Professional Documents
Culture Documents
prepare a risk profile of its own, considering the various parameters and the risks to which bank is
currently exposed.
As
be
per the risk profile of the bank and the parameters laid down following surveillance activities may
conducted:
Off site surveillance
On site inspections
Process level inspections
Product level inspections
Demographic inspections
Integrity inspections
Structured meetings with other banks
Meeting external auditors
Specific supervisory directions and new policy actions
However the above list is illustrative in nature, RBI has also indicated other five areas wherein bank
is expected to implement RBS framework:
Setting up of Risk management architecture
Adoption of risk focused Audit
Strengthening of management information system and information technology
Addressing Human Resource Department issues
Setting up of a Compliance unit
As per the Standards and Guidance note issued by ICAI, internal audit is defined as:
Internal Audit is an independent management function, which involves a continuous and critical
appraisal of the functioning of an entity with a view to suggest improvements thereto and add value
to and strengthen the overall governance mechanism of the entity, including the entitys strategic
risk management and internal control system.
Also, para 8 of the Auditing and assurance Standard (AAS 6), Risk assessments and internal control
clarifies that internal audit, constitutes a separate component of internal control with the objective
of determining whether other internal controls are well designed and properly operated.
Thus the scope of internal audit can be broadly classified as follows:
Independent functioning and evaluation of effectiveness of the internal control system of the
organisation
Continuous evaluation of the organisations processes
Review of the application and effectiveness of the risk management procedures and risk
assessment methodologies
Review of effective management accounting system and information technology of the
organisation
Review of the means of safeguarding the assets
Review of management decisions and cost benefit analysis of the applications
Review of various procedures and reduction in overall turn around time
Review of application used for regulatory reporting
Review of stand alone applications and other applications having interface with the core systems
of the organisation
Internal Audit Function in banks:
Banking industry and need for internal audit:
Deals with public money (Borrowing, lending and investment)
Needs to be accurate
Proper checks and balances to be in place
Primary source of information for determining the effectiveness of existing internal control in the
bank
Global presence of Indian banks
Use of modern information technology
Identification of units
Audit universe
Business Teams
Product teams
Individual product
Control Environment
the overall attitude, awareness and actions of the directors and management regarding the
internal control system and its importance in the entity
Factors related to control environment
Hierarchy Structure
Senior management role and decision making authority
Managements philosophy and operating style
Managements control system including internal audit, personnel policies and procedures
Control Procedures
those policies and procedures, in addition to control environment, which the management
has established to achieve entitys specific objectives
Approving and controlling of documents
Segregation of duties and supervisory functions
Maker checker concept
Reporting and reviewing of exceptions
Comparison of internal data with the external information
Restricting direct access to assets, records and information
Information system controls
Key factors to be considered by an internal auditor before performing internal audit function
Trend pattern of risks
Risk matrix
Inherent risks
High, Low & Medium
Control risks
High, Low & Medium
Prioritization based on the risk assessment
Previous internal audit reports and compliance
Proposed changes in business lines or change in focus
Significant change in management/ key personnel
Results of latest regulatory examination
Reports of external auditors
Industry trends and other environmental factors
Time lapsed since last audit
auditor in assessing inherent and control risk in determining nature, timing and extent of
audit procedures.
Mapping of both the risks with each other so that they are at an acceptable level
Risk assessment matrix appears as below:
Inherent Risk
High
A High Risk
C Extremely
High Risk
Medium
D High Risk
E Medium Risk
Low
G Low Risk
H High Risk
I High Risk
Low
Medium
High
Control Risk