Audit of Banks – Banking Operations, Auditing Framework & Audit of Advances

 

Table of Contents

1. Banking Operations

1.1 Types of Banks

1.2 Regulating Body

1.3 Regulatory Framework

1.4 Features of Banking Operations

1.5 Form and Content of Financial Statements

2. Auditing Framework

2.1 Auditor

2.2 Types of Audit Reports

2.3 Conducting an Audit

2.4 Assessing Risk of Fraud

3. Audit of Advances

3.1. Disclosure Requirements

3.2 Classification as per prudential norms

3.3 Creation of Security

3.4 Prudential Norms

3.5 Special cases w.r.t. NPA Classification

3.6 Computation of Drawing Power

3.7 Audit Procedure

1. Banking Operations

1.1 Types of Banks

1. Commercial Banks

Commercial banks are the widest spread banking institutions in India, that provide a number of products and services to general public and other segments of economy. Two of its main functions are:

(a) accepting deposits, and

(b) granting advances.

2. Regional Rural Banks

Regional Rural Banks known as RRBs are the banks that have been set up in rural areas in different states of the country to cater to the basic banking and financial needs of the rural communities. Examples are Punjab Gramin Bank, Tripura Gramin Bank, Allahabad UP Gramin Bank, Andhra Pradesh Gramin Vikash Bank, etc.

3. Co-operative Banks

Co-operative Banks function like Commercial Banks only but are set up on the basis of Co-operative Principles and registered under the Co-operative Societies Act of the respective state or the Multistate Co-operative Societies Act and usually cater to the needs of the agricultural and rural sectors. Examples are Gujarat State Co-operative Bank Ltd., Chhattisgarh Rajya Sahakari Bank Maryadit, etc.

4. Payment Banks

Payments Banks are a new type of banks which have been recently introduced by RBI. They are allowed to accept restricted deposits but they cannot issue loans and credit cards. However, customers can open Current & Savings accounts and also avail the facility of ATM cum Debit cards, Internet-banking & Mobile banking. Examples are Airtel Payments Bank, India Post Payments Bank, Paytm Payments Bank, etc.

5. Development Banks (also known as ‘Term-Lending Institutions’)

Development Banks had been conceptualized to provide funds for infrastructural facilities important for the economic growth of the country. Examples are Industrial Finance Corporation of India (IFCI), Industrial Development Bank of India (IDBI), Small Industries Development Bank of India (SIDBI), etc.

6. Small Finance Banks

Small Finance Banks have been set up by RBI to make available basic financial and banking facilities to the unserved and unorganised sectors like small marginal farmers, small & micro business units, etc. Examples are Equitas Small Finance Bank, AU Small Finance Bank, etc.

Points to remember

Commercial banks are the widest spread banks, that provide multiple services including accepting deposits and granting advances to general public and other segments of economy.

1.2 Regulating Body

Regulating Body In India, banking industry is regulated by the Reserve Bank of India (RBI) known as the Central Bank. Major functions and responsibilities of RBI are:

• • development and supervision of the banks and non-banking financial institutions
  • determining, the monetary and credit policies.
  • issuance and regulation of currency;
  • acting as banker to the central and state governments, commercial and other types of banks including term-lending institutions.
  • to regulate the activities of commercial and other banks.

1.3 Regulatory Framework

(a) Banking Regulation Act, 1949;
(b) Reserve Bank of India Act, 1934;
(c) Banking Companies (Acquisition and Transfer of Undertakings) Act, 1970;
(d) State Bank of India Act, 1955;
(e) State Bank of India (Subsidiary Banks) Act, 1959;
(f) Regional Rural Banks Act, 1976;
(g) Companies Act, 2013;
(h) Cooperative Societies Act, 1912 or the relevant State Cooperative Societies Acts;
(i) Information Technology Act, 2000;
(j) Prevention of Money Laundering Act, 2002;
(k) Securitisation and Reconstruction of Financial Assets and Enforcement of Security Interest Act, 2002;
(l) Credit Information Companies Regulation Act, 2005; and
(m) Payment and Settlement Systems Act, 2007

1.4 Features of Banking Operations

• • Voluminous and complex of transactions,
  • Wide geographical spread of banking network,
  • Diversified and large range of products and services offered,
  • Extensive use of technology,
  • Strict vigilance and compliance.

1.5 Form and Content of Financial Statements

• • Every banking company is required to prepare a Balance Sheet and a Profit and Loss Account in the forms set out in the Third Schedule to the Act or as near thereto as the circumstances admit. Form A of the Third Schedule to the Banking Regulation Act, 1949, contains the form of Balance Sheet and Form B contains the form of Profit and Loss Account.
  • Every banking company needs to comply with the disclosure requirements under the various Accounting Standards, as notified u/s 133 of the Companies Act, 2013, in so far as they apply to banking companies.

2. Auditing Framework

2.1 Auditor

1. Eligibility, qualification & Disqualifications

Balance sheet and Profit and loss account of a banking company should be audited by a person duly qualified under any law for the time being in force to be an auditor of companies.

Section 141 of Companies Act, 2013 prescribes the auditor eligibility, qualification and disqualifications.

2. Appointment

• • Auditor of a banking company is to be appointed at the AGM of the shareholders.
  • Auditor of a nationalised bank is to be appointed by the bank concerned acting through its Board of Directors.
  • In either case, approval of the Reserve Bank is required before the appointment is made.
  • The auditors of the State Bank of India are to be appointed by the CAG in consultation with the Central Government.
  • The auditors of regional rural banks are to be appointed by the bank concerned with the approval of the Central Government.

3. Remuneration

• • Remuneration of auditor of a banking company is to be fixed in accordance with the provisions of section 142 of the Companies Act, 2013.
  • Remuneration of auditors of nationalised banks and State Bank of India is to be fixed by the RBI in consultation with the Central Government.

4. Powers

Auditor of a banking company or of a nationalised bank, SBI or a regional rural bank has the same powers as those of a company auditor in the matter of access to the books, accounts, documents and vouchers.

2.2 Types of Audit Reports

1. Statutory

In the case of a nationalised bank, the auditor is required to make a report to the Central Government in which the auditor should state the following:

1. 1. Whether, in the auditor’s opinion, the balance sheet is a full and fair balance sheet containing all the necessary particulars and is properly drawn up so as to exhibit a true and fair view of the affairs of the bank.
   2. In case the auditor had called for any explanation or information, whether it has been given and whether it is satisfactory.
   3. Whether or not the transactions of the bank, which have come to the auditor’s notice, have been within the powers of that bank.
   4. Whether or not the returns received from the offices and branches of the bank have been found adequate for the purpose of audit.
   5. Whether the profit and loss account show a true balance of profit or loss for the period covered by such account.
   6. Any other matter which the auditor considers should be brought to the notice of the Central Government.

2. Additional reports to be issued by Statutory Auditor

1. 1. Report on adequacy and operating effectiveness of Internal Controls over Financial Reporting in case of banks which are registered as companies under the Companies Act in terms of Sec. 143(3)(i) of the Companies Act, 2013 which is normally to be given as an Annexure to the main audit report as per the Guidance Note on Audit of Internal Financial Controls over Financial Reporting issued by the ICAI.
   2. Long Form Audit Report. (LFAR)
   3. Report on compliance with SLR requirements.
   4. Report on whether the treasury operations of the bank have been conducted in accordance with the instructions issued by the RBI from time to time.
   5. Report on whether the income recognition, asset classification and provisioning have been made as per the guidelines issued by the RBI from time to time.
   6. Report on whether any serious irregularity was noticed in the working of the bank which requires immediate attention.
   7. Report on status of the compliance by the bank with regard to the implementation of recommendations of the Ghosh Committee relating to frauds and malpractices and of the recommendations of Jilani Committee on internal control and inspection/credit system.
   8. Report on instances of adverse credit-deposit ratio in the rural areas.

3. LFAR

• • The long form Audit Report has to be furnished by the auditor of a bank in addition to the audit report as per the statutory requirement.
  • The matters which the banks require their auditor to deal with in the form of Long Form Audit Report have been specified by the RBI.
  • The LFAR is to be submitted before 30th June every year. To ensure timely submission of LFAR, proper planning for completion of the LFAR is required. While the format of LFAR does not require an executive summary to be given, members may consider providing the same to bring out the key observations from the whole document.

4. Reporting of Fraud

• • Circular issued by RBI regarding liability of accounting and auditing profession, provides that “If an accounting professional, whether in the course of internal or external audit or in the process of institutional audit finds anything susceptible to be fraud or fraudulent activity or act of excess power or smell any foul play in any transaction, he should refer the matter to the regulator. Any deliberate failure on the part of the auditor should render himself liable for action”.
  • This requirement is applicable to all scheduled commercial banks excluding Regional Rural Banks. Auditor is not expected to look into each and every transaction but to evaluate the system as a whole.
  • While reporting such kind of matters as stated in the circular, auditor need to consider the provisions of SA 250, “Consideration of Laws and Regulations in an Audit of Financial Statements”.
  • SA 240, “The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements “ further expounds the concept and states that an auditor conducting an audit in accordance with SAs is responsible for obtaining reasonable assurance that the financial statements taken as a whole are free from material misstatement, whether caused by fraud or error.

2.3 Conducting an Audit

1. Initial Considerations

Initial Considerations include considerations of:

1. 1. Acceptance & Continuance
   2. Declaration of Indebtedness
   3. Internal Assignments in Banks by Statutory Auditors
   4. Terms of Audit Engagements
   5. Communication with Previous Auditor
   6. Establish Engagement Team

2. Understanding the Bank and its Environment

Auditor is required to obtain understating of:

• • Bank and its Environment including Internal Control
  • Bank’s Accounting Process
  • Risk Management Process

3. Identifying and Assessing RMM

Auditor is required to identify and assess following risk:

• • Risks of Material Misstatements
  • Risk of Fraud including Money Laundering
  • Specific Risks
  • Risk Associated with Outsourcing of activities.

4. Understanding the Risk Management Process

An effective risk management system in a bank generally requires the following:

4.1 Involvement of TCWG

• • Risk Management policies should be approved by TCWG.
  • While approving the policies, TCWG should ensure that the policies should be consistent with the bank’s business objectives and strategies, capital strength, management expertise, regulatory requirements and the types and amounts of risk it considers as acceptable.

4.2 Identification, measurement & monitoring of risks

Risks that may significantly affect the achievement of bank’s goals and objectives should be identified, measured and monitored against pre-approved limits and criteria.

4.3 Control activities

Banks must have appropriate controls to manage its risks, including the following:

• • effective segregation of duties,
  • verification and approval of transac-tions,
  • setting of limits, and
  • reporting and approval of exception.

4.4 Monitoring activities

Independent risk management unit should be set up which regularly assess the risk management models, methodologies and assumptions used to measure and manage risk.

4.5 Reliable information systems

Banks must have a reliable information system that provide adequate financial, operational and compliance information on a timely and consistent basis to management and TCWG.

5. Engagement Team Discussions

• • To gain better understanding of banks and its environment, including internal control, and also to assess the potential for material misstatements of the financial statements.
  • All these discussions should be appropriately documented for future reference.
  • The discussion should be done on the susceptibility of the bank’s financial statements to material misstatements.
  • These discussions are ordinarily done at the planning stage of an audit.

5.1 Benefits of discussion

• • Opportunity for team members to share their insights based on their knowledge of the bank and its environment.
  • Opportunity for team members to exchange information about the bank’s business risks.
  • To make an understanding amongst the team members about effect of the results of the risk assessment procedures on other aspects of the audit, including decisions about the NTE of further audit procedures.

5.2 Matters to be discussed

(a) Errors that may be more likely to occur;
(b) Errors which have been identified in prior years;
(c) Method by which fraud might be perpetrated by bank personnel or others within particular account balances and/or disclosures;
(d) Audit responses to Engagement Risk, Pervasive Risks, and Specific Risks;
(e) Need to maintain professional skepticism throughout the audit engagement;
(f) Need to alert for information or other conditions that indicates that a material misstatement may have occurred.

6. Establish the Overall Audit Strategy

• • As required by SA 300, establish the overall audit strategy, prior to the commencement of an audit; and
  • involve key engagement team members and other appropriate specialists while establishing the overall audit strategy, which depends on the characteristics of the audit engagement.

7. Develop the Audit Plan

As required by SA 300, develop an overall audit plan which cover details of nature, timing and extent of audit procedures planned to be performed.

8. Execution

Execution stage considers the following:

• • Engagement Team Discussions
  • Response to the Assessed Risks
  • Establish the Overall Audit Strategy
  • Audit Planning Memorandum
  • Determining Audit Materiality
  • Appropriateness of Going Concern

9. Reliance/Review of other Reports

Auditor should consider the adverse/qualified remarks, if any, appearing in the following:

• • Previous audit reports.
  • Internal inspection reports.
  • RBI inspection reports.
  • Concurrent/Internal audit report.
  • Report on verification of security.
  • Any other internal reports specially related to particular accounts.

2.4 Assessing Risk of Fraud

• • Assessing Risk of Fraud  As per SA 240 “The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements”, the auditor’s objective is to identify and assess the risks of material misstatement in the financial statements due to fraud, to obtain sufficient appropriate audit evidence on those identified misstatements and to respond appropriately.
  • The attitude of professional skepticism should be maintained by the auditor so as to recognise the possibility of misstatements due to fraud.
  • The RBI has framed specific guidelines that deal with prevention of money laundering and “Know Your Customer (KYC)” norms. The RBI has from time to time issued guidelines (“Know Your Customer Guidelines – Anti Money Laundering Standards”), requiring banks to establish policies, procedures and controls to deter and to recognise and report money laundering activities.

3. Audit of Advances

3.1. Disclosure Requirements

1 .Nature wise

(i) Bills purchased and discounted

(ii) Cash credits, Overdrafts and loans repayable on demand

(iii) Term Loans

2. Security wise

(i) Secured by tangible assets

(ii) Covered by Bank/Government guarantees

(iii) Unsecured

3. Location wise

1. Advances in India:

• • • Priority sectors
    • Public sector
    • Banks
    • Others

2. Advances outside India:

• • • Due from Banks
    • Due from Others:

(a) Bills Purchased and discounted

(b) Syndicated loans

(c) Others

3.2 Classification as per prudential norms

1. Standard assets

Assets which does not disclose any problem and does not carry more than normal risk.

2. Sub-standard assets

Asset which has been classified as NPA for a period not exceeding 12 months.

3. Doubtful assets

Doubtful assets Asset which has remained NPA for a period exceeding 12 months.

4. Loss assets

Asset in respect of which loss has been identified by the bank or internal auditors or the RBI inspection, but the amount has not been written off, wholly or partly.

3.3 Creation of Security

1. Primary security

Security offered by the borrower for bank finance or the one against which credit has been extended by the bank.

2. Collateral security

It is an additional security and can be in any form i.e. tangible or intangible asset, movable or immovable asset.

Note: Security may be created by different modes like Mortgage, Pledge, Hypothecation, Lien, Assignment.

3. Mortgage

• • Registered Mortgage can be affected by a ‘Mortgage Deed’ signed by the mortgagor.
  • Equitable mortgage, is affected by a mere delivery of title deeds or other documents of title with intent to create security thereof.

4. Pledge

• • It involves physical delivery of goods by the borrower to the lending bank with the intention of creating a charge thereon as security for the advance.
  • Legal ownership of the goods remains with the pledger while the lending banker gets certain defined interests in the goods.

5. Hypothecation

• • Hypothecation is the creation of an equitable charge, which is created in favour of the lending bank by execution of hypothecation agreement in respect of the movable securities belonging to the borrower.
  • Borrower holds the physical possession of the goods. Neither ownership nor possession are transferred to the bank.
  • Borrower periodically submits statements regarding quantity and value of hypothecated assets (like stocks, debtors, etc.) to the bank on the basis of which the drawing power of the borrower is fixed.

6. Lien

Lien is creation of a legal charge with consent of the owner, which gives lender a legal right to seize and dispose/liquidate the asset under lien.

7. Assignment

• • It is a transfer of an existing or future debt, right or property belonging to a person in favour of another person.
  • Only actionable claims (i.e., claim to any debt other than a debt secured by a mortgage of immovable property or by hypothecation or pledge of movable property) such as book debts and life insurance policies are accepted by banks as security by way of assignment.

3.4 Prudential Norms

1. Non-Performing Advances

Prudential Norms Non-Performing Advances An Advance will be classified as NPA if:

(a) It ceases to generate income for a bank.
(b) Interest and/or instalment of principal in respect of such an advance have remain overdue or out of order for a specified period of time

• • • Overdue: An amount is said to be ‘Overdue’, if it is not paid on the due date fixed by the Bank.
    • Out of Order: An account should be treated as ‘Out-of-order’ if the outstanding balance remains continuously in excess of the sanctioned limit/drawing power.

Or

If there are no credits continuously for 90 days as on the balance sheet date or the credits are not enough to cover the interest debited during the same period.

2. NPA classification w.r.t. specified advances

2.1 Term Loans

Interest and/or Instalment of principal has remained overdue for a period exceeding 90 days.

2.2 CC/OD

The account has remained out-of-order for a period exceeding 90 days.

2.3 Bills Purchased & Discounted

The Bill remains overdue & unpaid for a period exceeding 90 days.

3. Provisioning Requirements

3.1 Standard assets

0.40% (0.25% on SME/Agricultural Advances) and 1% on commercial Real Estate Loans.

3.2 Sub-standard assets

15% [Additional provision for unsecured portion is required @ 10% (5% for infrastructure advances)]

3.3 Doubtful assets

Unsecured portion

100%

Secured portion

25% to 100% depending upon the period for which advance has remained doubtful.

• • • Upto one year – 25%
    • More than one year but upto 3 years – 40%
    • Above three years – 100%

3.4 Loss assets

100%

3.5 Special cases w.r.t. NPA Classification

1. Accounts regularised near B/S date

Where it appears that an account has inherent weakness and few credits near the balance sheet tries to make it regular, the account should be classified as NPA.

2. Asset Classification borrower-wise

All the facilities granted by bank to borrower will have to be treated as NPA and not the particular facility or part thereof.

3. Advances under Consortium

• • Consortium advances should be based on the record of recovery of the respective individual member banks and other aspects having a bearing on the recoverability of the advances.
  • Where the remittances by the borrower under consortium lending arrangements are pooled with one bank and/or where the bank receiving remittances is not parting with the share of other member banks, the account should be treated as not serviced in the books of the other member banks and therefore, an NPA.
  • The banks participating in the consortium, therefore, need to arrange to get their share of recovery transferred from the lead bank or to get an express consent from the lead bank for the transfer of their share of recovery, to ensure proper asset classification in their respective books.

4. Govt. guaranteed advances

The credit facilities backed by C.G. guarantee, though overdue will be classified as NPA only when the govt. repudiates its guarantee when invoked.

Credit facilities backed by S.G. guarantee should be classified as NPA in normal way.

5. Agricultural Advances/Loans

Interest and/or Instalment of principal is overdue for –

• • two crop seasons, in case loans granted for Short Duration crops,
  • one crop season, in case loans granted for Long Duration crops (i.e. more than 1 year)

Points to Remember

• • Long duration crops means the crops with crop season longer than one year.
  • Short Duration Crops means the crops, other than long duration crops.
  • Crop season means the period up to harvesting of the crops, as determined by the State Level Bankers’ Committee in each State.
  • The above norms should be made applicable to all direct agricultural advances as listed in the Master Circular on Lending to Priority Sectors. In respect of all other agricultural loans, identification of NPAs would be done on the same basis as non-agricultural advances, which, at present, is the 90 days delinquency norm.
  • If natural calamities impair the repaying capacity of agricultural borrowers, banks may decide on their own as a relief measure conversion of the short-term production loan into a term loan or re-schedulement of the repayment period; and the sanctioning of fresh short-term loan, subject to guidelines issued by RBI.

6. Erosion in Value of Securities

In case there arise erosion in the value of security or any fraud is committed by Borrowers, banks can directly classify these accounts as Doubtful Assets or Loss Assets, irrespective of the period for which the account has remained NPA.

• • Erosion in the value of securities by more than 50% of the value assessed by the bank or accepted by RBI inspection team at the time of last inspection, as the case may be, would be considered as “significant”, requiring the asset to be classified as doubtful straightaway and provided for adequately.
  • The realisable value of security as assessed by bank/approved valuers/RBI is less than 10% of the outstanding in the borrowal accounts, the existence of the security should be ignored and the asset should be classified as loss asset. In such cases the asset should either be written off or fully provided for.

7. Agricultural Advances affected by Natural Calamities

Where, in the wake of natural calamities, short-term agricultural loans are converted into term loans or there is rescheduling of repayment period or fresh short-term loans are sanctioned, the term loan as well as fresh short-term loan may be treated as current dues and need not be classified as NPA.

3.6 Computation of Drawing Power

All working capital limits, at all times, should be kept within both the drawing power and the sanctioned limit. Irregular accounts should be brought to the notice of the Management/Head Office regularly.

• • Ensure that withdrawals in the working capital account are covered by the adequacy of the current assets. Drawing power is required to be arrived at based on latest current stock statement, not more than three months old. The outstanding in the account based on drawing power calculated from stock statements older than three months is deemed as irregular.
  • Ensure that the drawing power is calculated as per the guidelines formulated by the Management of the bank. Due care should be given to proper reporting of sundry creditors for the purposes of calculating drawing power.
  • Ensure that bank has conducted stock audit for all accounts having exposure of more than stipulated limit. Review the report submitted by the stock auditors and consider the comments made by the stock auditors on valuation of security and calculation of drawing power.
  • Special focus need to be given in examining the DP calculation in case of working capital advances to companies engaged in construction business.

3.7 Audit Procedure

1. Aspects of Internal control

1. 1. Advances should be made only after evaluating creditworthiness of the borrowers and obtaining sanction from the proper authorities of the bank.
   2. All the loan documents like promissory notes, letters of hypothecation, guarantee letter, etc. should be executed by the parties before advances are made.
   3. While determining the loan amount to be sanctioned, sufficient margin should be kept against securities taken so as to cover any decline in the value thereof and also to comply with RBI directives.
   4. Securities should be received and returned by responsible officer and should be kept in the joint custody of atleast two responsible officers.
   5. Securities requiring registration should be registered in the name of the bank.
   6. In the case of physical possession of goods as security, the goods should be test checked at the time of receipts. In respect of hypothecated goods not in possession of the bank, surprise checks should be made.
   7. Personal inquiries should be made so as to determine market value of goods.
   8. For any increase/decrease in the value of securities, drawing power should be adjusted. All the accounts should be kept within both the drawing power and the sanctioned limit at all times.
   9. All irregular accounts should be brought to the notice of the H.O. regularly.
   10. The operation in each advance should be reviewed at least once every year.
   11. There should exist a proper system for post disbursement supervision and follow-up.
   12. Classification of advances should be made as per RBI Guidelines.
   13. Ensure that the funds disbursed should be utilized only for the purpose for which advances has been granted.

2. Evaluation of Internal Control

(a) Examine the following:

• • • loan documentation,
    • validity of the recorded amounts;
    • existence, enforceability and valuation of the security;

(b) Ensure compliance with the

• • • terms of sanction
    • end use of funds.
    • loan Policy of Bank as well as RBI norms including appropriate classification and provisioning

(c) Review the operation of the accounts.

3. Substantive Audit Procedure

Substantive Audit Procedure

(i) To verify that amounts included in balance sheet in respect of advances are outstanding at the date of the balance sheet.
(ii) To verify that advances represent amount due to the bank.
(iii) To ensure that outstanding amount is appropriately supported by Loan documents.
(iv) To ensure that there are no unrecorded advances.
(v) To verify the appropriateness of basis of valuation of advances.
(vi) To ensure that the recoverability of advances is recognised in their valuation.
(vii) To check that the advances are disclosed, classified and described in accordance with recognised accounting policies and relevant statutory and regulatory requirements.
(viii) Ensure that appropriate provisions towards advances have been made as per the RBI norms.