NAME: RASHIKA JAIN

DATE: 31-03-2024
TOPIC: Notes on the following- Objective and scope

MODULE 12: Audit and Compliance

1. Concurrent Audit
The Ghosh Committee recommended implementing concurrent audits in large and
exceptionally large branches of banks to provide administrative support, ensure
adherence to prescribed procedures, and detect irregularities promptly. Following
this, both scheduled and primary urban co-operative banks with deposits over Rs.
50 crore were mandated to adopt concurrent audit systems. Additionally, based on
recommendations from the Joint Parliamentary Committee (JPC) investigating
stock market scams, all primary urban co-operative banks were required to
implement concurrent audits.
The board of directors should annually review the effectiveness of the concurrent
audit system and address any deficiencies identified. While individual banks have
the autonomy to design their concurrent audit systems, a guideline in Annexure 1
outlines key features, such as branch coverage, audit scope, reporting mechanisms,
and suggestions for implementation.
This guideline aims to establish some uniformity among different banks'
concurrent audit systems. Banks should articulate the connections between existing
internal inspections and audits and the proposed concurrent audit framework when
formulating their systems.
Concurrent auditors are tasked with certifying the bank's investments quarterly,
ensuring their ownership and physical existence, with certificates submitted to the
relevant Reserve Bank of India (RBI) regional office. They must also verify
compliance with RBI circulars, particularly those concerning transactions in
government securities.
Scopes of concurrent audit
Continuous Training and Development: It is crucial for concurrent auditors to
undergo regular training sessions to stay updated with evolving banking
regulations, technological advancements, and emerging fraud trends. Banks should
invest in their auditors' professional development to ensure effectiveness and
efficiency in audit processes.
 Technology Integration: Banks should leverage technological solutions, such
as data analytics and automation tools, to enhance the effectiveness of
concurrent audits. Integrating such technologies can improve audit coverage,
identify anomalies more efficiently, and streamline reporting processes.
 Risk-Based Approach: Concurrent audits should adopt a risk-based
approach, focusing on areas with higher inherent risks. By prioritizing audit
efforts based on risk assessments, banks can allocate resources more
effectively and address critical issues in a timely manner.
 Independent Oversight: Concurrent audit processes should include
independent oversight mechanisms to ensure objectivity and integrity.
Establishing independent review committees or engaging external auditors
for periodic reviews can enhance the credibility of audit findings and
recommendations.
 Collaboration with Regulatory Authorities: Banks should foster
collaborative relationships with regulatory authorities, such as the RBI, to
align concurrent audit practices with regulatory expectations and industry
best practices. Regular dialogue and information sharing can help banks stay
ahead of emerging regulatory requirements and compliance challenges.
By incorporating these additional considerations, banks can strengthen their
concurrent audit practices and enhance overall risk management and governance
frameworks.

2. Forensic audit in bank

Forensic audit in banks of India refers to a specialized examination of financial

records, transactions, and activities conducted with the objective of uncovering
potential financial fraud, misconduct, or irregularities. Unlike traditional audits that
focus on verifying financial statements for accuracy and compliance with
accounting standards, forensic audits delve deeper into identifying fraudulent
activities, gathering evidence, and determining the extent of financial losses or
damages incurred.
Objectives of forensic audits in banks of India include:
 Fraud Detection: Forensic audits aim to identify fraudulent activities such as
embezzlement, misappropriation of funds, bribery, corruption, money
laundering, or insider trading within the banking sector.
 Evidence Collection: Forensic auditors gather and analyze financial data,
documents, electronic records, and other relevant evidence to reconstruct
transactions and establish a trail of fraudulent activities.
 Investigation Techniques: Forensic auditors employ various investigation
techniques, including data analysis, interviews, forensic accounting
methods, and forensic technology tools, to uncover irregularities and
fraudulent schemes.
 Legal Compliance: Forensic audits adhere to legal and regulatory
requirements, ensuring that the investigation process and evidence collection
techniques are conducted in accordance with applicable laws and standards.
 Expert Testimony: Forensic auditors may provide expert testimony in legal
proceedings, presenting their findings, analysis, and conclusions to support
litigation or regulatory actions against perpetrators of financial fraud.
 Preventive Measures: Besides detecting and investigating financial fraud,
forensic audits also help banks implement preventive measures and
strengthen internal controls to mitigate the risk of future fraud incidents.
Forensic audits play a crucial role in safeguarding the integrity of the banking
system, protecting stakeholders' interests, and maintaining public trust in financial
institutions. By conducting thorough examinations and uncovering fraudulent
activities, forensic audits contribute to enhancing transparency, accountability, and
risk management within the banking sector.

3. Statutory audit in bank

A statutory audit in banks refers to an independent examination of a bank's
financial statements, accounts, and records to ensure compliance with statutory and
regulatory requirements. These audits are conducted by external auditors who are
appointed by the bank's shareholders or regulatory authorities and are legally
mandated to review the financial affairs of the bank.
Eligibility Criteria:
 Audit entities (audit firms or sole proprietorship auditors) must meet specific
conditions, including compliance with Section 141 of the Companies Act,
2013, and not being barred by regulatory bodies such as RBI, SEBI, C&AG,
Government of India, NFRA, and ICAI.
 Audit entities must not be currently engaged as SBAs or Statutory Central
Auditors (SCAs) for any other PSB, and certain time intervals must be
observed between audit engagements.
 There should be no common partners between audit firms serving as SBAs
for the same PSB, and the audit entity must meet specified criteria for bank
audit experience, number of partners, and standing.
Role of the Board and Audit Committee:
 The PSB's board is responsible for establishing a policy for engaging SBAs,
covering eligibility criteria, appointment, re-appointment, removal, and
branch selection for statutory audits.
 The Audit Committee of the Board (ACB) approves the methodology for
branch selection and business coverage, ensuring transparency and fairness
in the process.
 A representative mix of rural, semi-urban, urban, and metropolitan branches,
including those not subject to concurrent audits, should be covered.
Consolidation of Reports:
Long Form Audit Reports (LFAR) prepared by concurrent auditors for branches
not subject to statutory audit are consolidated and submitted to SBAs.
PSBs are permitted to appoint SBAs without prior RBI approval for accounting
periods ending March 31, 2023, and onwards.
Business Coverage:
For FY 2022-23, PSBs must ensure that statutory audits cover a minimum of 70%
of funded and non-funded credit exposures.
From FY 2023-24 onwards, PSBs have discretion to determine business coverage
based on board-approved policies and risk considerations.

4. LFAR

The Long Form Audit Report (LFAR) is a supplementary report issued by bank
auditors alongside the statutory audit report. While the statutory audit report covers
essential aspects of a bank's operations, the LFAR provides a more comprehensive
evaluation, addressing various key areas outlined by the Reserve Bank of India
(RBI). The format of the LFAR may vary over time to accommodate changes in
the banking industry, with separate formats designated for central statutory auditors
and branch auditors.
The LFAR format typically consists of a questionnaire covering five main sections:
(A) Capital
(B) Liabilities
(C) Assets
(D) Profit & Loss Account
(E) General
Each section includes specific inquiries related to the corresponding aspect of the
bank's operations. For instance, the Capital section may involve verifying changes
in share capital, while the Assets section may require scrutiny of loan
disbursements and cash balances.
Key points to assess while drafting LFAR may include:
 Monitoring cash retention limits at branches and conducting physical cash
verifications.
 Checking stocks of stationary and postal stamps.
 Reviewing suspense accounts and reporting irregularities in loan
disbursements.
  Examining cases of pending loan reviews or renewals and identifying
accounts with quick mortality.
 Scrutinizing dormant or inactive accounts, contingent liabilities, and changes
in deposit balances.
 Verifying interest calculations, especially on non-performing accounts.
 Assessing the bank's backup, recovery systems, and disaster recovery plans.
 Ensuring the maintenance of daily reports either in print or electronically.
In essence, the LFAR serves as a comprehensive assessment tool for bank auditors
to provide detailed insights into a bank's financial health and operational efficiency
beyond what is covered in the statutory audit report.

5. System audit

Conducting a system audit, also known as an information system (IS) audit, entails
a comprehensive examination of an organization's IT infrastructure. The primary
aim is to assess whether the information systems in place uphold data integrity,
safeguard the organization's assets, and operate efficiently to facilitate the
achievement of its objectives. Moreover, an IS audit identifies inefficiencies or
vulnerabilities within the current system and proposes strategies to address such
shortcomings.

Distinguishing Information System Audit from Financial Audit:

While a financial audit primarily focuses on verifying the accuracy of financial
statements and ensuring they present a true and fair view of the business's financial
position without material errors, an information system audit emphasizes data
security, IT infrastructure effectiveness, and the design of internal controls within
the system.
Process of Information System Audit:
The Information System Audit Process typically involves the following six steps:
 System Review:
 During this initial step, auditors familiarize themselves with the
organization's information system by observing installation procedures,
engaging in inquiry sessions with installation personnel, and reviewing
installation documentation. The focus here is on identifying weaknesses in
management control.
 Measuring Vulnerability of Information System:
This step entails individually examining all computers and applications to
pinpoint the most vulnerable ones. Additionally, quality protocols are
reviewed by auditors at this stage.
 Identification of Potential Threats:
Here, various external and internal threats to the system are identified,
including programmers, system security personnel, regular users, software
vendors, and data entry operators.
 Checking of Internal Controls:
The system auditor evaluates the effectiveness of the information system's
internal controls in this step, ensuring that all controls are functioning
accurately. The auditor also endeavors to identify any gaps in internal
controls.
 Final Evaluations:
In this concluding step, a series of tests are conducted to assess different
components of the information system. These tests may involve examining
data flow and authorization, comparing manual and computerized data, and
validating data with external sources.
Benefits of System Audit:

 Mitigating the risk of fraud and errors

 Enhancing efficiency in business operations
 Identifying and addressing weaknesses in the system
 Highlighting areas of concern in system security to enable proactive
management planning.
In addition to these benefits, system audits provide valuable insights into the
overall health and effectiveness of an organization's information system, helping to
ensure its continued reliability and functionality.
References:
1. https://taxbaniya.com/long-form-audit-report-lfar-bank-audit-report-format/
2. https://www.rbi.org.in/commonperson/English/scripts/Notification.aspx?
Id=1402