Please enable JavaScript.

Coggle requires JavaScript to display documents.

(Bank Audit (Chapter 14A)) - Coggle Diagram

- - - - The Rule: The audit of banks requires special considerations due to the nature of risks, scale of operations, reliance on IT, extensive regulatory requirements, and development of new products.
      - Meaning Explained: Auditing a bank isn't like auditing a typical company. Banks deal with unique risks (like credit and liquidity risk), handle massive volumes of transactions processed by complex IT systems, and are heavily regulated by bodies like the RBI. The audit approach must be specially designed to handle these complexities.
      - Specific Considerations:
        
        Nature of Risks: Banks are exposed to significant risks like credit risk, liquidity risk, interest rate risk, and operational risk.
        
        Scale of Operations: Banks have a large volume of transactions and significant financial exposures that can develop rapidly.
        
        Reliance on IT: Banks extensively use IT systems (like Core Banking Systems - CBS) to process transactions, so auditors must understand the interface controls between different applications.
        
        Regulatory Requirements: Banks are governed by a complex web of laws and RBI regulations that directly impact their financial statements.
  - - - The Rule: The functioning of banks is principally governed by enactments like The Banking Regulation Act, 1949; The Reserve Bank of India Act, 1934; and The Companies Act, 2013.
      - Meaning Explained: A bank's operations are not just guided by one law but a whole set of specific acts that control everything from their basic functioning to their acquisition and regulation.
    - - The Rule: Every banking company must prepare a Balance Sheet in Form A and a Profit and Loss Account in Form B as per the formats in the Third Schedule of the Banking Regulation Act, 1949.
      - Meaning Explained: Unlike other companies that follow Schedule III of the Companies Act, banks have their own specific, mandatory format for financial statements. This format is designed to reflect their unique business of accepting deposits and granting loans.
  - - - Acceptance & Continuance: The auditor must perform an engagement risk assessment before accepting the audit.
      - Declaration of Indebtedness: The RBI requires the auditor to provide a declaration confirming they have not been declared a wilful defaulter.
      - Internal Assignments: Audit firms are prohibited from undertaking the statutory audit of a bank if they are also involved in certain internal assignments (like internal audit) for the same bank in the same year.
      - Communication with Previous Auditor: As per the Chartered Accountants Act, 1949, the incoming auditor must communicate with the previous auditor before accepting the appointment.
    - - The Rule: The auditor must obtain an understanding of the bank, its environment (including internal control), its accounting process, and its risk management process to identify and assess the risks of material misstatement.
      - Meaning Explained: Before starting the detailed checks, the auditor needs to get a 360-degree view of the bank. This means understanding its business, how transactions are recorded, and how the bank identifies and manages its unique risks.
    - - Risk of Material Misstatement (MMS): The auditor must identify and assess risks of MMS at both the financial statement level and the assertion level.
      - Risk of Fraud & Money Laundering: The auditor must assess fraud risks as per SA 240 and be aware of the bank's policies on Know Your Customer (KYC) and Anti-Money Laundering (AML).
      - Outsourcing Related Risks: When banks outsource activities (e.g., IT services), the auditor must consider the risks associated with these third-party service providers as per SA 402.
    - - Response to Assessed Risks: The auditor must design and implement audit procedures that respond to the assessed risks.
      - Determine Audit Materiality: Materiality is determined based on the auditor’s professional judgment, knowledge of the bank, and the engagement risk.
      - Going Concern: The auditor should assess if there are any events or conditions that may raise doubt about the bank’s ability to continue as a going concern.
    - - The Rule: The auditor must issue an audit report and, for banks, also a Long Form Audit Report (LFAR).
      - Meaning Explained: The final output of a bank audit includes the standard audit report plus a detailed LFAR, which is a comprehensive questionnaire covering various aspects of the bank's operations.
  - - - Meaning Explained: This is the most critical area of a bank audit, as advances are the bank's primary asset and source of income, but also the main source of risk.
      - Evaluation of Internal Controls over Advances:
        
        Credit Appraisal:
        
        The Rule: Verify that the bank has proper procedures for evaluating a borrower's creditworthiness before sanctioning a loan.
        
        Meaning Explained: Check if the bank does its homework before lending money. Does it analyze the borrower's financial statements and check their repayment history?
        
        Sanctioning & Disbursement:
        
        The Rule: Ensure that loans are sanctioned by an official with the proper delegated authority and that all necessary loan documents are executed before the funds are released.
        
        Meaning Explained: Confirm that the person who approved the loan had the power to do so and that the bank has a legally enforceable agreement in place.
        
        Security:
        
        The Rule: Check the existence, enforceability, and valuation of the security obtained for the loan.
        
        Meaning Explained: Verify that the collateral pledged for the loan actually exists, is legally owned by the borrower, and is properly valued.
      - Asset Classification, Income Recognition, and Provisioning (IRAC Norms):
        
        The Rule: The auditor must ensure that the bank has correctly classified its advances, recognized income, and made provisions as per the prudential norms issued by the RBI.
        
        Classification of Advances:
        
        Standard Asset: An asset that does not disclose any problems and does not carry more than normal credit risk.
        
        Non-Performing Asset (NPA): An advance where interest or installment of principal has remained overdue for a period of more than 90 days.
        
        Sub-Standard Asset: An asset which has remained an NPA for a period less than or equal to 12 months.
        
        Doubtful Asset: An asset that has remained in the sub-standard category for a period of 12 months.
        
        Loss Asset: An asset where loss has been identified by the bank or the auditors, but the amount has not been written off.
        
        Provisioning Norms:
        
        Standard Assets: A general provision is required (e.g., 0.40% for most standard assets).
        
        Sub-Standard Assets: A provision of 10% of the total outstanding is required.
        
        Doubtful Assets: Provisioning is done in two parts: 100% for the unsecured portion, and a percentage (20% to 50%) for the secured portion, depending on how long the asset has been doubtful.
        
        Loss Assets: 100% of the outstanding amount should be provided for or written off.
      - Specific Audit Procedures for Advances:
        
        Drawing Power (DP) Calculation:
        
        The Rule: Ensure DP is correctly calculated based on the latest stock statements (not older than 3 months) and after deducting the stipulated margin.
        
        Meaning Explained: For working capital loans, the amount a borrower can withdraw (their DP) is based on the value of their stock and debtors. You must check that the bank is using recent, reliable data to calculate this limit.
        
        Accounts Regularized Near Balance Sheet Date:
        
        The Rule: Verify that any NPA account that has been regularized (made standard) just before the year-end was done with genuine sources and is not just a temporary fix to avoid classification.
        
        Meaning Explained: Be skeptical of "miraculous" recoveries right at the year-end. Check if the borrower made a genuine repayment or if the bank simply gave another loan to clear the old one.
        
        Restructured Advances:
        
        The Rule: Verify that any restructured advance is downgraded from standard to sub-standard upon restructuring, as required by RBI norms.
        
        Meaning Explained: When a bank gives concessions to a struggling borrower, the loan's risk profile increases. RBI requires the bank to immediately downgrade its classification to reflect this.
        
        Government Guaranteed Advances:
        
        The Rule: An advance guaranteed by the Central Government is treated as an NPA only if the guarantee has been repudiated. An advance guaranteed by a State Government is treated as an NPA if it remains overdue for more than 90 days.
        
        Meaning Explained: The rules for classifying government-backed loans are different. A loan backed by the central government is considered safe unless the government explicitly refuses to pay. For state governments, the normal 90-day overdue rule applies.
  - - - Capital Adequacy (CRAR):
        
        The Rule: The auditor must verify that the bank has maintained the minimum Capital to Risk-Weighted Assets Ratio (CRAR) as prescribed by the RBI (currently 9%).
        
        Meaning Explained: This is a crucial measure of a bank's financial stability. It ensures the bank has enough of its own capital to absorb potential losses from its risky assets (like loans).
        
        Audit Process: Review the bank's classification of capital into Tier I (core capital like equity and disclosed reserves) and Tier II (supplementary capital like certain reserves and subordinated debt) and verify the calculation of risk-weighted assets.
    - - Meaning Explained: Deposits are the main liability for a bank. The audit focuses on ensuring these are correctly recorded and that there are no fictitious deposits created to inflate the balance sheet (window dressing).
      - Key Procedures:
        
        KYC Compliance: Verify that new accounts opened during the year comply with KYC norms on a sample basis.
        
        Inoperative Accounts: Check accounts that have been inactive for a long time and ensure that any transactions to revive them are properly authorized.
    - - Meaning Explained: These are potential liabilities that may arise in the future depending on a certain event. Since they are "off-balance sheet," they can be a major hidden risk if not properly monitored.
      - Examples of Contingent Liabilities:
        
        Claims against the bank not acknowledged as debts.
        
        Guarantees given on behalf of constituents.
        
        Letters of Credit (LCs) and acceptances.
        
        Outstanding Forward Exchange Contracts.
  - - - The Rule: The audit report must comply with relevant Standards on Auditing (SA 700 series) and include matters required under Section 143 of the Companies Act, 2013.
    - - The Rule: In addition to the main audit report, the auditor must submit a detailed LFAR to the management of the bank, and a copy is submitted to the RBI.
      - Meaning Explained: The LFAR is a comprehensive questionnaire that requires the auditor to comment on a wide range of operational areas of the bank, such as the quality of credit appraisal, the status of NPAs, and the effectiveness of internal controls.
    - - The Rule: The auditor must report any suspected fraud to the RBI and the bank's management as per RBI guidelines and Section 143(12) of the Companies Act, 2013.