Tax Management India. Com
Law and Practice  :  Digital eBook
Research is most exciting & rewarding
  TMI - Tax Management India. Com
Follow us:
  Facebook   Twitter   Linkedin   Telegram

TMI Blog

Home

AUDIT SHIFTS TO RISK BASED INTERNAL AUDIT (RBIA) IN BANKS – PART- 1

X X   X X   Extracts   X X   X X

→ Full Text of the Document

X X   X X   Extracts   X X   X X

..... AUDIT SHIFTS TO RISK BASED INTERNAL AUDIT (RBIA) IN BANKS – PART- 1 - By: - Dr. Sanjiv Agarwal - Other Topics - Dated:- 7-2-2014 - - What is RBIA Risk Based Internal Audit has been prescribed by Reserve Bank of India for implementation by the Banks. Under RBIA, Banks have shifted focus from prevailing system of full-scale transaction testing to risk identification, prioritization of audit areas and allocation of audit resources in accordance with the risk assessment. Banks have therefore, developed a well-defined policy, duly approved by the Board, for undertaking risk-based internal audit (RBIA). The policy includes the risk assessment methodology for identifying the risk areas based on which the audit plans are being formulated. Th .....

X X   X X   Extracts   X X   X X

→ Full Text of the Document

X X   X X   Extracts   X X   X X

..... e policy should also lay down the maximum time period beyond which even the low risk business activities BUs would not remain unaudited. The Risk-Based Internal Audit, inter-alia, undertakes risk assessment for the purpose of formulating the risk-based audit plan. The risk assessment would, as an independent activity, cover risks at various levels as also the processes in place to identify, measure, monitor, control and investigate the risks. Risk Assessment Risk Assessment can be defined as the "overall process of risk analysis and risk evaluation". Risk assessment has also been defined as " identification and analysis of relevant risks to achievement of the objectives, forming a basis for determining how the risk should be m .....

X X   X X   Extracts   X X   X X

→ Full Text of the Document

X X   X X   Extracts   X X   X X

..... anaged". [As defined by the Committee of Sponsoring Organizations (COSO) of the Treadway Commission]. Risk Assessment has three processes viz. risk identification, risk estimation and risk evaluation. The objective of the risk assessment process is to draw up a risk-matrix, taking into account both the factors viz, inherent business risks and control risks. The risk matrix appropriately places all the auditable branches or offices into one among the three categories of risk profiles - high, medium or low. The risk assessment process includes the following: a) Determine the vulnerability of each activity undertaken by BU. b) Identification of inherent business risks in various activities undertaken by the B/U b) Ev .....

X X   X X   Extracts   X X   X X

→ Full Text of the Document

X X   X X   Extracts   X X   X X

..... aluation of the effectiveness of the control systems for monitoring the inherent risks of the business activities (`Control risk ). c) Drawing up a risk-matrix for taking into account both the factors viz., inherent business risks and control risks. Once the risk matrix is prepared, a risk-based audit plan based on the risk profile of the BUs is prepared. This involves decision to be taken on the frequency, timing and the scope of the internal audit of the auditable BU. These decisions are based on the internal audit priorities and keeping in view the objective of internal audit function as a risk management tool. The risk-based internal audit plan as prepared by the internal audit function of the Bank is duly approved by the Chairma .....

X X   X X   Extracts   X X   X X

→ Full Text of the Document

X X   X X   Extracts   X X   X X

..... n/Audit Committee of the Board of Directors of the Bank. Objective of RBIA: The objective of RBIA is to provide independent assurance to the Bank s Board that: The risk management process which management has put in place within the Bank (covering all risk management processes at branches and other offices etc.) are operating as intended. These risk management processes are of sound design. The responses which management has made to risks which they wish to treat are both adequate and effective in reducing those risks to a level acceptable to the Board. A sound framework of controls is in place to sufficiently mitigate those risks which management wishes to treat. Thus the aims of RBIA are: a) An aid to necessary c .....

X X   X X   Extracts   X X   X X

→ Full Text of the Document

X X   X X   Extracts   X X   X X

..... hecks and balances in the system. b) Timely identification of potential risk concerns. c) Tool for effective risk management. d) Facilitate improvement in quality and content of procedures and MIS. Scope of RBIA The primary focus of risk-based internal audit will be to provide reasonable assurance to the Board and top management about the adequacy and effectiveness of the risk management and control framework in the Banks operations. While examining the effectiveness of control framework, the risk-based internal audit should report on proper recording and reporting of major exceptions and excesses. Transaction testing would continue to remain an essential aspect of risk-based internal audit. The extent of transactio .....

X X   X X   Extracts   X X   X X

→ Full Text of the Document

X X   X X   Extracts   X X   X X

..... n testing will have to be determined based on the risk assessment. Illustratively, the bank should undertake 100 per cent transaction testing if an area falls in cell "Extremely High Risk" of the risk matrix. The Bank may also consider 100 per cent transaction testing if an area falls in cell "Very High Risk" and the risks are showing an increasing trend. The Banks may also consider transaction testing with an element of surprise in respect of low risk areas which would be audited at relatively longer intervals. The scope of risk-based internal audit should also include a review of the systems in place for ensuring compliance with money laundering controls; identifying potential inherent business risks and control risks, if any; suggestin .....

X X   X X   Extracts   X X   X X

→ Full Text of the Document

X X   X X   Extracts   X X   X X

..... g various corrective measures; and undertaking follow-up reviews to monitor the action taken thereon. Advantages of Risk-based Internal Audit The advantages of risk-based approach of the internal audit function in Banks are as follows: It appropriately defines the audit universe and identifies the auditable branches within the Bank for which these analyses would be carried out. It assists the management in identification of appropriate risk factors to reflect the managements concerns. It results in development of an appropriate format for evaluating risk factors so that the more important risk factors play a more prominent role in the risk assessment process than less important risk factors. It develops a combination rule .....

X X   X X   Extracts   X X   X X

→ Full Text of the Document

X X   X X   Extracts   X X   X X

..... for each branch, which will properly reflect its riskiness over several risk factors that have been identified and a method of setting up audit priorities for the branches. It results in appropriate audit coverage plan, which provides a roadmap for the management of internal audit staff skills so that they are available to carry out audits of appropriate scope when they are needed the most. This risk-based internal audit results in a process oriented audit with a risk management perspective, which gives advice to management on the steps to be taken for effective risk management on a bank-wide basis. RBIA Implementation The risk assessment tool / format consist of five broad categories as per details below: a) Credit Risk .....

X X   X X   Extracts   X X   X X

→ Full Text of the Document

X X   X X   Extracts   X X   X X

..... b) Operational Risk c) Earning Risk d) Deposit Risk e) Branch Management Risk Each of these categories is further divided into sub-categories, wherein various risk parameters are described and score of the branches in all these categories is worked out to indicate the level of risk ( very low, low, medium , high, very high). The risk scores assigned by the auditor are then reviewed to arrive at the final risk scores and composed matrix of the BUs. The risk assessment of branches on the basis of business and control risk scores may be categorized as under: Risk Score Level of Risk 00 01 Very .....

X X   X X   Extracts   X X   X X

→ Full Text of the Document

X X   X X   Extracts   X X   X X

..... Low Risk 01 02 Low Risk 02 03 Medium Risk 03 04 High Risk 04 05 Very High Risk On receipt of these reports at concerned quarters, the follow up action shall be initiated for rectification of irregularities covered in the report and in addition analysis of the risk factors / scores assigned to various segments of branches is done for taking corrective action. (To be continued ..) - - Scholarly articles for knowledge sharing authors experts professionals Tax Management India - ta .....

X X   X X   Extracts   X X   X X

→ Full Text of the Document

X X   X X   Extracts   X X   X X

..... xmanagementindia - taxmanagement - taxmanagementindia.com - TMI - TaxTMI - TMITax .....

X X   X X   Extracts   X X   X X

→ Full Text of the Document

X X   X X   Extracts   X X   X X

 

 

 

 

Quick Updates:Latest Updates