Bank Audit – Special Considerations | Key Procedures | Best Practices

A Bank Audit is a systematic, unbiased examination of a bank’s financial records, internal controls, and operational processes. It ensures compliance with statutory regulations (like the RBI guidelines in India), verifies the accuracy of financial statements, and assesses the effectiveness of risk management systems. Because banks handle large-scale transactions and rely heavily on technology, a bank audit places special emphasis on IT security, fraud detection, and money-laundering safeguards. By identifying potential weaknesses and recommending improvements, a bank audit upholds the institution’s financial integrity and strengthens public confidence in the banking sector.

Table of Contents

1. Introduction and Legal Framework
2. Conducting a Bank Audit
3. Internal Control Procedures in Bank
4. Verification of Statutory Liquidity Ratio (SLR)
5. Verification of Investments
6. Verification of Advances
7. Verification of Other Assets
8. Verification of Capital and Liabilities
9. Reporting Requirements
10. Concurrent Audit

Check out Taxmann's Audit Notes | Advanced Auditing Assurance & Professional Ethics | Audit | CLASS NOTES which is printed on premium glossy paper with a multi-coloured layout for an engaging and durable reading experience. It features a clear, font-optimised design for comfortable, long study sessions. The concise, point-wise format ensures efficient learning and quick revision, while flowcharts and visual aids break down complex topics. The key concepts are emphasised with yellow points for basic understanding and red points for high-priority exam content, making this book a comprehensive and user-friendly study tool.

CA Final | New Syllabus | Nov. 2025 Exams

1. Introduction and Legal Framework

1.1 Need for Special Audit Considerations in Bank Audit

Special audit considerations arise in the bank audit because of –

1. Particular nature of risks associated with the financial transactions;
2. Voluminous scale of banking operations and the resultant significant exposures;
3. Extensive dependence on IT for process of transactions;
4. Various statutory and regulatory requirements; and
5. Continuing development of new products, services & banking practices which may not be matched by concurrent development of a/cing principles & auditing practices.
6. Evolution of technology and providing services through Net Banking and Mobiles has exposed banks to huge operational and financial risk.

1.2 Audit of Accounts & Appointment of Auditor

• Sec. 30(1) of Banking Regulation Act – B/S and P & L account of banking company should be audited by a person duly qualified to be an auditor of companies.
• Most banks, appoint 4 or more firms of CAs to act jointly as St. central auditors.
• Matters covered in Appointment Letter –

1. 1. Period of appointment.
   2. Particulars of other central auditors.
   3. Particulars of previous auditors.
   4. Procedural requirements to be complied with in accepting the assignment.
   5. Statement of division of work and review and reporting responsibilities amongst joint auditors in case of nationalised banks.
   6. Scope of assignment which includes any special reports or certificates to be given by the SCAs in addition to the main report.

• Authority appointing the Auditors –

1. 1. Auditors of Banking company – at AGM of shareholders (with approval of RBI).
   2. Auditors of Nationalised bank – by concerned bank acting through its BOD (with approval of RBI).
   3. Auditors of SBI – appointed by CAG in consultation with C.G.
   4. Auditors of RRBs – appointed by concerned bank with approval of C.G.

2. Conducting a Bank Audit

2.1 Stages in Conducting a Bank Audit

Stage I – Initial Considerations – Initial Considerations include considerations of –

1. Acceptance & Continuance
2. Declaration of Indebtedness
3. Internal Assignments in Banks by Statutory Auditors
4. Terms of Audit Engagements
5. Communication with Previous Auditor
6. Establish Engagement Team

Stage II – Understanding business operations – Auditor is required to obtain understating of –

• Bank, its Environment including Internal Control; Accounting Process
• Risk Management Process

Requirements of effective risk management system in a bank –

• Oversight by TCWG – Risk Management policies should be approved by TCWG ensuring that policies are consistent with bank’s business objectives & strategies, capital strength, management expertise, regulatory requirements & acceptable risk.
• Identification, measurement & monitoring of risks – Risks that may significantly affect achievement of bank’s goals and objectives should be identified, measured and monitored against pre-approved limits and criteria.
• Control activities – Banks must have controls to manage its risks, including –

1. 1. effective segregation of duties,
   2. verification and approval of transactions,
   3. setting of limits, and
   4. reporting and approval of exception.

• Monitoring activities – Risk management unit should be set up which regularly assess risk management models, methodologies and assumptions used to measure and manage risk.
• Reliable information systems – Banks must have a reliable information system that provide adequate financial, operational and compliance information on a timely and consistent basis to management and TCWG.

Stage III – Risk Assessment – Auditor is required to identify and assess following risk –

• Risks of Material Misstatements
• Risk of Fraud including Money Laundering
• Specific Risks
• Risk Associated with Outsourcing of activities

Stage IV – Execution – Execution stage considers the following –

• Engagement Team Discussions
• Response to the Assessed Risks
• Establish the Overall Audit Strategy
• Audit Planning Memorandum
• Determining Audit Materiality
• Appropriateness of Going Concern

Stage V – Reporting – Issue of Main report and Other Reports/Certificates

2.2 Special Considerations in CIS Environment

• Information to be shared by Banks with Auditors –

1. 1. Overall IT policy, structure and environment of Bank’s IT system.
   2. Data processing and data interface under various systems.
   3. Data integrity and data security.
   4. Business Continuity plans and disaster control plans.
   5. Accounting manual & critical accounting entries & their processes.
   6. Controls over key aspects, expense booking, overdue identification etc.
   7. Controls on recording of various e-banking & internet banking products.
   8. MIS reports being generated and their periodicity.
   9. Major exception reports and process of generation including embedded logic.
   10. Process of generating various information related to various disclosures in F.S.

• Review of IT Environment –

1. 1. Overall review of IT environment & accounting system is taken at HO level.
   2. Branch auditors generally do not have access to IT policy & processes.
   3. Based upon guidance & information received from SCAs, branch auditors need to ensure that data review & analysis through CBS is carried out & TOCs & substantive checking is carried out at branch level & results shared with SCAs.

• Key security control aspects that an auditor needs to consider –

1. 1. Ensure authorised, accurate and complete data is made available for processing.
   2. Ensure in case of interruption due to power, mechanical or processing failures, system restarts without distorting the completion of the entries and records.
   3. Ensure that system prevents unauthorised amendments to the programmes.
   4. Ensure that access and authorisation rights given to employees are appropriate.
   5. Verify that segregation of duties is ensured while granting system access to users.
   6. Verify that changes made in the parameters or user levels are authenticated.
   7. Verify that exceptional transaction reports are being authorised and verified.
   8. Verify that the account master and balance cannot be modified/amended/altered except by the authorised personnel.
   9. Verify that balance in general ledger tallies with the balance in subsidiary book.

2.3 Risk-based Internal Audit

Risk-based Internal audit is conducted based upon risk assessment of business and control risks of branches. The risk assessment process includes –

• Identification of inherent business risks in various activities undertaken by branches (Business risk).
• Assessment of effectiveness of control systems for monitoring inherent risks of business activities of branch (Control risk).
• Making an assessment of level and direction of various risk areas and assess level and direction of overall business risk and control risk.
• Drawing up of risk matrix taking into account factors viz. Risk of branch.

3. Internal Control Procedures in Bank

3.1 General Controls

1. Staff & officers of bank should be shifted from one position to another frequently and without prior notice.
2. Work of one person should be checked by another person.
3. Responsible officer should be given possession of demand drafts, cheque books etc.
4. Signature book should be kept with a responsible officer.
5. Take insurance policies against loss and employee’s infidelity.
6. Mngt structure should be clearly drawn; rights and duties should be properly understood.

3.2 Cash

1. Cash should be kept in joint custody of atleast two responsible officers.
2. Surprise checking should be conducted.
3. Cashier should not have access to customer’s ledger accounts and the day book.
4. Payments should be made only after vouchers have been passed by a proper officer.
5. Receipt and payment scrolls (memoranda books maintained by the cashier) should be compared with the cash column of the day book by an independent person.
6. Limits on the payment powers of the teller should be laid out.

3.3 Clearings

1. Under Cheque Truncation System (CTS), an electronic image of cheque is transmitted to paying branch through clearing house, along with information like data on MICR band, date of presentation, presenting bank, etc. This effectively eliminate associated cost of movement of physical cheques, reduces time required for their collection.
2. As per RBI guidelines, branch is required to either call customer or email him for any cheque received for amount of ₹ 5 lakh and above in respect of inward clearings.
3. Check whether signature of drawer of cheque is being verified by staff or not.
4. Unpaid cheques received in outward clearing should be either sent to customers at their recorded address or customers be informed to collect the same from bank branch.

3.4 Bills for Collection

1. All documents accompanying bill should be received & entered in register by officer.
2. Accounts of the principals should be credited only after realisation of the bill.
3. Ensured that bills sent by one branch to another branch are not included twice in B/S.

3.5 Bills Purchased

1. Verify that all documents of title are properly assigned to the bank.
2. Sufficient margin should be kept while purchasing or discounting of a bill.
3. All irregular outstanding accounts should be periodically reported to the head office.
4. Proportionate income should be recognised in case of o/s bill purchased.

3.6 Loans and Advances

1. Advances should be made only after evaluating creditworthiness of borrowers & obtaining sanction from the proper authorities of the bank.
2. All loan documents should be executed by the parties before advances are made.
3. Sufficient margin should be kept against securities taken.
4. Securities should be received and returned by responsible officer and should be kept in joint custody of atleast two responsible officers.
5. Securities requiring registration should be registered in the name of the bank.
6. Personal inquiries should be made so as to determine market value of goods.
7. For any increase/decrease in value of securities, drawing power should be adjusted.
8. All irregular accounts should be brought to the notice of the H.O. regularly.
9. Operation in each advance should be reviewed at least once every year.
10. There should exist a proper system for post disbursement supervision and follow-up.
11. Classification of advances should be made as per RBI Guidelines.
12. Ensure that funds disbursed should be utilized only for purpose for which advances has been granted.

3.7 Demand Drafts

1. Signatures on a DD should be checked by an officer with the Signature Book.
2. All DDs issued should be immediately confirmed by the advices to the paying branch.
3. If paying branch does not receive proper confirmation from issuing branch or not receive credit in its account, take immediate steps to ascertain the reasons.

3.8 Credit Card Operations

1. There should be effective screening of applications with reasonably good credit assessments.
2. There should be strict control over storage and issue of cards.
3. There should be a system whereby a merchant confirms status of unutilised limit of a credit card holder from bank before accepting the settlement in case the amount to be settled exceeds a specified percentage of the total limit of the card holder.
4. There should be system of prompt reporting by merchants of all settlements accepted by them through credit cards.
5. Reimbursement to merchants should be made only after verification of the validity of merchant’s acceptance of cards.
6. All the reimbursements should be immediately charged to the customer’s account.
7. There should be a system to ensure that statements are sent regularly and promptly to the customer.
8. There should be a system of monitor and follow-up of customers’ payments.
9. Items overdue beyond a reasonable period should be identified and attended to carefully.
10. There should be a system of periodic review of credit card holders’ accounts. On this basis, the limits of customers may be revised, if necessary.

4. Verification of Statutory Liquidity Ratio (SLR)

SCAs are required to verify compliance of SLR on 12 odd dates in different months of a FY not being Fridays. Resultant report is to be sent to mngt of bank & and to RBI. SCAs has to examine two aspects –

1. Correctness of the figure of the Demand and Time Liabilities (DTL), and
2. Maintenance of prescribed percentage of liquid assets.

4.1 Audit Approach and Procedure

1. Obtain understanding of relevant circulars of the RBI so as to ascertain items to be included in composition of DTL.
2. Request branch auditors to verify correctness of trial balances and examine cash balance at branch on the selected dates.
3. Examine, on test basis, consolidations regarding DTL position prepared by H.O. with reference to returns received from branches.
4. Examine composition of items of DTL as per circulars/instructions of RBI.
5. Examine whether consolidations prepared by bank include info. of all branches.
6. Examine whether balances in Branch Adjustment Accounts of foreign branches have been taken into account in arriving at net balance in Branch Adjustment Accounts.
7. Considerable part of info. required by SCA for reporting on compliance with SLR flow from branches. It is suggested that info. pertaining to branches within a region may be consolidated at regional level and concerned auditor should verify same & report on it. Auditor at central level should apply audit procedures to consolidation prepared for bank as a whole. Where such a procedure is followed, SCA should adequately describe the same in his certificate.
8. Specify number of unaudited branches and a statement that auditor has relied on the returns received from the unaudited branches in forming his opinion.

4.2 Items to be Excluded in DTL

1. Paid up capital, reserve, credit balance in P&L A/c, loan taken from RBI & amount of refinance taken from EXIM Bank, NHB, NABARD, SIDBI.
2. Bills discounted by a bank with eligible financial institutions as approved by RBI.
3. Net Income tax provision
4. Amount received from DICGC towards claims held by banks pending adjustments thereof.
5. Amount received from ECGC by invoking the guarantee
6. Amount received from insurance companies for adhoc settlement of claims pending judgement of court.
7. Amount received from court receiver.
8. Net unrealized gain/loss arising from derivatives transactions under trading portfolio.
9. Income received in advance like annual fees & other charges which are not refundable.
10. Liabilities arising on utilisation of limit under ‘Bankers’ Acceptance Facility’ (BAF).
11. Part recoveries from the borrowers in respect of debts considered bad & doubtful.
12. Amounts received in Indian currency against import bills & held in sundry deposits pending receipts of final rates.
13. Unadjusted deposits/balances lying in link branches for agency business. For example – dividend warrants, refund of application money, etc.
14. Margins held and kept in sundry deposits for funded facilities.

4.3 Items to be Included in DTL

1. Net credit balance in branch adj accounts including those relating to foreign branches.
2. Interest accrued on deposits should be calculated on each reporting fortnight, whether or not such interest is accounted for in books of accounts.
3. Cash collaterals received under collateralized derivative transactions as these are in the nature of ‘outside liabilities’.
4. Borrowings from abroad needs to be considered as ‘liabilities to other’.
5. Reconciliation of Nostro accounts needs to be scrutinized to ascertain if any inwards remittances are received on behalf of customers and have remained unaccounted bank.

4.4 Exempted Items

While examining computation of DTL, specifically examine details of exempted categories –

1. Min. Eligible Credit (EC) & o/s Long-Term Bonds (LB) to finance Infrastructure loans & affordable housing loan, as per RBI Circular.
2. Eligible amount of incremental FCNR(B) & NRE deposits of maturities of >3 years.
3. Banks should convert foreign exchange assets/liabilities (including borrowings) in USD, GBP,  JPY & Euro into INR at RBI reference rate. For other currencies consider New York rate for conversion into USD.
4. As per RBI Circular on “Maintenance of CRR/SLR on Foreign Currency Assets/Liabilities – Reference rate for INR/USD & exchange rate of other major currencies”, for conversion of foreign Currency Assets/ Liabilities reference rate from FBIL should be taken. If that is not available, banks may continue to use New York closing rate for conversion of such currency into USD.

5. Verification of Investments

5.1 Audit Procedure for Verification of Investments

• Internal Control Evaluation and Review of Investment Policy –

1. 1. Examine the internal controls to ensure whether it is as per RBI guidelines.
   2. Review investment policy to ascertain that it conforms to RBI’s guidelines.

• Separation of Investment Functions –

1. 1. Examine whether the bank is maintaining separate accounts for investments made by it on their own Investment Account and on PMS client’s.
   2. As per RBI guidelines, banks are required to get their investments under PMS separately audited by external auditors.

• Physical Verification –

1. 1. Verify investment scrips physically at close of business on the date of the B/S.
   2. Verify investments held with public debt office of RBI, custodians and depository with the statement of holdings as on date of balance sheet. Independent balance confirmation requests can be made in accordance with SA-505.
   3. In respect of BRs issued by other banks and on hand with the bank at the year-end, auditor should examine confirmations of counterparty banks about such BRs.

• Examination of classification and shifting –

1. 1. Examine that entire investment portfolio of bank is classified under HTM, HFT and AFS and shifting of securities is as per regulatory norms.
   2. Examine whether the shifting of the investments from “Available for sale” to “Held to maturity” is duly approved by the Board of Directors of the bank.

5.2 Special Purpose Certificates Relating to Investments

Pursuant to RBI’s circulars, issued from time to time, banks require their central auditors to issue the following certificates regarding investments of the bank –

1. Certificate on reconciliation of securities (both on its own Investment Account as well as PMS client’s account). Reconciliation is to be presented in a given format.
2. Certificate on compliance by the bank in key areas of prudential and other guidelines relating to such transactions issued by the RBI.

5.3 Review of Investment Portfolio

• Banks should undertake half-yearly reviews (as of 30th September and 31st March) of their investment portfolio.
• These reviews should not only cover operational aspects of investment portfolio but also clearly indicate amendments made to investment policy & certify adherence to laid down internal investment policy and procedures and RBI guidelines.
• Internal auditors to separately conduct concurrent audit of treasury transactions and the results of their report should be placed before the CMD once every month.

5.4 Income Recognition Norms – Investments

1. Performing Investments – Income may be booked on accrual basis provided interest rates on these instruments are pre-determined.
2. Income on NPI – Income on NPI should be recognized on realisation.
3. Dividends – On Shares of Corporate Bodies can be booked on accrual basis, if has been declared by AGM and Shareholder’s right to receive payment is established.
4. Units of MFs – Income should be accounted for only on cash basis.

6. Verification of Advances

6.1 Audit Approach

Auditor is primarily concerned with obtaining evidence about the following –

1. Amounts included in B/S in respect of advances are outstanding at the date of B/S.
2. Advances represent amounts due to the bank.
3. Amounts due to the bank are appropriately supported by loan documents.
4. There are no unrecorded advances.
5. Basis of valuation of advances is appropriate and properly applied.
6. Advances are disclosed & classified in accordance with recognized accounting policies.
7. Appropriate provisions towards advances are made as per RBI norms.

6.2 General Audit Procedure

(i) Evaluation of Internal Control

1. Examine area of credit appraisal;
2. Examine advances are sanctioned according to delegated authority;
3. Examine all loan documents have been executed before disbursals are made;
4. Examine compliance with stipulated terms of sanction and end use of funds;
5. Examine existence, enforceability and valuation of securities;
6. Examine the validity of the recorded amounts;
7. Review operations of the accounts and look for adverse;
8. Examine whether system for review/renewals of advances is being followed;
9. Review whether drawing power is being calculated properly;
10. Ensure compliance with Loan Policy of Bank as well as prudential norms of RBI.

(ii) Substantive Audit Procedure

1. Verify correctness of master data of loan accounts updated in CBS.
2. Verify that each customer is tagged under single cust id for all accounts.
3. Examine all large advances; other advances may be examined on sample basis.
4. Examine accounts identified to be problem accounts not yet slipped into NPA.
5. Examine accounts which have been adversely commented upon by concurrent auditors/bank’s internal inspection/RBI inspection team.
6. Examine list of restructured a/c to ensure compliance with RBI guidelines.
7. Examine quick/early mortality accounts. Any advance, slippage to NPA within 12 months of its sanction is called as quick/early mortality case.
8. Verify completeness and accuracy of interest being charged.

(iii) Examination of Recoverability

1. Review periodic statements submitted by the borrowers.
2. Review latest financial statements of borrowers.
3. Review reports on inspection of security.
4. Review auditor’s reports in case of borrowers having credit facilities from the banking system beyond a cut-off limit fixed by board of directors of bank.

6.3 Audit Procedure in Special Cases

(i) Asset Classification

1. Verify whether bank has a system of ongoing identification and classification of advances through CBS without manual intervention & its accuracy in crystallising date of NPA.
2. Examine appropriateness of classification made by the branch.
3. Examine whether secured and unsecured portions of advances have been correctly segregated.
4. Review & compare date of NPA of loan accounts mentioned in current year statements with that of PY. Reasons for any change should be ascertained.

Notes – 

1. Accounts regularised near B/S Date – Where it appears that an a/c has inherent weakness & few credits near B/S tries to make it regular, a/c should be classified as NPA. If account has been regularised by payment of overdue amount through genuine sources, the account need not be treated as NPA.
2. Where, subsequent to repayment by the borrower (which makes account regular), branch has provided further funds to the borrower, auditor should carefully assess whether the repayment was out of genuine sources or not.
3. In case of consortium advances, asset classification should be based on the record of recovery of individual member banks.

(ii) Drawing Power (DP) Calculation

1. Ensure that DP is calculated as per the BOD guidelines of the respective bank and agreed upon by the concerned statutory auditors.
2. Ensure that due consideration has been given to proper reporting of sundry creditors and stocks covered under LCs/guarantee.
3. Ensure that bank has conducted stock audit for all accounts having exposure of more than stipulated limit. Review report submitted by stock auditors & consider the comments on valuation of security and calculation of drawing power.
4. Special focus needs to be given in examining the DP calculation in case of working capital advances to companies engaged in construction business.

(iii) Accounts with Temporary Deficiencies

1. Banks should not classify advance account as NPA merely due to existence of some deficiencies which are temporary in nature such as non-availability of DP based on latest available stock statement, balance o/s exceeding limit temporarily and non-renewal of limits on the due date.
2. Stock statements relied upon by banks for determining DP should not be older than 3 months.
3. O/S in account based on DP calculated from stock statements older than 3 months are considered as irregular.

(iv) Limits not Reviewed

1. As per RBI norms, accounts where regular/ad hoc limits are not reviewed within 180 days from due date/date of ad hoc sanction, need to be classified as NPA.
2. Auditors should ensure that the ad hoc sanctions are not done on repetitive basis.

(v) Asset Classification to be Borrower Wise and Not Facility Wise

1. Ensure that classification is borrower wise & not facility wise. All facilities to borrower to be treated as NPA & not particular facility which become irregular.
2. Further, if debits arising out of devolvement of LC or invoked guarantees are kept in separate account, o/s balance should be treated as part of borrower’s principal account for applying prudential norms.

(vi) Government Guaranteed Advances

• Credit facilities backed by C.G. guarantee though overdue should be treated as NPA only when govt repudiates its guarantee when invoked. It is only for purpose of asset classification & provisioning & not for recognition of income. Interest on such advances should not be taken to income account unless it has been realized.
• Credit facilities backed by S.G. guarantee – classified as NPA in normal way.

(vii) Agricultural Advances/Loans

1. To ensure that NPA norms have been applied in accordance with crop season as determined by the State Level Bankers’ Committee in each State.
2. To ensure that NPA norms on basis of crop season are made applicable to all direct agricultural advances listed in Master Circular.
3. To ensure that in respect of agricultural loans (other than priority sector), identification of NPAs has been done on same basis as non-agricultural advances.

Notes –

• Agricultural advances classified as NPA if interest and/or Instalment is overdue

1. 1. for two crop seasons, in case loans granted for Short Duration crops,
   2. for one crop season, in case loans granted for Long Duration crops.

• Long duration crops mean the crops with crop season > 1 year.
• Short Duration Crops means the crops, other than long duration crops.

(viii) Restructured Advances

1. 1. Restructuring is an act in which a lender, for economic or legal reasons relating to borrower’s financial difficulty, grants concessions to the borrower.
   2. It may involve modification of terms – alteration of instalments, alteration of repayment period/ROI/sanction of additional credit facilities etc.
   3. Auditor should verify compliance with requirements of circular issued by RBI.
   4. Banks may restructure accounts classified as standard, sub-standard or doubtful.
   5. Banks cannot restructure accounts with retrospective effect.
   6. Once the bank receives an application for restructuring, it implies that account is intrinsically weak. During the time, account remains pending for restructuring, the auditors need to take a view whether provision needs to be made in respect of such accounts, pending approval for restructuring.
   7. On restructuring, the account will be downgraded from Standard to sub-standard. NPAs will remain in the same category.

(ix) Upgradation of Account

1. 1. Examine all accounts upgraded from NPA to standard category during the year, to ensure that upgrading is strictly in terms of RBI guidelines.
   2. There can be a possibility of incorrect upgradation on basis of partial recoveries made in the account and overdue portion might not have wiped out completely.
   3. There can also be a possibility of recoveries being made in the account after cut-off date and account being upgraded as on date of balance sheet.

(x) Verification of Sale/Purchase of NPA

• General verification points – Auditor should examine the followings –

1. 1. Policy laid down by BOD relating to procedures, valuation and delegation of powers including non-performing financial assets that may be purchased/sold, norms for such purchase/sale, valuation procedure and accounting policy.
   2. Only such NPA has been sold which has remained NPA for at least 2 years.
   3. Assets have been sold/purchased “without recourse” only i.e. the entire credit risk associated with the NPA should be transferred to the purchasing bank.
   4. Subsequent to sale of NPA, the bank does not assume any type of risk.
   5. NPA has been sold at cash basis only.
   6. The entire sale consideration has to be received on upfront basis.
   7. Bank has not purchased an NPA which it had originally sold.

• Additional Points in case of Sale of an NPA – Auditor should ensure the following –

1. 1. On sale of NPA, same has been removed from the books of selling bank;
   2. If sale is at a price < NBV, shortfall should be debited to P & L account.
   3. If sale is at a price > NBV, excess provision shall not be reversed but will be utilised to meet shortfall/loss on account of sale of other NPA.

• Additional Points in case of purchase of an NPA – Auditor should verify the following –

1. 1. NPA purchased has been subjected to provisioning requirements appropriate to the classification status in the books of the purchasing bank.
   2. Any recovery from NPA purchased is first adjusted against acquisition cost and amount recovered in excess of acquisition cost to be recognised as profit.
   3. For capital adequacy, assigned 100% risk weights to NPAs purchased.

(xi) Verification of Advances Against Life Insurance Policies

1. Inspect policies and see whether they are assigned to the bank and whether such assignment has been registered with the insurer.
2. Examine whether premium has been paid and whether policies are in force.
3. Obtain Certificate regarding surrender value from the insurer.
4. Check if surrender value is subject to payment of certain premia, the amount of such premium has been deducted from the surrender value.

7. Verification of Other Assets

7.1 Balance with RBI

• Verify ledger balances from bank confirmation certificates & reconciliation.
• Review reconciliation statements and give special attention to –

1. 1. Cash transactions remaining unresponded;
   2. Revenue items requiring adjustments/write-offs; and
   3. Other credit and debit entries originated in statement provided by RBI remaining responded for more than 15 days.

7.2 Money at Call and Short Notice

• Verify whether there is proper authorisation for lending of money at call.
• Examine whether instructions by HO are complied with.
• Verify call loans with certificates of borrowers & call loan receipts held by bank.
• Check whether aggregate balances agree with control accounts.
• Examine subsequent repayments received from borrowing banks.

7.3 Inter-office Adjustments (Branch Adj. Accounts)

• Examine whether Inter-branch accounts are normally reconciled at central level. Auditor should report on year-end status of inter-branch accounts indicating the dates up to which all or any segments of the accounts have been reconciled.
• Auditor should also indicate number & amount of outstanding entries in inter branch accounts, giving information separately for debit & credit entries.
• Ensure that any discrepancies found have been properly dealt with in the books. Auditor can obtain the relevant information primarily from branch audit reports.

7.4 Non-banking Assets Acquired in Satisfaction of Claims

• Ensure that heading includes those immovable properties/tangible assets which acquired in satisfaction of debts due or its other claims and these are being held with intention of being disposed off.
• Verify terms of settlement with party, order of the Court or award of arbitration, etc. forming the basis of acquisition of such assets.
• Ensure the ownership of the assets so acquired is legally vested in the bank.
• In case any dispute arises subsequently, examine whether provision for liability or disclosure of contingent liability is appropriate, in accordance with AS 29.
• Ensure that as at date of acquisition, assets should be recorded at lower of NBV of advance or NRV of asset acquired.

8. Verification of Capital and Liabilities

8.1 Capital Adequacy

Term ‘capital adequacy’ is used to describe the adequacy of capital resources of a bank
in relation to the risks associated with its operations.

(i) Stress Testing

• RBI has required that all commercial banks (excluding RRBs) shall put in place a Board approved ‘Stress Testing framework’ to suit their individual requirements which would integrate into their risk management systems.
• Stress tests are designed to understand whether a bank has enough capital to survive plausible adverse economic conditions and to maintain enough buffer to stay afloat under extreme scenarios.

(ii) BASEL III framework

• Basel III norms relate to Capital Adequacy requirement compliance which Bank has to achieve as contained in the BASEL III accord.
• Basel capital adequacy norms are meant for protection of depositors/shareholders by prescriptive rules for measuring capital adequacy.
• Basel III accord strengthens the regulation, supervision and risk management of banking sector. It is global regulatory standard on capital adequacy of banks, stress testing as well as market liquidity risk.
• The Basel III accord, aims at –

1. 1. improving the banking sector’s ability to absorb shocks arising from financial and economic stress, irrespective of reasons thereof;
   2. improving risk management and governance practices; and
   3. strengthening banks’ transparency and disclosure standards.

8.2 Current and Saving Accounts (CASA)

• Verify on sample basis current a/c and saving accounts opened during year for adherence to KYC norms.
• Verify balances in individual accounts on a sample basis.
• Check interest calculations on a test check basis. Remember that no interest is paid on current accounts.
• Examine whether procedure for obtaining balance confirmation periodically has been followed consistently.
• Ensure that debit balances in current accounts are not netted out on liabilities side but are appropriately included under head ‘advances’.
• Inoperative accounts (both current & saving) are a high-risk area of frauds in banks. As per RBI guidelines, a savings/current account should be treated as inoperative/dormant if there are no transactions for over a period of 2 years. Verify on sample basis some inoperative accounts revived/closed during the year. Ensure that inoperative accounts are revived only with proper authority.

8.3 Bills Payable

• Evaluate existence, effectiveness & continuity of ICs over bills payable. Such controls should usually include the following –

1. 1. Drafts, traveller’s cheques, etc. should be made out in standard printed forms.
   2. Unused forms should be kept under the custody of a responsible officer.
   3. Bank should have a reliable private code known only to responsible officers.
   4. Signatures on DD should be checked by officer with specimen signature book.
   5. All TTs and DDs issued by a branch should be immediately confirmed by advices
      to the branches concerned.

• Examine samples of o/s items comprised in bills payable a/cs with relevant registers.
• Reasons for old o/s debits in respect of DDs or other instruments paid without advice should be ascertained.
• Correspondence with other branches after the year-end should examined specially for large value items o/s on the balance sheet date.

8.4 Contingent Liabilities

(i) Disclosure Requirements

3rd Schedule to Banking Regulation Act, 1949, requires following disclosure –

1. Claims against the bank not acknowledged as debts.
2. Liability for partly paid investments.
3. Liability on account of outstanding forward exchange contracts.
4. Guarantees given on behalf of constituents (a) in India & (b) outside India.
5. Acceptances, endorsements and other obligations.
6. Other items for which the bank is contingently liable.

(ii) Audit Approach

Auditor is concerned with seeking reasonable assurance that all contingent liabilities are identified & properly valued. Obtain representation from mngt that –

1. all off b/s transactions have been accounted in the books of account as and when such transaction has taken place;
2. all off b/s transactions have been entered into after following due procedure;
3. all off b/s transactions are supported by the underlying documents;
4. all year end contingent liabilities have been disclosed;
5. disclosed contingent liabilities do not include any crystallised liabilities which are in nature of loss/expense & which require creation of a provision/adjustment.
6. estimates of financial effect of contingent liabilities are based on best estimates as per AS 29.

(iii) Verification Aspects

1. Ensure existence of a system whereby non-fund based facilities or additional credit facilities to parties are extended only to their regular constituents, etc.
2. Ascertain whether there are adequate ICs to ensure that transactions giving rise to contingent liabilities are executed only by persons authorised to do so.
3. Verify in case of LCs for import of goods, payment to suppliers is made on basis of shipping documents & ensuring that documents are in terms of LCs.
4. Ascertain whether a/cing system provides for maintenance of adequate records in respect of such obligations and whether ICs ensure that contingent liabilities are properly identified and recorded.
5. Test the completeness of the recorded obligations.
6. Review the reasonableness of the year-end amount of contingent liabilities.
7. Review whether comfort letters issued by the bank has been considered.
8. Verify whether bank has extended any non-fund facility or additional/adhoc credit facilities to other than its regular customers.

8.5 Claims Against the Bank Not Acknowledged as Debt

1. Examine relevant evidence, e.g. correspondence with lawyers, claimants, workers etc.
2. Review minutes of meeting of BOD/committees of Board, contracts, list of pending legal cases & correspondence relating to taxes etc., to identify claims against bank.
3. Ascertain from mgnt status of claims outstanding as at the end of previous year.
4. Review of subsequent events would also provide evidence about completeness and valuation of claims.

8.6 Liability on Account of Outstanding Forward Exchange Contracts

1. Verify outstanding forward exchange contracts with the statement of outstanding forward exchange contracts generated from the bank’s computerised accounting system or manual register maintained by the branch.
2. Auditor may physically verify the underlying documents including confirmations from merchants to test the existence of such outstanding contracts.
3. Auditor may verify outstanding derivative contracts like options, interest rate swaps etc. with reports generated in this regard.

8.7 Guarantees

1. Examine adequacy of ICs exercised over issuance of guarantees, e.g., guarantees are sanctioned by appropriate authority, adequate margins are taken from customers etc.
2. Examine adequacy of controls exercised over unused guarantee forms.
3. Examine whether expired guarantees are being marked off.
4. Examine guarantee registers with list of o/s guarantees to ensure that all guarantees are included in the amount disclosed.
5. Verify guarantees with copies of letters of guarantee issued by the bank.
6. Verify the securities held as margin.
7. Ensure whether a provision is required in terms of AS 29, in case any claim arises.

9. Reporting Requirements

9.1 Contents of Audit Report

In case of nationalised bank, auditor make a report to C.G. stating the following –

• Whether, in his opinion, b/s is a full & fair b/s containing all necessary particulars and is properly drawn up so as to exhibit a true and fair view of affairs of bank.
• In case auditor had called for any explanation or information, whether it has been given and whether it is satisfactory.
• Whether or not the transactions of the bank, which have come to his notice, have been within the powers of the bank.
• Whether or not the returns received from offices and branches of the bank have been found adequate for the purpose of audit.
• Whether the P & L account show a true balance of profit or loss for the period.
• Any other matter which he considers should be brought to the notice of the C.G.

Notes –

• Reporting requirements under Companies Act, 2013 – not applicable over nationalised bank. However, in case of banking company, following matters need to be reported –

1. 1. Matters as stated u/s 143(3) of Companies Act, 2013;
   2. Adequacy & Operating Effectiveness of IFC u/s 143(3)(i) of Companies Act.
   3. Other matters as per Rule 11 of Companies (Audit and Auditors) Rules, 2014.

• Reporting under CARO not applicable to a nationalised bank or to banking company.

9.2 Long Form Audit Report (LFAR)

• LFAR is to be given by statutory branch auditors as well as SCAs.
• LFAR for branch auditors is in form of questionnaire where observations/comments have to be provided on matters including cash, balance with banks, investments, advances, etc.
• LFAR submitted by the statutory branch auditors to SCAs.
• Consolidation is done at HO level & LFAR for bank is submitted by SCAs to mngt.
• Bank should place LFAR before ACB indicating action taken/proposed to be taken for rectification of irregularities & copy of LFAR together with Board’s views or directions, is submitted to RBI within 60 days of submission of LFAR by SCAs.

9.3 Scope of Assignment of Statutory Central Auditor (SCA)

In addition to main report, SCAs are required to issue following reports/certificates –

• Report on ICFR as per Sec. 143(3)(i) of the Companies Act, 2013.
• Long Form Audit Report (LFAR).
• Report on compliance with SLR requirements.
• Report on whether treasury operations conducted as per RBI instructions.
• Certificate on reconciliation of securities by the bank.
• Certificate on compliance of prudential and other guidelines issued by the RBI.
• Report on income recognition, asset classification & provisioning as per RBI guidelines.
• Report on serious irregularity noticed in working of the bank.
• Certificate in respect of custody of unused Bank Receipt forms and their utilisation.
• Authentication of capital adequacy ratio, including disclosure requirements.
• Report on status of compliance w.r.t. implementation of recommendations of Ghosh Committee relating to frauds and of Jilani Committee on IC and credit system.
• Report on instances of adverse credit-deposit ratio in the rural areas.
• Asset liability management.
• Certificate on Corporate Governance in case of banks listed on Stock Exchange.
• Certification on claim of various interest subsidies and interest subvention.

10. Concurrent Audit

10.1 Meaning and Nature

• It is an examination which is contemporaneous with occurrence of transactions.
• It attempts to shorten the interval between a transaction & its examination by an independent person not involved in its documentation.
• Emphasis is in favour of substantive checking in key areas rather than test checking.
• Considered as an early-warning system to ensure timely detection of irregularities.

10.2 Scope of Concurrent Audit

• Scope should be clearly determined by Bank’s Central Inspection and Audit Department in consultation with Audit Committee of Board of Directors (ACB).
• Importance should be given to checking high-risk transactions having large financial implications as opposed to transactions involving lesser amounts.

10.3 Types of Activities to be Covered

(a) Cash

1. Daily cash transactions with reference to any abnormal receipts and payments.
2. Proper accounting of inward and outward cash remittances.
3. Proper accounting of currency chest transactions, its prompt reporting to RBI.
4. Expenses incurred by cash payment involving sizeable amount.

(b) Investments

1. Ensure that in purchase or sale of securities, branch has acted within its delegated power.
2. Ensure that securities held in books of the branch are physically held by it.
3. Ensure that branch is complying with RBI/Head Office guidelines.
4. Ensure that sale or purchase transactions are done at rates beneficial to bank.

(c) Advances

Refer the points covered in internal control topic.

(d) Foreign Exchange

1. Check foreign bills negotiated under letters of credit.
2. Check FCNR and other non-resident accounts whether the debits and credits are permissible under rules.
3. Check whether inward/outward remittance have been properly accounted for.
4. Examine extension and cancellation of forward contracts for purchase and sale of foreign currency. Ensure that they are duly authorised and necessary charges have been recovered.
5. Ensure that balances in Nostro accounts in different foreign currencies are within the limit as prescribed by the bank.
6. Ensure that the overbought/oversold position maintained in different currencies is reasonable, considering the foreign exchange operations.
7. Ensure adherence to guidelines issued by RBI/HO about dealing room operations.
8. Ensure verification/reconciliation of Nostro & Vostro a/c transactions/balances.

10.4 Appointment of Concurrent Auditors and Accountability

• It is discretion of banks to consider whether concurrent audit should be done by bank’s own staff or external auditors.
• In case of own officials, they should be experienced, well trained and sufficiently senior & must be independent of branch where concurrent audit is to be conducted.
• Appointment of external audit firm may be initially for one year and can be extended up to 3 years, after which auditor could be shifted to another branch.
• If external firms are appointed & any serious acts of omissions/commissions are noticed in their working, appointments may be cancelled and fact to be reported to RBI & ICAI.

10.5 Remuneration of Concurrent Auditor

• Terms of appointment of external firms of CAs and their remuneration may be fixed by banks at their discretion.
• Broad guidelines should be framed by ACB for these purposes.

10.6 Reporting System

• There should be proper reporting of findings of concurrent auditors. For this purpose, bank should prepare a structured format.
• Major deficiencies noticed during audit should be highlighted in a special note and given immediately to controlling offices.
• Quarterly review containing key features brought out should be placed before ACB.
• There should be zone-wise reporting of findings of concurrent audit to ACB and an annual appraisal/report of the audit system should be placed before the ACB.
• Before submission of report, auditor should discuss important issues with branch manager and concerned officers.
• Minor irregularities are to be rectified in a timely manner. Serious irregularities to be reported to controlling offices/HO for immediate action.
• Whenever fraudulent transactions are detected, they should immediately be reported to Inspection & Audit Department (Head Office) as also the Chief Vigilance Officer as well as Branch Managers concerned (unless the branch manager is involved).
• Follow-up action on concurrent audit reports should be given high priority by controlling office/Inspection and Audit Department and rectification of the features done without any loss of time.