RISK BASED AUDIT IN BANKS

(with relevance to bank branch)

 Outcomes

• Understanding RBIA

• Understanding approach and methodology of RBIA

• Comprehending various vulnerable areas of control lapses to

be seen audit
 Change in approach in concurrent Audit

Earlier- transaction testing Now Risk based auditing

• Reliability of
•Assessment of
accounting
Business risk in
• Integrity Timeliness of
activities undertaken
control reports
by bank.
• Adherence to
•Evaluation of Control
regulatory norms
Risk
•Transaction testing
 Scope of RBIA
• It should report
– Proper recording and reporting of Major excess
and exceptions
• The extent of transaction testing would be
on the basis risk profile of the bank/branch.
• Identification of risk in functions
• Evaluation of risk
• Making an assessment of level and direction
of various risk
• Drawing up Risk matrix of the branch.l
 Risk at Branch level

Risk Classification

Business Risk Control Risk

 Business Risk

Credit Risk Operational Earning

Risk Risk
 Control
Risk

Business/ Branch
Compliance
Operational Management
management

Credit Non Computer

Function credit Function
Function

General Security
 Risk score methodology(Illustrative)
Business Risk
Individual Risk Scale Risk score
Parameter
Fresh slippage in 0% 0-20
NPA’s (Amt wise %) >0% to 0.50% 21-40
>0.50% to 1% 41-60
>1% 61-70
Total Business Risk xxx
score

Control risk

Parameter Risk weight Marks Risk

(1-5) Scale score
(2-10) (WXM)
Adherence to 5 5 25
loaning power
Total control risk xxx
score
 Risk categories and Scale (Illustrative)

Business Risk Control Risk

Upto 30% Score Low Risk Upto 30% Score

30-60% Score Medium Risk 30-50% Score

>60% Score High Risk >50% Score

 Overall Risk Summary
BUSINESS CONTROL RISK
RISK
Maximum Marks 1000 1000

Marks Obtained

Risk score
(Marks Obtained as %age
of max Marks)
Risk Category
DIRECTION OF RISK
 Risk Matrix

A B C
High Very High Extremely High
High
Inherent Business Risk

Risk Risk Risk

D D F
Medium High Very High
Medium Risk Risk Risk

G H F
Low Medium High
Low Risk Risk Risk

Control Risks
 CREDIT RISK

Portfolio Risk Default Risk

Internal Factors
External Factors
•Deficient loan policies
•Economy
•Deficient Administration
•Price Swings of Commodities
•Absence of Prudential Credit Policy norms
•Foreign Exchange Rate
•Absence of Credit Concentration limit
•Interest Rates
•Inadequate lending limits to officers
•Trade Restrictions
•Deficiency in appraisal
•Excessive dependence on collaterals
•Inadequate risk pricing
•Absence of loan review
•Deficient Post Sanction Surveillance
 Business risk-Credit function
• Credit Growth
– No of new Accounts from earlier period
– Migration of Accounts
• Composition & credit concentration
– Segment/Industry
– Borrower wise
– Sensitive sectors
• Credit quality
– %Gross NPA to Total Advances
– Fresh Slipages
– Irregular Accounts to Total Advances
– Infant mortality

• Credit risk of off balance sheet Items

 RECENT INDUSTRY OUTLOOK AS PER ICRA
(Valuable for auditors for identification of credit
risk)
Industry Outlook Key Issues

Real Estate & Negative •No respite on raw material front

Construction •Shortage of labour and funds
•Difficulty in accessing bank funding
•Increased reliance on Non-traditional
sources (NBFCs, Private Equity Funds,
etc.)
Auto Stable •Increased focus on cost compression
Ancillaries •Slow demand recovery
Cement Positive •Increase in demand owing to recovery
in economy, low base effect, etc.
Industry Outlook Key Issues

Oil & Gas Stable •Favorable domestic demand-supply

scenario
•Proposed rise in natural gas price
•Downstream players expected to
witness fall in under-recovery levels
•Regulatory clarity on the powers of The
Petroleum and Natural Gas Regulatory
Board(PNGRB) is required.

Textiles Negative •Companies face risk emanating from

policy changes by China for cotton
procurement
•This might affect export demand of
Indian yarn
Industry Outlook Key Issues

Auto Positive •Recovery in volume of commercial

vehicles supported by replacement
demand, reduction in excise duty, low
base effect, etc.
•Increased focus on exports by OEMs
(Passenger Vehicles)
Telecom Positive •Restoration of pricing powers
•Continued uptick in the data services
•Leveraging of leading telcos increased
driven mainly by debt funding (auction-
determined payouts & sizeable capital
expenditure)
•Gradual organic de-leveraging is
expected
 Earnings risk- Business strategy risk
• Low cost deposit target achievement
• Increase/Decrease in low cost deposit(SF+CA)
• Credit % budget achievement
• Priority sector advance (% Budget Achievement)
• Profit (% Budget Achievement)
• Disbursement in Retail lending (% Budget Achievement)
• Average cost of deposit
• Average return on advances
• Non Interest income growth
• Avg business per employee
• Revenue leakage(% to total profits during review period)
• Reduction in controllable expenses
 Operational Risk
• Depositors with >1% share
• Non-Compliant A/c
• Instances of Window Dressing
• Alternate Delivery Channels(Mobile,
Internet, POS, ATM, NEFT, RTGS, Credit/
Debit Card)
• Record maintaining & Loss Data
• Cases lodged to Ombudsman
• Penalties imposed in courts, IT, Consumer
forum, etc.
• Frauds detected & recovery made
• Outsourcing/ Other Service Providers
– Maintenance of ATM/ Computer
– Courier
– Security Guard
– Maintenance of SFF lockers
– Recovery Agents
– Other services like Sweepers
Control Risk
 Control Risk

Credit function
•Exercise of loaning power
•Pre sanction appraisal
•Documentation & creation of charge
•Mortgages
•Post sanction monitoring and follow-ups
•Bill purchased/ Discounted
•NPA management
•Revenue audit in credit
 Non miss-out areas in credit audit
Credit:
• Pre sanction
• CIBIL not checked and Negative CIBIL settlement must be justified in
writing + NOC (FS)
• RBI default list, KYC, statement of Bank A/c, other returns like IT,VAT must
be confirmed.(FS)
• Assessment done on old B/s.
• B/s Sheet sensitive items
– Unsecured loans
– No impairment of assets, No accounting policies , no bank name in B/s
disclosure for charges created.
– No justification of qualified audit reports.
– No disclosure/assessment of contingent liab.
– High variations in sales +sales not commensurate with Credit
summations.
– FD against BG to be considered as non current Asset.
– Proper calculation of NWC.
– Unmoved advances to supplier- Non current
•
Contd
• Credit report in current account is also required.
• Business cycle assessment not done.
• No justification obtained for sudden shift of figures
(sales, Profit, Debtors, stock) in projections given and
actual B/s submitted.
• Assigned LIC policies under sec.6 of Married women’s
Property Act.
• Guidelines of takeover of loans followed.
• Diversion of short term funds to long term assets must
be justified in writing.
• EMI’s to residual income in the hands of borrowers.
• Valuer’s qualification and approved jewelers.
Post sanction:
• End use of funds not checked with proof (ND)
• Original title deeds, valuation report to be kept on record.
Valuation may be done on renewal also.(ND).large accounts
vetting by advocate for validity of documentation
• Overdue renewals- No follow up , renewal on old balance
sheets, Provisional B/s and actual differs significantly.
• Adhoc limits given only in eligible cases with justification
from borrower in writing must be obtained. No loaning
power has been exceeded (ND)
• Stock statement not received/checked over 3 mnths
still operations are allowed.(FS)
• Limitation expired during next 12 months
• Acknowledgement of debts & Balance confirmation
taken from borrowers and from legal heirs in case of
death of borrower regularly.(ND)
• Changes in partnership/director – deed must be
obtained on every review/renewal –change in internal
environment of the borrower
• Non claiming subsidy on eligible loan accounts
• Visit report: must address business risk of the
borrower ,

• Bill discounted : LR of only approved transporters+

Accomodation bills are not purchased

• BG’s are properly worded and recorded in Bank

registers + limitation clause must be entered .
• Delay in insurance -Un-insured period, all risks not
covered

• In case of staff veh.loan joint registration is

obtained+ in case of staff loan Int rate modified after
retirement or resignation.(FS)

• No process of balance confirmation from debtors at

borrowers level
• Diversification of funds
• Overdue accounts brought in limit temporarily and
subsequently allowed to be withdrawn.
• Creation of charge-latest documents must be obtained
and on renewal also it must be obtained.(FS)
• Limits to be adjusted especially when industry faces
problem or slowdown.
• Half yearly rating should be done for large borrowers,
so that upward/ downward movement can be tracked.
• If there is no variation in rating inspite of industry
issue, then financials of the borrower are not
correct.
• Take over case turning into NPA(Potential
weakness)
• Large no of cash withdrawals in CC account
which does not seems to be need based.
• Erosion of primary/collateral security is seen at
the time of visit and reported

Non credit function
• Cash Management
• ATM
• Suspense account
• Sundry Account
• Checking of Reports &
Morning checking
• Opening of a/c & KYC norms

ACCOUNT OPENING
 Non miss out audit areas
• Non generation and checking of Control reports , exception
report , statement of ALM,,DD purchased and returned
unpaid., loans sanctioned under BM’s power.(FS)
• Pendency in signature scanning(FS)
• Confirmation of actions of officiating manager by
permanent incumbent(ND)
• Proper registers are being maintained for cash and checked
at prescribed intervals.
• Proper control over tokens is being exercised.
• Daily reconciliation of Clearing Imprest account; Parking
difference in a dummy account not allowed.
• Timely clearance of sundry and suspense Accounts(FS)
• Overdependence on outsourced service.
• Failure /success report of interest application not checked.
•
 Non miss-out areas
• Non implementation of KYC guidelines
• Nomination is signed by witness
• Correct risk classification of customer not done
– Very High Risk- Politically exposed person and relatives
– High risk – NRI’s, HNI’s, businessmen of antique dealers,
dealers in arms etc. firms with sleeping partners, Trusts,
charities, NGO etc
– Medium risk- Current account having Dr/cr summation of
Rs.50 lakh pa, whom they do not provide enough
documentary proof etc.
– Low risk- salaried person, small accounts.
• Introducer’s procedure is prudently
• Risk fencing in case of doubtful or Non KYC compliant
customers . Ex, stopping chq book issue,ATM cards etc.
system also displays “Caution” while making payment.
• Conduct & maintenance of a/c and Records
• Security Forms Inventory Management
• Bills for collection, DD Receivables & Parcels
• Conduct of Govt. Business
• Safe Deposit Vault

Computer function
• Environmental Assessments
• Physical/ Logical Accesses
• Maintenance & Business Continuity
Controls
• Networking Controls
• Operational Controls

Compliance functions
• Status of previous Insp. Report
• Submission of Crucial Returns
• Communication & Response
• Regulatory Compliance

Brach management
• General
I. Staff Knowledge
II.Upkeep of Branch Premises
III.Expenditures
IV.Punctuality/ Discipline
V.Rotation of Duties
& Placement of Staff

• Security
I. Security Infrastructure
II.Security Manpower & Equipments
III.Security Procedure
IV.Fire Safety
 Relevant Provisions
Banking Regulations Act,
1949 for auditors at
branch
Section Important clauses
20 Restriction on loans and advances:
No banking company shall-
• Grant loans or advances on security of its own
shares
• Enter into any commitment for granting any loan
or advance to-
I. Directors
II.Firm in which director is interested as
partners, managers, employee or guarantor
III.Any director of banking company is a director,
managing agent, employee or guarantor, or in
which he holds substantial interest
IV.Any individual in respect of whom any of its
directors is a partner or guarantor
Section Important clauses

20 No cooperative bank shall:

I. Make loans and advances on security of own
shares
II. Grant un-secured loans or advances to-
• Directors

• To firms of private company in which any of its

directors is interested as partner of managing
agent or guarantor

• To company in which chairman of BOD of co-

operative bank is interested
Section Important clauses
23 RBI permission required for:-
• Opening new place of business in India.
Temporary place of business allowed only for
1month be operated on occasion of mela,
Exhibition, conference

26 Returns of unclaimed deposits to be submitted for

accounts which are not operative for 10 years
RRB’s to furnish details to sponsoring bank
45ZB No notice of claim of other person than depositor shall
be receivable by bank for payment except in case of
decree, certificate from court of jurisdiction
45ZC The bank shall return the articles in the safe custody to
the nominee, But in case of minor- any other person
appointed to receive the articles. Inventory must be
taken
Section Important clauses
Number
45ZE •Hirer of locker may nominate a person to
have access to the locker in case of death of
hirer
•In case of joint owners it can be operated
under the joint signatory of owners only and
•In case of death of any one or both owners
then only -Nominee

47A(5) Power of RBI to impose penalty:

• Payment of penalty within 14 days from the
date on which notice by RBI is served on the
banking company
 Vigilance risks
• AML
– Unusually large transactions
– Account is opened by customer far from his house without
acceptable reason
– The trend/pattern of transaction does not fit economic
rationale
– Unusually high value transactions other than cash
– Unexplained transfer between multiple accounts
– Customer often operates safe deposit locker immediately
before cash deposits
Customer service risk
 Securitisation And Reconstruction Of Financial Assets
And Enforcement Of Security Interest Act, 2002
• SARFAESI Act empowers secured creditors to recover their
dues without the intervention of court.
• Under this Act, banks, upon default, can seize the underlying
securities
• Preconditions:
 Debt is secured and classified as NPA.
 O/s Dues >= 1 Lakh and account for 20% of Principle and Interest
thereon.
 Enforceable security can even be a Mortgaged house, but not an
agricultural land (Other exceptions include Personal
Belongings).
• Banks to give a notice to the defaulter for discharge of
liabilities within 60 days and on non-compliance, initiate
action.
AWARDING VALUE TO BUSINESS IS NEVER BY
MERE CHANCE, IT IS RESULT OF
KNOWLEDGE AND APPLICATIONS WORKING
TOGETHER

Nititn Alshi & Associates

 Nitin D. Alshi
B.com, ACMA., FCA, DISA(ICA),PGDERM.