Audit of Banks under Core Banking System

advertisement
Bank Branch Audit under
Core Banking System
Hosted by Hyderabad Branch of SIRC of
ICAI
Table of Contents
 Softwares used by Banking Industry
 Traditional Auditing Approach
 Auditing through CBS
 What is Core Banking System?
 Some basic concepts of CBS
 Audit activity through CBS (Case Specific)
 Audit through “Finacle” Software
 Capital Adequacy / Risk Weighted Assets and
Credit Risk Calculation Certification
CA. Kuntal Shah, Ahmedabad
2
Softwares used by Banking Industry
Base Software: Core Banking Software
Add-on Softwares for,
 Credit Risk Calculation as per Basel – II Norms
 Risk Weighted Assets / Capital Adequacy
Computation
 Asset Classification and NPA Provisioning
computation
 Classification of Priority / Non-priority / Sensitive
Sector Advances
CA. Kuntal Shah, Ahmedabad
3
Table of Contents
 Softwares used by Banking Industry
 Traditional Auditing Approach
 Auditing through CBS
 What is Core Banking System?
 Some basic concepts of CBS
 Audit activity through CBS (Case Specific)
 Audit through “Finacle” Software
 Capital Adequacy / Risk Weighted Assets and
Credit Risk Calculation Certification
CA. Kuntal Shah, Ahmedabad
4
Traditional Auditing Approach
 Verification of Documents Physically
 Availability of Hard Copies for each transaction
 Number of Transactions for Audit
In nutshell
“Computerization does not affect Audit objectives. It
only requires change in Audit Methodology.”
CA. Kuntal Shah, Ahmedabad
5
Table of Contents
 Softwares used by Banking Industry
 Traditional Auditing Approach
 Auditing through CBS
 What is Core Banking System?
 Some basic concepts of CBS
 Audit activity through CBS (Case Specific)
 Audit through “Finacle” Software
 Capital Adequacy / Risk Weighted Assets and
Credit Risk Calculation Certification
CA. Kuntal Shah, Ahmedabad
6
Auditing through CBS
 Understand the Core Banking Software
 Review Internal Controls in CBS
 Carry out Risk Assessment (viz. Manual Interventions
in transaction processing, Modification of Master Data
without proper documentations, Lack / non availability of
Audit Trail)






Review Transaction Flow & Audit Trails
Apply Exception Approach
Determine Sample Size based on review
Carry out substantive procedures in & around CBS
Documentation of Audit Procedures
Prepare report on Audit Findings and prepare final
Report
CA. Kuntal Shah, Ahmedabad
7
What is Core Banking System?
 Centralised Database
 Transactions take place at various locations
 Updation of Central Database on Real Time Basis
 Report Generation at Back-End
 Access Control
CA. Kuntal Shah, Ahmedabad
8
What is CBS – An Overview
ATM
Switch
Back
Office
Central
Server
Branch
Data
Warehouse
Credit-Card
System
CA. Kuntal Shah, Ahmedabad
Mobile
Banking
Internet
Banking
Phone
Banking
9
Table of Contents
 Softwares used by Banking Industry
 Traditional Auditing Approach
 Auditing through CBS
 What is Core Banking System?
 Some basic concepts of CBS
 Audit activity through CBS (Case Specific)
 Audit through “Finacle” Software
 Capital Adequacy / Risk Weighted Assets and
Credit Risk Calculation Certification
CA. Kuntal Shah, Ahmedabad
10
Core Banking System - Concepts
 Master Level Configuration
 Account Level Configuration
 Separate series of Account Nos. for different
Types of Accounts
 E.g. An Account No. 0099 05 014678 – is made up
of Branch Code i.e. “0099”, Account Type – “05”
say Current Account and Account No. – “014678”
 Auditor should seek details of formation of Account
No. during discussion with Branch Head.
Cont…
CA. Kuntal Shah, Ahmedabad
11
Core Banking System - Concepts
 Interest Calculation and Application
 Maker – Checker Concept (Different Stages for a
Transaction)
Created by, Entered by, Authorised by,
Posted by, Modified by, Deleted by
 SOL ID & SET ID Concept
 (SOL – Service OutLet ID i.e. Branch, Back
Office etc.) (SET ID – Branch / Back Office who
initiated the transaction)
 Pointing Type Office Accounts
 Auto generation of Exception Reports at EOD
 Generation of various Tailor-made Reports from
Back-End / MIS Server
CA. Kuntal Shah, Ahmedabad
12
What is CBS – Auditors’ Checklist
 Document list of Softwares, Applications and
interface details associated with CBS
 Review Usage Manual (if available at Branch) or
Document Software navigation options and Menu
Codes.
 Document list of Reports available in CBS and its
menu codes.
 Review Exception Reports
generated by Data Center.
CA. Kuntal Shah, Ahmedabad
/
MIS
Reports
13
Table of Contents
 Softwares used by Banking Industry
 Traditional Auditing Approach
 Auditing through CBS
 What is Core Banking System?
 Some basic concepts of CBS
 Audit activity through CBS (Case Specific)
 Audit through “Finacle” Software
 Capital Adequacy / Risk Weighted Assets and
Credit Risk Calculation Certification
CA. Kuntal Shah, Ahmedabad
14
Audit Activity through CBS
 Customer Master Level and Account Level
Updations for Loans / CC Accounts
 What to verify?






Interest Parameters (Regular & Penal Interest)
Repayment Instructions
Standing Instructions (SI) Parameters
DP / SL monitoring
Customer wise Limit Lookup
Stock / Debtors Statements Tracking and
calculation of DP
 When to verify?
 At the time of verification of Documents for
Advance
CA. Kuntal Shah, Ahmedabad
15
Audit Activity through CBS
 Analysis of Advance Accounts
 What to verify?
 Turnover of CC Account based on
Borrower’s Business profile
 In case of Loan accounts ACTUAL
recovery of Installments and Interest
 When to verify?
 After / during verification of Advances
Documentation
CA. Kuntal Shah, Ahmedabad
16
Audit Activity through CBS
 NPA Analysis
 What to verify?
 Reports on NPA and Probable NPA
generated (if any) from CBS or CIS
(Credit Information System)
 NPA Account, Probable NPA Account,
Other Advance Accounts with some
irregularities: Transactions & Account
Scrutiny for Correct Classification
 When to verify?
 After / during verification of Advances
Documentation
CA. Kuntal Shah, Ahmedabad
17
Audit Activity through CBS
 NPA Account Verification
 What to verify?
 Classification of NPA
 Date of NPA
 Calculation of Provisioning
System)
 Reversal of Revenue charged
(out
of
 When to verify?
 After / during verification of Advances
Documentation
CA. Kuntal Shah, Ahmedabad
18
Audit Activity through CBS
 Security details updation
 What to verify?
 Whether Lien is marked in System for
Fixed Deposits Accounts?
 Whether details of security obtained are
mentioned in Master Details?
 When to verify?
 After / during verification of Advances
Documentation
CA. Kuntal Shah, Ahmedabad
19
Audit Activity through CBS
 Office Accounts (Inter Branch) Accounts
 What to verify?
 Entries outstanding in Office Accounts as
on date.
 Long Outstanding entries.
 Improper reversal of Office Account
entries
 When to verify?
 During verification of LFAR Compliance
CA. Kuntal Shah, Ahmedabad
20
Audit Activity through CBS
 TDS Related Records
 What to verify?
 Debit to Charges Accounts and relevant
entries to TDS Account.
 Reversals in TDS Account. Whether by
Constructive Payment or otherwise?
 Account Code List / Name of Expense
(charges) accounts Liable for TDS should
be obtained from BM
 When to verify?
 During verification
Compliance
of
CA. Kuntal Shah, Ahmedabad
Income
Tax
21
Audit Activity through CBS
Fixed Assets & Depreciation Entries
 What to verify?
 Verify Calculation of Depreciation (mostly
done out of the system)
 Entries passed in FA Accounts
 Check Repairs & Maint. A/c and other
relative account for entries pertaining to
Purchase of New Fixed Asset
 When to verify?
 During verification
Compliance
of
CA. Kuntal Shah, Ahmedabad
Income
Tax
22
Audit Activity through CBS
 Logical Access Controls:
 Creation / Deletion / Amendment in User
Profile, Powers done centrally. If not, verify the
compliances as follows.
 Records for User – ID Creation properly
maintained?
 Records for Deletion of user-ID with proper
authorisation available?
 Other issues like security of password,
compulsory change of password, Transaction
Limit for employees etc.
CA. Kuntal Shah, Ahmedabad
23
Audit Activity through CBS
 Output Controls:
 Whether Hard copies of Accounts available?
 Whether such reports are signed?
 Security of Data:
 Whether the encryption software is available in
Server / Backup Server (If data is stored)
 Whether the computers are having Antivirus
Software?
 Whether the AV Software is updated on regular
basis?
CA. Kuntal Shah, Ahmedabad
24
Audit Activity through CBS
 Backups
 Important Activity for Non CBS Branches
 Backup should be stored on Off-site Location
 Backup should have been tested at periodical
intervals
 Backup Register should be maintained
CA. Kuntal Shah, Ahmedabad
25
Audit Activity through CBS
Auto Generated Reports
 Exception Report:
 Reports for the month end and two days prior
and after month end should be verified.
 Exceptions of following natures should be
closely verified.
–
–
–
–
–
Balance exceeded Account Limit
Manual debits to Income Account
Value Dated Transactions
Manual entry for SI Failure cases
Instrument passed against Clearing
CA. Kuntal Shah, Ahmedabad
26
Audit Activity through CBS
 Irregularity Report:
 Reports for the month end and two days prior
and after month end should be verified.
 Report contains details of Accounts where
Balance in Accounts are greater than the Limits
Sanctioned. Check whether the same is due to,
– Application of Interest
– Granting of Intra Day TOD
– Passing of Instruments against Clearing Effects
CA. Kuntal Shah, Ahmedabad
27
Audit Activity through CBS
 Accounts where Interest Code is ‘0’:
 Interest will not be charged from Accounts
where Interest Code is selected as ‘0’. Hence, a
detailed checking is required. Possible reasons
can be,
– Whether NPA Account
– Accounts with Moratorium?
 Interest Collection Flag as “No”:
 If Interest Collection Flag is selected as “No”,
Software will not consider the account for
calculation and entry for Debit Interest.
CA. Kuntal Shah, Ahmedabad
28
Audit Activity through CBS
 Debit Interest SI Failed Report:
 Failure of Standing Instruction for Debit Interest
should be closely verified. If the SI is failed the
Account will not be debited for Interest. SI
Failure can be for any reason like
– Non availability of Balance in Account (In case of TOD in
Operative Account)
– Non availability of Limit in Account
– Technical Snag in execution
 Whether Branch has manually passed the entry
for all such cases should be verified.
 Loan Installment SI Failed Report:
 Same as above
CA. Kuntal Shah, Ahmedabad
29
Audit Activity through CBS
 Report containing all Advance Accounts
with Limits:
 Generally, CBS Software generate a Report
wherein details of all Advance Accounts are
listed.
 Excel can be used to verify cases of DP > SL,
Margin Requirement etc.
CA. Kuntal Shah, Ahmedabad
30
Table of Contents
 Softwares used by Banking Industry
 Traditional Auditing Approach
 Auditing through CBS
 What is Core Banking System?
 Some basic concepts of CBS
 Audit activity through CBS (Case Specific)
 Audit through “Finacle” Software
 Capital Adequacy / Risk Weighted Assets and
Credit Risk Calculation Certification
CA. Kuntal Shah, Ahmedabad
31
Finacle – Core Banking Software
Overview and Implementation Structure
Some features of Transaction processing
Audit Procedures and Menu Codes
Generation of Reports through Finacle
CA. Kuntal Shah, Ahmedabad
32
Finacle in IDBI Bank
Source: www.infosys.com
CA. Kuntal Shah, Ahmedabad
33
Finacle - Overview
 Some of the Banks using Finacle are











Bank of Baroda
Bank of India
Union Bank of India
Canara Bank
Federal Bank
IDBI Bank
ICICI Bank
Axis Bank
ABN Amro
Vijaya Bank
UCO Bank
CA. Kuntal Shah, Ahmedabad
34
Finacle – Core Banking Software
Overview and Implementation Structure
Some features of Transaction processing
Audit Procedures and Menu Codes
Generation of Reports through Finacle
CA. Kuntal Shah, Ahmedabad
35
Finacle - Features in Transaction Processing
Features:
 Each Transaction has unique Tran ID.
 Combination of Tran ID and Date of Transaction
is required to locate a Tran
 Tran Type, Sub Type are useful to Identify
Nature of Transaction (like Cash Deposit,
Withdrawal)
 Facility of exploring a Tran during Account
Scrutiny [Drill Down Approach] - press CTRL +
E on a Tran during scrutiny of Account.
 Driven by various Inter-linked menus
Cont…
CA. Kuntal Shah, Ahmedabad
36
Finacle - Features in Transaction Processing
(Cont…)
 Pointing Type Office accounts (Useful in review
of outstanding / part reversed Office Account
entries)
CA. Kuntal Shah, Ahmedabad
37
Finacle – Core Banking Software
Overview and Implementation Structure
Some features of Transaction processing
Audit Procedures and Menu Codes
Generation of Reports through Finacle
CA. Kuntal Shah, Ahmedabad
38
Finacle – Audit Procedure
Verification
Menu Code
Account Scrutiny
ACLI
Customer Master
CUMM
Account Level Inquiry
Transaction Inquiry
ACM / ACI
TI / TM
Fin. Tran. Inquiry – Criterion Search
FTI
Inquire on Transaction (Office Accounts)
IOT
Bills Module (Inland)
BM
Foreign Bills Module – Single Case
FBM
Foreign Bills Inquiry – Criterion Search
FBI
CA. Kuntal Shah, Ahmedabad
39
Finacle – Audit Procedure
Verification
Guarantee Inquiry
Menu Code
GI
Query on Documentary Credits - Criterion Search
DCQRY
Docu. Credits (LC) Maintenance Module
ODCM
Account Search based on predefined Criteria –
(May not be available or Slow)
ACS
TDS Inquiry
TDSIP
Pending Installment List
PLIST
Loan Overdue Position Inquiry
LAOPI
Account Turnover Report
ATOR
CA. Kuntal Shah, Ahmedabad
40
Finacle – Audit Procedure
Verification
Menu Code
TOD Inquiry – Account specific
ACTODI
List of Pending and Dishonored Bills
FBPADB
The list is only for guidance and the menu codes may not be
applicable in all the banks.
CA. Kuntal Shah, Ahmedabad
41
Finacle – Core Banking Software
Overview and Implementation Structure
Some features of Transaction processing
Audit Procedures and Menu Codes
Generation of Reports through Finacle
CA. Kuntal Shah, Ahmedabad
42
Finacle – Audit Procedure
Report Generation
Printing of Office Accounts
Bill Balancing Report – Based on GL Code
All Bills Balancing Report
Foreign Bills Balancing Report
Exception Report
Menu Code
ACLPOA
BR
BRBPR
FBBR
EXCPRT
CA. Kuntal Shah, Ahmedabad
43
Table of Contents
 Softwares used by Banking Industry
 Traditional Auditing Approach
 Auditing through CBS
 What is Core Banking System?
 Some basic concepts of CBS
 Audit activity through CBS (Case Specific)
 Audit through “Finacle” Software
 Capital Adequacy / Risk Weighted Assets and
Credit Risk Calculation Certification
CA. Kuntal Shah, Ahmedabad
44
Credit Risk / Risk Weighted Assets
Computation
Various softwares for computation of Credit
Risk / Risk Weighted Assets
CRisMAC by D2K Technologies
 The software is used by
 Bank of Baroda
 Bank of Maharashtra
 Punjab National Bank
 The Bank of Rajasthan
 SBICI
 Vijaya Bank
 Dena Bank
 Deutsche Bank
(Details as per Company’s website)
CA. Kuntal Shah, Ahmedabad
45
Features of Credit Risk / Risk Weighted
Assets computation softwares
 Asset
classification
and
provision
computation as per IRAC Guidelines
 Sectorwise Asset Classification
 Credit Risk Calculation
 Risk Weighted Assets / Capital Adequacy
Calculation
CA. Kuntal Shah, Ahmedabad
46
Inconsistencies generally observed
 Data as per one statement do not agree with the
other statement
 E.g. Total amount of Advance figure as per
Balance Sheet do not agree with Sectorwise
or Classification of Advancewise Report
 Change in Date of NPA leading to incorrect
Provisions
 Borrowerwise Asset Classification not followed.
 Manual Intervention between CBS and Risk
Computation Software
 E.g. Security obtained for Advance Account
needs to be entered manually
CA. Kuntal Shah, Ahmedabad
47
Inconsistencies generally observed
Long Outstanding entries in Office Account /
Sensitive Accounts
Routing of cash shortages / other
manipulation through Office Account / Inter
Branch / Sensitive Accounts
Improper reversal of entries of Sensitive
Account leading to loss of Audit Trail
 E.g. Partial Reversal / Doubly reversal /
Reversal exceeding entry amount etc.
Restructured (other than CDR) proper
updation not carried out in CBS / Risk
Comp. Software
CA. Kuntal Shah, Ahmedabad
48
Thank You
Download