Auditing Banks & Financial Institutions

Questions and Answers

In the context of banking audits, which scenario presents the most significant risk of material misstatement?

• Delays in implementing updated software for customer relationship management.
• Non-compliance with advertising standards for new deposit products.
• Minor discrepancies in the documentation of employee travel expenses.
• Failure to adhere to regulatory prudential norms on investments. (correct)

What is the MOST critical reason for an auditor to review customer complaints in the context of a bank audit?

• To detect potential material liabilities or contingent liabilities arising from those complaints. (correct)
• To ensure compliance with consumer protection laws and regulations.
• To assess the effectiveness of the bank's customer service training programs.
• To identify potential areas of operational inefficiency within the bank.

An auditor discovers that a bank is using sundry/suspense accounts extensively. What is the MOST concerning risk related to this practice?

• Heightened risk of fraud and malpractices, such as concealing unauthorized credits to borrower accounts. (correct)
• Increased administrative overhead due to managing multiple accounts.
• Potential delays in the reconciliation of inter-branch transactions.
• Reduced transparency in the bank's accounting procedures.

What is the MOST significant implication of the integration of national and international settlement systems for bank audits?

Potential introduction of systemic risk to the countries involved. (D)

Considering the volume and variety of transactions banks engage in, what presents the GREATEST challenge for maintaining robust internal controls?

The inherent complexity of accounting and internal control systems required to manage such transactions. (A)

Why does the Reserve Bank of India (RBI) require statutory central auditors (SCAs) to verify banks' compliance with Statutory Liquidity Ratio (SLR) requirements on specific dates that exclude Fridays?

To prevent banks from temporarily manipulating their liquid asset positions for reporting purposes. (A)

During an audit of a bank's DTL (Demand and Time Liabilities) computation, which item, if included as a liability, would MOST likely indicate a material misstatement?

Margins held and kept in sundry deposits for funded facilities. (C)

In the context of verifying a bank's compliance with CRR (Cash Reserve Ratio) and SLR (Statutory Liquidity Ratio) requirements, which audit procedure would provide the MOST persuasive evidence?

Independently recalculating the DTL position and reconciling it with the bank's records. (D)

What is the MOST critical objective an auditor aims to achieve when physically verifying cash balances, including foreign currency, in a bank?

To reconcile the physically verified cash balance with the cash register/balance in CBS (Core Banking System). (B)

Which audit procedure would provide the MOST compelling evidence regarding the valuation of a bank's investment portfolio?

Comparing the bank's valuation method with the guidelines issued by the RBI and relevant accounting standards. (B)

In auditing a bank's advances, what is the PRIMARY reason for an auditor to scrutinize the stock/book debt statements received from borrowers?

To ensure that the drawing power is calculated properly based on the statements. (D)

How should a bank auditor approach asset classification in a situation where a borrower has multiple credit facilities, and one of those facilities has become non-performing?

Classify all facilities to that borrower as non-performing, regardless of their individual performance. (A)

In the context of bank advances, which scenario would necessitate the MOST careful scrutiny regarding the classification of an account?

A loan account where stock statements relied upon for determining drawing power are more than three months old. (B)

A bank has been consistently renewing ad-hoc or short term limits repeatedly for more than 180 days. According to banking regulations, what is the MOST appropriate action for the auditor?

The auditor should consider such limits as Non-Performing Asset, as accounts where regular/ad hoc limits are not reviewed within 180 days should be so classified. (A)

In the context of banking operations, what represents the GREATEST risk associated with inter-branch adjustments?

The opportunity for fraudulent activities to remain hidden. (B)

Why is it ESPECIALLY important for external auditors to be aware of related party transactions?

Because transactions with related parties are not conducted at arm's length, and can, thus not be relied upon. (C)

Why is it particularly important for the auditors to check over the expenditure on new technology systems?

So as to ensure that is has been procured and installed with valid authority and at competitive cost. (A)

What is one of the function of Audit Committee of the Board in pursuance of RBI guidelines?

To provide direction and also oversee the operations of the total audit function in the bank. (D)

Before submitting the report, what is one action the auditor should perform?

Ensure the report should first be discussed with the branch manager and concerned officers. (A)

What should an effective stress testing framework be able to do? (Choose the most appropriate)

Designated to understand whether a bank has enough capital to survive plausible adverse economic conditions. (A)

What must Banks do if they have been given Government Guaranteed Advances?

The reasoning for the same should be taken and duly reported in LFAR. (B)

Which areas need no to be touched with regards to Concurrent Audit?

None of the above (D)

In which cases, should the auditor specifically ensure they examine whilst examining the computation of the items?

The details of exempted categories. (C)

According to SA 250, what overrites the duty of confidentiality?

Statue, law or by court (C)

Why should an auditor evaluate internal controls?

Both C & D (C)

What are the 3 tiers of classification under the shift of securities?

HTM, HFT and AFS (A)

What 2 factors should be checked whilst examining documents of loans and advances?

Both B & D (A)

What is the MOST important risk to verify with regards to non-interest bearing staff advances?

That The same relates to the rolls of The Bank on The date of The preparation of the financial statements. (A)

Due to the increased potential for fraud, what should an auditor do if they come across a Sundry account

Both B & D (C)

Can an auditor rely on confirmations given regarding a high share of the account, for a non-performing loan?

Not really (A)

In the situation where a loan has been guaranteed by one party, is the auditor responsible for finding out if this has been in effect for more or less than 90 days

Both A and D (E)

Is the role of a Stock Auditor only limited to verifying the quantities of the stock?

No, they also need to check conditions etc. (B)

What does the term 'capital adequacy' do?

Describe the adequacy of capital resources of a bank. (D)

True or False: Banks may restructure the accounts classified under standard, substandard or doubtful categories.

True (A)

In the sale of an NPA (Non Performing Assets), what should occur to it after the sale?

The same has been removed from the books of the account of selling bank on transfer. (C)

True or False: Banks can restructure accounts with retrospective effect?

False (A)

Under no circumstances, (In NPAs) can an NPA be..

Can be sold to another bank at a contingent price. (C)

What is the aim of the Basel III accord?

All of the Above. (D)

What is one of the main areas to examine carefully when understanding the Bank's liabilities?

Details of exempted categories of the following items: such as - 1.minimum eligible credit (EC) and outstanding long-term Bonds (LB). 2. The eligible amount of incremental FCNR(B) and NRE deposits. (C)

Flashcards

Custody of Monetary Items

Banks manage customer's cash physically/digitally. Vulnerable to fraud with complex controls.

Volume of Transactions

Banks handle lots of different transactions daily. Necessitates complex IT & controls.

Wide Branch Networks

Branches decentralize control, causing accounting inconsistencies.

Off-Balance Sheet Items

Banks assume obligations without moving money, hard to catch.

Transaction Location Dispersal

Transactions started somewhere are recorded elsewhere.

Direct Customer Transactions

Customers directly do transactions via ATM or internet.

Interlinked Settlement Systems

Banking links national and international systems, posing a wide risk.

Regulatory Influence

Regulatory guidelines are accounting and auditing practices.

Risk-Focused Audit

Concentrate on particular risks related to banking actions.

Regulatory Framework’s importance

Regulations by RBI (Reserve Bank of India).

Financial Statement Forms

Standard formats to present financial data.

Auditor Qualification

Banking Regulation Act requires qualified auditors.

Joint Statutory Auditors

Many CA firms appointed jointly as SCAs by banks.

Initial Audit Steps

Communication, planning, and risk assessment.

Auditor Indebtedness

Auditor declares no debt to the bank.

Auditor Independence

Firms shouldn't audit and do internal tasks.

Terms of Engagement

Agreeing the terms and responsibilites for each period

Communicate with Predecessor Auditors

Auditor can't take role from another without asking.

Bank Understanding

Understanding bank, accounting internal controls.

Risk Management Overview

Identification, measurement, monitoring risks.

Charged with governance oversite

Approve policies, be consistent.

Monitoring Activities

A bank needs to monitor it's performance

Risk Evaluations

IT risks, fraud, outsourcing need check.

Money Laundering Check

Know customer rules are followed.

IT Risk Assessment

Check the risks related to bank's IT use.

Team Discussion Importance

Teams discuss and environment including internals are analysed.

Response to Risk

SA 300 and SA 330 need response to assessed dangers

Materiality Determination

Auditors relates materiality to risk

IT Audit Focus

Working in computer environment.

Data Integrity

Important checks of internal and data

Disaster recovery standards

Systems to start after failures.

Program Change Safety

Check if non-authorized changes are stopped.

Access Controls

Right staff access to the right process.

Authorize operations review records

Approvals and logs to check.

Authorized Ledger Codes

Ledger codes authorized at Head Office are in system.

Reconcile Sub-ledgers

Totals in main book match branch books.

Daily Cash Checks

Internal control must match Day Book.

Segregation cash roles

Cashiers don't access ledgers accounts.

Cheque Truncation System

A image shared to clear accounts.

Bills Collection

Was bill and papers received by a staff member

Study Notes

• This chapter focuses on the special features of auditing banks and non-banking financial companies
• The unit specifically covers the special features of auditing banks

Learning Outcomes

• Understanding the legal and regulatory framework for financial statements of banks
• Knowing the unique aspects of auditing bank accounts and auditor reports
• Understanding concepts like Cash Reserve Ratio (CRR), Statutory Liquidity Ratio (SLR), and Capital Adequacy
• Understanding the procedures for verifying bank assets and liabilities
• Acquiring knowledge about concurrent audits and the activities they cover
• Knowing the audit committee's role in bank audits

Unit Overview

• The overview shows the relationships between various aspects of bank audits, such as:
• Regulatory framework
• Financial statement form and content
• Audit of accounts and reports
• Audit process
• Internal controls
• Verification procedures

Viraj & Associates

• Viraj & Associates, an experienced auditing firm, was appointed a Statutory Central Auditor for a nationalized bank
• CA Mansukh reviews treasury operations to understand bank operations and internal controls alongside joint auditors
• Treasury operations in banks are crucial for processing transactions and managing risks
• The main components of treasury are investments, forex, and derivatives

Investment Auditing

• Auditing bank investments is vital due to regulatory norms and financial statement impact
• Understanding IT controls and system applications related to investment functions is key since the investment function is automated
• Gaining detailed insights into deposit products, interest rate determination, and charges is important
• KYC verification processes must be examined
• The accurate application of interest rates on deposit products is a key area for sampling during audits
• Customer complaints are reviewed to identify potential material or contingent liabilities

Audit Partner Responsibilities

• CA Piyush (P K S D & Associates) is familiarizing himself with credit recovery policy and RBI guidelines
• CA Piyush is considering automation and income recognition related to credit portfolio recovery
• Ensuring consistency in income recognition and bank internal policy alignment is essential
• Planning procedures to upgrade Non-Performing Assets (NPAs) in line with RBI norms is necessary
• Reviewing the credit monitoring and restructuring department is also crucial for auditors due to its role in bank policies
• Credit monitoring helps manage risks effectively
• This department can also be responsible for restructuring stressed advances

CA Gopal

• CA Gopal (GSK & Co.) is performing internal and office account verification for the bank
• Verifying accounts holds significance, since those accounts can be misused for frauds like unauthorized openings
• Such accounts can be opened to afford credits to borrower accounts, preventing them from becoming NPAs
• Opening such accounts and periodic reconciliation is essential for auditors

Introduction to Bank Audits

• The banking industry, which is the pivot of economies and financial systems, acts as a foremost agent of financial intermediation
• A strong and resilient banking system is essential due to factors, including:
• Operation in competitive environments
• Regulatory alignment with international best practices
• Financial deepening in India is progress with consideration towards; orderly financial markets, growth
• Banks are different from other commercial organizations
• Banks safeguard monetary items and negotiable instruments
• This necessitates formal procedures, defined discretion limits, and internal control
• Banks engage in a large volume and transactions, driving complex accounting, internal control, and IT use
• Operations span wide geographic networks, necessitating decentralized authority and control, but with risks to uniform practice
• Banks assume significant commitments without immediate fund transfers, called 'off-balance sheet' items, potentially difficult to detect
• Transactions initiated in one location are recorded and managed elsewhere, increasing complexity in auditing
• Customers directly initiate and complete transactions, like through digital channels
• Integration and linkages of national and international settlement systems can create systemic risks
• Government regulatory requirements affect accounting and auditing in the banking sector

Special Audit Considerations

• Special audit considerations arise in the audit of banks due to factors including
• Risks of transactions
• Scale of banking operations
• IT dependence
• Statutory and regulatory requirements
• New products/services
• Technology evolution has led to operational and financial risks
• Auditors should design an audit approach that considers these factors
• Branch auditors and central auditors must have detailed knowledge of the products offered and associated risks
• Different applications can be used to carry out different transactions and use interface controls between applications.

Legal Framework

• A legal framework governs the operation of banks in India
• The principal acts include
• The Banking Regulation Act, 1949
• The Reserve Bank of India Act, 1934
• The State Bank of India Act, 1955
• The Co-operative Societies Act, 1912
• The Companies Act, 2013
• The Securitization and Reconstruction of Financial Assets and Enforcement of Security Interest Act, 2002
• The Prevention of Money Laundering act, 2002
• The Information Technology act, 2000
• The payment and settlement systems act, 2007
• The acquisition and transfer of undertakings (for bank companies) acts

RBI Powers

• The Reserve Bank of India has powers over banks

Form and Content of Financial Statements

• Every banking company must prepare a Balance Sheet and Profit and Loss Account as per the Third Schedule of the Banking Regulation Act
• Third Schedule Form A outlines Balance Sheet form, while Third Schedule Form B outlines Profit and Loss Account
• Banking companies must comply with disclosure requirements in Accounting Standards and section 133 of the Companies Act 2013
• Implementation of Indian Accounting Standards (Ind AS) is currently deferred by RBI for scheduled commercial banks
• Balance sheets often involve preparing standalone and consolidated financial statements
• Standalone include consolidating branch accounts and incorporating bank functions
• Procedures vary across banks
• Private banks have accounting processes, so there is no mandated branch audit
• Public and private sector banks comply with SEBI regulations including LODR if they are listed

Audit of Accounts & Auditor Appointment

• Section 30 of the Banking Regulation Act mandates balance sheet and profit and loss account audits for banking companies by qualified auditors
• Nationalized and public sector banks specifically appoint multiple firms of CA to act as statutory central auditors (SCAs)
• The appointment letter includes:
• Appointment period
• Central auditors information
• Past auditor information
• Acceptance compliance for appointment procedures
• Work division and reporting responsibilities
• Assignment scope for reports
• Details specific to branch auditors

Auditor Appointment Authority

• Auditors of banking companies are appointed at the annual general meeting, as per enactments
• For nationalized banks, bank acts through the board of directors
• Reserve Bank approval is required

Conducting an Audit

• The audit process can be broken down into steps
• initial considerations
• understanding the entity
• risk assessment
• execution
• reporting

Initial Considerations

• Engagement risk is assessed for audit engagements and influences the acceptance decision
• Banks obtain a declaration of indebtedness before appointing central and branch auditors.
• Banks ensure that auditor/firm/partners/family members have not been declared as willful defaulters
• Statutory auditors should not take on both statutory audit work and internal assignments simultaneously

Audit Engagements

• SA 210 requires agreement on the terms of audit engagements for each audited period
• Engagement terms should be written to detail agreed upon terms and responsibilities
• Communication with the previous auditor is necessary before accepting an audit
• The audit plan needs to be documented with respect to timing, extent of checking and it should be continuously updated
• Qualified experienced professionals should be assigned

Stage 2: Understanding

• Audits require qualified and experienced professionals.
• The size of the engagement team depends on the bank’s size, nature, and complexity
• Understanding the bank, its environment enables auditors to identify risks
• Allows auditors develop a plan considering the effectiveness of controls
• Banks create accounting processes for proper management
• Process helps in assessing risk of missatatement and for designing procedures

What is Required For the Auditor?

• Developing an understanding the risk management process
• Management develops controls and performance indicators to manage risks
• Effective banks require:
• Oversight by those charged with governance such as written management policies which are consistent with strategy
• Identification, measurement, and monitoring of the risks
• Risk should be identified, measured, and monitored against approval of limits
• Banks should manage risks including duties, Segregation and Physical Security and contingency planning
• Regularly assess and update risk
• Needs Banks require systems which produce adequate information, allowing them to assess risk.

Risk Assessment

• SA 315 requires auditors to assess the risk of material misstatement
• As per SA 240, auditors should assess the risk of material misstatement due to fraud
• Professional skepticism is important
• RBI has “Know Your Customer (KYC)” to prevent money laundering activities

Evaluating Risks

• Auditors should identify specific risks of material misstatement at the financial statement level, referencing IT industry regulations
• Banks use outsourcing, reducing costs and making sure experts are available
• Risk must be managed
• Engagement teams hold discussions to gain better understanding of banks

Risk Responses

• Implement overall responses to address the risk of material misstatements
• Prepare appropriate audit procedures to minimize risks
• SA 300 highlights need for plan
• Engagement partners should determine planning of an audit
• The auditor should provide documentation on scope, highlighing issues and risks

Audit Memorandums

• Audit planning memorandum should :
• Describe audit procedures
• Highlight risk, or planning
• Provide evidence on engagement and any response to engagement risks

Audit Materiality and Going Concern

• Auditors should relate audit materiality and audit to audit risk when performing audits
• Professional judgement depends on the engagement and the specific bank.
• In understanding a bank, the auditor must determine whether there are any conditions of risk within the bank.

Audit Reports and The IT Implication

• There are specific reporting requireements here, it's critical to look at all aspects
• The technology has changed banking.
• Banks must provide the auditor with detailed information
• Auditors should examine:
• Overall IT policy
• Data processing
• Data security
• Disaster control plans
• Accounting manual
• Control

Key Security for Computerized Banks

• Auditors should ensure various controls are operating effectively, which are put in place by management
• Audits are also designed around the methodology employed by the bank during application
• Ensure authorised, accurate data
• In the case of power failure, the system continues to create the records
• IT has a security to ensure that employees are not able to read other information
• Changes are authenticated
• Exceptions reports being reported
• An account master must be authorised

Internal Audit and Inspection

• Centralized audit and inspection are combined at banks, headed by an executive
• Function: undertaking based internal audit
• Identifying new branches
• Make sure that audits are running and discussing issues — Primary function in ensuring the audit runs smoothly

Risk Assessment

• Identification of risks
• Making assessment of risk levels
• Draw uping of risk matrix
• Internal controls are necessary to maintain regulatory requirements and mitigate risks

Areas That Require Internal Controls

• General
• Verify all employees are continually shifted
• Work is checked by another regularly
• Accurately proof books
• Check officer is in possession of items
• Officer checks is receiving correspondence
• Insurance is held
• Cash
• Double checking everything
• Clearning
• Signature and drawer must be verified