Special Features of Audit of Banks & Non-Banking Financial Companies - PDF

Summary

This document provides an overview of special features of auditing in banks and non-banking financial companies. It details learning outcomes and introduces topics like legal frameworks, auditor's reports, and concurrent audits.

Full Transcript

CHAPTER 14
7
SPECIAL FEATURES OF AUDIT
OF BANKS & NON-BANKING
FINANCIAL COMPANIES

UNIT 1 – SPECIAL FEATURES OF AUDIT OF BANKS

LEARNING OUTCOMES

After studying this chapter, you will be able to:
 Gain the knowledge of legal framework, form and content of financial
statements of the banks.
 Know the feature of audit of accounts and auditor’s report.
 Understand CRR, SLR and Capital Adequacy etc.
 Understand the prescribed procedure to be followed while doing
verification of assets and liabilities of the bank.
 Acquire the knowledge of Concurrent Audit and types of activities to be
covered in it.
 Know the role of audit committee in audit of banks.

© The Institute of Chartered Accountants of India
 14.2 ADVANCED AUDITING, ASSURANCE AND PROFESSIONAL ETHICS

UNIT OVERVIEW

Regulatory Framework

Form and Content of F.S.
Format of Audit Report
Audit of Accounts

LFAR
Auditor's Report

Coducting an Audit
Reporting to RBI,
Regulators etc.
Overview

Internal Control in Certain Selected
Areas
Assets and Balances
Verfication
Capital and Liabilities

Scope & its covered Activities

Coverage of Business/Branches
Concurrent Audit
Appointment of Auditors and its
accountability
Audit Committee
Audit Report

Viraj & Associates, an auditing firm of long standing and experience, has been appointed as one
of Statutory Central Auditors of a nationalized bank. Trying to gain understanding of working of
the bank including its internal control along with joint auditors, CA. Mansukh is also involved in
reviewing treasury operations of the bank as part of gaining insight in bank’s working.
Why are treasury operations of a bank significant from point of view of an auditor? Treasury
operations are responsible for processing of all financial market transactions and play a crucial
role in managing risks. Investments and forex & derivatives form two main components of
treasury. In view of regulatory prudential norms on investments, audit of investments becomes
very important as non-compliance with regulations could have a direct and material effect on

© The Institute of Chartered Accountants of India
 SPECIAL FEATURES OF AUDIT OF BANKS & NON-BANKING 14.3
FINANCIAL COMPANIES
financial statements of the bank. He is also trying to gain understanding of General IT controls
and system application controls relating to these as investment function is automated in Bank.
He is also gaining knowledge of various types of deposit products of the bank (like CASA and
term deposits) and process of determination of interest rates and other charges of these deposits
as per rules laid down by bank. Going through bank policy on customer acceptance, procedures
to verify compliance of KYC norms are in offing. Apart from it, planned verification of application
of rate of interest to every deposit product on sample basis is also on the table. Verification of
movement of interest expenses is also in audit plan arsenal.
He is also considering to go through complaints lodged by bank customers. What is necessity to
plan procedures in this respect? Does auditor of a bank have anything to do with customer
complaints? Certainly. It is due to the reason that such complaints may result into material liability
or contingent liability.
CA. Piyush, Partner of P K S D & Associates (joint auditor) is in the process of familiarising himself
with credit recovery policy of the Bank and guidelines of RBI regarding accounting and income
recognition in this respect. He is also considering extent of automation of process relating to
accounting of recovery of credit portfolio of the Bank. Besides, he wants to ensure consistency
in income recognition process relating to order of recovery and its synchronization with internal
policy of the Bank. He is also planning procedures to ensure upgradation of NPAs during the year
in accordance with RBI norms.
Review of activities of Credit monitoring and restructuring department of Bank also falls in
domain of his responsibilities. Why such a review is important for him as an auditor? It is due to
the reason this department is responsible for implementing Bank’s policies relating to credit
monitoring and restructuring. Credit monitoring policy helps in managing credit risks in a
systematic and effective manner. Further, this department may also be responsible for
sanctioning of restructuring of stressed advances in accordance with RBI guidelines.
CA. Gopal, Partner of GSK & Co. (joint auditor) is verifying internal/office accounts of the bank
including sundry/suspense accounts. Why does such verification assume importance? Such
accounts can be used to commit frauds and malpractices like unauthorized opening and
operation of such accounts for affording credits to certain borrower accounts to prevent them
from slipping into NPAs. Opening of such accounts as well as their periodic reconciliation
becomes too significant for Statutory Central Auditors to ignore.

© The Institute of Chartered Accountants of India
 14.4 ADVANCED AUDITING, ASSURANCE AND PROFESSIONAL ETHICS

1. INTRODUCTION
The banking industry is the pivot of any economy and its financial system. Banks are one of the
foremost agents of financial intermediation in an economy like
India and, therefore, development of a strong and resilient
banking system is of utmost importance. The banking
institutions in the country are working in a competitive
environment and their regulatory framework is aligned with the
international best practices. Thus, financial deepening has
taken place in India and continues to be in progress with a focus
on orderly conditions in financial markets while sustaining the
growth momentum.
Banks have certain characteristics distinguishing them from most other commercial enterprises.

Example

Custody of large volumes of monetary items, including cash and negotiable instruments,
whose physical security has to be ensured. This applies to storage and the transfer of
monetary items, making banks vulnerable to misappropriation and fraud, necessitating
establishment of formal operating procedures, well-defined limits for individual discretion
and rigorous systems of internal control.
Engagement in a large volume and variety of transactions in terms of number and value
which necessarily require complex accounting and internal control systems and
widespread use of Information Technology (IT).
Operation through a wide network of geographically dispersed branches and departments
necessitating a greater decentralization of authority and dispersal of accounting and
control functions, with consequent difficulties in maintaining uniform operating practices
and accounting systems, particularly when the branch network transcends national
boundaries.
Assumption of significant commitments without any transfer of funds. These items, called
'off-balance sheet' items, may at times not involve accounting entries and the failure to
record such items may be difficult to detect.
Engagement in transactions that are initiated at one location, recorded at a different
location and managed at yet another location.

© The Institute of Chartered Accountants of India
 SPECIAL FEATURES OF AUDIT OF BANKS & NON-BANKING 14.5
FINANCIAL COMPANIES

Direct Initiation and completion of transactions by the customer without any intervention
by the bank’s employees. For example, over the Internet or mobile or through automatic
teller machines (ATMs).
Integration and linkages of national and international settlement systems could pose a
systemic risk to the countries in which they operate.
Regulatory requirements by governmental authorities often influence accounting and
auditing practices in the banking sector.

Special audit considerations arise in the audit of banks because of:
the particular nature of risks associated with the
transactions undertaken;
the scale of banking operations and the resultant
significant exposures which can arise within short
period of time;
the extensive dependence on IT to process
transactions;
the effect of the statutory and regulatory requirements;
the continuing development of new products and services and banking practices which may
not be matched by the concurrent development of accounting principles and auditing practices.
Evolution of technology and providing services through Net Banking and Mobiles has exposed
banks to huge operational and financial risk.

The auditor should consider the effect of the above factors in designing his audit approach. It is
imperative for Branch Auditors and SCAs (Statutory Central Auditors) to have detailed knowledge
of the products offered and risks associated with them, and appropriately address them in their
audit plan to the extent they give rise to the risk of material misstatements in the financial
statements.
In today’s environment, the banks use different applications to carry out different transactions
which may include data flow from one application to other application; the auditor while designing
his plans should also understand interface controls between the various applications.

© The Institute of Chartered Accountants of India
 14.6 ADVANCED AUDITING, ASSURANCE AND PROFESSIONAL ETHICS

2. LEGAL FRAMEWORK
There is an elaborate legal framework governing the functioning of banks in India. The principal
enactments which govern the functioning of several types of banks are:

Banking
Co-operative Regulation Act,
Societies Act, 1912 1949 State Bank of India
for Co-operative Act, 1955
Banks

Payment and
Reserve Bank of
Settlement
India Act, 1934
Systems Act, 2007

Credit Information
Companies Companies Act,
(Regulation) Act, 2013
2005 Legal Framework for Banks in
India

Securitisation and Banking
Reconstruction of Companies
Financial Assets (Acquisition and
and Enforcement Transfer of
of Security Interest Undertakings) Act,
Act, 2002 1970

Prevention of
Regional Rural
Money Laundering
Banks Act, 1976
Act, 2002 Banking
Companies
Information
(Acquisition and
Technology Act,
Transfer of
2000
Undertakings) Act,
1980

© The Institute of Chartered Accountants of India
 SPECIAL FEATURES OF AUDIT OF BANKS & NON-BANKING 14.7
FINANCIAL COMPANIES
Further, the Reserve Bank of India Act, 1934 gives wide powers to the RBI to give directions to
banks which also have considerable effect on the functioning of banks

3. FORM AND CONTENT OF FINANCIAL STATEMENTS
Every banking company is required to prepare a Balance Sheet and a Profit and Loss Account in
the forms set out in the Third Schedule to the Act or as near thereto as the circumstances admit.
Form A of the Third Schedule to the Banking Regulation Act, 1949, contains the form of Balance
Sheet and Form B contains the form of Profit and Loss Account.

Every banking company needs to comply with the disclosure requirements under the various
Accounting Standards, as specified under section 133 of the Companies Act, 2013, read with Rule
7 of the Companies (Accounts) Rules 2014, in so far as they apply to banking companies or the
Accounting Standards issued by the ICAI. It may be noted that implementation of Indian
Accounting Standards (Ind AS) has been deferred by RBI for all scheduled commercial banks
presently.

It is pertinent to state that preparation of balance sheet of a bank usually involves preparation of
standalone financial statements and consolidated financial statements. Preparation of Standalone
financial statements involve consolidation of branch accounts and incorporation of various
verticals/departments of bank in case of a nationalized bank/public sector bank. The detailed
procedures in this regard may vary from bank to bank. In case of private banks, the processes of
accounting are centralized and there is no concept of mandatory branch audit in accordance with
RBI guidelines.

Public sector banks and private banks are listed on recognized stock exchange and are required
to comply with SEBI regulations including LODR.

3.1 Audit of Accounts & Appointment of Auditor
Sub-section (1) of section 30 of the Banking Regulation Act requires that the balance sheet and
profit and loss account of a banking company should be audited by a person duly qualified under
any law for the time being in force to be an auditor of companies.

© The Institute of Chartered Accountants of India
 14.8 ADVANCED AUDITING, ASSURANCE AND PROFESSIONAL ETHICS

Most banks, especially those in nationalised banks or public sector, appoint four or more
(depending upon their size and Board decision, as per RBI guidelines) firms of chartered
accountants to act jointly as statutory central auditors (SCAs).

The appointment letter sent by banks in connection with the appointment of SCAs
typically contains the following:

Period of appointment.

Particulars of other central auditors.

Particulars of previous auditors.

Procedural requirements to be complied with in accepting the assignment.
Example 1. Letter of acceptance (the letter usually contains, inter alia, averment as to
absence of disqualification for appointment, way in which the audit has to be conducted
and confirmation of present name, constitution and address of the auditor), declaration
of fidelity and secrecy, restriction on accepting other assignments from the bank, etc.

A statement of division of work and review and reporting responsibilities amongst joint
auditors in case of nationalised banks (Generally this is decided at a later stage)

Scope of assignment which includes any special reports or certificates to be given by the
SCAs in addition to the main report.

In case of statutory branch auditors (SBAs), appointment letter is given on similar lines
except in regard to particulars of other auditors and statement of division of work.
However, it is to be noted that statutory branch audit is carried out by a single firm of
chartered accountants.

Authority appointing the Auditors - As per the provisions of the relevant enactments, the auditor
of a banking company is to be appointed at the annual general meeting of the shareholders,
whereas the auditor of a nationalised bank is to be appointed by the concerned bank acting
through its Board of Directors.

In either case, approval of the Reserve Bank is required before the appointment is made.

© The Institute of Chartered Accountants of India
 SPECIAL FEATURES OF AUDIT OF BANKS & NON-BANKING 14.9
FINANCIAL COMPANIES

4. CONDUCTING AN AUDIT
The audit of banks or of their branches involves the following stages –

Initial Considerations Understanding Risk Assessment Execution Reporting
Acceptance & Understanding the Identifying and Engagement Team Independent
Continuance Bank and Its Assessing the Discussions Auditor’s
Declaration of Environment Risks of Material Prepare response Report
Indebtedness including Internal Misstatements to the Assessed Long Form
Internal Assignments in Control Assess the Risk of Risks Audit Report
Banks by Statutory Understand the Fraud including Establish the Report any
Auditors Bank’s Accounting Money Laundering Overall Audit other matters
Terms of Audit Process Assess Specific Strategy to Bank,
Engagements Understanding the Risks Audit Planning Regulator or
Communication with Risk Management Risk Associated Memorandum Government
Previous Auditor Process with Outsourcing Determine Audit
Planning of Activities Materiality
Establish Engagement Consider Going
Team Concern

Stage I: Initial Considerations

Acceptance & Continuance: The assessment of engagement risk is a critical part of the audit
process and should be done prior to the acceptance of an audit engagement since it affects the
decision of accepting the engagement and in planning decisions if the audit is accepted.
Declaration of Indebtedness: The RBI has advised that the banks, before appointing their statutory
central//branch auditors, should obtain a declaration of indebtedness i.e., a written confirmation that
auditor/firm/partners/f/family members have not been declared as wilful defaulters by any
bank/financial institution This is in addition to the declaration regarding absence of disqualifications
stipulated in Section 141 of the Companies Act 2013 which includes borrowing above stipulated
amount. Students may refer Chapter 12 of CA Intermediate Auditing and Assurance Study Material.
Internal Assignments in Banks by Statutory Auditors: The RBI decided that the audit firms
should not undertake statutory audit assignment while they are associated with internal assignments
in the bank during the same year.
Terms of Audit Engagements: SA 210, “Terms of Audit Engagements” requires that for each period
to be audited, the auditor should agree on the terms of the audit engagement with the bank before

© The Institute of Chartered Accountants of India
 14.10 ADVANCED AUDITING, ASSURANCE AND PROFESSIONAL ETHICS

beginning significant portions of fieldwork. It is imperative that the terms of the engagement are
documented, to prevent any confusion as to the terms that have been agreed in relation to the audit
and the respective responsibilities of the management and the auditor, at the beginning of an audit
relationship. This is usually done in the form of engagement letter which is written by the auditor and
acknowledged by the bank.
Communication with Previous Auditor: As per Clause (8) of the Part I of the First Schedule to the
Chartered Accountants Act, 1949, a chartered accountant in practice cannot accept position as
auditor previously held by another chartered accountant without first communicating with him/her in
writing.

Planning: The audit plan needs to be properly documented with respect to timing, extent of
checking, audit procedures to be followed at assertion level and should be flexible and updated or
changed, as and when necessary.
Establish the Engagement Team: The assignment of qualified and experienced professionals is
an important component of managing engagement risk. The size and composition of the engagement
team would depend on the size, nature, and complexity of the bank’s operations.

Stage II : Understanding

Understanding the Bank and Its Environment including Internal Control: An understanding of
the bank and its environment, including its internal control, enables the auditor:
to identify and assess risk;
to develop an audit plan to determine the operating effectiveness of the controls, and to address
the specific risks.

Understand the Bank’s Accounting Process: The accounting process produces financial and
operational information for management’s use and it also contributes to the bank’s internal control.
Thus, understanding of the accounting process is necessary to identify and assess the risks of
material misstatement whether due to fraud or not, and to design and perform further audit
procedures.
Understanding the Risk Management Process: Management develops controls and uses
performance indicators to aid in managing key business and financial risks. An effective risk
management system in a bank generally requires the following:

© The Institute of Chartered Accountants of India
 SPECIAL FEATURES OF AUDIT OF BANKS & NON-BANKING 14.11
FINANCIAL COMPANIES
Oversight by those Identification,
Reliable information
charged with measurement and Control activities Monitoring activities
systems
governance monitoring of risks
Those charged Risks that could A bank should Risk management Banks require
with governance significantly have appropriate models, reliable
(BOD/Chief impact the controls to methodologies information
Executive Officer) achievement of manage its risks, and assumptions systems that
should approve bank’s goals including effective used to measure provide adequate
written risk should be segregation of and manage risk financial,
management identified, duties should be operational and
policies. The measured and (particularly, regularly compliance
policies should be monitored against between front and assessed and information on a
consistent with pre-approved back offices), updated. This timely and
the bank’s limits and criteria accurate function may be consistent basis.
business measurement and conducted by the Those charged
objectives and reporting of independent risk with governance
strategies, capital positions, management unit. and management
strength, verification and require risk
management approval of management
expertise, transactions, information that is
regulatory reconciliation of easily understood
requirements and positions and and that enables
the types and results, setting of them to assess
amounts of risk it limits, reporting the changing
regards as and approval of nature of the
acceptable. exceptions, bank’s risk profile.
physical security
and contingency
planning.

Stage III : Risk Assessment

Identifying and Assessing the Risks of Material Misstatements: SA 315 requires the auditor to
identify and assess the risks of material misstatement at the financial statement level and the
assertion level for classes of transactions, account balances, and disclosures to provide a basis for
designing and performing further audit procedures.

Assess the Risk of Fraud including Money Laundering: As per SA 240 “The Auditor’s
Responsibilities Relating to Fraud in an Audit of Financial Statements”, the auditor’s objective is to
identify and assess the risks of material misstatement in the financial statements due to fraud, to
obtain sufficient appropriate audit evidence on those identified misstatements and to respond
appropriately. The attitude of professional scepticism should be maintained by the auditor to
recognise the possibility of misstatements due to fraud.

The RBI has framed specific guidelines that deal with prevention of money laundering and “Know
Your Customer (KYC)” norms. The RBI has from time to time issued guidelines (“Know Your
Customer Guidelines – Anti Money Laundering Standards”), requiring banks to establish policies,
procedures and controls to deter and to recognise and report money laundering activities.

© The Institute of Chartered Accountants of India
 14.12 ADVANCED AUDITING, ASSURANCE AND PROFESSIONAL ETHICS

Assess Specific Risks: The auditors should identify and assess specific risks of material
misstatement at the financial statement level which refers to risks that relate to the banking industry
and the use of IT therein.
Risk Associated with Outsourcing of Activities: The modern-day banks make extensive use of
outsourcing as a means of both reducing costs as well as making use of services of an expert not
available internally. There are, however, certain risks associated with outsourcing of activities by
banks and therefore, it is quintessential for the banks to effectively manage those risks.
Stage IV: Execution

Engagement Team Discussions: The engagement team should hold discussions to gain better
understanding of bank and its environment, including internal control, and to assess the potential for
material misstatements of the financial statements.
Response to the Assessed Risks: SA 330 “The Auditor’s Responses to Assessed Risks” requires
the auditor to design and implement overall responses to address the assessed risks of material
misstatement at the financial statement level. The auditor should design and perform further audit
procedures whose nature, timing and extent are based on and are responsive to the assessed risks
of material misstatement at the assertion level.
Establish the Overall Audit Strategy: SA 300 “Planning an Audit of financial Statements’’ states
that the objective of the auditor is to plan the audit so that it will be performed in an effective manner.
For this purpose, the audit engagement partner should:

establish the overall audit strategy, prior to the commencement of an audit; and
involve key engagement team members and other appropriate specialists while establishing
the overall audit strategy, which depends on the characteristics of the audit engagement.
Audit Planning Memorandum: The auditor should summarise the team’s audit plan by preparing
an audit planning memorandum in order to:
Describe the expected scope and extent of the audit procedures to be performed by the
auditor.
Highlight all significant issues and risks identified during their planning and risk assessment
activities, as well as the decisions concerning reliance on controls.
Provide evidence that they have planned the audit engagement appropriately and have
responded to engagement risk, pervasive risks, specific risks, and other matters affecting the
audit engagement.

© The Institute of Chartered Accountants of India
 SPECIAL FEATURES OF AUDIT OF BANKS & NON-BANKING 14.13
FINANCIAL COMPANIES
Determine Audit Materiality: The auditor should consider the relationship between the audit
materiality and audit risk when conducting an audit. The determination of audit materiality is a matter
of professional judgment and depends upon the knowledge of the bank, assessment of engagement
risk, and the reporting requirements for the financial statements. Judgments about materiality are
made in light of surrounding circumstances and are affected by the size or nature of a misstatement,
or combination of both.
Consider Going Concern: In obtaining an understanding of the bank, the auditor should consider
whether there are events and conditions which may cast significant doubt on the bank’s ability to
continue as a going concern.

Stage V: Reporting

Students should refer to the reporting requirements explained in heading 8. Auditor’s Report of this
Chapter.
[Note: For detailed understanding of stages involved for conducting an audit, as discussed above,
students may refer Guidance Note on Audit of Banks.]

4.1 Special Considerations in IT Environment
The advent of working in CBS environment in banks coupled with changes in technology, use of
different payment systems and integration of Aadhar for cardless transactions have changed the
way banking used to be in earlier times. However, the technological developments have brought
new challenges for auditors as audit is required to be conducted through the system. Considering
the importance of IT systems in preparation and presentation of financial statements, it is imperative
that bank should share detailed information with auditors like: -

Overall IT policy, structure and environment of Bank’s IT system
Data processing and data interface under various systems
Data integrity and data security

Business Continuity plans and disaster control plans
Accounting manual and critical accounting entries, their processes and involvement of IT systems
Controls over key aspects, use of various account heads, expense booking, overdue identification
etc.
Controls on recording of various e-banking and internet banking products and channels
MIS reports being generated and their periodicity

© The Institute of Chartered Accountants of India
 14.14 ADVANCED AUDITING, ASSURANCE AND PROFESSIONAL ETHICS

Major exception reports and process of generation including embedded logic
Process of generating various information related to various disclosures in financial statements
and involvement of IT systems
Overall review of IT environment and computerized accounting system has to be taken at head office
level. The branch auditors generally do not have access to IT policy and processes implemented by
the bank. Hence, based upon guidance and information received from Statutory central auditors,
branch auditors need to ensure that data review and analysis through CBS is carried out and tests
of controls and substantive checking of sample transactions is carried out at branch level and results
are shared with statutory central auditors.

It is responsibility of statutory central auditors to obtain understanding of IT environment and
various controls put in place by management and evaluate whether controls are operating
effectively. The methodology adopted by the bank in implementing and monitoring controls
should be discussed with head of IT department and based on this understanding, audit
procedures can be designed. The key security control aspects that an auditor needs to address
when undertaking audit in a computerised bank include:
Ensure that authorised, accurate and complete data is made available for processing.
Ensure that in case of interruption due to power, mechanical or processing failures, the
system restarts without distorting the completion of the entries and records.
Ensure that the system prevents unauthorised amendments to the programmes.
Verify whether “access controls” assigned to the staff-working match with the
responsibilities as per manual. It is important for the auditor to ensure that access and
authorisation rights given to employees are appropriate.
Verify that segregation of duties is ensured while granting system access to users and
that the user activities are monitored by performing an activities log review.
Verify that changes made in the parameters or user levels are authenticated.
Verify that charges calculated manually for accounts when function is not regulated
through parameters are properly accounted for and authorised.
Verify that exceptional transaction reports are being authorised and verified on a daily
basis by the concerned officials. It is important for auditor to understand the nature of
exception and its impact on financials.
Verify that the account master and balance cannot be modified/amended/altered except
by the authorised personnel.

© The Institute of Chartered Accountants of India
 SPECIAL FEATURES OF AUDIT OF BANKS & NON-BANKING 14.15
FINANCIAL COMPANIES

Verify that all the general ledger accounts codes authorised by Head Office are in
existence in the system.
Verify that balance in general ledger tallies with the balance in subsidiary book..

4.2 Internal Audit and Inspection
Central audit and inspection department in Banks is a combination of centralized function with some
level of decentralization which is usually headed by a Chief Audit Executive. It is responsible for
undertaking risk-Based Internal Audit (RBIA) as per the framework as stipulated by RBI. It is also
responsible for identification of branches for revenue audit, appointment of concurrent auditors,
deciding their scope, meeting the concurrent auditors, discussing their issues, conducting trainings
if needed, and review of work of concurrent auditors. The primary function is to ensure that the audit
function is handled smoothly, effectively & efficiently.
Risk-based Internal audit is conducted based upon the risk assessment of business and control risks
of branches. The risk assessment process includes: -
Identification of inherent business risks in various activities undertaken by branches
(Business risk)
Assessment of effectiveness of control systems for monitoring inherent risks of business
activities of branch (Control risk)
Making an assessment of level and direction of various risk areas and assess level and
direction of overall business risk and control risk
Drawing up of risk matrix taking into account factors viz. Risk of branch

© The Institute of Chartered Accountants of India
 14.16 ADVANCED AUDITING, ASSURANCE AND PROFESSIONAL ETHICS

5. INTERNAL CONTROL IN CERTAIN SELECTED AREAS
System of Internal Control in Banks: Banks are required to implement and maintain a system of
internal controls for mitigating risks, maintain good governance and to meet the regulatory
requirements. Given below are examples of internal controls that are typically implemented in a
bank:

Area of Focus Examples of Internal Controls in a Bank

General The staff and officers of a bank should be shifted from one position to
another frequently and without prior notice.
The work of one person should always be checked by another person
(usually by an officer) in the normal course of business.
The arithmetical accuracy of the books should be proved
independently every day.
All bank forms (e.g. Cheque books, demand draft/pay order books,
travelers’ cheques, foreign currency cards etc.) should be kept in the
possession of an officer, and another responsible officer should verify
the issuance and stock of such stationery.
The mail should be opened by a responsible officer. Signatures on all
the letters and advices received from other branches of the bank or
its correspondence should be checked by an officer with the signature
book.
The signature book and the telegraphic code book should be kept with
responsible officers and access should be allowed only to authorised
officers.
The bank should take out insurance policies against loss due to all the
risks such as fire, natural calamities, theft and employees’ infidelity.
The financial powers of officers of different grades should be clearly
defined.
There should be surprise inspection of head office and branches at
periodic interval by the internal audit department. The irregularities
pointed out in the inspection reports should be promptly rectified.

Cash Cash should be kept in the joint custody of two responsible officers.
In addition to normal checking by the chief cashier, cash should be
test-checked daily and counted in full occasionally by a responsible

© The Institute of Chartered Accountants of India
 SPECIAL FEATURES OF AUDIT OF BANKS & NON-BANKING 14.17
FINANCIAL COMPANIES
officer other than those handling the cash. Actual cash in hand should
agree with the balance shown by the Day Book every day.
The cashier should have no access to the customer’s ledger accounts
and the Day Book. This is an important safeguard as the Bank
managements are often tempted to use cashiers because of their
shorter working hours as ledger clerks in the absence of regular staff
etc. This can result in substantial losses to the bank.
The counterfoil of cash receipt vouchers (e.g. counterfeits of pay-in-
slips lodged by the depositors) should be signed by an officer in Cash
Department, in addition to the receiving cashier.
Payments should be made only after the vouchers (e.g. cheques,
demand drafts etc.) have been passed for payment by the authorised
officer and have been entered in the customer’s account.
Receipt and payment scrolls or their totals should be compared with
the cash column of the Day-Book by independent persons.
High value cash receipts and payments should be verified by a higher
officer/ branch manager and the excess cash balance should be remitted
to currency chest according to branch’s retention limit on daily basis.

Clearings Under the Cheque Truncation System (CTS) implemented by RBI, an
electronic image of the cheque is transmitted to the paying branch
through the clearing house, along with relevant information like data on
the MICR band, date of presentation, presenting bank, etc. This
effectively eliminates the associated cost of movement of the physical
cheques, reduces the time required for their collection.
As per RBI guidelines, the branch is required to either call the customer
or email him for any cheque received for the amount of ` 5 lakh and
above in respect of inward clearings. The Auditor may verify the
compliance on test check basis.
The Auditor is to check whether signature of the drawer of the cheque
is being verified by the staff or not as else there will be liability of the
paying bank under all circumstances.
The unpaid cheques received in outward clearing should be either sent
to the customers at their recorded address or the customers be
informed to collect the same from bank branch.

Bills for All the documents accompanying the bills should be received and
Collection entered in the Register by a responsible officer. At the time of dispatch,
the officer should also see that all the documents are sent along with
the bills.

© The Institute of Chartered Accountants of India
 14.18 ADVANCED AUDITING, ASSURANCE AND PROFESSIONAL ETHICS

The accounts of customers or principals should be credited only after
the bills have been collected or an advice to that effect received from
the bank branch or agent to which they were sent for collection.
It should be ensured that bills sent by one branch for collection to
another branch of the bank, are not taken in the bills for collection twice
in the amalgamated balance sheet of the bank. For this purpose, the
receiving branch should reverse the entries regarding such bills at the
end of the year for closing purposes.

Bills At the time of purchase of the bills, an officer should verify that all the
Purchased documents of title are properly assigned to the bank.
Sufficient margin should be kept while purchasing or discounting a bill
to cover any decline in the value of the security etc.
If the bank is unable to collect a bill on the due date, immediate steps
should be taken to recover the amount from the drawer against the
security provided.
All irregular outstanding account/s should be reported to the Head
Office.
In the case of bills purchased outstanding at the close of the year the
discount received thereon should be properly apportioned between the
two years.

Loans and The bank should make advances only after satisfying itself as to the
Advances creditworthiness of the borrowers and after obtaining sanction from the
proper authorities of the bank.
All the necessary documents (e.g., agreements, demand promissory
notes, letters of hypothecation, etc.) should be executed by the parties
before advances are made.
Sufficient margin should be kept against securities taken to cover any
decline in the value thereof and to comply with Reserve Bank directives.
Such margins should be determined by the proper authorities of the
bank as a general policy or after detailed scrutiny for specific accounts.
All the securities should be received and returned by responsible
officer. They should be kept in the Joint custody of two such officers.
All securities requiring registration should be registered in the name of
the bank or otherwise accompanied by the documents sufficient to give
title of the bank.
All accounts should be kept within both the drawing power and the
sanctioned limit as per prescribed norms. Additional temporary limit

© The Institute of Chartered Accountants of India
 SPECIAL FEATURES OF AUDIT OF BANKS & NON-BANKING 14.19
FINANCIAL COMPANIES
may be sanctioned, for a maximum of 20% of existing limit and 90 days
maximum tenure.
All the accounts which exceed the sanctioned limit or drawing power or
are against unapproved securities or are otherwise irregular should be
brought to the notice of the Management/Head Office regularly.
The operation (in each advance account) should be reviewed at least
once every year.)

Demand Drafts The signatures on a demand draft should be checked by an officer with
the Signature Book.
All the D.Ds. sold/ issued by a branch should be immediately confirmed
by an advice to the paying branch.
If the paying branch does not receive proper confirmation of any D.D.
from the issuing branch or does not receive credit in its account with
that branch, it should take immediate steps to ascertain the reasons.

Inter Branch The accounts should be adjusted only on the basis of advices (and not
Accounts on the strength of entries found in the statement of account) received
from other branches,
Prompt action should be taken preferably by central authority, if any
entries (particularly debit entries) are not responded to by any branch
within a reasonable time.

Credit Card There should be effective screening of applications with reasonably
Operations good credit assessments.
There should be strict control over storage and issue of cards.
There should be a system whereby a merchant confirms the status of
unutilised limit of a credit-card holder from the bank before accepting
the settlement, in case the amount to be settled exceeds a specified
percentage of the total limit of the card holder.
There should be a system of prompt reporting by the merchants of all
settlements accepted by them through credit cards.
Reimbursement to merchants should be made only after verification of
the validity of merchant’s acceptance of cards.
All the reimbursement (gross of commission) should be immediately
charged to the customer’s account.
There should be a system to ensure that statements are sent regularly
and promptly to the customer.

© The Institute of Chartered Accountants of India
 14.20 ADVANCED AUDITING, ASSURANCE AND PROFESSIONAL ETHICS

There should be a system to monitor and follow-up customers’
payments.
Payments overdue beyond a reasonable period should be identified
and attended to carefully. For defaulting customers, credit should be
stopped by informing the merchants through periodic bulletins, as early
as possible, to avoid increased losses.
There should be a system of periodic review of credit card holders’
accounts. On this basis, the limits of customers may be revised, if
necessary. The review should also include determination of doubtful
amounts and the provisioning in respect thereof.

Example 2
While doing the audit of a branch of XYZ bank for the year ended 31st March 23, it was seen
that the stock statements with the same figures are submitted by borrowers month after
month with a change in the month at the top. These are just filed for formal compliance. Such
things happen because a responsible official does not check the stock statements and get
them entered in in the system, which is a lapse in internal control. Due to such a lapse, neither
the borrower nor bank staff take it sincerely, thus posing a risk of loss to bank.

6. COMPLIANCE WITH CRR AND SLR REQUIREMENTS
(i) Cash Reserve Ratio (CRR) is a specified minimum fraction of the total deposits of customers,
which commercial banks have to hold as reserves either in cash or as deposits with the central bank.
One of the important determinants of cash balances to be maintained by banking companies and
other scheduled banks is the requirement for maintenance of a certain minimum cash reserve.

While the requirement for maintenance of cash reserve by banking companies is contained in the
Banking Regulation Act, 1949, corresponding requirement for scheduled banks is contained in the
Reserve Bank of India Act, 1934.

The RBI, from time to time, reviews the evolving liquidity situation and accordingly decides the rate
of CRR required to be maintained by scheduled commercial banks. Therefore, the auditor needs to
refer to the master circular issued from time to time in this regard to ensure the compliance of CRR
requirements.
(ii) Statutory Liquidity Ratio (SLR) Requirements – SLR is the requirement that every
scheduled commercial bank in India is required to maintain in the form of certain liquid assets such
as gold, cash and government approved securities before providing credit to the customers. The

© The Institute of Chartered Accountants of India
 SPECIAL FEATURES OF AUDIT OF BANKS & NON-BANKING 14.21
FINANCIAL COMPANIES
Reserve Bank of India requires statutory central auditors of banks to verify the compliance with SLR
requirements of 12 odd dates in different months of a fiscal year not being Fridays. The objective of
maintaining SLR is to have an amount in the form of liquid assets which can be used to handle a
sudden increase in demand for the amount from the depositors. The resultant report is to be sent to
the top management of the bank and to the Reserve Bank.

Correctness of the compilation of Maintenance of liquid assets
DTL (Demand and Time Liabilities) as prescribed u/s 24 of
position; and Banking Regulation Act.

Audit Approach and Procedure:

Area of Focus Suggested Audit Procedures

Compliance Obtain an understanding of the relevant circulars/ instructions of the
with CRR and RBI, particularly regarding composition of items of DTL.
SLR
requirements Request the branch auditors to send their weekly trial balance as on
Friday and these are consolidated at the head office. Based on this
consolidation, the DTL position is determined for every reporting
Friday. The statutory central auditor should request the branch
auditors to verify the correctness of the trial balances relevant to the
dates selected by him/her. The branch auditors should also be
specifically requested to examine the cash balance at the branch on
the selected dates.
Examine, on a test basis, the consolidations regarding DTL position
prepared by the bank with reference to the related returns received
from branches. The auditor should examine whether the valuation of
securities done by the bank is in accordance with the guidelines
prescribed by the RBI.
While examining the computation of DTL, specifically examine that
items have been excluded from liabilities as per RBI guidelines. Some
of these items are:-
Paid up capital, reserve, any credit balance in profit & loss account of
bank, amount of loan taken from RBI and amount of refinance taken
from EXIM bank, NHB, SIDBI and NABARD
o Part amounts of recoveries from the borrowers in respect of
debts considered bad and doubtful of recovery.
o Amounts received in Indian currency against import bills and
held in sundry deposits pending receipts of final rates.

© The Institute of Chartered Accountants of India
 14.22 ADVANCED AUDITING, ASSURANCE AND PROFESSIONAL ETHICS

o Un-adjusted deposits/balances lying in link branches for
agency business like dividend warrants, interest warrants,
refund of application money, etc., in respect of
shares/debentures to the extent of payment made by other
branches but not adjusted by the link branches.
o Margins held and kept in sundry deposits for funded facilities.
Similarly, specifically examine that the items have been included in
liabilities as per RBI guidelines. Some of these items are:-
o Net credit balance in branch adjustment accounts.
o Borrowings from abroad by banks in India needs to be
considered as ‘liabilities to other’ and thus, needs to be
considered at gross level unlike ‘liabilities towards banking
system in India’, which are permitted to be netted off against
‘assets towards banking system in India’. Thus, the adverse
balances in Nostro Mirror Account needs to be considered as
‘Liabilities to other’.
o The reconciliation of Nostro accounts (with Nostro Mirror
Accounts) needs to be scrutinized carefully to analyze and
ascertain if any inwards remittances are received on behalf of
the customers / constituents of the bank and have remained
unaccounted and / or any other debit (inward) entries have
remained unaccounted and are pertaining to any liabilities for
the bank.
Examine whether the consolidations prepared by the bank include the
relevant information in respect of all the branches.
It may be noted that, even though interest accrues daily, it is recorded
in the books only at periodic intervals. Thus, examine whether such
interest accrued but not accounted for in books is included in the
computation of DTL.
The auditor at the central level should apply the audit procedures
listed above to the overall consolidation prepared for the bank as a
whole. Where such procedure is followed, the central auditor should
adequately describe the same in the report.
While reporting on compliance with SLR requirements, the auditor
should specify the number of unaudited branches and state that
he/she has relied on the returns received from the unaudited branches
in forming an opinion. Recently, there has been introduction of
Automated Data Flow (ADF) for CRR & SLR reporting and the auditors
should develop necessary audit procedures around this.

© The Institute of Chartered Accountants of India
 SPECIAL FEATURES OF AUDIT OF BANKS & NON-BANKING 14.23
FINANCIAL COMPANIES

7. VERIFICATION OF ASSETS
Before beginning verification of assets and balances, the auditor should obtain an accurate schedule
of accounts in the prescribed format. The following are the steps involved in verification of assets
and balances. -
I. CASH, BANK BALANCES AND MONEY AT CALL AND SHORT NOTICE - The Third
Schedule to the Banking Regulation Act, 1949, requires disclosures to be made in the balance
sheet regarding cash, balances with Reserve Bank of India, balances with other banks and
money at call and short notice. Audit approach and audit procedures in respect of these
items is discussed as under: -

Balances with
Balances with Money at Call and
Cash Reserve Bank of
Other Banks Short Notice
India

Audit approach: The auditor’s basic objective in verification of these items is their existence
and completeness as on date of balance sheet and audit procedures have to be tailored to
meet these. Remember that cash would be appearing in balance sheet of almost all
branches. However, in most of the branches of a bank, there will be no bank account requiring
reporting except in branches with treasury operations. Similarly, activity pertaining to money
at call and short notice is handled by treasury department of the bank at head office level.
Banks have a robust system of internal controls pertaining to cash like joint custody of two
responsible officers, checking of cash at periodic intervals etc due to higher risk of
misappropriation. Similarly, the balance with other banks (in case of applicable branches) are
reconciled periodically. The auditor has to be satisfied about effective operation and
implementation of internal controls in this area.
Audit Procedures:

Area of Focus Suggested Audit Procedures

Cash Carry out the physical verification of cash (including foreign
currency, if any, cash at ATM and cash at cash deposit
machines) as close to the balance sheet date as possible.
The cash balance as physically verified should be agreed
with the balance shown in the cash register/balance in
CBS.

© The Institute of Chartered Accountants of India
 14.24 ADVANCED AUDITING, ASSURANCE AND PROFESSIONAL ETHICS

Balance with Verify the ledger balances in each account with reference to
Reserve Bank of the bank confirmation certificates and reconciliation
India statements as at the year-end.
Review the reconciliation statements, paying special
attention to the following items appearing in the
reconciliation statements:
o Cash transactions remaining unresponded;
o Revenue items requiring adjustments/write-offs; and
o Other credit and debit entries originated in the
statement provided by RBI remaining unresponded
for more than 15 days.

Balance with Apart from the procedures described above in examining the
Other Banks balances with Reserve Bank of India, while reviewing the
(Other than reconciliation statements, the auditor should pay particular attention
Reserve Bank of to the following.
India)
Examine that no debit for charges or credit for interest is
outstanding and all the items which ought to have been taken
to revenue for the year have been so taken.
Examine that no cheque sent or received in clearing is
outstanding.
Examine that all bills or outstation cheques sent for collection
and outstanding as on the closing date have been credited
subsequently.
Examine large transactions in inter-bank accounts to ensure
that no transactions have been put through for window-
dressing particularly towards the close of year.
The balances with banks outside India should also be verified in the
manner described above. These balances should be converted into
the Indian currency at the exchange rates prevailing on the balance
sheet date

Money at Call and Examine whether there is a proper system of authorisation,
Short Notice general or specific, for lending of the money at call or short
notice. Compliance with the instructions or guidelines laid
down in this behalf by the head office or controlling office of
the branch, including the limits on lending’s in inter-bank call
money market should also be examined.
Call loans should be verified with the certificates of the

© The Institute of Chartered Accountants of India
 SPECIAL FEATURES OF AUDIT OF BANKS & NON-BANKING 14.25
FINANCIAL COMPANIES
borrowers and the call loan receipts held by the bank.
Examine whether the aggregate balances comprising this
item as shown in the relevant register tally with the control
accounts as per the general ledger.
Examine subsequent repayments received from borrowing
banks to verify the amounts shown under this head as at the
year-end. It may be noted that call loans made by a bank
cannot be netted-off against call loans received.
Verify that the interest has been properly accrued and
accounted for on year-end outstanding balances of call/
short notice money.

II. INVESTMENTS
Audit approach:

The auditor’s primary objective in audit of investments is to satisfy himself as to their existence,
ownership and valuation. Examination of compliance with statutory and regulatory requirements is
also an important objective in audit of investments in as much as non-compliance may have a direct
and material effect on the financial statements. The latter aspect assumes special significance in
the case of banks where investment transactions should be carried out within the numerous
parameters laid down by the relevant legislation and directions of the RBI. The auditor should keep
this in view while designing audit procedures relating to investments. Every bank has their own
investment policy, which is drawn strictly in conjunction with RBI Master circular on investments.
The entire compliance needs to be evaluated in terms of requirements of investment policy read with
master circular RBI
Audit Procedures:

Area of Focus Suggested Audit Procedures

Internal Control Review the investment policy of the bank to ascertain that the
Evaluation and policy conforms, in all material respects, to the RBI’s
Review of Investment guidelines as well as to any statutory provisions applicable to
Policy the bank.
It should clearly outline the broad investment objectives
separately for the investments on its own account and
investments on behalf of customers.

Separation of Check the segregation of duties within the bank staff in terms
Investment Functions of executing trades, settlement and monitoring of such trades,

© The Institute of Chartered Accountants of India
 14.26 ADVANCED AUDITING, ASSURANCE AND PROFESSIONAL ETHICS

and accounting of the same (generally termed as front office,
middle office and back-office functions’ segregation).

Examination of Examine the reconciliation of the investment account,
Reconciliation physically verify the securities on hand, obtain confirmations
from counter-party banks for Bank Receipts (BRs) issued by
such banks and on hand, obtain confirmation of Subsidiary
General Ledger (SGL) balances with the Public Debt Office
(PDO), and examine the control and reconciliation of BRs
issued by the bank.

Examination of Ascertain whether the investments made by the bank are
Documents within its authority.
Ensure that any other covenants or conditions which restrict
qualify or abridge the right of ownership and/or disposal of
investments, have been complied with by the bank.
The acquisition/disposal of investments should be verified
with reference to the broker’s contract note, bill of costs,
receipts and other similar evidence.

Physical Verification Verify the investment scrips physically at the close of
business on the date of the balance sheet.
Verify investments held with public debt office of RBI,
custodians and depository with the statement of holdings as
on date of balance sheet. Independent balance confirmation
requests can be made in accordance with SA-505. In case
independent confirmations are not received back, alternative
audit procedures like getting bank personnel to download
investment statement from E-Kuber for government securities
(E-Kuber is CBS platform of RBI) in auditor’s presence can
be designed.
In respect of BRs issued by other banks and on hand with the
bank at the year-end, the auditor should examine
confirmations of counterparty banks about such BRs. Where
any BRs have been outstanding for an unduly extended
period, the auditor should obtain written explanation from the
management for the reasons thereof. The auditor should
examine the reconciliation of BRs issued by the bank. BRs
should not be issued in respect of transactions in government
securities for which SGL facility is available.
If certain securities are held in the names of nominees, the
auditor should examine whether there are proper transfer

© The Institute of Chartered Accountants of India
 SPECIAL FEATURES OF AUDIT OF BANKS & NON-BANKING 14.27
FINANCIAL COMPANIES
deeds signed by the holders and an undertaking from them
that they hold the securities on behalf of the bank.

Examination of Examine that entire investment portfolio of bank is classified
classification and under three categories i.e.HTM, HFT and AFS and shifting of
shifting securities is as per regulatory norms and laid down policy.
Examine whether the shifting of the investments from
‘available for sale’ to ‘held to maturity’ is duly approved by the
Board of Directors of the bank.

Examination of Examine whether the method of accounting followed by the
Valuation bank in respect of investments, including their year-end
valuation, is appropriate.
Examine whether the investments have been properly
classified into the three categories at the time of acquisition
based on such intention as evidenced by the decision of the
competent authority such as Board of directors, Asset Liability
Committee (ALCO) or Investment Committee.
Examine compliance by the bank with the guidelines of the
RBI relating to valuation of investments.
Verify that investments are classified as non-performing
investments (NPI) as per applicable RBI guidelines. (Non-
performing investments are those where interest/principal is
in arrears and remains unpaid for more than 90 days). In such
cases, banks have not to reckon income on securities and are
required to make provisions for depreciation in value of
investment.
Examine whether income from investments is properly
accounted for. This aspect assumes special importance in
cases where the bank has opted for receipt of income through
the electronic/on line medium.
Verify whether adequate disclosure of any change in method
of valuation of investment is made.
Examine whether the profit or loss on sale of investments has
been computed and accounted for properly.
Verify that there is a proper system for recording and
maintenance of TDS certificates received by the bank.

Dealings in Securities Examine whether prior approvals for carrying out such
on Behalf of Others dealings have been obtained.

© The Institute of Chartered Accountants of India
 14.28 ADVANCED AUDITING, ASSURANCE AND PROFESSIONAL ETHICS

Examine whether bank’s income from such activities has
been recorded and is fairly stated in the bank’s financial
statements.
Consider whether the bank has any material undisclosed
liability from a breach of its fiduciary duties, including the
safekeeping of assets.

Special-purpose Examine whether the bank is maintaining separate accounts
Certificates Relating for the investments made by it on their own Investment
to Investments Account, on PMS clients’ account, and on behalf of other
constituents (including brokers).
As per the RBI guidelines, banks are required to get their
investments under PMS separately audited by external
auditors.

Audit, Review and Reporting: Banks should undertake half-yearly reviews (as of 30th September
and 31st March) of their investment portfolio. These half yearly reviews should not only cover the
operational aspects of the investment portfolio but also clearly indicate amendments made to the
investment policy and certify the adherence to laid down internal investment policy and procedures
and RBI guidelines.
The internal auditors are required to separately conduct the concurrent audit of treasury transactions
and the results of their report should be placed before the CMD once every month. Banks need not
forward copies of the internal audit report to RBI. However, major irregularities observed in these
reports and position of compliance thereto may be incorporated in the half yearly review of the
investment portfolio.
III. ADVANCES
The Third Schedule to the Act requires classification of advances made by a bank from three
different angles, viz., nature of advance (like cash credit, overdrafts or term loans or bills purchased
and discounted), nature and extent of security(like secured by tangible assets or covered by
bank/govt guarantees), and and place of making advance (i.e. Whether in India or outside India).
Further, advances in India are also to be classified also on sectoral basis (like priority sector or
public sector).
Audit Approach: Advances generally constitute the major part of the assets of the bank. There are
substantial number of borrowers to whom variety of advances are granted. The audit of advances
requires the major attention from the auditors. The auditor is primarily concerned with obtaining
evidence about the following while carrying out audit of advances:-

© The Institute of Chartered Accountants of India
 SPECIAL FEATURES OF AUDIT OF BANKS & NON-BANKING 14.29
FINANCIAL COMPANIES
Amounts included in the balance sheet in respect of advances are outstanding at the date of
balance sheet

Advances represent amounts due to the bank
Amounts due to the bank are appropriately supported by loan documents
There are no unrecorded advances

The stated basis of valuation of advances is appropriate and properly applied and
recoverability of advances is recognized in their valuation.
Advances are disclosed, classified and described in accordance with recognized accounting
policies and practices and relevant statutory and regulatory requirements
Appropriate provisions towards advances are made as per RBI norms, accounting standards
and generally accepted accounting practices
It would be worth recalling that there exists elaborate and detailed control system &
procedure in banks pertaining to appraisal, sanctioning, documentation, disbursal, review,
monitoring and supervision of advances. Audit approach of advances should encompass
designing appropriate audit procedures to obtain audit evidence in all these areas.
Audit Procedures - In carrying out audit of advances, the auditor is primarily concerned with
obtaining evidence about the following:

Area of Focus Suggested Audit Procedures

Evaluation of Examine area of credit appraisal and verify whether laid down
Internal Controls procedures regarding credit appraisals including loan
over Advances applications, preparation of proposals, obtaining satisfaction
about credit worthiness of borrowers are being followed;
Examine advances are sanctioned according to delegated
authority;
Examine all necessary loan documents have been executed after
sanction but before disbursals are made to borrowers;
Examine compliance with stipulated terms of sanction and end
use of funds more particularly in case of term loans;
Examine existence, enforceability and valuation of securities. In
respect of securities requiring registration, examine this area
also;
Examine the validity of the recorded amounts;

© The Institute of Chartered Accountants of India
 14.30 ADVANCED AUDITING, ASSURANCE AND PROFESSIONAL ETHICS

Review operations of the accounts and look for adverse features
like unauthorised over drawings beyond limits;
Examine whether system laid down in bank for review/renewals
of advances is being followed;
Review whether drawing power is being calculated properly on
basis of stock/book debt statements received from borrowers as
stipulated in respective sanction letters;
Ensure compliance with Loan Policy of Bank as well as
prudential norms of RBI including appropriate asset classification
and provisioning.

Substantive Audit Verify correctness of master data of loan accounts updated in
Procedures CBS. Check parameters like instalments, EMI, rate of interest,
tenure of loans etc.
Verify that each customer of bank is tagged under single
customer id in respect of all its accounts including those in which
credit facilities are granted.
Examine all large advances while other advances may be
examined on a sample basis.
Examine accounts identified to be problem accounts but which
have not yet slipped into NPA category. This can be done by
obtaining list of SMA1 and SMA2 borrowers from the bank and
same can be considered for selection of problematic accounts.
Examine those accounts which have been adversely commented
upon by concurrent auditors/bank’s internal inspection/RBI
inspection team.
Examine list of restructured accounts to ensure that restructure
is as per RBI guidelines. Remember restructured account
portfolio requires additional provisioning.
Examine quick/early mortality accounts. Any advance slippage to
NPA within 12 months of its sanction is called as quick/early
mortality case.
Verify completeness and accuracy of interest being charged.
Carry out appropriate analytical procedures.

Recoverability of Review periodic statements submitted by the borrowers
Advances indicating the extent of compliance with terms and conditions.
Review latest financial statements of borrowers.

© The Institute of Chartered Accountants of India
 SPECIAL FEATURES OF AUDIT OF BANKS & NON-BANKING 14.31
FINANCIAL COMPANIES
Review reports on inspection of security.
Review auditor’s reports in case of borrowers having credit
facilities from the banking system beyond a cut-off limit fixed by
board of directors of bank

Example 3
FT Cooperative Bank lent housing loan of ` 1 crore to Rahul, for an under construction flat.
The project was still incomplete and the builder absconded. It turned out that the builder had
taken a loan from another bank for the entire property on the basis of an equitable mortgage.
Since equitable mortgage is not registered, FT bank was unable to trace the loan taken by the
builder and therefore the borrower Rahul and FT bank both suffered.
It would be a better idea to first approve the builder after thoroughly examining his
credentials, past performances etc., and then only consider giving loans to buyers of his flats
to minimize such risks. In fact many banks nowadays do this. Somehow FT Coop bank did
not take the precaution and landed in trouble. Further, CIBIL records of the builder also could
have been checked. Loan sanctioning should not become a mere “tick the box” process.

Verification of asset classification, income recognition and Provision for Non-performing
assets: An important aspect of audit of advances relates to their asset classification and provisioning
(for provisioning norms refer Chapter 12 of Intermediate Auditing & Assurance Study Module). This
implies that advances are classified in accordance with prudential norms on asset classification,
income is recognized on actual record of recovery and a proper provision should be made in respect
of advances where the recovery is doubtful.
Audit approach
The Reserve Bank has prescribed objective norms for determining the quantum of provisions
required in respect of advances. The auditors must take / download the latest Master Circular of RBI
to familiarise himself fully with the norms prescribed by RBI in this regard. The circulars issued by
RBI after the date of issue of Master Circular and till the date of audit should also be taken /
downloaded and reviewed by the auditors for its adherence. However, these norms should be
construed as laying down the minimum provisioning requirements and wherever a higher provision
is warranted in the context of the threats to recovery, such higher provision should be made.
In this regard, the provisions of section 15 of the Banking Regulation Act, 1949 may be noted. This
section, which applies to banking companies, nationalised banks, State Bank of India and regional

© The Institute of Chartered Accountants of India
 14.32 ADVANCED AUDITING, ASSURANCE AND PROFESSIONAL ETHICS

rural banks, requires the bank concerned to make adequate provision for bad debts to the
satisfaction of its auditor before paying any dividends on its shares.
It may be noted that verification of applicable prudential norms on asset classification, income
recognition and provisioning is an important responsibility of statutory branch auditor as well as
statutory central auditor.
Area of Focus Suggested Audit Procedures
Classification and Verify whether bank has a system of ongoing identification and
Provision classification of advances through CBS without manual
intervention and its accuracy in crystallising date of NPA.
Examine whether the classification made by the branch is
appropriate. Particularly, examine the classification of advances
where there are threats to recovery.
Examine whether the secured and the unsecured portions of
advances have been segregated correctly and provisions have
been calculated properly.
Review and compare the date of NPA of loan accounts
mentioned in current year statements with that of previous year.
Reasons for any change should be ascertained.

Accounts regularized As per the Reserve Bank guidelines, if an account has been
near Balance sheet regularised before the balance sheet date by payment of overdue
date amount through genuine sources, the account need not be treated as
NPA. Where, subsequent to repayment by the borrower (which makes
the account regular), the branch has provided further funds to the
borrower (including by way of subscription to its debentures or in other
accounts of the borrower), the auditor should carefully assess whether
the repayment was out of genuine sources or not. Where the account
indicates inherent weakness based on the data available, the account
should be deemed as NPA. In other genuine cases, the banks must
furnish satisfactory evidence to the Statutory Auditors about the
manner of regularisation of the account to eliminate doubts on their
performing status.
It is to be ensured that the classification is made as per the position
as on date and hence classification of all standard accounts be
reviewed as on balance sheet date. The date of NPA is significant to
determine the classification and hence specific care be taken in this
regard. NPA should be recognized only based on concept of Past Due/

© The Institute of Chartered Accountants of India
 SPECIAL FEATURES OF AUDIT OF BANKS & NON-BANKING 14.33
FINANCIAL COMPANIES
Overdue concept, and not based on the Balance Sheet date.
Drawing Power Ensure that the drawing power is calculated as per the extant
Calculation guidelines (i.e. the Credit Policy of the Bank) formulated by the
Board of Directors of the respective bank and agreed upon by
the concerned statutory auditors reflected from respective
sanction letters
Special consideration should be given to proper reporting of
sundry creditors and stocks covered under LCs/guarantees for
the purposes of calculating drawing power. It is to be ensured
that declared stocks shall not cover borrower’s liability
outstanding in form of sundry creditors for goods or covered by
LCs/guarantees availed for procurement of material. Similarly,
in case bank has provided credit facility against primary security
of book debts, net value of debtors (i.e. eligible trade debtors
as per terms of sanction less bills discounted with banks) is to
be arrived at. It is to be ensured that drawing power is
calculated net of stipulated margin. Further, in case of
consortium accounts, drawing power calculation and allocation
made by lead bank is binding on member banks.
The drawing power needs to be calculated carefully in case of
working capital advances to companies engaged in
construction business. The valuation of work in progress should
be ensured in consistent and proper manner. It also needs to
be ensured that mobilization advance being received by the
contractors is reduced while calculating drawing power.
The stock audit including audit of book debts should be carried
out by the bank for all accounts having funded exposure of
more than stipulated limit. The report submitted by the stock
auditors should be reviewed during the course of the audit and
special focus should be given to the comments made by the
stock auditors on valuation of security and calculation of
drawing power.
Accounts with Banks should not classify an advance account as NPA merely
temporary due to the existence of some deficiencies which are temporary
deficiencies in nature such as non-availability of drawing power based on
latest available stock statement, balance outstanding
exceeding the limit temporarily and non-renewal of limits on the
due date. However, stock statements relied upon by the banks

© The Institute of Chartered Accountants of India
 14.34 ADVANCED AUDITING, ASSURANCE AND PROFESSIONAL ETHICS

for determining drawing power should not be older than 3
months. The outstanding in the account based on drawing
power calculated from stock statements older than 3 months
are considered as irregular. Ensure adherence to these
guidelines.
Limits not reviewed Accounts where regular/ad hoc limits are not reviewed within
180 days from the due date/date of ad hoc sanction, should be
considered as NPA. Auditors should also ensure that the ad
hoc/short reviews are not done on repetitive basis. In such
cases, auditor can consider the classification of account based
on other parameters and functioning of the account.
Asset classification Ensure that asset classification is borrower wise and not facility
to be borrower wise wise. Therefore, it is to be ensured that all the facilities granted
and not facility wise by a bank to borrower will have to be treated as NPA and not
particular facility which has become irregular. Further, if debits
arising out of devolvement of LC or invoked guarantees are
kept in separate account, the outstanding balance should be
treated as part of borrower’s principal account for purpose of
application of prudential norms on asset classification, income
recognition and provisioning.
Government If government guaranteed advance becomes NPA, then for the
Guaranteed purpose of income recognition, interest on such advance
Advances should not to be taken to income unless interest is realized.
However, for purpose of asset classification, credit facility
backed by Central Government Guarantee, though overdue,
can be treated as NPA only when the Central Government
repudiates its guarantee, when invoked. This exception is not
applicable for State Government Guaranteed advances, where
advance is to be considered NPA if it remains overdue for more
than 90 days.
In case the bank has not invoked the Central Government
Guarantee though the amount is overdue for long, the
reasoning for the same should be taken and duly reported in
LFAR.
Agricultural Ensure that NPA norms have been applied in accordance with
Advances the crop season determined by the State Level Bankers’
Committee in each State. Depending upon the duration of crops
– short term/ long term - raised by an agriculturist, the NPA

© The Institute of Chartered Accountants of India
 SPECIAL FEATURES OF AUDIT OF BANKS & NON-BANKING 14.35
FINANCIAL COMPANIES
norms would also be made applicable to agricultural term loans
availed of by them. Also ensure that these norms are made
applicable to all direct agricultural advances listed in Master
Circular on lending to priority sector.
In respect of agricultural loans, other than those specified in the
circular, ensure that identification of NPAs has been done on
the same basis as non-agricultural advances.
Provisioning The auditor should check the latest RBI Circulars in this regard. It is
Towards Standard be understood that provision for standard assets is also required to be
Assets made at variable rates in respect of different sectors for the funded
outstanding in accordance with RBI norms as a matter of prudence.
The provisions need to be checked in detail with the statement of
advances. The bifurcation of standard advances under relevant
category for proper calculation of provision should be checked and
certified at branches l