Audit of Banks
(1) Introduction and Legal Framework
Need for Special Audit Considerations in audit of Banks:
Special audit considerations arise in the audit of banks because of:
(1) Particular nature of risks associated with the financial transactions;
(2) Voluminous scale of banking operations and the resultant significant exposures;
(3) Extensive dependence on IT for process of transactions;
(4) Various statutory and regulatory requirements; and
(5) Continuing development of new products, services & banking practices which may not be matched by concurrent development of a/cing principles & auditing practices.
(6) Evolution of technology and providing services through Net Banking and Mobiles has exposed banks to huge operational and financial risk.
Audit of Accounts & Appointment of Auditor:
Sec. 30(1) of Banking Regulation Act - B/S and P & L account of banking company should be audited by a person duly qualified to be an auditor of companies.
Most banks, appoint 4 or more firms of CAs to act jointly as St. central auditors.
Matters covered in Appointment Letter:
(1) Period of appointment.
(2) Particulars of other central auditors.
(3) Particulars of previous auditors.
(4) Procedural requirements to be complied with in accepting the assignment.
(5) Statement of division of work and review and reporting responsibilities amongst joint auditors in case of nationalised banks.
(6) Scope of assignment which includes any special reports or certificates to be given by the SCAs in addition to the main report.
Authority appointing the Auditors:
Auditors of Banking company: at AGM of shareholders (with approval of RBI).
Audit of Banks Chapter 14A
Auditors of Nationalised bank: by concerned bank acting through its BOD (with approval of RBI).
Auditors of SBI: appointed by CAG in consultation with C.G.
Auditors of RRBs: appointed by concerned bank with approval of C.G.
(2) Conducting a Bank Audit:
Stages in conducting a Bank Audit:
Stage I: Initial Considerations: Initial Considerations include considerations of:
(a) Acceptance & Continuance
(b) Declaration of Indebtedness
(c) Internal Assignments in Banks by Statutory Auditors
(d) Terms of Audit Engagements
(e) Communication with Previous Auditor
(f) Establish Engagement Team
Stage II: Understanding business operations: Auditor is required to obtain understating of: Bank, its Environment including Internal Control; Accounting Process Risk Management Process
Requirements of effective risk management system in a bank:
(i) Oversight by TCWG: Risk Management policies should be approved by TCWG ensuring that policies are consistent with bank’s business objectives & strategies, capital strength, management expertise, regulatory requirements & acceptable risk.
(ii) Identification, measurement & monitoring of risks: Risks that may significantly affect achievement of bank’s goals and objectives should be identified, measured and monitored against pre-approved limits and criteria.
(iii) Control activities: Banks must have controls to manage its risks, including: effective segregation of duties, verification and approval of transactions, setting of limits, and reporting and approval of exception.
(iv) Monitoring activities: Risk management unit should be set up which regularly assess risk management models, methodologies and assumptions used to measure and manage risk.
Chapter 14A Audit of Banks
(v) Reliable information systems: Banks must have a reliable information system that provide adequate financial, operational and compliance information on a timely and consistent basis to management and TCWG.
Stage III: Risk Assessment: Auditor is required to identify and assess following risk: Risks of Material Misstatements
Risk of Fraud including Money Laundering
Specific Risks
Risk Associated with Outsourcing of activities.
Stage IV: Execution: Execution stage considers the following: Engagement Team Discussions
Response to the Assessed Risks
Establish the Overall Audit Strategy
Audit Planning Memorandum
Determining Audit Materiality
Appropriateness of Going Concern
Stage V: Reporting: Issue of Main report and Other Reports/Certificates.
Special Considerations in CIS environment:
(i) Information to be shared by Banks with Auditors:
(1) Overall IT policy, structure and environment of Bank’s IT system.
(2) Data processing and data interface under various systems.
(3) Data integrity and data security.
(4) Business Continuity plans and disaster control plans.
(5) Accounting manual & critical accounting entries & their processes.
(6) Controls over key aspects, expense booking, overdue identification etc.
(7) Controls on recording of various e-banking & internet banking products.
(8) MIS reports being generated and their periodicity.
(9) Major exception reports and process of generation including embedded logic.
(10) Process of generating various information related to various disclosures in F.S.
(ii) Review of IT Environment:
Overall review of IT environment & accounting system is taken at HO level.
Branch auditors generally do not have access to IT policy & processes.
Based upon guidance & information received from SCAs, branch auditors need to ensure that data review & analysis through CBS is carried out & TOCs & substantive checking is carried out at branch level & results shared with SCAs.
(iii) Key security control aspects that an auditor needs to consider:
(1) Ensure authorised, accurate and complete data is made available for processing.
(2) Ensure in case of interruption due to power, mechanical or processing failures, system restarts without distorting the completion of the entries and records.
(3) Ensure that system prevents unauthorised amendments to the programmes.
(4) Ensure that access and authorisation rights given to employees are appropriate.
(5) Verify that segregation of duties is ensured while granting system access to users.
(6) Verify that changes made in the parameters or user levels are authenticated.
(7) Verify that exceptional transaction reports are being authorised and verified.
(8) Verify that the account master and balance cannot be modified/amended/altered except by the authorised personnel.
(9) Verify that balance in general ledger tallies with the balance in subsidiary book.
Risk based Internal Audit:
Risk-based Internal audit is conducted based upon risk assessment of business and control risks of branches. The risk assessment process includes:
(a) Identification of inherent business risks in various activities undertaken by branches (Business risk).
(b) Assessment of effectiveness of control systems for monitoring inherent risks of business activities of branch (Control risk).
(c) Making an assessment of level and direction of various risk areas and assess level and direction of overall business risk and control risk.
(d) Drawing up of risk matrix taking into account factors viz . Risk of branch.
(3) Internal Control Procedures in Bank:
General Controls
(1) Staff & officers of bank should be shifted from one position to another frequently and without prior notice.
(2) Work of one person should be checked by another person.
Audit Notes | Advanced Auditing Assurance & Professional Ethics | Audit | CLASS NOTES
AUTHOR : PANKAJ
GARG
PUBLISHER : TAXMANN
DATE OF PUBLICATION : MARCH 2025
EDITION : 4TH EDITION
ISBN NO : 9789364550970
NO. OF PAGES : 356
BINDING TYPE : PAPERBACK
DESCRIPTION
This visually captivating and content-rich book is tailored exclusively for students preparing for the Final Level of the Chartered Accountancy Examination. It is designed to help aspirants master the subject of Audit with a focus on ease of understanding, quick revision, and exam-oriented content.
The Present Publication is the 4th Edition for the CA Final | New Syllabus | Nov. 2025 Exams. This book is authored by Pankaj Garg, with the following noteworthy features:
• [Premium Glossy Paper & Multi-Coloured Layout] Enhances durability and creates a visually engaging reading experience, with vibrant colour-coding for easier content differentiation
• [Font-Focused for Readability] The carefully selected font style and size ensure dense material is presented clearly, reducing eye strain and improving focus
• [Concise, To-the-Point Language] Topics are presented in short, crisp sentences to simplify complex auditing concepts
• [Structured Presentation for Learning] Sections are logically organised, with yellow points for standard concepts and red points for high-priority content, aiding focused revision
• [Point-wise Format] Breaks down complex topics into manageable pieces, improving retention and making revision more efficient
• [Flowcharts & Visual Aids] Includes flowcharts, diagrams, and colour-coded sections for simplifying intricate topics and reinforcing conceptual clarity