“Internal Auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps and organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes” -The Institute of Internal Auditors
The soundness of the Banking System in any country is a major indicator of the economic strength of that country. The emergence of a robust banking system contributes to the economic development of a country. Banking system in the world undergoing substantial ups and downs especially in the last decade and India is also not an exception. One has to appreciate the strength and the manner in which the banking system in India has withstood the pressures. The credit for this sustenance goes to all those who were controlling and managing the banking system during this turbulent period.The Audit of banks has played a major role in assisting the Regulators to supervise the entire banking system in the country even through these difficult times.
Audit is an Independent Management Function, which involves a continuous appraisal of the functioning of entity’s Strategic Risk, Management Risk and Internal Control System. The prime responsibility of the internal audit function is towards the Top Management. In liberalized environment, its role is much wider. It owes greater responsibility towards shareholders, depositors and regulators.
BANKING STRUCTURE IN INDIA
The structure of banking system in India is created keeping in mind the country’s unique geographic, social and economic characteristics. The role of central banking in India is taken care of by the Reserve Bank of India, which in 1935 formally took over these responsibilities from the then Imperial Bank of India. The Reserve Bank was nationalized in 1947. It is responsible for development and supervision of the constituents of Indian financial system which comprises of banks and other non-banking financial institutions. Indian Banking system can be displayed in a structure as shown in Fig 2.
There is a comprehensive legal system which governs and deals with the banking system in the country. The major laws governing the banking operations and activities in the country are given illustratively below.
- The Reserve Bank of India Act,1934
- Banking Regulation Act, 1949
- State Bank of India Act, 1955
- The Companies Act, 1956
- State Bank of India (Subsidiary Banks) Act, 1959
- Banking Companies (Acquisition and Transfer of Undertakings) Act, 1970
- Regional Rural Banks Act,1976
- Banking Companies (Acquisition and Transfer of Undertakings) Act, 1980
- Information Technology Act, 2000
- Prevention of Money Laundering Act, 2002
- Securitization and Reconstruction of Financial Assets and Enforcement of Security Interest Act,2002
- Credit Information Companies Regulation Act,2005
BANKING BUSINESS- CHANGING ORIENTATION
The primary business of banking is to accept deposits and to do lending and investment activities. However, the competition amongst the Banks coupled with technology thrust has pushed banks to look into various additional activities.Many banks also create outfits to provide Merchant Banking facilities to various clients. The Internationalisation of banking operations also throws lot of challenges for the banks and these are converted into opportunities by many banks. Banks have started doing cross-selling of products so as to stabilize interest income and to enhance fee income. Thus, the focus of banking business has been changing rapidly in the past few years. This has resulted in changing the focus of banking operations. Naturally the risks in business of banking have also to be evaluated under the new environment in which banks are operating.
OBJECTIVES OF BANK AUDIT
The main aim of Audit and Inspection is to-
- To check whether the activities of the bank are compliant to laid down procedures, instructions, systems of bank based on regulatory/statutory/ internal guidelines.
- Monitor adherence to internal controls- both administrative and accounting controls
- Help improving control system of bank
- Help bank to improve the effectiveness of Risk Management, control and Governance process by brining a systematic disciplined approach
- Finally, establishing transparency in banking business for a greater good of all stakeholders
TYPES OF BANK AUDIT
Banks’ Audit has two-way system where banks have their own internal audit systems as well as banks are also audited by external auditors. Where internal audit is done by an independent audit department of banks, external audit is done majorly by specialized people like C.A, Advocates, Engineers, professionals appointed by regulators etc. Fig 3. gives an idea about the type of audits in banks. Though it is not exhaustive, it gives a fair amount of idea about Audit Function in Indian Banks.
CONCERNS IN BANK AUDIT
The change of Business orientation in banks has resulted in complex products, procedures, technologies, skill mix of human resource, etc. The established practices of Audit are now not sufficient enough to deal with the increasing complexity. In last few years, banking in India has seen a lot of very high value frauds, procedural lapses, monitoring failure, which directly or indirectly shows the inefficiency and ineffectiveness of audit systems.This all has put a dent on the image of Audit functions and Auditors. There are lot of concerns in bank audit but we will take only four major concerns-
1. Technical Competence
Banking growth in India is riding the technology wave. Technology is advancing leap and bound, so is the use of it in banking sector. Banks are not only using the technology-based products, but use of technology in internal management like accounting practices, data management, information and reporting system etc. has also gone a long way. Many time, internal and external auditors are finding themselves unable to deal with the requirement of technology to complete the audit procedure. Auditor, as a profession was supposed to have the knowledge of rules, regulations, laws, standards, procedures etc. to check the adherence of the same, but now technological competence is one of most important skills to have. External auditors are primarily not accustomed to use bank systems and softwares, so they get dependent on management for information required for audit. Moreover, different banks are using different technologies, so it is not easy to acquire diverse technical competence. Internal Auditors are more competent in dealing with internal technology of bank, but now a days banking has emerged as sea of diverse and complex products and services. Internal Auditors are also finding themselves in trouble to cope up with diversity and advancement of technology.
There are lot of examples to establish this, but the classic case of Nirav Modi Incident seems to be more appropriate because it is widely known. The auditors could not judge the procedure lacuna because there was no technological integration between two softwares being used. The auditors were also dependent on the people for information who were the main culprits. The technical competence of auditors could have detected the lapses in time.
2. Adapting to new strategies
Diminishing Margins also are leading banks to look for opportunities to diversify their business strategies. New revenue streams are being identified and implemented. But every new revenue stream and business strategy requires new operational and support functions and opens up new categories of risk that must be assessed, controlled, and managed. One of the main responsibilities of the auditor is to actively assess how a new business line or product will affect the institution’s risk parameters and to assess how those parameters can be addressed effectively and efficiently. In fast pace world, sometimes till auditors find out the risk parameters and controls, the damage is already done.
- Reallocation of Audit Resources
Pressure on bottom-line of banks is compelling them to curtail expenses and resources spent of audits are also under pressure. Banks are reassessing the cost-effectiveness of all the departments and processes and sometimes they are not infusing resources required by audit system. Audit system which must evolve to cop-up with new products, strategies, technologies and increased regulatory requirements, and this required resources. Traditional audit system may not be effective in current scenario.
Apart of this, internal allocation of resources in audit department also needs to be rationalized. Traditional approaches here also will not give results. Deployment of audit resources as per the complexity, importance and quality need more scientific approach.
- Knowledge Deficiency
Indian banking industry is still in evolving stage. Everyday there is a new challenge and there is a new solution to the problem. Regulators, Government, Management are coming up with new rule, regulations, policies and guidelines every other day. Being in service industry, banks are supposed to maintain highest level of standards. Financial business demands absolute transparency. Audit department is supposed to shoulder the responsibility to check the compliance of all the rules, regulations, standards, policies, that’s why they need to have thorough knowledge of all. It is like to be king of all traits which is every extraordinary demand of profession. Above on that, there is no relaxation time because of compulsion of regular updating. To cater the need of customers, a branch or business outlet is providing variety of services, and an auditor or couple of auditors need to check all the compliances in limited time. So, knowledge gap which if any, may defeat the purpose of audit and inspection activity.
MEASURES TO RISE ON THE OCCASION
In this environment, audit department and auditors are being challenged to meet a higher standard regarding their understanding of their organization’s risk profile and often must adapt new approach to reflect changing business priorities. The magic words to overcome the challenges is: UPDATE, UPDATE and UPDATE.
Regular updating of knowledge, skills, attitude is the key to establish the image of Audit and inspection again functions for which it was known for. Technology which is a challenge, is the solution also. Technology can compensate the human shortcomings.
- Audit department need to come out of their silo or mindset of reading the policies and then verifying compliance against it. Need of the hours is to be proactively part of policy, rule, regulations formations process. It will reduce the time gap between policy implementation in work and verification of compliance. Managements and regulators have higher responsibilities to initiate the same.
- Mapping of skills of audit personal is required. All the competencies and specializations should be mapped at a place and then work to be done to fine tune them as per the need of organization and regulators.
- Rationalization of resources in audit and inspection department is also required. We need to understand like a teacher can not teach all the subjects, same way an auditor can not check all the parameters. Diverse specialized people are required in audit department and their skills need to be utilized as per the need of audit of a business unit. While allotment of work of audit, logical allotment as per mapped skills is very much needed.
- Regular training of auditors is also required to keep auditors updated in latest knowledge, skill and attitude. Auditors need to maintain highest level of standards regarding rules, regulations, policies and their implementation part also, they are most eligible people for regular trainings.
- Finally, accountability of auditors is also required to be fixed to maintain the standards which tends to dilute if not kept under continuous check. So audit of auditors is also need implemented.
With globalization and increasing complexity of financial system, sound audit and inspection is vital for stable financial system. Auditors are required to update and upgrade their knowledge, skill & attitude. Tomorrows auditor need to be more professional, qualified, impartial, ethical and value driven. He/she need to have awareness and foresight to be critical yet constructive challenger, with a clear focus on greater good of all stakeholders.