Concurrent Audit, as a tool of fraud risk management

Deregulation and globalization of financial services, together with the growing sophistication of financial technology are making the activities of the bank and their risk profiles more complex. Development of banking practices suggest that there can be substantial risks the banks have to address other than credit risk, interest rate risk and market risks. However, efficiency of the bank depends on how effectively it is managing the risks. For this, it is essential to have in place effective risk management and internal control systems to prevent fraud risk. These controls must be supplemented by an effective Audit Function that independently evaluates operational effectiveness, efficiency and adherence to the Internal Control systems within the organization. Concurrent audit one of the strong layers to prevent and protect the policy guidelines of bank supporting sound ethical banking practices.

Purpose of concurrent audit
The purpose of concurrent audit is to ensure that the transactions are audited on a day-to-day basis and shortcomings/deficiencies brought out are rectified immediately. It is expected of Concurrent Audit to act as a monitoring mechanism at the branch/Centralized Processing Units and at critical Central Office Departments to ensure on an ongoing basis that different divisions at Branches / Centralized Processing Units and Central Office Critical Departments function within the prescribed parameters and procedures

Scope of audit coverage
The main role of concurrent audit is to supplement the efforts of the bank in carrying out simultaneous internal check of transactions by an independent person and other verifications and compliance with the laid down procedures including checking/verification of AML/KYC, TDS as per RBI and Ministry of finance (MOF) latest guidelines. Concurrent Auditors should check the compliance of various latest guidelines issued by RBI and MOF from time to time. A concurrent auditor may not sit in judgment of the decision taken by a branch manager or an authorized official. This is beyond the scope of concurrent audit. The concurrent auditor will necessarily have to see whether the transactions or decisions are within the policy parameters laid down by the Central Office, they do not violate the instructions or policy prescriptions of the RBI and that they are within the delegated authority. In very large branches, which have different divisions dealing with specific activities, concurrent audit is a means to the in-charge of the branch to ensure on an ongoing basis that the different divisions function within laid down parameters and procedures.

Concurrent Audit shall cover certain fraud – prone areas like handling of cash; deposit, advances, safe custody of securities, investments, overdue bills, exercise of discretionary powers, sundry and ‘suspense accounts, inter-bank reconciliation, clearing difference, foreign exchange business including Nostro accounts, Off-Balance Sheet items like Letter of Credit and Bank Guarantee, treasury functions and Credit Card business, internet banking, Mobile Banking, POS etc.

The focus of Concurrent Audit shall be on substantive checking in key areas/ High Risk areas like:
a) Credit Risk.
b) Regulatory/Statutory Compliance Risk
c) Fraud Risk.
d) Revenue Risk.
e) Forex Risk.
f) KYC/AML/FEMA guidelines adherence

In determining the scope, importance should be given to checking high- risk transactions having large financial implications as opposed to transactions involving small amounts.
While there are no detailed RBI or Govt. guidelines on the scope of concurrent audit, the detailed scope of Concurrent Audit has evolved over a period of time. It reasonable covers key areas of Branch functioning. Banks are in the process of shifting to Web Based Audit Management Solutions (WBAMS) covering all audit functions in the Bank including Concurrent Audit. Accordingly all procedures and functions of Concurrent Audit starting from conduct of audit and submission of reports and closure of Audit Reports shall be done through WBAMS package during the regular Regional Audit Committee (RAC) meeting.

Coverage of Business / Branches & Type of Activities
Concurrent audit at branches should cover at least 50% of the advances and 50% of deposit of a bank. The following Branches, Business activities /Verticals of the Bank are subjected to Concurrent audit:
1. Branches rated as High Control Risk or above in the last Risk Based Internal, Audit (RBIA) where serious deficiencies were found in Internal Audit.
2. .All specialized branches like Large Corporate (IFB), Mid Corporate, SME, Exceptionally large / Very large branches (ELBs / VLBs).
3. All Centralized Processing Units like Loan Processing Units (LPUs), SARALs, Service Branches, Centralized Account Opening Divisions, Central Pension Processing Centre (CPPC) etc.
4. Any specialized activities such as ATM, Credit and Debit Card Division, Cash Management Services, Digital Banking, Back office functions. Data Centers. Integrated Treasury/ branches handling Foreign Exchange business, Investment banking, etc. and bigger Overseas Branches as considered by top Management. Departments e.g. Corporate Communication, Terminal Benefits, Support Services, CP & MSME, Large Corporate Vertical etc.
5. Any other branches or departments where in the opinion of the bank, Concurrent Audit is desirable.
The Bank shall Endeavour to cover 70% of Deposits and 70% of Advances under Concurrent Audit. Minimum essential activities to be covered by the concurrent auditors are as per RBI guidelines.
Selection of Audit Firms:
As per Government guidelines, the concurrent audit assignments may be undertaken internally by Bank’s Officers and also outsourced to external audit firms. The appointment of concurrent auditors for various concurrent audit assignments needs to be done from the RBI panel as per the gradation based on the size of the Branch with the approval of delegated authority in Central Audit &Inspection Department. Suitable firms shall be identified for each assignment and shall be approved taking into account their experience and exposure in similar activity carried out for the Bank or other Banks, availability of adequate trained resources, location of the audit unit etc.

The Government guidelines have also provided the following criteria be applied for selection of Concurrent Auditors:
• It should be a partnership, firm of Chartered Accountants.
• The firms should have qualified Information System Auditor (CISA/DISA) with necessary exposure to systems audit since all functions of bank are computerized and therefore IS audit should form an integral part of audit of banks.
• Weightage to be given to firms where the partners themselves were ex-bankers or the firm has got tie-up with ex-bankers with requisite experience and exposure.
• The audit firm or its associate concerns should not be conducting statutory audit of the Bank or any of its branches.
• The firm should have necessary office set-up, adequate personnel to ensure proper deployment and timely completion of assignments. Also should ensure deployment of only authorized personnel of concurrent audit firm for conducting audit.
• The firm should not sub-contract the audit work assigned to any outside firm even if they are qualified chartered accountants.
• With a view to ensure that Concurrent auditors are well-versed with the subject, it is proposed to make it mandatory that the Chartered Accountant should have “Certificate course on Concurrent Audit of Banks” conducted by ICAI and certificate for the same is submitted to the Branch Head / Department Head (it is learned that Institute is imparting the ‘above course spanning 6 days covering all major topics connected with Concurrent Audit of the bank/branch).
• With regard to Government guidelines for appointment of Concurrent Auditors from RBI Panel as per Gradation, RBI awards grades to CA firms undertaking Statutory Audit. Presently branch Statutory Auditors are appointed based on grade awarded by RBI depending upon size of the branch which is as under :-

Sr.

No

Grade of

Auditor

 

Eligible for Audit of branch

 

1 I Branches with advances of Rs. 75.00 crore &  above
2 II Branches with advances between Rs. 50.00 crore to Rs.

75.00 crore

2 III Branches with advances between Rs. 25.00 crore to Rs.

50.00 crore

4 IV Branches with advances below Rs. 25.00 crore

All efforts shall be made to assign Concurrent audit to C.A. firms as per above grade and suggested level of advances of the Branch. However, in case of non-availability of suitable C.A. firms of any particular grade and in case of exigency, C.A. firms with a higher or lower grade shall also be assigned Concurrent Audit work. Such deviation shall be put up to General Manager (CA&ID) for approval. In all cases, the fees payable shall depend upon the level of advances of the Branch.

Appointment of Concurrent Auditors and Accountability

  1. A suitable firm to be indentified for each assignment from the RBI Panel and to be approved, taking into account their experience and exposure, having experience of audit carried out for Bank or other Banks. Bank can also appoint its retired staff as concurrent auditors.
  2. At any one point of time, not more than one audit assignment shall be awarded to any single firm. An audit assignment that needs to be carried out across the branches/units at different locations shall be considered as a single assignment for this purpose.
  3. Concurrent auditors shall not undertake any other activities on behalf of the branch without obtaining the concurrence of Central Audit and Inspection Department, in writing.
  4. No out of pocket expense or travelling allowance /halting allowance shall be paid to Concurrent Auditors for carrying out the assignment. However, the service tax, shall be paid as applicable from time to time in addition to basic fees. The payment to concurrent auditors shall be subject to deduction of tax at source at appropriate rates. The firm shall execute undertaking of fidelity and secrecy on its letterhead in the prescribed format.
  5. In order to avoid conflict of interest, an undertaking shall be obtained from the concurrent auditors that they do not have any professional or commercial relationship with the borrowers of the branch/Department which they are auditing.
  6. The Auditors shall sign the Do’s and Don’ts statement in order to have proper arms Length relationship with the Branch / Department of which they are conducting Audit.
  7. A declaration shall be furnished by the firm that credit facilities availed by the firm or partners or firms in which they are partners or directors including any facility availed by a third party for which the firm or its partners are guarantors have not turned or are existing as non-performing assets as per prudential norms of RBI. In case the declaration is found incorrect, the assignment shall get terminated besides the firm being liable for any action under ICAI / RBI guidelines.
  8. All the necessary certificates including quarterly/half yearly/annual closing of books of accounts that need to be given by audit firm as a part of Concurrent Audit assignment shall be given by the audit Firm under its letterhead without any additional certification fee.
  9. A detailed checklist and other latest operating guidelines, view ID, required Menus for verification of details shall be provided to the concurrent auditors.
  10. Appointment of Concurrent Auditor shall be purely at discretion of the Bank and no rights whatsoever accrue to the firm for such appointment.
  11. Audit firms shall submit monthly/quarterly/half-yearly reports in structured formats within stipulated period i.e. within 10 days of the completion of month /quarter /half-year. Any persistent delay shall be viewed negatively at the time of review of CA firm.
  12. Bank/Branch shall monitor the performance of audit firms closely. Performance of the Firm shall be evaluated every month on the basis of their quality and coverage of reporting. In case CA firm is not attending audit work properly, continuous delay in submission of reports, non reporting of serious irregularities/deviations, non-detection of fraud, non-detection of Leakage of income in branches where they are conducting concurrent audit, Bank reserves the right to terminate the assignment, without assigning any reason. In case of termination of assignment, the remuneration for the incomplete month shall not be payable by the bank.
  13. Concurrent Auditors shall not be permitted to mobilize any credit related proposals to any of the Branches of the Bank during their period of assignment.
  14. The Bank may also formulate suitable incentives to be paid to concurrent auditors for detecting frauds, revenue leakage etc. as well as disincentives for not detecting them in time and which was subsequently detected during some other audit. Details of such deterring provisions, incentives, disincentives etc. shall be got approved by the Executive Director, if required. Likewise any bonafide reporting of serious irregularities by Concurrent Auditors shall be duly recognized by Central Audit and Inspection Department.
  15. Suitable deterring provisions shall be incorporated in the engagement Letter of concurrent auditors for delayed submission of reports, unsatisfactory performance etc. lf external firms are appointed and any serious acts of omission or commission are noticed in their working, their appointments may be cancelled and the fact may be reported to RBI and ICAI

Process and Procedure for Selection of Concurrent Auditor for Branches/Offices

  1. Central Audit and Inspection Department (CA&ID) will identify the branches for which concurrent auditors need to be appointed afresh-either due to completion of tenure of earlier auditor or due to identification of additional branches to be brought under concurrent audit.
  2. CA&ID will undertake the concurrent auditor appointment exercise twice in a year as hitherto i.e. March and September from the empanelled list. In case of any exigency like midterm termination on account of non-performance/resignation by the auditor, new firm can also be appointed from the panel.
  3. Concurrent Auditors empanelment is done once in a year. A detailed document for empanelment containing general terms and conditions for empanelment, eligibility criteria, documents to be submitted, undertaking from CA firms, fees payable, performance evaluation criteria and details of DO’s and Don’ts are to be provided to the firm..
  4. Online web based application will be hosted in corporate website. Interested CA firms can submit the application only during the application submission period which will be usually three weeks. However, this can be increased or reduced depending upon the requirement.
  5. The General Manager, CA&ID will form a committee of minimum three executives for evaluation of CA firm. The committee will recommend empanelment/appointment of CA firms as per the eligibility criteria and General Manager, CA&ID will be the competent authority to approve the empanelment/appointment.
  6. Initial allotment will be for one year and thereafter will be extended for another 2 (1+1) years, if performance of CA firms remains satisfactory. CA&ID will extend the contract based on the recommendation of respective Zonal Audit Offices.
  7. While selecting CA firm for Concurrent Audit of Branches having Advances of above Rs.100 crores preference shall be given to those firms having more than one Chartered Accountant partner at the location where the Concurrent Audit Assignment is to be allotted.

Tenure of Concurrent Auditors:

Tenure of concurrent audit shall be initially for one year and shall be extended for a further period of two years, overall three years, based on the performance of the auditor in the first year/Second year. After completion of specific period, the firm may be considered for audit assignment in other location or areas after completion of cooling period. Cooling period of one year shall be observed for a firm to become eligible for re-appointment. At any point of time, not more than one audit assignment shall be awarded to any single firm.

Conduct and Follow Up of Concurrent Audit:

  1. Each branch / audit unit shall identify Nodal Officer as a single point contact for coordinating the concurrent audit work.
  2. Bank shall provide the concurrent auditor with requisite initial information of the branch activities and further support to conduct audit.
  3. Minor irregularities pointed out by concurrent auditors are to be rectified on the spot. The audit unit should ensure rectification of deficiencies without any Loss of time so as to achieve the very purpose of concurrent audit.
  4. Pending issues of previous reports shall continue to be mentioned as persisting irregularity / deficiency in the subsequent reports till such time the same are conclusively dealt with.
  5. A formal wrap up discussion with the branch / units shall be arranged before submission of report by the concurrent auditor. In case of any difficulty in interpretation of existing guidelines of the Bank by the Branch/Concurrent Auditor, the same shall be referred to the Controlling Office/Concerned Audit Office before finalization of the report.
  6. Quality of compliance with the concurrent audit reports shall be covered and commented upon by the internal auditors.
  7. Zonal Audit Office shall ensure that deficiencies pointed out in concurrent audit report are rectified and concurrent audit reports are closed within a quarter. Regional Office shall be responsible for follow up with the branches to ensure compliance.
  8. Zonal Audit Heads shall interact with Concurrent Auditors at least once in a quarter. Such interaction could be either through personal meetings or web conference.
  9. Open items which are not resolved for more than a quarter to be reported to CAID by Zonal Audit Office for placing the same before Audit Committee of Board.

Submission of Reports

  1. Copies of Monthly / Quarterly / Half-yearly Concurrent Audit report and Quarterly status reports on advances accounts with exposure of Rs.1.00 crore and above shall be submitted by 10th day of the succeeding month to the respective authority as defined by individual bank.
  2. In case Concurrent Auditors detects any serious irregularities or malpractices, which may result in loss or jeopardize interest of the Bank, they shall submit “Preliminary Report” to Central Audit and Inspection Department at Head office, as well as respective Zonal Audit Office. The ZAO on receipt of such preliminary report from the concurrent auditor shall forward the same to CA&ID with its recommendation. The CA&ID shall vet the report and if deemed fit, advise Zonal Audit Office to submit Special Report with all observations to concerned branch under copy to CA&ID and concerned RO for further course of action. The Concurrent Auditor shall also be informed suitably.
  3. Whenever fraudulent transactions are detected, same should be immediately reported to RO, FGMO, ZAO and CA&ID and also to the Chief Vigilance Officer through RO/ZAO as well as Branch Manager concerned unless the Branch Manager is involved.

Compliance of Audit Reports and Reporting To ACB:

  1. The concerned branches shall submit the compliance/ replies along with certificate of rectification (COR) to their Controlling Offices within a maximum period of 30 days. The Controlling Offices shall check rectifications and compliance of audit reports and shall close the reports in RAC (Regioanl Audit Committee).
  2. Before closing audit report, ZAO shall verify on test check basis whether actual rectification is done in respect of serious irregularities i.e. Non creation of mortgage, non renewal of high value accounts, non adjustment of excesses, etc.
  3. Review of significant observations of the Concurrent Audit along with the compliance thereof shall be placed before the Audit Committee of Board on quarterly basis. Reporting shall be done on Zone/ Area-wise basis. Any serious observation requiring attention of Audit Committee of Board shall be placed before them at the first available opportunity. Review of compliance of audit reports with respect to adherence to KYC/ AML guidelines at Branches shall be placed before ACB on quarterly basis by Compliance Department. Annual Appraisal / Report of the Concurrent Audit System shall be prepared and placed before the Audit Committee of Board.
  4. Follow-up action on the concurrent audit reports shall be given high priority by the Controlling Office / Zonal Audit Office.

Performance Review:

  1. As per the Government Guidelines, the tenure of concurrent audit could be extended based on the performance of the auditor in the 1st year. The performance of concurrent auditor shall be reviewed on annual basis.
  2. Performance of concurrent audit firm is subject to review after one year of the appointment by Central Audit and Inspection Department. It is proposed to continue with this arrangement of review of performance of Concurrent Auditor after every year.
  3. With a view to ensure that concurrent auditors carry out their job efficiently and effectively, bank shall follow the a Performance Evaluation Matrix designed by individual Bank. Based on the performance evaluation, the audit firm shall be rated as under:-

 

Grade/Rating Proposed Marks

 

A 80 and above
B 70 – 79
C 60 – 69
D Below 60

 

The contract with audit firm falling in Grade ‘D’ shall be terminated even before completion of audit term.

Challenges in Implementation of Some Of Government Of India/RBI Guidelines:

As per Government Guidelines, following functions are also required to be carried out by Concurrent Auditors:

  • Certification work, presently being carried out by Statutory Auditors, should be assign to Concurrent Auditors.
  • Stock Audit function is to be shifted to Concurrent Auditors.
  • Conversion of existing transaction-based concurrent audit into Risk – based concurrent audit.

Conclusion

Concurrent Audit system is compliance to the RBI /Government guidelines. It supplements the efforts of the internal audit department to strengthen the internal control system of the bank. The concurrent audit system shall be a part of Bank’s early-warning system to detect irregularities and lapses. It helps checking repeated / recurring violations of the internal and regulatory guidelines in controlling risks and in preventing fraudulent transactions. Concurrent Audit attempts to shorten the interval between a transaction and its examination by an independent person not involved in its execution/documentation. The emphasis is in favor of substantive checking in key areas rather than test checking. This audit is essentially a management process integral to the establishment of sound internal accounting functions and effective controls so as to preclude the incidence of serious errors and fraudulent manipulations.

 

Authored By:

Alekh Kumar Sahoo
Chief Manager (Faculty)
Staff Training Centre
Bhubaneswar