applied.

Assessment of Engagement Risk

The assessment of engagement risk is a critical part of the audit process and
should be done prior to the acceptance of an audit engagement since it affects
the decision of accepting the engagement and also in planning decisions if the
audit is accepted.

Establish the Engagement Team

The selection of the engagement team is a key activity in the development and
execution of an effective and efficient audit plan. The assignment of qualified
and experienced professionals is an important component of managing
engagement risk. The size and composition of the engagement team would
depend on the size, nature, and complexity of the banks operations.
Understanding the Bank and its Environment
Standard on Auditing (SA) 315, Identifying and Assessing the Risks of
Material Misstatement Through Understanding the Entity and Its Environment
(applicable for audits of financial statements beginning on or after April 1,
2008) lays down that the auditor should obtain an understanding of the entity
and its environment, including its internal control, sufficient to identify and
assess the risks of material misstatement of the financial statements whether
due to fraud or error, and sufficient to design and perform further audit
procedures.

Identifying and Assessing the Risks of Material Misstatements

Standard on Auditing (SA) 315, Identifying and Assessing the Risk of
Material Misstatement Through Understanding the Entity and Its Environment
requires the auditor to identify and assess the risks of material misstatement at
the financial statement level and the assertion level for classes of transactions,

account balances, and disclosures to provide a basis for designing and

performing further audit procedures. For this purpose, the auditor shall@:
Identify risks throughout the process of obtaining an understanding of the
entity and its environment, including relevant controls that relate to the risks,
and by considering the classes of transactions, account balances, and
disclosures in the financial statements;
Assess the identified risks, and evaluate whether they relate more pervasively
to the financial statements as a whole and potentially affect many assertions;
Relate the identified risks to what can go wrong at the assertion level, taking
account of relevant controls that the auditor intends to test; and
Consider the likelihood of misstatement, including the possibility of multiple
misstatements, and whether the potential misstatement is of a magnitude that
could result in a material misstatement.
SA 315 requires the auditor to put specific emphasis on the risks arising out of
the fraud, changes in regulatory environment, complex transactions, related
party transactions, and abnormal business transactions.
Understanding the Bank and Its Environment including Internal Control
An understanding of the bank and its environment, including its internal
control, enables the auditor:
to identify and assess risk;
to develop an audit plan so as to determine the operating effectiveness of the
controls, and to address the specific risks. Further, documentation of the

auditors understanding of the bank and its environment provides an effective

mechanism for accumulating and sharing knowledge and experience and
briefing the same to all the members of the engagement team, particularly in
case of multi-location audit engagements.

When obtaining an understanding of the bank and its environment, including

its internal control, the auditor is required to:
Obtain an understanding of the relevant industry, regulatory, and other external
factors including the applicable financial reporting framework.
Obtain an understanding of the nature of the bank, including:
its operations;
its ownership and governance structures;
the types of investments that the bank has made and plans to make; and the
way that the entity is structured and financed; to enable the auditor to
understand the classes of transactions, account balances, and disclosures to be
expected in the financial statements.
Obtain an understanding of the banks objectives and strategies, and the related
business risks that may result in material misstatement of the financial
statements.
Obtain an understanding of the banks selection and application of accounting
policies, including the reasons for changes thereto. The auditor shall evaluate
whether the banks accounting policies are consistent with the applicable

financial reporting framework and accounting policies prevalent in the banking

industry.
Obtain an understanding of the measurement and review of the banks financial
performance.
Obtain an understanding of the banks accounting process relevant to financial
reporting.
Obtain an understanding of the banks internal control relevant to the audit.

Understand the Banks Accounting Process

The accounting process produces financial and operational information for
managements use and it also contributes to the banks internal control. Thus,
understanding of the accounting process is necessary to identify and assess the
risks of material misstatement whether due to fraud or not, and to design and
perform further audit procedures. In obtaining an understanding the accounting
process, the auditor may seek to identify the significant flow of the transactions
and significant application systems that are relevant to the accounting process.
When obtaining an understanding of the accounting process, the auditor,
ordinarily, does not focus on the processes that relate to the effectiveness and
efficiency of operations and compliance with laws and regulations, unless they
impact the financial statements or their audit procedures. While obtaining the
understanding of the significant flow of the transactions, the auditor should
also obtain an understanding of the process of recording and processing of

journal entries, and should also make inquiries about inappropriate or unusual
activity relating to the processing of journal entries and other adjustments.

Understanding the Risk Management Process

Management develops controls and uses performance indicators to aid in

managing key business and financial risks. An effective risk management
system in a bank generally requires the following:
Oversight and involvement in the control process by those charged with
governance: Those charged with governance (BOD/Chief Executive Officer)
should approve written risk management policies. The policies should be
consistent with the banks business objectives and strategies, capital strength,
management expertise, regulatory requirements and the types and amounts of
risk it regards as acceptable. Those charged with governance are also
responsible for establishing a culture within the bank that emphasises
commitment to internal controls and high ethical standards. Management is
responsible for implementing the strategies and policies set by those charged
with governance thereby ensuring that an adequate and effective system of
internal control is established and maintained.

Identification, measurement and monitoring of risks: Risks that could

significantly impact the achievement of banks goals should be identified,

measured and monitored against pre-approved limits and criteria. This function
is usually performed by the banks Risk Committee or an independent risk
management unit, which is also responsible for validating and stress testing the
pricing and valuation models used by the front and back offices. Further, it also
monitors risk management activities and evaluates the effectiveness of risk
management models, methodologies and assumptions used. The mid office,
which is responsible for identifying, measuring and reporting the risk
associated with the transaction, within each function usually reports to the Risk
Committee or the independent risk management unit. Thus, in this manner the
banks management monitors the overall risks surfaced by the bank.
Control activities: A bank should have appropriate controls to manage its risks,
including effective segregation of duties (particularly, between front and back
offices), accurate measurement and reporting of positions, verification and
approval of transactions, reconciliation of positions and results, setting of
limits, reporting and approval of exceptions, physical security and contingency
planning.
RBI has informed banks vide its master circular on Risk Management and
Inter-bank Dealings dated July 1, 2008@, the risk management framework and
reporting requirements with respect to certain categories of transactions such
as, forward contracts and hedging transactions entered into by the bank with
residents, managing of assets and liabilities of the bank and hedging the same,
hedging of Tier I capital in case of foreign banks, etc.

For every bank in India, certain risk management limits such as, the net open
position (NOP) limit and aggregate gap limit (AGL) are approved by the
RBI after making an assessment of each banks overall risk appetite. Banks
install checks in their daily processes to ensure that these limits are being
adhered to at all times.
As part of regulatory reporting, banks are also required to report to the RBI a
host of other risk management limits such as, single and group borrower limits
(these limits give an indication of concentration risk), credit exposure for
derivatives (this indicates the potential replacement cost of the derivative
portfolio), capital market exposure of the bank, country risk exposure and
exposure to sensitive sectors such as, real estate, etc.

Monitoring activities: Risk management models, methodologies and

assumptions used to measure and manage risk should be regularly assessed and
updated. This function may be conducted by the independent risk management
unit. Internal auditing should test the risk management process periodically to
check whether management polices and procedures are complied with and
whether the operational controls are effective. Both the risk management unit
and internal auditing should have a reporting line to those charged with
governance (i.e., the BOD or the Executive Committee) and management that
is independent of those on whom they are reporting.

Reliable information systems: Banks require reliable information systems that

provide adequate financial, operational and compliance information on a
timely and consistent basis. Those charged with governance and management
require risk management information that is easily understood and that enables
them to assess the changing nature of the banks risk profile.

Engagement Team Discussions

The engagement team should hold discussions to gain better understanding of

banks and its environment, including internal control, and also to assess the
potential for material misstatements of the financial statements. The discussion
provides the following:
An opportunity for more experienced engagement team members, including
the audit engagement partner, to share their insights based on their knowledge
of the bank and its environment.
An opportunity for engagement team members to exchange information about
the banks business risks.
An understanding amongst the engagement team members about affect of the
results of the risk assessment procedures on other aspects of the audit,
including decisions about the nature, timing, and extent of further audit
procedures.

Establish the Overall Audit Strategy

Standard on Auditing (SA) 300, Planning an Audit of financial Statements
states that the objective of the auditor is to plan the audit so that it will be
performed in an effective manner. For this purpose, the audit engagement
partner should: establish the overall audit strategy, prior to the commencement
of an audit; and involve key engagement team members and other appropriate
specialists while establishing the overall audit strategy, which depends on the
characteristics of the audit engagement.
The overall audit strategy sets the scope, timing and direction of the audit as it
guides the development of detailed audit plan. The establishment of the overall
audit strategy involves:
Identifying the characteristics of the audit engagement that define its scope,
such as the financial reporting framework used (Third Schedule to the Banking
Regulation Act, 1949), additional reporting requirements at various locations of
the components of the bank prescribed by the RBI, etc.
Ascertaining the reporting objectives of the audit engagement to plan the
timing of the audit and the nature of the communications required, such as
deadlines for interim and final reporting, key dates for expected
communications with the management and with those charged with
governance.
Considering the important factors that will determine the focus of the
engagement teams efforts, such as determination of appropriate audit

materiality, preliminary identification of significant risks, preliminary

identification of material components and significant account balances and
disclosures
Consider the factors that, in the auditors professional judgment, are significant
in directing the engagement teams efforts.
Consider the results of preliminary engagement activities and, where
applicable, whether knowledge gained on other engagements performed by the
engagement partner for the bank is relevant.
Ascertain the nature, timing and extent of resources necessary to perform the
engagement.

Develop the Audit Plan

Standard on Auditing (SA) 300, Planning an Audit of Financial Statements
deals with the auditors responsibility to plan an audit of financial statements in
an effective manner. It requires the involvement of all the key members of the
engagement team while planning an audit. Before starting the planning of an
audit, the auditor must perform the procedures as defined under SA 220,
Quality Control for Audit Work for reviewing the ethical and independence
requirements. In addition to this, the auditor is also required to comply with the
requirements of SA 210, Terms of Audit Engagement.

Audit Planning Memorandum

The auditor should summarise their audit plan by preparing an audit planning
memorandum in order to Describe the expected scope and extent of the audit
procedures to be performed by the auditor.
Highlight all significant issues and risks identified during their planning and
risk assessment activities, as well as the decisions concerning reliance on
controls.
Provide evidence that they have planned the audit engagement appropriately
and have responded to engagement risk, pervasive risks, specific risks, and
other matters affecting the audit engagement.
The audit planning memorandum should be approved by the audit engagement
partner. It ordinarily addresses the following matters:
Assessment of and planned responses to the engagement risk, pervasive risks
or specific risk at the assertion level for classes of transactions, account
balances, and disclosures.
Assessment of the initial conclusions in respect to the independence and
potential conflict of interest.
Other significant issues arising out of the planning activities, which may
include the following:

Identified fraud risk factors

Preliminary conclusions regarding the components of internal control Audit

materiality
IT environment of the bank and need to use the work of an expert; and
Changes in the banks environment such as, changes in accounting policies or
accounting process of the bank.

Determine Audit Materiality

The auditor should consider the relationship between the audit materiality and
audit risk when conducting an audit. The determination of audit materiality is a
matter of professional judgment and depends upon the knowledge of the bank,
assessment of engagement risk, and the reporting requirements for the financial
statements.
The auditor needs to consider the possibility of misstatements of relatively
small amounts that, cumulatively, could have a material effect on the financial
information. The following factors should be considered while assessing audit
materiality for banks:
Due to high leverage, relatively small misstatements may have a significant
effect on the results for the period and on capital, even though they may not
have significant impact on the total assets.

Since a banks earning are low compared to its total assets and liabilities and
off balance sheet commitments, any misstatements that relate only to assets,
liabilities and commitments may be less significant than those that relate to
earnings.
Banks are subjected to regulatory requirements, including maintenance of
minimum capital. Accordingly, while establishing materiality level the auditor
should be in a position to identify misstatements which could result in a
significant contravention of the regulatory requirements.

Consider Going Concern

In obtaining an understanding of the bank, the auditor should consider whether

there are events and conditions which may cast significant doubt on the banks
ability to continue as a going concern. The auditor needs to consider events and
conditions relating to the going concern assumption when performing risk
assessment procedures so as to make timely discussions with the management,
review the managements plans, and resolution of any identified going concern
issues. Audit procedures, which may indicate that there could be a question
about a banks ability to continue as a going concern for the foreseeable future
including the following:

Reading of minutes of meetings of shareholders, board of directors, and other

important meetings;
Analytical Procedures;
Review of compliance with the terms of debt and loan agreements;
Confirmation with related and third parties of the details of arrangements to
provide or maintain financial support;
Inquiry of the banks legal counsel about litigation, claims, and assessments;
and
Review of subsequent events.
There are certain specific events or conditions, which could specifically cast a
significant doubt on the ability of the bank to continue as a going concern:
Rapid increase in the volume of derivative business without necessary controls
being in place.
Decline in the projected profitability, if the bank is at or near its minimum level
of regulatory capital.
Higher interest rates being paid on deposits and borrowing than the market
rates.
Actions taken or threatened by regulators that may have an adverse effect on
the ability of the bank to continue as a going concern.
High concentration of exposure to certain borrowers or industries.

Assess the Risk of Fraud including Money Laundering

As per SA 240 (Revised), The Auditors Responsibilities Relating to Fraud in

an Audit of Financial Statements, the auditors objective are to identify and
assess the risks of material misstatement in the financial statements due to
fraud, to obtain sufficient appropriate audit evidence on those identified
misstatements and to respond appropriately. The attitude of professional
skepticism should be maintained by the auditor so as to recognise the
possibility
of misstatements due to fraud. When obtaining an understanding of the bank
and its environment, the auditor should make inquiries of management
regarding the following:
Managements assessment of the risk that the financial statements may be
materially misstated due to fraud, including the nature, extent and frequency of
such assessments.
Managements process for identifying and responding to the risk of fraud in the
bank, including any specific risks of fraud that management has identified or
that have been brought to its attention; or classes of transactions, account
balances, or disclosures for which a risk of fraud is likely to exist; and the
internal control that management has established to address these risks.

Managements communication, if any, to those charged with governance

regarding its processes for identifying and responding to the risks of fraud in
the bank.
Managements communication, if any, to employees regarding its views on
business practices and ethical behaviour.
Due to the nature of their business, banks are ready for targeting those who are
engaged in the money laundering activities by which the proceeds of illegal
acts are converted into proceeds from the legal acts. The RBI has framed
specific guidelines that deal with prevention of money laundering and Know
Your Customer (KYC) norms. The RBI has from time to time issued
guidelines (Know Your Customer Guidelines Anti Money Laundering
Standards), requiring banks to establish policies, procedures and controls to
deter and to recognise and report money laundering activities. The RBI, vide its
master circular no. DBOD.AML. BC. No. 12/14 .01.001/2008-09 dated July 1,
2008 on Know Your Customer (KYC) norms/Anti- Money Laundering
(AML) standards/Combating of Financing of Terrorism (CFT)/Obligation of
banks under PMLA, 2002, have advised the banks to follow certain customer
identification procedure for opening of accounts and monitoring transactions of
a suspicious nature for the purpose of reporting it to appropriate authority.
These policies, procedures and controls commonly extend to the following:
Customer acceptance policy, i.e., criteria for accepting the customers.

Customer identification procedure, i.e., procedures to be carried out while

establishing abanking relationship; carrying out a financial transaction or when
the bank has a doubt about the authenticity/veracity or the adequacy of the
previously obtained customer identification data.
A requirement to obtain customer identification (know your client).
Monitoring of transactions Banks are advised to set key indicators for risk
sensitive(e.g., high turnover accounts or complex or unusal transactions
accounts) accounts, taking note of the background of the customer, such as the
country of origin, sources of funds, the type of transactions involved and other
risk factors. Banks should also put in place a system of periodical review of
risk categorisation of accounts and the need for applying enhanced due
diligence measures. Such review of risk categorisation of customers should be
carried out at a periodicity of not less than once in six months.
Closure of accounts- In case of non-application of proper KYC measures,
banks may decide to close the account of the particular customer after giving
due notice to the customer.
Risk Management- The Board of Directors of the bank should ensure that an
effective KYC programme is put in place by establishing appropriate
procedures and ensuring their effective implementation. It should cover proper
management oversight, systems and controls, segregation of duties, training
and other related matters. Responsibility should be explicitly allocated within
the bank for ensuring that the banks policies and procedures are implemented

effectively. Concurrent/ Internal Auditors should specifically check and verify

the application of KYC procedures at the branches and comment on the lapses
observed in this regard. The compliance in this regard should be put up before
the Audit Committee of the Board on quarterly intervals.
Reporting to the authorities of suspicious transactions or of all transactions of a
particular type, for example, cash transactions over a certain amount.
The abovementioned RBI master circular also advised the banks to pay special
attention any money laundering threats that may arise from new or developing
technologies including, internet banking that might favour anonymity, and take
measures, if needed, to prevent their use in money laundering schemes.
Further, banks are required to report all frauds to the RBI on a periodical basis.
The auditors should review the same to get an idea of the nature and extent of
frauds.

Assess Specific Risks

The auditors should identify and assess the risks of material misstatement at
the financial statement level which refers to risks that relate pervasively to the
financial statements as a whole, and potentially affect many assertions. Risk of
material misstatement at the assertion level for specific class of transactions,
account balances and disclosures need to be considered because such
consideration directly assists in determining the nature, timing and extent of

further audit procedures at the assertion level necessary to obtain sufficient

appropriate audit evidence.
For this purpose, the auditor should perform the following:
Identify risks throughout the process of obtaining an understanding of the bank
and its environment, including applicable controls that relate to the risks, and
by considering the account balances or disclosures in the financial statements.

Pinpoint each risk to one or more assertions relating to the account balances or
disclosures.
Consider whether the risks are of a magnitude that could result in a material
misstatement of the financial statements.
Document the identified and assessed risks of material misstatement at the
assertion level.

Risk Associated with Outsourcing of Activities

Further, the modern day banks make extensive use of outsourcing as a means
of both reducing costs as well as making use of services of an expert not
available internally. There are, however, a number of risks associated with
outsourcing of activities by banks and therefore, it is quintessential for the
banks

to

effectively

manage

those

risks.

RBIs

circular

no.

DBOD.BP.40/21.04.158/2006-07 dated November 3, 2006 contains extensive

guidelines on managing the risks associated with the outsourcing of financial

services by banks. The circular, however, also mandates that banks which
choose to outsource financial services should not outsource core management
functions including internal audit, compliance function and decision-making
functions like, determining compliance with Know Your Customer (KYC)
norms for opening deposit accounts, according sanction for loans (including
retail loans) and management of investment portfolio.

Response to the Assessed Risks

SA 330, The Auditors Responses to Assessed Risks deals with the auditors
responsibility to design and implement responses to the risks of material
misstatement identified and assessed by the auditor in accordance with SA 315.
Further, it requires the auditor to design and implement overall responses to
address the assessed risks of material misstatement at the financial statement
level. The auditor should design and perform further audit procedures whose
nature, timing and extent are based on and are responsive to the assessed risks
of material misstatement at the assertion level. In designing the further audit
procedures to be performed, the auditor should:

Consider the reasons for the assessment given to the risk of material
misstatement at the assertion level for each class of transactions, account
balance, and disclosure, including:
The likelihood of material misstatement due to the particular characteristics of
the relevant class of transactions, account balance, or disclosure (i.e., the
inherent risk); and
Whether the risk assessment takes into account the relevant controls (i.e., the
control risk), thereby requiring the auditor to obtain audit evidence to
determine whether the controls are operating effectively (i.e., the auditor
intends to rely on the operating effectiveness of controls in determining the
nature, timing and extent of substantive procedures); and Obtain more
persuasive audit evidence the higher the auditors assessment of risk.
The auditor shall design and perform tests of controls and substantive
procedures to obtain sufficient appropriate audit evidence, as to the operating
effectiveness of relevant controls, and to detect material misstatements at the
assertion level.

Stress Testing
RBI, vide its circular no. DBOD. No. BP. BC.101 / 21.04.103/ 2006-07 dated
June 26, 2007 has required that all commercial banks (excluding RRBs and
LABs) shall put in place a Board approved Stress Testing framework to suit
their individual requirements which would integrate into their risk management

systems. The circular further requires that the framework should satisfy certain
essential requirements as listed therein.

BASEL II framework
The new capital adequacy framework for banks seeks to arrive at significantly
more risk-sensitive approaches to capital requirements of a bank. The revised
Basel II framework attempts to promote more advanced risk management
systems, align regulatory capital closer to economic capital and thus promote
greater efficiency in the use of capital.
Preparation and submission of audit report - The branch auditor forwards his
report to the statutory auditors who have to deal with the same in such manner
as they consider necessary. It is desirable that the branch auditors reports are
adequately detailed in unambiguous terms. As far as possible, the financial
impact of all qualifications or adverse comments on the branch accounts should
be clearly brought out in the branch audit report. It would assist the statutory
auditors if a standard pattern of reporting, say, head-wise, commencing with
assets, then liabilities and thereafter items related to income and expenditure, is

followed. Similarly, for statutory auditors of a bank, the form and content of
the audit report should be determined by the auditor taking into account his
terms of engagement and applicably statutory, regulatory and professional
requirements.
In all cases, matters covering the statutory responsibilities of the auditors
should be dealt with in the main report. The LFAR should be used to further
elaborate matters contained in the main report and not as a substitute thereof.
Similarly, while framing his main report, the auditor should consider, wherever
practicable, the significance of various comments in his LFAR, where any of
the comments made by the auditor therein is adverse, he should consider
whether a qualification in his main report is necessary by using his discretion
on the facts and circumstances qualification in his main report is necessary by
using his discretion on the facts and circumstances of each case. It may be
emphasized that the main report should be self-contained document.

Special Considerations in a CIS Environment -As in todays environment all

bankshave embarked upon a large scale computerization, this has resulted in
changes in the processing and storage of information and affects the
organisation and procedures employed by the entity to achieve adequate
internal control. Thus, while the overall objective and scope of audit do not
change simply because data is maintained on computers, the procedures
followed by the auditor in his study and evaluation of the accounting system

and related internal controls and the nature, timing and extent of his other audit
procedures are affected in a CIS environment.

Internal Audit and Inspection - Banks generally have a well organised

system of internalaudit. Their internal auditors pay frequent visit to the
branches. They are an important link in the internal control of the bank. The
systems of internal audit in different banks also have a system of regular
inspection of branches and head office. The internal audit and inspection
function is carried out by a separate department within the bank by firms of
chartered accountants The statutory auditors should evaluate internal audit,
concurrent audit and inspection functions to the extent they consider that these
will be relevant in designing their audit procedures. They should also review
the internal/concurrent/inspection/audit programmes. Such a review helps the
statutory auditors in determining the nature, timing and extent of their audit
tests. They can assist the bank management in improving the effectiveness of
internal audit/concurrent audit/inspection functions.