AUDIT OF BANKS

INTRODUCTION
A well-organised and efficient banking system is a pre-requisite
for economic growth. Banks play an important role in the
functioning of organised money markets. They act as a conduit
for mobilising funds and channelising them for productive
purposes. The Indian banking system, like the banking system
in other countries, has played a significant role in the
economic growth of the country. In order to meet the banking
needs of various sections of the society, a large network of
bank branches has been established. Presently, there are four
types of banking institutions in India. These are
Commercial banks
Regional rural banks
Co-operative banks
Development banks (more commonly known as term-lending
institutions)
Besides, the Reserve Bank of India (hereinafter referred to as
RBI) acts as the central bank of the country.
Commercial banks are by far the most widespread banking
institutions in India. Typically, commercial banks provide the
following major products and services:
(a) Acceptance of Deposits; (b) Granting of Advances; (c)
Remittances; (d) Collections;
(e) Cash Management Product; (f) Issuance of Letters of Credit
and Guarantees; (g) Merchant Banking Business; (h) Credit
Cards; (i) Technology-based Services; (j) Dividend / Interest /
Refund Warrants; (k) Safe-keeping Services; (l) Lockers; (m)
Handling Government Business (n)
Depository Participant
(DP) Services; (o)
Automated Teller Machines
(ATMs);
(p) Exchange of Notes, (q) Debit Cards, (r) Cross selling, (s)
Auto Sweep facility in saving account, (t) Third party
advertisement on ATM network, (u) Securitization of future
lease rentals, (v) Derivative business.
Commercial banks operating in India can be divided into two
categories based on their ownership public sector banks and
private sector banks. However, irrespective of the pattern of
ownership, all commercial banks in India function under the
overall supervision and control of the RBI.

Advanced Auditing and Professional Ethics

Public sector banks comprise the State Bank of India, its seven
subsidiaries (also called associate banks of State Bank of
India; these are State Bank of Bikaner and Jaipur, State Bank of
Hyderabad, State Bank of Indore, State Bank of Mysore, State
Bank of Patiala, State Bank of Saurashtra, and State Bank of
Travancore) and nineteen nationalised banks.
The ownership of private sector banks is in private hands. They
are of three types:
1) Indian scheduled commercial banks other than public sector
banks. (The term scheduled commercial banks refers to
commercial banks which are included in the Second Schedule
to the Reserve Bank of India Act, 1934.) It may be noted that
not all scheduled banks are commercial banks; some cooperative banks are also scheduled banks. Commonly known
as banking companies, these banks are companies
registered under the Companies Act, 1956 or an earlier Indian
Companies Act.
2) Non-scheduled banks.
3) Indian branches of banks incorporated outside India,
commonly referred to as foreign banks.
Regional Rural Banks have been established with a view to
developing the rural economy by providing, for the purpose of
development of agriculture, trade, commerce, industry and
other productive activities in the rural areas, credit and other
facilities, particularly to the small and marginal farmers,
agricultural labourers and artisans and small entrepreneurs
(Preamble to the Regional Rural Banks Act, 1976).
Co-operative Banks are banks in the co-operative sector which
cater primarily to the credit needs of the farming and allied
sectors. Co-operative banks include central co-operative
banks, state co-operative banks, primary co-operative banks
and land development banks.
Development Banks were started with the objective of
providing only long-term finance for development purposes;
they are referred to as development banks or term-lending

institutions. There are a number of all-India level term-lending

institutions.

SPECIAL FEATURES
Banks have the following characteristics which distinguish
them from most other commercial enterprises:
They have custody of large volumes of monetary items,
including cash and negotiable instruments, whose physical
security has to be ensured. This applies to both the storage
and the transfer of monetary items and makes banks
vulnerable to misappropriation and fraud. They, therefore,
need to establish formal operating procedures, well-defined
limits for individual discretion and rigorous systems of internal
control.
They engage in a large volume and variety of transactions in
terms of both number and value. This necessarily requires
complex accounting and internal control systems.
They normally operate through a wide network of branches
and departments which are geographically dispersed. This
necessarily involves a greater decentralisation of authority and
dispersal of accounting and control functions, with consequent
difficulties in maintaining uniform operating practices and
accounting systems, particularly when the branch network
transcends national boundaries.
They often assume significant commitments without any
transfer of funds. These items, commonly called 'off-balancesheet' items, may not involve accounting entries and,
consequently, the failure to record such items may be difficult
to detect. They are regulated by governmental authorities and
the resultant regulatory requirements often influence
accounting and auditing practices in the banking sector.
Special audit considerations arise in the audit of banks
because of:

the particular nature of risks associated with the transactions

undertaken by banks; the scale of banking operations and the
resultant significant exposures which can arise within short
periods of time; the effect of the statutory and regulatory
requirements; and the continuing development of new services
and banking practices which may not be matched by the
concurrent development of accounting principles and auditing
practices.
The auditor should consider the effect of the above factors in
designing his audit approach.

LEGAL FRAMEWORK
There is an elaborate legal framework governing the
functioning of banks in India. The principal enactments which
govern the functioning of various types of banks are:
Banking Regulation Act, 1949
State Bank of India Act, 1955
Companies Act, 1956
State Bank of India (Subsidiary Banks) Act, 1959
Banking Companies (Acquisition and Transfer of Undertakings)
Act, 1970
Regional Rural Banks Act, 1976
Banking Companies (Acquisition and Transfer of Undertakings)
Act, 1980
Information Technology Act, 2000
Prevention of Money Laundering Act, 2002
Securitisation and Reconstruction of Financial Assets and
Enforcement of Security Interest Act, 2002
Credit Information Companies Regulation Act, 2005
Payment and Settlement Systems Act, 2007

Advanced Auditing and Professional Ethics

Besides, the above enactments, the provisions of the Reserve
Bank of India Act, 1934, also affect the functioning of banks.
The Act gives wide powers to the RBI to give directions to

banks which also have considerable effect on the functioning

of banks.
FORM AND CONTENT OF FINANCIAL STATEMENTS
Sub-sections (1) and (2) of section 29 of the Banking
Regulation Act, 1949, deal with form and content of financial
statements of a banking company and their authentication.
These sub-sections are also applicable to nationalised banks,
State Bank of India, subsidiaries of the State Bank of India, and
Regional Rural Banks.
Sub-section (1) of section 29 requires every banking company
to prepare a balance sheet and a profit and loss account in the
forms set out in the Third Schedule to the Act or as near
thereto as the circumstances admit. These financial
statements have to be prepared as on the last working day of
each financial year (i.e., 31st March) in respect of all business
transacted during the year. A foreign banking company (i.e., a
banking company incorporated outside India and having a
place of business in India) has to similarly prepare a balance
sheet and a profit and loss account every year in respect of all
business transacted through its branches in India.
Salient Features of the Third Schedule - Form A of the
Third Schedule to the Banking Regulation Act, 1949, contains
the form of balance sheet and Form B contains the form of
profit and loss account.
The balance sheet as well as the profit and loss account are
required to be presented in vertical form. Capital and liabilities
are to be presented under the following five broad heads:
Capital
Reserves and Surplus
Deposits
Borrowings
Other liabilities and provisions
Assets are required to be presented under the following six
broad heads:
Cash and Balances with Reserve Bank of India
Balances with Banks and Money at call and short notice
Investments
Advances
Fixed assets

Other assets
Details of items of capital, liabilities and assets are required to
be presented in the prescribed form in various schedules.
The aggregate amounts of contingent liabilities and bills for
collection are to be presented on the face of the balance sheet.
While details of contingent liabilities are to be presented by
way of a schedule.
The following items are required to be presented on the face of
the profit and loss account.
Income
Interest earned Other income
Expenditure
Interest expended
Operating expenses
Provisions and contingencies
Profit (Loss)
Net profit (loss) for the year Profit/loss brought forward
IV. Appropriations
Transfer to statutory reserves Transfer to other reserves
Transfer to Government/Proposed Dividend Balance carried
over to balance sheet
Prescribed details of interest earned, other income, interest
expended and operating expenses are required to be given by
way of schedules to the profit and loss account.
The Schedules of Balance sheet and Profit and Loss account
are given in Annexure II to this chapter.
Other Disclosures - In addition to the disclosures to be made
in the balance sheet and profit and loss account in pursuance
of the requirements of the Third Schedule to the Act, the RBI
has directed to disclose some other information specified by
RBI by way of notes on accounts. These informations have
been given in Annexure II to this chapter.
Financial Statements, Auditor's Report and Directors
Report of Subsidiary - Public Sector Banks are also required
to annex the balance sheet, profit and loss account, report of

the Board of Directors and Auditors Report in respect of each

of their subsidiaries, to their own financial statements. The
banking companies are required to attach the financial
statements, directors report and auditor's report to their own
annual reports by virtue of section 212 of the Companies Act.
Notes and Instructions Issued by Reserve Bank of India
- The Reserve Bank of India has issued notes and instructions
for compilation of balance sheet and profit and loss account.
These notes and instructions provide an authoritative
interpretation of the requirements of the
Advanced Auditing and Professional Ethics
Third Schedule to the Act and are thus useful in preparation of
financial statements of banks. Notes and instructions are
reproduced as Annexure II.
Signatures - Sub-section (2) of section 29 of the Act requires
that the financial statements of banking companies
incorporated in India should be signed by the manager or
principal officer of the banking company and by at least three
directors (or all the directors in case the number is less than
three). The financial statements of a foreign banking company
are to be signed by the manager or agent of the principal
office in India. It may be noted that the accounts of a branch
are usually signed by the manager of the branch and/or the
accountant.
The provision of sub-section (2) of section 29 are also
applicable to nationalised banks, State Bank of India, its
subsidiaries, and regional rural banks.
Requirements of Banking Regulation Act, 1949, vis a vis
Companies Act, 1956 - The requirements of the Companies
Act, 1956, relating to the balance sheet and profit and loss
account of a company, in so far as they are not inconsistent
with the Banking Regulation Act, 1949, also apply to the
balance sheet or profit and loss account, as the case may be,
of a banking company [sub-section (3) of section 29 of the
Act]. It may be noted that this provision does not apply to
nationalised banks, State Bank of India, its subsidiaries and
regional rural banks. Banks listed on a stock exchange have to
comply with the requirements of the Listing Agreement as
amended from time to time.

AUDIT OF ACCOUNTS
Sub-section (1) of section 30 of the Act requires that the
balance sheet and profit and loss account of a banking
company should be audited by a person duly qualified under
any law for the time being in force to be an auditor of
companies. Similar provisions are contained in the enactments
governing nationalised banks [section 10 of the Banking
Companies (Acquisition and Transfer of Undertakings) Act of
1970/1980], State Bank of India [section 41 of the State Bank
of India Act, 1955], subsidiaries of State Bank of India [section
41 of the State Bank of India (Subsidiary Banks) Act, 1959],
and regional rural banks [section 19 of the Regional Rural
Banks Act, 1976]. It is important to note that section 41 of the
State Bank of India Act, 1955, specifically provides that the
affairs of the bank shall be audited by two or more auditors.
Further, the members, while carrying out audit of a bank (head
office or branches) are required to comply with the
Engagement and Quality Control Standards1, issued by the
Institute of Chartered Accountants of India. A list of the
Engagement and Quality Control Standards applicable to audit
of financial statements of a bank is given as Annexure
Qualifications of Auditor - According to section 226 of the
Companies Act, 1956, a chartered accountant, a firm of
chartered accountants, or a restricted state auditor can be
appointed as auditor of a company. However, the following
persons cannot be appointed as auditor of a company
a) Body corporate
b) An officer or employee of the company
c) A person who is a partner, or who is in the employment, of
an officer or employee of the company
d) A person who is indebted to the company for an amount
exceeding one thousand rupees, or who has given any
guarantee or provided any security in connection with the
indebtedness of any third person to the company for an
amount exceeding one thousand rupees
e) A person holding any security means an instrument which
carries voting rights of the company.
It may be noted that in case of indebtedness in excess of the
specified limit as mentioned at
(d) above, the chartered accountant concerned (or the firm of
chartered accountants) becomes disqualified to audit any
branch of the bank; the disqualification is not confined to

appointment as auditor of the particular branch to which the

debt is owed.
In the context of banks, the expression indebtedness would
cover, inter alia, the amounts outstanding in respect of credit
cards issued by a bank. Thus, where the credit card
outstandings exceed the prescribed limit of Rs.1,000, the
chartered accountant in whose name the card is issued as well
as the firm of which he is a partner would be disqualified for
appointment as auditor of the issuing bank.

Appointment of Auditor
As per the provisions of the relevant enactments, the auditor
of a banking company is to be appointed at the annual general
meeting of the shareholders, whereas the auditor of a
nationalised bank is to be appointed by the bank concerned
acting through its Board of Directors. In either case, approval
of the Reserve Bank is required before the appointment is
made. The auditors of the State Bank of India are to be
appointed by the Reserve Bank of India in consultation with the
Central Government. The auditors of the subsidiaries of the
State Bank of India are to be appointed by the State Bank of
India. The auditors of regional rural banks are to be appointed
by the bank concerned with the approval of the Central
Government.
As mentioned earlier, the State Bank of India Act, 1955,
specifically provides for appointment of two or more auditors.
Besides, nationalised banks and subsidiaries of State Bank of
India also generally appoint two or more firms as joint auditors.
Remuneration of Auditor - The remuneration of auditor of a
banking company is to be fixed in accordance with the
provisions of section 224 of the Companies Act, 1956 (i.e., by
the company in general meeting or in such manner as the
company in general meeting may determine). The
remuneration of auditors of nationalised banks and State Bank
of India is to be fixed by the Reserve Bank of India in
consultation with the Central Government. The remuneration
of auditors of subsidiaries of State Bank of India is to be fixed
by the latter. In the case of regional rural banks, the auditors

remuneration is to be determined by the bank concerned with

the approval of the Central Government.
Powers of Auditor - The auditor of a banking company or of
a nationalised bank, State Bank of India, a subsidiary of State
Bank of India, or a regional rural bank has the same powers as
those of a company auditor in the matter of access to the
books, accounts, documents and vouchers. He is also entitled
to require from the officers of the bank such information and
Advanced Auditing and Professional Ethics
explanations as he may think necessary for the performance of
his duties. In the case of a banking company, he is entitled to
receive notice relating to any general meeting. He is also
entitled to attend any general meeting and to be heard there
at on any part of the business, which concerns him as auditor.
It is important to note that under section 10 of the Banking
Companies (Acquisition and Transfer of Undertakings) Act,
1970/1980, the auditor of a nationalised bank may employ
accountants or other persons at the expense of the bank to
assist him in audit of accounts. Similar provisions exist in
section 41 of the State Bank of India Act, 1955 and the State
Bank of India (Subsidiary Banks) Act, 1959. These provisions
are aimed at facilitating the work of auditors of these banks by
empowering them to appoint the auditors of branches and are
particularly important in the context of the fact that the above
enactments do not contain any specific provisions for audit of
branches of these banks. This is unlike banking companies
where audit of branches is required under section 228 of the
Companies Act, 1956. It may be noted that the Regional Rural
Banks Act, 1976, does not contain any provisions relating to
audit of branches. Accordingly, in the case of such banks, audit
of branches is also carried out by the auditors appointed for
the bank as a whole.
Auditor's Report - In the case of a nationalised bank, the
auditor is required to make a report to the Central Government
in which he has to state the following:
a) whether, in his opinion, the balance sheet is a full and fair
balance sheet containing all the necessary particulars and is
properly drawn up so as to exhibit a true and fair view of the

affairs of the bank, and in case he had called for any

explanation or information,
b) whether it has been given and whether it is satisfactory
c) whether or not the transactions of the bank, which have
come to his notice, have been within the powers of that bank
c) whether or not the returns received from the offices and
branches of the bank have been found adequate for the
purpose of his audit
d) whether the profit and loss account shows a true balance of
profit or loss for the period covered by such account; and any
other matter which he considers should be brought to the
notice of the Central Government.
The report of auditors of State Bank of India is also to be made
to the Central Government and is almost identical to the
auditors report in the case of a nationalised bank.
The auditors report in the case of subsidiaries of State Bank of
India is identical to the auditors report in the case of a
nationalised bank, except that all references to Central
Government have to be construed instead as references to the
State Bank of India. Similar is the position in the case of
regional rural banks, except that the references are instead to
the bank concerned.
In addition to matters on which he is required to report to the
shareholders under the Companies Act, 1956, the auditor of a
banking company is required to state in his report:
a) Whether or not the information and explanations required
by him have been found to be satisfactory
b) whether or not the transactions of the company which have
come to his notice have been within the powers of the
company;
c)whether or not the returns received from the branch offices
of the company have been found adequate for the purpose of
his audit;
d) whether the profit and loss account shows a true balance of
profit or loss for the period covered by such account; and any
other matter which he considers should be brought to the
notice of the shareholders of the company.
It may be noted that in the case of a banking company, by
virtue of the provisions of clause (d) of sub -section (3) of
section 227 of the Companies Act, 1956, the auditor has to

specifically report whether, in his opinion, the profit and loss

account and balance sheet of the banking company comply
with the accounting standards referred to in sub-section (3C) of
section 211 of the Companies Act, 1956.
Long Form Audit Report - Besides the audit report as per
the statutory requirements discussed above, the terms of
appointment of auditors of public sector banks, private sector
banks and foreign banks [as well as their branches, require the
auditors to also furnish a long form audit report (LFAR)]. The
matters which the banks require their auditors to deal with in
the long form audit report have been specified by the Reserve
Bank of India.
Books and Accounts - A banking company is required to
maintain the books of account in accordance with Section 209
of the Companies Act. There are, however, certain imperatives
in banking business they are the requirements to maintain
accurate and always up-to- date accounts. Banks, therefore,
device their accounting systems to suit these requirements.
The main characteristics of a banks system of book keeping
are as follows:
a) Entries in the personal ledgers are made directly from
vouchers instead of being posted from the books of prime
entry.
b) The vouchers entered into different personal ledgers each
day are summarised on summary sheet, the totals of which are
posted to the control accounts in the general ledger.
c) The general ledger trial balance is extracted and agreed
every day.
d) All entries in the detailed personal ledgers and the
summary sheets are checked by persons other than those who
have made the entries, with the general result that most
clerical mistakes are detected before another day begins.
e) A trial balance of the detailed personal ledgers is prepared
periodically, usually every two weeks, and agreed with the
general ledger control accounts.
f) Excepting for cash transactions, always two vouchers are
prepared for each transaction, one for debit and the other for
credit. This system ensures double entry at the basic level and
obviates the possibility of errors in posting.
Principal books of account

General Ledger - It contains control accounts of all personal

ledger, the profit and loss account and different assets and
liabilities accounts. There are certain additional accounts
known as contra accounts which is unique feature of bank
accounting. These contra accounts are maintained with a view
to keeping control over transactions which have no direct
effect on the banks position, e.g., letters of credit opened, bills
received for collection, guarantees given, etc.
Profit and Loss Ledger - Some banks keep one account for
profit and loss in this general ledger and maintain separate
books for the detailed accounts. These are columnar books
having separate columns for each revenue receipt and
expense head. Other banks keep separate books for debits and
credits. These books are directly posted from vouchers. The
totals of debits and credits posted are entered into the profit
and loss account in the general ledger. In some cases, the
revenue accounts are also maintained in the general ledger
itself, while in some others, broad revenue accounts are kept
in the general ledger and the details are recorded in a
subsidiary ledger. The account heads are maintained in greater
detail than those that appear in the banks published profit and
loss accounts.
Subsidiary Books of Accounts
Personal Ledgers - Separate ledgers are maintained by
banks for different types of accounts. For example, there are
separate ledgers for current accounts, saving accounts, fixed
deposits (often further classified by length of period of
deposit), cash certificates, loans, overdrafts, etc. As has been
mentioned earlier, these ledgers are posted directly from
vouchers and all the vouchers entered in each ledger in a day
are summarised into Voucher Summary Sheets. The Voucher
Summary Sheets are prepared in the department which
originates the transactions by persons other than those who
write the ledgers. They are subsequently checked, with the
vouchers by different persons generally unconnected with the
writing up of ledgers or the preparation of Voucher Summary
Sheets.

Bill Registers - Details of different types of bills are kept in

separate registers which have suitable columns. For example,
bills purchased, inward bills for collection, outward bills for
collection, etc. are entered serially day to day in separate
registers. In case of bills purchased or discounted, party-wise
details are also kept in normal ledger form. This is done to
ensure that the sanctioned limits of parties are not exceeded.
Entries in these registers are made by reference to the original
documents. A voucher for the amount of transactions of each
day is prepared in respect of each register. The voucher is
entered in the Day Book. When a bill is realised or returned, its
original entry in the register is marked off. A daily summary of
such realisations or returns is prepared in separate registers
whose totals are taken to vouchers which are posted in the
Day Book. In respect of Bills for collection, contra vouchers
reflecting both sides of the transactions are prepared at the
time of the original entry, and this entry is reversed on
realisation. Outstanding entries are summarised frequently,
usually twice a month and their total is agreed with the
balance of respective control accounts in the General Ledger.
Other Subsidiary registers - There are different registers for
various types of transactions. Their number, volume and
details which differ according to the individual needs of each
Bank. For example, there will be registers fora) Demand Drafts, Telegraphic and Mail Transfers issued on
branches or agencies.
b) Demand Drafts, Telegraph Transfers and Mail Transfers
received from branches and Agencies.
c) Letters of Credit.
d) Letters of Guarantee.
Entries into these Registers are made from original documents
which are also summarised on vouchers every day. These
vouchers are posted into the Day Book. Outstanding entries
are summarised frequently and their total agreed with the
control heads in the General Ledger.
Departmental Journals - Each department of the Bank
maintains a journal to note the transfer entries passed by it.
These journals are memoranda books only, as all the entries
made there are also made in the Day Book, through Voucher
Summary Sheets. The purpose is to maintain a record of all

transfer entries originated by each department. For example,

the Loans and Overdraft Section will pass transfer entries for
interest charged on various accounts every month, and as all
these entries are posted in the journal of the department, the
officer concerned can easily find out the accounts in respect of
which the interest entry has been passed. Since all the
vouchers passed during the day are entered in the Day Book
only in a summary form, it may not be possible to get this
information from the Day Book without looking into the
individual vouchers.
As has been mentioned earlier, two vouchers are generally
made for each transfer entry, one for debit and the other for
credit. The vouchers are generally made by and entered into
the journal of the department which is accordingly credited to
the other departments. For example, if any amount is to be
transferred from Current Account of a customer to his Saving
Bank Account, vouchers will be prepared by the Current
Account Department and entered in the journal of that
department.
(v) Other Memoranda Books - Besides the books mentioned
above, various departments of a bank have to maintain a
number of memoranda books to facilitate their work. Some of
the important books are described below:
Cash Department
Receiving Cashiers Cash Book.
Paying Cashiers Cash Book.
Main Cash Book.
Cash Balance Book.
The main cash book is maintained by a person other than
cashiers. Each cashier keeps a separate cash book. When cash
is received, it is accompanied by pay-in -slips or other similar
documents. The cashier makes the entry in his book which is
checked by the chief cashier. The pay-in -slip then goes to the
Main Cash Book writer who makes an entry in his book. The
cash book checker checks the entry with the slip and then the
counter- foil of the slip is returned back to the customer and
the foil is sent to the appropriate department for entering into
the ledger. The foil is used as a voucher. Cash is paid against a
cheque or other documents (e.g. Travellers cheques, demand
drafts, pay orders, etc.) after it has been duly passed and

entered in the appropriate account in the ledger. Cheques,

demand drafts, pay orders, etc. are themselves used as
vouchers.
Quick Payment System - Banks introduce different systems
so that their customers may receive payment of cash, etc.
quickly. The most prevalent system is the teller system. Under
this system, tellers keep cash as well as ledger cards and
specimen signature cards of each customer in respect of
Current and Savings Bank Accounts, A teller is authorised to
make payment upto a particular amount say, Rs. 1000/-. On
receipt of a cheque, he checks it, passes it for payment, enters
it in the ledger card and makes payment to the customer. The
teller also receives cash deposited in these accounts.
Outwards Clearing a) Clearing Cheques Received Book for entering cheques
received from customers for clearing.
b) Bank-wise list of the above cheques, one copy of which is
sent to the clearing house together with cheques.
A person checks the vouchers (foil of pay-in-slip) and list with
the Clearing Cheques Received Book. The vouchers are then
sent to appropriate departments, where customers accounts
are immediately credited. If any cheque is received back
unpaid, the entry is reversed. Normally no drawings are
allowed against clearing cheques deposited the same day but
exceptions are often made by the manager in the case of
established customers.
Inward Clearing - Cheque received are checked with the
accompanying list. These are then distributed to different
departments and the number of cheques given to each
department is noted in a memo book. When the cheques are
passed and posted into ledger, their number is independently
agreed with the Memo Book. If the cheques are found
unplayable, they are returned to the Clearing House. The
cheques themselves serve as vouchers.
Loans & Overdrafts Department
a) Registers to record details of documents executed by the
borrowers and guarantors in respect of credit facilities.
b) Securities register for recording details of securities in
respect of credit facilities.
c) Pending documents and document deficiency register.

d) Godown registers maintained by the godown -keepers of

the bank.
e) Price register giving the wholesale prices of commodities
pledged with the bank.
f) Overdraft sanction register
g) Drawing power book
h) Delivery order books
i) Storage books
j) Stock statements registers for loan accounts
K) Suit filed register
l) Inspection registers for loan accounts.
Deposits Department
Account Opening & Closing registers.
For fixed deposits, rate register giving analysis of deposits
according to rates.
Due Date Diary.
Specimen signature book.
Establishment Department
Salary and allied registers such as attendance register, leave
register, overtime register, etc.
Register of fixed assets e.g., furniture and fixtures, motor cars,
vehicles, etc.
Stationery registers.
Old records register.
General
Signature book of banks officers.
Private Telegraphic Code and cyphers.
Back up registers for various types of returns/statements.
Safe Deposit Lockers/Safe Custody registers
Registers to record particulars of lost instruments (Draft,
Cheques, etc) based on details received from the head office.
Transit books through which instruments are sent to the cash
department for payment by the official authorizing such
payment.

Registers to record particulars of outstanding inter-office

entries received from the reconciliation department of the
bank which are to be responded to by the branch.
Cheque books issued register.
Token register.
Statistical Books - Statistical records kept by different books
are in accordance with their individual needs. For example,
there may be books for recording (1) average balances in loans
and advances etc. (2) Deposits received and amounts paid out
each month in the various departments (3) Number of cheques
paid, (4) Number of cheques, bills and other items collected.
Conducting an Audit -The audit of banks or of their branches
involves the following stages 1. Initial consideration by the Statutory auditor
2. Identifying and Assessing the Risks of Material
3. Misstatements
4. Understanding the Bank and Its Environment including
5. Internal Control
6. Understand the Banks Accounting Process
7. Understanding the Risk Management Process
8. Engagement Team Discussions
9. Establish the Overall Audit Strategy
10. Develop the Audit Plan
11. Audit Planning Memorandum
12. Determine Audit Materiality
13. Consider Going Concern
14. Assess the Risk of Fraud including Money Laundering
15. Assess Specific Risks
16. Risk Associated with Outsourcing of Activities
17. Response to the Assessed Risks
18. Stress Testing
19. BASEL II framework.
1. Initial consideration by the statutory auditor
Declaration of Indebtedness@
The RBI has advised that the banks, before appointing their
statutory central/circle/ branch auditors, should obtain a
declaration of indebtedness in proforma 'A' given in Annexure

to the Notification No. RBI/2004/161 Ref DBS.ARS No B.C. 09 /

08.91.001/2003-04 dated April 20, 2004. In addition to this,
the RBI has further advised the banks that no credit facility
(including guaranteeing any facilities availed of by third party)
should be availed of by the proprietor/any of the partners of
the audit firm/members of his/their families or by firm/
company in which he/they are partners/directors.
Internal Assignments in Banks by Statutory Auditors@
The RBI, vide its circular no. Ref. DBS. ARS. No. BC. 02/
08.91.001/ 2008-09 dated December 31, 2008 on Internal
assignments in banks by statutory auditors, decides that the
audit firms should not undertake statutory audit assignment
while they are associated with internal assignments in the
bank during the same year. In case the firms are associated
with internal assignment it should be ensured that they
relinquish the internal assignment before accepting the
statutory audit assignment during the year.
As the central auditors for private banks are appointed every
year by their shareholders in the Annual General Meetings
(AGM), each bank is required to obtain prior approval of the
RBI in
terms of the provisions of Section 30 (1A) of the Banking
Regulation Act, 1949 before making appointment/reappointment of the auditors
Planning
Standard on Auditing (SA) 300 (Revised), Planning an Audit of
Financial Statements requires that the auditor shall undertake
the following activities prior to starting an initial audit:
a) Performing procedures required by SA 220, Quality Control for
Audit Work regarding the acceptance of the client relationship
and the specific audit engagement; and
b) Communicating with the predecessor auditor, where there has
been a change of auditors, in compliance with relevant ethical
requirements
Communication with Previous Auditor
As per Clause 8 of the Part I of the first schedule to the
Chartered Accountants Act, 1949, a chartered accountant in
practice cannot accept position as auditor previously held by

another chartered accountant without first communicating

with him in writing.
Terms of Audit Engagements
Standard on Auditing (SA) 210, Terms of Audit Engagements
requires that for each period to be audited, the auditor should
agree on the terms of the audit engagement with the bank
before beginning significant portions of fieldwork. It is
imperative that the terms of the engagement are documented,
in order to prevent any confusion as to the terms that have
been agreed in relation to the audit and the respective
responsibilities of the management and the auditor, at the
beginning of an audit relationship.
Initial Engagements
Standard on Auditing (SA) 510, Initial Engagements-Opening
Balances2, paragraph 3 states that when the financial
statements are audited for the first time or when the financial
statements for the preceding period were audited by another
auditor, the auditor should obtain sufficient appropriate audit
evidence that:
the closing balances of the preceding period have been
correctly brought forward to the current period;
the opening balances do not contain misstatements that
materially affect the financial statements for the current
period; and
appropriate accounting policies are consistently applied.
Assessment of Engagement Risk
The assessment of engagement risk is a critical part of the
audit process and should be done prior to the acceptance of an
audit engagement since it affects the decision of accepting the
engagement and also in planning decisions if the audit is
accepted.
Establish the Engagement Team
The selection of the engagement team is a key activity in the
development and execution of an effective and efficient audit
plan. The assignment of qualified and experienced
professionals is an important component of managing
engagement risk. The size and composition of the engagement

team would depend on the size, nature, and complexity of the

banks operations.
Understanding the Bank and its Environment
Standard on Auditing (SA) 315, Identifying and Assessing the
Risks of Material Misstatement Through Understanding the
Entity and Its Environment (applicable for audits of financial
statements beginning on or after April 1, 2008) lays down that
the auditor should obtain an understanding of the entity and
its environment, including its internal control, sufficient to
identify and assess the risks of material misstatement of the
financial statements whether due to fraud or error, and
sufficient to design and perform further audit procedures.
Identifying and Assessing the Risks of Material
Misstatements
Standard on Auditing (SA) 315, Identifying and Assessing the
Risk of Material Misstatement Through Understanding the
Entity and Its Environment requires the auditor to identify and
assess the risks of material misstatement at the financial
statement level and the assertion level for classes of
transactions, account balances, and disclosures to provide a
basis for designing and performing further audit procedures.
For this purpose, the auditor shall@:
Identify risks throughout the process of obtaining an
understanding of the entity and its environment, including
relevant controls that relate to the risks, and by considering
the classes of transactions, account balances, and disclosures
in the financial statements;
Assess the identified risks, and evaluate whether they relate
more pervasively to the financial statements as a whole and
potentially affect many assertions;
Relate the identified risks to what can go wrong at the
assertion level, taking account of relevant controls that the
auditor intends to test; and
Consider the likelihood of misstatement, including the
possibility of multiple misstatements, and whether the
potential misstatement is of a magnitude that could result in a
material misstatement.
SA 315 requires the auditor to put specific emphasis on the
risks arising out of the fraud, changes in regulatory
environment, complex transactions, related party transactions,
and abnormal business transactions.

Understanding the Bank and Its Environment including Internal

Control
An understanding of the bank and its environment, including
its internal control, enables the auditor:
to identify and assess risk;
to develop an audit plan so as to determine the operating
effectiveness of the controls, and to address the specific risks.
Further, documentation of the auditors understanding of the
bank and its environment provides an effective mechanism for
accumulating and sharing knowledge and experience and
briefing the same to all the members of the engagement team,
particularly in case of multi-location audit engagements.
When obtaining an understanding of the bank and its
environment, including its internal control, the auditor is
required to:
Obtain an understanding of the relevant industry, regulatory,
and other external factors including the applicable financial
reporting framework.
Obtain an understanding of the nature of the bank, including:
its operations;
its ownership and governance structures;
the types of investments that the bank has made and plans to
make; and the way that the entity is structured and financed;
to enable the auditor to understand the classes of
transactions, account balances, and disclosures to be expected
in the financial statements.
Obtain an understanding of the banks objectives and
strategies, and the related business risks that may result in
material misstatement of the financial statements.
Obtain an understanding of the banks selection and
application of accounting policies, including the reasons for
changes thereto. The auditor shall evaluate whether the banks
accounting policies are consistent with the applicable financial
reporting framework and accounting policies prevalent in the
banking industry.
Obtain an understanding of the measurement and review of
the banks financial performance.
Obtain an understanding of the banks accounting process
relevant to financial reporting.
Obtain an understanding of the banks internal control relevant
to the audit.

Understand the Banks Accounting Process

The accounting process produces financial and operational
information for managements use and it also contributes to
the banks internal control. Thus, understanding of the
accounting process is necessary to identify and assess the
risks of material misstatement whether due to fraud or not,
and to design and perform further audit procedures. In
obtaining an understanding the accounting process, the
auditor may seek to identify the significant flow of the
transactions and significant application systems that are
relevant to the accounting process.
When obtaining an understanding of the accounting process,
the auditor, ordinarily, does not focus on the processes that
relate to the effectiveness and efficiency of operations and
compliance with laws and regulations, unless they impact the
financial statements or their audit procedures. While obtaining
the understanding of the significant flow of the transactions,
the auditor should also obtain an understanding of the process
of recording and processing of journal entries, and should also
make inquiries about inappropriate or unusual activity relating
to the processing of journal entries and other adjustments.
Understanding the Risk Management Process
Management develops controls and uses performance
indicators to aid in managing key business and financial risks.
An effective risk management system in a bank generally
requires the following:
Oversight and involvement in the control process by those
charged with governance: Those charged with governance
(BOD/Chief Executive Officer) should approve written risk
management policies. The policies should be consistent with
the banks business objectives and strategies, capital strength,
management expertise, regulatory requirements and the types
and amounts of risk it regards as acceptable. Those charged
with governance are also responsible for establishing a culture
within the bank that emphasises commitment to internal
controls and high ethical standards. Management is
responsible for implementing the strategies and policies set by
those charged with governance thereby ensuring that an
adequate and effective system of internal control is
established and maintained.

Identification, measurement and monitoring of risks: Risks that

could significantly impact the achievement of banks goals
should be identified, measured and monitored against preapproved limits and criteria. This function is usually performed
by the banks Risk Committee or an independent risk
management unit, which is also responsible for validating and
stress testing the pricing and valuation models used by the
front and back offices. Further, it also monitors risk
management activities and evaluates the effectiveness of risk
management models, methodologies and assumptions used.
The mid office, which is responsible for identifying, measuring
and reporting the risk associated with the transaction, within
each function usually reports to the Risk Committee or the
independent risk management unit. Thus, in this manner the
banks management monitors the overall risks surfaced by the
bank.
Control activities: A bank should have appropriate controls to
manage its risks, including effective segregation of duties
(particularly, between front and back offices), accurate
measurement and reporting of positions, verification and
approval of transactions, reconciliation of positions and results,
setting of limits, reporting and approval of exceptions, physical
security and contingency planning.
RBI has informed banks vide its master circular on Risk
Management and Inter-bank Dealings dated July 1, 2008@,
the risk management framework and reporting requirements
with respect to certain categories of transactions such as,
forward contracts and hedging transactions entered into by the
bank with residents, managing of assets and liabilities of the
bank and hedging the same, hedging of Tier I capital in case of
foreign banks, etc.
For every bank in India, certain risk management limits such
as, the net open position (NOP) limit and aggregate gap limit
(AGL) are approved by the RBI after making an assessment of
each banks overall risk appetite. Banks install checks in their
daily processes to ensure that these limits are being adhered
to at all times.
As part of regulatory reporting, banks are also required to
report to the RBI a host of other risk management limits such
as, single and group borrower limits (these limits give an
indication of concentration risk), credit exposure for

derivatives (this indicates the potential replacement cost of

the derivative portfolio), capital market exposure of the bank,
country risk exposure and exposure to sensitive sectors such
as, real estate, etc.
Monitoring activities: Risk management models,
methodologies and assumptions used to measure and manage
risk should be regularly assessed and updated. This function
may be conducted by the independent risk management unit.
Internal auditing should test the risk management process
periodically to check whether management polices and
procedures are complied with and whether the operational
controls are effective. Both the risk management unit and
internal auditing should have a reporting line to those charged
with governance (i.e., the BOD or the Executive Committee)
and management that is independent of those on whom they
are reporting.
Reliable information systems: Banks require reliable
information systems that provide adequate financial,
operational and compliance information on a timely and
consistent basis. Those charged with governance and
management require risk management information that is
easily understood and that enables them to assess the
changing nature of the banks risk profile.
Engagement Team Discussions
The engagement team should hold discussions to gain better
understanding of banks and its environment, including internal
control, and also to assess the potential for material
misstatements of the financial statements. The discussion
provides the following:
An opportunity for more experienced engagement team
members, including the audit engagement partner, to share
their insights based on their knowledge of the bank and its
environment.
An opportunity for engagement team members to exchange
information about the banks business risks.
An understanding amongst the engagement team members
about affect of the results of the risk assessment procedures
on other aspects of the audit, including decisions about the
nature, timing, and extent of further audit procedures.

Establish the Overall Audit Strategy

Standard on Auditing (SA) 300, Planning an Audit of financial
Statements states that the objective of the auditor is to plan
the audit so that it will be performed in an effective manner.
For this purpose, the audit engagement partner should:
establish the overall audit strategy, prior to the
commencement of an audit; and involve key engagement
team members and other appropriate specialists while
establishing the overall audit strategy, which depends on the
characteristics of the audit engagement.
The overall audit strategy sets the scope, timing and direction
of the audit as it guides the development of detailed audit
plan. The establishment of the overall audit strategy involves:
Identifying the characteristics of the audit engagement that
define its scope, such as the financial reporting framework
used (Third Schedule to the Banking Regulation Act, 1949),
additional reporting requirements at various locations of the
components of the bank prescribed by the RBI, etc.
Ascertaining the reporting objectives of the audit engagement
to plan the timing of the audit and the nature of the
communications required, such as deadlines for interim and
final reporting, key dates for expected communications with
the management and with those charged with governance.
Considering the important factors that will determine the focus
of the engagement teams efforts, such as determination of
appropriate audit materiality, preliminary identification of
significant risks, preliminary identification of material
components and significant account balances and disclosures
Consider the factors that, in the auditors professional
judgment, are significant in directing the engagement teams
efforts.
Consider the results of preliminary engagement activities and,
where applicable, whether knowledge gained on other
engagements performed by the engagement partner for the
bank is relevant.
Ascertain the nature, timing and extent of resources necessary
to perform the engagement.
Develop the Audit Plan
Standard on Auditing (SA) 300, Planning an Audit of Financial
Statements deals with the auditors responsibility to plan an

audit of financial statements in an effective manner. It requires

the involvement of all the key members of the engagement
team while planning an audit. Before starting the planning of
an audit, the auditor must perform the procedures as defined
under SA 220, Quality Control for Audit Work for reviewing
the ethical and independence requirements. In addition to this,
the auditor is also required to comply with the requirements of
SA 210, Terms of Audit Engagement.

Audit Planning Memorandum

The auditor should summarise their audit plan by preparing an
audit planning memorandum in order to Describe the expected
scope and extent of the audit procedures to be performed by
the auditor.
Highlight all significant issues and risks identified during their
planning and risk assessment activities, as well as the
decisions concerning reliance on controls.
Provide evidence that they have planned the audit
engagement appropriately and have responded to
engagement risk, pervasive risks, specific risks, and other
matters affecting the audit engagement.
The audit planning memorandum should be approved by the
audit engagement partner. It ordinarily addresses the following
matters:
Assessment of and planned responses to the engagement risk,
pervasive risks or specific risk at the assertion level for classes
of transactions, account balances, and disclosures.
Assessment of the initial conclusions in respect to the
independence and potential conflict of interest.
Other significant issues arising out of the planning activities,
which may include the following:
Identified fraud risk factors
Preliminary conclusions regarding the components of internal
control Audit materiality
IT environment of the bank and need to use the work of an
expert; and
Changes in the banks environment such as, changes in
accounting policies or accounting process of the bank.

Determine Audit Materiality

The auditor should consider the relationship between the audit
materiality and audit risk when conducting an audit. The
determination of audit materiality is a matter of professional
judgment and depends upon the knowledge of the bank,
assessment of engagement risk, and the reporting
requirements for the financial statements.
The auditor needs to consider the possibility of misstatements
of relatively small amounts that, cumulatively, could have a
material effect on the financial information. The following
factors should be considered while assessing audit materiality
for banks:
Due to high leverage, relatively small misstatements may have
a significant effect on the results for the period and on capital,
even though they may not have significant impact on the total
assets.
Since a banks earning are low compared to its total assets and
liabilities and off balance sheet commitments, any
misstatements that relate only to assets, liabilities and
commitments may be less significant than those that relate to
earnings.
Banks are subjected to regulatory requirements, including
maintenance of minimum capital. Accordingly, while
establishing materiality level the auditor should be in a
position to identify misstatements which could result in a
significant contravention of the regulatory requirements.
Consider Going Concern
In obtaining an understanding of the bank, the auditor should
consider whether there are events and conditions which may
cast significant doubt on the banks ability to continue as a
going concern. The auditor needs to consider events and
conditions relating to the going concern assumption when
performing risk assessment procedures so as to make timely
discussions with the management, review the managements
plans, and resolution of any identified going concern issues.
Audit procedures, which may indicate that there could be a

question about a banks ability to continue as a going concern

for the foreseeable future including the following:
Reading of minutes of meetings of shareholders, board of
directors, and other important meetings;
Analytical Procedures;
Review of compliance with the terms of debt and loan
agreements;
Confirmation with related and third parties of the details of
arrangements to provide or maintain financial support;
Inquiry of the banks legal counsel about litigation, claims, and
assessments; and
Review of subsequent events.
There are certain specific events or conditions, which could
specifically cast a significant doubt on the ability of the bank to
continue as a going concern:
Rapid increase in the volume of derivative business without
necessary controls being in place.
Decline in the projected profitability, if the bank is at or near
its minimum level of regulatory capital.
Higher interest rates being paid on deposits and borrowing
than the market rates.
Actions taken or threatened by regulators that may have an
adverse effect on the ability of the bank to continue as a going
concern.
High concentration of exposure to certain borrowers or
industries.
Assess the Risk of Fraud including Money Laundering
As per SA 240 (Revised), The Auditors Responsibilities
Relating to Fraud in an Audit of Financial Statements, the
auditors objective are to identify and assess the risks of
material misstatement in the financial statements due to
fraud, to obtain sufficient appropriate audit evidence on those
identified misstatements and to respond appropriately. The
attitude of professional skepticism should be maintained by
the auditor so as to recognise the possibility
of misstatements due to fraud. When obtaining an
understanding of the bank and its environment, the auditor
should make inquiries of management regarding the following:

Managements assessment of the risk that the financial

statements may be materially misstated due to fraud,
including the nature, extent and frequency of such
assessments.
Managements process for identifying and responding to the
risk of fraud in the bank, including any specific risks of fraud
that management has identified or that have been brought to
its attention; or classes of transactions, account balances, or
disclosures for which a risk of fraud is likely to exist; and the
internal control that management has established to address
these risks.
Managements communication, if any, to those charged with
governance regarding its processes for identifying and
responding to the risks of fraud in the bank.
Managements communication, if any, to employees regarding
its views on business practices and ethical behaviour.
Due to the nature of their business, banks are ready for
targeting those who are engaged in the money laundering
activities by which the proceeds of illegal acts are converted
into proceeds from the legal acts. The RBI has framed specific
guidelines that deal with prevention of money laundering and
Know Your Customer (KYC) norms. The RBI has from time to
time issued guidelines (Know Your Customer Guidelines Anti
Money Laundering Standards), requiring banks to establish
policies, procedures and controls to deter and to recognise and
report money laundering activities. The RBI, vide its master
circular no. DBOD. AML. BC. No. 12/14 .01.001/2008-09 dated
July 1, 2008 on Know Your Customer (KYC) norms/Anti- Money
Laundering (AML) standards/Combating of Financing of
Terrorism (CFT)/Obligation of banks under PMLA, 2002, have
advised the banks to follow certain customer identification
procedure for opening of accounts and monitoring transactions
of a suspicious nature for the purpose of reporting it to
appropriate authority. These policies, procedures and controls
commonly extend to the following:
Customer acceptance policy, i.e., criteria for accepting the
customers.
Customer identification procedure, i.e., procedures to be
carried out while establishing a banking relationship; carrying
out a financial transaction or when the bank has a doubt about
the authenticity/veracity or the adequacy of the previously
obtained customer identification data.

A requirement to obtain customer identification (know your

client).
Monitoring of transactions Banks are advised to set key
indicators for risk sensitive (e.g., high turnover accounts or
complex or unusal transactions accounts) accounts, taking
note of the background of the customer, such as the country of
origin, sources of funds, the type of transactions involved and
other risk factors. Banks should also put in place a system of
periodical review of risk categorisation of accounts and the
need for applying enhanced due diligence measures. Such
review of risk categorisation of customers should be carried
out at a periodicity of not less than once in six months.
Closure of accounts- In case of non-application of proper KYC
measures, banks may decide to close the account of the
particular customer after giving due notice to the customer.
Risk Management- The Board of Directors of the bank should
ensure that an effective KYC programme is put in place by
establishing appropriate procedures and ensuring their
effective implementation. It should cover proper management
oversight, systems and controls, segregation of duties, training
and other related matters. Responsibility should be explicitly
allocated within the bank for ensuring that the banks policies
and procedures are implemented effectively. Concurrent/
Internal Auditors should specifically check and verify the
application of KYC procedures at the branches and comment
on the lapses observed in this regard. The compliance in this
regard should be put up before the Audit Committee of the
Board on quarterly intervals.
Reporting to the authorities of suspicious transactions or of all
transactions of a particular type, for example, cash
transactions over a certain amount.
The abovementioned RBI master circular also advised the
banks to pay special attention any money laundering threats
that may arise from new or developing technologies including,
internet banking that might favour anonymity, and take
measures, if needed, to prevent their use in money laundering
schemes. Further, banks are required to report all frauds to the
RBI on a periodical basis. The auditors should review the same
to get an idea of the nature and extent of frauds.
Assess Specific Risks

The auditors should identify and assess the risks of material

misstatement at the financial statement level which refers to
risks that relate pervasively to the financial statements as a
whole, and potentially affect many assertions. Risk of material
misstatement at the assertion level for specific class of
transactions, account balances and disclosures need to be
considered because such consideration directly assists in
determining the nature, timing and extent of further audit
procedures at the assertion level necessary to obtain sufficient
appropriate audit evidence.
For this purpose, the auditor should perform the following:
Identify risks throughout the process of obtaining an
understanding of the bank and its environment, including
applicable controls that relate to the risks, and by considering
the account balances or disclosures in the financial
statements.
Pinpoint each risk to one or more assertions relating to the
account balances or disclosures.
Consider whether the risks are of a magnitude that could result
in a material misstatement of the financial statements.
Document the identified and assessed risks of material
misstatement at the assertion level.
Risk Associated with Outsourcing of Activities
Further, the modern day banks make extensive use of
outsourcing as a means of both reducing costs as well as
making use of services of an expert not available internally.
There are, however, a number of risks associated with
outsourcing of activities by banks and therefore, it is
quintessential for the banks to effectively manage those risks.
RBIs circular no. DBOD.BP.40/21.04.158/2006-07 dated
November 3, 2006 contains extensive guidelines on managing
the risks associated with the outsourcing of financial services
by banks. The circular, however, also mandates that banks
which choose to outsource financial services should not
outsource core management functions including internal audit,
compliance function and decision-making functions like,
determining compliance with Know Your Customer (KYC)
norms for opening deposit accounts, according sanction for

loans (including retail loans) and management of investment

portfolio.

Response to the Assessed Risks

SA 330, The Auditors Responses to Assessed Risks deals
with the auditors responsibility to design and implement
responses to the risks of material misstatement identified and
assessed by the auditor in accordance with SA 315. Further, it
requires the auditor to design and implement overall
responses to address the assessed risks of material
misstatement at the financial statement level. The auditor
should design and perform further audit procedures whose
nature, timing and extent are based on and are responsive to
the assessed risks of material misstatement at the assertion
level. In designing the further audit procedures to be
performed, the auditor should:
Consider the reasons for the assessment given to the risk of
material misstatement at the assertion level for each class of
transactions, account balance, and disclosure, including:
The likelihood of material misstatement due to the particular
characteristics of the relevant class of transactions, account
balance, or disclosure (i.e., the inherent risk); and
Whether the risk assessment takes into account the relevant
controls (i.e., the control risk), thereby requiring the auditor to
obtain audit evidence to determine whether the controls are
operating effectively (i.e., the auditor intends to rely on the
operating effectiveness of controls in determining the nature,
timing and extent of substantive procedures); and Obtain more
persuasive audit evidence the higher the auditors assessment
of risk.
The auditor shall design and perform tests of controls and
substantive procedures to obtain sufficient appropriate audit
evidence, as to the operating effectiveness of relevant
controls, and to detect material misstatements at the assertion
level.
Stress Testing
RBI, vide its circular no. DBOD. No. BP. BC.101 / 21.04.103/
2006-07 dated June 26, 2007 has required that all commercial

banks (excluding RRBs and LABs) shall put in place a Board

approved Stress Testing framework to suit their individual
requirements which would integrate into their risk
management systems. The circular further requires that the
framework should satisfy certain essential requirements as
listed therein.

BASEL II framework
The new capital adequacy framework for banks seeks to arrive
at significantly more risk-sensitive approaches to capital
requirements of a bank. The revised Basel II framework
attempts to promote more advanced risk management
systems, align regulatory capital closer to economic capital
and thus promote greater efficiency in the use of capital.
Preparation and submission of audit report - The branch
auditor forwards his report to the statutory auditors who have
to deal with the same in such manner as they consider
necessary. It is desirable that the branch auditors reports are
adequately detailed in unambiguous terms. As far as possible,
the financial impact of all qualifications or adverse comments
on the branch accounts should be clearly brought out in the
branch audit report. It would assist the statutory auditors if a
standard pattern of reporting, say, head-wise, commencing
with assets, then liabilities and thereafter items related to
income and expenditure, is followed. Similarly, for statutory
auditors of a bank, the form and content of the audit report
should be determined by the auditor taking into account his
terms of engagement and applicably statutory, regulatory and
professional requirements.
In all cases, matters covering the statutory responsibilities of
the auditors should be dealt with in the main report. The LFAR
should be used to further elaborate matters contained in the
main report and not as a substitute thereof. Similarly, while
framing his main report, the auditor should consider, wherever
practicable, the significance of various comments in his LFAR,
where any of the comments made by the auditor therein is
adverse, he should consider whether a qualification in his main

report is necessary by using his discretion on the facts and

circumstances qualification in his main report is necessary by
using his discretion on the facts and circumstances of each
case. It may be emphasized that the main report should be
self-contained document.
Special Considerations in a CIS Environment - As in
todays environment all banks have embarked upon a large
scale computerization, this has resulted in changes in the
processing and storage of information and affects the
organisation and procedures employed by the entity to achieve
adequate internal control. Thus, while the overall objective and
scope of audit do not change simply because data is
maintained on computers, the procedures followed by the
auditor in his study and evaluation of the accounting system
and related internal controls and the nature, timing and extent
of his other audit procedures are affected in a CIS
environment.
Internal Audit and Inspection - Banks generally have a well
organised system of internal audit. Their internal auditors pay
frequent visit to the branches. They are an important link in
the internal control of the bank. The systems of internal audit
in different banks also have a system of regular inspection of
branches and head office. The internal audit and inspection
function is carried out by a separate department within the
bank by firms of chartered accountants The statutory auditors
should evaluate internal audit, concurrent audit and inspection
functions to the extent they consider that these will be
relevant in designing their audit procedures. They should also
review the internal/concurrent/inspection/audit programmes.
Such a review helps the statutory auditors in determining the
nature, timing and extent of their audit tests. They can assist
the bank management in improving the effectiveness of
internal audit/concurrent audit/inspection functions.