Special Features of Audit of Banks & Non-Banking Financial Companies - PDF
Document Details
Uploaded by Deleted User
Tags
Summary
This document provides an overview of special features of auditing in banks and non-banking financial companies. It details learning outcomes and introduces topics like legal frameworks, auditor's reports, and concurrent audits.
Full Transcript
CHAPTER 14 7 SPECIAL FEATURES OF AUDIT OF BANKS & NON-BANKING FINANCIAL COMPANIES UNIT 1 – SPECIAL FEATURES OF AUDIT OF BANKS LEARNING OUTCOMES After studying this chapter, you wil...
CHAPTER 14 7 SPECIAL FEATURES OF AUDIT OF BANKS & NON-BANKING FINANCIAL COMPANIES UNIT 1 – SPECIAL FEATURES OF AUDIT OF BANKS LEARNING OUTCOMES After studying this chapter, you will be able to: Gain the knowledge of legal framework, form and content of financial statements of the banks. Know the feature of audit of accounts and auditor’s report. Understand CRR, SLR and Capital Adequacy etc. Understand the prescribed procedure to be followed while doing verification of assets and liabilities of the bank. Acquire the knowledge of Concurrent Audit and types of activities to be covered in it. Know the role of audit committee in audit of banks. © The Institute of Chartered Accountants of India 14.2 ADVANCED AUDITING, ASSURANCE AND PROFESSIONAL ETHICS UNIT OVERVIEW Regulatory Framework Form and Content of F.S. Format of Audit Report Audit of Accounts LFAR Auditor's Report Coducting an Audit Reporting to RBI, Regulators etc. Overview Internal Control in Certain Selected Areas Assets and Balances Verfication Capital and Liabilities Scope & its covered Activities Coverage of Business/Branches Concurrent Audit Appointment of Auditors and its accountability Audit Committee Audit Report Viraj & Associates, an auditing firm of long standing and experience, has been appointed as one of Statutory Central Auditors of a nationalized bank. Trying to gain understanding of working of the bank including its internal control along with joint auditors, CA. Mansukh is also involved in reviewing treasury operations of the bank as part of gaining insight in bank’s working. Why are treasury operations of a bank significant from point of view of an auditor? Treasury operations are responsible for processing of all financial market transactions and play a crucial role in managing risks. Investments and forex & derivatives form two main components of treasury. In view of regulatory prudential norms on investments, audit of investments becomes very important as non-compliance with regulations could have a direct and material effect on © The Institute of Chartered Accountants of India SPECIAL FEATURES OF AUDIT OF BANKS & NON-BANKING 14.3 FINANCIAL COMPANIES financial statements of the bank. He is also trying to gain understanding of General IT controls and system application controls relating to these as investment function is automated in Bank. He is also gaining knowledge of various types of deposit products of the bank (like CASA and term deposits) and process of determination of interest rates and other charges of these deposits as per rules laid down by bank. Going through bank policy on customer acceptance, procedures to verify compliance of KYC norms are in offing. Apart from it, planned verification of application of rate of interest to every deposit product on sample basis is also on the table. Verification of movement of interest expenses is also in audit plan arsenal. He is also considering to go through complaints lodged by bank customers. What is necessity to plan procedures in this respect? Does auditor of a bank have anything to do with customer complaints? Certainly. It is due to the reason that such complaints may result into material liability or contingent liability. CA. Piyush, Partner of P K S D & Associates (joint auditor) is in the process of familiarising himself with credit recovery policy of the Bank and guidelines of RBI regarding accounting and income recognition in this respect. He is also considering extent of automation of process relating to accounting of recovery of credit portfolio of the Bank. Besides, he wants to ensure consistency in income recognition process relating to order of recovery and its synchronization with internal policy of the Bank. He is also planning procedures to ensure upgradation of NPAs during the year in accordance with RBI norms. Review of activities of Credit monitoring and restructuring department of Bank also falls in domain of his responsibilities. Why such a review is important for him as an auditor? It is due to the reason this department is responsible for implementing Bank’s policies relating to credit monitoring and restructuring. Credit monitoring policy helps in managing credit risks in a systematic and effective manner. Further, this department may also be responsible for sanctioning of restructuring of stressed advances in accordance with RBI guidelines. CA. Gopal, Partner of GSK & Co. (joint auditor) is verifying internal/office accounts of the bank including sundry/suspense accounts. Why does such verification assume importance? Such accounts can be used to commit frauds and malpractices like unauthorized opening and operation of such accounts for affording credits to certain borrower accounts to prevent them from slipping into NPAs. Opening of such accounts as well as their periodic reconciliation becomes too significant for Statutory Central Auditors to ignore. © The Institute of Chartered Accountants of India 14.4 ADVANCED AUDITING, ASSURANCE AND PROFESSIONAL ETHICS 1. INTRODUCTION The banking industry is the pivot of any economy and its financial system. Banks are one of the foremost agents of financial intermediation in an economy like India and, therefore, development of a strong and resilient banking system is of utmost importance. The banking institutions in the country are working in a competitive environment and their regulatory framework is aligned with the international best practices. Thus, financial deepening has taken place in India and continues to be in progress with a focus on orderly conditions in financial markets while sustaining the growth momentum. Banks have certain characteristics distinguishing them from most other commercial enterprises. Example Custody of large volumes of monetary items, including cash and negotiable instruments, whose physical security has to be ensured. This applies to storage and the transfer of monetary items, making banks vulnerable to misappropriation and fraud, necessitating establishment of formal operating procedures, well-defined limits for individual discretion and rigorous systems of internal control. Engagement in a large volume and variety of transactions in terms of number and value which necessarily require complex accounting and internal control systems and widespread use of Information Technology (IT). Operation through a wide network of geographically dispersed branches and departments necessitating a greater decentralization of authority and dispersal of accounting and control functions, with consequent difficulties in maintaining uniform operating practices and accounting systems, particularly when the branch network transcends national boundaries. Assumption of significant commitments without any transfer of funds. These items, called 'off-balance sheet' items, may at times not involve accounting entries and the failure to record such items may be difficult to detect. Engagement in transactions that are initiated at one location, recorded at a different location and managed at yet another location. © The Institute of Chartered Accountants of India SPECIAL FEATURES OF AUDIT OF BANKS & NON-BANKING 14.5 FINANCIAL COMPANIES Direct Initiation and completion of transactions by the customer without any intervention by the bank’s employees. For example, over the Internet or mobile or through automatic teller machines (ATMs). Integration and linkages of national and international settlement systems could pose a systemic risk to the countries in which they operate. Regulatory requirements by governmental authorities often influence accounting and auditing practices in the banking sector. Special audit considerations arise in the audit of banks because of: the particular nature of risks associated with the transactions undertaken; the scale of banking operations and the resultant significant exposures which can arise within short period of time; the extensive dependence on IT to process transactions; the effect of the statutory and regulatory requirements; the continuing development of new products and services and banking practices which may not be matched by the concurrent development of accounting principles and auditing practices. Evolution of technology and providing services through Net Banking and Mobiles has exposed banks to huge operational and financial risk. The auditor should consider the effect of the above factors in designing his audit approach. It is imperative for Branch Auditors and SCAs (Statutory Central Auditors) to have detailed knowledge of the products offered and risks associated with them, and appropriately address them in their audit plan to the extent they give rise to the risk of material misstatements in the financial statements. In today’s environment, the banks use different applications to carry out different transactions which may include data flow from one application to other application; the auditor while designing his plans should also understand interface controls between the various applications. © The Institute of Chartered Accountants of India 14.6 ADVANCED AUDITING, ASSURANCE AND PROFESSIONAL ETHICS 2. LEGAL FRAMEWORK There is an elaborate legal framework governing the functioning of banks in India. The principal enactments which govern the functioning of several types of banks are: Banking Co-operative Regulation Act, Societies Act, 1912 1949 State Bank of India for Co-operative Act, 1955 Banks Payment and Reserve Bank of Settlement India Act, 1934 Systems Act, 2007 Credit Information Companies Companies Act, (Regulation) Act, 2013 2005 Legal Framework for Banks in India Securitisation and Banking Reconstruction of Companies Financial Assets (Acquisition and and Enforcement Transfer of of Security Interest Undertakings) Act, Act, 2002 1970 Prevention of Regional Rural Money Laundering Banks Act, 1976 Act, 2002 Banking Companies Information (Acquisition and Technology Act, Transfer of 2000 Undertakings) Act, 1980 © The Institute of Chartered Accountants of India SPECIAL FEATURES OF AUDIT OF BANKS & NON-BANKING 14.7 FINANCIAL COMPANIES Further, the Reserve Bank of India Act, 1934 gives wide powers to the RBI to give directions to banks which also have considerable effect on the functioning of banks 3. FORM AND CONTENT OF FINANCIAL STATEMENTS Every banking company is required to prepare a Balance Sheet and a Profit and Loss Account in the forms set out in the Third Schedule to the Act or as near thereto as the circumstances admit. Form A of the Third Schedule to the Banking Regulation Act, 1949, contains the form of Balance Sheet and Form B contains the form of Profit and Loss Account. Every banking company needs to comply with the disclosure requirements under the various Accounting Standards, as specified under section 133 of the Companies Act, 2013, read with Rule 7 of the Companies (Accounts) Rules 2014, in so far as they apply to banking companies or the Accounting Standards issued by the ICAI. It may be noted that implementation of Indian Accounting Standards (Ind AS) has been deferred by RBI for all scheduled commercial banks presently. It is pertinent to state that preparation of balance sheet of a bank usually involves preparation of standalone financial statements and consolidated financial statements. Preparation of Standalone financial statements involve consolidation of branch accounts and incorporation of various verticals/departments of bank in case of a nationalized bank/public sector bank. The detailed procedures in this regard may vary from bank to bank. In case of private banks, the processes of accounting are centralized and there is no concept of mandatory branch audit in accordance with RBI guidelines. Public sector banks and private banks are listed on recognized stock exchange and are required to comply with SEBI regulations including LODR. 3.1 Audit of Accounts & Appointment of Auditor Sub-section (1) of section 30 of the Banking Regulation Act requires that the balance sheet and profit and loss account of a banking company should be audited by a person duly qualified under any law for the time being in force to be an auditor of companies. © The Institute of Chartered Accountants of India 14.8 ADVANCED AUDITING, ASSURANCE AND PROFESSIONAL ETHICS Most banks, especially those in nationalised banks or public sector, appoint four or more (depending upon their size and Board decision, as per RBI guidelines) firms of chartered accountants to act jointly as statutory central auditors (SCAs). The appointment letter sent by banks in connection with the appointment of SCAs typically contains the following: Period of appointment. Particulars of other central auditors. Particulars of previous auditors. Procedural requirements to be complied with in accepting the assignment. Example 1. Letter of acceptance (the letter usually contains, inter alia, averment as to absence of disqualification for appointment, way in which the audit has to be conducted and confirmation of present name, constitution and address of the auditor), declaration of fidelity and secrecy, restriction on accepting other assignments from the bank, etc. A statement of division of work and review and reporting responsibilities amongst joint auditors in case of nationalised banks (Generally this is decided at a later stage) Scope of assignment which includes any special reports or certificates to be given by the SCAs in addition to the main report. In case of statutory branch auditors (SBAs), appointment letter is given on similar lines except in regard to particulars of other auditors and statement of division of work. However, it is to be noted that statutory branch audit is carried out by a single firm of chartered accountants. Authority appointing the Auditors - As per the provisions of the relevant enactments, the auditor of a banking company is to be appointed at the annual general meeting of the shareholders, whereas the auditor of a nationalised bank is to be appointed by the concerned bank acting through its Board of Directors. In either case, approval of the Reserve Bank is required before the appointment is made. © The Institute of Chartered Accountants of India SPECIAL FEATURES OF AUDIT OF BANKS & NON-BANKING 14.9 FINANCIAL COMPANIES 4. CONDUCTING AN AUDIT The audit of banks or of their branches involves the following stages – Initial Considerations Understanding Risk Assessment Execution Reporting Acceptance & Understanding the Identifying and Engagement Team Independent Continuance Bank and Its Assessing the Discussions Auditor’s Declaration of Environment Risks of Material Prepare response Report Indebtedness including Internal Misstatements to the Assessed Long Form Internal Assignments in Control Assess the Risk of Risks Audit Report Banks by Statutory Understand the Fraud including Establish the Report any Auditors Bank’s Accounting Money Laundering Overall Audit other matters Terms of Audit Process Assess Specific Strategy to Bank, Engagements Understanding the Risks Audit Planning Regulator or Communication with Risk Management Risk Associated Memorandum Government Previous Auditor Process with Outsourcing Determine Audit Planning of Activities Materiality Establish Engagement Consider Going Team Concern Stage I: Initial Considerations Acceptance & Continuance: The assessment of engagement risk is a critical part of the audit process and should be done prior to the acceptance of an audit engagement since it affects the decision of accepting the engagement and in planning decisions if the audit is accepted. Declaration of Indebtedness: The RBI has advised that the banks, before appointing their statutory central//branch auditors, should obtain a declaration of indebtedness i.e., a written confirmation that auditor/firm/partners/f/family members have not been declared as wilful defaulters by any bank/financial institution This is in addition to the declaration regarding absence of disqualifications stipulated in Section 141 of the Companies Act 2013 which includes borrowing above stipulated amount. Students may refer Chapter 12 of CA Intermediate Auditing and Assurance Study Material. Internal Assignments in Banks by Statutory Auditors: The RBI decided that the audit firms should not undertake statutory audit assignment while they are associated with internal assignments in the bank during the same year. Terms of Audit Engagements: SA 210, “Terms of Audit Engagements” requires that for each period to be audited, the auditor should agree on the terms of the audit engagement with the bank before © The Institute of Chartered Accountants of India 14.10 ADVANCED AUDITING, ASSURANCE AND PROFESSIONAL ETHICS beginning significant portions of fieldwork. It is imperative that the terms of the engagement are documented, to prevent any confusion as to the terms that have been agreed in relation to the audit and the respective responsibilities of the management and the auditor, at the beginning of an audit relationship. This is usually done in the form of engagement letter which is written by the auditor and acknowledged by the bank. Communication with Previous Auditor: As per Clause (8) of the Part I of the First Schedule to the Chartered Accountants Act, 1949, a chartered accountant in practice cannot accept position as auditor previously held by another chartered accountant without first communicating with him/her in writing. Planning: The audit plan needs to be properly documented with respect to timing, extent of checking, audit procedures to be followed at assertion level and should be flexible and updated or changed, as and when necessary. Establish the Engagement Team: The assignment of qualified and experienced professionals is an important component of managing engagement risk. The size and composition of the engagement team would depend on the size, nature, and complexity of the bank’s operations. Stage II : Understanding Understanding the Bank and Its Environment including Internal Control: An understanding of the bank and its environment, including its internal control, enables the auditor: to identify and assess risk; to develop an audit plan to determine the operating effectiveness of the controls, and to address the specific risks. Understand the Bank’s Accounting Process: The accounting process produces financial and operational information for management’s use and it also contributes to the bank’s internal control. Thus, understanding of the accounting process is necessary to identify and assess the risks of material misstatement whether due to fraud or not, and to design and perform further audit procedures. Understanding the Risk Management Process: Management develops controls and uses performance indicators to aid in managing key business and financial risks. An effective risk management system in a bank generally requires the following: © The Institute of Chartered Accountants of India SPECIAL FEATURES OF AUDIT OF BANKS & NON-BANKING 14.11 FINANCIAL COMPANIES Oversight by those Identification, Reliable information charged with measurement and Control activities Monitoring activities systems governance monitoring of risks Those charged Risks that could A bank should Risk management Banks require with governance significantly have appropriate models, reliable (BOD/Chief impact the controls to methodologies information Executive Officer) achievement of manage its risks, and assumptions systems that should approve bank’s goals including effective used to measure provide adequate written risk should be segregation of and manage risk financial, management identified, duties should be operational and policies. The measured and (particularly, regularly compliance policies should be monitored against between front and assessed and information on a consistent with pre-approved back offices), updated. This timely and the bank’s limits and criteria accurate function may be consistent basis. business measurement and conducted by the Those charged objectives and reporting of independent risk with governance strategies, capital positions, management unit. and management strength, verification and require risk management approval of management expertise, transactions, information that is regulatory reconciliation of easily understood requirements and positions and and that enables the types and results, setting of them to assess amounts of risk it limits, reporting the changing regards as and approval of nature of the acceptable. exceptions, bank’s risk profile. physical security and contingency planning. Stage III : Risk Assessment Identifying and Assessing the Risks of Material Misstatements: SA 315 requires the auditor to identify and assess the risks of material misstatement at the financial statement level and the assertion level for classes of transactions, account balances, and disclosures to provide a basis for designing and performing further audit procedures. Assess the Risk of Fraud including Money Laundering: As per SA 240 “The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements”, the auditor’s objective is to identify and assess the risks of material misstatement in the financial statements due to fraud, to obtain sufficient appropriate audit evidence on those identified misstatements and to respond appropriately. The attitude of professional scepticism should be maintained by the auditor to recognise the possibility of misstatements due to fraud. The RBI has framed specific guidelines that deal with prevention of money laundering and “Know Your Customer (KYC)” norms. The RBI has from time to time issued guidelines (“Know Your Customer Guidelines – Anti Money Laundering Standards”), requiring banks to establish policies, procedures and controls to deter and to recognise and report money laundering activities. © The Institute of Chartered Accountants of India 14.12 ADVANCED AUDITING, ASSURANCE AND PROFESSIONAL ETHICS Assess Specific Risks: The auditors should identify and assess specific risks of material misstatement at the financial statement level which refers to risks that relate to the banking industry and the use of IT therein. Risk Associated with Outsourcing of Activities: The modern-day banks make extensive use of outsourcing as a means of both reducing costs as well as making use of services of an expert not available internally. There are, however, certain risks associated with outsourcing of activities by banks and therefore, it is quintessential for the banks to effectively manage those risks. Stage IV: Execution Engagement Team Discussions: The engagement team should hold discussions to gain better understanding of bank and its environment, including internal control, and to assess the potential for material misstatements of the financial statements. Response to the Assessed Risks: SA 330 “The Auditor’s Responses to Assessed Risks” requires the auditor to design and implement overall responses to address the assessed risks of material misstatement at the financial statement level. The auditor should design and perform further audit procedures whose nature, timing and extent are based on and are responsive to the assessed risks of material misstatement at the assertion level. Establish the Overall Audit Strategy: SA 300 “Planning an Audit of financial Statements’’ states that the objective of the auditor is to plan the audit so that it will be performed in an effective manner. For this purpose, the audit engagement partner should: establish the overall audit strategy, prior to the commencement of an audit; and involve key engagement team members and other appropriate specialists while establishing the overall audit strategy, which depends on the characteristics of the audit engagement. Audit Planning Memorandum: The auditor should summarise the team’s audit plan by preparing an audit planning memorandum in order to: Describe the expected scope and extent of the audit procedures to be performed by the auditor. Highlight all significant issues and risks identified during their planning and risk assessment activities, as well as the decisions concerning reliance on controls. Provide evidence that they have planned the audit engagement appropriately and have responded to engagement risk, pervasive risks, specific risks, and other matters affecting the audit engagement. © The Institute of Chartered Accountants of India SPECIAL FEATURES OF AUDIT OF BANKS & NON-BANKING 14.13 FINANCIAL COMPANIES Determine Audit Materiality: The auditor should consider the relationship between the audit materiality and audit risk when conducting an audit. The determination of audit materiality is a matter of professional judgment and depends upon the knowledge of the bank, assessment of engagement risk, and the reporting requirements for the financial statements. Judgments about materiality are made in light of surrounding circumstances and are affected by the size or nature of a misstatement, or combination of both. Consider Going Concern: In obtaining an understanding of the bank, the auditor should consider whether there are events and conditions which may cast significant doubt on the bank’s ability to continue as a going concern. Stage V: Reporting Students should refer to the reporting requirements explained in heading 8. Auditor’s Report of this Chapter. [Note: For detailed understanding of stages involved for conducting an audit, as discussed above, students may refer Guidance Note on Audit of Banks.] 4.1 Special Considerations in IT Environment The advent of working in CBS environment in banks coupled with changes in technology, use of different payment systems and integration of Aadhar for cardless transactions have changed the way banking used to be in earlier times. However, the technological developments have brought new challenges for auditors as audit is required to be conducted through the system. Considering the importance of IT systems in preparation and presentation of financial statements, it is imperative that bank should share detailed information with auditors like: - Overall IT policy, structure and environment of Bank’s IT system Data processing and data interface under various systems Data integrity and data security Business Continuity plans and disaster control plans Accounting manual and critical accounting entries, their processes and involvement of IT systems Controls over key aspects, use of various account heads, expense booking, overdue identification etc. Controls on recording of various e-banking and internet banking products and channels MIS reports being generated and their periodicity © The Institute of Chartered Accountants of India 14.14 ADVANCED AUDITING, ASSURANCE AND PROFESSIONAL ETHICS Major exception reports and process of generation including embedded logic Process of generating various information related to various disclosures in financial statements and involvement of IT systems Overall review of IT environment and computerized accounting system has to be taken at head office level. The branch auditors generally do not have access to IT policy and processes implemented by the bank. Hence, based upon guidance and information received from Statutory central auditors, branch auditors need to ensure that data review and analysis through CBS is carried out and tests of controls and substantive checking of sample transactions is carried out at branch level and results are shared with statutory central auditors. It is responsibility of statutory central auditors to obtain understanding of IT environment and various controls put in place by management and evaluate whether controls are operating effectively. The methodology adopted by the bank in implementing and monitoring controls should be discussed with head of IT department and based on this understanding, audit procedures can be designed. The key security control aspects that an auditor needs to address when undertaking audit in a computerised bank include: Ensure that authorised, accurate and complete data is made available for processing. Ensure that in case of interruption due to power, mechanical or processing failures, the system restarts without distorting the completion of the entries and records. Ensure that the system prevents unauthorised amendments to the programmes. Verify whether “access controls” assigned to the staff-working match with the responsibilities as per manual. It is important for the auditor to ensure that access and authorisation rights given to employees are appropriate. Verify that segregation of duties is ensured while granting system access to users and that the user activities are monitored by performing an activities log review. Verify that changes made in the parameters or user levels are authenticated. Verify that charges calculated manually for accounts when function is not regulated through parameters are properly accounted for and authorised. Verify that exceptional transaction reports are being authorised and verified on a daily basis by the concerned officials. It is important for auditor to understand the nature of exception and its impact on financials. Verify that the account master and balance cannot be modified/amended/altered except by the authorised personnel. © The Institute of Chartered Accountants of India SPECIAL FEATURES OF AUDIT OF BANKS & NON-BANKING 14.15 FINANCIAL COMPANIES Verify that all the general ledger accounts codes authorised by Head Office are in existence in the system. Verify that balance in general ledger tallies with the balance in subsidiary book.. 4.2 Internal Audit and Inspection Central audit and inspection department in Banks is a combination of centralized function with some level of decentralization which is usually headed by a Chief Audit Executive. It is responsible for undertaking risk-Based Internal Audit (RBIA) as per the framework as stipulated by RBI. It is also responsible for identification of branches for revenue audit, appointment of concurrent auditors, deciding their scope, meeting the concurrent auditors, discussing their issues, conducting trainings if needed, and review of work of concurrent auditors. The primary function is to ensure that the audit function is handled smoothly, effectively & efficiently. Risk-based Internal audit is conducted based upon the risk assessment of business and control risks of branches. The risk assessment process includes: - Identification of inherent business risks in various activities undertaken by branches (Business risk) Assessment of effectiveness of control systems for monitoring inherent risks of business activities of branch (Control risk) Making an assessment of level and direction of various risk areas and assess level and direction of overall business risk and control risk Drawing up of risk matrix taking into account factors viz. Risk of branch © The Institute of Chartered Accountants of India 14.16 ADVANCED AUDITING, ASSURANCE AND PROFESSIONAL ETHICS 5. INTERNAL CONTROL IN CERTAIN SELECTED AREAS System of Internal Control in Banks: Banks are required to implement and maintain a system of internal controls for mitigating risks, maintain good governance and to meet the regulatory requirements. Given below are examples of internal controls that are typically implemented in a bank: Area of Focus Examples of Internal Controls in a Bank General The staff and officers of a bank should be shifted from one position to another frequently and without prior notice. The work of one person should always be checked by another person (usually by an officer) in the normal course of business. The arithmetical accuracy of the books should be proved independently every day. All bank forms (e.g. Cheque books, demand draft/pay order books, travelers’ cheques, foreign currency cards etc.) should be kept in the possession of an officer, and another responsible officer should verify the issuance and stock of such stationery. The mail should be opened by a responsible officer. Signatures on all the letters and advices received from other branches of the bank or its correspondence should be checked by an officer with the signature book. The signature book and the telegraphic code book should be kept with responsible officers and access should be allowed only to authorised officers. The bank should take out insurance policies against loss due to all the risks such as fire, natural calamities, theft and employees’ infidelity. The financial powers of officers of different grades should be clearly defined. There should be surprise inspection of head office and branches at periodic interval by the internal audit department. The irregularities pointed out in the inspection reports should be promptly rectified. Cash Cash should be kept in the joint custody of two responsible officers. In addition to normal checking by the chief cashier, cash should be test-checked daily and counted in full occasionally by a responsible © The Institute of Chartered Accountants of India SPECIAL FEATURES OF AUDIT OF BANKS & NON-BANKING 14.17 FINANCIAL COMPANIES officer other than those handling the cash. Actual cash in hand should agree with the balance shown by the Day Book every day. The cashier should have no access to the customer’s ledger accounts and the Day Book. This is an important safeguard as the Bank managements are often tempted to use cashiers because of their shorter working hours as ledger clerks in the absence of regular staff etc. This can result in substantial losses to the bank. The counterfoil of cash receipt vouchers (e.g. counterfeits of pay-in- slips lodged by the depositors) should be signed by an officer in Cash Department, in addition to the receiving cashier. Payments should be made only after the vouchers (e.g. cheques, demand drafts etc.) have been passed for payment by the authorised officer and have been entered in the customer’s account. Receipt and payment scrolls or their totals should be compared with the cash column of the Day-Book by independent persons. High value cash receipts and payments should be verified by a higher officer/ branch manager and the excess cash balance should be remitted to currency chest according to branch’s retention limit on daily basis. Clearings Under the Cheque Truncation System (CTS) implemented by RBI, an electronic image of the cheque is transmitted to the paying branch through the clearing house, along with relevant information like data on the MICR band, date of presentation, presenting bank, etc. This effectively eliminates the associated cost of movement of the physical cheques, reduces the time required for their collection. As per RBI guidelines, the branch is required to either call the customer or email him for any cheque received for the amount of ` 5 lakh and above in respect of inward clearings. The Auditor may verify the compliance on test check basis. The Auditor is to check whether signature of the drawer of the cheque is being verified by the staff or not as else there will be liability of the paying bank under all circumstances. The unpaid cheques received in outward clearing should be either sent to the customers at their recorded address or the customers be informed to collect the same from bank branch. Bills for All the documents accompanying the bills should be received and Collection entered in the Register by a responsible officer. At the time of dispatch, the officer should also see that all the documents are sent along with the bills. © The Institute of Chartered Accountants of India 14.18 ADVANCED AUDITING, ASSURANCE AND PROFESSIONAL ETHICS The accounts of customers or principals should be credited only after the bills have been collected or an advice to that effect received from the bank branch or agent to which they were sent for collection. It should be ensured that bills sent by one branch for collection to another branch of the bank, are not taken in the bills for collection twice in the amalgamated balance sheet of the bank. For this purpose, the receiving branch should reverse the entries regarding such bills at the end of the year for closing purposes. Bills At the time of purchase of the bills, an officer should verify that all the Purchased documents of title are properly assigned to the bank. Sufficient margin should be kept while purchasing or discounting a bill to cover any decline in the value of the security etc. If the bank is unable to collect a bill on the due date, immediate steps should be taken to recover the amount from the drawer against the security provided. All irregular outstanding account/s should be reported to the Head Office. In the case of bills purchased outstanding at the close of the year the discount received thereon should be properly apportioned between the two years. Loans and The bank should make advances only after satisfying itself as to the Advances creditworthiness of the borrowers and after obtaining sanction from the proper authorities of the bank. All the necessary documents (e.g., agreements, demand promissory notes, letters of hypothecation, etc.) should be executed by the parties before advances are made. Sufficient margin should be kept against securities taken to cover any decline in the value thereof and to comply with Reserve Bank directives. Such margins should be determined by the proper authorities of the bank as a general policy or after detailed scrutiny for specific accounts. All the securities should be received and returned by responsible officer. They should be kept in the Joint custody of two such officers. All securities requiring registration should be registered in the name of the bank or otherwise accompanied by the documents sufficient to give title of the bank. All accounts should be kept within both the drawing power and the sanctioned limit as per prescribed norms. Additional temporary limit © The Institute of Chartered Accountants of India SPECIAL FEATURES OF AUDIT OF BANKS & NON-BANKING 14.19 FINANCIAL COMPANIES may be sanctioned, for a maximum of 20% of existing limit and 90 days maximum tenure. All the accounts which exceed the sanctioned limit or drawing power or are against unapproved securities or are otherwise irregular should be brought to the notice of the Management/Head Office regularly. The operation (in each advance account) should be reviewed at least once every year.) Demand Drafts The signatures on a demand draft should be checked by an officer with the Signature Book. All the D.Ds. sold/ issued by a branch should be immediately confirmed by an advice to the paying branch. If the paying branch does not receive proper confirmation of any D.D. from the issuing branch or does not receive credit in its account with that branch, it should take immediate steps to ascertain the reasons. Inter Branch The accounts should be adjusted only on the basis of advices (and not Accounts on the strength of entries found in the statement of account) received from other branches, Prompt action should be taken preferably by central authority, if any entries (particularly debit entries) are not responded to by any branch within a reasonable time. Credit Card There should be effective screening of applications with reasonably Operations good credit assessments. There should be strict control over storage and issue of cards. There should be a system whereby a merchant confirms the status of unutilised limit of a credit-card holder from the bank before accepting the settlement, in case the amount to be settled exceeds a specified percentage of the total limit of the card holder. There should be a system of prompt reporting by the merchants of all settlements accepted by them through credit cards. Reimbursement to merchants should be made only after verification of the validity of merchant’s acceptance of cards. All the reimbursement (gross of commission) should be immediately charged to the customer’s account. There should be a system to ensure that statements are sent regularly and promptly to the customer. © The Institute of Chartered Accountants of India 14.20 ADVANCED AUDITING, ASSURANCE AND PROFESSIONAL ETHICS There should be a system to monitor and follow-up customers’ payments. Payments overdue beyond a reasonable period should be identified and attended to carefully. For defaulting customers, credit should be stopped by informing the merchants through periodic bulletins, as early as possible, to avoid increased losses. There should be a system of periodic review of credit card holders’ accounts. On this basis, the limits of customers may be revised, if necessary. The review should also include determination of doubtful amounts and the provisioning in respect thereof. Example 2 While doing the audit of a branch of XYZ bank for the year ended 31st March 23, it was seen that the stock statements with the same figures are submitted by borrowers month after month with a change in the month at the top. These are just filed for formal compliance. Such things happen because a responsible official does not check the stock statements and get them entered in in the system, which is a lapse in internal control. Due to such a lapse, neither the borrower nor bank staff take it sincerely, thus posing a risk of loss to bank. 6. COMPLIANCE WITH CRR AND SLR REQUIREMENTS (i) Cash Reserve Ratio (CRR) is a specified minimum fraction of the total deposits of customers, which commercial banks have to hold as reserves either in cash or as deposits with the central bank. One of the important determinants of cash balances to be maintained by banking companies and other scheduled banks is the requirement for maintenance of a certain minimum cash reserve. While the requirement for maintenance of cash reserve by banking companies is contained in the Banking Regulation Act, 1949, corresponding requirement for scheduled banks is contained in the Reserve Bank of India Act, 1934. The RBI, from time to time, reviews the evolving liquidity situation and accordingly decides the rate of CRR required to be maintained by scheduled commercial banks. Therefore, the auditor needs to refer to the master circular issued from time to time in this regard to ensure the compliance of CRR requirements. (ii) Statutory Liquidity Ratio (SLR) Requirements – SLR is the requirement that every scheduled commercial bank in India is required to maintain in the form of certain liquid assets such as gold, cash and government approved securities before providing credit to the customers. The © The Institute of Chartered Accountants of India SPECIAL FEATURES OF AUDIT OF BANKS & NON-BANKING 14.21 FINANCIAL COMPANIES Reserve Bank of India requires statutory central auditors of banks to verify the compliance with SLR requirements of 12 odd dates in different months of a fiscal year not being Fridays. The objective of maintaining SLR is to have an amount in the form of liquid assets which can be used to handle a sudden increase in demand for the amount from the depositors. The resultant report is to be sent to the top management of the bank and to the Reserve Bank. Correctness of the compilation of Maintenance of liquid assets DTL (Demand and Time Liabilities) as prescribed u/s 24 of position; and Banking Regulation Act. Audit Approach and Procedure: Area of Focus Suggested Audit Procedures Compliance Obtain an understanding of the relevant circulars/ instructions of the with CRR and RBI, particularly regarding composition of items of DTL. SLR requirements Request the branch auditors to send their weekly trial balance as on Friday and these are consolidated at the head office. Based on this consolidation, the DTL position is determined for every reporting Friday. The statutory central auditor should request the branch auditors to verify the correctness of the trial balances relevant to the dates selected by him/her. The branch auditors should also be specifically requested to examine the cash balance at the branch on the selected dates. Examine, on a test basis, the consolidations regarding DTL position prepared by the bank with reference to the related returns received from branches. The auditor should examine whether the valuation of securities done by the bank is in accordance with the guidelines prescribed by the RBI. While examining the computation of DTL, specifically examine that items have been excluded from liabilities as per RBI guidelines. Some of these items are:- Paid up capital, reserve, any credit balance in profit & loss account of bank, amount of loan taken from RBI and amount of refinance taken from EXIM bank, NHB, SIDBI and NABARD o Part amounts of recoveries from the borrowers in respect of debts considered bad and doubtful of recovery. o Amounts received in Indian currency against import bills and held in sundry deposits pending receipts of final rates. © The Institute of Chartered Accountants of India 14.22 ADVANCED AUDITING, ASSURANCE AND PROFESSIONAL ETHICS o Un-adjusted deposits/balances lying in link branches for agency business like dividend warrants, interest warrants, refund of application money, etc., in respect of shares/debentures to the extent of payment made by other branches but not adjusted by the link branches. o Margins held and kept in sundry deposits for funded facilities. Similarly, specifically examine that the items have been included in liabilities as per RBI guidelines. Some of these items are:- o Net credit balance in branch adjustment accounts. o Borrowings from abroad by banks in India needs to be considered as ‘liabilities to other’ and thus, needs to be considered at gross level unlike ‘liabilities towards banking system in India’, which are permitted to be netted off against ‘assets towards banking system in India’. Thus, the adverse balances in Nostro Mirror Account needs to be considered as ‘Liabilities to other’. o The reconciliation of Nostro accounts (with Nostro Mirror Accounts) needs to be scrutinized carefully to analyze and ascertain if any inwards remittances are received on behalf of the customers / constituents of the bank and have remained unaccounted and / or any other debit (inward) entries have remained unaccounted and are pertaining to any liabilities for the bank. Examine whether the consolidations prepared by the bank include the relevant information in respect of all the branches. It may be noted that, even though interest accrues daily, it is recorded in the books only at periodic intervals. Thus, examine whether such interest accrued but not accounted for in books is included in the computation of DTL. The auditor at the central level should apply the audit procedures listed above to the overall consolidation prepared for the bank as a whole. Where such procedure is followed, the central auditor should adequately describe the same in the report. While reporting on compliance with SLR requirements, the auditor should specify the number of unaudited branches and state that he/she has relied on the returns received from the unaudited branches in forming an opinion. Recently, there has been introduction of Automated Data Flow (ADF) for CRR & SLR reporting and the auditors should develop necessary audit procedures around this. © The Institute of Chartered Accountants of India SPECIAL FEATURES OF AUDIT OF BANKS & NON-BANKING 14.23 FINANCIAL COMPANIES 7. VERIFICATION OF ASSETS Before beginning verification of assets and balances, the auditor should obtain an accurate schedule of accounts in the prescribed format. The following are the steps involved in verification of assets and balances. - I. CASH, BANK BALANCES AND MONEY AT CALL AND SHORT NOTICE - The Third Schedule to the Banking Regulation Act, 1949, requires disclosures to be made in the balance sheet regarding cash, balances with Reserve Bank of India, balances with other banks and money at call and short notice. Audit approach and audit procedures in respect of these items is discussed as under: - Balances with Balances with Money at Call and Cash Reserve Bank of Other Banks Short Notice India Audit approach: The auditor’s basic objective in verification of these items is their existence and completeness as on date of balance sheet and audit procedures have to be tailored to meet these. Remember that cash would be appearing in balance sheet of almost all branches. However, in most of the branches of a bank, there will be no bank account requiring reporting except in branches with treasury operations. Similarly, activity pertaining to money at call and short notice is handled by treasury department of the bank at head office level. Banks have a robust system of internal controls pertaining to cash like joint custody of two responsible officers, checking of cash at periodic intervals etc due to higher risk of misappropriation. Similarly, the balance with other banks (in case of applicable branches) are reconciled periodically. The auditor has to be satisfied about effective operation and implementation of internal controls in this area. Audit Procedures: Area of Focus Suggested Audit Procedures Cash Carry out the physical verification of cash (including foreign currency, if any, cash at ATM and cash at cash deposit machines) as close to the balance sheet date as possible. The cash balance as physically verified should be agreed with the balance shown in the cash register/balance in CBS. © The Institute of Chartered Accountants of India 14.24 ADVANCED AUDITING, ASSURANCE AND PROFESSIONAL ETHICS Balance with Verify the ledger balances in each account with reference to Reserve Bank of the bank confirmation certificates and reconciliation India statements as at the year-end. Review the reconciliation statements, paying special attention to the following items appearing in the reconciliation statements: o Cash transactions remaining unresponded; o Revenue items requiring adjustments/write-offs; and o Other credit and debit entries originated in the statement provided by RBI remaining unresponded for more than 15 days. Balance with Apart from the procedures described above in examining the Other Banks balances with Reserve Bank of India, while reviewing the (Other than reconciliation statements, the auditor should pay particular attention Reserve Bank of to the following. India) Examine that no debit for charges or credit for interest is outstanding and all the items which ought to have been taken to revenue for the year have been so taken. Examine that no cheque sent or received in clearing is outstanding. Examine that all bills or outstation cheques sent for collection and outstanding as on the closing date have been credited subsequently. Examine large transactions in inter-bank accounts to ensure that no transactions have been put through for window- dressing particularly towards the close of year. The balances with banks outside India should also be verified in the manner described above. These balances should be converted into the Indian currency at the exchange rates prevailing on the balance sheet date Money at Call and Examine whether there is a proper system of authorisation, Short Notice general or specific, for lending of the money at call or short notice. Compliance with the instructions or guidelines laid down in this behalf by the head office or controlling office of the branch, including the limits on lending’s in inter-bank call money market should also be examined. Call loans should be verified with the certificates of the © The Institute of Chartered Accountants of India SPECIAL FEATURES OF AUDIT OF BANKS & NON-BANKING 14.25 FINANCIAL COMPANIES borrowers and the call loan receipts held by the bank. Examine whether the aggregate balances comprising this item as shown in the relevant register tally with the control accounts as per the general ledger. Examine subsequent repayments received from borrowing banks to verify the amounts shown under this head as at the year-end. It may be noted that call loans made by a bank cannot be netted-off against call loans received. Verify that the interest has been properly accrued and accounted for on year-end outstanding balances of call/ short notice money. II. INVESTMENTS Audit approach: The auditor’s primary objective in audit of investments is to satisfy himself as to their existence, ownership and valuation. Examination of compliance with statutory and regulatory requirements is also an important objective in audit of investments in as much as non-compliance may have a direct and material effect on the financial statements. The latter aspect assumes special significance in the case of banks where investment transactions should be carried out within the numerous parameters laid down by the relevant legislation and directions of the RBI. The auditor should keep this in view while designing audit procedures relating to investments. Every bank has their own investment policy, which is drawn strictly in conjunction with RBI Master circular on investments. The entire compliance needs to be evaluated in terms of requirements of investment policy read with master circular RBI Audit Procedures: Area of Focus Suggested Audit Procedures Internal Control Review the investment policy of the bank to ascertain that the Evaluation and policy conforms, in all material respects, to the RBI’s Review of Investment guidelines as well as to any statutory provisions applicable to Policy the bank. It should clearly outline the broad investment objectives separately for the investments on its own account and investments on behalf of customers. Separation of Check the segregation of duties within the bank staff in terms Investment Functions of executing trades, settlement and monitoring of such trades, © The Institute of Chartered Accountants of India 14.26 ADVANCED AUDITING, ASSURANCE AND PROFESSIONAL ETHICS and accounting of the same (generally termed as front office, middle office and back-office functions’ segregation). Examination of Examine the reconciliation of the investment account, Reconciliation physically verify the securities on hand, obtain confirmations from counter-party banks for Bank Receipts (BRs) issued by such banks and on hand, obtain confirmation of Subsidiary General Ledger (SGL) balances with the Public Debt Office (PDO), and examine the control and reconciliation of BRs issued by the bank. Examination of Ascertain whether the investments made by the bank are Documents within its authority. Ensure that any other covenants or conditions which restrict qualify or abridge the right of ownership and/or disposal of investments, have been complied with by the bank. The acquisition/disposal of investments should be verified with reference to the broker’s contract note, bill of costs, receipts and other similar evidence. Physical Verification Verify the investment scrips physically at the close of business on the date of the balance sheet. Verify investments held with public debt office of RBI, custodians and depository with the statement of holdings as on date of balance sheet. Independent balance confirmation requests can be made in accordance with SA-505. In case independent confirmations are not received back, alternative audit procedures like getting bank personnel to download investment statement from E-Kuber for government securities (E-Kuber is CBS platform of RBI) in auditor’s presence can be designed. In respect of BRs issued by other banks and on hand with the bank at the year-end, the auditor should examine confirmations of counterparty banks about such BRs. Where any BRs have been outstanding for an unduly extended period, the auditor should obtain written explanation from the management for the reasons thereof. The auditor should examine the reconciliation of BRs issued by the bank. BRs should not be issued in respect of transactions in government securities for which SGL facility is available. If certain securities are held in the names of nominees, the auditor should examine whether there are proper transfer © The Institute of Chartered Accountants of India SPECIAL FEATURES OF AUDIT OF BANKS & NON-BANKING 14.27 FINANCIAL COMPANIES deeds signed by the holders and an undertaking from them that they hold the securities on behalf of the bank. Examination of Examine that entire investment portfolio of bank is classified classification and under three categories i.e.HTM, HFT and AFS and shifting of shifting securities is as per regulatory norms and laid down policy. Examine whether the shifting of the investments from ‘available for sale’ to ‘held to maturity’ is duly approved by the Board of Directors of the bank. Examination of Examine whether the method of accounting followed by the Valuation bank in respect of investments, including their year-end valuation, is appropriate. Examine whether the investments have been properly classified into the three categories at the time of acquisition based on such intention as evidenced by the decision of the competent authority such as Board of directors, Asset Liability Committee (ALCO) or Investment Committee. Examine compliance by the bank with the guidelines of the RBI relating to valuation of investments. Verify that investments are classified as non-performing investments (NPI) as per applicable RBI guidelines. (Non- performing investments are those where interest/principal is in arrears and remains unpaid for more than 90 days). In such cases, banks have not to reckon income on securities and are required to make provisions for depreciation in value of investment. Examine whether income from investments is properly accounted for. This aspect assumes special importance in cases where the bank has opted for receipt of income through the electronic/on line medium. Verify whether adequate disclosure of any change in method of valuation of investment is made. Examine whether the profit or loss on sale of investments has been computed and accounted for properly. Verify that there is a proper system for recording and maintenance of TDS certificates received by the bank. Dealings in Securities Examine whether prior approvals for carrying out such on Behalf of Others dealings have been obtained. © The Institute of Chartered Accountants of India 14.28 ADVANCED AUDITING, ASSURANCE AND PROFESSIONAL ETHICS Examine whether bank’s income from such activities has been recorded and is fairly stated in the bank’s financial statements. Consider whether the bank has any material undisclosed liability from a breach of its fiduciary duties, including the safekeeping of assets. Special-purpose Examine whether the bank is maintaining separate accounts Certificates Relating for the investments made by it on their own Investment to Investments Account, on PMS clients’ account, and on behalf of other constituents (including brokers). As per the RBI guidelines, banks are required to get their investments under PMS separately audited by external auditors. Audit, Review and Reporting: Banks should undertake half-yearly reviews (as of 30th September and 31st March) of their investment portfolio. These half yearly reviews should not only cover the operational aspects of the investment portfolio but also clearly indicate amendments made to the investment policy and certify the adherence to laid down internal investment policy and procedures and RBI guidelines. The internal auditors are required to separately conduct the concurrent audit of treasury transactions and the results of their report should be placed before the CMD once every month. Banks need not forward copies of the internal audit report to RBI. However, major irregularities observed in these reports and position of compliance thereto may be incorporated in the half yearly review of the investment portfolio. III. ADVANCES The Third Schedule to the Act requires classification of advances made by a bank from three different angles, viz., nature of advance (like cash credit, overdrafts or term loans or bills purchased and discounted), nature and extent of security(like secured by tangible assets or covered by bank/govt guarantees), and and place of making advance (i.e. Whether in India or outside India). Further, advances in India are also to be classified also on sectoral basis (like priority sector or public sector). Audit Approach: Advances generally constitute the major part of the assets of the bank. There are substantial number of borrowers to whom variety of advances are granted. The audit of advances requires the major attention from the auditors. The auditor is primarily concerned with obtaining evidence about the following while carrying out audit of advances:- © The Institute of Chartered Accountants of India SPECIAL FEATURES OF AUDIT OF BANKS & NON-BANKING 14.29 FINANCIAL COMPANIES Amounts included in the balance sheet in respect of advances are outstanding at the date of balance sheet Advances represent amounts due to the bank Amounts due to the bank are appropriately supported by loan documents There are no unrecorded advances The stated basis of valuation of advances is appropriate and properly applied and recoverability of advances is recognized in their valuation. Advances are disclosed, classified and described in accordance with recognized accounting policies and practices and relevant statutory and regulatory requirements Appropriate provisions towards advances are made as per RBI norms, accounting standards and generally accepted accounting practices It would be worth recalling that there exists elaborate and detailed control system & procedure in banks pertaining to appraisal, sanctioning, documentation, disbursal, review, monitoring and supervision of advances. Audit approach of advances should encompass designing appropriate audit procedures to obtain audit evidence in all these areas. Audit Procedures - In carrying out audit of advances, the auditor is primarily concerned with obtaining evidence about the following: Area of Focus Suggested Audit Procedures Evaluation of Examine area of credit appraisal and verify whether laid down Internal Controls procedures regarding credit appraisals including loan over Advances applications, preparation of proposals, obtaining satisfaction about credit worthiness of borrowers are being followed; Examine advances are sanctioned according to delegated authority; Examine all necessary loan documents have been executed after sanction but before disbursals are made to borrowers; Examine compliance with stipulated terms of sanction and end use of funds more particularly in case of term loans; Examine existence, enforceability and valuation of securities. In respect of securities requiring registration, examine this area also; Examine the validity of the recorded amounts; © The Institute of Chartered Accountants of India 14.30 ADVANCED AUDITING, ASSURANCE AND PROFESSIONAL ETHICS Review operations of the accounts and look for adverse features like unauthorised over drawings beyond limits; Examine whether system laid down in bank for review/renewals of advances is being followed; Review whether drawing power is being calculated properly on basis of stock/book debt statements received from borrowers as stipulated in respective sanction letters; Ensure compliance with Loan Policy of Bank as well as prudential norms of RBI including appropriate asset classification and provisioning. Substantive Audit Verify correctness of master data of loan accounts updated in Procedures CBS. Check parameters like instalments, EMI, rate of interest, tenure of loans etc. Verify that each customer of bank is tagged under single customer id in respect of all its accounts including those in which credit facilities are granted. Examine all large advances while other advances may be examined on a sample basis. Examine accounts identified to be problem accounts but which have not yet slipped into NPA category. This can be done by obtaining list of SMA1 and SMA2 borrowers from the bank and same can be considered for selection of problematic accounts. Examine those accounts which have been adversely commented upon by concurrent auditors/bank’s internal inspection/RBI inspection team. Examine list of restructured accounts to ensure that restructure is as per RBI guidelines. Remember restructured account portfolio requires additional provisioning. Examine quick/early mortality accounts. Any advance slippage to NPA within 12 months of its sanction is called as quick/early mortality case. Verify completeness and accuracy of interest being charged. Carry out appropriate analytical procedures. Recoverability of Review periodic statements submitted by the borrowers Advances indicating the extent of compliance with terms and conditions. Review latest financial statements of borrowers. © The Institute of Chartered Accountants of India SPECIAL FEATURES OF AUDIT OF BANKS & NON-BANKING 14.31 FINANCIAL COMPANIES Review reports on inspection of security. Review auditor’s reports in case of borrowers having credit facilities from the banking system beyond a cut-off limit fixed by board of directors of bank Example 3 FT Cooperative Bank lent housing loan of ` 1 crore to Rahul, for an under construction flat. The project was still incomplete and the builder absconded. It turned out that the builder had taken a loan from another bank for the entire property on the basis of an equitable mortgage. Since equitable mortgage is not registered, FT bank was unable to trace the loan taken by the builder and therefore the borrower Rahul and FT bank both suffered. It would be a better idea to first approve the builder after thoroughly examining his credentials, past performances etc., and then only consider giving loans to buyers of his flats to minimize such risks. In fact many banks nowadays do this. Somehow FT Coop bank did not take the precaution and landed in trouble. Further, CIBIL records of the builder also could have been checked. Loan sanctioning should not become a mere “tick the box” process. Verification of asset classification, income recognition and Provision for Non-performing assets: An important aspect of audit of advances relates to their asset classification and provisioning (for provisioning norms refer Chapter 12 of Intermediate Auditing & Assurance Study Module). This implies that advances are classified in accordance with prudential norms on asset classification, income is recognized on actual record of recovery and a proper provision should be made in respect of advances where the recovery is doubtful. Audit approach The Reserve Bank has prescribed objective norms for determining the quantum of provisions required in respect of advances. The auditors must take / download the latest Master Circular of RBI to familiarise himself fully with the norms prescribed by RBI in this regard. The circulars issued by RBI after the date of issue of Master Circular and till the date of audit should also be taken / downloaded and reviewed by the auditors for its adherence. However, these norms should be construed as laying down the minimum provisioning requirements and wherever a higher provision is warranted in the context of the threats to recovery, such higher provision should be made. In this regard, the provisions of section 15 of the Banking Regulation Act, 1949 may be noted. This section, which applies to banking companies, nationalised banks, State Bank of India and regional © The Institute of Chartered Accountants of India 14.32 ADVANCED AUDITING, ASSURANCE AND PROFESSIONAL ETHICS rural banks, requires the bank concerned to make adequate provision for bad debts to the satisfaction of its auditor before paying any dividends on its shares. It may be noted that verification of applicable prudential norms on asset classification, income recognition and provisioning is an important responsibility of statutory branch auditor as well as statutory central auditor. Area of Focus Suggested Audit Procedures Classification and Verify whether bank has a system of ongoing identification and Provision classification of advances through CBS without manual intervention and its accuracy in crystallising date of NPA. Examine whether the classification made by the branch is appropriate. Particularly, examine the classification of advances where there are threats to recovery. Examine whether the secured and the unsecured portions of advances have been segregated correctly and provisions have been calculated properly. Review and compare the date of NPA of loan accounts mentioned in current year statements with that of previous year. Reasons for any change should be ascertained. Accounts regularized As per the Reserve Bank guidelines, if an account has been near Balance sheet regularised before the balance sheet date by payment of overdue date amount through genuine sources, the account need not be treated as NPA. Where, subsequent to repayment by the borrower (which makes the account regular), the branch has provided further funds to the borrower (including by way of subscription to its debentures or in other accounts of the borrower), the auditor should carefully assess whether the repayment was out of genuine sources or not. Where the account indicates inherent weakness based on the data available, the account should be deemed as NPA. In other genuine cases, the banks must furnish satisfactory evidence to the Statutory Auditors about the manner of regularisation of the account to eliminate doubts on their performing status. It is to be ensured that the classification is made as per the position as on date and hence classification of all standard accounts be reviewed as on balance sheet date. The date of NPA is significant to determine the classification and hence specific care be taken in this regard. NPA should be recognized only based on concept of Past Due/ © The Institute of Chartered Accountants of India SPECIAL FEATURES OF AUDIT OF BANKS & NON-BANKING 14.33 FINANCIAL COMPANIES Overdue concept, and not based on the Balance Sheet date. Drawing Power Ensure that the drawing power is calculated as per the extant Calculation guidelines (i.e. the Credit Policy of the Bank) formulated by the Board of Directors of the respective bank and agreed upon by the concerned statutory auditors reflected from respective sanction letters Special consideration should be given to proper reporting of sundry creditors and stocks covered under LCs/guarantees for the purposes of calculating drawing power. It is to be ensured that declared stocks shall not cover borrower’s liability outstanding in form of sundry creditors for goods or covered by LCs/guarantees availed for procurement of material. Similarly, in case bank has provided credit facility against primary security of book debts, net value of debtors (i.e. eligible trade debtors as per terms of sanction less bills discounted with banks) is to be arrived at. It is to be ensured that drawing power is calculated net of stipulated margin. Further, in case of consortium accounts, drawing power calculation and allocation made by lead bank is binding on member banks. The drawing power needs to be calculated carefully in case of working capital advances to companies engaged in construction business. The valuation of work in progress should be ensured in consistent and proper manner. It also needs to be ensured that mobilization advance being received by the contractors is reduced while calculating drawing power. The stock audit including audit of book debts should be carried out by the bank for all accounts having funded exposure of more than stipulated limit. The report submitted by the stock auditors should be reviewed during the course of the audit and special focus should be given to the comments made by the stock auditors on valuation of security and calculation of drawing power. Accounts with Banks should not classify an advance account as NPA merely temporary due to the existence of some deficiencies which are temporary deficiencies in nature such as non-availability of drawing power based on latest available stock statement, balance outstanding exceeding the limit temporarily and non-renewal of limits on the due date. However, stock statements relied upon by the banks © The Institute of Chartered Accountants of India 14.34 ADVANCED AUDITING, ASSURANCE AND PROFESSIONAL ETHICS for determining drawing power should not be older than 3 months. The outstanding in the account based on drawing power calculated from stock statements older than 3 months are considered as irregular. Ensure adherence to these guidelines. Limits not reviewed Accounts where regular/ad hoc limits are not reviewed within 180 days from the due date/date of ad hoc sanction, should be considered as NPA. Auditors should also ensure that the ad hoc/short reviews are not done on repetitive basis. In such cases, auditor can consider the classification of account based on other parameters and functioning of the account. Asset classification Ensure that asset classification is borrower wise and not facility to be borrower wise wise. Therefore, it is to be ensured that all the facilities granted and not facility wise by a bank to borrower will have to be treated as NPA and not particular facility which has become irregular. Further, if debits arising out of devolvement of LC or invoked guarantees are kept in separate account, the outstanding balance should be treated as part of borrower’s principal account for purpose of application of prudential norms on asset classification, income recognition and provisioning. Government If government guaranteed advance becomes NPA, then for the Guaranteed purpose of income recognition, interest on such advance Advances should not to be taken to income unless interest is realized. However, for purpose of asset classification, credit facility backed by Central Government Guarantee, though overdue, can be treated as NPA only when the Central Government repudiates its guarantee, when invoked. This exception is not applicable for State Government Guaranteed advances, where advance is to be considered NPA if it remains overdue for more than 90 days. In case the bank has not invoked the Central Government Guarantee though the amount is overdue for long, the reasoning for the same should be taken and duly reported in LFAR. Agricultural Ensure that NPA norms have been applied in accordance with Advances the crop season determined by the State Level Bankers’ Committee in each State. Depending upon the duration of crops – short term/ long term - raised by an agriculturist, the NPA © The Institute of Chartered Accountants of India SPECIAL FEATURES OF AUDIT OF BANKS & NON-BANKING 14.35 FINANCIAL COMPANIES norms would also be made applicable to agricultural term loans availed of by them. Also ensure that these norms are made applicable to all direct agricultural advances listed in Master Circular on lending to priority sector. In respect of agricultural loans, other than those specified in the circular, ensure that identification of NPAs has been done on the same basis as non-agricultural advances. Provisioning The auditor should check the latest RBI Circulars in this regard. It is Towards Standard be understood that provision for standard assets is also required to be Assets made at variable rates in respect of different sectors for the funded outstanding in accordance with RBI norms as a matter of prudence. The provisions need to be checked in detail with the statement of advances. The bifurcation of standard advances under relevant category for proper calculation of provision should be checked and certified at branches l