Practical Guide for First-Time Statutory Bank Branch Auditors

Practical Guide for Statutory Branch Auditors performing Bank Branch Audit for the First Time 

This practical guide provides a comprehensive overview for statutory branch auditors performing bank branch audits for the first time. It emphasizes the critical role of the banking industry in promoting sustainable socio-economic growth and financial stability. 

Key Points: 

• Types of Banking Institutions: Commercial Banks, Regional Rural Banks, Co-operative Banks, Development Banks, Foreign Banks, Payment Banks, Small Finance Banks, and EXIM Bank are distinct types of banking institutions operating in India. 
• Regulation by RBI: The Reserve Bank of India (RBI) is the central regulatory authority governing the banking industry. The Banking Regulation Act, 1949, outlines the forms of business that banking companies may undertake. 
• Functions of Commercial Banks: Commercial banks, being widespread in India, offer diverse products and services. Main functions include accepting deposits, granting advances, payment and settlement, and treasury operations. 
• Para Banking Activities: Commercial banks also engage in eligible para banking activities such as investing in Mutual Funds, Stocks, Bonds, and insurance products, following RBI guidelines. 
• RBI’s Role: RBI regulates and supervises the banking industry, issues currency, regulates currency issuance, acts as a banker to governments, commercial banks, and other financial institutions. RBI inspections and licensing are essential for banking operations. 
• Financial Statements: The Banking Regulation Act, 1949, governs the financial statements of banks. The Third Schedule to the Act specifies the forms of balance sheets and profit and loss accounts for banks. 
• Companies Act, 2013: The requirements of the Companies Act, 2013, also apply to banking companies concerning the preparation of financial statements, where not inconsistent with the Banking Regulation Act, 1949. 
• Audit Guidelines: The guide underscores the importance of annual statutory audits for banks, highlighting guidelines for conducting audits of bank branches.

Pre-commencement of Audit Coordination with Branch Management: 

• Limited Time Frame for Auditors: Statutory Branch Auditors (SBAs) have a restricted time frame to conduct audits of assigned branches. Timely planning and initiation of the audit are crucial for effective and high-quality completion within the given timeframe. 
• Coordination with Branch Management: Effective coordination between the auditor and branch management is vital. This ensures a smooth audit process and ensures timely completion. Communication with the previous auditor is necessary, following the guidelines of the Chartered Accountants Act, 1949. 
• Formal Communication: Upon accepting the appointment, SBAs should promptly send a formal communication to the branch management or Head Office. This communication should include acceptance of the appointment, necessary declarations, and undertakings. Additionally, the SBA should specify the required books, records, and information needed for the audit, facilitating preparedness on the part of branch management. 
• Proper Planning: Before commencing the audit, the SBA must meticulously plan the work. This includes issuing an audit engagement letter in line with auditing standards (SA 210) and a requirement letter detailing the information necessary for the audit. 
• Understanding Branch Details: The SBA needs to gather basic information about the branch, including its size and the nature of activities conducted (normal branch or specialized branch like forex/overseas/service branch). Depending on this information, the SBA should organize the audit team and formulate the audit plan. 
• Specialized Branch Considerations: For specialized branches, the audit team members must be well-versed with the rules and regulations governing such branches. Basic knowledge of RBI regulations and circulars for both specialized and normal branches is essential. 
• Initiating Verification: It is advisable to initiate verification related to non-financial areas before the year-end. This includes tasks such as documentation review, scrutinizing sanctioning terms, evaluating supervision and monitoring terms, and reviewing concurrent/internal audit and inspection reports.

Engagement and Quality Control Standards: 

• Establishing Quality Control System: Auditors and audit firms must establish a quality control system to ensure compliance with professional standards, regulatory requirements, and legal obligations. This system should include policies and procedures designed to achieve its objectives and ensure the appropriateness of reports issued by the firm or engagement partners. 
• Factors Influencing Quality Control Policies: The nature of quality control policies and procedures will vary based on factors such as the size, maturity, geographical location, type of work, and other operating characteristics of the auditor or firm. Compliance with SQC 1, “Quality Control for Firms that Perform Audits and Reviews of Historical Financial Information, and Other Assurance and Related Services Engagements,” is essential. 
• Importance of Standards on Auditing: The ICAI has issued Standards on Auditing that are mandatory for all auditors conducting financial statement audits. Understanding these standards is crucial for statutory branch auditors (SBAs) to fulfill their responsibilities diligently. 
• Focus on Planning and Documentation: In the context of statutory bank branch audits, proper planning and documentation are crucial aspects. SBAs should possess comprehensive knowledge of the bank’s business. 
• Study of Appointment Letter: The auditor should carefully review the Appointment Letter, considering all terms and conditions. This letter typically contains details about the appointment under the Banking Regulation Act, branch particulars, information about Statutory Central Auditors (SCAs), guidelines for the audit process, and procedural requirements for accepting the assignment. 
• Understanding RBI Guidelines and Circulars: SBAs should thoroughly read and study RBI circulars, master directions, notifications, and the Banking Regulation Act, 1949. This understanding is critical for executing the audit effectively. 
• Bank’s Closing Circular and Allied Laws: Along with the appointment letter, banks issue closing guidelines that cover the bank’s processes and policies. SBAs must have a basic knowledge of allied laws like the Indian Contract Act 1872, Negotiable Instruments Act 1881, and relevant Stamp Acts. 
• Internal Financial Controls over Financial Reporting (IFCoFR): SBAs need to be aware of the reporting requirements on IFCoFR, especially for Public Sector Banks. This includes understanding testing procedures for various controls, both at the Nationalised Banks’ branch level and through SCAs, as mandated by RBI from the Financial Year 2020-21. If a branch is selected for IFCoFR testing, the SBA must report on it. The Technical Guide on “Audit of Internal Financial Controls in case of Public Sector Banks” can be referenced for guidance.

Steps for Audit of Advances and NPA Related Matters: 

• Documentation of Test Check Criteria: SBAs are advised to document the criteria for test checks used for advance verification. They should create checklists based on RBI guidelines and ensure proper scrutiny of the entire process, including sanctioning, disbursement, review, renewal, and monitoring of advances. 
• Compliance with RBI Guidelines: Auditors should study the latest Income Recognition and Asset Classification (IRAC) Guidelines issued by RBI. The correct classification of advances into performing and non-performing categories must be verified through appropriate test checks. Any deviations in classification should be addressed, and a memorandum of changes issued if necessary. 
• Automation of IRAC Guidelines: The RBI has mandated the automation of income recognition, asset classification, and provisioning by banks. SBAs need to verify whether banks have fully implemented this automation, as per the RBI’s deadline, which was initially set for June 30, 2021, and later extended to December 31, 2021. 
• Checking Central Repository of Information on Large Credits (CRILC): For advances exceeding Rs. 5 Crores, the RBI requires checking the CRILC, which maintains a history of borrowers. This history provides insights into the borrower’s behavior and is essential for a comprehensive audit. 
• Central Fraud Registry (CFR) for Advances Below Rs. 5 Crores: For advances below Rs. 5 Crores, the RBI maintains the CFR, containing data on frauds reported by banks in India. Auditors should ensure that banks consult the CFR to assess the eligibility of borrowers and take timely action against fraudulent cases. 
• Verification of Review/Renewal Processes: SBAs should pay special attention to the review and renewal of advances, checking the availability of drawing power, examining restructured cases, and scrutinizing credit and debit summations in accounts. Daily stamping of Non-Performing Assets (NPAs), avoiding evergreening of loans, and thorough verification of these processes can reveal lapses in both individual accounts and control mechanisms at the branch level. All findings should be reported in the Long Form Audit Report.

Steps for Audit related to Cash, Housekeeping, Deposits, and Other Matters: 

1. Internal Controls on Cash Custody:

• SBAs should examine the internal controls governing the custody of cash. 
• Ensure strict adherence to the cash management policy of the bank. 
• Physically check the cash at the branch and attached ATMs. 
• Verify the rotation of duties among key management for effective operations. 
• Examine the prescribed limit for cash holding and compare it with the actual cash held by the branch throughout the year. 

2. Deposits: 

• Deposits are a significant component of the financial statements. 
• Verify interest accrued on deposits at year-end on a sample basis. 
• Focus on KYC (Know Your Customer), ReKYC, and Statement of Financial Transactions (SFT) reporting, ensuring compliance. 
• Verify interest paid on deposits in accordance with applicable rates.
• Pay special attention to unclaimed deposits, a high-risk area for fraud. 
• Thoroughly check withdrawals from inoperative deposit accounts, ensuring proper documentation to verify the legitimacy of the withdrawal. 

3. Other Assets and Liabilities: 

• Review the “Other Assets” and “Other Liabilities” sections in the financial statements. 
• Scrutinize old balances in ‘other assets’ and assess the required provisioning against them. 
• Examine the correctness of entries under these categories. 

Steps for Audit related to Financial Statements, Main Report, LFAR, and Special Considerations for Foreign Banks: 

1. Audit of Financial Statements: 

• Apply basic audit principles to check the financial statements. 
• Utilize analytical procedures like ratio analysis and comparative analysis. 
• Focus on key variances identified through analytical procedures. 
• Frame the audit opinion based on the audit process and examination of final financial statements. 

2. Compiling the Main Report & LFAR: 

• Ensure compliance with SA 700 (Revised), SA 705 (Revised), and SA 706 (Revised) in the audit report. 
• Report findings in the Audit Report based on the audit process carried out. 
• For public sector banks, private sector banks, and foreign banks, furnish a Long Form Audit Report (LFAR) as required by the terms of appointment. 
• Cover all aspects in both the main report and LFAR for comprehensive reporting. 
• Follow the specified matters by RBI in the LFAR and provide necessary and appropriate audit documentation. 

3. Special Audit Considerations for Foreign Banks: 

• Recognize unique challenges in auditing foreign banks operating in India. 
• Adapt audit procedures to the operational structure and regulatory environment of foreign banks. 
• Consider elements like management structure, centralized operational functions, global core banking software, compliance with foreign legal requirements, cross-border data flow, complex treasury operations, Basel III Regulatory Framework compliance, and operational processes. 
• Modify audit plan and procedures to address the specific nature of foreign banks’ operations in India. 

Bank Branch Audit Planning: 

1. Appointment of Auditors:

• ICAI invites CA firms for bank audits, and after verification, a list is submitted to RBI. 
• Banks appoint auditors from the approved list, and the final list is submitted to RBI for approval. 

2. Understanding the Business of Bank Branch: 

• Auditors must understand the bank branch’s activities, products, and Core Banking Solution (CBS). 
• Knowledge of SOPs, product policies, and an understanding of RBI guidelines are crucial. 
• Risk assessment based on business profile and understanding authority levels is essential. 

3. Audit Planning:

• Plan aligns with SA 300, involving a preliminary inquiry on the branch’s nature, size, and category. 
• Assess risks, apply materiality concepts (SA 320), and tailor audit plans for different branch categories. 
• Assess resource requirements, deploy staff with updated knowledge of banking laws and regulations. 
• Send a detailed requirement letter to the branch management for necessary information. 

4. Internal Financial Controls over Financial Reporting (IFCoFR):

• Reporting on IFCoFR is mandatory for Nationalised Banks from FY 2020-21. 
• SBA may need to report on IFCoFR if the branch is selected, requiring specific procedures during planning. 

5. Audit Procedures / Understanding Forms and Content of Financial Statements/Reporting: 

• Create a list of annual returns/certificates for verification, understanding underlying requirements. 
• Use analytical and substantive procedures to verify the true and fair view of financial statements (SA 520). 
• Certify closing forms and certificates, understanding their objectives and process. 
• Prepare final audit and Long Form Audit Reports, incorporating observations, procedures, and management responses. 
• Comply with pre-audit formalities (appointment letter, communication with previous auditor) before the actual audit. 

6. Management Representation: 

• Develop a mechanism to list specific representations relied upon during the audit. 
• Discuss these representations with branch management before finalizing the audit reports. 

Audit Documentation in Bank Branch Audit: 

Background: Audit documentation in bank branch audits is governed by SA 230, requiring auditors to adequately prepare and maintain records for audits of financial statements. The documentation aims to provide evidence of the auditor’s basis for conclusions, certifications issued, and observations included in the LFAR (Long Form Audit Report). 

Key Points: 

Planning and Risk Assessment: 

• Emphasizes the need for a detailed audit plan complying with SA 230. 
• Highlights the importance of understanding the business profile, core banking solutions (CBS), and authority levels. 
• Recommends consideration of changes in deposit, advances, and overall business mix during the audit period. 

Audit Strategy and Execution: 

• Stresses the importance of assessing risks, resource requirements, and compliance with banking laws and RBI guidelines. 
• Discusses the need for a comprehensive audit plan based on the type and nature of the branch (e.g., corporate, retail, rural).
• Advises the auditor to send detailed requirement letters and conduct preliminary meetings with branch management. 

Internal Financial Controls over Financial Reporting (IFCoFR): 

• Discusses the mandatory reporting on IFCoFR for nationalized banks from FY 2020-21. 
• Highlights that SCA (Statutory Central Auditors) report on IFCoFR based on testing controls, including branch-level testing by SBAs (Statutory Branch Auditors) in selected cases. 

Audit Procedures and Understanding Financial Statements: 

• Recommends thorough planning and documentation of audit procedures. 
• Emphasizes the importance of analytical procedures, substantive audit procedures, and setting materiality levels. 
• Lists various documents to be maintained, such as appointment formalities, audit plans, and working papers. 

Audit Documentation: 

• Stresses real-time documentation during the audit, which can be recorded on paper or electronically. 
• Provides an illustrative list of documents to be maintained, including appointment formalities, working notes, audit plans, and various certificates. 
• Highlights the importance of documentation related to planning, risk assessment, responses to assessed risks, and overall audit strategy. 
• Recommends documenting the design and effectiveness of controls, performing tests of controls, and evaluating IT-related controls. 

Assembly and Archival: 

• Emphasizes the timely preparation of audit documentation, including details of performers, dates, and reviews. 
• Encourages the documentation of audit procedures, results, and significant matters arising during the audit. 
• Stresses the importance of compliance with policies and procedures for assembly and archival of work papers within stipulated timeframes. 

In summary, effective audit documentation is essential for providing evidence of audit procedures, supporting conclusions, and ensuring compliance with auditing standards, legal, and regulatory requirements. The documentation process should be systematic, comprehensive, and in accordance with the principles outlined in SA 230.