Risk Based Internal Audit Policy

MEMORANDUM FOR AUDIT COMMITTEE OF THE BOARD OF DIRCTORS
Ref. No. HO:I&A:KPR:049

Date: 15th January, 2007
The Chairman & Managing Director
The Executive Director
Risk Based Supervision in Banks

Migration from the existing Internal
Audit system to Risk Based Internal
Audit system -
Revision in Audit Policy
----------------------------------------------------
With the aim of moving towards Risk Based Supervision for ensuring close
alignment with the international best practices of banking under the aegis of Basel
Committee Recommendations and also in terms of Reserve Bank of India guidelines,
vide their letter No.DBS.CO.BC.10/11.01.005.2002-03 dated 27 th December 2002, we
had initiated necessary steps to review our current internal audit systems and prepared
ourselves for transition to a Risk Based Internal Audit (RBIA) system in a phased
manner. Accordingly, our Risk Based Internal Audit policy was framed by us and the
same was approved by the Audit Committee of the Board on 30.01.2003. We started
implementing RBIA at the branches in a phased manner beginning with the audit year
2003-04 initially covering Large and above categories of branches. During 2004-05,
RBIA was extended to cover Medium and Small categories of branches also. With
some minor modifications, RBIA policy was revised and the revision was approved by
the Committee on 29.03.2005. From 2005-06 onwards, RBIA is being conducted on a
regular basis at all branches as per the applicable periodicity either along with the
existing internal audit or as a separate exercise.
2. As per the RBI guidelines/directives, we are required to switch over to RBIA

system replacing the existing internal audit system once the RBIA stabilizes and staff
attains proficiency. In view of the fact that RBIA system, being in vogue for the last 4
years, has stabilized in our Bank and the concept has percolated down the line
reasonably and also taking into account the cost effectiveness, we have revised our
Risk Based Internal Audit policy by incorporating the salient features of the existing
internal audit which is mainly transaction-oriented, to have a unified RBIA system which
focuses more on risk perception rather than mere transactions. While drafting
…2
-2-
the revised RBIA policy, we have taken into account the relevant issues/
suggestions/observations made by Risk Management Department, Head Office vide
their IOMs No.RMD:RGK:2005-06:107 dated 27.04.2006 and No.RMD:RGK:2005-
06:218 dated 29.05.2006 and suitably addressed them in appropriate places.
3. As suggested by Risk Management Department, Head Office vide their IOM

No.RMD:RGK:2005-06:218 dated 29.05.2006, the above revised RBIA policy was
placed before a Quality Circle comprising a group of General Managers for deliberations
and fine-tuning. The meetings were held on 18.10.2006 & 12.12.2006 and after the
thorough scrutiny of the policy, the policy was vetted by the Group of General
Managers with some suggestions/directions. With due incorporation of the said
suggestions/directions, we have redrafted the revised Risk Based Internal Audit policy
and now submit the same for the approval of the Audit Committee of the Board. We
propose to effect the switch over from the ensuing audit year, 2007-08.
Submitted for approval, please
(B. V. S. Rana) (S.Sampath)

Asst. General Manager General Manager
RISK BASED INTERNAL AUDIT POLICY
EXECUTIVE SUMMARY
1. Preamble
1.1. The internal audit system which is in vogue is mainly transaction oriented
and is carried out to verify whether the various transactions undertaken by
the branches are correctly recorded and whether the stipulated
procedures have been adhered to. In this system of audit, the auditors
are not analysing the level of risk to which the branch is exposed. In the
backdrop of Basel Committee’s Recommendation on Banking
Supervision, Risk Based Internal Audit which is essentially an integral part
of Risk Based Supervision, was to be introduced in the Banks and the
audit system should be revamped so as to have focus mainly on the risk
perception rather than the mere transactions testing which should be
carried out to the extent of risk exposure under various parameters.
1.2. Accordingly, in terms of RBI guidelines, policy for Risk Based Internal
Audit (RBIA) was approved by Audit Committee of the Board on
30.01.2003 and was introduced in our Bank in April, 2003. In the first
phase, branches of Exceptionally Large, Very Large, Large and
Specialised categories were brought under the purview of RBIA during
2003-04. Then, it was extended to cover all the branches of Medium and
Small categories during 2004-05. With some minor modifications, the
policy was reviewed and the review was approved by ACB on29.03.2005.
From the year 2005-06, RBIA is being carried out in all the branches on an
ongoing basis either as a separate exercise or along with the existing
regular internal audit which is mainly transaction based, as per the
applicable audit cycle in accordance with the approved policy.
1.3. As per the directive of RBI vide their letter

No.DBS.CO.PP.BC.10/11.01.005/2002-03 dated 27 th December 2002 and
letter No.DBS.CO.PP.BC.17/11.01.005/2004-05 dated 1 st February 2005,
upon stabilisation of RBIA system and attainment of proficiency by the
audit staff in this regard, RBIA should replace the existing internal
audit/inspection and action plan should be chalked out for switching over
to RBIA. Accordingly, RBIA policy is revised by merging the salient
features of existing internal audit into it.
2. Coverage
The Areas covered are:
 Cash
 Deposits
 Foreign Exchange/Dealing Room
 Credit
 Investments
 Bills
 Remittances
 Government Business
 Non-Fund Based Business
 Staff & Establishment
 Estate & Premises
 Computer
 Inter-Bank and Inter-Branch reconciliation
 Other Miscellaneous Services
3. Approach
 While carrying out the Regular Internal Audit, the auditors are scrutinizing the
transactions/conduct of the accounts, verifying the security documents executed,
ascertaining whether the sanction is within the delegated authority or not, verifying
the compliance with the terms of sanction and also scrutinizing other operational
areas. Based on the observations, the auditors are pointing out the
irregularities/deficiencies existing at the branches; besides they are pointing out the
revenue leakage, if any.
 In RBIA, the auditors, besides carrying out the same function as mentioned above at
the prescribed level in the policy, record their observations in all the areas viz,
Advances, Deposits, Profitability, Business Development, Adherence to KYC/KYB
norms, Cash Management, Sensitive Stationery Movement, Delegation of Power,
Computer Systems Management etc. under positive and negative factors and
assess the risk level taking into consideration the overall impact of these positive
and negative factors. The negative factors are called risk factors. Based on the risk
factors, Monitorable Action Plan (MAP) for mitigating risks under various
parameters is suggested by the auditors in the audit report. Different types of audit
reports are prepared for General Banking Branches, Asset Recovery Branches and
Service Branches and risks are assessed under applicable parameters for these
branches
 Transactions testing/checking is not completely dispensed with under RBIA, but,
restricted to the level spelt out in the policy
 As per the extant policy guidelines, issue of Special Letters (for serious irregularities
noticed in accounts with sanctioned limit/exposure limit of Rs.10 lakh and above and
also for revenue leakage detected exceeding Rs.10 lakh per branch) and also
Special Observation Report (for serious irregularities noticed in accounts having
exposure/sanctioned limit of above Rs.2 lakh but not exceeding Rs.10 lakh per
account and revenue leakage detected Rs.20,000/- and over per account or revenue
leakage detected for more than Rs.2 lakh but not exceeding Rs.10 lakh per branch)
is proposed to be continued under amalgamated RBIA system
 Under RBIA, the Risk Profile of the branch is prepared based on the audit findings
and the Risk Profile reveals the risk level of the branch under various parameters in
a nutshell form.
 As per the RBIA policy, Risk Profiles of branches will be updated off-site as per the
following intervals based on all the relevant records such as MIS data with regard to
Deposits, Advances, Profitability etc. and also the compliance of previous/latest
reports of Concurrent Audit, IS Audit, Regular Internal Audit, RBIA, RBI Inspection
etc. which are available at ZO. MAP is suggested in this case also. Risk Profiles
thus prepared will be sent to the Branch/ZO for effective implementation of MAP by
drawing suitable action points and initiating necessary measures on that. The
reports of Risk Profiles of the branches will be closed by the respective ZM within 3
months of the date of Risk Profile. Zonal Audit Committee will also be apprised of
the Risk Profiles of branches and also closure of the same by ZM
Class/Category of branch Periodicity
All Small & Medium size branches -- As of 31 st March
All other branches -- As of 31 st March & 30th September
4. Risk Assessment & Rating of Branches
(For General Banking Branches; i.e other than Special categories of

Branches)
At present, rating of the branches under regular Internal Audit is given

under six categories viz. Excellent, V.Good, Good, Satisfactory, Fair &
Unsatisfactory whereas under RBIA, the ratings are awarded under 5
Composite Risk categories viz. Low Risk, Medium Risk, High Risk, Very
High Risk and Extremely High Risk, the Composite Risk being arrived at
with the help of risk matrix provided by RBI after taking into account the
level of Business Risk and Control Risk
Risk level of the branches are assessed under Business Category and
Control Category
Business Risk of the branches are assessed under Credit Risk, Earnings
Risk, Business Strategy Risk & Operational Risk parameters
Control Risk is assessed under Internal Control Risk and Compliance Risk
parameters.
Base Level Risk under each parameter is assessed under ‘Low, Medium
& High’ levels as per the marks obtained furnished as under:
Risk Percentage of Marks

awarded
Low Over 75
Medium 50 – 75
High Below 50
The direction/trend of the risk level is also assessed under

‘Decreasing/Stable/Increasing’ directions
Composite Risk of the branch is arrived under 5 levels viz. Low Risk,
Medium Risk, High Risk, Very High Risk & Extremely High Risk as per the
following matrix provided by RBI taking into the level of Business Risk and
Control Risk
Risk Matrix
Inherent Business Risks
High A B C Very
High Risk High Risk
Extremely
High Risk
Mediu D E F Very
m Medium Risk High Risk High Risk
Low G H I
Low Risk Medium Risk High Risk
Low Medium High
Control Risks
The trend analysis of the composite risk is interpreted as shown below:

Inherent Business
Increasing Increasing Increasing Increasing

Stable Stable Increasing Increasing
Decreasing Decreasing Stable Increasing
Risk
Decreasing Stable Increasing
Control Risk
Variation of marks in the same category upto + 5% or – 5% is considered as
STABLE. Variation of marks in the same category more than +5% or –5% is
considered as DECREASING/ INCREASING as the case may be.
In the case of Special Categories of branches, base level risk and

composite risk will be assessed under applicable parameters as above.
5. Periodicity of Audit
The following periodicity of audit of branches is proposed
Categories Audit Frequency

6 Months 9 Months 12 Months 15 Months 18 Months
All branches E.High - V.High - High - Medium - Low -
irrespective of Increasing/ Increasing/ Increasing/ Increasing/ Increasing/
the class/ Stable/ Stable/ Stable/ Stable/ Stable/
category with Decreasing Decreasing Decreasing Decreasing Decreasing
Composite
Risk rating as
Currency Chest
with Composite -do- -do- -do- -do- -do-
Risk rating as
Depository E.High/ Medium/
Participant V.High/High Low -
Office with Increasing/ ----- Increasing/ ------ ------
Composite Stable/ Stable /
Risk rating as Decreasing Decreasing
6. Level of transactions testing
With regard to transaction testing in credit segment, it is proposed that all new
accounts (irrespective of sanctioned limits) and also the following percentage of
accounts existing (preferably those accounts not covered under previous audit)
prior to current audit are to be covered in the current audit.
(In Percentage)
Total Sanctioned Limit or Size of Branch
Outstanding per borrower Small Medium Large Very Exceptionally
whichever is more Large Large
(Rs.)
Upto Rs.50,000 10 10 5 5 5
Above Rs.50,000/- up to Rs.2 30 25 20 10 10
lakh
Above Rs.2 lakh up to Rs.5 100 75 50 25 20
lakh
lakh
Above Rs.10 lakh 100 100 100 100 100
Note: The above level of transaction testing is as per the existing policy and we
propose to continue the same
As regards checking of the existing accounts, audit comments relating to

compliance of irregularities pointed out in the last audit report, review/documentation
subsequent to last audit and further developments since last audit are to be included.
With respect to transaction testing in the Deposits/Miscellaneous areas, the

percentage of deposit accounts/other miscellaneous transactions to be covered which
are opened/carried out after the last audit is proposed to be fixed as under:
Size Percentage of
of accounts/transactions
the
Bra
nch
Small 40
Medium 50
Large 100
Very Large 100
Exceptionally Large 100
However, 100% transaction testing in all the areas (Advance, Deposits,

Miscellaneous) will be undertaken in the branches whose Composite Risk rating was
assessed as ‘Extremely High/Very High’ in the previous audit.
7. Compliance & Closure of Audit Reports
Category of Branches Compliance time by Closure at ZAC/GM

branches
Large, Medium, Small & Within 2 months from the Within 3 months from the
Specialised (Small & date of audit report date of audit report at ZAC
Medium category) for branches with
branches Composite Risk Rating as
High (*in the case of both
Business Risk and Control
Risk are Medium) , Medium
& Low Risk and by
GM(I&A) for branches
under High (#in the case of
any one of Business Risk or
Control Risk is High and the
other is Low)Extremely
High / Very High Risk
Within 3 months from the Within 4 months from the
Exceptionally Large, Very date of audit report date of audit report at ZAC
Large & Specialised (other for branches under High
than Small & Medium (*as above), Medium & Low
category) branches Risk and by GM(I&A) for
branches under High (# as
above) Extremely High/
Very High Risk
8. Selection of Auditors
The guidelines for selection of audit officers are as under, at present:
i) He/She should be in Scale II/III and should have completed rural/semi-

urban branch exposure of minimum 3 years.
2) Should possess adequate exposure/knowledge of Branch Banking in
general and in Advances/Foreign Exchange/Computer Operations
3) Must have ‘A’ rating in Annual Performance Appraisal (APA) for preceding
3 years
4) The tenure for posting in Audit will be 3 years
9. Reporting to Head Office (Audit) Sub-Committee
i) Gist of audit observations on negative factors (risk factors) along

with the present status of compliance of RBIA reports of all
branches with Composite Risk rating assessment as ‘Extremely
High-Increasing/Stable/Decreasing and Very High-
Increasing/Stable/Decreasing’ irrespective of size will be
reported to Head Office (Audit) Sub-Committee for reporting.
ii) Gist of findings in special letters will be reported to Head
Office (Audit) Sub-Committee for reporting.
10. Reporting to Audit Committee of the Board/Reserve Bank of India
i) Summarized position of RBIA reports of H.O.Depts, Zonal

Offices, Zonal Audit Offices, MDI, ZTCs, and Bank’s
Subsidiaries closed at Head Office (Audit) Sub-Committee will
be submitted to Audit Committee of the Board for noting (no
other RBIA reports are closed at HOASC).
ii) Gist of audit observation with status of compliance in respect of
audit reports of all Specialised Branches and Exceptionally
Large Branches irrespective of their risk rating will be submitted
to Audit Committee of the Board for noting at quarterly intervals.
iii) The progress made in implementation of Risk Based Internal Audit
will be submitted to Reserve Bank of India on quarterly basis as per
the directives of RBI.
11. Any modification in the reporting format, either addition or deletion

of any item necessitated due to change in policy of the Bank or
change in operational guidelines, may be approved by GM (I&A),
provided it does not envisage any change in the audit policy
guidelines already approved by the Audit Committee of the Board.
RISK BASED INTERNAL AUDIT POLICY
1. Definition
The Risk Based Internal Audit is a process which helps broaden the
perspective of internal audit that includes the verification through usage of risk
management techniques and efficacy of internal control system under various
areas / parameters.
2. Scope
2.1 The scope of Risk Based Internal Audit will be to provide reasonable assurance
to the Board and Top Management, which includes:
2.1.1 Review of internal control system and procedures
(a) The audit function should provide high quality counsel to management on the
effectiveness of risk management and internal controls under various parameters
including regulatory compliance.
(b) The internal control system is in consonance with the organisational structure.
The controls should be in-built in the operating functions to be cost effective.
(c) Each control should be reviewed and analysed in terms of its costs and
benefits. It would also be seen whether the internal controls were in use
throughout the period of intended reliance i.e. period between the two
consecutive audits.
2.1.2 Review of Custodianship and safeguarding of assets in the context of risk

perception – monetary and non-monetary
(a) Auditor would review the control system to ensure that all assets are
accounted for fully. He would also review the mitigants available and used for
safeguarding assets against the risks which may eventually be leading to
financial loss.
(b) In case of use of electronic data processing equipment, the physical and
system control on processing facilities as well as on data storage would be
examined and tested.
(c) He would also review the adequacy of insurance cover for the various risks
involved.
(d) He should check the verification system of assets at the branch.
2.1.3 Review of relevance and reliability of information

(a) The Internal Auditor would review the information system to evaluate the
reliability and integrity of financial and operating information given to
management and to external agencies such as government bodies, local
monetary authorities, etc.
(b) The internal auditor would also review the means used for measuring,
classifying and reporting information including the records from which it is
extracted.
2.1.4 Review of utilisation of resources
(a) Internal auditor should check whether there is under staffing and over staffing
in various areas/ departments by examining the working of the branch as these
prevent optimum use of resources.
(b) The auditor would also evaluate resources utilisation, identifying the facilities,
which are under-utilised which may result in lesser/no income or loss. Such
instances may consist of under-utilised man, machine and matter of any kind.
2.1.5 Review of accomplishment of goals and objectives
(a) The auditor should critically evaluate the accomplishment of corporate

objectives in the backdrop of good risk management and availability of suitable
strategy/plan for achieving the same
(b) Review of means for achieving the goals would form the basis for evaluating
the performance of each of the field functionaries.
2.1.6 Examining the effectiveness of control framework
(a) The auditor should report on proper recording and reporting of major
exceptions and excesses that lead to risk perception.
(b) Transaction testing would continue to remain an essential aspect of risk

based internal audit. The extent of transaction testing will have to be determined
based on the risk assessment.
2.1.7 Review of the systems in compliance with money laundering identifying business
risks/ control risks
The auditor should review the systems in place at the branch for ensuring
compliance with money laundering controls, identifying potential inherent
business risks and control risks, if any.
2.1.8 The auditor should review/ report on :
(a) process by which risks are identified, analysed, measured and managed in
various
areas;
(b) the risk mitigating/control environment in various areas;
(c) gaps, if any, in control mechanism, which might lead to financial loss on
account of non-adherence to extant guidelines due to ignorance, negligence or
fraudulent acts and identification of fraud prone areas;
(d) budgetary control and performance reviews;
(e) monitoring compliance with the risk based internal audit report
(f) variation, if any, in the assessment of risks made during the profiling offsite
vis-à-vis risk based internal audit.
2.2 Inspection and audit will be risk based and the same is introduced at all branches
in a phased manner since April, 2003.
(Head Office Departments, Zonal Offices, Zonal Audit Offices, Regional Rural
Banks and Subsidiaries are brought under the ambit of Risk Based Management
Audit. A separate policy document is prepared for Risk Based Management
Audit)
3. Objective:
3.1 RBIA essentially entails the allocation of audit resources and monitoring
according to risk profile to minimise the impact of crisis situations. It involves
review and report on control environment as a whole, the process by which the
risks are identified, analysed, measured and managed, the line of control over
key processes, reliability of branch management function, safeguarding of assets
and compliance with rules and regulations and also external environment.
3.2 The main objectives of Risk Based Internal Audit are:
(a) To undertake allocation of audit resources in accordance with the risk profile
to minimise the impact of crisis situations i.e. to draw audit plans based on
risk assessment
(b) To ensure that the risks faced by the Bank in its efforts to meet its goals –
short term as well as long term are identified, risk is assessed and the
procedure followed for monitoring the risk is correct and fool proof.
(c) To answer the basic question about ‘what is’ as compared to ‘what should be’
the way the branch is managing risks.
(d) To evaluate the process, by which the risks are identified, analysed,
measured, monitored and managed by reviewing and reporting on the line of
control over key processes i.e. control environment as a whole instead of
identifying and testing controls.
(e) To test ‘how well all the risks perceived by the bank are managed’ rather than
finding out ‘whether the control over risks are adequate and effective’.
(f) To differentiate activities on the basis of risk assessment of each activity
during internal audit.
(g) To review and report on reliability of branch management function,
safeguarding of assets and compliance with rules and regulations.
4. Approach
4.1 The present internal audit is mainly transaction based and is carried out to verify
whether the various transactions undertaken by the branch are correctly
recorded and whether the prescribed procedures /guidelines issued by Head
Office/RBI/ Government of India have been observed/ complied with. Thus during
the course of audit, the extent of risk undertaken by the branches and the factors
available for mitigating the same under various areas is not assessed, which is a
vital component for the existence of the Bank.
4.2 The principal responsibility of managing the risks vests with the management, the
strategy of RBIA begins with independent risk analysis and allocation of audit
resources is planned on the level of risks identified. RBIA would mean that
greater emphasis is placed on role of mitigating risks. More attention will be paid
to high risk areas vis-à-vis medium and low risk areas.
4.3 Risk Based Internal Audit being a new exercise, a gradual but effective approach
would be necessary for its implementation. Since the internal audit system was
fairly deep-rooted, the risk based audit system is introduced in a phased manner.
Initially we conducted Risk Based Internal Audit of all branches under the
categories of Exceptionally Large, Very Large, Large and Specialised
(irrespective of their size) during 2003-04. As the staff started attaining
proficiency in the new system, the scope was extended to cover Medium and
Small branches also during 2004-05. Now, all the branches have got
accustomed to RBIA and hence RBIA is being carried out at the branches as per
the applicable audit cycle from 2005-06 on an ongoing basis. In terms of RBI
guidelines, the time has come now to merge the existing system of transaction
audit with Risk Based Audit with a view to have only one unified audit system
mainly focussing the risk perception on a larger way and restricting the
transaction checking to a limited extent and the unified system is proposed to be
made effective in 2006-07.
4.4 The pre-requisites for implementation of RBIA in the Bank would be:
a) Total revamping of existing internal audit system,

b) Making available the required resources such as manpower, development of
expertise through training including on-the job training to identified officers,
technical up-gradation, etc.
c) Putting in place revised policy guidelines, procedures, methodology, etc.
5. Coverage
5.1 Inspection & Audit will be conducted encompassing all the functional areas of the
branch in such a manner that it serves as an important tool of internal control.
Risk based audit will address audit coverage from risk management angle and it
will be planned on the basis of level of risks identified i.e. coverage will be
tapered according to level of identified risks with high risk areas getting priority
over low risk in allocation of audit resources. The audit will cover the adequacy
as well as implementation of various systems and procedures adopted in
identification, measurement and mitigation of different risks. It should cover
transactions during review period i.e. period between two consecutive audits.
The items of coverage during inspection/ audit of the branches are given in
Annexure-1.
5.2 The strategy of RBIA constitutes an independent risk analysis through proper
allocation of available audit resources i.e. allocating more resources for the
areas with higher risks. RBIA envisages branch-wise and business process-wise
risk assessment before on site auditing. The exercise will allow identification of
high risk areas and work prioritisation.
5.3 Risk Analysis of various Departments/ Sections
Areas to be looked into for Risk Analysis of various Departments/ Sections given
in Annexure - 2 covers different risks involved.
The Departments covered are:

 Cash
 Deposits
 Foreign Exchange/Dealing Room
 Credit
 Investments
 Bills
 Remittances
 Government Business
 Non-Fund Based Business
 Staff & Establishment
 Estate & Premises
 Computer
 Inter-Bank and Inter-Branch reconciliation
 Other Miscellaneous Services
6 Risk Assessment:
6.1 The risk based internal audit undertakes risk assessment for the purpose of
formulating the risk based audit plan. The risk assessment would, as an
independent activity, cover risks at various levels (corporate and branch; the
portfolio and individual transactions, etc.) as also the processes in place to
identify, measure, monitor and control the risks.
Clarification: The risk based internal audit undertakes an independent risk
assessment solely for the purpose of formulating the risk based audit plan
keeping in view the inherent business risks of an activity/ location and the
effectiveness of the control systems for monitoring the inherent risks of the
business activity.
6.2 The assessment process would, inter alia, include the following:
 Identification of inherent business risks in various activities undertaken by the
bank.
 Evaluation of the effectiveness of the control systems for monitoring the
inherent risks of the business activities (‘Control risk’).
 Setting up of rating norms with a view to determining the level of risk to which
the bank is exposed viz; low, medium or high and the direction of the risk to
which the bank is proceeding viz; increasing, decreasing or stable.
 Mapping of business risk and control risk and the identification of the direction
of risk to enable to direct the resources to those areas of working which depict
higher risk. Drawing up a risk matrix for taking into account both the factors
viz. inherent business risks and control risks. The illustrative risk matrix
(level) and risk matrix(trend/direction) are shown below:
Risk Matrix (Level)

High A B C
High Risk Very High Risk Extremely
High Risk
Medium D E F
Medium Risk High Risk Very High Risk
Low G H I
Low Medium High
Control Risks
Risk Matrix (Trend/Direction)

Increasin A B C
g Increasing Increasing Increasing
Stable D E F
Stable Increasing Increasing
Decreasi G H I
ng Decreasing Stable Increasing
Control Risks
6.3 The risk assessment may make use of both quantitative and qualitative
approaches. While the quantum of credit, market and operational risks could
largely be determined by quantitative assessment, the qualitative approach may
be adopted for assessing the quality of control in various business activities. In
order to focus attention on areas of greater risk to the bank, an activity-wise and
location-wise identification of risk would be undertaken.
6.4 The assessment methodology would include, inter alia, the following parameters:
 Previous internal audit reports and compliance

 Proposed changes in business lines or change in focus
 Significant change in management/ key personnel
 Results of latest regulatory examination report
 Reports of external auditors
 Management information data
 The significance of an activity and volume of business
 Substantial directions/variations in performance vis-à-vis the budget
 Industry trends and other environmental factors
 Time lapsed since last audit
6.5 While the interval for undertaking formal risk assessment may be one year, more
frequent formal risk assessments would be desirable if the overall risk to which a
branch is exposed, is perceived as high.
7. Audit Prioritisation
7.1 With a view to formally assess the degree of various business and control risks at
the branch in order to prioritise the risk based internal audit of the branch under
their jurisdiction and also to prepare the audit plan accordingly, each Zonal Audit
Office will prepare/update the risk profile of the branch as per Annexure-3 as
enumerated under para 13.3 well in advance and conduct the audit later on to
compare/find out whether the risk assessment as per the profile prepared before
audit turned out to be true, particularly areas identified as high risk did indeed
turn out to be high risk and vice versa for low risk. Format for obtaining/updating
the risk profile of the branch is as per Annexure-3.
7.2 On-site inspection covers actual Business Strategies adopted by the branch,
Review of compliance methodology, Adequacy of Internal Controls, Risk
Management controls, Business Environment- location, competition, clientele,
products and services, Quality of Customer Service, Awareness of staff
regarding systems and procedures, Futuristic View of Business Strategies, Know
Your Customers/Business norms.
8. Periodicity of Audit
8.1 Inspection and audit of branches will be conducted once every 18/15/12/9/6
Months depending on the composite risk rating of the branches assessed during
the preceding audit.
8.2. Audit Frequency: It is based on Composite Risk rating as mentioned below:
Categories Audit Frequency

6 Months 9 Months 12 Months 15 Months 18 Months
All branches E.High - V.High - High - Medium - Low -
irrespective of Increasing/ Increasing/ Increasing/ Increasing/ Increasing/
the class/ Stable/ Stable/ Stable/ Stable/ Stable/
category with Decreasing Decreasing Decreasing Decreasing Decreasing
Composite
Risk rating as
Currency Chest
with Composite -do- -do- -do- -do- -do-
Risk rating as
Depository E.High/ Medium/
Participant V.High/High Low -
Office with Increasing/ ----- Increasing/ ------ ------
Composite Stable/ Stable /
Risk rating as Decreasing Decreasing
Note: All the newly opened branches should be audited immediately after
completion of six months of their opening.
9. Norms for allotment of mandays
Allotment of mandays will be dependant on the percentage of transaction testing

which is based on the risk perception/assessment under various
areas/parameters evaluated as per the latest risk profile of the branches
prepared offsite or at the time of the last RBIA whichever is found adverse taking
into consideration business growth during the review period, business mix,
number of accounts at the branch, etc.
10. Approval of Annual Audit Plan
10.1 Taking into consideration the norms for allotment of man days as stated under
item No.8 of the policy document, in the month of March every year, Annual Audit
Plan for the next financial year will be called for from all the Zonal Audit Offices
giving the number of branches/other offices to be audited along with the number
of man days required and the number of man days available. The annual audit
plan of all the Zonal Audit Offices will be consolidated at Head Office and the
consolidated Annual Audit Plan will be put up to the General Manager, Inspection
& Audit Department for approval by the end of March every year. Manpower
requirement for carrying out the Audit Plan is determined based upon 210 man
days per officer, after providing for holidays, leave, ‘shut period’, travel time etc.
Further, the audit exercise will be suspended during the ‘shut period’ i.e;
March/April and September/October for approximately 15 days each, so as to
facilitate the branches to concentrate on the Annual/Half-yearly closing work.
10.2 The prioritisation of Audit Resources will be determined by drawing Audit Plan
with the help of Risk Audit Matrix as provided in item No.15 of the policy
document by respective ZAOs and consolidated at HO, I&A which will be
approved by GM, I&A.
11. Guidelines for selection of Audit Officers
The broad criteria, which are indicative in nature, for selection of officers for Audit
are as under:
(a) The Officer should be in Scale II or III and should have completed rural/ semi
urban branch exposure of minimum 3 years.
(b) The Officer must have knowledge of/ exposure to Branch Banking in general.
(c) The Officer must possess knowledge in advances/ foreign exchange/
computer operations. Exposure to investment portfolio management will be
an added advantage.
(d) The Officer must have ‘A’ rating in Annual Performance Appraisal (APA) for
preceding 3 years.
(e) The tenure of Officers selected for posting in Audit will be for 3 years.
12. Role of auditor
12.1 Under the risk based internal audit the main objectives being the assessment of
risks to which the bank is exposed to as well as evaluation of available internal
control mechanism the auditor, while evaluating the risk, has to keep in view the
following:
a) Previous Audit Reports- Internal, Concurrent, Statutory, RBI, IS Audit, etc.
and its compliance
b) proposed changes in business lines or change in focus
c) Significant change in management/ key personnel
d) Industry trend
e) Other Environmental factors including macro/micro economic environment
f) Time elapsed since last audit
g) Prior audit findings and actin taken on them
h) Volume of business taking into account the potentials available.
i) Internal Controls and Control Environment.
j) Quality and Experience of Management i.e. Manager and his deputies.
k) Complexities of business handled by the branch.
l) Deviation from Budget Plan
12.2 The internal auditor has to -
a) Interface with Branch Manager and other Officers and staff members.
b) Assess the effectiveness of business strategies applied, policies and

procedures implemented by the branch for achievement of Corporate Goals.
c) Review of -
 Mechanism for reporting compliance with policies and procedures.
Accuracy in reporting and its impact.
 Adequacy of internal control and Risk Management Control.
 Branch specifics- location, business environment, competition faced, etc.
 Quality of Customer Service including Handling of Customer Complaints.
 Level of Awareness of Bank’s systems, procedures, implementation,
products and services, pricing, etc. amongst staff at all levels.
 Future Business Strategies in relation to the potentials available in the
area of operation
12.3 The auditor has to examine and evaluate every activity undertaken by the
branch. In the process he has to, interalia
a) Check the verification system of assets at the branch.

b) Scrutinise advances as well as investments portfolio including decisions taken
therefor and compliance with laid down procedures taking into account the
risk mitigating tools available at the branch
c) Transaction testing and focusing on risks.
d) Testing of compliance with local regulations.
e) Scrutiny of budgetary control and Performance Review System.
f) Testing the controls in place particularly for prevention and detection of
frauds.
13 Pre-audit preparations by Audit Teams

13.1 It involves formal preparation/updation of risk profiles of branches as enumerated
in para 13.3 for determining audit objectives/scope by evaluating internal controls
in managing/mitigating risk and level of compliance by walkthroughs, Testing,
Data Collection, Inter-face with controlling officials. Based on this, wherever level
of risk assessment is found to be high, medium or low, the level of transaction
testing (as enumerated under item No.15 of this policy document) while carrying
out RBIA is determined to ensure that the bank’s exposure to risk from a given
function or activity is accurately captured and monitored. Thus, the exercise of
preparation/updation of risk profile of branches is a pre-requisite for carrying out
effective RBIA. No doubt, the risk profile prepared upon carrying out RBIA at
the branch will reflect the accurate assessment of level and direction of
risks under various parameters.
13.2 Risk profile document which is the final output of the risk assessment exercise is
intended to be a dynamic document and hence all changes and developments
within and outside the bank that may have an impact on the risk profile are to be
tracked on an ongoing basis. That is, updation of risk profile will have to be
taken up periodically. However, considering the nature and volume of business
and other services handled at branches, the periodicity for updating the risk
profiles of branches of different class/category is proposed as under:
Class/Category of branch Periodicity
All Small & Medium size branches -- As of 31 st March
All other branches -- As of 31 st March & 30th September
13.3 For updating the Risk Profiles of Branches (prepared off-site), the auditors can
utilise the following source of inputs which may be available at respective Zonal
Offices under whose jurisdiction the branches are functioning and they need not
visit the branches.
a) Inspection report of RBI, if any available and also its compliance

b) Concurrent Audit Reports and their compliance
c) Latest Internal Audit/IS Audit/Revenue Audit Reports and their compliance
d) Statutory Audit Report, LFAR and their compliance
e) MIS data including CCIS returns, QHP, MHP,BPR,CA-23 etc.
f) Latest Risk Profile, previous Risk Based Internal Audit Report and
compliance thereof
g) Any guidelines/direction given to the Branch from the controlling
authorities and the extent of their compliance
h) Any other information pertaining to the Branch.
13.4 The Risk Profiles will be updated and sent to the branches by the Zonal Audit
Offices within a fortnight from the conclusion of the concerned period covered as
stipulated in 13.2 above with a copy to the respective Zonal Office for
compliance and follow-up (as enumerated in para 17.3 & 17.4)respectively.
14. Reporting Format
14.1 Risk Based Internal Audit Report:
We have in place suitable formats for reporting the positive factors (the strength)
and the negative factors (weakness) observed during the conduct of RBIA at
different category of branches (General Banking Branches, Asset Recovery
Branches, Treasury Branch, Service/Drafts Paying Branches, Currency Chests)
considering mainly the risk perception under each area and also the transaction
testing to the limited extent as provided in the policy document along with the
suggestions of Monitorable Action Plan by the auditors for mitigating risk under
various parameters. The audit report formats for different category of branches
as specified above are provided in Annexure – 4.
14.2 Special Letter/ Special Observation Report:
14.2.1 If during the course of audit any serious irregularities (the nature of such
irregularities are listed in the Annexure-I) involving amount above Rs.10.00 lakh
(either sanctioned limit or outstanding whichever is more) per account / revenue
leakage detected exceeding Rs.10 lakh per branch, which may put bank’s
interest in jeopardy, are noticed by the Auditors, the same should be brought
to the notice of Chief Incumbent of the branch and thereafter to the respective
Zonal Audit Chief in the form of Special Letter as specified in the format as per
the Annex. In such cases where, the Branch Manager is himself involved in
the irregularities, which may be fraudulent in nature, such discussions with
him are not necessary. The Special Letter for reporting such irregularities will be
vetted by the Zonal Audit Chief before forwarding the same to the
Branch/Zonal Office with a copy to Inspection and Audit Department, Head
Office immediately.
14.2.2 If during the course of audit any serious irregularities (the nature of such
irregularities are listed in the Annexure-I) involving amount above Rs.2.00 lakh
(either sanctioned limit or outstanding whichever is more) and upto Rs.10.00
lakh (either sanctioned limit or outstanding whichever is more) per account/
revenue leakage detected Rs.20,000 and over per account or total revenue
leakage detected more than Rs.2.00 lakh but not exceeding Rs.10.00 per
Branch, are noticed by the Auditors, the same should be brought to the notice
of Chief Incumbent of the branch and thereafter to the respective Zonal Audit
Chief in the form of Special Observation Report as specified in the format as per
Annex. In such cases where, the Branch Manager is himself involved in the
irregularities, which may be fraudulent in nature, such discussions with him
are not necessary. The Special Observation Report for reporting such
irregularities will be vetted by the Zonal Audit Chief before forwarding the
same to the Branch/Zonal Office with a copy to Inspection and Audit Department,
Head Office immediately.
14.2.3 For other matters (the gist of such matters is provided in the Annexure-I), where
the quantification of amount involved is not possible, Special Letter or Special
Observation Report will be issued depending upon the nature and seriousness of
irregularity.
14.3 Risk Profile:
Risk Profiles prepared on conduct of RBIA will serve as Composite Inspection

Notes which furnish the actual risk assessment under various parameters in brief
and also contain the Monitorable Action Plan suggested by the auditors for
mitigating risks. The Zonal Audit Offices will send the copy of such Risk Profiles
only, upon completion of RBIA at branches, immediately to HO, I&A. However,
in the case of the branches with composite risk rating as ‘Extremely High/Very
High’ or ‘High’ on account of one of the Business Risk or Control Risk is rated as
High and the other is Low, Risk Profiles should be sent along with the audit
report of such branches. Further, Risk Profiles will be updated as per the
applicable periodicity as per the policy enumerated in item No.13.2. In both the
cases, Risk Profiles are to be vetted by the Zonal Audit Chief before sending the
same to the concerned branches/ZO/HO, I&A.
15. Rating of Branches
The audit rating of the branches will be done by the Audit team after conclusion
of the audit based on its performance in relation with the level of
control/mitigation of risks under various parameters observed during the course
of audit covering the period from the date of commencement of last audit till the
preceding date of commencement of the current audit as per applicable Annex-6.
The branches will be awarded rating separately under each parameter and rating
for consolidated performance under the parameters of Business Risk and Control
Risk based on which the Composite Risk or Aggregation of Risk of the branch as
per the matrix prescribed by RBI will be arrived at. There will be three basic level
risk ratings i.e. Low, Medium and High under each parameter. The
trend/direction viz., Increasing, Stable and Decreasing will also be indicated by
comparing the level of risk under each parameter at the time of previous
audit/latest updated profile with the level assessed during the current audit.
BASIS FOR RISK ASSESSMENT

awarded
Low Over 75
Medium 50 – 75
High Below 50
The probable reasons/ attributes and the meaning attached to each rating are
given in the following chart.
Sr Level and
Meaning for controlling
N Direction Probable Reasons/Attributes
o Authorities
of Risk
1 High - Deterioration to the large extent Controlling Authority to analyse
Increasing in risk management, operational the reasons (including the
efficiency, compliance and asset negative factors brought out by
quality and earning during review the auditors in the report) for
period. deterioration and initiate suitable
immediate action plan (besides
the Monitorable Action Plan
suggested by the auditors) for
improvement within a period of
one month and monitor the
branch performance on regular
basis
2 High – Status-quo-ante of perturbing Controlling Authority to initiate
Stable level in risk management, immediate action plan including
operational efficiency, the Monitorable Action Plan
compliance and asset quality suggested by the auditors for
coupled with stability in earnings improvement within the period
during review period. not exceeding two months
and monitor the branch
performance on regular basis.
3 High - Slight improvement in the Controlling Authority to initiate
Decreasing perturbing level of risk suitable action plan including the
management, operational Monitorable Action Plan
efficiency, compliance and asset suggested by the auditors for
quality and earning during review improvement in period not
period exceeding two months and
monitor the branch performance
on regular basis.
4 Medium - Increasing trend of inadequacy in Controlling Authority to analyse
Increasing risk management, operational the reasons for inadequate risk
efficiency, compliance & asset management, suggest suitable
quality and earnings during remedial action, monitor the
review period, which may be of performance and review the
temporary nature and can be progress from time to time.
corrected in period not exceeding
three months.
5 Medium - Status quo ante of inadequacy in Controlling Authority to monitor

Stable risk management, asset quality, the performance and review the
earnings during review period. progress from time to time.
6 Medium - Improvement in previous rating, Controlling Authority to monitor
Decreasing asset quality and earning during the performance and review the
review period. progress from time to time.
7 Low - Deterioration in risk management Controlling Authority to analyse
Increasing which was reasonably good in the reasons for deterioration and
operational efficiency, guide the branch suitably and
compliance & in asset quality and also monitor the position in
earnings during review period, normal course.
which can be corrected within a
reasonable time.
8 Low - Status quo ante of reasonable Controlling Authority to analyse
Stable risk management, operational the reasons for stagnation and
efficiency, compliance & asset supervise the branch in normal
quality and earnings during course.
review period.
9 Low - Appreciable level in risk Controlling Authority to
Decreasing management, operational supervise the branch in normal
efficiency, compliance & asset course to maintain the level.
quality and earning during review
period.
The transaction testing will be determined based on Risk Audit Matrix

depending on the level/direction of risk under each parameter of both Business
Risk and Control Risk categories as per the latest updated pre-audit risk
profiling of branches assessed on the basis of the frequency of risk
(probability of default) and the magnitude of risk (loss given default) in
the respective areas as under:
Risk Audit Matrix
Magnitude of Risk
High High M High M High M
Low F Medium F High F
Mediu Medium M Medium M Medium M
m Low F Medium F High F
Low Low M Low M Low M
Low F Medium F High F
Low Medium High
Frequency of Risk
However, with regard to transaction testing in credit segment, it is proposed that

all new accounts (irrespective of sanctioned limits) and also the following
percentage of accounts existing (preferably those accounts not covered under
previous audit) prior to current audit are to be covered in the current audit.
(In Percentage)
Total Sanctioned Limit or Size of Branch
Outstanding per borrower Small Medium Large Very Exceptionally
whichever is more Large Large
(Rs.)
Upto Rs.50,000 10 10 5 5 5
Above Rs.50,000/- up to Rs.2 30 25 20 10 10
lakh
lakh
lakh
Above Rs.10 lakh 100 100 100 100 100
In the case of checking the accounts in existence prior to current audit, audit
comments relating to compliance of irregularities pointed out in the last audit report,
review/documentation subsequent to last audit and further developments since last
audit are to be included.
As regards transaction testing in the Deposits/Miscellaneous areas, the

percentage of deposit accounts/other miscellaneous transactions to be covered which
are opened/carried out after the last audit is proposed to be fixed as under:
Size of the Branch Percentage of
accounts/transactions
Small 40
Medium 50
Large 100
Very Large 100
Exceptionally Large 100
However, 100% transaction testing in all the areas (Advance, Deposits,

Miscellaneous) will be undertaken in the branches whose Composite Risk rating was
assessed as ‘Extremely High/Very High’ in the previous audit.
16. Exit Meeting:

Upon completion of the risk based audit, the team leader alongwith other
members of the team will interact with the officials of the branch, present the
SWOT analysis and indicate the risk areas, in addition to the suggestions of the
team for achieving perceptible improvement in overall functioning of the branch
audited. The team will also suggest Monitorable Action Plan (MAP) for
mitigating the risks at various areas of the branch. The minutes of the exit
meeting will be submitted alongwith the audit report as per the format proved in
Annexure – 5.
17. Compliance and Follow-up for Compliance of Audit Report, Updated Risk
Profile
17.1 Compliance of Report – The primary responsibility for qualitative and timely
compliance i.e; attending to all the negative factors brought out in the audit report
conclusively and also initiating necessary measures by way of drawing suitable
action points (help of the Zonal Office may be availed, if required) for
implementing the Monitorable Action Plan suggested by the auditors and
furnishing the present status of compliance of the same will rest with the auditee
branch. The time limit for compliance will be two months from the date of
audit report for Large, Medium, Small & Specialised (Small and Medium
categories) Branches and three months for Exceptionally Large, Very Large
and Specialised (other than Small and Medium categories) Branches.
17.2 Follow-up for Compliance of Reports – The primary responsibility of ensuring

timely and qualitative compliance through well designed follow-up system will be
that of Zonal Office. Follow-up Audit Cell (FAC) at Zonal Office will be the focal
point and function as single point contact for all audit matters. After ensuring
conclusive compliance, the ZO should submit to the appropriate authorities for
closure of the audit reports of Large, Medium, Small & Specialised (Small
and Medium categories) branches within three months from the date of the
report and four months in the case of Exceptionally Large, Very Large and
Specialised (other than Small and Medium categories) branches and the
concerned branches should be advised accordingly.
17.3 Compliance of Updated Risk Profile – Taking into consideration the negative
factors, the necessary measures initiated by the branch by way of drawing
suitable action points, (help of the Zonal Office may be availed, if required) for
implementing the Monitorable Action Plan suggested in the updated risk profile,
along with the present status of compliance thereof to be submitted by the
branch to the Zonal Office within two months of the date of the profile.
17.4 Follow-up for Compliance of Updated Profile - Follow-up Audit Cell of ZO should
follow-up with the branch for compliance of the Monitorable Action Plan. After
ensuring conclusive compliance, it should be submitted to the Zonal Manager for
closure within three months of the date of the profile and the concerned
branch should be advised accordingly.
17.5 Compliance with Monitorable Action Plan suggested with respect to the updated
Risk Profile of branches to be taken up for review during Zonal Audit Committee
meetings.
18. Level of Authority for Noting & Closure of Audit Reports
18.1 Risk Based Internal Audit Reports: The audit reports of the branches will be
submitted for Noting / Closure at Zonal Audit Committee meeting / to GM,
I&A,H.O. after ensuring conclusive compliance of the negative factors and the
Monitorable Action Plan brought out in the reports. The audit reports of Large,
Medium, Small & Specialised (Small and Medium categories) branches
should be closed within three months from the date of the report and four
months in the case of Exceptionally Large, Very Large and Specialised
(other than Small and Medium categories) branches at Zonal Audit
Committee/GM, I&A, H.O. level as per the authority specified as under. In
the case of audit report of DPO, the report should be closed within one
month from the date of report by ZAC.
-----------------------------------------------------------------------------------------------------------
Level of Assessment of Conclusive Compliance Level of Authority
Composite Risk of ensured by for closure of
Branches RBIA
-----------------------------------------------------------------------------------------------------------
Extremely High/I,S,D Zonal Manager & Zonal General Manager
Audit Chief I&A, H.O
.
Very High/I,S,D Zonal Manager & Zonal General Manager
Audit Chief I&A, H.O.
High/I,S,D
(on a/c of one of the Zonal Manager & Zonal General Manager
parameters is High Audit Chief I&A, H.O.
and the other is Low)
High/I.S.D Zonal Manager & Zonal Zonal Audit Committee

(other than as above) Audit Chief
Medium/I,S,D Zonal Manager & Zonal Zonal Audit Committee

Audit Chief
Low/I,S,D Zonal Manager & Zonal Zonal Audit Committee

Audit Chief
-----------------------------------------------------------------------------------------------------------
18.2. Special Letters: The Zonal Office will prepare and submit a detailed point-wise
conclusive compliance of the irregularities pointed out in the special letter (after
receipt of branch compliance) along with the staff accountability aspect to the
Zonal Audit Chief and upon the later getting satisfied with the compliance, the
joint recommendations of the Zonal Manager and Zonal Audit Chief will be
forwarded to Head Office, Inspection & Audit Department. The General Manager
(I&A), upon satisfying about the adequacy of the compliance and also the action
on staff accountability aspect, will accord approval for closure of the special
letters with specific time-bound action plan for compliance of pending
irregularities, wherever deemed necessary, within three months of the date of
the Special Letter. However, Action Take Report on the Special Letter
should be apprised to GM(I&A) within 15 days from the date of receipt of
the Special Letter by the Zonal Office.
18.3 Special Observation Reports: Special Observation Reports are closed at Zonal
Audit Committee after ensuring point-wise conclusive compliance of the
irregularities pointed out in the special observation report (after receipt of branch
compliance) along with the staff accountability aspect wherever required. In
respect of Revenue Leakage exceeding Rs.1.00 lakh per account, on recovery of
the revenue leakage detected, the Zonal Office should furnish the details on Staff
Accountability to General Manager, Head Office, Inspection & Audit Department
through the Zonal Audit Office, recommending the action to be taken in this
regard. The General Manager, Inspection & Audit Department, Head Office, will
convey his decision to the Zonal Office/Zonal Audit Office with regard to the staff
accountability aspect. The SOR (both on serious irregularities and/or revenue
leakage) will be closed at Zonal Audit Committee within three months of the
date of the Special Observation Report.
18.4 The Updated Risk Profiles: The updated Risk Profiles will be closed by the
respective Zonal Managers within two/three months of the date of the profile
as the case be as mentioned in para 17.3 & 17.4 after ensuring conclusive
compliance on the negative factors and Monitorable Action Plan pointed out in
the Profiles and the branch should be advised accordingly.. However,
compliance with Monitorable Action Plan suggested with respect to the updated
Risk Profile of branches to be taken up for review during Zonal Audit Committee
meetings.
19. Zonal Audit Committee:
19.1 With a view to channelising efforts for proper follow-up action on various audit
reports, Special Letters, Special Observation Reports and Updated Risk Profiles
and their subsequent closure, Zonal Audit Committee has been set up at each
Zone. The meeting of the Committee will be attended by the Zonal Manager
(Chairman), the Zonal Audit Chief (Convenor), the senior most Zonal Executive,
the Officer in charge of Follow-up Audit Cell of the Zonal Office (Members).
19.2 The Zonal Audit Committee has to meet at least 6 times in a year and the
interval between the two meetings, should not, normally exceed 3 months. The
meetings will be fixed by the Zonal Audit Chief in consultation with the respective
Zonal Manager and other members of the Committee and the meetings will be
held at Zonal Head Quarters.
19.3 The Zonal Audit Chief being convenor, will attend all the meetings of Zonal Audit
Committee in respect of Zones under his jurisdiction. In the absence of Zonal
Audit Chief, the official holding charge shall attend such meetings. The General
Manager/Deputy General Manager/Assistant General Manager of Inspection
& Audit Department, Head Office shall attend the Zonal Audit Committee
Meeting to oversee its functioning at periodical intervals.
19.4 The compliance submitted by the Branch/Zonal Office in respect of Audit

Reports, Special Letters, Special Observation Reports and Updated Risk Profiles
will be discussed from the risk angle, and if found satisfactory, they will be
noted/closed/recommended for closure to Head Office. The decision of noting
and closure will be taken by the Committee by consensus.
19.5 The committee will formulate a time bound action plan for clearance of pending
audit reports, special letters, special observation reports, recovery of revenue
leakage and updated risk profiles and review the progress in its implementation
for mitigating risk under various parameters in subsequent meetings till
conclusive compliance of the same.
19.6 The committee will review the compliance of Monitorable Action Plan suggested
with respect to the updated of Risk Profiles of branches as and when they are
closed by the Zonal Manager.
20. Reporting by Zonal Audit Offices to Head Office, I&A
All Zonal Audit Offices should report on monthly basis as at the end of every
month to HO, I&A as to the details of number of branches falling due for RBIA
during the month as per the approved audit plan, number of branches wherein
audit is completed along with risk rating, the names of the branch whose
composite risk rating is assessed as ‘Extremely High/Very High’ and also the
details of risk rating as at the end of the month in the format provided in
Annexure-A and Annexure-B. Also, all ZAOs should report on monthly basis the
details of total number of branches in their jurisdiction under different risk ratings
along with the particulars of names of the branches whose composite risk rating
is assessed as ‘Extremely High/Very High’ in the format provided in Annexure-C.
Further, all ZAOs will report on monthly basis the position of pending audit
reports (for closure) as at the end of every month in Annexure-D
21. Reporting to the Top Management
Progress on implementation of RBIA in the branches in the line of approved audit

plan will be reported to the Top Management on quarterly basis.
22. Reporting to Head Office (Audit) Sub-Committee

i) Gist of audit observations on negative factors (risk factors) along with the
present status of compliance of RBIA reports of all branches with Composite
Risk rating assessment as ‘Extremely High-Increasing/Stable/Decreasing and
Very High-Increasing/Stable/Decreasing’ irrespective of size will be reported to
Head Office (Audit) Sub-Committee for reporting.
ii) Gist of findings in special letters will be reported to Head Office (Audit)
Sub-Committee for reporting.
23. Reporting to Audit Committee of the Board/Reserve Bank of India
23.1 Summarized position of RBIA reports of H.O.Depts, Zonal Offices, Zonal Audit
Offices, MDI, ZTCs, and Bank’s Subsidiaries closed at Head Office (Audit)
Sub-Committee will be submitted to Audit Committee of the Board for noting
(no other RBIA reports are closed at HOASC).
23.2 Gist of audit observation with status of compliance in respect of audit

reports of all Specialised Branches and Exceptionally Large Branches
irrespective of their risk rating will be submitted to Audit Committee of the
Board for noting at quarterly intervals.
23.3 In terms of instructions of Reserve Bank of India, a quarterly report beginning

from the quarter ended 31st March 2003 on the progress made in implementation
of Risk Based Internal Audit will be submitted through the Compliance Cell, H.O.
to Reserve Bank of India after being duly vetted by the constituted Committee of
General Managers for Risk Based Supervision as Institutional Mechanism for
RBS (the reconstitution of Committee approved by the Chairman & Managing
Director on 11.09.2004, vide Memorandum No.COMP:MK:30:2004-05 dated
07.09.2004).
24. Any modification in the reporting format, either addition or deletion of any
item necessitated due to change in policy of the Bank or change in
operational guidelines, may be approved by GM (I&A), provided it does not
envisage any change in the audit policy guidelines already approved by the
Audit Committee of the Board.
Annexure –1
ITEMS OF COVERAGE DURING INSPECTION / AUDIT OF BRANCHES
(A) Inspection & Audit of branches
1) Audit of advances portfolio covering adherence to policy document on lending,

quality of credit appraisal, credit control and adherence to Credit Monitoring Policy,
Credit Risk Management, availability of credit risk mitigants, adherence to Fair
Practices Code on Lender’s Liabilities, overall composition and quality of the credit
portfolio with a special focus on problem credits. It will involve scrutiny of advances
accounts selected as per the level prescribed in the item No.15 of policy document
of which 50% of accounts should be from the new accounts opened from
commencement of previous audit to present audit. The accounts should be selected
in such as way that they cover the majority of the total outstanding advances in the
old as well new accounts. All problem credit accounts (NPA accounts, out of order
and causing concern accounts) should also be covered and developments from last
audit should be seen during the audit. It will also involve scrutiny of compromise
proposals, their cost benefit analysis, process of recovery / legal action and
execution of decrees. The following aspects will be looked into by the Auditors :
 Lending as per norms fixed by Head Office.

 Adherence to systems and procedures in the loan policy document.
 Adherence to Reserve Bank of India, FEMA rules and guidelines.
 Adherence to prudential exposure limits.
 Obtention of credit report from rating agencies.
 Obtention of Status Report from the previous bankers in the case of take
over.
 Evaluation / Assessment of the net worth of the borrowers / guarantors
based on Personal Financial Statements (PFS) and analysis thereof
supported by documentary evidences.
 Obtention of financial statements as per HO guidelines and analysis
thereof.
 Obtention of CIBIL report
 Verification of default, if any from RBI’s Defaulters List, ECGC Caution List
 Verification of Credit Rating.
 Preparation of proposal in the standard format for new advances and
review of existing advances.
 Critical comments on quality of appraisal for fund based and non-fund
based facilities.
 Justification for fund based and non-fund based facilities.
 Exercise of delegated authority judiciously at the time of fresh sanction
and allowing TOL/TOD.
 Compliance / deviation with / from terms of sanction.
 Charging of correct rate of interest and effecting changes in rate of interest
as and when announced by HO
 Documentation with reference to stamp duty, execution, etc. as per State
laws including creation and registration of charge with appropriate
authorities on the assets charged to the Bank.
 Submission of stock statements as per terms of sanction, calculation of
drawing power, drawing limit etc.
 Obtention of CMA, QIS returns, Audited Balance Sheet and other financial
returns periodically and effectively scrutinising thereof.
 Monitoring of operations in the account with special reference to end use
of funds.
 Conduct of stock inspections as per terms of sanction, submission of

reports, action taken on inadequacies reported by the inspecting official.
 Scrutiny of bills purchased and bills discounted with reference to terms of
sanction, overdue bills, recovery of overdue bills, etc.
 Insurance of assets charged to the bank with reference to the adequacy
thereof, the goods covered, location, risks covered, bank’s charge, etc
 Recovery of proposal processing charges, inspection charges,
documentation charges etc as per the prescribed rates.
 Obtention of ECGC coverage wherever applicable.
 Monitoring of problem credits and its steps taken for recovery including
filing of suits.
 Reporting of default in time to ECGC and invocation of ECGC claim within
the stipulated time
 Status of laws of limitation and obtention of renewal documents.
 Issue of guarantees, letters of credit, etc.
 Follow-up for reversal of liabilities in respect of expired guarantees.
 Steps taken for recovering the amount due to devolvement of letters of
credit.
 Position of Review of Advance Accounts overdue for review including
reasons for delay in review of accounts.
(The above is only illustrative)
2) Audit of Investments portfolio (HTM, AFS & HFT) with reference to adherence to
laid down policies, Head Office specific prescriptions, liquidity of the investment
from two angles i.e. maturity and marketability, physical verification of
investments, receipt of dividend / interest on investments, etc. It will also involve
audit of Funds Management, Asset Liability Management, etc.
3) Cash Management including counting of cash, scrutiny of cash receipt and

payment book for 15 days selected on random basis. Verification of conduct of
monthly surprise cash verification by the branch officials. Maintenance of cash
as per approval of Head Office. Dual custody of cash holding. Maintenance of
bait money. Adequacy of insurance for cash in transit. Protective arrangements
for cash safe. Lodgement and withdrawal of cash. Adherence to policy on
‘Know Your Customer’ relating to Money Laundering, RBI’s clean currency
policy.
4) Verification of Petty Cash, Stamps and Stamped Documents on hand, if any.
5) Accounts with other Banks including reconciliation, long outstanding entries and
follow-up for clearance of these entries.
6) Verification of Cash Contra, General Ledger, General Ledger Balance Book

(including hard copies) by authorised officials.
7) General Ledger Suspense Debits, Sundry Deposits, Sundry Credits entries

verification; balancing of the accounts and follow-up for outstanding entries.
8) Checking of Clearing inward and outward including reconciliation of outstanding

entries.
9) Checking of Profit & Loss Analysis Book including balancing from time to time and
analysis of income and expenditure and judicious exercise of powers by the
delegatees.
10) Verification of safe keys and key pass book.
11) Safe Deposit Vault – Balancing of keys, recovery of rental, drilling open of lockers
where rent is overdue for long.
12) Safe Custody – Verification of safe custody accounts more particularly opened
after previous audit.
13) Premises (including flats for officers, warehouse premises, if any) – Execution of
lease, payment of rental, verification of title deeds, ambience etc.
14) Furniture & Fixtures – Checking of register, balancing, maintenance of records,

disposal of unserviceable items, annual maintenance contracts, etc.
15) Insurance – Coverage of insurance policy for all items such as assets including
computers, etc.
16) Remittances – Issue of DDs/MTs/Payslips, as per laid down policy, recovery of

exchange, payment of DDs, follow-up for DDs paid without advice, etc.
17) Telegraphic Transfers – Maintenance of Test Keys and safe custody thereof,
verification of use of TT arrangement by the branches to weed out branches where
TT key may not be required, Missing variables and follow-up for the same.
18) Inward Remittances – Verification of time taken for crediting proceeds of inward
remittances.
19) Staff & Establishment – Verification of all aspects like attendance register, leave
record, salary, allowances, Leave Fare Concessions, Travel & Transportation,
recruitment of staff, job rotation, training, Medical Aid to Staff – Records of
payment of medical aid to staff as per policy.
20) Test Check – Verification of conduct of test checks as per laid down policy and
maintenance of records thereof.
21) Manual of Instructions – Verification of set of manual of instructions at the branch.
22) Authorised Signatories book – Verification of the book with reference to updating,
safe custody, etc.
23) Old Records – Verification of maintenance of old records and its destruction from
time to time as per policy.
24) Inward Bills for Collection – Physical verification of bills for collection, balancing
from time to time, position of overdue bills, follow-up for disposal, recovery of
service charges, VPL charges etc.
25) Outward Bills for Collection – Verification of bills for collection, balancing from time
to time, overdue bills follow-up for realisation of overdue bills, recovery of service
charges, etc.
26) Deposits – Verification of account opening forms, adherence to rules as regards

opening and operations in the various types of deposit accounts. Charging of
correct rates of interest in deposit accounts. Adherence to policy on ‘Know Your
Customer’ and ‘Money Laundering’.
27) Temporary Overdraft/Overlimit – The frequency of TOD/TOLs granted, basis for

the same, reporting of TOD/TOLs, recovery of TOD/TOLs, action for hard core
TODs, exercising of delegated powers, etc.
28) Complaints by clients – Maintenance of complaints register, time taken for

redressal of complaint, etc.
29) Official Language – Policy and its implementation.
30) Payslips / Bankers Cheque issued –Verification of registers, balancing, follow-up

for old payorders / payslips not presented for payment.
31) Customer Service – Quality of customers service, implementation of Goiporia

Committee’s recommendations, conduct of periodical customer meetings, conduct
of periodical customer service audit by the chief incumbent or any other authorised
official
32) Dealing Room – Audit of dealing room / back up section operation with reference
to organisational policy guidelines relating to adherence to currency wise Daylight
and Overnight limits, Stop loss limits, infrastructure in dealing room, and its use,
vacation by dealers, rotation of staff, panel of brokers, routing of business through
brokers, maintenance of dealers pad, dealers slip, etc. as per policy.
33) Bills negotiated under L/C – Verification of register, overdue bills and follow-up for
recovery.
34) Bills receivable under L/C - Verification of register, overdue bills and follow-up.
Physical verification of bills receivable under L/C.
35) Information Systems Audit – For verification of adherence to Policy on Data

Security, Software Modification / Purchase, Disaster Recovery and Business
Continuity Plan, validity and security of IT systems etc.
36) Concurrent Audit – Verification of effectiveness of concurrent audit, including audit
methodology, coverage, compliance, verification of compliance, etc.
37) Management Information Systems – Adherence to time schedule for submission of

statements to Zonal Office/ Head Office. The source data for compilation of these
statements should be also verified for its correctness. The MIS adequacy from the
angle of market intelligence, be also looked into.
Annexure - 2
A. Areas to be looked into by the Audit Team under Risk Based Internal Audit
Sr. Risk Sr. Areas to be looked into

No. Category No.
I BUSINESS RISK
1 Credit Risk
A ( Under Business Category )
1 Trend of growth in loans and advances including forex
business
2 Trend in priority sector advances
3 Trend of growth in off balance sheet items.
4 Exposure to sensitive sectors
5 Composition of off balance sheet exposure
6 Credit concentration
7 Percentage of advances in a/cs. with limits Rs.1 crore
8 Trend of breaching exposure ceiling norm
9 Standard category advances
10 NPA Management and Recovery of NPA – NPA Movement
11 Arresting of slippages
12 Improvement in Cash Recovery
13 Improvement in upgradation
14 Percentage of accounts written off and amount involved
15 Reduction of NPAs (including upgradation, restructuring,
recovery)
16 Trend of devolvement on account of off balance sheet
exposures.
17 Proper provisions
18 Credit Quality improving
19 AAA / AA / A rated a/cs.
20 B rated a/cs.
21 Movement of assets
22 Increase in standard assets
23 Decrease in Doubtful / Loss assets
24 Adherence to Credit Policy norms
25 Adherence to exposure (credit limits with branch and
elsewhere) norms for single borrower, group, industry
group and country.

No. Category No.
Credit Risk 26 Identification of borrower and verification of antecedents
(Contd.) through market reports, status reports from the previous
bankers, credit rating agency of repute, etc.
27 Assessment of worth based on Personal Financial
Statements (PFS) and moderation thereof, if necessary
upon verification thereof through tax returns and other
documentary evidences.
28 Assessment of term loan and working capital needs
through balance sheet analysis, cash flows, etc.
29 Security position – verification of title, search report,
valuation, payment of taxes of mortgage property.
30 Security Documents- Stamping, signatures, registration
31 Adherence to provisioning requirements after taking into
account value of security, worth of borrowers and
guarantors.
32 Adherence to Income Recognition norms.
B ( Under Control Category )
1 Proper credit monitoring
2 Credit Rating as per norms
3 Review of accounts
4 Review of portfolios of credit section (Trade, Industries,
Retailers, Personal Loan, Agriculture, etc.)
5 Adherence to prudential norms
6 Quality Appraisal of Credits
7 Promptness of decision process (i.e. quick disposal of loan
application)
8 Data checking
9 Follow-up for recovery of Term Loan installments, interest,
charges, etc.
10 Adherence to accounting standards, principles and
practices
2. Earning Risk
1 Budgeted Profit & Actual for last 3 years
2 Trend of non-interest income
3 Trend in reduction of avoidable expenditure
4 Application of correct rate of interest and service charges
5 Interest Income

No. Category No.
Earnings 6 Recovery in written-off accounts
Risk
(Contd.)
7 Interest expenses
8 Yield on fund based limits
9 Cost of funds
10 Staff reduction cost
11 Recovery of UCI/URI
3. Liquidity Risk
1 Ratio of wholesale / Institutional deposits to total deposits
2 Ratio of Low Cost deposits to total deposits
3 Ratio of high cost deposits to total deposits
4. Business Strategy & Environment Risk
1 Budget and achievement for last 3 years
2 Quality of customer service
3 Competition (strength and weakness of competitors)
4 Adequacy and compatibility of IT Systems with business
needs.
5 Business initiatives
6 Deposits growth – Advances growth
7 Sale of customer oriented products
8 Analysis of market survey
9 New Products / Service
5. Operational Risk
1 Frequency and impact of staff rotation
2 Adherence to manuals
3 Frequency of execution errors in transactions
4 Abnormal /sudden growth in the deposit level pertaining to
a particular segment (genuineness of such deposits)
No. Category No.
Operational 5 Frequency of violation of operational controls (exceeding
Risk (cont.) limits injudicious use of discretionary powers)
6 Efficacy of information flows
7 Risk due to loose security at operational points
8 Frequency of operational disruptions
9 Validity of IT Systems
10 IT related frauds
11 Documentation for transactions (filling up of documents,
registration charges, creation of mortgages, insurance of
securities etc.)
12 Interaction between Legal Department and other
departments like credit, treasury, etc.
13 Claims from customers
14 Compliance with customer confidentiality
15 History of litigation with regard to operations
16 Competency of staff
17 Systems and Procedures
18 Time barred documents
19 Litigation’s
20 Reputation
21 Advising the terms of sanction
22 Compliance with terms of sanction
23 Execution of Security documents including Registration of
charges with appropriate authorities
24 Insurance of assets
25 Issue of DD as per guidelines including recovery of charges
26 Outward Tats sent according to HO guidelines.
27 Recovery of Tats responded twice through oversight.
28 Issue of DD against cash / payment of DD in cash
29 Management of Inward and Outward Bills for Collection
30 Balancing of IBC and OBC by physical verification of
outstanding bills

No. Category No.
Operationa 31 Retirement of bills and despatch of proceeds
l Risk
(Contd.)
32 Checking of General Ledger, General Ledger Balance Book
prints outs by officials.
33 Checking of Profit and Loss Register including vouchers of
Profit and Loss more particularly Debit vouchers for
signature by authorised officials. Balancing of P&L Book
34 Destruction of confidential waste, old manuals out of
circulation, old records.
35 Maintenance of old record including register of old records;
old record destroyed physical security of old record, etc.
36 Pest Control treatment at regular interval.
37 Provision of adequate number of fire extinguishers
II. CONTROL RISKS
1. Internal Control Risk
1 Clarity / ambiguity in reporting structure and reporting lines
2 Clarity of decision making process at various levels
3 Appropriate delegation of powers
4 Inter-bank / branch reconciliation
5 Abnormal /sudden growth in the deposit level pertaining to
a particular segment (genuineness of such deposits)
6 Perpetration of frauds
7 Control over outsource activities (like AMC)
8 Maintenance of customer secrecy as applicable
9 Adequacy and timeliness of MIS and financial reporting
10 IT support for business development and client service
11 Perpetration of frauds due to laxity in control over IT
infrastructure
12 Adherence to Know Your Customer and Know Your
Business procedures
13 Systems for monitoring high risk accounts

No. Category No.
Internal 14 Reporting of large value (cash of Rs.10 lake and above)
Control and suspicious transactions
Risk
(Contd.)
15 Compliance with regulatory guidelines with regard to
customer identification and monitoring funds flow
16 House Keeping
17 MIS – Timeliness / Quality
18 Employee relations
19 Management Controls
Branch Leadership –
Competency –
Problem Solving –
Attitude -
20 Monitoring end use of funds through post sanction
inspections.
21 Monitoring the conduct of operations in the account
including checking of periodical stock statements submitted
by the borrowers, calculation of drawing power and
recording thereof in the system. Follow-up for submission
of stock statements with the borrowers.
22 Conduct of stock inspections including valuation of
securities
23 Follow-up for recovery of interest, term loan installments
and other charges, overdue bills purchased / discounted.
24 Filing of Suits
25 Execution of Decrees
26 Judicious use of delegated powers for granting TOD and
TOL
27 Reporting of Toads / Tools beyond delegated authority to
Controlling Authority
28 Follow-up for submission of Financial Statements and other
details for review of accounts. Annual Review of accounts
and management of accounts not reviewed beyond three
months

No. Category No.
Internal 29 Valuation of properties mortgaged to the bank from time to
Control time
Risk (cont.)
30 Reporting of adverse features observed during inspections
31 Management of Bills Purchased and Bill Discounted
portfolio including, obtention of status report from bankers
of the drawees, adherence to drawee-wise limits, if any,
purchase / discounting of bills as per sub-limit (DA/DP),
follow-up for overdue bills and noting / protesting thereof.
Follow-up for taking possession of the securities wherever
available in respect of documentary bills.
32 Cancellation of expired Bank Guarantees.
33 Management of devolved L/Cs.
34 Management of problem credits i.e. steps taken for
identification, upgradation, recovery, compromise of
problem credits.
35 Cash and Travellers Cheques are kept under dual control.
36 Precautions during cash in transit- bait money maintenance
etc.
37 Maintenance of Cash Safe Keys Pass Book.
38 Maintenance of books of cash departments including
relating to Travellers Cheques properly.
39 Checking of abnormal Receipts and Payments
40 Checking of accounting of Inward and Outward Cash
Remittances
41 Observance of rules on accumulation of various types of
leave.
42 Obtention of leave application promptly and sanction of
leave by authorised official.
43 Maintenance of leave record.
44 Staff Salary checking.
45 Maintenance of old record including register of old records,
old record destroyed, physical security of old record, etc.
46 Pest Control treatment at regular interval.
47 Provision of adequate number of fire extinguisher.
48 Monitoring access to old record room, computer back up
tapes, etc.

No. Category No.
Internal A Computer related Password
Control administration/Configuration & Monitoring
Risk (cont.)
1 Procedure surrounding the setting up of user profiles,
deleting users on leave / resigned / terminated from bank’s
service, etc.
2 Updation of user profiles as per written requests and
authorisation by Manager in writing.
3 Allotment of system excess rights on written request and
authorisation by Manager.
4 Review of excess rights periodically (at least half yearly).
5 Generation and checking of log report, excess report by
system administrator and submission thereof to the
Manager.
6 Reporting of failed access attempts to Branch Manager and
follow-up action thereon.
7 Filing of computer generator reports in chronological order.
8 Validating, previewing instructions rejected by the system
by System Administrator and Manager.
B Physical security
1 Monitoring of access to the computer room.
2 Computer room kept under lock and key when not
occupied.
3 Installation of dry type, fire extinguishers, smoke detectors,
alarm, etc. in the computer room.
C Business Continuity
1 Systems back up are run automatically at the end of each
day and stored off site.
2 Maintenance of back up copy of super user password in a
sealed envelope and stored in fire proof safe under dual
control.
3 Preservation of MIS reports.
4 Preservation of old computer data containing MIS.
5 Manual on Operating Instructions is kept in fire proof safe
under dual control.
D Disaster Recovery
1 Distribution of Disaster Recovery Plan amongst staff and
maintenance of copy off site.
2 Test checking of Disaster Recovery Plan.

No. Category No.
Int. Control E Logical Access Security
Risk (cont.)
1 Checking of Computer Generated Reports by officials.
2 Checking of Opening of Accounts including adherence to
policy on ‘Know Your Customer’ relating to money
laundering.
3 Checking of Interest paid on deposits
4 Follow-up for weeding out accounts where cheques are
returned frequently on account of financial reasons.
F Fraud Risk
1 Checking of Operations in new accounts
2 Segregation of dormant accounts
3 Storage of Specimen signature cards of dormant accounts
4 Checking of transactions in staff accounts.
5 Storage of pass books, cheque books, TDRs in dual
custody and maintenance of Movement Passbook.
6 Adherence to regulatory guidelines on Money Laundering
7 Safe custody of Test Keys and follow-up for missing
variables.
8 Follow-up for confirmation of inward TTs, Advice of
Drawings of TTs and Drafts respectively.
9 Verification of signature on Mail Transfers / Credit
Authorisation Notes and Test Key Number for MTs and TTs
respectively.
10 Maintenance of dual control on DD / CAN / Test Key
Registers and maintenance of movement pass book
11 Checking of balancing of accounts / ledgers and registers.
12 Reconciliation of inter-branch / inter-bank accounts
13 Reconciliation and Monitoring of Suspense Debits Account
for clearing the entries
14 Monitoring of Sundry Deposits and Sundry Credits Account
including clearing the old entries.
15 Follow-up for pending IBC / OBC
16 Safe custody of documentary bills
17 Analysis of Profit and Loss Account for various income and
expenditure accounts.
18 Quality and timeliness in compliance with various audit
reports
19 Checking of redressal of customers’ complaints.
20 Scrutiny of various control returns/statements submitted to
H.O.
21 Maintenance of sensitive stationery
22 Branch security aspects, Compulsory licenses as per
security officer’s report etc.
23 Renewal of Branch Lease, payment of Taxes etc.
24 Correctness of the furniture & fixtures items

No. Category No.
2. Compliance Risk
1 Statutory Compliance (like TDS, etc.)
2 Regulatory Compliance (submission of BPR, CA-23, RBI
guidelines)
3 Other Compliances (terms of sanction, compliance of
previous audit report, etc.)
4 Cash is maintained below the ceiling limits stipulated by
H.O. and bank’s indemnity policy.
5 Surprise checking of cash every month.
6 Adherence to policy on ‘Walk-in Customer’ or ‘Know Your
Customer’ formulated at centre
7 Adherence to regulatory guidelines on Money Laundering.
8 Inter changing of set of keys for cash safe in use and kept
off-site (at other banks) on regular basis.
9 Rotation of staff is carried out at regular intervals.
Destruction of confidential waste, old manuals out of
circulation, old records.
11 Anti-virus software is installed.
12 Documentation of Business Continuity and Disaster
Recovery Plan and its updation.
AREAS TO BE SEEN UNDER FOREX OPERATIONS / INVESTMENTS/DERIVATES
Sr. AREAS TO BE LOOKED INTO

No.
1. FOREX DEALING
A. Dealing Process & Settlement
1. Observation of stop loss limit – quantity-wise as well as pips-wise
2. Compliance on implementing revised/changed guidelines, if any, on trading
activities
3. Difference between rates in Dealer’s Pad and the rates in Deal Slips
4. Demarcation of Trading Deal Slips
5. Scrutiny of the deals by Back-up Section
6. Reporting of Daily Forex Report by Back-up Section and the Dealer
7. Obtention of periodical Scan Report by Back-up Section for interest/exchange
rates
8. Quoting of rates by Dealer to our foreign branches for funding their VOSTRO
Accounts, in violation of guidelines.
9. Deals concluded after the office hours
10. Monitoring of mismatches created by outright forward and swaps
11. Deals are done during office hours only
12. Deals put through to accommodate brokers
13. Frequent resorting to Overseas Market for funding/cover operations within the
permitted limits.
14. Loss incurred while covering Merchant Transactions
15. Calculation/Quoting of exchange rates correctly for transactions of Foreign
Currency Notes and Traveller’s Cheques.
16. Loss in deals for buying and selling the same currency, for same delivery and at
the same time.
B. Back-up and Accounting Procedure
1 Independent functioning of Back-up Section for maintaining Position Register
daily.
2. Monitoring by Back Office for prompt receipt of broker notes and counter party
confirmations
3. Sending confirmation of the deals to other Banks
4. Preparation of analysis of trading deal
5. Sending payment cheques/instructions to counter party banks.
6. Follow-up for non-receipt of confirmation of contract notes/funds from counter
party
C. Dealing through Brokers
1. Maintenance/review of panel of brokers
2. Observance of Code of Conduct for Dealers.
3. Keeping records for the deals concluded through outstation brokers.
4. Correct payment of brokerage
5. Submission of periodic statement of brokerage paid
6. Reporting of the differences covered by brokers in respect of the rates.
D. TRADING ACTIVITY
1. Maintenance of separate Daylight/Overnight limits
2. Transfer of trading position to merchant position or vice-versa
3. Compliance of HO Guidelines/directives in respect of :
a)maintenance of separate position sheet;
b)adherence to stop-loss limit;
c)Submission of daily statement of trading activity.
E. ACCOUNTING PROCEDURES
I. Foreign Currency Position
1.Comparison of the position in Dealer’ pad with Position Sheet for their
agreement.
2.Reporting of exceeding of Day Light/Overnight Limits
II. Inter-Bank Operations (including Swaps)
1.Maintenance of back-papers for Inter-Bank Deals;
2.Advising of accounting entries and payment commitments;
3.Signing by Dealer in violation of the directives/guidelines;
4.Maintenance of records for separate spot/forward Inter-Bank Deals;
5.Indication by the Dealer, of the purpose of swap undertaken;
6.Hourly preparation of Rate Scan Report independent of the Dealer;
7.Settlement of Inter-Bank Contracts on due dates.
III.Merchant Contracts
1.Cancellation of expired contracts;
2.Extension/cancellation of forward contracts and correct accounting for swap
differences.
IV.Maturity Gaps
Exceeding of Gap Limit during the quarter under audit.
V.Export/Import Suspense Accounts
Delinking of overdue export/import bills.
VI. Funds Management
1.Arriving at the correct Balance in NOSTRO accounts;
2.Justification for large overdraft/excess balance in NOSTRO Accounts;
3.Monitoring of inoperative NOSTRO account;
4.Maintenance of foreign currency account with a bank in a country in a currency other
than that of the Country.
VII.Consolidated Foreign Exchange Position:
1.Verification for large variation in True Currency Position Statement vis-à-vis IC-4
Statement.
2.Reporting of sale/purchase of foreign currency;
3.Verification for distortion of true currency position on account of pipe line
transactions;
4.Informing Head Office of large accumulation of foreign currency notes.
Foreign Currency Funds Management – Risk Management :
1. Ensuring that all forex inter-bank dealings are within the exposure limits approved at
appropriate level;
2. Acknowledging and advising to Head Office of transfer of exposure limits from other
centres;
3. Transacting all money market deals in the manner similar to other forex dealings;
4.Charging of interest rates on money market deals as per the scan report;
5. Recording of settlement instructions in the deal slips and strict adherence thereof;
6. Ensuring that Rupee/USD Swaps entered into are within the approved limits;
7.Offering correct rates on placements with our overseas Branches;
8.Correct covering of cost of rupee funds, in case of rupee/USD Swaps.
9.Monitoring of FCNR.EEFC and RFC deposits
10.Maintenance of maturity-wise and interest rate-wise classification of deposit funds;
11.Coverage of maturity and interest rate mismatches within the permitted limit;
12.Ensuring that interest earned on deployment of funds, after adjusting to IRS, covers
the cost of funds fully.
13.Coveratge of exchange risk on interest accruals on deposit funds;
14.Approval of credit risk on interest rate swaps and currency swaps for corporate
clients;
15.Obtention of declaration from corporate clients for hedging and underlying
transactions.
RISK MONITORING & SYSTEMS MANAGEMENT
I.Compliance with Bank’s Policy :
1.Dealer is well trained and experienced;
2.Availability of second line of Dealers;
3.Rotation of Dealer at prescribed intervals;
4.Segregation of functions of Dealer and Back-up Section;
5.Proper recording of NOSTRO Accounts;
6.Strict observance of Head Office guidelines for trading activity;
7.Permitting Overdrafts in foreign currency accounts within the prescribed limits and
time;
8.Obtention of indemnity from banks for computer generated contracts;
9.Adherence of Head Office norms for exposure limits fixed bank-wise and
country/sovereign risks-wise.
II.ALLOCATION OF LIMITS :
1.Obtention of proper sanction for Daylight and Overnight limits;
2.Obtention of confirmation from controlling authorities for exceeding the limits;
3.Adequate reporting of Daylight/Overnight positions;
III.DOCUMENTATION & RECORD KEEPING
1.Submission of monthly statement of Gap;
2.Submission of R Return;
3.Submission of Daily Currency Position. Monthly Statement of Evaluation of
Exchange Profit, Monthly Statement of Overdrafts in NOSTRO Accounts, XOS
Statements, Half-yearly statement of REC-I & II.
IV.EVALUATION OF PROFIT & LOSS :
1.Calculation of profit/loss at prescribed intervals as per guidelines;
2.Evaluation of exchange profit as per the guidelines;
3.Furnishing the details of window-dressing if any, carried out before calculation of
profit;
4.Maintenance of proper record for profit on trading activities;
5.Strict adherence of standard accounting procedure for evaluation of profit/loss;
6.Ensuring valuation at the end of each month and on balance sheet date.
V. INFRASTRUCTURE
1.Availability of adequate infrastructure to the Dealing Room;
2.Ensuring adequate security measures for preventing misuse of infrastructure;
3.Authentification of Telex/Router by Back-up Section;
4.Restricting access to Dealing Room;
5.Ensuring continuous power supply to the infrastructure.
VI.COMPUTER SYSTEM:
1.Keeping the keys (Original/duplicate) of CPU with the authorised persons;
2.Maintenance of diary note for computer system and carrying out of annual audit of
hardware/software;
3.Permitting the Dealer to have access to Computer System.
NOSTRO ACCOUNTS;
I.Reconciliation of NOSTRO Account/Reporting of Unreconciled Items :
1.Monthly balancing of NOSTRO Accounts;
2.Entrusting the reconciliation work to a separate department/official;
3.Rotation of staff is carried out periodically;
4.Allotting the works of passing vouchers for originating entries and reconciliation of
different staff;
5.Initiating prompt follow-up action on entries found in the statements received from
foreign correspondents;
6.Maintenance of records for approval obtained for written off un-reconciled items;
7.Consideation of ‘Value date’ debits/credits;
8.Regular submission of half-yearly REC I & II statements;
9.Effective follow-up of outstanding Agents Debits/Mirror Debits.
II.Internal Management Control :

1.Balances with banks abroad are within the prescribed limits and as per requirement;
2.Maintenance of details of interest paid/received in the accounts;
3.Recovery of revenue leakage pointed out in the earlier reports;
4.Recovery of service charges levied to foreign banks;
5.Recording of delayed receipts and follow-up for recovery of interest;
6.Recording of Overdraft allowed in excess of 5 days in NOSTRO Accounts and proper
reporting and follow-up action;
7.Compliance of Exchange Control Regulations in the case of overdrawn NOSTRO
Accounts.
VOSTRO ACCOUNT:
1.Periodical review of VOSTRO Accounts;
2.Granting of Overdrafts in VOSTRO accounts and their regularisation within 5 working
days;
3.Allowing over-limit only in VOSTRO accounts enjoying overdraft facility;
4.Observance of ‘Value Date’ system;
5.Prompt responding of debit notes received from branches;
6.Recovering correct interest on back-value entries;
7.Reporting of unusual features observed in the accounts;
8.Maintenance of Rupee accounts of private exchange houses as per guidelines;
9.Safe custody of test keys and other secret Codes under dual control;
10.Ensuring that VOSTRO account balances are commensurate with normal
business;
11.Confirmation obtained from the account holders for balance certificates.
Miscellaneous Aspects :
1.Periodical review of adequacy of man power and rotation of staff are undertaken;
2.Prompt submission of ‘R’ Returns and other periodical statements;
3.Proper keeping and exercising adequate control of ‘test-key’ for authentication of
messages;
4.Effecting of payments through SWIFT and proper monitoring of messages;
5.Compliance of guidelines of RBI/FEDAI
2. TREASURY OPERATIONS
I INVESTMENT MANAGEMENT –
A) Ready Forward Deals :
1 Violation of directives/guidelines in Double Ready Forward transactions in
Dated Govt./Approved Securities as well as Treasury Bills.
2 Violation of directives/guideline in Ready Forward/Double Ready Forward
in other securities/PSU Bonds/Units.
3 Violation of directives/guideline on deals undertaken on behalf of PMS
clients’ Accounts/other clients.
B) Transactions in Govt./Approved Securities:
a) SGL Transactions:
1 Ensuring non-return of SGL form issued to other Bank for want of funds.
2 Returning of SGL forms received by the Branch for want of funds and
reporting thereof.
3 Maintenance of record of authorised signatories of SGL issuing
banks/institutions.
4 Direct handing over of SGL.
5 Compliance of RBI guidelines and DVP system for settlement.
6 Reconciling SGL balances on monthly basis.
7 Checking of periodical reconciliation of SGL balances by concurrent
auditor.
8 Ensuring direct payment only after receipt of SGL transfer in the case of
purchase of securities.
b) Bank Receipts (BR) :

1 BR issued in violation of directives/guidelines in the case of transactions
under SGL facility.
2 BR issued in violation of directives / guidelines in the transactions not
under SGL facility.
3 Adherence to guidelines for issue of BR for outright sale/switch
transactions where SGL facility is not available.
C) Dealing through Brokers :
1 Review/Approval of the panel of brokers annually.
2 Brokers are members of NSE/BSE and if not obtention of approval.
3 Ensuring ceiling limit of brokers.
4 Ensuring role of the brokers.
5 Direct settlement deals with the counterpart bank.
D) Internal Control System :
Segregation of investment function division-wise.
E) Internal Procedures :
1 Preparation of Deal slip incorporating all the relevant particulars.
2 Violation of directives/guidelines in substituting counter party bank and
security.
3 Monitoring and safe keeping of receipt of securities.
4 Ensuring receipt of Deal slip by Back Office for incorporating the position.
5 Preparation of cost memo by the Back Office.
F) Compliance with Investment Policy Norms and Accounting
Requirements :
1) Policy Aspect :
1 Investment proposals comply with policy norms for credit rating and
prudential norms.
2 Reference of investment proposals which do not comply with the norms.
3 Endorsement of investment proposals by Investment Committee.
4 Compliance with pre-disbursement conditions
5 Compliance of post-disbursement conditions
6 Reporting of investments where issuers’ credit rating is downgraded.
7 Exercising put-options built into the investments.
8 Reporting of non-compliance of original conditions.
2) Trading in Securities :
a) General
1 Marking of Deal Slips for secondary market trading.
2 Segregation of securities to form the ‘Trading Segment’.
3 Exclusion of Repo transactions.
4 Review of trading segment periodically.
5 Ensuring conformity of all secondary market purchases of securities to the
prudential norms.
b) Trading in Govt. Securities, Bonds, Debentures and other
transferable debt instruments and equity.
1 Individual security in Trading Segment is as per the guidelines.
2 Securities acquired during the trading period comply with the prescribed
prudential norms.
3 Approval of stop loss limits for debt and equity securities.
4 Proper treatment of ‘taking profit’
5 Compliance with relevant regulations of RBI/SEBI/SE in respect of all
Trading Deals.
G) NPA Management :
1 Proper classification of Investment Assets
2 Proper reporting of NPA.
3 Ensuring enforceability of documents of NPA.
4 Reporting of NPA position to trustees.
5 Follow-up of NPA accounts with BIFR.
6 Recovery of sale of assets in NPA accounts is reported to Senior
Management.
7 Review of NPA accounts periodically.
H) Delegation of Powers and Reporting System :
1 Investment decisions are taken as per delegation of powers.
2 Authorisation of deal/transaction entered into by the Dealer
3 Dealer transacts only with the approved counter party bank/broker subject
to the exposure limit
4 Periodical submission of statements on the performance of Investment
Portfolio to the Management
II Money Market Operations :
1 All Inter-bank deals and Repo deals are with authorised players.
2 Correct application of rates in money market credit lines.
3 Entering into Rupee/USD Swaps deals only when swap yields are at least
on par with call money rates.
4 Profitable squaring off position taken in the intra-day dealings
5 Justification of net borrowing position.
a) Inter-Bank participation Certificates (IBPCs) :
1 Obtention of approval for issue of IBPC.
2 Strict adherence of norms in the case of IBPC with risk sharing
3 Strict adherence of norms in the case of IBPC without risk sharing
b) Money Market Credit Lines to Indian and Foreign Banks :
1 Sanction / review of credit line at appropriate level
2 Recovery of commitment fees
3 Repayment in accordance with the relative agreement
4 Timely renewal of period of validity of the credit line
5 Segregation of credit limits
c) Call Money Operations :
1 Lending within the approved exposure limits
2 Adherence of ceiling in Money market transactions
3 Maintenance of levels of liquidity mismatches in the short term
III Cash Management
a) Remittance of funds to and From Branches
1 Delay in collection / payment of funds
2 Proper control over inter branch funds transfer
3 Strict adherence to norms in the case of remittance of funds to
branches
4 Adherence to norms for remittance of funds from branches
5 Reconciliation of remittances of funds
b) Reconciliation – Accounts with RBI/SBI
1 Necessary follow-up for entries appearing in the statement of
accounts
2 Proper reporting of wrong credit
c) Internal Control System
1 Monitoring of money market back up / investment back up section
for CRR, SLR,Refinance,CLGFB, IBPC, Reconciliation
2 Monitoring of cash management dept. for various functions
d) Funds Management – FCNR Funds Management
1 Revaluation of FCNR Deposits and Foreign Currency loans on
fortnightly basis
2 Correct application of interest rates
3 Crediting FCNR funds to the designated Deposit A/c.
4 Proper extension of Foreign Currency loans
5 Submission of prescribed statements
6 Obtention of proper clearance from CMD for ALCO Decisions
7 Calculation of average cost of yield on FCNR funds from time to time
8 Working out of liquidity and interest rate sensitivity of FCNR funds
from time to time
9 FRA/Interest Rate Swaps have been used for managing interest rate
risk and reducing the gaps.
10 Ensuring that residual interest rate sensitivity gaps are within the
permissible limits
11 Proper revaluation of Foreign Currency Assets and liability on
fortnightly basis.
12 Working out of sources and uses of Foreign Currency funds from
time to time
e) Asset-Liability Management
1 Renewal of Asset-Liability Management Policy
2 Keeping record of minutes of ALCO meeting and follow-up action
3 Regular agenda includes Short Term Dynamic Liquidity Statement,
impact of major policy changes and interest rate outlook.
4 Submission of Structural Liquidity and Interest Rate Sensitivity
Statements within 2 months from the close of the quarter.
5 Periodical submission of statements of Structural Liquidity, Interest
Rate Sensitivity and Short Term Dynamic Liquidity to ALCO.
6 Conveying of decisions of ALM to other departments for
implementation
7 Decisions of ALCO cleared by CMD are submitted to the Board for
information.
3. DERIVATIVES
FORWARD RATE AGREEMENTS (FRA) AND INTEREST RATE SWAPS(IRS)
1.Appropriate infrastructure and risk management systems are in place;
2.Functions relating to hedging and market making are clearly separated
between the Front and Back Offices;
3.Proper Internal Control System for trading, settlement, monitoring, control and
accounting activities;
4.Individual deal is confirmed by Back Office in normal course;
5.Exposure on account of FRA/IRS is within the prescribed limit;
6.Obtention of declaration from Corporates/Mutual Funds for FRA/IRS;
7.Adherence of prudential limits on Swap positions;
8.Adherence of risk management norms prescribed by ALCO in respect of
FRA/IRS for hedging ;
9.Submission of Policy Document to MPD/RBI;
10.Separate recording of transactions for hedging and market making purposes;
11.Proper revaluation of FRA/IRS for trading purposes;
12.Obtention of Confirmation Note and ISDA agreement;
13.Net Open Position within the prescribed ceiling;
14.Meticulous follow-up of prudential limits for various currencies and counter-
parties;
15.Credit exposure to banks are within the approved limits;
16.Appropriate sanction of credit exposure to Corporates;
17.Reporting of FRA/IRS to MPD/RBI;
18.Monthly reporting of details of transactions to Senior Management;
19.Quarterly reporting of details of transactions to Board.
B. The methodology and the parameters used for assessing the risk rating of
Branches
a) Methodology:
As per the guidelines provided by RBI and our Risk Based Internal Audit
Policy approved by ACB on 30.01.2003, quantitative and qualitative
approaches are adopted while assessing risks under Business category
and Control category. Under the quantitative approach, volume of the
business of the branch under credit and deposits area, other services and
products, quantum of income and expenditure, availability of operational
tools etc. are analysed for their trend and business strategies adopted by
the branch for achieving the set goals. Under qualitative approach,
application of compliance methodology, adequacy of controls, Risk
Management Controls, business environment-location/competition, quality
of clientelebase/products/services, quality of customer service, awareness
of staff regarding systems and procedures, futuristic view of business
strategies, adherence to Know Your Customer/Business Principles are
analysed and deficiencies observed on these are brought out as risk
perception. To perceive the things in proper perspective and to carry out
the risk assessment, besides on-site inspection, previous internal audit
reports and compliance, proposed changes in business lines or change
in focus, significant change in management/key personnel, results of latest
regulatory examination report, reports of external auditors, industry trends
and other environmental factors, time lapsed since last audit are also
considered by the auditors.
b) Details of parameters used for ranking of branches based on risk:
By using the methodology as briefed in a) above, risk assessment of the

branch is made broadly under two categories, viz; Inherent Business
Risk and Control Risk. These two categories are further segmented into
four and two parameters respectively in all the branches except Treasury
Branch, Service Branch, Asset Recovery Branch, Currency Chest and
DPOs. They are as under:
Inherent Business Risk Control Risk
1. Credit Risk 1. Internal Control Risk

2. Earnings Risk 2. Compliance Risk
3. Business Strategy & Environment Risk
4. Operational Risk
Under Credit Risk parameter, credit growth, credit concentration (sector/

(segment-wise, size-wise, borrower-wise), credit quality, NPA
movement, adherence to prescribed systems and procedures
(including Credit Monitoring Policy, Fair Practices Code), Off-
balance sheet items for their volume, quality and security etc. are
analysed for the available positive and negative factors with
respect to quantity and quality and marks are allotted accordingly
as per the proposed policy document. Under the Credit Risk
parameter a maximum of 300 marks is allowed.
Under the Earnings Risk parameter, profitability, sources of income and

the trend, various heads of expenditures and the trend, effective control
over expenses, revenue leakage, recovery In written-off accounts,
recovery of unrealised interest/other income are analysed and positive
and negative factors are brought out based on which marks are assigned
and this parameter carries a maximum of 40 marks.
Under the parameter of Business Strategy & Environment Risk which

carries a maximum of 40 marks, positive and negative factors with respect
to achievement of budgeted level, proper exploitation of locational
advantage, adequacy and compatibility of ITsystems with business needs,
initiatives/strategies adopted for business development, knowledge about
bank’s products/services, strengths and weaknesses of the branch and
also that of the competitors are taken into account for assignment of
marks.
In the Operational Risk parameter, operational control over staff by way
of proper allocation of duties and periodical rotation / training, strict
adherence to operational guidelines, ensuring customer compliance
with terms of sanction, validity and security of IT systems, frequency of
transaction errors, proper documentation, reputation of the bank,
operating environment and availability of contingency plan to meet any
unforeseen/unanticipated events/circumstances are assessed by way of
bringing out positive and negative factors observed in these areas and
marks are allotted accordingly. This parameter is assigned a maximum
marks of 120.
The parameter of Internal Control Risk carries a maximum of 150 marks

and under this parameter, positive and negative factors with respect to
housekeeping, control over sensitive stationery items, control over cash
management, judicious exercise of delegation of powers, observance of
KYC / KYB principles, periodical Test Checks, control over furniture &
fixtures/staff records/other records of the Branch, control over Branch
security are considered for assessing the risk perception and marks
are allotted suitably.
Under the Compliance Risk parameter, statutory requirements such as

effecting TDS and its timely remittance, submission of statutory returns,
obtention/renewal of statutory licences and other statutory obligations
such as issue of TDS certificates, timely submission of copy of Form
No.15 G/H to the appropriate authorities, regulatory requirements such as
timely submission of control returns, compliance with anti money-
laundering norms, exposure ceilings, IRAC norms, RBI’s clean currency
note policy, priority sector requirements, conclusive compliance with
audit reports and also compliance with Monitorable Action Plan suggested
by appropriate authority/ies for betterment/improvement of business of the
branch are taken into account and positive/negative factors available
under these areas are weighed and marks are assigned accordingly.
This parameter carries a maximum of 100 marks.
The risk assessment under each parameter and the risk rating of the
Branch are arrived at as follows:
If the percentage of total marks obtained is more than 75, then

risk assessment under that parameter is made as Low. If the percentage
falls between 50 – 75, then the risk assessment is Medium and if it is
below 50, the risk is assessed as High. In the same manner, the marks
obtained under all the four parameters of Inherent Business Risk
category is totalled and based on the percentage, the risk level of this
category is assessed. Similarly, the level of Control Risk is also
assessed. Then with the help of the following risk matrix provided by
RBI, the composite risk level of the branch is assessed.
Risk Matrix
Inherent Business Risk

High A B Very C
High Risk High Risk Extremel
y
High Risk
Medium D E F Very
Medium High Risk High Risk
Risk
Low G H I
Low Medium High
Control Risk
With regard to assessing the trend/direction (decreasing/stable/increasing) of

level of risk under any parameter or the composite risk of the branch, the
following risk matrix is interpreted suitably.
Inherent Business

Risk
Control Risk

In the case of the branches other than the General Banking Branches as
specified in b) above, the risk assessment will be made in applicable parameters
only as enumerated in the Reporting Format of the respective class of branch.
Annexure-3
RISK PROFILE OF …………………………………………. BRANCH

…………………………….. ZONE
Position as at ……………………
Ref. No. Date:
TABLE OF CONTENTS
I Background
II Organization and Business Profile of Branch
III Assessment of the Risk Profile
IV Summary Description of Business & Control Risks
V Suggested Monitorable Action Plan for Mitigating Risk
I. BACKGROUND
In the context of having effective RBS in the Bank, the Risk Profile of
…………………….. Branch is prepared in line with the Corporate Risk Profile keeping in
mind the various risk factors under Business and Control areas that are observed at the
branch level. The underlying objective is to :
 Categorise the Branches as having composite risk rating low, medium, high, very
high and extremely high
 Identify the direction of risk namely increasing/ stable /decreasing
II. ORGANIZATION & BUSINESS PROFILE OF BRANCH:
Name of the Branch/Date of

Opening
Branch Code No.
Name of the Zone
Category Small/Medium/Large/V. Large/E Large/
Specialised
Class Rural/Semi-Urban/Urban/Metropolitan
Management Organization Total Staff – Officers :
- Special Assistants :
- Clerks :
- Sub-Staff :
Branch In-charge (Present) Shri / Smt.
From :
Previous Incumbent Shri / Smt.
From: To:
Last Risk Audit conducted From: To:
Last Risk Audit Rating Business Risk Control Risk Composite
Risk
BUSINESS PROFILE
(Outstanding Rs. in lakh)
Year before Last Last Year as on Current Year as on

as on (latest
31.03.200 31.03.200 quarter/month)
……………..
Budget Actual Budget Actual Budget Actual
1. Profit - Operating
- Net
2. Deposit
Current
Savings
Term
Total Deposits
of which
Wholesale/Institution
al
NRI
3. Advances
AFD
of which
Indirect Adv.
SSI
of which
Advances under
CGFTSI Scheme
OPS
of which
Retail Trade
Small Business
SRTO
Prof.& Self-
Employed
Education
Housing
Total Priority Sector

of which
DRI

as on (latest
31.03.200 31.03.200 quarter/month)
……………..
Wholesale
Trade/Business
Medium & Large
Inds.
Star Channel Credit
Star Personal Loan
Star Pensioner Loan
Housing Loan (other
than priority sector)
Star Mortgage Loan
Star Holiday Loan
Star Autofin
Other Products
Other Personal Loan
(against TDR/NSCs
etc
Staff
Total Advances
Total Advances
under Govt.
Sponsored
Schemes
Forex Business
Non-Fund Based:
Letters of Credit
Guarantees Issued
Acceptances/
Endorsements etc.
Other contingent
liabilities
NPAs:
Sub-Standard
Doubtful
Loss
Total NPAs
Gross NPAs to
Total Advances (%)
New/Additional
advances disbursed
during the year
C/D Ratio
Names of the Competitors:
Market share of our branch share in the area of operation (%)
Types of Audits conducted Date of Report Ratings awarded
during the year:
1.
2.
3.
Information Technology Systems used
A. BUSINESS RISK:
Previous Assessment Present Assessment
1. Credit Risk: Level/Direction:
Assessment Positive Factors Negative Factors

area
Credit Growth
Credit
Composition &
Concentration
Credit quality
Off Balance sheet

items
NPA Movement
Adequacy of
provisions
2. Earnings Risk : Level/Direction:
Assessment area Positive Factors Negative Factors

Gross Profit –
Actual v/s Budget
Interest Income
Non-Interest
Income
Interest Expenses
Control over
expenses
Revenue Leakage
Recovery in
written-off
accounts, UCI/URI
etc.
3. Business Strategy & Environment Risk:
Level/Direction:

General Economic
Outlook pertaining to
the area of operation
and environmental
hazards, if any
Knowledge about the

market, strength and
weakness of
self/competitors and
market share
Business Initiative/
Strategy adopted for
new
products/services
Quality of customer
service
Budgeted
performance
Adequacy of
computer systems in
tune with the volume
of business and
business requirement
4. Operational Risk :
Level/Direction:

Competency of staff/
Rotation of duties,
proper training/
placement
Adherence to
manual of
instructions/
circulars/Guidelines
Security and validity

of computer systems
and other
technology
Documentation
including time-
barred documents
Litigation / claims
against the bank
Reputation of the
bank /customer
service/ redressal of
customer
complaints/grievanc
es
Preparedness for
tackling any
unanticipated
natural/ manmade
calamities/ events
B. CONTROL RISK:
1. Internal Control Risk : Previous Assessment Present Assessment
Level/Direction:

Housekeeping
Reconciliation
(inter-bank and inter-
branch)
Submission of MIS
returns/control
returns-
Timeliness/quality
Cash Management
Prevention of frauds
Judicious exercise of
Delegations of
Powers
Control over sensitive

stationery items
Branch security
aspects
Adherence to KYC/
KYB and Anti-Money
Laundering norms
Control over staff

records, old records,
furniture & fixtures
etc.
2. Compliance Risk : Previous Assessment Present Assessment

Level/Direction:
Assessment Area Positive Factors Negative Factors
a) Regulatory:
Submission of control
returns in time and
accurately; obtention of
PAN/GIR No. in eligible
cases; implementation of
Goiporia Committee
recommendations;
adherence to RBI’s clean
currency policy etc.
b) Statutory:
Deduction of Income-tax,
service-tax etc. and timely
remittance; renewal of
required licenses;
submission of annual
returns to statutory
authorities etc.
c) Monitorable Action
Plan
Compliance with MAP
suggested in the previous
RBIA/ updated risk profile
and also compliance with
other audit reports.
IV. SUMMARY DESCRIPTION OF BUSINESS & CONTROL RISKS ASSESSED :
Parameters Level & Positive Factors Negative Factors

Trend
of risk
Business Risk
Credit
Earnings
Business
Strategy
Operational
Control Risk
Internal Control
Compliance
V. SUGGESTED MONITORABLE ACTION PLAN FOR MITIGATING RISK:

Parameter Risk Action Plan suggested for the purpose of drawing
Level/ necessary action points and
Direction implementation/monitoring of the same by
Branch/Zonal Office respectively
1.CREDIT RISK
2.EARNINGS
RISK
3.BUSINESS
STRATEGY
RISK
4.OPERATIONAL
RISK
5.INTERNAL
CONTROL
RISK
6.COMPLIANCE
RISK
Prepared by: Approved

………………….. …..……………………
(Auditor) (Zonal Audit Chief)

……………………. ZAO.
Annexure-4
RISK BASED INTERNAL AUDIT REPORT
Name of the Branch : Zone:

Opened on: Branch Code No:
Category :
Class :
Business Hours - Week Days :
Weekly Off:
Extension Counter attached : YES/NO
Holiday Home attached : YES/NO
Currency Chest : YES/NO
Branch under Concurrent Audit : YES/NO
Previous Present
Branch In-Charge ---------------- -----------------
From ---------------- -----------------

To ---------------- -----------------
Date of commencement of Audit ----------------- -----------------

Date of conclusion ----------------- -----------------
Mandays ---------------- ------------------
From To From To
Period covered by audit ----------------- -------------------

Name of the Team Leader ------------------ -------------------
Date of Report ------------------ -------------------
Date of Despatch ------------------ -------------------
Date of Noting/Closure -------------------
Audit Ratings : (Level & direction)
Major Risk Previous to Last Last Audit Present Audit

Parameters Audit
Level Direction Level Direction Level Direction
Business
Risk
Control Risk
Composite
Risk
A. BUSINESS RISK
1. CREDIT RISK
Please attach the details of accounts selected as per the policy guidelines on
transactions testing as to name of the account, type of advance, sanction authority/date,
sanctioned limit, present outstanding. The number of accounts to be selected should
cover the maximum exposure (either sanctioned limit or outstanding whichever is more
per borrower) involving all sectors/segments as well as accounts not covered under the
last audit:
(Rs. in lakh)
Year before Last Last Year as on Current Year as
1. Growth as on 31.03.200 on
(New/Additional Advances 31.03.200 (lastest
sanctioned) quarter/month)
……………..
No. Amount No. Amount No. Amount
Fund-Based Advances
of which
Advances against TDR
Staff Advances
Non-Fund Based (I &F)
Letter of Credits
Bank Guarantees
Other Contingent
Liabilities
Offer comments on
Items Positive Factors Negative Factors
Obtention of application for
advance facility in the
prescribed format and
conduct of pre-sanction
inspection for
identification/verification of
antecedents of borrowers in
all the new advances
Obtention and scrutiny of
CBD-23 with documentary
evidence, wealth tax
returns, income-tax returns,
status report, CIBIL report,
RBI’s defaulters list, ECGC
caution list, no dues
certificate, IE Code No. in
the case of Imports/Exports
business, ascertaining of
non-listing of goods to be
exported by the applicant
exporter from the Negative
List
Obtention/ scrutiny of
financial statements (CMA,
QIS,MSOD,Balance Sheet,
Trading/ Manufacturing
Account, P&L account etc)

Obtention of technical
feasibility report from
TICC/TICD wherever
applicable
Preparation of proposals in
the prescribed format with
proper assessment of credit
needs including Non-Fund
Based facilities along with
proper credit rating
exercise
Observance of proper
procedure in the case of
accounts taken over from
other banks/financial
institutions
Issue of sanction letter and

ensuring customer
compliance with terms of
sanction
Verification of end use of

funds
Quick mortality observed
Any spurt in advances

especially in the areas
where the branch is facing
difficulty in recovery and
diversified growth of credit
as per the available
potentials

2. Credit Concentration Year before Last Year Current Year
Last as on As on As on latest
31.03.200 31.03.200 (quarter/month)
…………….
Total Agricultural Advances
of which
Indirect Agricultural Advances
Small Scale Industries
out of which
Advances covered under CGFTSI
scheme
Other Priority Sector Advances
Of which
Retail Trade
Small Business
SRTO
Prof.& Self-Employed
Education
Housing
Total Priority Sector Advances
Wholesale Trade/Business
Medium & Large Inds.
Star Channel Credit
Star Personal Loan
Star Pensioner Loan
Housing Loan (other than priority
sector)
Star Mortgage Loan
Star Holiday Loan
Star Autofin
Other Products (Star IPO etc.)
Other Personal Loan
(against TDR/NSCs etc
Staff
Total Advances
of which
> Rs.1 crore
Rs.10 lakh and above but < Rs.1
crore
lakh
Below Rs.2 lakh
Total Advances under Govt.
Sponsored Schemes
Total Unsecured/Clean Advances
Forex Business
Non-Interest bearing Loans to Staff
Offer comments on:

Over exposure of advances
in sectors/segments vis-à-
vis available potentials/
allocated target in the area
of operation of the branch
Size-wise concentration of
advances within
manageable limit and also
in tune with the available
infrastructure
Significant single borrower

exposure (say > 10% of
total advances per
borrower/group)
Exposure trend in
unsecured areas
Exposure of forex business

taking into consideration
the availability of ECGC
cover and also the Country
Risk

3. Credit Quality Year before Last Last Year as on This Year as on
as on 31.03.200 (latest
31.03.200 quarter/month)
……………..
No. Amount No. Amount No. Amount
Credit Rating
(Equivalent to New
Rating Model)
AAA-Prime
AAA Rated
AA Rated
A Rated
B Rated
Rating Not Required
NPA
Total
Offer comments on:

Quality of credit appraisals
Credit Rating exercise with

New Credit Rating models
Periodical Review of
advances with proper
analysis of financial
statements
Post-disbursement
monitoring of advances,
maintenance of record/
registers/ledgers
Monitoring of advances
under watch list

Frequent sanction of
Overlimit/Adhoc limit
Availability of easily
realisable securities
(primary and collateral) and
periodical valuation of
securities charged to the
bank
Ensuring customer
compliance with terms of
sanction
Timely action on advance

accounts showing
symptoms of sickness
Conduct of consortium
advance accounts including
joint appraisal, inspection of
securities, strict adherence
to the terms of consortium
etc.
Ensuring no Kite-flying,
routing of sale proceeds
through borrowal accounts
Diversion of funds and

steps taken to pluck out the
same
(Outstanding Rs in lakh)
Year before Last Last Year as on This Year as on

4. Classification of As on (latest
Assets and NPA 31.03.200 31.03.200 quarter/month)
Movement/ ………………
Analysis No. of Amount No. of Amount No. of Amount
a/cs. a/cs a/cs.
Standard
Sub-Standard
Doubtful
Loss
TOTAL
Suit Filed Advances
Suit Decreed
Advances
Expired Decrees
Gross NPA
(Opening)
Cash Recovery -
Compromise -
Up-gradation -
Write Off -
Slippage +
Gross NPA (Closing)
Provision/Cash
Margin
Net NPA (Closing)
Sectoral
Concentration of
NPA
Total Agriculture
of which
Indirect Finance
SSI
of which
Advances covered
under CGFTSI
Scheme
Other Priority Sector
of which
Small Business
Retail Trade
SRTO
Prof. & Self-
Employed
Educational Loan
Housing Loan
Others
Classification of Assets and NPA Movement/Analysis: (Contd..)
Year before Last Last Year as on This Year as on

As on (latest
31.03.200 31.03.200 quarter/month)
………………
No. of Amount No. of Amount No. of Amount
a/cs. a/cs a/cs.
Med. & Large Inds.
Wholesale
Trade/Business
Total Personal Loans
of which
Star Personal
Star Mortgage
Star Holiday
Star Autofin
Others (Star IPO
etc)
NSC/Share
Housing Loan (other
than Priority Sector)
Staff
Total NPA
NPA in Forex
Business
out of total NPA
Offer comments on:

Proper classification of
Assets as per extant
guidelines
Concentration of NPAs in
different sectors/segments
and the trend in absolute
terms in the respective
areas
Proper provisioning
Identification of units for

restructuring/rescheduling
of advance accounts
wherever feasible
Identification of causes for
quick mortality, non-
performing of accounts and
remedial measures initiated
Periodical inspection of
assets of NPA accounts to
ensure that there is no
deterioration of realisable
value of security
Ensuring insurance of
assets of NPA accounts
wherever possible
Availability of coverage
under ECGC, CGF for
Small Industries, Govt.
Guarantee etc. in NPA
accounts

Efforts for cash recovery,
compromise, out of court
settlement etc.
Pendency for submitting

memorandum for legal
action
Legal action approved but
suit not filed
Follow-up in suit filed

accounts by keeping close
liaison with Court Officials,
Bank’s Advocates for
expediting disposal of the
case in bank’s favour
Maintenance of proper
records/registers (age-wise
position) for suit
filed/decreed accounts
Recovery Certificates filed

(if Recovery Act is
applicable), number of
cases pending, reporting of
cases pending over 3 years
to ZO, efforts for expediting
execution of decrees, time-
barred decrees
Maintenance of records/
register for compromise
offers received, action
taken and disposed
5. Off balance sheet (Non-Fund Based) Exposure:

Non-Fund Based as on (latest
Exposure 31.03.200 31.03.200 quarter/month)
……………..
Letters of Credit
Guarantees Issued
Acceptances/
Endorsements/Deferr
ed Payment
Guarantees etc.
Other contingent
liabilities such as
Letter of Comforts,
Confirmation of
Stand-by L/Cs etc.
Claims against bank
not acknowledged as
Debt
Liability on account of
outstanding forward
exchange contracts
Offer comments on:

Availability of security
coverage to Letters of
Credit including the
stipulated margin/
collaterals
Trend of devolvement of
L/Cs and the time taken
for payment of devolved
L/Cs
Availability of security
coverage to Guarantees
Issued including the
stipulated margin/
Collaterals
Trend of invocation of
Guarantees and the time
taken for payment of
invoked Guarantees
Follow-up for expired
guarantees and reversal of
liability in the case of
expired guarantees
Frequency of default in
reimbursement in the case
of crystallisation of
liabilities under
Acceptances/
Endorsements/Deferred
Payment Guarantees etc.
Other contingent liabilities
Claims against bank not

acknowledged as Debt
Maintenance of record of
documents/evidence seen
for booking forward
exchange contract, follow-
up for utilisation/
cancellation of outstanding
contracts, contracts in
permitted currencies, non-
reimbursement of
crystallised forex contracts
etc.
2. EARNINGS RISK
(Rs. in lakh)
Year before Last Year as on Current Year
Last as on as on latest
31.03.200 31.03.200
(quarter/month)
……………
A – Income
Interest Income (Excl. TPM)
Non interest Income
of which
Recovery in written-off
accounts vis-à-vis the target ( ) ( ) ( )
(Amount outstanding in written-
off accounts)
Total Income
Yield on fund based limits (%)
(based on fortnightly average
advances)
Cost of Deposits (%)
(based on fortnightly average
deposits)
Spread
B – Expenses
Interest expenses (Excl. TPM)
Staff Cost
Other Expenses
of which
i) Controllable Expenses
Total Expenses
C – Profit/Loss Budget Actual Budget Actual Budget Actual
Operating Profit/Loss before
application of TPM .
Net Transfer Price Mechanism
Net Profit/Loss
Profit per employee
Unrealised Interest
Uncharged Interest
Offer comments on:

Application of correct rate
of interest, penal interest,
effecting change in rate of
interest as and when
advised in advances and
deposits
Recovery of unrealised
interest and uncharged
interest, trend of additions
etc.

Payment of any penal
interest towards late
remittances of dues to
Govt. Depts., delayed
reimbursement of transfer
of funds to other
banks/financial institutions
etc.
Application of correct
charges with regard to
advances, deposits,
remittances, account
maintenance and other
miscellaneous services
offered
Trend of written-off
accounts, additions if any,
recovery effected against
the budgeted level, efforts
taken for effecting
recovery etc.
Control over expenses in
general, particularly, in
controllable items such as
travelling, stationery &
printing, telephones/
telegrams, lighting,
miscellaneous expenses
Trend of revenue leakage

in various areas, recurring
revenue leakage in the
same account, trend of
volume in revenue
leakage, reasons for
revenue leakage (the list
of accounts wherein
revenue leakage is
detected is to be
submitted)
Trend of achievement of
budgeted level of profit,
reasons for non-
achievement if any.
3. BUSINESS STRATEGY & ENVIRONMENT RISK

as on (latest
31.03.200 31.03.200 quarter/month)
……………..
1. Profit (Operating)
2. Deposit
Current
Savings
Term
Total Deposits
3. Advances
4. Misc. Services
a) Safe Custody
(No. of a/cs.)
b) SDV
(No. of lockers
occupied and No.
of total lockers)
c) Card Products
(No. of cards
issued
& No. of Mes
enrolled)
d) Govt. Business
(Turnover)
e) Third Party
Products
(No. of products
& income earned )
Offer comments on:

General Economic
Outlook and
environmental deficiencies
(like non-availability of
perennial irrigation
facilities, adequate labour,
other infrastructure etc.)
in the operable jurisdiction
of the branch
Knowledge about the
market, strength and
weakness of
self/competitors and
market share
Knowledge about the

products/services of Bank,
business initiative/strategy
adopted for exploiting
available potentials for
business development
Quality of service
rendered by the branch
Achievement of budgets
monthly/half-yearly/annual
basis and reasons for non-
achievement, if any
Staff productivity and

reasons for decline, if any
Availability of competent
staff to handle the nature
of business that the
branch is undertaking
and/or proposed to
undertake
Adequacy of IT systems
with business needs,
especially in the
circumstances where the
customers are technical
savvy and/or the
competitors of our bank
have already put in place
adequate IT systems to
serve the customers in an
effective way
4. OPERATIONAL RISK:

31.03.200 31.03.200 (quarter/month)
……………
1. Staff Strength
Officers
Special Assistants
Clerks
Sub-Staff
2. Available Computer
Systems and the different
kinds
of facilities offered to the
customers (like MBB,
ATM, Tele- Banking, Internet
Banking etc.)
3. No. of suits filed against the

bank and the suit amount
4. No. of complaints pending
5. Trend of repetitive Previous to Last Audit Current Audit

irregularities in security Last Audit
documents under select items (Rs.in (Rs.in (Rs.in
lakh) lakh) lakh)
a) Non-obtention of principal A/cs. O/s. A/cs. O/s. A/cs. O/s.
documents/defective execution
b) Non-creation/extension of
stipulated mortgage
b) Non-obtention of renewal
documents within stipulated
time
d) Non-registration of charges/
lien with RTO/ROC/CHS/
Other authorities
e) Inadequate/Non-insurance
of primary/collateral
securities
6. History of occurrence of Previous to Last Audit Current Audit
the following hazards/ Last Audit
unanticipated events, if any
a) Earthquake
b) Flood/Cyclone
c) Theft/Robbery/Dacoity
d) Communal Riots/violence
Offer comments on:

Positioning of staff
(Supervisory and Clerical)
in key areas as per the
competency
Proper allocation/rotation
of job (for both
Supervisory and Clerical)
wherever applicable
Imparting suitable training/

guidance to staff for
acquiring updated
knowledge in the day to
day functioning,
particularly in the
computerised environment
Frequency of execution
errors in transactions (like
wrong posting of vouchers
which may be
subsequently cancelled,
not giving correct value
date for the transactions,
not effecting remittances
for which value already
received
In the case of CIBEX
branches, proper logging-
out from the computer
systems when not in use,
access to server/UPS/
SWIFT/administration
node/network printers, not
keeping secrecy of user
password/Admin
password, assignment of
two different levels of user
ID at the same time,
cancellation/suspension of
user ID upon transfer,
retirement, resignation,
leave, absence,
maintenance of record for
changing network user
password for salary/CCIS
packages, safe- keeping
of admin Password, which
should be changed
periodically, in a sealed
cover under dual control

In the case of CIBEX
branches, documentation/
distribution of Disaster
Recovery Plan, display of
LAN layout, back-ups
(daily, weekly, monthly,
quarterly, milestone), dual
control of in-house back-
up, off-site storage of
back-ups, data back-up on
the hard disk of admin.
Node on daily basis,
purging of data, record
maintenance for re-
opening of days, loading
of anti-virus software on
the server & nodes with
hard disk, back up of MBB
server
In the case of Finacle
Branches, proper logging
out from the computer
systems, allotment of
more than one user level
code to at the same time,
cancellation/suspension of
user ID upon transfer,
retirement, resignation,
leave, absence etc.,
access to UPS/
SWIFT system
In the case of Finacle
branches, documentation/
Recovery Plan, display of
LAN layout, loading of
anti-virus software at all
nodes
Sanction of advances or
any other facilities as per
the terms including scale
of finance of schemes and
also with proper
application in the
prescribed format,
preparation of proposals in
the prescribed format,
maintenance of application
received/sanctioned/
rejected register along
with recovery of suitable
charges

Allowing of concessions/
waiver in charges, if any,
without proper application,
without working out cost
benefit analysis and
without proper sanction
and also renewing such
approval as applicable
Purchasing of bills
accompanying lorry
receipts of unapproved
transport companies
and also purchase of
house bills/cheques
Applying/Claiming
refinance from IDBI/
SIDBI/NABARD/ EXIM
Bank etc., claiming/
Adjustment of subsidy
under various schemes,
ECGC cover in eligible
accounts etc.
Reporting of sanction of
new/additional/renewal/
reduction/adhoc limits or
change in terms of
advance accounts to
ECGC within 30 days of
sanction, obtention of
formal approval from
ECGC in the required
cases
Reporting of default to
ECGC within the
prescribed time limit and
lodgement of claims with
ECGC within the
prescribed time limit,
lodgement of claims in
respect of Central/State
Govt. Guarantee accounts
Disbursement of EPC
without L/C or confirmed
order
Obtention of approval of
ECGC in cases where
packing credit is extended
beyond 360
days/prescribed time limit
and also for advance
beyond prescribed
discretionary limit except
in standard accounts

Delinking of overdue bills
and transferring past-due
bills/shortfall on
crystallisation
Incorporation of
amendments/additions/
cancellations from time to
time in the Manuals/FEDAI
Rules Book/Exchange
Control Manuals etc and
destruction of old
manuals.
Arranging for listing of
cards in eligible cases for
‘Hot Listing’ through HO.
Recommendation for
renewal of Cards on due
dates
Opening of Deposit
accounts as per the extant
guidelines
NSC/KVP/TDR/Monies
under Life Insurance
Policy, Shares, Other
Govt. Securities
pledged/assigned as
security in advance
accounts and
matured/fallen due for
payment but proceeds not
claimed/realised/credited
to the borrowal accounts
Non-conversion of foreign
currency liability into rupee
liability in cases where
exporter is unable to fulfil
his obligations or where
export has not taken place
within 360 days
Effecting remittances as
per the extant guidelines
Opening and monitoring of
SDV and Safe Custody
accounts as per the
prevailing guidelines
Handling/Record
maintenance of card
products like obtention of
proper application,
scrutiny, issue etc. of
Credit Cards/ATM Cards
etc.
Obtention of lawyer’s
opinion about title deeds in
cases where mortgage is
stipulated to ascertain the
validity of creation of
mortgage, obtention of
search report, obtention of
valuation certificate from
the approved Architect
along with the photograph
of the property, periodical
updation of valuation of
the property
Proper obtention of correct
documents in advance
accounts, proper
execution of security
documents such as filling
in completely, duly signed
by the borrowers/
guarantors in the proper
way, adequately stamped
as per the applicable
Stamp Act, properly
defaced
Mortgage creation/
extension, registration/
noting of charges with
appropriate authorities,
noting/registering of
bank’s lien/charges/
assignment with RTO,
Related Depts. Of Govt.
Offices/Undertakings
Conduct of CPA-1,2 and
closure thereof in big
eligible advances, vetting
of documents and also
conduct of CPA in
personal loan accounts
and other small loan
accounts as per the extant
guidelines

Obtention of renewal
documents within
stipulated time
Ensuring adequate
insurance to the assets
charged to the bank and
keeping record of policies
and also renewing the
policies on due dates
Claims made against the

bank through Consumer
Court/Other Courts/Other
Judicial Functionaries,
litigation with landlord of
the branch premises
and/or Manager’s
residence taken on lease
Quality of customer
service, redressal of
customer complaints,
maintenance of records for
complaints received,
redressed and pending,
moral behaviour of staff
members, customer
perception of the Bank
Availability of contingency
plan with proper
documentation and
circulation to all the staff
members to tackle
unanticipated incidents
such as communal
violence, riot, earth quake,
flood, etc. happening, if
any, in the case of branch
being situate in such areas
Execution/renewal of
lease deed of branch
premises
Maintenance of records for
cash safe keys,
documents safe keys,
branch keys for proper
handing over/taking over
Note: With regard to irregularities in documentation and other areas, the details of such
irregularities accounts-wise that have been audited should to be submitted in the format
provided in Annexure-IRR (a) and overall summary sheet in Annexure-IRR (b).
B. CONTROL RISK
1. Internal Control Risk:

31.03.200 31.03.200
(quarter/month)
……………
Sundry Deposits
Sundry Credits
Suspense Accounts (Debit)
G/L a/c – Security Deposits
Average Cash Balance
Furniture & Fixtures
Outward Bills For Collection
Inward Bills For Collection
Drafts Payable Outstanding
Drafts Payable O/s > 3 years

Payorders Issued Outstanding
Payorders Issued O/s > 3 years
Net Clear – Receivable
Net Clear – Payable
Clearing Difference –
Receivable
Clearing Difference – Payable
Drafts Paid Without Advice
GL a/c Subsidy Reserve Fund
GL a/c Proxy
GL a/c- Stamps & Stamped
Documents on Hand
Balance with SBI/Other Bank
Foreign Travellers Cheque
Offer comments on:

delegated powers –
sanction of advances/
expenses/ concessional
charges etc. within the
delegated authority;
TOL/TOD sanction as per
the extant guidelines (like
no TOD/TOL to be
sanctioned within 6
months of opening of
accounts, no TOL to be
sanctioned without
drawing power etc.) and
within the authority

Reporting of sanctions to
the next higher authority in
the stipulated manner
(Post Sanction Review
System) and format;
reporting of TOD/TOL
sanctioned beyond
delegated authority in
exceptional cases and
seeking
ratification/approval;
periodical reporting of
TOD/TOL sanctioned
within the delegated
authority
Periodical balancing of all
books/ledgers which are
manually operated; taking
monthly jottings of
balances, yearly printing of
ledgers etc. in the case of
computerised branches;
scrutiny of exceptional
transactions by the
Manager/authorised
official
records and follow-up for
OBC/IBC/ Drafts
Payable/DPWA/
Payorders issued,
Cheques/DW/IW entries
Periodical balancing of
entries in G/L a/c Security
Deposits, Sundry
Deposits, Sundry Credits,
Suspense Accounts (Dr.),
Subsidy Reserve Fund, Int
Pay, Interest Receivables
Follow-up for early wiping/
adjustment of outstanding
entries in Sundry
Deposits, Sundry Credits,
Subsidy Reserve Fund, Int
Pay, Interest Receivables,
Proxy (in the case of
Finacle branches),
Clearing Difference
(Receivable & Payable)
Weekly Reconciliation of
account with SBI/Other
Banks; obtention of
monthly balance
confirmation certificate;
weekly reconciliation of
Clearing Difference
Adjustment a/c, Net Clear,
Home Clearing
receipt of reports of Inter
Branch Reconciliation
from H.O; raising query
memorandum/follow-up for
unreconciled entries with
the concerned branches;
replying to the query
memorandum received
from other branches
Maintenance of Nostro/
Vostro accounts;
reconciliation of entries
Safe keeping of cash

under dual control;
maintenance of cash
within the stipulated level;
special approval obtained
for holding cash more than
the stipulated level
Sorting of cash; periodical

surprise verification by the
Manager/the authorised
official and maintenance of
records thereof;
maintenance of bait
money at all operational
points, safe, in transit;
maintenance of records for
movement of cash;
handling of petty cash with
proper accounting
Dual control and periodical
balancing of jewel/gold
packets; maintenance of
proper records for
movement of jewel
packets

Control over articles
received for safe custody,
control over safe deposit
vault accounts (record
maintenance, access to
the lockers etc.)
Proper record
maintenance of Cards
received from HO which
are yet to be delivered to
the applicant, dual custody
of Card Products,
destruction of the long
pending Cards as per the
extant guidelines
Proper scrutiny and
acknowledgement of
sensitive stationery items
(DD Books, TDR Books,
CAN, Draft Advices, CNs,
Payorder Books, DOs/
COs etc) including Stamps
& Stamped Documents
indented; immediate
accounting in the stock
register; dual custody of
the stock, conducting
surprise verification of the
sensitive stationery by the
Manager or the authorised
official at least once in 6
months
Maintenance of movement
register in the proper
manner for the sensitive
stationery items as and
when put in use and for
the security documents.
Maintenance/updation of
BranchDocument Register
Safe-keeping of Test
Keys wherever provided;
maintenance of proper
records for the used Keys;
efforts for deleting
unused/unrequired Keys
for a very long time
Safe keeping of Manuals,
FEDAI Rules Book,
Exchange Control
Manuals, Specimen
Signature Book, Oral
Assent Attendance
Register, Oral Assent
Register etc.

Proper record
maintenance for handing
over/taking over charge at
all applicable level of the
branch and reporting to
controlling authorities,
lodgement of duplicate
keys with other
branch/bank and record
maintenance thereof
Periodical conduct of Test
Checks by the Manager or
the authorised official in
the prescribed manner,
keeping records and
submission of report
thereof to the controlling
authorities
Proper record
maintenance of staff
attendance, leave
calculation, payment of
salary and other
allowances prompt
payment of rent
Proper maintenance of
records and numbering
pass book for Furniture &
Fixtures including the
Dead Stock and Furniture
at the residence of
Manager/Other officials,
numbering and periodical
physical verification,
disposal of unserviceable
items
records for AMCs,
Insurance Policies for
branch building, stationery
and furniture & fixtures
Control over old records/

files Vouchers, periodical
disposal of old records as
per the extant guidelines,
ambience of the branch
premises and also proper
maintenance of records
and control over other
stationery items

Proper record
maintenance for
newspapers/magazines
purchased, sale of old
newspapers, rent and
other charges (telephone,
electricity, taxes etc.) paid
Control over branch
security including
provision of armed guard
wherever necessary,
renewal of gun license,
periodical training to the
armed guards wherever
provided, fixing of Time-
Lock, provision of security
for cash lodgement/
withdrawal to/from other
branch/bank
Maintenance of secrecy
book, obtention of
signature of all the staff as
per applicable periodicity,
maintenance of customer
secrecy
Knowledge about
KYC/KYB norms, reporting
of suspicious cash
transactions/ money-
launderings, opening of
accounts with proper
introduction, obtention of
photographs, proof of
residence, monitoring of
transactions, particularly
huge volume, in newly
opened accounts,
monitoring staff accounts
for any extraneous credits
Perpetration of frauds,
involvement of staff if any,
progress of settling cases
with regard to fraud
detected prior to the
current audit period
2. Compliance Risk
Offer Comments on:

Compliance with IRAC
norms
Compliance with Priority

Sector Requirements
Timely submission of all

returns/statements
(BPR,CA-23,CCIS,BHP,R-
Returns, BEF/XOS
Returns, IBS, NRD-CSR,
ECB-2,5, ECB-PAR, ODR
LEC(NRI), LEC(FII),Sales
and Purchase of Foreign
Currency, BDS, ALM
statement etc.) with
accuracy
Obtention of Form
No.60/61 in all deposit
accounts, obtention of
Form A1,A2 etc. in forex
transactions, not- effecting
remittances against
acceptance of cash of
Rs.50,000/- and above,
obtention of PAN/ GIR No.
while effecting remittance
against acceptance of
cash of Rs.20,000/- but
less than Rs.50,000/- and
also in the case of
effecting remittances, non-
payment of proceeds of
TDR by way of cash if the
amount payable is >
Rs.20,000/- and obtention
of appropriate declaration
for payment below
Rs.20,000/-.
Periodical reporting of
cash transactions of Rs.10
lakh and above to the
controlling authorities.
Adherence to RBI’s
currency note policy (non-
stapling of currency notes,
issue of numbered and
signed receipt in the case
of detection of forged/fake
currency note etc.)
Conducting periodical
customer meetings,
customer service meetings
and sending the reports to
the controlling authorities,
conducting periodical
customer service audit
and sending reports to the
controlling authorities,
implementation of
Goiporia’s Committee
recommendations
Adherence to Fair
Practices Code on
Lender’s Liability
Display of time schedule

for transacting various
services, display of
important telephone
numbers, display of
important notices such as
prohibition of fire arms,
announcing the facility for
exchange of soiled/cut
notes, display of bank’s
various schemes and
rates of interest
applicable, announcement
of business timing,
provision of suggestion
box, setting up ‘May I help
you counter’ as per the
extant guidelines etc.

Pro-rata deduction of
income-tax/professional
tax etc. from salary and
other allowances paid to
staff members
Deduction of income-tax
on interest accrued/paid
on TDR in applicable
cases as per the extant
guidelines, obtention of
Form 15 G/H in the case
of non-deduction of tax in
eligible cases
Payment of service-tax
only on leviable items
under P&L Misc. Receipt
and also netting of
service-tax
Remittance of income-tax,
service-tax deducted at
source within the
stipulated time to the
credit of Govt. account,
payment of various
applicable taxes/charges
in time such as property
tax, tax under Shops &
Establishment Act
wherever applicable,
electricity/ telephone
charges, professional tax,
BCT tax etc.
Issue of TDS certificates
wherever taxes are
deducted, filing of annual
returns (Form-24,24-A,26
etc.) to the respective
authorities within the
stipulated time and
maintenance of proper
records for the same
RBI License, License
under Shops and
Establishment Act
(wherever applicable)

Compliance with Right To
Information Act
Compliance with Official

Language Act
Compliance with Govt.

Guidelines with respect to
Pension Payment, PPF
a/cs etc.
Compliance with FEMA

provisions
Conclusive compliance
with the previous audit
reports, compliance with
Monitorable Action Plan
Risk Based Audit Report
and/or Updated Risk
Profiles, compliance with
special
instructions/guidance etc.
provided by the controlling
authorities, Govt. Bodies,
LDM etc.
MONITORABLE ACTION PLAN SUGGESTED:
(Copy of the MAP to be attached to the Risk Profile also)
Parameter Risk
Level/
Direction Action Plan suggested for the purpose of drawing
assesse necessary action points and
d during implementation/monitoring of the same by
the audit Branch/Zonal Office respectively
1.CREDIT RISK
2.EARNINGS
RISK
3.BUSINESS
STRATEGY
RISK
4.OPERATIONAL
RISK
5.INTERNAL
CONTROL
RISK
6.COMPLIANCE
RISK
RISK BASED INTERNAL AUDIT RATING SHEET
Sr Category of Risk Maximum Marks Percentage Risk Rating

No Marks Awarded
Allowed Level/Trend
A BUSINESS RISK 600
1. Credit Risk 350
2. Earnings Risk 50
3. Business Strategy 50
Risk
4. Operational Risk 150
B CONTROL RISK 400
1. Internal Control Risk 250
2. Compliance Risk 150
C COMPOSITE RISK*
* The composite risk will be arrived at with the help of the following risk matrix
Risk Matrix
High A B Very
C
High Risk High Risk
Extremely
High Risk
Mediu D E F Very
Low G H I
Low Medium High
Control Risks

awarded
Low Over 75
Medium 50 – 75
High Below 50

Inherent Business

Risk
Control Risk
STABLE. Variation in the same category of more than +5% or –5% is considered
as DECREASING/ INCREASING as the case may be.
The above risk rating is approved.
(Signature of the Zonal Audit Chief)

Annexure -5
FORMAT OF EXIT MEETING REPORT
Branch : ____________________
Exit Meeting held on _______________
-------------------------------------------------
1. Date of Meeting :
2. Name and Designation of Officers who attended the meeting :
Audit Team Branch Officials
3. Period of Audit : From ______________ To ______________

4. Rating
Level/Trend of the last 2 assessments
Last Previous to Last
(Date ) (Date )
Business Risk
Control Risk
Composite Risk
5. a) Highlights of performance
Items Budget Achie- Remarks

/Target vement
Total Deposits
Low Cost Deposits
Advances
-of which
Priority Sector
Govt.Sponsored Prog.
NPA reduction
Operating Profit
Productivity per Last Current

employee Yr.
House-Keeping
Any Other Item,

(please specify)
b) Risk areas identified (a copy of the Monitorable Action Plan to be submitted to the
branch).
6. SWOT analysis on functioning of the branch :
Strength
Weakness
Opportunity
Threat
7. Branch views, if any.
Encl: Copy of Monitorable Action Plan
Copy received.
Branch In-Charge (Signature of the Team Leader)

………………..Branch
Place:
Date:
Annexure-6
MARK SHEET
Branch : _______________________ Zone: _______________

Class/Category : _______________________
Audited From : _______________To: _______________
Sr. Parameters for awarding marks Maximum Marks

No. marks allowed awarded
A. BUSINESS RISK 500
I. CREDIT RISK 300
1. Conduct of effective pre-sanction inspection of new
accounts covering proper identification of borrowers,
scrutiny of their antecedents/financial status by
obtaining CBD-23 with documentary evidence,
obtention of status report/no due certificate etc.
involving
More than 90% of the sanction amount 10
Between 75% and 90% 6
< 75% 3
2. Quality credit appraisals in the new accounts with
Proper analysis of various ratios and need based
involving
< 90% 3
3. Customer compliance with terms of sanction in the
New accounts involving
< 90% 3
4. Accounts becoming irregular within 3 months of
disbursement in Secured Loans & Advances in new
a/cs. other than loan against TDR & Staff a/cs.
sanctioned after last audit involving amount of
<3% of such total new disbursements 6
Between 3% to 5% 4
More than 5% 0
5. Accounts becoming irregular within 3 months of
disbursement in Partially Secured/Clean Loans &
Advances in new accounts other than staff accounts
sanctioned after the last audit involving amount of
< 1% of such total disbursement 6
1% to 3% 4
More than 3% 0
6. Trend of NPA in new advances for the last 3 years in
Secured Loans & Advances
Upto 2% 10
2% to 5% 6
More than 5% 3

7. Trend of NPA in new advances in
Clean/Partially Secured Loans & Advances
Upto 1% 10
1% to 3% 6
More than 3% 3
8. Disbursement of new advances in the available
potentials areas/sectors/segments taking into
account the past experience:
Well spread over 6
Fairly spread over 4
Concentrated in particular area/s only 2
9. Total secured advances
More than 95% 8
< 90% 4
10. Distribution of total secured advances in the
available potential areas
Well spread over 6
11. Satisfactory conduct of big-ticket advances (say >
10% of the total advances in a single account)
covering
> 90% of the total exposure of all big-ticket
advances 10
between 60% and 90% 6
< 60% 3
12. Exposure of Forex Business taking into coverage of
ECGC guarantee in eligible accounts involving
> 95% of eligible advances 6
< 90% 2
13. Ensuring quality appraisal/review of accounts by
way of analysing correctly the financial data/
Balance Sheet, CMA data etc wherever applicable
Involving
More than 95% of the total advances 10
< 90% 3
14. Credit rating exercise is carried out in the eligible
Accounts involving
More than 95% of the total eligible advances 10
< 90% 3

15. Yearly review of accounts in the accounts involving
< 90% 3
16. Periodical post-disbursement inspections as per the
stipulated intervals in accounts involving
< 90% 3
17. Customer compliance with terms of sanction is
ensured in the accounts involving
< 90% 3
18. Availability of securities including collaterals in the
case of suit filed accounts covering to the extent of
> 95% of the suit filed amount 10
< 90% 3
19. Identification and restructuring of accounts before
becoming NPA in eligible cases involving
More than 95% of the eligible advances 6
< 80% 2
20. Correct asset classification including watch list
a/cs. is carried out in the eligible accounts involving
< 90% 3
21. NPA level in absolute terms as compared to the
position as at the last audit
Decreasing 6
Stagnant 4
Increasing 2
22. NPA concentration is
Well spread over in various 6

sectors/segments/activities 4
Fairly spread over in various 2
sectors/segments/activities
Concentrated in one or two
sectors/segments/activities

23. Quantum of NPA level to the total advances
< 1% 10
Between 1% and 3% 6
> 3% 3
24. Available Security level of NPA covering
> 95% to the total NPA advances 10

< 90% 3
25. Adequacy of provision for NPAs
Correctly provided 6
Excess-provided 4
Under-provided 2
26. Periodical inspection of securities in NPA accounts
involving amount of
> 95% total NPA advances 10
< 90% 3
27. Insurance level of securities including collaterals in
NPA Accounts involving amount of
> than 95% of eligible NPA advances 10

< 90% 3
28. Cash recovery ( by way of compromise, OTS,
invocation of SARFAESI Act, RRC Act etc.)
> 75% of the budgeted level 10

< 50% 3
29. Upgradation of NPA accounts involving

< 50% 2
30. Age of the decrees obtained pending for execution
< 2 years 6
Between 2 and 5 years 4
> 5 years and above 2

31. Availability of security coverage including the
stipulated Margin to Letters of Credit
> 95% of the sanction/outstanding amount 6
< 75% 2
32. Devolvement of Letters of Credit (during the period
covered under audit) amounting to
<5% of the total amount of L/Cs issued during the
period covered under audit 6
> 10% 2
33. Availability of security coverage including the
stipulated margin to Gurantees Issued
> 95% of the sanction/outstanding amount 6
< 75% 2
34. Invocation of Guarantees Issued (during the period
covered under audit) amounting to
< 5% of the total amount of Guarantees issued
during the period covered under audit 6
> 10% 2
35. Pendency of reversal of liabilities of expired
guarantees/LCs etc involving amount of
< 2% of the total L/Cs/Guarantees issued
outstanding 6
Between 2% and 5% 4
> 5% 2
36. Recovery of the amount of claim paid on devolved
L/C, invoked Guarantee etc. from the borrower/
customer within 7 days involving
> 95% of the total claim settled 10
< 90% 3
37. Crystallization of other contingent liabilities like
Acceptances, endorsements, forward exchange
contracts etc. (other than L/C, Guarantees) to the
extent of
< 2% of the total of such other liabilities 6

Between 2% and 5% 4
> 5% 2

II. EARNINGS RISK 40
1. Trend of Net Interest Margin (Interest Received –
Interest paid)
> 2.5% 4
Between 0% to 2.5% 2
Negative 0
2. Non-Interest Income
Equal to or > non-interest expenditure 3

< non-interest expenditure to the extent of 10% 2
< non-interest expenditure to the extent of > 10% 1
3. Trend of write-off (to the level of NPA as on last
year)
< 1% 4
Between 1% and 3% 2
> 3% 0
4. Recovery in written-off accounts
> 15% of the written-off amount outstanding 4

Upto 15% of the written-off amount outstanding 2
No recovery 0
5. Controllable expenses
Not increasing or increasing in proportion to the
business requirements 4
Moderate increasing more than in proportion to
the business requirements 2
Exorbitantly increasing 0
6. Revenue Leakage Detected
No Revenue Leakage detected 4

Upto Rs.10,000/ in Large & above Branches; Upto
Rs.5,000/- in Small & Medium Brs. 2
> Rs.10,000/- in Large & above Branches; >
Rs.5,000/- in Small & Medium Branches 0
7. Recovery of Revenue Leakage detected
Recovered > 90% of the amount detected

Recovered between 50% and 90% of the amount 4
detected 2
No recovery effected or recovery effected only upto
50% of the amount detected 1

8. Repetitive nature of revenue leakage happening in
the same accounts
Nothing noticed. 2
Noticed in the current audit and in the last audit 1
Noticed in the current audit and also in the last 2 0
audits
9. Recovery of UCI/URI
Recovered > 90% of the outstanding amount 4

Recovered between 50% and 90% of the 2
outstanding amount
Recovered upto 10% of the outstanding amount or 1
Nil recovery
10. Achievement of operating profit budget
Achieved 4
Achievement falling short by < 10% 2
Achievement falling short by > 10% 1
11. Trend of profit per employee compared with the
position
of the last half-year
Increasing 3
Stagnant/Decreasing very nominally due to change 2
of staff strength
Decreasing significantly 0
III. BUSINESS STRATEGY & ENVIRONMENT RISK 40
1. Exploitation/usage of geographical/locational
advantage for growth of business
Maximum 4
Moderate 2
Insignificant/Nil 1
2. Availability of business potentials other than the
poverty
alleviation schemes such as SHG, PMRY,
MPBCDC,
THADCO etc. in the area of operation of the branch 4
2
Plenty 0
A limited extent
No potentials

3. Major economic activity of the centre and the trend
of the share of the branch business to this sector
Increasing 4
Stagnant 2
Decreasing 0
4. Knowledge of the branch officials about the bank’s
products vis-à-vis market condition as regard to
available potentials
Fully aware of 4
Partially aware of 2
Not aware of 0
5. Knowledge of SWOT analysis for the branch as well
as for the competitors
Full knowledge 4
Some knowledge 2
No knowledge 0
6. Rating of customer service
Excellent 4
Satisfactory 2
Poor 0
7. Achievement of Deposits and Advances at the
Budgeted level
Fully achieved or achieved more than 90% of the 6

Budgeted level in all the above areas segment-wise
Achieved between 50% and 90% 4
Achieved < 50% or not achieved in any or all the 2
areas
8. Business growth observed is due to
Vigorous convassing done by initiating suitable 4

strategy 2
Dependence on Walk-in-Business only 0
No growth
9. Formation of suitable business strategy taking into
Confidence
The entire staff members 2

Only a selected staff members 1
No strategy is formed 0

10. Adequacy and compatibility of IT systems with
business needs including availability of facilities like
MBB, ATM, Telebanking, Internet banking etc.
wherever applicable
Commensurate with the business available in all

potential areas 4
Adequate for only for carrying out certain type of
business whereas potentials are available for many 2
other business
Inadequate for any business 0
IV. OPERATIONAL RISK 120
1. Positioning of staff in key areas (allocation of duties)
as per their competency
Good 4
Satisfactory 2
Poor 0
2. Periodical rotation of staff (wherever possible)
As per the stipulated interval 4

Rotation takes place but not in the stipulated interval 2
No rotation has taken place for the last 3 years 0
3. Imparting suitable training/guidance to staff for
acquiring updated knowledge in the day to day
functioning under the computerised environment
from the risk perspective
All the staff members are properly trained in the day 4

to day functioning from the point of risk perspective
Only supervisory staff are trained 2
No staff member is imparted suitable training 0
4. Frequency of execution errors in transaction such as
wrong posting of vouchers, non-effecting
remittances though value already received,
settlement errors like overlooking value date/correct
exchange rate etc.
Nothing noticed 4
Noticed on a very few occasions 2
Noticed on many occasions 0
5. Access to server room/UPS room etc.
Strictly restricted always 4

Not restricted sometimes 2
No restriction; free access to all 0
6. Off-site storage of back-ups (in the case of CIBEX
branches)
Always 4
Sometimes 2
Never 0
7. Maintenance of records for allotment of user level
code, control over changing of user level as per the
requirement
Strictly implemented 4
Sometime 2
Never 0
8. Awareness/monitoring the lapses in workflow/lapses
leading to operational problems (like keeping
cheque books on counters, not-logging out of the
computer system when not in use or when the
operator leaves the terminal etc.)
Nothing noticed 4
Very rarely noticed 2
Lapses noticed on many occasions 0
9. Awareness of Disaster Recovery Plan/Business
Continuity Plan
All the staff-members are aware of 4

Only a few members are aware of 2
No one is aware of 0
10. Frequency of systems failure, programming errors
etc.
Never occurred 4
Some times occurred 2
Very frequently occurred 0
11. Processing of request of customers in the areas of
deposits, advances and other misc. services
Strictly processed and carried out as per the 4

customers’ request
Some deviations taken place but rectified at the 2
earliest possible time
Gross violation 0

12. Adherence to manual of
instructions/guidelines/circulars etc. with regard to
operational matters in the day-to-day functioning of
the branch such as obtention of proper application,
preparing necessary memorandum/
Proposal etc.
Strict adherence at all times 4
Minor deviations noticed but branch has not incurred 2
any loss in this regard
Gross violation 0
13. Frequency of violation of operational controls (like
exceeding limits, allowing concessions/waiver of
charges without proper justification.)
Nothing observed 4
14. Defects-free documentation including creation of
Mortgage/registration of charges in the accounts
Involving
More than 95% of the disbursement/sanction amount 6

< 90% 2
15. Serious irregularities noticed in the execution of
security documents covering
< 5% of the total advances 6

> 10% 2
16. Enforceability of security documents including
Mortgages in NPA accounts involving amount of
> 95% total outstanding NPAs 6

< 90% 2
17. Enforceability of documentation including mortgages
and registration of charges covering
> 95% of the total advances 6

< 90% 2

18. Renewal documents not obtained in stipulated time
covering
< 5% of the total advances 6

> 10% 2
19. Availability of insurance coverage of securities
Including the collaterals in the eligible accounts as
per the terms of sanction involving
More than 95% of the disbursement/sanction amount 6

< 90% 2
20. Conduct of CPA-1 & CPA-2 and closure thereof in
Eligible accounts
Conducted and closed in all in eligible accounts 6

Not conducted and closed in a few accounts but the 3
accounts are regular
Not conducted in any eligible account 0
21. Vetting of documents in eligible accounts
Vetted in all eligible accounts 4

Not vetted in a few accounts but the accounts are
regular 2
Not vetted in any eligible account 0
22. Any suit/s filed against the branch by customers,
counterparties or third party service providers
No suit is filed
Suit/s filed against the branch but settled without any 4
loss or very nominal loss to the branch 2
Suit/s pending against the branch or suit/s settled
with a substantial loss to the branch 0
23. Customer perception of the branch, quality of
customer service, quick redressal of customer
complaints
Good 6
Satisfactory 4
Unsatisfactory 2

24. Inherent threat for the branch being situate in
earthquake prone, riot prone, naxalite/terrorist
infested, communal violence, flood prone area
Not applicable 4
Rarely 2
Frequently 0
25. In the case of any or more of the above threats
applicable, then contingency plan for tackling the
same is
Prepared and all the staff members are aware of
the same 4
Available in records; but some or most of the staff
members are not aware of the same 2
Not at all prepared 0
26. Execution/renewal of lease deed of the branch
premises
Executed/renewed and valid 4
Expired recently and matter taken up for extension 2
Not at all executed/renewed for a long time 0
B. CONTROL RISK 250
I. INTERNAL CONTROL RISK 150
1. Exceeding of delegated authority whether in original
sanction and/or allowing TOD/TOL
Never 6
A very few occasions 3
Very often 0
2. Reporting of TOL/TOD sanctioned beyond authority
to the concerned controlling authority for ratification/
approval
Always reported 6
Reported on very few occasions 3
Never reported 0
3. Reporting of advances sanctioned within the
authority to the controlling authority with a copy of
the sanctioned proposals (of > Rs.2 lakh)
Every Month reported 4

Reported only for a few months 2
Never reported 0
4. Monthly reporting of TOL/TOD sanctioned within the
Authority
Always reported 4
Reported on very few occasions 2
Never reported 0

5. Periodical balancing of books/ledgers which are not
computerised
All the books/ledgers are being balanced periodically 4

Balancing is done only in few areas/only on few 2
occasions
All the books/ledgers are not being balanced for a 0
very long time
6. Follow-up for outstanding Drafts, DPWA, OBC/IBC/
BP/BD/Cheque Purchase/Collection entries including
foreign currency items, India Card payments,
pension payments etc.
Constant and effective follow-up is carried out on an 4

ongoing basis
Lopsided follow-up is done. 2
Very rare follow-up/No follow-up is done 1
7. Periodical reconciliation/balancing of entries in
Suspense Accounts (Dr.), Sundry Deposits and
Sundry Credits accounts
Carried out periodically and nothing pending 4

Carried out only on few occasions and the report 2
received recently only is pending
Not carried out periodically and entries outstanding 1
for more than 6 months (except the allowable
entries)
8. Follow-up for entries in Suspense Accounts (Dr.),
Sundry Deposits and Sundry Credits which are
outstanding for more than the reasonable time limit
Effective follow-up is being done and entries are 6

cleared within a reasonable time
Insufficient follow-up and entries are not 3
cleared/cleared after a considerable delay
No follow-up 0
9. Pendency of Inter-Branch/Inter-Bank, Nostro/Vostro
Accounts reconciliation report
No report/s pending 4
Report/s pending for less than one month 2
Report/s pending for more than one month 0

10. Dual custody of cash and periodical surprise check
of cash
Always 6
Not found on one or two occasions 3
Not found always 0
11 Holding average cash (for the period covered under
audit)
Always within the retention limit 6

Exceeds the retention limit sometimes 3
Always more than the retention limit 0
12. Clearance of entries pertaining to cash

withdrawal/cash lodgement from another branch and
or currency chest and or other bank
Cleared on the same day or the next day depending 6

upon the location
Pending for more than one day but less than one 3
week
Pending for more than one week 0
13. Maintenance of pass books for cash key holding and
cash movement within the branch
Strictly maintained 4
Not maintained on one or two occasions but no 2
damage done
Not maintained always 0
14. Dual Control and periodical balancing of jewel/gold
Packets, maintenance of proper records for
movement of jewel packets
Always adhered 6
Mostly adhered , but no damage done so far 3
Never adhered to 0
15. Control over safe custody accounts, safe deposit
lockers and other miscellaneous services including
proper records maintenance of India Cards, ATM
Cards etc. received from HO, safe keeping of Cards,
destruction of long pending cards as per the extant
guidelines
Good 4
Just satisfactory 2
Poor 0

16. Scrutiny of stock of sensitive stationery items
immediately on receipt of the same and entering
into the stock register and also acknowledging the
receipt promptly with notification of discrepancies
observed, if any
Strictly carried out immediately on receipt 6

Carried out with a little delay, say one week 3
Pending for a long time 0
17. Dual custody of sensitive stationery items
Always maintained 6
Kept under single custody only 3
No custody available 0
18. Maintenance of updated movement register for
sensitive stationery items in the prescribed form
whenever such items are put on use and also
maintenance of movement register for other security
documents
Strictly maintained whenever used 4

Maintained not in the prescribed form or maintained 2
only on few occasions
Not maintained at all 0
19. Maintenance of Branch Documents Register with
updated information
Maintained with updated information 2

Maintained but not updated 1
Not maintained 0
20. Safe keeping of Test Keys wherever provided,
Manuals, FEDAI Rules Book, Exchange Control
Manuals, Specimen Signature Book, Oral Assent
Attendance Register, Oral Assent Register etc.
All are kept under dual control 4

Only a few are kept safely. 2
Nothing is kept safely. 0
21. Carrying out periodical Test Checks effectively and
reporting the findings to the controlling authorities
and maintenance of record thereof
Regularly carried out as per the extant guidelines 4
Carried out at but not at the stipulated intervals 2
Not carried out for a very long time, say > 1 year 0

22. Maintenance of updated staff records inclusive of
attendance, leave record, LFC payments, salary
payments etc
No discrepancy noticed 6
One or two minor discrepancies noticed 3
More discrepancies (minor and major) noticed 0
23. Payment of rent, other taxes and other charges and
maintaining proper receipts for the same
Paid on due dates promptly 4

Paid with a little delay with some minor fine 2
Not paid or paid with considerable delay 0
24. Numbering and maintenance of proper records for
furniture & fixtures including dead stock and furniture
provided at the residence of the branch officials;
periodical physical checking and maintenance of
record therefor; disposal of unserviceable items
Strictly done and no deviation noticed 4

Some minor deviation/s noticed 2
Gross deviations noticed or not at all carried out 0
25. Control over AMC including refilling of fire
extinguishers
Periodically renewed strictly 4

Renewed but with some delay 2
Pending for a long time, say > 6 months 0
26. Control over old
records/vouchers/files/ledgers/registers etc.
Very good 4
Satisfactory 2
Unsatisfactory 0
27. Security aspects of cash movement within the
branch, while effecting cash remittance/withdrawal
to/from currency chest/other branch/bank as per the
extant guidelines
Strictly adhered to always 4

Deviation/s noticed on one or two occasions 2
Gross violation noticed 0
28. Control over branch security like presence of armed
guard (positioning at proper place) wherever
applicable with gun, chaining the main collapsible
gate in such a way that only one person at a time
can pass through, fixing of Time-Lock wherever
applicable
Strictly exercised 4
Violation on one or two occasions noticed 2
29. Safe custody of gun, obtention/renewal of gun
licence; maintenance of register for gun cartridges
purchased/fired during the training given to the
armed guard; periodical training of armed guard
wherever posted
Strictly carried out as per the extant guidelines 4
Deviation on one or two occasions noticed; but no 2
harm done
30. Obtention of proper introduction and verification of
the introducer’s signature at the time of opening
deposit accounts
Obtained always properly 4
Not obtained in a few accounts 2
Not obtained in many accounts 0
31. Obtention of photographs, proof of address etc. of
the depositors/borrowers/guarantors
Strictly obtained in all the accounts 4
Not obtained in some accounts 2
Not obtained in many accounts 0
32. Authentication/approval of account opening forms by
authorised official along with signature code number
and also monitoring transactions in newly opened
accounts, particularly huge transactions
Always obtained and monitored 4
Not obtained in a few accounts and inadequate
monitoring 2
Not obtained in many accounts and no monitoring 0
33. Perpetration of frauds including computer related
frauds
No fraud has occurred in the branch so far
Detected in the past and matter settled without any 4
loss or with minimum loss to the bank or matter is
still pending for settlement 2
Detected pertaining to the period covered under
audit 0

II. COMPLIANCE RISK 100
1. Adherence to IRAC norms
Strictly adhered to 6
Gross violation 0
2. Compliance with the priority sector requirements
(with regard to achieving the targets given in this
regard)
Requirement fulfilled as budgeted 4
Falling a little short of requirement 2
Wide variation noticed 0
3. Submission of control returns (BPR,CCIS,CA-
23,ALM statement, TOD/TOL statement, R-Returns,
BHP, BEF/ XOS Returns, IBS, NRD-CSR. Sales and
Purchases of Foreign Currency, BDS etc.) in time
after ensuring accuracy
All the statements are submitted in time with
accuracy 4
Only a few statements are submitted in time and
or some minor discrepancies noticed 2
Delayed submission of statements or non-
submission and/or more discrepancies noticed 0
4. Adherence to guidelines while issuing TTs/DDs/MTs/
Payorders etc. (issue of DD/MT/TT etc. for
Rs.50,000/- and more against cheque payment only
And not accepting cash; obtention of PAN/GIR No.
etc in the case of issue of DD/TT/MT etc. >
Rs.20,000/- on acceptance of cash and for >
Rs.50,000/- against cheque); non-payment of
Proceeds of TDR by way of cash if the amount
Payable is Rs.20,000/-and obtention of appropriate
Declaration for payment below Rs.20,000/- in cash.
Strict adherence always 6

Deviation on a few occasions 3
Deviation on most of the occasions 0
5. Reporting of cash transaction of Rs.10 lakh and
above to the controlling authorities
Reported strictly as per the stipulated periodicity 6

Reported but not strictly as per the stipulated
periodicity 3
Not reported in toto for more than 3 months 0

6. Obtention of Form No.60/61 in all deposit accounts,
obtention of Form A1, A2 etc. in forex transactions

Deviation on a few occasions 2
Deviation on most of the occasions 0
7. Adherence to RBI’s clean currency policy (sorting of

issueables and non-issueables, non-stapling of
currency section/bundle, exchange of soiled notes
tendered by the customers etc.)
Strictly adhered to. 6
Adhered but some minor variation/s observed 3
Not adhered. 0
8. Issue of numbered and signed receipt in the case of

detection of forged/fake currency note/s and
reporting thereof to the concerned official/s
Strictly enforced 4
Enforced with some deviation 2
Not implemented 0
9. Conducting periodical customer meeting and

sending the minutes to the controlling authorities
Periodical meetings conducted and minutes sent to 6

the controlling authorities
Meetings conducted but not as per the periodicity 3
and minutes sent to the controlling authorities
Meeting not conducted for a very long time and/or
minutes not sent to the controlling authorities 1
10. Conduct of periodical customer service audit by the

authorised official of the branch
Conducted as per the periodicity and report sent to 4

the controlling authorities
Conducted but not as per the periodicity and reports 2
are sent to the controlling authorities
Not conducted for a very long time and/or reports are 1
not sent to the controlling authorities

11. Display of the important exhibits as instructed by HO
such as time-schedule for various services, notice
prohibiting entry of fire arms, important addresses
and telephone numbers, branch name board as per
the specification, provision of ‘May I Help You
Counter/ Grahak Bandhu Desk’ in applicable areas
and other exhibits advised from time to time)
All the required exhibits are displayed 4
A few exhibits are not displayed 2
Majority of the exhibits are not displayed 1
12. Deduction of Income-Tax, Fringe Benefit Tax,
Professional tax etc. as stipulated ( ie; pro-rata on
monthly basis from the salary paid to the staff;
deduction at the prescribed rate from interest
accrued/paid on TDR as the per prevailing Income-
Tax Act);
Strictly enforced 4
Some minor deviation/s noticed; but no loss/ 2
penalty incurred
Gross deviations noticed 0
13. Obtention of Form No.15 G/H in eligible accounts
and submission of the copy of the same to the
concerned ITO
Obtained in all eligible accounts and copies sent 4
to the concerned ITO
Obtained in all eligible accounts and copies not 2
sent to the concerned ITO
Obtained only in a few eligible accounts and 1
copies not sent to ITO or not obtained in any
eligible accounts
14. Remittance of TDS to the credit of Govt. account
Effected within 7 days from the date of deduction 6
Effected with a little delay on a few occasions 3
Effected after considerable delay 0
15. Remittance of service-tax (after netting), BCT Tax,
Professional Tax, Tax under Shops & Establishment
Act, Property Tax and other applicable taxes/
charges within the stipulated time to the concerned
authorities
Always remitted within the stipulated time 4
Remitted with delay on a few occasions, but no 2
penalty levied
Always remitted with considerable delay 0

16. Issue of TDS
Issued suomoto to all the concerned persons from 4

whose accounts tax is deducted and record is
maintained in this connection
Issued only on demand to the concerned persons 2
Not issued to any person other than the staff 0
17. Submission of Annual Return (Form No.24, 26 etc.)
Submitted within the stipulated time meticulously 4

Submitted with a little delay (say a week or so) 2
Submitted with considerable delay or not submitted 1
18. Compliance with requirements under Official
Language Act, Right To Information Act
Strictly enforced 4
Lopsided implementation 2
Gross violation 0
19. Compliance with FEMA provisions
Adherence with some minor deviation 2
Adherence with major deviations or non-adherence 1
20. Obtention/periodical renewal of License under Shops
& Establishment Act wherever applicable
License under S&E Act obtained/renewed 4
periodically
License overdue for renewal 1
License not at all obtained 0
21. Compliance of audit reports
Complied with conclusively and effectively in time 4

without any exception
Complied with a few exceptions for which follow-up 2
is not adequate
Not complied with/compliance is not conclusive in 1
toto
22. Compliance with MAP suggested in the previous
RBIA report and/or the periodically updated profiles
Conclusive compliance of all points 4

Complied only a few points 2
Not complied with any point 0
Sr Maximum Marks Risk Rating

Category of Risk Percentage
No Marks Allowed Awarded Level/Trend
A BUSINESS RISK 500
1. Credit Risk 300
2. Earnings Risk 40
3. Business Strategy Risk 40
B CONTROL RISK 250
C COMPOSITE RISK*
Risk Matrix
High A B C Very
High Risk High Risk
Extremely
High Risk
Mediu D E F Very
Low G H I
Low Medium High
Control Risks

Risk Percentage of Marks awarded
Low Over 75
Medium 50 – 75
High Below 50

Inherent Business Risk

Control Risk

Annexure-I
Broad parameters for issue of Special Letters/Special Observation Reports
A. Advances:
1. Advances granted to apparently fictitious borrowers.

2. Double financing against same securities.
3. Sanctioning/Granting borrowing and/or non-borrowing facilities without obtaining
credit report/despite adverse credit report from previous bankers
4. Disbursement of credit facilities without preparation of proposals/before
complying with the terms of sanction without reporting to the Controlling
Authority.
5. Injudicious use of delegated authority or lending (including
overlimit/temporary overdrafts) in excess of delegated authority without reporting
to Controlling Authority.
6. Continuation of overlimits/temporary overdrafts despite the accounts being
sticky, even at the time of audit, although such borrowers are not adhering to
minimum financial discipline (i.e. they are not submitting stock/book-debt
statement, Balance Sheet, Profit & Loss Accounts, QIS, MSOD etc.)
7. Non-creation of security/non-obtention of title deeds; delivery of title deeds
(lodged by way of simple deposits/equitable mortgage) without proper approval;
non-registration of charge/not noting bank’s lien on assets with the
concerned authorities within a reasonable period/prescribed time-frame.
8. Non-obtention of important security documents in large number of accounts/for
large amounts; keeping documents incomplete; documents found defective;
non-obtention of renewal documents within stipulated/limitation period and
letting the documents to get time-barred.
9. Weak monitoring and control over advances accounts resulting in large scale of
diversion of funds, increase in NPAs., loss of revenue etc.
10. Steep increase in lending to any particular category/group of borrowers/
indiscriminate lending despite laxity in control on advances.
11. Sudden depletion in value of securities in advances accounts noticed during
Inspection conducted by auditors/branch officers during the course of audit/loss of
security.
12. Issue of Clean Letters of Credit against sanction on DP/DA terms; issue of
guarantees without limitation clause in the absence of approval by competent
authority
13. Misappropriation of funds / diversion of funds / suspected fraud.
14. ‘Kite flying’ operations in a group of accounts at the same branch or linked to
number of branches/other Banks.
15. Purchase or discount of ‘house bills’ without appropriate sanction/bills from
customers with whom past experience was unsatisfactory.
16. Returned bills which remain overdue for a long time/not found in the custody of
the branch though the advance remains outstanding.
17. Acceptance of Lorry Receipts of transport operators who are not in the approved
list without permission of / reporting to competent authority.
18. Purchase or discount of ‘clean bills’ under sanction of ‘DP/DA’ bills limit.
19. Non-transfer of large number/amount of overdue bills to ‘G/L a/c.Past Due Bills’.
20. Securities (paper securities such as TDR, NSCs, KVPS, LIC Policies etc.) and/or
security documents missing/non-traceable
B. OTHER AREAS:
1. Gross violation of Govt./RBI/FEMA guidelines/regulations.

2. Shortage of cash.
3. Securities missing in safe custody accounts.
4. Sensitive stationery items viz; CAN pads/demand draft/cheque/TDR books/
leave(s) etc. missing from custody.
5. Staff: Unusual transactions in staff accounts; misrepresentation/misuse of
facilities (including India Card facility).
6. Non-reconciliation of Net Clear, Clearing Difference Adjustments Account, Nostro
Account, Account with SBI/RBI/Other Bank(s) for period exceeding six months.
7. Violation of security norms for computer assets i.e. hardware, software, data etc.
8. Non-adherence of extant guidelines in the case of safe deposit vault lockers
which are not operated for a very long time and also rent is overdue for quite a
long time.
Note: The above list is only illustrative and not exhaustive. The Auditor may write a
Special Letter/Special Observation Report on any irregularity/malpractice which is grave
enough and warrants writing of such SL/SOR to protect the Bank’s interest However,
before writing a SL/SOR, it should be checked that the irregularity proposed to be
covered in the SL/SOR had not been reported to the Controlling Office earlier by branch
itself even before the audit. In case where such reporting has been made by the branch
but no action was initiated/no confirmation was accorded by the controlling authority, an
SL/SOR may be sent to Zonal Authorities.
Annexure-IRR(a)
Name of the Account: ---------------------------------------------------------

Estd. on: -------------------------------------
Advance since: ---------------------------- Credit Rating: -------------------
Group: ----------------------------------------------------------------------------
Name of the Main Person: ------------------------------------------------------
Nature of Activity: ---------------------------------------------------------------
Consortium Leader: -------------------------------------- Our Share: ------%
Other Members: ------------------------------------ Share: -------%
------------------------------------ Share: -------%
------------------------------------ Share: -------%
Last Annual Consortium Meeting held on: --------------------
Last Quarterly Review Meeting held on : --------------------
Periodicity for Statement of Security: ------------------- Last submitted on: --------------
Periodicity for Inspection: -----------------------------------
Last inspected by the branch on: ---------------- by Consortium Member on: -----------
Joint Inspection on: ---------------------- Stock Audit Report dated: ----------------------
Nature of Collateral Security (in brief): -------------------------------------------------------------
---------------------------------------------------------------------------------------------------------------
Value: (Rs. in lakh) ------------- as on ---------------- as per valuation report dt.-------------
Equitable/Legal Mortgage created on: --------------- Insurance of collateral security
valid upto: ---------------
Types of Facility:
Sl. Type of Limit Amt. Authority Nature of Last Insurance

No Facility Sancti O/s & Date of Primary Renewal valid upto
oned as on Sanction/ Security Document
(Rs. in --------- Review & Value Date
lakh) (Rs. in (Rs. in
lakh) lakh)
Section A: (Grave and serious irregularities)
Section B: (Other irregularities)
Annexure-IRR(b)
1. Summary of Grave and Serious Irregularities:

(Rs. in lakh)
Sl. Type of Irregularity No. Outstanding

No. of
A/cs.
1. Limits sanctioned without proper application in the
prescribed format
2. Limits sanctioned without obtaining credit report/despite
adverse credit report from previous bankers
3. Limits disbursed but proposals not prepared
4. Advance sanctioned/disbursed beyond delegated
authority and not reported to Controlling Authority
5. Disbursement effected without pre-sanction / pre-
disbursement inspection
6. Disbursement effected before compliance of terms of
sanction, without the approval of Competent Authority
7. Double financing against the same securities
8. Overlimit business sanctioned beyond delegated
authority and not reported to Controlling Authority
9. Security documents not obtained/charge not registered,
where applicable, for overlimit for a period of 30 days
and above
10. Principal security documents not obtained/not available
11. Renewal documents not obtained within stipulated
period
12. Principal security obtained but lien not noted/registered
with concerned authorities (NSC/KVP/TDR etc.)
13. Security documents defective as regards stamp
duty/execution
14. Security documents unfilled/partly filled in
15. Defective Mortgage
16. Mortgage stipulated as pre-condition but advance
disbursed without compliance/without approval of
Competent Authority
17. Undertaking to create equitable mortgage obtained as
per terms of sanction but mortgage not created though
time limit permitted is over
18. Declaration of mortgage not sent to revenue authorities
within stipulated period in agricultural advances

No. of
A/cs.
19. Charge on vehicle not filed/registered with RTO
20. Charge not filed with Registrar of Companies/
Assurances / Other Competent Authorities within
stipulated period
21. Lien on flats/shops/Industrial premises in CHS not
registered with the Society
22. Collateral Security released/not obtained/separate
advance allowed there-against without prior approval of
Competent Authority
23. NSCKVP/Monies under LIC Policy pledged/assigned as
security matured/fallen due for payment but proceeds
not realised/credited to borrowal account
24. Security not insured/insurance not renewed
25. Security grossly under insured
26. Security grossly inadequate/overvalued
27. Bills accompanied by lorry receipts of unapproved
transport companies purchased without proper sanction
28. House bills/cheques purchased without specific
provisions in sanction terms/prior approval of
Competent Authority
29. Bills returned unpaid remain overdue
30. Returned bills not found in custody of the branch though
amount remains outstanding/unpaid
31. Purchase/Discount of clean bills under sanction of
DP/DA limits
32. Overdue bills purchased/ discounted/ negotiated/
receivable not transferred to relative G/L A/C-Past Due/
not delinked
a) Inland
b) Foreign
33. Securities pledged i.e. shares/NSC/KVP/TDR/LIC Policy
etc. not traceable
34. Decree expired
35. Decree obtained but petition for execution not filed
36. Gross violation/non-compliance of directives of
Govt./RBI
37. Refinance/subsidy/ECGC cover etc. not applied for,
though eligible
38. Shares against whom advance sanctioned, held in
physical form without de-matting
39. Commitment under invoked guarantee not honoured/not
reported to Competent Authority/approval not obtained
for not honouring
40. Diversion of funds noticed
41. Any other major irregularities (specify) including
accounts causing concern
2. Summary of Other Irregularities:

No. of
A/cs.
1. Accounts overdue for review
a) Limit Rs.1 crore and above
b) Limit Rs.10 lakh and above but less than Rs.1 crore
c) Limit of over Rs.2 lakh but less than Rs.10 lakh
d) Limit of upto and inclusive of Rs.2 lakh
2. Accounts with short review [i.e. not reviewed
comprehensively (full-fledged review) based on audited
financial statements]
3. Legal action approved but suit not filed even after six
months
4. Statement of security not obtained regularly as per
periodicity in terms of sanction
5. Statement of security not examined/not scrutinised
6. MSOD/QIS/Cash Flow/Stock/Book Debts statement not
obtained regularly/ drawings not regulated/not
calculated properly on the basis of MSOD/QIS/Cash
Flow/Stock/Book Debts statement
7. Inspection not carried out even once in six months
8. Bank’s charge/Name Board not displayed nor waiver for
the same obtained from Competent Authority
9. Correct rate of interest not applied/not charged/revision
as advised from to time not effected
10. Lead Bank charges not recovered/recovered incorrectly
11. Processing charges/proportionate processing charges,
where applicable, not recovered
12. Documentation charges not recovered
13. Commitment charges, where applicable, not recovered
14. Inspection charges not recovered
15. Valuation of collateral security not reviewed in specific
periodicity
16. Stock Audit Report/Credit Audit Report is overdue for
closure
17. Where Mortgage is created at other than the sanctioning
branch, yearly certificate for holding the title deeds not
obtained from the said upcountry branch
18. Out of order accounts not shown under watch category
19. Non-obtention of photographs of borrowers/guarantors
20. Other irregularities (specify)
DRAFT RESOLUTION
Inspection & Audit Department submitted Memorandum No.HO:I&A:KPR:049
dated 15th January, 2007 bringing out revised Risk Based Internal Audit Policy for
approval.
The Memorandum was APPROVED

Annexure-A
Name of the ZAO:
Name of the Zone:

Audit Plan for 200 - 0
Progress made in implementation of Risk Based Internal Audit in the current audit
year upto the end of ……………….., 20
Category of No. of No. of No. of No. of Branches whose Risk Assessment is ev

Branches Branches Branches Branches
subject to due for wherein RBIA Business Risk C
RBIA for RBIA upto is completed High Medium Low High
200 -0 as the end of upto the end
per Audit …………… of I S D I S D I S D I S D
Plan ……………..
Specialised
E.Large
V.Large
Large
Medium
Small
Total
I - Increasing; S - Stable; D - Decreasing

EH - Extremely High; VH - Very High; H – High; M – Medium; L – Low
(Signature of the ZAO Chief)
Annexure-B
Names of the Branches (Zonewise) rated under ‘Very High Risk/Extremely High Risk’ during
the current audit year as at the end of
………………………., 20
Name of the ZAO:
Sr. Name of the Branch Audit Report Name of the Zone Risk Ra
No. Date
(Signature of the ZAO Chief)
Annexure-3
RISK PROFILE OF ASSET RECOVERY BRANCH
…………………………….. ZONE
Ref. No. Date:
TABLE OF CONTENTS
I Background
I. BACKGROUND
Categorise the Branches as having composite risk rating low, medium, high, very high
and extremely high
Identify the direction of risk namely increasing/ stable /decreasing

Opening
Branch Code No.
Name of the Zone
Category Large/V.Large/E.Large/Specialised
Class Urban/Metropolitan
- Clerks :
- Sub-Staff :
From :
From: To:
Last RBIA conducted From: To:
Last RBIA Rating Business Risk Control Risk Composite
Risk
BUSINESS PROFILE

as on (latest
31.03.200 31.03.200 quarter/month)
……………..
1. Profit
2. Advances
AFD
OPS
SSI
Wholesale
Trade/Business
Medium
Large Industries
Housing Loan (other
than priority sector)
Star Mortgage Loan
Total Advances
NPA Classification:
Sub-Standard
Doubtful
Loss
Total NPAs
Types of Audits conducted Period Ratings awarded

during the year:
1.
2.
3.

A. BUSINESS RISK:
Credit Risk: Level/Direction:
Assessment Positive Factors Negative Factors

area
NPA Composition
& Concentration
Adequacy of
provisions
Quality of
securities
available and their
RVS

Earnings Risk : Level/Direction:

Profit – Actual v/s
Budget
Interest Income
(Unrealised/Uncha
rged interest)
Non-Interest
Income
(Written-off
account recovery)
Control over
expenses (only
under controllable
items)
3. Operational Risk : Level/Direction:

Competency of staff,
proper training/
placement
Documentation
including time-
barred documents
Litigation/claims
against the bank
Preparedness for
tackling any
unanticipated
natural/ manmade
calamities/ events
B. CONTROL RISK: Previous Assessment Present Assessment
1. Internal Control Risk : Level/Direction:

Housekeeping
(including
reconciliation and
follow-up for entries
in Sundry Credits,
Suspense Accounts)
Reconciliation
(inter-branch)
Submission of MIS
returns/control
returns-
timeliness/quality

stationery items, if
any provided to the
branch
Control over staff
etc.
2. Compliance Risk : Level/Direction:

Regulatory:
returns in time and
accurately
Statutory:
Deduction of Income-tax,.
and timely remittance;
renewal of required
licenses; submission of
annual returns to statutory
authorities etc.
Compliance with MAP
RBIA and also compliance
with other audit reports.

Trend
of risk
Business Risk
Credit
Earnings
Operational
Control Risk
Internal Control
Compliance
Parameter Risk Level/ Action Plan suggested for the purpose of
Direction drawing necessary action points and
implementation/monitoring of the same by
1. Credit Risk:
2. Earnings Risk:
3. Operational
Risk:
4. Internal
Control Risk:
5. Compliance
Risk:

………………….. …..……………………

……………………. ZAO.
Annexure-4
Name of the Branch:……………ASSET RECOVERY BRANCH Zone:

Category : Large/V.Large/E.Large/Specialised
Class : Semi-Urban/Urban/Metropolitan
Holiday on:
Branch under Concurrent Audit : YES/NO
Previous Present
Branch In-Charge ---------------- -----------------
From ---------------- -----------------

To ----------------- -----------------

Mandays --------------- ------------------
From To From To

Date of Report ------------------ -------------------
Date of Despatch ------------------ -------------------

Parameters Audit
Business
Risk
Control Risk
Composite
Risk
A. BUSINESS RISK
1. CREDIT RISK
1. NPA Composition & Year before Last Year Current Year
Concentration Last as on As on As on latest
31.03.200 31.03.200 (quarter/month)
…………….
Total Agricultural Advances
Small Scale Industries

Other Priority Sector Advances
Of which
Retail Trade
Small Business
SRTO
Prof.& Self-Employed
Education
Housing
Total Priority Sector Advances
Wholesale Trade/Business
Medium Industries.
Large Industries
Housing Loan (other than priority
sector)
Star Mortgage Loan
Total NPAs
of which
> Rs.1 crore
crore
> Rs.2 lakh but < Rs.10 lakh
Sub-Standard Assets
Doubtful Asssts
Loss Assets
Forex Business
Suit Filed/DRT Advances
Suit Decreed Advances
Expired Decrees
Non-Fund Based Liability

a/cs. a/cs a/cs.
Gross NPA
(Opening)
Cash Recovery -
Compromise -
Write Off -
Gross NPA (Closing)
Provision/Cash
Margin
Net NPA (Closing)
Offer comments on:

Proper classification of
Assets
as per extant guidelines
Review of accounts in
applicable cases
Concentration of NPAs in
different sectors/segments
against the chances for
recovery taking into
account the present
economic scenario in those
sectors/segments
Proper provisioning
Periodical inspection of
assets (wherever available)
to ensure that there is no
deterioration of realisable
value of security; reasons
for quick deterioration, if
any of RVS

Availability of coverage
under ECGC, CGF for
Small Industries, Govt.
Guarantee etc. in NPA
accounts
Efforts for cash recovery,

compromise, out of court
settlement etc.;
maintenance of register for
compromise offers
received, action taken and
disposed cases
Follow-up in suit filed
accounts by keeping close
liaison with Court Officials,
Bank’s Advocates for
expediting disposal of the
case in bank’s favour,
obtention of consent decree
in the case of compromise
offers etc.
records/registers (age-wise
position) for suit
filed/decreed status along
with the list of securities
and security documents
available
Empanelment of Recovery
Agents and monitoring their
functioning, Recovery
Certificates filed (if
Recovery Act is applicable),
number of cases pending,
reporting of cases pending
over 3 years to ZO, efforts
for expediting execution of
decrees, time-barred
decrees

Action initiated/taken for
acquiring possession of
securities under SARFESI
Act and maintenance of
records for securities
acquired/ disposed amount
recovered etc.; ensuring
safeguarding of securities
wherever security agencies
are appointed for this
purpose (by making
surprise visits, prompt
payment of charges to
service agencies in this
connection)
2. EARNINGS RISK
Offer comments on:

Recovery of
unrealised/uncharged
interest
Recovery in written-off
accounts
Monitoring over
controllable expenses
3. OPERATIONAL RISK:
Offer comments on:

Imparting necessary
training and positioning of
staff (designating officer/s)
by proper allocation of
suit-filed/decreed accounts
for effective follow-up for
recovery and maintaining
liaison with Bank
Advocates/DRT Officials
and other court officials.
Applying/Claiming
refinance from
IDBI/SIDBI/NABARD/
EXIM Bank etc., claiming/
Adjustment of subsidy
under various schemes,
ECGC cover in eligible
accounts etc.
Reporting of default to
ECGC within the
prescribed time limit and
lodgement of claims with
ECGC within the
prescribed time limit,
lodgement of claims in
respect of Central/State
Govt. Guarantee accounts
NSC/KVP/Monies under
Life Insurance Policy,
Shares, Other Govt.
Securities
pledged/assigned as
security in advance
accounts and
matured/fallen due for
payment but proceeds not
claimed/realised/credited
to the borrowal accounts

Ensuring valid Computer
System for record/other
transactions maintenance,
security of such computer
systems including taking
periodical back-ups,
storage of back-ups etc.
Ensuring adequate
insurance to the assets
charged to the bank and
keeping record of policies
and also renewing the
policies on due dates
Dealing with Staff
Accountability aspect for
conclusive closure of SAR
premises
B. CONTROL RISK

31.03.200 31.03.200
(quarter/month)
……………
Sundry Credits
G/L a/c – Security Deposits
Offer comments on:

Taking monthly jottings of
balances and tallying with
GLB, yearly printing of
ledgers.

Periodical balancing/
reconciliation of entries in
G/L a/c Security Deposits,
Sundry Credits, Suspense
Accounts (Dr.), written-off
accounts
Follow-up for early wiping/
adjustment of outstanding
entries in Sundry Credits,
Suspense Accounts (Dr.),
Written-off accounts
receipt of reports of Inter
Branch Reconciliation
from H.O; raising query
memorandum/follow-up for
unreconciled entries with
the concerned branches;
replying to the query
memorandum received
from other branches
Maintenance of movement
register in the proper
manner for the sensitive
stationery items as and
when put in use and for
the security documents.
Maintenance and updation
of Branch Document
Register
And also safe-keeping of
security documents (only
in applicable cases) and in
the case of documents
kept at the transferor
branch, obtention of
certificate to this effect,
safe-keeping of sensitive
stationery items (Cheque
Book, Payorder Book etc.)
if any provided to the
branch
records for AMCs,
Insurance Policies for
branch building, stationery
and furniture & fixtures

Proper record
maintenance of staff
attendance, leave
calculation, payment of
salary and other
allowances prompt
payment of rent
records and numbering
pass book for Furniture &
Fixtures including the
Dead Stock and Furniture
at the residence of
Manager/Other officials,
numbering and periodical
physical verification,
disposal of unserviceable
items
Control over old
records/files
Vouchers, periodical
disposal of old records as
per the extant guidelines,
ambience of the branch
premises and also proper
maintenance of records
and control over other
stationery items
Proper record
maintenance for
newspapers / magazines
purchased, sale of old
newspapers, rent and
other charges (telephone,
electricity, taxes etc.) paid
Maintenance of secrecy
book, obtention of
signature of all the staff as
per applicable periodicity,
maintenance of customer
secrecy
2. Compliance Risk
Offer Comments on:

Compliance with IRAC
norms
Timely submission of all

returns/statements
(BPR,BR-39,40, CA-
23,CCIS,BHP, BDS, etc.)
with accuracy
Pro-rata deduction of
income-tax/professional
tax etc. from salary and
other allowances paid to
staff members
Payment of service-tax
only on leviable items
under P&L Misc.Receipt
and also netting of
service-tax
Remittance of income-tax,
service-tax deducted at
source within the
stipulated time to the
credit of Govt. account,
payment of various
applicable taxes/charges
in time such as property
tax, tax under Shops &
Establishment Act
wherever applicable,
electricity/ telephone
charges, professional tax
etc.

RBI License, License
under Shops and
Establishment Act
Compliance with Right To
Information Act
Compliance with Official

Language Act
Conclusive compliance
with the previous audit
reports, compliance with
Risk Based Audit Report,
compliance with special
instructions/guidance etc.
provided by the controlling
authorities, Govt. Bodies
etc.
MONITORABLE ACTION PLAN SUGGESTED FOR MITIGATING RISK:

( Copy of the Monitorable Action Plan should be attached to the Risk Profile)
Parameter Risk Action Plan suggested for drawing action points,

Level/ implementation of the same and for monitoring
Direction
1.CREDIT RISK
2.EARNINGS
RISK
3.OPERATIONAL
RISK
4.INTERNAL
CONTROL
RISK
5.COMPLIANCE
RISK
Annexure -5
Branch : ____________________
-------------------------------------------------

4. Rating
(Date (Date
) )
Business Risk
Control Risk
Composite Risk
Items Budget Achie- Remarks

/ vement
Target
NPA Recovery
UCI/URI Recovery
Recovery in written-
off accounts
Operating
Profit/Loss
House-Keeping
Any Other Item,

(please specify)
branch).
Strength
Weakness
Opportunity
Threat
Copy received.
Manager (Signature of the Team Leader)

Annexure-6
MARK SHEET
Branch : _______________________ Zone: _______________

Class/Category : _______________________
Audited From : _______________To: _______________
I. CREDIT RISK 80
1. Spread of advances (NPAs) against the chances for
recovery considering the security value and the
prevailing economic scenario
Well spread over in different sectors/segments 6

2. Availability of coverage under ECGC, CGF for Small
Industries, govt. Guarantee etc.
> 95% of eligible advances 6

< 90% 2
3. Periodical Status Review of accounts

< 90% 3
4. Periodical inspections of assets in applicable cases
Involving

< 90% 3
5. Availability of securities including collaterals covering
to the extent of
> 95% of the suit filed amount 10

< 90% 3
6. Correct asset classification

< 90% 3

7. Adequacy of provision for NPAs
Correctly provided 6
Excess-provided 4
Under-provided 2
8. Insurance level of securities including collaterals (in
applicable cases)
> than 95% of eligible NPA advances 6

< 90% 2
9. Cash recovery ( by way of compromise, OTS,

invocation of SARFAESI Act, RRC Act etc.)

< 60% 3
10. Age of the decrees obtained pending for execution
< 2 years 6
Between 2 and 5 years 4
> 5 years and above 2
II. EARNINGS RISK 20

1. Trend of write-off including prudential write-off
< 1% 4
Between 1% and 3% 2
> 3% 0
2. Recovery in written-off accounts
> 25% of the written-off amount outstanding 4

15% to < 25% of the written-off amount outstanding 2
< 15% or No recovery 1
Not increasing or increasing in proportion to the 4

business requirements
Moderate increasing more than in proportion to the 2

4. Recovery of UCI/URI
Recovered > 90% of the outstanding amount 4

Recovered between 50% and 90% of the 2
outstanding amount
Recovered upto 10% of the outstanding amount 1
5. Achievement of operating profit/loss budget
Achieved 4
III. OPERATIONAL RISK 40
Good 4
Satisfactory 2
Poor 0
acquiring updated knowledge in the field of recovery
and also operational matter under the computerised
environment from the risk perspective

3. Access to server room/UPS room etc.

requirement
Sometime 1
Never 0
Continuity Plan


etc.
Never occurred 4
Very frequently occurred 0
operational matters such as obtention of proper
application, preparing necessary memorandum for
compromise/write-off, invocation of ECGC claim,
Govt. Guarantee etc.
4
Minor deviations noticed but branch has not incurred
any loss in this regard 0
Gross violation
8. Any suit/s filed against the branch by customers,
counterparties or third party service providers
No suit is filed 4
Suit/s filed against the branch but settled without any
loss or very nominal loss to the branch 2
Suit/s pending against the branch or suit/s settled
with a substantial loss to the branch 0
Not applicable 4
Rarely 2
Frequently 0
same is
Prepared and all the staff members are aware of the 4

same
Available in records; but some or most of the staff 2
members are not aware of the same
premises

B. CONTROL RISK 80
1. Exceeding of delegated authority in sanctioning
regular write-off, prudential write-off, compromise
offers, appointing recovery agents etc.
Never 3
A very few occasions 1
Very often 0
Sundry Credits accounts, written-off accounts

Carried out only on few occasions and the report
received recently only is pending 2
Not carried out periodically and entries outstanding
for more than 6 months (except the allowable 1
entries)

No follow-up 0
4. Dual custody of sensitive stationery items
Always maintained 2
documents
2
Maintained not in the prescribed form or maintained
only on few occasions 0
Not maintained at all
updated information
Not maintained 0

7. Safe keeping of Security Documents of NPA
accounts, Manuals, FEDAI Rules Book, Exchange
Control Manuals, Specimen Signature Book etc.

payments etc



record therefor; disposal of unserviceable items


extinguishers


Very good 4
Satisfactory 2
Unsatisfactory 0

1. Adherence to IRAC norms
Gross violation 0
2. Submission of control returns (BPR,CA-23,ALM

statement, BHP, CCIS etc.) in time after ensuring
accuracy
All the statements are submitted in time with 4

accuracy
Only a few statements are submitted in time and or 2
some minor discrepancies noticed
Delayed submission of statements or non- 0
submission and/or more discrepancies noticed

such as notice prohibiting entry of fire arms,
important addresses and telephone numbers,
branch name board as per the specification and
other exhibits advised from time to time

4. Deduction of Income-Tax, Professional tax etc. as

stipulated ( ie; pro-rata on monthly basis from the
salary paid to the staff )
Strictly enforced 4
Some minor deviation/s noticed; but no loss/penalty 2
incurred


6. Remittance of service-tax (after netting),
Act, Property Tax and other applicable
taxes/charges within the stipulated time to the
concerned authorities
penalty levied
7. Submission of Annual Return (Form No.24)

Strictly enforced 3
Gross violation 0

periodically
License not at all obtained 0

is not adequate
Compliance is not conclusive in toto 0

Maximum
Marks Risk Rating
Sr. No Category of Risk Marks Percentage
Awarded Level/Trend
Allowed
A BUSINESS RISK 140
1. Credit Risk 80
2. Earnings Risk 20
B CONTROL RISK 80
C COMPOSITE RISK*
Risk Matrix
High A B Very C
High Risk High Risk
Extremely
High Risk
Mediu D E F Very
Low G H I
Low Medium High
Control Risks

awarded
Low Over 75
Medium 50 – 75
High Below 50

Inherent Business

Risk
Control Risk


Annexure-3
RISK PROFILE OF …………………………………DP/SERVICE BRANCH

…………………………….. ZONE
Ref. No. Date:
TABLE OF CONTENTS
I Background
I. BACKGROUND
Categorise the Branches as having composite risk rating low, medium, high, very high
and extremely high

Opening
Branch Code No.
Name of the Zone
Category Specialised
- Clerks :
- Sub-Staff :
From :
From: To:
Risk
BUSINESS PROFILE
Year before Last Year Current Year

Last as on As on as on latest
31.03.200 . 31.03.200 . (quarter/month)
……………
Head Office Account
--- Finacle Branches
--- Non-Finacle Branches
Sundry Deposits
Drafts Payable < 3 years
Payslips Issued
Sundry Credits
Net Clear
Current Account with RBI/SBI
Security Deposits
Receivable
Staff Cost
Miscellaneous Charges
Travelling Expenses
Lighting
Telephones & Telegrams
Stationery
Total Expenses
Profit & Loss Account Balance

during the year:
1.
2.
3.
4.
5.

A. BUSINESS RISK:

Gross Profit/Loss –
Actual v/s Budget
Control over
expenses


Rotation of duties,
proper training/
placement
Adherence to
manual of
instructions/

of computer systems
and other
technology
Litigation/claims
against the bank
Preparedness for
tackling any
unanticipated
natural/ manmade
calamities/ events

Housekeeping
Reconciliation
(inter-bank and inter-
branch)
Submission of MIS
returns/control
returns-
Timeliness/quality
Delegations of
Powers

stationery items
Branch security
aspects
Control over staff

etc.

Regulatory:
returns in time and
accurately; adherence to
clearing house rules
Statutory:
Deduction of Income-tax,
service-tax etc. and timely
remittance; renewal of
required licenses;
submission of annual
returns to statutory
authorities etc.
Compliance with MAP

Trend
of risk
Business Risk
Earnings
Operational
Control Risk
Internal Control
Compliance
1.EARNINGS
RISK
2.OPERATIONAL
RISK
3.INTERNAL
CONTROL
RISK
4.COMPLIANCE
RISK

………………….. …..……………………

……………………. ZAO.
Annexure-4
RISK BASED INTERNAL AUDIT REPORT (SERVICE/DP BRANCH)
Name of the Branch :………………Service/DP Branch; Zone:

Category :
Class :
Holiday on:
Whether under Concurrent Audit : YES/NO
Previous Present
Branch In-Charge ---------------- -----------------
From ---------------- -----------------

To ----------------- -----------------

Mandays ---------------- ------------------
From To From To

Date of Report ------------------ -------------------
Date of Despatch ------------------ -------------------

Parameters Audit
Business
Risk
Control Risk
Composite
Risk
A. BUSINESS RISK
1. Earnings Risk:
(Amount Rs. in Lakh)

Last as on As on as on latest
31.03.200 . 31.03.200 . (quarter/month)
……………
Staff Cost
Miscellaneous Charges
Travelling Expenses
Lighting
Telephones & Telegrams
Stationery
Total Expenses
Profit & Loss Account Balance
Offer comments on:

Monitoring of expenses
under each head vis-à-
vis the approved
budget
2. Operational Risk:
Offer comments on:

Competency of the
staff , imparting of
suitable training,
proper work allocation,
periodic rotation/shift of
duties of staff
Frequency of execution
errors in transactions
(like wrong posting of
instruments which may
be subsequently
cancelled)
Compatibility of
software for ECS, EFT,
RTGS systems; record
maintenance of user
level code allotments/
cancellations/suspensi
ons back-up for MBB
server, access to MBB
server/UPS;
documentation/
Recovery Plan; display
of LAN layout; loading
of anti-virus software at
all nodes
Restricted access to
authorised Smart Card
Holders, Network
security, Access to
Internet/Intranet etc.
Claims against the
branch with regard to
payment/ return of
instruments etc.
Strategy adopted for

lodging/receiving
clearing instruments to/
from the clearing
houses; availability of
contingency plan in the
event of failure of the
routine arrangement
premises
B. CONTROL RISK

(Amt. Rs. in Lakh)

Last as on As on As on latest
31.03.200 . 31.03.200 . (quarter/month)
……………
Head Office Account
--- Finacle Branches
--- Non-Finacle Branches
Sundry Deposits
Drafts Payable < 3 years
Payslips Issued
Sundry Credits
Net Clear
Current Account with RBI/SBI
Security Deposits
Receivable
Offer Comments on:

Submission of BDS
Floppy (in the case of
Non-Finacle
transactions)
Inter-Branch
Reconciliation Reports
(Non-Finacle
Branches)
Weekly reconciliation
of Net Clear/Clearing
Difference (Receivable/
Payable) and follow-up
for outstanding entries;
of accounts with
RBI/SBI; obtention of
periodic balance
confirmation
and follow-up for
outstanding drafts and
also for Drafts Paid
Without Advice (for
Non-Finacle Branches)
of RTGS Mirror
account and follow-up
for unreconciled entries
Handling of D/Ws –
Proper record
maintenance, follow-up
etc.
Timely despatch of
instruments/cheques
etc. received in
clearing to respective
branches for
responding and also
proper handling of
returned unpaid
instruments; timely
advising the branches
about realisation of the
instruments (sending
the inbuilt CN of SCS)
Maintenance of
records for Inward and
Outward entries of
EFT, ECS, RTGS
transactions; follow-up
for unresponded/
missing/ incorrect
entries
Proper record
maintenance of
Payslips Issued and
follow-up for
outstanding entries
Control over Jet
Clearing, National
Clearing instruments
(both Inward and
Outward) for their
expeditious clearance
Reconciliation and
follow-up for old
outstanding entries in
Sundry Credits,
Suspense Accounts
(Debit)
stationery items;
maintenance and
updation of records for
missing drafts, payslips
etc. of branches as
informed by H.O.
Exercising care for
prevention of payment
of forged/missed/fake
instruments to avoid
any fraud
Maintenance of
Furniture & Fixtures,
proper accounting,
numbering, physical
verification, insurance
etc.
Maintenance of Staff
Records for payment of
Salary, LFC, Medical
Aid etc.; maintenance
of leave records of staff
2. Compliance Risk:
Offer comments on:

Pro-rata TDS from
salary of staff and
remittance of the same
in time; submission of
annual returns to
Income-Tax authorities
in time; netting of
service tax and
payment of service tax
in time
Submission of CA-23
in time; RBI fortnightly
statement (RBI
secondary account
balances)
Timely and conclusive

compliance with the
various audit reports;
compliance with the
previous Monitorable
Action Plan suggested
SUGGESTED MONITORABLE ACTION PLAN FOR MITIGATING RISK:

1.EARNINGS
RISK
2.OPERATIONAL
RISK
3.INTERNAL
CONTROL
RISK
4.COMPLIANCE
RISK
Annexure -5
Branch : ____________________
-------------------------------------------------
4. Rating
(Date (Date
) )
Business Risk
Control Risk
Composite Risk
Items Budge Achie- Remarks

t/Targ vemen
et t
Operating Profit/Loss
House-Keeping
Any Other Item,

(please specify)
branch).
Strength
Weakness
Opportunity
Threat
Copy received.

Annexure-6
MARK SHEET
Branch : _______________________ Zone: _______________

Class/Category : _______________________
Audited From : _______________To: _______________

A. BUSINESS RISK 70
I. EARNINGS RISK 10

Achieved 5
II. OPERATIONAL RISK 60
Good 4
Satisfactory 2
Poor 0
2. Periodical rotation of staff (wherever possible)
As per the stipulated interval 4

Rotation takes place but not in the stipulated interval 2
No rotation has taken place for the last 3 years 0
acquiring updated knowledge in the day to day
functioning under the computerised environment

wrong posting of vouchers/instruments etc.
Nothing noticed 4
5. Access to MBB server/UPS/ECS/EFT/RTGS etc.

6. Off-site storage of back-up of MBB server
Always 4
Sometimes 2
Never 0
requirement
Sometime 2
Never 0
8. Awareness/monitoring the lapses in workflow/lapses
leading to operational problems (not-logging out of
the computer system when not in use or when the
operator leaves the terminal etc.)
Nothing noticed 4
Very rarely noticed 2
Lapses noticed on many occasions 0
Continuity Plan

etc.
4
Never occurred 2
Very frequently occurred

operational matters in effecting
ECS/EFT/MBB/RTGS transactions
4
Minor deviations noticed but branch has not incurred
Gross violation

12. Any suit/s filed against the branch by customers/any
other bank or third party service providers
No suit is filed 4
Suit/s filed against the branch but settled without any 2
loss or very nominal loss to the branch
Suit/s pending against the branch or suit/s settled 0
with a Substantial loss to the branch
Not applicable 4
Rarely 2
Frequently 0
same is
Prepared and all the staff members are aware of the 4
same
Available in records; but some or most of the staff 2
members are not aware of the same
premises

B. CONTROL RISK 110
1. Follow-up for outstanding Drafts, DPWA, Payslips
Constant and effective follow-up is carried out on an 4

ongoing basis
Lopsided follow-up is done. 2
Very rare follow-up/No follow-up is done 1
Sundry Credits accounts

Carried out only on few occasions and the report 2
received recently only is pending
Not carried out periodically and entries outstanding 1
for more than 6 months (except the allowable
entries)


No follow-up 0
4. Pendency of Inter-Branch reconciliation report (Non-
Finacle branches)
No report/s pending 4
Report/s pending for less than one month 2
Report/s pending for more than one month 0
5. Weekly reconciliation of Net Clear/Clearing
Difference (Receivable/Payable) and follow-up for
outstanding entries
Meticulously reconciled weekly and followed up 4

effectively
Reconciliation done late by a week and follow-up 2
done
Reconciliation delayed by more than a week and no 0
effective follow-up done
6. Weekly reconciliation of accounts with RBI/SBI etc.
and obtention of periodic balance confirmation
Reconciliation done on weekly basis and balance 4

confirmation obtained periodically
Reconciliation done once in a month and balance 2
confirmation obtained periodically
Reconciliation pending more than a month and 0
balance confirmation obtained not on regular basis
7. Weekly reconciliation of RTGS Mirror account and
follow-up for unresponded entries
Meticulously reconciled weekly and followed up 4

effectively
Reconciliation done late by a week and follow-up 2
done
Reconciliation delayed by more than a week and no 0
effective follow-up done
8. Time taken for presentation of instruments in Jet
Clearing/National Clearing (both Inward and
Outward)
Within 3 days 4
Within one week 2
Beyond one week 0

9.. Submission of BDS Floppy (in the case of Non-
Finacle tranasactions)
Submitted within 3 days from the close of the 2
fortnight
Submitted late by > 3 days but less than a week 1
Beyond one week 0
10. Dual custody of sensitive stationery items (Cheque
Book/ Payslips/DOs/COs) with proper accounting
thereof
Always maintained 2
documents
Maintained not in the prescribed form or 1
maintained only on few occasions
Not maintained at all 0
12. Maintenance and Updation of records for missing
drafts/payslips etc.
Record Maintained and updated immediately on 4

receipt of information
Record Maintained and updation delayed by more 2
than 2 days
Record not maintained/Updation pending for a long 0
time
updated information
Not maintained 0
14. Safe keeping of Manuals, Specimen Signature Book
etc.
15. Carrying out periodical Test Checks effectively and
reporting the findings to the controlling authorities
and maintenance of record thereof
Not carried out for a very long time, say > 1 year 0

payments etc

record therefor; disposal of unserviceable items;
insurance of all furniture including computer
hardware

extinguishers

Very good 4
Satisfactory 2
Unsatisfactory 0
1. Submission of control returns (BPR,CA-23 etc.) and
also RBI fortnightly statement (RBI secondary
account balances) in time after ensuring accuracy
All the statements are submitted in time with 4
accuracy
Only a few statements are submitted in time and or 2
some minor discrepancies noticed
Delayed submission of statements or non- 0
submission and/or more discrepancies noticed

such as time-schedule for various services, notice
prohibiting entry of fire arms, important addresses
and telephone numbers, branch name board as per
the specification and other exhibits advised from
time to time

3. Deduction of Income-Tax, Professional tax etc. as
stipulated ie; pro-rata on monthly basis from the
salary paid to the staff
Strictly enforced 4
incurred

5. Remittance of service-tax (after netting),

Act, Property Tax and other applicable
taxes/charges within the stipulated time to the
penalty levied
6. Submission of Annual Return (Form No.24, 26 etc.)

Strictly enforced 4
Gross violation 0


periodically 1
License not at all obtained

is not adequate
toto


Maximum
Marks Risk Rating
Sr No Category of Risk Marks Percentage
Awarded Level/Trend
Allowed
A BUSINESS RISK 70
1. Earnings Risk 10
B CONTROL RISK 110
C COMPOSITE RISK*
Risk Matrix
High A B Very C
High Risk High Risk
Extremely
High Risk
Mediu D E F Very
Low G H I
Low Medium High
Control Risks

awarded
Low Over 75
Medium 50 – 75
High Below 50

Inherent Business
Risk
Control Risk


Annexure-3
RISK PROFILE OF ………………………………………. CURRENCY CHEST

…………………………….. ZONE
Ref. No. Date:
TABLE OF CONTENTS
I Background
II Organization and Business Profile of Currency Chest
I. BACKGROUND
…………………….. Currency Chest is prepared in line with the Corporate Risk Profile
keeping in mind the various risk factors under Business and Control areas that are
observed at the Currency Chest level. The underlying objective is to :
Categorise the Currency Chests as having composite risk rating low, medium, high,
very high and extremely high
II. ORGANIZATION & BUSINESS PROFILE OF CURRENCY CHEST:
Name of the Currency Chest/Date

of Opening
Currency Chest Code No.
Type of Currency Chest/Holding Type of Currency Chest : A/B/C
Capacity (in pieces) Holding Capacity (specified if any,
by RBI) :
Name of the Zone
Location Urban/Metropolitan
Staffing Pattern Total Staff – Officers :
- Clerks :
- Sub-Staff :
Chest In-charge (Present) Shri / Smt.
From :
From: To:
Risk
BUSINESS PROFILE
Currency Holding: Amount in Rs.
Denomi- As on date of As on date of As on date of

nation Prior to Last Audit Last Audit Present Audit
(……………) (……………..) (……………..)
Pieces Pieces Pieces
1000
500
100
50
20
10
5
2
1
Total (A)
5
(Coin)
2
(Coin)
1
(Coin)
Total (B)
Grand
Total
(A+B)
Of which
Non-
Issueabl
es
No. of Remittances For the period For the period For the period
covered under prior covered under Last covered under
to Last Audit Audit Present Audit
Inward
Outward
Nature of Inspections Date of Major Findings
conducted after the date of Inspection
Last Audit
A. BUSINESS RISK:

Competency of
staff/, proper training
in currency chest
operations
Adherence to
manual of
instructions/
with regard to
deposits/withdrawals
of cash to/from the
chest, remittance
to/from RBI/other
currency chest
Renewal of Lease
Deed of Currency
Chest premises;
preparedness for
tackling any
unanticipated
natural/ manmade
calamities/ events
Shortages in
currency chest
balances due to
pilferage/frauds or
otherwise and
inclusion of amounts
of safe custody
deposits in chest
balances on behalf
of Courts, Govt.
Depts. Etc; making
good the shortages;
B. CONTROL RISK:
Positive Factors Negative Factors

Assessment area
Housekeeping –
Records
maintenance and
submission of
statements/returns
Periodical surprise
verification of
currency chest
balances, periodical
disaffection of strong
room
Control over safe

custody of keys,
annual exchange of
keys, RBI Code
Book, dual control of
currency chest
Control over security

aspects Currency
Chest
Claim of admissible
expenses; recovery
of applicable service
charges from non-
chest branches of
other bank/s

Display of duplicate copy of
fitness certificate, annual
renewal of fitness
certificate, timely execution
of diversion orders of RBI,
non-stapling of currency
notes; acceptance of
minimum
deposit/withdrawal as
stipulated by RBI, providing
exchange facility
Timely compliance with the
inspection/audit reports and
compliance with
audit report

Trend
of risk
Business Risk
Operational
Control Risk
Internal Control
Compliance

1.OPERATIONAL
RISK
2.INTERNAL
CONTROL
RISK
3.COMPLIANCE
RISK

………………….. …..……………………
……………………. ZAO.
Annexure-4
RISK BASED INTERNAL AUDIT REPORT - CURRENCY CHEST
Name of the Currency Chest :………………Currency Chest Zone:

Opened on: Chest Code No:
Class of Currency Chest : A/B/C
Holiday on:
Previous Present
Currency Chest In-Charge ---------------- -----------------
From ---------------- -----------------

To ----------------- -----------------

Mandays ---------------- ------------------
From To From To

Date of Report ------------------ -------------------
Date of Despatch ------------------ -------------------

Parameters Audit
Business
Risk
Control Risk
Composite
Risk
A. BUSINESS RISK
Offer comments on:

Competency of the
staff , imparting of
suitable training on
currency chest
operations, shift of
duties of staff, if any
Passing of vouchers
correctly at the time
deposit/withdrawal
to/from currency chest
by the branches (Chest
Slip TE-2 & Note
Delivery Book to be
scrutinised for any
correction made and
correction, if any, in
Chest Slip is duly
authenticated by both
the officers-in-charge
of the Currency Chest
under their full
signatures and also
whether Chest Slips
are serially numbered
etc.); number of times
such corrections
noticed during the
period covered under
audit
Frequency of delay in
advising Link Branch
(for the branches not
maintaining a/c with
RBI) about the
position of total
deposits, total
withdrawals and net
position on daily basis
and to RBI by Link
Branch
Frequency of wrong
reporting to RBI, cases
of counterfeit bank
notes found in the
remittances from
currency chests

Sorting of notes, cases
of return of remittances
by RBI for the reasons
that reissuable bank
notes are found to be
in excess of 10% in
any soiled note
remittance, adherence
to the extant guidelines
in the case of
remittances of soiled
notes
lease deed of currency
chest premises
Timely submission of
indents to RBI Issue
Office through Link
Offices for fresh notes
and coins
Strict adherence to RBI
guidelines in the case
of receipt of
remittances of fresh
notes/coins and also in
the case of late receipt
of remittance
Strict adherence to the
prescribed guidelines
in the case of
remittances effected
through Railway;
exercising proper care
while hiring vans on
contract basis for
remittance purposes
(keeping the key of the
van under dual control
after utilising the van;
maintenance of log
book; changing the
route of travel
frequently; allowing
only the driver duly
authorised by the hiree
company and having a
copy of his driving
licence etc.)

Adherence to the
guidelines stipulated in
the case of diversion of
surplus amount to
deficit chests as per
the order of RBI
Acceptance of ‘fully
paid notes’ in multiples
of Rs.500/- with a
minimum of Rs.1000/-;
submission of
consolidated
reimbursement
certificate (DN-5) to
RBI in the case of
reimbursement
certificates received
from branches in Form
DN-4 with regard to
total value of fully paid
notes and rejected
notes of the mutilated/
soiled notes tendered
by the public for
refund; segregation of
fully paid notes and
storing in a separate
receptacle bearing a
warning “CARE: Paid
defective notes not to
be sent to RBI as
Chest remittance
Awareness of the
contingency plan as
suggested by RBI (vie
DO Letter No.622/Dir
(B)-79 dated
14.11.1979 of Ministry
of Finance, GOI) in
times of war and also
in the case of earth
quake, any civil
commotion, floods etc.

Shortage detected, if
any, during the
verification of RBI
inspectors / our internal
inspectors/ auditors /
bank’s/Govt’s own
officers deputed for the
purpose and making
good the same;
inclusion of amounts of
safe custody deposits
in chest balances on
behalf of Courts, Govt.
Depts. Etc.
B. CONTROL RISK
Offer Comments on:

Proper record
maintenance for
Currency Chest
Register (TE-1), Note
Delivery Book, Chest
Slip(TE-2), Value Book
(TR-9), Statement of
Currency Transfer,
Copies of Covering
Letter advising the total
deposits, withdrawals,
net position etc. for the
day, Copies of
preliminary receipt for
remittance received,
Copies of remittance
invoice (TR-64) to be
prepared by the
currency chest at
Metro Centre/Mofussil
Centre, Copies of final
receipt to be issued by
the receiving office,
Copies of Potdar’s
certificate, register of
Outward Remittance
effected deputing
potdar

Maintenance of
register by Link Branch
for each currency chest
containing particulars
such as currency chest
slip No. and date, total
deposits, total
withdrawals, net
deposit/withdrawal,
date of which vouchers
are passed/RBI is
advised and remarks, if
any; maintenance of
pass book showing
bundles of cash
denomination and total
value of currency; bin-
wise chart showing the
updated number of
bundles and
denomination, pass
book in each bin for the
details of deposit/
withdrawal of currency
Adequacy of
arrangements for
storage and security of
currency notes, dual
control of currency
chests, safe custody of
keys and exchange of
keys with original once
a year, RBI Code
Book; Currency Chest
Manual
Provision of Ultra Violet
Lamp, weighing
machines, dual display
note counting
machines, sorting
machines for proper
sorting/ identification of
suspect notes,
Emergency Lamps, fire
extinguishers, Alarm
System, hotline facility
to nearest police
station etc. and also to
ensure that all are in
working condition

Periodical surprise
verification of currency
chest balances by an
officer unconnected
with the currency chest
work and submission
of report to ZO/HO,
carrying out joint
inspection with an audit
officer annually
Periodical disinfection
of strong rooms
Claiming of admissible
expenses (railway
fares of police escorts,
railway freight where
railway warrants or
Credit Notes are used)
from the concerned
RBI Issue Office;
claiming of service
charge at the rate
prescribed by RBI for
the cash received from
non-chest branches of
other bank/s
2. Compliance Risk:
Offer comments on:

Display of duplicate
copy of fitness
certificate duly verified
by RBI in a
conspicuous place
within the strong room;
annual renewal of
fitness certificate by
the Bank’s Architect or
Engineer

Execution of diversion
orders of RBI within the
stipulated time
Non-stapling of
currency notes, not-
using of gum tapes or
rubber bands;
Strict adherence of RBI
norms for acceptance
of minimum deposit/
withdrawal amount (at
present minimum of
Rs.1.00 lakh and
thereafter, in multiples
of Rs.50,000/-)
Obtention of prior
permission of the
concerned Issue Office
in case of effecting
remittance by road
Providing exchange
facility to Branches as
per RBI Note Refund
Rules
Timely and conclusive

compliance with the
inspection/audit
reports; compliance
with the previous
Monitorable Action
Plan suggested
Annexure -5
Currency Chest : ____________________

-------------------------------------------------
Audit Team Currency Chest Officials
4. Rating
(Date (Date
) )
Business Risk
Control Risk
Composite Risk
5. Risk areas identified (a copy of the Monitorable Action Plan to be submitted to

the Currency Chest).
6. SWOT analysis on functioning of the Currency Chest :
Strength
Weakness
Opportunity
Threat
7. Currency Chest views, if any.
Copy received.
Officer-in-Charge (Signature of the Team Leader)

……………….. Currency Chest
Annexure-6
MARK SHEET
Currency Chest : ______________________ Zone: _______________

Class/Category : _______________________
Audited From : _______________To: _______________

A. BUSINESS RISK 50
I. OPERATIONAL RISK 50
1. Competency of staff and imparting suitable training
on Currency Chest operations
Good 4
Satisfactory 2
Poor 0
2. Frequency of corrections in Chest Slips
Nothing noticed 4
3. Frequency of delay observed in reporting of
transaction figures relating to a particular chest in the
Link Office Statement/ delay in submission of the
Chest Slip to Link Branch/RBI
Reported on the same day of transactions 4
Reported on the next working day 2
Reported beyond three clear working days 0
4. Submission of corrected statement on wrong
Reporting of figures already made to Link
Branch/RBI
No correction has taken place 6
Corrected statement submitted on the next 3
working day
Corrected statement submitted beyond three clear 0
working days
5. Making good the shortage detected in the chest
balances during the verification of RBI inspectors/
our internal inspectors/ auditors/ bank’s/Govt’s own
officers deputed for the purpose
No shortage detected 6
Shortage made good on the same day 3
Shortage made good beyond one clear working day 0
6. Keeping amounts in safe custody in sealed covers,
trunks, etc. on behalf of Courts, Govt. Depts. etc.
and included in the chest balance
Nothing noticed 6
Amounts removed on the next day 3
Amounts pending for more than two days 0
(including the day of transaction)
7. Frequency of counterfeit bank notes found in the
remittances from currency chests
Not a single occasion arose 4

Only once found 2
More than one occasion 0
instructions/guidelines/circulars of Bank/RBI etc. with
regard to remittance of soiled notes to RBI with
respect to sorting, mode of transport (rail/road) etc.

Minor deviations noticed but Chest has not incurred
Gross violation 1
9. Execution of diversion orders of RBI (remittance of
surplus of fresh/reissuable notes to other chests)
Strictly as per the orders 4
Minor deviations noticed but Chest has not incurred 2
any loss in this regard
Gross violation 0
premises

Expired recently and matter taken up for renewal 2
Not at all executed/renewal pending for a long time 0
11. Awareness of contingency plan in the case of any
war/other disasters in the lines of RBI’s directives

B. CONTROL RISK 50
1. Maintenance of proper records for Currency Chest
Register, Note Delivery Book, Chest Slip, Value
Book, Copies of remittance invoice etc.
Strictly maintained and updated immediately always 5
Maintained but updation not done immediately 3
A few items either not maintained or updated after
considerable time 1
2. Dual control of currency chest, custody of safe keys,
exchange of keys with original once a year, RBI
Code Book, Currency Chest Manual
Always maintained by authorised officials 5

Majority of the times, under single authorised official 3
Access to other officials also 0
3. Availability of Ultra Violet Lamp, weighing machines,
dual display note counting machines, sorting
machines, emergency lamps, fire extinguishers,
Alarm System, hotline facility to the nearest police
station
All are available and are in working condition 5
Either one or two not provided or are not in working 3
condition
Many items either not provided or not in working 1
condition
4. Periodical surprise verification of currency chest
balance by an officer unconnected with the currency
chest work, joint inspection with an audit officer
annually and reporting the findings to the controlling
authorities/RBI and maintenance of record thereof

Not carried out for a very long time 0
5. Prompt claiming of admissible expenses (railway
fares of police escorts, railway freight where railway
warrants or Credit Notes are used) from RBI &
claiming of applicable service charges from non-
chest branches of other bank/s 5
No leakage detected
Non-recovery/claim observed once or delayed 2
claim/recovery
Non-recovery/claim observed more than once 0
1. Display of the duplicate copy of fitness certificate
duly verified by RBI & annual renewal of fitness
certificate by Bank’s Architect/Engineer
Displayed and annual renewal done in time 5

Displayed but annual renewal done belatedly 3
Neither displayed nor renewal is overdue 1
2. Execution of diversion of orders of RBI in time and
adherence to RBI norms for acceptance of
deposit/withdrawal of minimum amount and
thereafter
Strictly enforced 5
incurred
3. Non-stapling of currency notes and not using of gum

tapes or rubber bands
Nothing observed 5
Either a few currency packets are stapled or gum

tapes/rubber bands are used (but removed 3
immediate upon pointing out by the auditors)
Sizeable number of currency packets observed

with stapled condition and/or gum tapes/rubber 1
bands are used (not removed till the completion of
audit)
4. Providing exchange facility to Branches as per RBI
Note Refund Rules
Facility provided and record maintained 5

Facility provided but record not maintained 3
No facility is provided 1
5. Timely and conclusive compliance of

inspection/audit reports/Monitorable Action Plan

is not adequate
toto
Maximum
Marks Risk Rating
Sr No Category of Risk Marks Percentage
Awarded Level/Trend
Allowed
A BUSINESS RISK 50
B CONTROL RISK 50
C COMPOSITE RISK*
Risk Matrix
High A B Very C
High Risk High Risk
Extremely
High Risk
Mediu D E F Very
Low G H I
Low Medium High
Control Risks

awarded
Low Over 75
Medium 50 – 75
High Below 50

Inherent Business

Risk
Control Risk


Annexure-3
RISK PROFILE OF ……………………………D.P.O

…………………………….. ZONE
Ref. No. Date:
TABLE OF CONTENTS
I Background
II Organization and Business Profile of DPO
I. BACKGROUND
…………………….. D.P.O is prepared in line with the Corporate Risk Profile keeping in
D.P.O. level. The underlying objective is to :
Categorise the D.P.Os as having composite risk rating low, medium, high, very high and
extremely high
II. ORGANIZATION & BUSINESS PROFILE OF DPO:
Name of the DPO/Date of

Opening
DPO ID No.
Name of the Zone
Category CDSL / NSDL
- Clerks :
- Sub-Staff :
DPO In-charge (Present) Shri / Smt.
From :
From: To:
Risk
BUSINESS PROFILE
Previous to Last Year Current Year

Last Year (as on
………..)
No. of Back Office connected

Branches (details to be given in
separate Annexure)
Total No. of branches using
CDAS for DP operations
Total No. of Demat Accounts
of which
Total No. of active accounts
No. of new accounts opened vis-
à-vis the target allotted
No. of accounts closed

Initiated by BOs
Initiated by DPO
Total No. of account modifications
Total No. of Dematerialization
Rematerialization instructions
Total No. of pledge instructions
executed (creation)
Total No. of unpledge instructions
executed
Total No. of instructions
accepted/executed for
Freezing accounts
Unfreezing accounts
Total No. of confiscation
instructions executed
Total No. of transmissions
executed
Off market, on market & inter-
depository transfers/instructions

during the year:
1.
2.
3.
4.
5.

I Assessment of the Risk Profile
A. BUSINESS RISK:

Gross Profit/Loss –
Actual v/s Budget
Control over
expenses
Recovery of
charges from the
clients as reported
by the branches


Rotation of duties,
proper training/
placement
Adherence to
manual of
instructions/
circulars/SEBI
Guidelines

of computer systems
and other
technology
Litigation/claims
against the bank
Preparedness for
tackling any
unanticipated
natural/ manmade
calamities/ events

Housekeeping,
record/ register
maintenance
Reconciliation
(demat / remat
requests received)
Submission of
returns/ control
returns-
Timeliness/quality
Delegations of
Powers

stationery items (DIS,
agreements, account
opening forms etc.)
DPO security aspects


Regulatory:
returns/other statements in
time and accurately;
adherence to
SEBI/Depository rules
Statutory:
Timely remittance of
Service Tax; renewal of
SEBI license; submission of
annual returns to statutory
authorities etc.
Compliance with MAP

Trend
of risk
Business Risk
Earnings
Operational
Control Risk
Internal Control
Compliance
D.P.O./Zonal Office respectively
1.EARNINGS
RISK
2.OPERATIONAL
RISK
3.INTERNAL
CONTROL
RISK
4.COMPLIANCE
RISK

………………….. …..……………………

……………………. ZAO.
Annexure-4
…………………………. DPO
………………………….. ZONE
Name of the DPO: …………………………… Zone:

Opened on: DP - ID No:
Category : NSDL / CDSL
Class : Urban/Metropolitan
Holiday on:
DPO under Concurrent Audit : YES/NO
Last Inspection conducted by Depository on:
Previous Present
Office In-Charge ---------------- -----------------
From ---------------- -----------------

To ----------------- -----------------
Mandays ---------------- ------------------
From To From To

Date of Report ------------------ -------------------
Date of Despatch ------------------ -------------------

Parameters Audit
Business
Risk
Control Risk
Composite
Risk
BUSINESS PROFILE:
Previous to Last Year Current Year

Last Year (as on
………..)
No. of Back Office connected

Branches (details to be given in
separate Annexure)
Total No. of branches using
CDAS for DP operations
Total No. of Demat Accounts
Of which
Total No. of active accounts
No. of new accounts opened vis-
à-vis the target allotted
No. of accounts closed

i) Initiated by BOs
ii) Initiated by DPO
Total No. of account modifications
Total No. of Dematerialization
Rematerialization instructions
Total No. of pledge instructions
executed (creation)
Total No. of unpledge instructions
executed
Total No. of instructions
accepted/executed for
i) Freezing accounts
ii) Unfreezing accounts
Total No. of confiscation
instructions executed
Total No. of transmissions
executed
Off market, on market & inter-
depository transfers/instructions
A.BUSINESS RISK
1. Earnings Risk:
(Rs. in lakh)
Last as on as on
31.03.200 31.03.200
(quarter/month)
……………
A – Income
Account Opening Charges
Account Maintenance Charges
Dematerialisation Charges
Pledge Charges
Unpledge Charges
On/Off Market Transaction
charges
B – Expenses
Staff Cost
Other Expenses
of which
Depository fees to DPs
Controllable Expenses
Total Expenses
C – Profit Budget Actual Budget Actual Budget
Actual
Charges not recovered by the
branches (NPA accounts as
reported by the branches)
Net Profit/Loss
Offer comments on: (Please list out the lapses noticed item-wise and account-wise)
Items/Areas Positive Factors Negative Factors

Charges levied for various
transactions as per extant
guidelines
Adherence to billing cycle
Recovery of charges within

the stipulated time
Non-charging of fees in the

cases of Participant stops
sending transaction
statements to clients under
circumstances mentioned
in NSDL Circular
2004/1515 dt 24.08.04 &
2005/1692 dt. 09.09.05
Waiver of fees in the case
of transmission
Payment of bills raised by
Depository within the
stipulated time including
grace period

Having at least one staff
member of back office
connected branches on the
payroll of DPO
Knowledge on overview of
capital market, pay-in/pay-
out mechanism of stock
exchanges, depository
rules, bye-laws, operating
instructions etc. and
imparting necessary
training for updating
knowledge of the staff
handling portfolio
Availability of qualified staff
NCFM certification in the
case of NSDL and BCCD
certification in the case of
CDSL and also staff trained
and qualified by them to
handle DP work at DPO
Obtention/verification of
proof of identity and
residence in the case of
account opening
Obtention of necessary
documents/information
from clients as prescribed
by CDSL/NSDL at the time
of account opening (demat
accounts should not be
opened in the name of
partnership firm except for
commodities)
Opening of large number of
accounts with the same or
similar names and / or
same address and / or with
the same bank account
details; verification of the
genuineness of the
particulars
Adherence to the
procedures prescribed for
opening and operating
accounts of
illiterate/disabled persons
Opening of accounts of
HUF without nominee/joint
holders
and also under the stamp
of HUF
Scanning of Beneficiary
Owners’ (BO) signatures
Execution/Updation of
nomination as per the
procedure prescribed in the
DP Operating Instructions
Modification of account
details (only after receipt of
letter/form duly signed by
the BOs and also after
collecting new proof of
address in the case of
change of address)
Acceptance/processing of
demat requests as per
procedures along with
inward date and stamp of
the DP within the stipulated
time
Processing of
Transmission-cum-demat
requests as per the
prescribed procedure
tems/Areas Positive Factors Negative Factors
Acceptance of Delivery
Instructions and also dating
and stamping of the same
including DIS received
beyond the deadline at
client’s risk
Execution of Delivery
Instructions as per the
extant guidelines (obtention
of DIS in the prescribed
format, due verification of
signature, verification of
DIS by two officials in case
of DIS with value of
securities over the limit
specified by
SEBI/Depository, ensuring
receipt of original
instructions within two days
in case fax instructions are
accepted, filling up of
column for cash transfer,
striking off blank columns,
execution on the same
day/before the settlement
deadline as the case may
be, etc.)
Closure of demat account
[receipt/scrutiny of Account
Closing Form (ACF),
sending confirmation for
closing of account to BO,
following the prescribed
procedure in the case of
BO wanting to close
account with pending
demat postion, following
the procedure for
transferring account from
one DP to another etc.]
Carrying out
remat/repurchase /stock
lending transactions in
accordance with the
stipulated procedures
(obtention of RRF,
verification of the signature,
proper filling up of the form,
availability of the balance of
the security, forwarding
RRF to the Issuer/R&T
Agent etc.)
Freezing/Unfreezing of
transactions in accordance
with the stipulated
procedures
Dealing with pledging, un-
pledging and invocation of
pledge as per the stipulated
procedure (pledgor and
pledgee having account in
CDS to create a pledge,
security in demat form,
securities to be fully paid-
up, unencumbered and in
marketable lots, account of
pledgor and pledgee not
tagged for closure, non-
allowing part unpledging/
invocation under one PSN,
obtention of Pledge
Request Form (PRF)
countersigned by pledgee,
non-cancellation of pledge
by CDS without prior
concurrence of the
pledgee, obtention of URF
counter signed by the
pledgee for unpledging,
obtention of proper
Invocation Request Form
from the pledgee etc.)
Dealing with the
transmission transaction in
accordance with the
stipulated procedure
(proper filling up the
Transmission Request
Form by the Transmittee,
ensuring that Transmittee is
having an account with
CDS, obtention of death
certificate of the deceased
BO, succession
certificate/letter of
administration/probate of
the will of the deceased,
letter of surety, letter of
indemnity etc.)
Regular upgradation of
back office operations
including website, daily
back up of data residing in
back office (or any data
maintained in electronic
from) with respect to DP
operations, off-site safe
keeping of back ups, using
the back office software for
the purpose of depository
related activities (data entry
with respect to account
opening, demat,
remat/repurchase,
settlement, pledge, stock
lending and borrowing,
statement of transactions
etc.), ensuring the formats
used by the DP are in
conformity with the
prescribed format of the
Depositories etc.
Number of persons
authorized to access CDAS
system and their training
experience, maintaining of
secrecy of passwords at all
levels, deletion of old
reports from the system
Installation/upgradation of
Anti-virus software,
adequate protection of
CDAS in a secure area with
adequate power supply
(UPS or voltage stabilizer),
maintenance of DP terminal
(like database purging,
application of new releases
etc.) as per the extant
operating instructions and
Communiques of the
Depositories, connection of
CDAS to any other network
without approval of DOT
and/or the Depository
Execution/stamping of
agreement/ supplementary
agreement, letter of
confirmation etc. in
accordance with the
Depository’s prescribed
procedure, proper
execution/ notarizing Power
of Attorney (POA)
documents,
Maintaining adequate
documents for closure/
freezing/unfreezing of client
account (this includes the
procedure followed by the
Participant in respect of
accounts which did not
have balance at the time of
closing the account),
Availability of contingency
plan and successful test
checks of contingency plan
in the event of failure of
users hardware system/loss
of connectivity with the
Depository
Dealing with claims /
litigation against the Bank
B. CONTROL RISK

Adequate infrastructure,
including staff,
commensurate with the
level of activity, control over
accountability, proper role
definitions and segregation
of duties
Control over reporting of
exceptional events like
problem in hardware or any
component of hardware /
software, back up, UPS,
telephone line, reduction in
space to business ratio,
staff to business ratio,
decreasing speed of
machine etc.
Reporting of exceptional
transactions related issues
like failure in delivery
instruction, failure of
transactions leading to
action of clients, delay in
confirmation to clients, loss
certificates sent for demat,
complaints from clients that
they have not received
credit for the securities etc.
Attempted frauds,
misappropriation of
securities etc. by clients or
by any employee of the
participant / franchisee,
mutilating / defacing of
certificates received for
dematerialization in the
prescribed manner
Control over safe keeping/
issuing/record maintenance
of physical securities till
dispatch to the Issuer / RTA
and also the returned
certificates to the
concerned BOs, Delivery
Instruction Slip Booklets,
Loose Delivery Instruction
Slips, account opening
form, Clients’ signatures in
physical form, copies of
PRF, URF, IRF,RRF etc.
Record maintenance for
account opening forms,
agreements and supporting
documents of all Bos,
documents/certificates
received/sent for
dematerialisation,
instruction slips signed by;
clients for account transfer,
delivery out, pledge,
securities lending and
borrowing, inter-settlement
transfer, inter depository
transfer instructions,
account closure etc.
Maintenance of Register for
Investor Grievance,
Backup, Power of Attorney,
Nomination etc. and also
maintenance of
Circulars/Instructions/
Guidelines etc. received
from the concerned
Depository/SEBI/Others
Redressal of investor
queries/complaints
Daily reconciliation of
requests received for
account
opening/demat/remat,
instructions executed,
pending at the end of day,
balance held in different
accounts in the DPM with
balances held in the DM
and providing the details of
changes made in the
accounts of the clients from
the last EOD processing to
the Depository
Control over physical
security of office (restricting
unsolicited persons) and
other records (keeping all
the records under lock and
key control)
2. Compliance Risk:

Strict adherence to KYC
norms at the time of
opening accounts by way of
establishing the identity of
the person by verifying with
the original of any of the
identity document such as
passport, voter’s ID card,
PAN Card etc; obtention of
PAN details for existing
accounts opened before
01.04.2006 (it is mandatory
to obtain PAN details for
new a/cs opened);
confirmation of details of
PAN from Income-Tax
Dept. website
Sending the transaction
statements at intervals and
also in the required format
as prescribed by the
Depository to the BOs of all
branch DPs
Sending of demat requests

received from Bos to the
Issuer / RTA within seven
days from the date of
receipt
In case of account closure
initiated by BO, compliance
with the procedure for
closure / transfer of
balances / rematerialisation
within 2 days of receipt of
account closure request
Giving 30 days notice to BO

before closing accounts in
the case of account closure
initiated by DP
Recording and redressing
all the grievances of BOs
arising at the main DP or at
the branch /back office
/collection center within the
stipulated 30 days
Furnishing copy of the
agreement, schedule of
charges and client master
report to each client
Sending of monthly investor

grievances report to NSDL
before 10th next month
Submission of periodical
information/reports such as
Annual Report, Networth
Certificate and
Computation Sheet,
Internal Audit Report along
with compliance, SEBI
annual fees and dues to the
Depository, replies to
specific information/
compliance required by the
Depository etc. to the
Depository
Timely submission of
compliance with the
previous internal
audit/concurrent audit/other
audit reports
Intimating the change in
office address and / or
investor relation officers /
compliance officers of DPO
to NSDL/CDSL
Display of SEBI Licence
and periodical renewal
thereof
Timely remittance of
service tax and also Annual
Tax returns to the
SUGGESTED MONITORABLE ACTION PLAN FOR MITIGATING RISK:
D.P.O./Zonal Office respectively
1.EARNINGS
RISK
2.OPERATIONAL
RISK
3.INTERNAL
CONTROL
RISK
4.COMPLIANCE
RISK
Annexure -5
DPO : ____________________
-------------------------------------------------
4. Rating
(Date (Date
) )
Business Risk
Control Risk
Composite Risk
Items Budget/ Achie- Remarks

Target vement
Demat a/c opening

and other business
budget
House-Keeping
Any Other Item,

(please specify)
DPO).
6. SWOT analysis on functioning of the DPO :
Strength
Weakness
Opportunity
Threat
7. DPO’s views, if any.
Copy received.

……………….. DPO
Annexure-6
MARK SHEET
DPO : ______________________ Zone: _______________

Category : CDSL / NSDL
Audited From : _______________To: _______________

I. EARNINGS RISK 30

Achieved 5
3. Levying of charges for various transactions as per
extant guidelines (i.e; detection of revenue leakage)
Levied in all transactions, no revenue leakage 6
detected
Revenue leakage detected to the extent of 4
Rs.10,000/-
Revenue leakage detected more than Rs.10,000/- 2
4. Payment of Bills raised by Depository within the

stipulated time always
Violation observed only once during the period 6
covered
Under audit 2
Violation observed more than once 0
5. Recovery of charges from the customers (as
Reported by the branches where the customers are
maintaining charge Account)
Fully recovered 8
Pending recovery to the extent of 5% of bills raised 4
Pending recovery to the extent of more than 5% 2
II. OPERATIONAL RISK 70
1. Availability of qualified staff and positioning of staff in
key areas (allocation of duties) as per their
competency
Good 6
Satisfactory 4
Poor 2
2. Obtention of all the relevant documents at the time of
opening demat accounts
Obtained all the times 6
Not obtained in one or two cases but no damage 4
done
Not obtained in many cases 2
3. Opening of large number of accounts (say 20 or
more) with the same or similar names / other
particulars
Not observed 6
One or two occasions observed but no damage done 4
More than two occasions 0
wrong punching of shares as to number, name of the
company etc.
Nothing noticed 6
Noticed on one or two occasions but no damage 4
5. Processing of demat requests
No aberration observed 6
One or two aberrations noticed but no damage 4
More than two aberrations 2
6. Execution of Delivery Instructions
Aberrations observed one or two times but no loss 4
Violation more than two times 2
7. Remat/Freezing/Unfreezing operations
Strict adherence as per the guidelines 6
Violation observed one or two times but no loss 4
incurred
Violation observed on more than two occasions 2
8. Pledging/unpledging/stock lending/borrowing
operations
Strict adherence as per the extant guidelines 6
Breaches observed one or two occasions but no 4
damage
Violation noticed on more than two occasions 2
9. Access to different Servers/UPS/Hardwares/
Softwares/V-sat etc.
Allowed only to the authorised personnel always 6
Rarely other staff members also allowed 4
No restriction 0
10. Taking daily back-up, off-site storage of back-up,
regular upgradation of back office operations,
upgradation of Anti-virus software, maintenance of
secrecy of passwords at all levels
Not a single aberration observed 6
Violation observed one or two occasions but no 4
damage
Gross violation observed 2
11. Documentation including execution of stamped
agreement / supplementary agreement, notarizing
Power of Attorney documents, processing of
transmission requests etc.
Perfect execution; no irregularity observed 6
Very few minor irregularities noticed but no loss 4
observed
Many irregularities observed 2
12. Successful Test Check of Contingency Plan like
switching to dial-up mode in case of V-sat failure etc.
Successful at all times 4
Failure observed once; but minimum fine paid 2
Failure observed more than once 0
B. CONTROL RISK 100
1. Adequacy of staff strength, role definitions,
segregation of duties and periodical training
Good 8
Satisfactory 4
Poor 2
2. Control over safe custody/movement of physical
securities and other records
Good control observed always 8
Laxity observed on a very few occasions 4
No control 2
3. Incidence of frauds (either manual or system
related), prevention of frauds
Nothing noticed during the period covered under 10
audit
Fraud attempted; but averted and no damage done 5
Fraud noticed 0
4. Record maintenance for account opening forms,
agreements executed, certificates received/sent for
demat, DIS register etc
All the records maintained upto date 8
Either one or two records not maintained or all the
records are not updated; but no damage done 4
Records not maintained for many items and records 2
not updated
5. Control over security of office premises/records
(screening of persons entering into / getting out of
office, safe custody of other office records, proper
placing/refilling of fire extinguishers, control over
AMC etc.)
Strict control exercised at all times 8

Laxity observed on a few occasions; but no damage 4
done
Loose control always 2
6. Maintenance of complaint register, redressal of
customer complaints/queries
No complaint received 8
Very few complaints received; but redressed within
the stipulated time 4
Many complaints received/pending 2
1. Submission of periodical reports such as Annual
Report, Audit Report, Grievances Report etc. to the
Depository/SEBI
All the statements/reports are submitted in time with
accuracy 10
Only a few statements are submitted in time and or
some minor discrepancies noticed 4
Delayed submission of statements or non-
submission and/or more discrepancies noticed 2
2. Timely remittance of Service Tax and periodical

submission of required return to the concerned
authorities, display of SEBI Licence and periodical
renewal thereof
Strictly enforced 10
Some minor deviation/s noticed; but no loss/penalty
incurred 4
3. Compliance of various audit/inspection reports

including compliance with MAP
Complied with conclusively and effectively in time

without any exception 10
Complied with a few exceptions for which follow-up
is not adequate 4
toto
4. Adherence to KYC norms

Adhered strictly at all times 10
A very few aberrations noticed; but no damage done 4
Many lapses observed 2
5. Adherence to the time limit for execution of DIS,
demating, account closing etc.

Lapses noticed on one or two occasions but no 4
damage done
Gross violation observed 2
Sr Maximum Marks Risk Rating

Category of Risk Percentage
No Marks Allowed Awarded Level/Trend
A BUSINESS RISK
100
1. Earnings Risk 30
B CONTROL RISK 100
C COMPOSITE RISK*
* The composite risk will be arrived at with the help of the following risk
matrix
Risk Matrix
High A B CVery
High Risk High Risk
Extremely
High Risk
Mediu D E F Very
Low G H I
Low Medium High
Control Risks

awarded
Low Over 75
Medium 50 – 75
High Below 50

Inherent Business

Risk
Control Risk



Risk Based Internal Audit Policy

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Risk Based Internal Audit Policy

Uploaded by

Copyright:

Available Formats

MEMORANDUM FOR AUDIT COMMITTEE OF THE BOARD OF DIRCTORS

Ref. No. HO:I&A:KPR:049

The Chairman & Managing Director

The Executive Director

Risk Based Supervision in Banks

2. As per the RBI guidelines/directives, we are required to switch over to RBIA

3. As suggested by Risk Management Department, Head Office vide their IOM

Submitted for approval, please

(B. V. S. Rana) (S.Sampath)

1.3. As per the directive of RBI vide their letter

The Areas covered are:

Class/Category of branch Periodicity

All Small & Medium size branches -- As of 31 st March

All other branches -- As of 31 st March & 30th September

4. Risk Assessment & Rating of Branches

(For General Banking Branches; i.e other than Special categories of

At present, rating of the branches under regular Internal Audit is given

Risk Percentage of Marks

The direction/trend of the risk level is also assessed under

The trend analysis of the composite risk is interpreted as shown below:

Increasing Increasing Increasing Increasing

Decreasing Stable Increasing

In the case of Special Categories of branches, base level risk and

The following periodicity of audit of branches is proposed

Categories Audit Frequency

6. Level of transactions testing

As regards checking of the existing accounts, audit comments relating to

With respect to transaction testing in the Deposits/Miscellaneous areas, the

However, 100% transaction testing in all the areas (Advance, Deposits,

7. Compliance & Closure of Audit Reports

Category of Branches Compliance time by Closure at ZAC/GM

The guidelines for selection of audit officers are as under, at present:

i) He/She should be in Scale II/III and should have completed rural/semi-

9. Reporting to Head Office (Audit) Sub-Committee

i) Gist of audit observations on negative factors (risk factors) along

10. Reporting to Audit Committee of the Board/Reserve Bank of India

i) Summarized position of RBIA reports of H.O.Depts, Zonal

11. Any modification in the reporting format, either addition or deletion

2.1.1 Review of internal control system and procedures

2.1.2 Review of Custodianship and safeguarding of assets in the context of risk

2.1.3 Review of relevance and reliability of information

2.1.4 Review of utilisation of resources

2.1.5 Review of accomplishment of goals and objectives

(a) The auditor should critically evaluate the accomplishment of corporate

2.1.6 Examining the effectiveness of control framework

(b) Transaction testing would continue to remain an essential aspect of risk

3.2 The main objectives of Risk Based Internal Audit are:

a) Total revamping of existing internal audit system,

5.3 Risk Analysis of various Departments/ Sections

The Departments covered are:

Risk Matrix (Level)

Risk Matrix (Trend/Direction)

 Previous internal audit reports and compliance

8.2. Audit Frequency: It is based on Composite Risk rating as mentioned below:

Categories Audit Frequency

9. Norms for allotment of mandays

Allotment of mandays will be dependant on the percentage of transaction testing

10. Approval of Annual Audit Plan

11. Guidelines for selection of Audit Officers

12. Role of auditor

12.2 The internal auditor has to -

b) Assess the effectiveness of business strategies applied, policies and