INSPECTION & AUDIT MANUAL

2009

RESERVE BANK OF INDIA

INSPECTION DEPARTMENT CENTRAL OFFICE C-7, 8TH FLOOR BANDRA-KULRA COMPLEX

BANDRA (EAST), MUMBAI - 400 051

Pe c r fa e T e S c n e itio o th G n ra A m is tio M n a h e o d d n f e e e l d in tra n a u l (G M 2 0 (a re is d v rs n o G M 9 8 s rv d a a A ) 00 v e e io f A -1 8 ) e e s u e l g id to v rio s o e / d p rtm n in re a to th s fu u e a u ffic s e a e ts g rd e p v io s c n e in S ff A m is tio , E ta lis m n ro is n o c rn g ta d in tra n s b h et

M tte , B d e a d F a c l p w rs a rs u g t n in n ia o e ,

In p c n a d A d s e tio n u it

M in n n e o o e P m e , H u e e p g fu c n a d a te a c f ffic re is s o s k e in n tio s n M c lla e u m tte . S c th nc a g sh v ta e p c in is e n o s a rs in e e h n e a e k n la e th In rn l A d m c a is in lu in in d c n o C n l e te a u it e h n m c d g tro u tio f o tro S lf - A s s m n A d a d C n u n A d in th R g n l e s e s e t u it n o c rre t u it e e io a O e (R s C n l O e D p rtm n (C D )/ T in g ffic s O )/ e tra ffic e a e ts O s ra in E ta lis m n (T s b s e s n th n g o th A d s b h e ts E ), e id s tre g e in f e u it M n rin A n e e ts in In p c n D p rtm n a C n l o ito g rra g m n s e tio e a e t t e tra O e F rth r, th p c s o IS C rtific tio h s a d d a ffic . u e e ro e s f O e a n a de n w d e s n to th re p n ib s o th R s C D e im n io e s o s ilitie f e O / O s c n e e in a d n to c s g s ila re p n ib o c rn d d itio a tin im r s o s ility o th n e In p c n D p rtm n A o g , C a te 5 o th G M 0 0 s e tio e a e t. lth u h h p r f e A -2 0 da w e lt ith In p c n a d A d th s c ra c a g s s e tio n u it, e tru tu l h n e in ic te a o e h v b e in p c a d th R s C D / T s d a d bv ae en la e n e O / O s E w re re u d to re r to v rio s in tru tio s is u d b th e q ire fe a u s c n se y e In p c n D p rtm n fro tim to tim . In v w o g a r s e tio e a e t m e e ie f re te e p a is b in la o In rn l A d a d In p c n mh s e g id n te a u it n s e tio m c a is in th B n a a o o th s s m o IS eh n m e a k s ls n e y te f O c rtific tio , it w s c n id re a p p te to c m ile th e a n a o s e d p ro ria o p e g n ra in tru tio s o in rn l in p c n a o e p c in th e e l s c n f te a s e tio t n la e e fo o a rm f " a u l o In p c na dA d M n a f s e tio n u it" in te do b in a s a f e g p rt o G M It is h p d th t th e itio o th In p c n a d a f A . o e a is d n f e s e tio n A d M n a w b fo n u e l b a R g n l O e / u it a u l ill e u d s fu y ll e io a ffic s C D / T s a a re d re k n r in a p c tin th ir ro a d Os E s ay coe p re ia g e le n re p n ib s o s ility a d to a h re to g id lin s in re p c o n de u e e s et f In p c na dA d in lu in C n u n A d / C A . s e tio n u it c d g o c rre t u it S A 2 T is M n a is illu tra e in n tu . O e h v , th re re . h aul s tiv a re ffic s a e e fo , a o to re r to th d ta d in tru tio s g id lin s is u d o ls fe e e ile s c n / u e e s e n th s e ifics b c v . M S C A , C , a dIS C rtific tio , e pc u je t iz A I, S A A n O e a n fro tim to tim , in c s o n e . C m e ts a d s g e tio s m e e a e f e d o mn n u g s n w ic a lik ly to s n th n th e is g m c a is b s e h h re e tre g e e x tin e h n m e id s s p in th p c d retom k th s s mm ree ie t a im lify g e ro e u a e e y te o ffic n re w lc m . F rth r c a g s a a dw e , m d w b a v e e o e u e h n e , s n h n a e ill e d is d toe a leth o e tok e th M n a u d te . nb e ffic s ep e aul pa d 3 T e In p c n D p rtm n h s p t in s e ia e rts in . h s e tio e a e t a u p c l ffo b g go t th M n a Inp rtic la th c n u n m d S rin in u is a u l. a u r e o trib tio s a e / S ri S . B a a a G n ra M n g r, P . C o h , D M h .K h rg v , e e l a a e .K h p la G , V . B jp i, D M (s c re d A . S g , A M a d P . .K a a G in e tire ) .B in h G , n .C

M h , M n g r, in d ftin , e itin a d u d tin th M n a is ra a a e ra g d g n p a g e a u l, n e tob c m e d d ed e o mn e .

R S E EB N O IN IA ERV A K F D IN P C IO D P R M N SET N EAT ET M MA U BI

(C K IS N N . R HA) E e u eD c r x c tiv ire to

MANUAL of INSPECTION AND AUDIT Need for Periodical Inspection and Audit Main functions of Inspection Department Organisational Set-up

Inspection Programmes Procedure for Management Audit & Systems Inspection Executive Summary of Management Audit & Systems Inspection Management Audit Report Rating of Regional Offices/Regional Directors Audit Monitoring Arrangement
Control Self- Assessment Audit Concurrent Audit Snap Audit Appointment of Concurrent Auditors Periodical Meetings with Concurrent Auditors Discussion in Branch Level Management Committee Meetings

The Scope of Inspection and Audit Management Audit & Systems Inspection - Submission of compliance Submission of Periodical Progress Report in respect of Concurrent Audit and Control Self-Assessment Audit Information Systems Audit Risk Based Inspection/ Audit Technology Audit Quick Follow-up Inspection Certifications Review of Performance by Top Management/Inspection and Audit SubCommittee of the Central Board Reporting Structure

Need for Periodical Inspection and Audit

Inspection Department has been constituted in Central Office in order to enable Management to have a critical review of the working of each Regional Office/Central Office Department/Training Establishment including wholly owned subsidiaries of the Bank viz. Deposit Insurance and Credit Guarantee

Corporation of India and Bharatiya Reserve Bank Note Mudran Private Limited, collectively referred to as Auditee Office hereinafter. 1.1 The Inspection Department would act as the eyes and ears of Management and discharge its duties with utmost professionalism as the principal provider of independent and objective feedback on the working of the Bank to Management to enable it ensure that the organisation functions efficiently and effectively. 1.2 The objectives of the Department are as under: To assess in clear terms the achieved and achievable performance of the Auditee Office with the available resources. To give objective feedback to Management on the performance of the Auditee Office. To assess risks and evaluate controls designed to address those risks and furnish an analysis, recommendations, counsel and information concerning the activities reviewed. To critically analyse and assess the staff requirements as and when required with a view to examining the adequacy or otherwise of staff at a particular Auditee Office. Main Functions of Inspection Department

The main functions of Inspection Department are as under: (a) Financial Audit

To audit the financial transactions in every Department of the Regional Offices / Divisions of Central Office Departments/ Training Establishments as also proper accounting of income and expenditure, maintenance of Bank's books and registers for the purpose, routine administrative matters such as leave, training, budget, subscription of periodicals, overtime, stationery etc. as also verification of cash balances and accounting thereof. This exercise was being undertaken by the erstwhile Regional/Central Audit Cells (RACs/CACs) under the overall control of the Inspection Department once in every six months viz., half-year ending March and September every year up to 31 March 2004. Consequent upon the recommendations of Committee on Job Realignment/Job Consolidation, the RACs/ CACs were wound up with effect from 01 July 2004 and their functions were subsumed by trifurcating them into (i) the Management Audit and Systems Inspections, (ii) Control SelfAssessment Audit and (iii) Concurrent Audit System. The financial audit which was hitherto being undertaken by the RACs/ CACs has been entrusted to the Concurrent Auditors with effect from July 2004. Such audit has to be carried out by them as per the scope and coverage spelt out in the letter of appointment and instructions/ guidelines issued by Inspection Department to the offices from time to time. (b) Management Audit and Systems Inspection

To examine whether the work in the Auditee Office is being carried out according to the prescribed procedures / instructions without any deviations/aberrations as also to exercise a check over the administrative procedures followed by Offices so that irregular practices, if any, are detected and rectified early and to report on the health of the Auditee Office. (c) Information Systems Audit

To assess the adequacy and effectiveness of internal controls in respect of Information Systems policies, standards and procedures. (d) Snap Audit To oversee the effectiveness of the systems of Control Self-Assessment Audit and Concurrent Audit. (e) Staffing Inspection

To undertake Staffing Inspection of Auditee Office as and when required by Central Office, DAPM/Top Management to do so with a view to examining the adequacy or otherwise of staff requirement of that particular establishment. (f) Quick Follow-up Inspection

To review the progress made in compliance of Management Audit & Systems Inspection and Audit Reports by Auditee Offices, whenever it is deemed necessary, and submit a report to the Top Management for information and direction. (g) Certifications

To co-ordinate Certification process following international standards, like International Standards Organisation (ISO) across select work areas. (h) Special Assignments

To conduct investigations/studies or specific scrutinies including vigilance cases as may be necessary from time to time.

Organisational Set-up

A Chief General Manager (CGM) will function as Officer-in-Charge of the Inspection Department within the meaning of Clause (d) of Regulation 3 of the Reserve Bank of India (Staff) Regulations, 1948 and will exercise powers to incur expenditure under the Expenditure Rules in so far as it relates to the Department. The CGM reports to the Executive Director in-Charge of the 6

Department. The work of the Department is being carried out in the following Sections: Administration Section Planning Section, including Inspection Wing Follow-up Section Audit Monitoring Cell Information Systems Audit Section, including ISO Certification Inspection and Audit Sub-Committee Section

4 Internal Inspection Units under the charge of a General Manager will conduct Management Audit and Systems Inspection of all the Auditee Offices. The Units will also conduct Staffing Inspection/Special Investigations/Studies as and when entrusted by the Top Management/Central Office Departments. 5 Inspection Programmes

The schedule for Management Audit and Systems Inspection Programmes to be carried out in the ensuing calendar year will be drawn in each year and Auditee Office advised by the Inspection Department sufficiently in advance in this regard. Auditee Offices will arrange necessary infrastructural facilities for the Inspection Unit. 6 Procedure for Management Audit & Systems Inspection

Inspection Department will furnish to Auditee Office a set of memoranda wherein all relevant information to facilitate conduct of Management Audit & Systems Inspection has to be provided by them. It will be ensured by the Auditee Office that the requisite information is compiled and furnished to the Inspection Unit on the date of commencement of inspection itself. 7 Offices/Branches/Central Office Departments will make available all records required by the Inspection Unit. It will be ensured by the staff attached to the Inspection Units that all matters relating to inspection are treated as Confidential. 8 The draft chapters of the Inspection Report will be furnished to the Regional Director/Chief General Manager/Officer-in-Charge/Principal/Chief Executive Officer (referred to as Officer in-Charge of Auditee Office hereinafter), who will go through the observations and bring to the notice of the Inspection Unit, points which are factually incorrect. Comments may be recorded covering observations on which they are not in agreement with and the draft returned by the stipulated date to the Inspection Unit. Such comments of the Officer-in-Charge along with the comments of Inspection Unit thereon will be incorporated in the Management Audit and Systems Inspection Report itself for the benefit of the concerned Central Office Departments, who will then take a final view and issue necessary instructions. It will be ensured by the Auditee Office that once the report is finalised, no point of dispute is raised.

9 The Auditee Offices are required to submit compliance in respect of those paragraphs which are marked to them for action. The Inspection Department shall make arrangements to forward a copy of relevant chapters of the Report on various Departments to the respective Central Office Departments to apprise them of the position of working of their Regional Offices at various centres. Also, extracts of paragraphs of a Regional Office/Central Office Department where action is required to be taken by other Regional Offices/Central Office Departments would also be forwarded to them for necessary action. 10 The Officer-in-Charge of the Auditee Office will furnish a certificate to the effect that except for the paragraphs, (to be specified) of the report on which comments have been offered; the remaining paragraphs have been noted for compliance. 11 The Management Audit & Systems Inspection Report on the Auditee Office will be handed over to them immediately on conclusion of the inspection and a copy thereof will be forwarded to DAPM for information and necessary action, if any. 12 Executive Summary of findings

The Inspection Unit will prepare an Executive Summary of Positive Features, Major Findings and Suggestions on the basis of Management Audit & Systems Inspection Report and submit the same to the Executive Director (Inspection) for perusal through Chief General Manager, Inspection Department. The relevant portion of the summary will, however, be forwarded to the Executive Directors concerned for information. 13 Management Audit Report

At the conclusion of the Management Audit & Systems Inspection, the Inspection Team will submit a Management Audit Report on the health of the Auditee Office, highlighting the important features of its working as also suggestions to improve its functioning to the Executive Director and Deputy Governor in-Charge of the Inspection Department for perusal/directions. Subsequently, a copy of the Report will also be furnished to the Auditee Office for compliance.

14

Rating of Regional Offices/Regional Directors

After conclusion of the inspection under Management Audit & Systems Inspection, the work of Regional Offices/Regional Directors is evaluated and rating is awarded by allotting marks under five broad parameters viz. (i)

Managerial Effectiveness, (ii) House-keeping, Record Management and Submission of Control Returns, (iii) Developmental Activities, (iv) Customer Service and (v) Compliance of Inspection and Audit Reports. The grade (Excellent, Very Good, Good, Average and Unsatisfactory) is awarded to the Regional Office/Regional Director on the basis of average marks assigned after having discussion with the Regional Director concerned by Chief General Manager, Inspection Department and with the approval of the Executive Director-in-Charge of the Department. 15 Audit Monitoring Arrangement

Consequent upon the closure of Regional/Central Audit Cells with effect from 01 July 2004, an Audit Monitoring Cell has been set up in Inspection Department with a view to overseeing and monitoring the effectiveness of Control Self-Assessment Audit and Concurrent Audit Systems. 15.1 Control Self-Assessment Audit As a sequel to the recommendations of the 'Sharma Working Group', Control Self-Assessment Audit (CSAA) was introduced in the Bank in July 1999 with the objective of enabling Auditee Office to undertake regular health check, assessing key risks in their areas of operations and frequently review and fortify internal checks and balances so that the Auditee Offices on their own evolve better internal control regime on an on-going basis. The CSAA shall be conducted in respect of risk areas identified by the Inspection Department/ Auditee Offices at least once in six months. All the CSAA reports will be reviewed by the Management Team headed by a Senior Officer in order to assess the quality and coverage of these reports and will be put up to RD/CGM-in-Charge/Officer-in-Charge alongwith the comments of the Management Team. 15.2 Concurrent Audit

The system of Concurrent Audit by Chartered Accountant firms was introduced in the Bank in the year 1995 on a selective basis under the aegis of the Department of Government and Bank Accounts. The work relating to appointment of Chartered Accountant firms as Concurrent Auditors and supervision of their functioning has been taken over by the Inspection Department since January 2005. The financial audit hitherto attended to by the erstwhile Regional Audit/Central Audit Cells has been entrusted to the concurrent auditors as per the scope and coverage of the areas identified by the Inspection Department, in consultation with the Central Office Departments concerned. Concurrent Auditors will submit their reports to the Auditee Office concerned on a monthly basis as per the scope and coverage of the areas assigned to them. 15.3 Snap Audit

Snap Audits were introduced by Inspection Department with effect from January 2005 with an objective of overseeing the effectiveness of the systems

of Control Self-Assessment Audit and Concurrent Audit on the working of Auditee Offices. Audit Monitoring Cell will draw up the Snap Audit programmes for half-yearly audit with the approval of the Chief General Manager of the Inspection Department. The audit is conducted by a team of officers headed by a Deputy General Manager. The Auditee Office shall submit compliance on action paragraphs to Inspection Department within one month from the conclusion of the Snap Audit. 15.4 It must be ensured by all Auditee Offices that irregularities having financial implications are complied with within a period of one month.
Any laxity on the part of dealing staff would be viewed seriously.

15.5 Appointment of Chartered Accountant Firms as Concurrent Auditors Chartered Accountant firms will be appointed as Concurrent Auditors of the Bank by the Officer-in-Charge of the Auditee Office as per instructions/guidelines issued by Inspection Department from time to time. 15.6 Meetings with Concurrent Auditors

The Officer-in-Charges of the Auditee Offices will hold meetings with Concurrent Auditors at least once in a quarter to enable them to assess the content, coverage and quality of concurrent audit and give directions to Concurrent Auditors to make audit an effective management tool. In particular, it may be ensured by the O-i-C that the Concurrent Audit is being carried out in keeping with the scope and coverage envisaged for such Audits. Any serious lacunae may be brought to the notice of the Concurrent Auditors/ Inspection Department. 15.7 Findings of Control Self-Assessment Audit/Concurrent Audit Reports shall be discussed in Branch Level Management Committee meetings to take suitable remedial action as also to ensure that adverse features observed in the reports are not repeated in the subsequent reports. 16 The Scope of Inspection and Audit The scope of Inspection and Audit is wide and covers all the matters which have a bearing on the efficient working of the Offices/Branches/Central Office Departments in particular and the Banks interests in general. The Department is authorized to review all records of the Auditee Office and will have full and complete access to all the activities, systems, including information/computer systems, records, property, etc. Inspection Department will finalize the broad guidelines for audit and inspection in consultation with the concerned Central Office Departments with clear-cut demarcation of areas under Inspection, Control Self-Assessment Audit and Concurrent Audit System. 17 Management Audit and Systems Inspection - Submission of compliance

10

17.1 On conclusion of the Audit/Inspection of an Auditee Office, one set of hard and soft copy of the Inspection/Audit Reports will be supplied to the Officer-in-Charge of Auditee Office who will initiate the process of compliance immediately and endeavour to secure maximum compliance in a time bound manner. 17.2 The work relating to co-ordination of compliance of Audit and Management Audit and Systems Inspection Reports both Banking and Issue Departments will be entrusted to the Manager (Audit, Budget and Coordination Cell) of the Auditee Office. He will ensure that compliance in respect of Management Audit and Systems Inspection Report is obtained from the Sectional/Departmental-in-Charges and put up to the Officer-inCharge who will be the final authority for accepting the compliance in respect of action paragraphs and treat them as closed provided he is satisfied that the observations made in the Inspection Report are fully complied with. 17.3 To facilitate quick identification of paragraphs requiring action by the Office or Central Office Department, it will be indicated as (Action) or (ActionCentral Office Department concerned) at the end of each paragraph of the Report. The action paragraphs will be further classified as Major and Other deficiencies. A summary of Major deficiencies will be furnished at the end of each chapter. The deficiencies, which are not included in the summary, will be treated as Other deficiencies. The work of scrutiny and acceptance of compliance of Management Audit and Systems Inspection Reports has been decentralised. The acceptance of the compliance of Other deficiencies has been delegated to the Officer in-Charges of the Auditee Offices. Inspection Department will monitor compliance of Major deficiencies only. While initiating compliance, the Office/ Branch/Central Office Department will keep in view the following: (a) Where the Auditee Office has noted the contents of the Report for compliance, it will initiate action for implementation immediately. (b) Where Central Office instructions are called for in respect of certain observations made, the concerned Central Office Department will examine the suggestions/ recommendations and convey their instructions within one month, as far as possible. (c) Auditee Office will send the consolidated compliance in the prescribed format (Annex I). The first compliance will be sent giving position within a period of 45 days from the conclusion of the Management Audit and Systems Inspection. Full compliance must be furnished within three months from the date of submission of the Report. The subsequent compliance should be forwarded at the monthly intervals. Compliance, which is incomplete/ partial in nature and does not state in specific terms the corrective action taken, should not be furnished. The position of compliance should also be reported in the prescribed form as per Annex II along with the compliance in Annex I.

11

(d) Compliance of Other deficiencies accepted by the Officer-in-Charge will be advised to Inspection Department in the prescribed format (Annex II). (e) Compliance furnished to Inspection Department in respect of Major deficiencies should be complete and state in specific terms the remedial action taken by Auditee Office. The forwarding letter should be signed by the Officer-in-Charge of the Auditee Office or should specifically indicate that it is being sent with his approval/clearance. (f) Substantial portion of the Management Audit and Systems Inspection
Report is required to be complied with by Auditee Offices in the first compliance report itself. Cent per cent compliance is ordinarily expected within three months of submission of the Report.

18 Inspection/Audit of an Auditee Office will not in any manner absolve them of their primary responsibilities in the performance of the work with accuracy and in accordance with the prescribed procedure and failure on the part of the Inspection Unit to point out any discrepancy will not absolve Auditee Office of the lapse/ irregularity. 19 Irregularities in Audit Reports- Non-compliance

In case it is not possible to furnish a compliance certificate in respect of any paragraph of the Inspection/Audit Report, the Office will convey the same to the Inspection Department together with the reasons for non-compliance thereof. The position should be reviewed and progress advised until all the irregularities are rectified and a final compliance certificate furnished. There should be no laxity in taking remedial action. Steps should also be taken to ensure that irregularities of the type referred to in the Report do not recur and in case of any serious irregularities, accountability is fixed and departmental action taken where considered necessary. 20 All references arising out of the inspection/audit irregularities and compliance thereof should be sent to the Chief General Manager, Inspection Department for information/instructions. 21 Submission of Quarterly/Half-Yearly Progress Report in respect of Concurrent Audit and Control Self Assessment Audit

Auditee Offices will submit to the Inspection Department a quarterly progress report on the compliance of Concurrent Audit Reports by the end of third week of the month following the quarter to which it relates and a half-yearly report (half year ended 30 June / 31 December) on compliance of Control SelfAssessment Audit Reports as on 30 September / 31 March by the 15 th October / 15 April in prescribed format (Annex III & IV). 22 Information Systems Audit Information Systems Audit has been introduced in the Bank with effect from February 2003 as per the policy approved by the Central Board. The IS Audit is carried out independently or as a part of Management Audit & Systems 12

Inspection to assess the adequacy and effectiveness of internal controls (management/ operational/ technical) and provide independent assurance (with external assistance, wherever required) about the compliance of Information Systems in use in the Bank with its policies, standards and procedures, as well as with regulations/ industry standards/ guidelines/best practices/frameworks set by internationally recognized professional bodies/associations while conforming to the standards of audit practice and ethical behaviour. The assessment generally includes a review of: a. Management Controls (information security policy, information/ computer security program management, information/ computer security risk assessment/ management, security and planning in the information system life cycle, assurance, etc.), b. Operational Controls (personnel/user issues, preparing for contingencies and disasters, information/computer security incident handling, awareness, training, and education, security considerations in information systems support and operations, physical and environmental security, vendor management); and c. Technical Controls (identification and authentication, logical access control, audit trails, cryptography, shared infrastructure, network and communication channels, etc.) 23 Risk Based Inspection/Audit (RBIA)

The Department may undertake risk based internal inspections with a view to providing an independent and objective opinion to the Management as to whether the Bank's business processes and risks are being properly managed. The RBIA methodology and procedures would be developed and reviewed from time to time to provide: i) Assurance about the management of business processes based on risk focused assessments to review the availability, appropriateness and effectiveness of controls and reporting thereof. ii) Assurance that the processes used to identify, monitor and report all significant risks are effective, risks are correctly assessed and mitigation measures are in place. iii) Necessary support to development and establishment of an appropriate risk management framework. 24 Technology Audits

The Department may carry out Technology Audit of systems, platforms, services, and technologies etc. as per directions of Central Board/ IASC/ Top Management, on receipt of request from Business owner Departments/User Departments/DIT, CO or, as felt necessary by Inspection Department considering the criticality/importance of operations/system, with external assistance, wherever warranted/required, with due approvals.

13

25

Quick Follow-up Inspection

The Chief General Manager/General Manager, Inspection Department may, if considered necessary, conduct a Quick Follow-up Inspection of an Office/Branch about three months after the completion of the regular inspection to assess the pace of progress made in the implementation as also to ascertain bottlenecks, if any, in securing total compliance. The findings of the Follow-up Inspection will then be deliberated upon by a committee consisting of Executive Director in-Charge of DAPM, Executive Director inCharge of Inspection Department and Chief General Manager in-Charge of DAPM. 26 Certifications

The Department is entrusted with the task of co-ordinating the efforts for outsourcing Certifications as per international standards like, International Standards Organization (ISO) across selected work areas/Departments with effect from September 2004. The various activities undertaken by the Department in this regard are: (a) To arrange and co-ordinate the implementation of various international standards in the domain of Quality Assurance, Management, Risk Assurance, Information Technology/Information Security etc. as decided by the Bank from time to time. (b) To arrange sustenance of (a) above through implementation of necessary internal controls and audits as appropriate. (c) To engage in research and development activities relating to the implementation of various international standards in the domains of quality assurance, management, risk assurance, information technology/information security etc, so as to keep the Bank's internal control, quality and risk assurance systems at par with international standards/best practices/methodologies (e.g. development of a risk based internal inspection methodology). (d) To arrange for implementation of standards/best practices as mentioned in (c) above, as considered appropriate, with requisite approvals. 27 Review of Performance by Top Management/Inspection and Audit Sub-Committee of the Central Board The performance of Auditee Offices in compliance with the observations made in Management Audit & Systems Inspection/Audit Reports will be reviewed by the Top Management/Inspection and Audit Sub-Committee of the Central Board and other high level committees as under: a) Executive Directors' Committee

14

The Committee will be chaired by the Executive Director in-Charge of the Inspection Department. All other Executive Directors will be its members. Chief General Manager of Inspection Department will be the Member Secretary. It will review the compliance position in respect of Management Audit & Systems Inspection Reports of Offices/Central Office Departments, hold discussions with the respective Regional Director/Chief General Manager/Officer-in-Charge/Principal/Chief Executive Officer and issue directions as deemed appropriate. Serious irregularities which may lead/has led to potential loss to the Bank, frauds, etc., deviations from laid down policies/non-implementation of policy guidelines and other critical areas would be identified by the Executive Directors' Committee for submission to the Inspection and Audit Sub-Committee of the Committee of Central Board. b) Inspection and Audit Sub-Committee of the Central Board

The Inspection and Audit Sub-Committee (IASC) of the Central Board reviews the Inspection and Audit Reports and their compliance at periodic intervals, and also with a view to giving a sharper focus to the internal audit and inspection exercises towards maximizing productivity and efficiency of operations. The IASC will consist of four Directors of Central Board, nominated by the Governor besides the Deputy Governor in-charge of the Inspection Department and Executive Directors in-charge of the Department of Administration and Personnel Management and Inspection Department. The Chief General Manager of the Inspection Department will be the MemberSecretary of the Committee. The other Deputy Governors and the Executive Directors will attend meetings of the Sub-Committee by invitation. The paragraphs identified as critical by Executive Directors' Committee and review of compliance position of Management Audit & Systems Inspection/Audit Reports will be placed before the Sub-Committee for review and necessary directions. C) The Directions / action points emerging from the meetings of IASC and EDC will be forwarded to the Department / Office concerned and monitored by the Inspection Department. Action taken report in this regard will be put up in the next meetings. 28 Reporting Structure

The Inspection Department reports to the Inspection and Audit SubCommittee (IASC) of the Central Board of Directors. All the major findings of the Inspection/Audit Reports are first reviewed by the Executive Directors' Committee and subsequently put up to the IASC. In addition, Inspection Department will submit to the Executive Director-in-Charge of the Department an activity report on a quarterly basis as also a half-yearly/annual review of implementation of the Inspection Calendar as at the close of business on 30th June and 31st December every year.

15

Annex I Name of the Auditee Office: Management Audit & Systems Inspection (latest):

16

First/ monthly Compliance as on _______________________________________________________________________ _____ Chapter No. & Para No. (1) Action taken ( To be reported only in respect of paragraphs on which compliance is complete @ (2) Comments of Inspection Department (3) (To be left blank )

( ) Regional Director/Officer-in-Charge @ Action taken as per instruction & contained in our circular letter Insp. No H1656/ 03.74.05/94-95 dated 15.05.95 only should be included. N.B. i) Regional Office should not include paragraphs on which action is to be taken by Central Office Departments.

ii) Central Office Department should not include paragraphs on which action is to be taken by other Central Office Departments. iii) Compliance should not be furnished in respect of paragraphs on which no action is called for. Annex II Name of the Auditee Office: ______________________________________________________________________

17

Management Audit & Systems Inspection (latest): Compliance position as on _____________________________________________________________________________ Total No. of paragraphs on which action is called for from the office * (1) Banking Issue Total No. of paragraphs complied with fully (2) Banking Issue Banking Percentage of compliance (3) Issue

No.

Date:

Forwarded to the Chief General Manager, Reserve Bank of India, Inspection Department, Central Office, C-7, Bandra-Kurla Complex, Bandra (East) , Mumbai400 051 ( ) Regional Director/Officer-In-Charge * Central Office Departments may indicate the figures under the column Banking. N.B. i) Regional Office should not include paragraphs on which action is to be taken by Central Office Departments. ii) Central Office Department should not include paragraphs on which action is to be taken by other Central Office Departments . iii) paragraph. A paragraph containing sub-paragraphs is to be treated as one

18

CONCURRENT AUDIT/SNAM* Name of the Auditee Office:______________________________________________________ Position for the quarter ended:____________________________________________________ Banking/Issue Department (Only in respect of ROs) to be given separately. Part I STATISTICAL DATA Sr. No . Months of the quarter Total No. of Paras Total Action Paras (1 ) @ @ @ (2) (3) (4) Financial Paragraphs Major Outstan ding

Annex - III

Non-Financial Paragraphs Others Outstandi ng

Remark s % of Complia nce (13) (14)

Complie d with

Outstan ding

% of Complia nce (7)

(5)

(6)

Total Action Paras Complie d with (8)

% of Complianc e (10)

(9)

Total Action Paras Complie d with (11)

(12)

Part II Details of Outstanding paragraphs (including outstanding paras of earlier quarters, if any, in terms of Inspection Department Circular Insp.AMC.No.2251/05.01.01/2004-05 dated 11.01.2005) Sr.No. Quarter ended Para Nos. Nature of Para F/M/NF Particulars in brief Reasons for Outstanding

F- Financial,

M- Major,

NF- Non-financial

Part III List of CA Reports findings/observations referred to COD/Inspection Department, if any, in terms of para 4(vii) of Inspection Department Circular Insp.AMC.No.2251/05.01.01/2004-05 dated 11.01.2005. Part IV Certified that CA Reports paragraphs complied with were approved by the RD/CGM-in-Charge and accepted by the Concurrent Auditors. @Indicate the month-wise position of bthe relating quarter *Where SNAM Audit was conducted, the position may be furnished separately. Signature Designation

20

Annex IV Control Self-Assessment Audit (CSAA)

Name of the Auditee Office:___________________________ CSAA report for the half-year ending 30 June. / 31 December .. Reporting position as on 30 September.. / 31 March.@ Banking /Issue Department (only in respect of ROs) to be given separately.
Part I - STATISTICAL DATA Sr. No 1 Total No. of Paras 2 Total Action Paras 3 No. of Paras Complied with 4 Outstanding 5 % of compliance 6 Remarks

Part II - Details of outstanding paragraphs (including outstanding paras of earlier half year if any in terms of Inspection Department Circular Insp.AMC.No.2251/05.01.01/2004-05 dated 11-01-2005)

Sr. No

Para Nos.

Half-year ended

Particulars in brief

Reasons for outstanding

Part III- Certified that CSAA exercise was undertaken strictly as required in terms of Inspection Department's Instructions of para 3 of circular letter No. INSP.Plan No. 4737/02.02.198/2003-04 dated 14-06-2004.
@ Compliance statement showing the position as on 30 Sept and 31 March should be furnished on or before 15 October and 15 April each year respectively.

Signature Designation

21