Internal Audit

One of the most critical functions of a bank is that of internal audit. This function performs several important roles such as:
a.  Ensures laid down processes are followed
b.  Confirms internal checks and controls are functioning
c.  Contributes in the development of processes and controls
d.  Identifies areas of improvement in efficiency and compliance
e.  Provides assurance to the management

The internal audit team needs to be equipped with staff with relevant skills and knowledge / expertise across various areas / functions. Ideally, staffing should be of qualified people with prior work experience across functions.

Besides qualification and skills, the audit team should have an ability to anticipate issues and proactively work to discover them. Interpersonal skills and communication skills would help them to informally gather inside information. Most importantly, the integrity levels of the audit staff should be impeccable and they should have the courage and conviction to report their findings.

It is always a challenge to decide how many people are required in this function. Too many would be an over-kill and create unnecessary pain in the working and too little would reduce audit coverage. The team has to prepare an audit plan which covers both periodic as well as as surprise audits. The extent and frequency of coverage should depend on the level of risks & controls in each area / function.

Besides covering the business & operational areas, audit should also cover the control & support functions. Areas such as risk management, HR, legal, compliance, facilities management, IT etc. also need extensive audit coverage as these functions are critical to the effective functioning of a bank. For each area under audit, there should have a plan which will test the effectiveness of the controls and the evidencing of the same.

Audit team should create a climate of trust wherein the auditee realises that the auditor is interested in helping improve the performance & compliance. It should not appear as too suspicious in its approach.

Each audit should be concluded with the sharing of the draft report, a discussion on the same to incorporate the auditee comments / suggestions and the preparation of the final audit report along with Key Audit Observations. Audit findings should be discussed with a view to improve the process or the controls. An interim body or committee comprising Audit Head, Business / Geography Head and Compliance Head would discuss the report and the actions taken subsequent to it. They would recommend additional actions / controls if they feel it is necessary.

The Audit Committee (AC) of the Board is where all key audit findings are placed for information and decisions on broad actions to be taken. The AC would also review Audit plans and suggest improvements on the same. The AC would need to get a comfort on the overall coverage and the quality of the Audit team for it largely relies on this team report on the ground realities.

Audit is one of the key pillars to ensure stability, controls and compliance in any bank.

I would love to hear your views on this blog. Please feel free to leave a comment on the blog or send me a mail at vish.sesh@gmail.com and I will quickly respond.