Reported by: banking|Updated: May 11, 2020
Today, with banks facing increasing number of frauds, internal audit function has gained criticality. Also, the scope and coverage of internal audit has increased. Many banking experts are of the view that if there had been strong internal audits, the two incidents of Punjab and Maharashtra Cooperative Bank and Yes Bank virtually reaching a collapse stage would not have happened. Mind you the former had deposits of about $1.6 billion, while the latter has $47.5 billion in assets.
INTERNAL AUDIT CHALLENGES
Internal audit is a critical function that helps the top management of any corporate get a sense of reassurance that all the controls are in place and are functioning as envisaged. With the sheer volume of data that is available, it is definitely not be possible to audit each and everything and hence audit must wisely identify the relevant operations and transactions for auditing. It is as crucial to detect outliers and present the same to the board audit committee and the management.
Gopal Balachandran, CFO and chief risk officer at ICICI Lombard General Insurance Co, asserts that any internal audit strategy should ideally factor in the volume of data to be audited for a process, and the overall tools, systems and resources available with the company for identifying any transaction that may not be in accordance with the company policy, procedures, rules and regulations, and hence may be required to be highlighted.
NEW AGE RISKS
He cites the new-age risks: “The new risk paradigm continues to evolve every day and traditional risks are being replaced by new-age risks. The emergence of cyber risk, the impact of geopolitical risk, reputation risk and others, has made it extremely pivotal to have the appropriate resource capability in place within the internal audit function to ensure that the relevant risks are identified, assessed and evaluated.”
Rahul Dey, head of Internal Audit at Utkarsh Small Finance Bank, cites 2 major aspects where the internal audit team faces difficulties in managing the process: “The complex organization structure and multiple products and channels are impediments for effective communication with auditee teams and the management. To overcome this, the internal audit function needs automated audit application. Secondly, in the current banking environment, where most of the transactions and account management services are happening online and in core banking systems, drawing proper audit samples for various control testing is one such area where advanced sampling tool is essential.”
TECHNOLOGY TO HELP
Utkarsh Small Finance Bank uses an audit application that provides facilities like risk based audit checklist management at central level, audit scheduling, reporting audit observations to auditee team and management, system generated communication/escalations, audit report generation, tracking of open items, audit rating, analysis of inherent risks and residual risks, customized report generation for management, etc. The audit application eliminated paper-based audit reporting. With respect to drawing samples, the bank is using an in-house developed report generation application, which helps the audit team to draw population and sample for various control tests.
Gopal Balachandran says a key aspect in any internal audit process is to have the right set of preventive controls vis-à-vis detective controls. “Organizations today have formal process approval committees and product management committees in place, wherein a new process or product is thoroughly evaluated and discussed threadbare prior to being implemented or made available in the market,” says he.
USE OF ANALYTICS
With the right set of business and operational analytics, including utilizing technological systems supporting the same, internal audit function can play a key role in identifying outliers from amongst the large volume of transactions in any organization. The identified outliers can be further assessed, evaluated and audited to ensure accuracy of reporting to the board of directors, the audit committees and the management.
The analytics which is run by the internal audit function overcomes these problems since the systems and applications analyze the data and give a perspective into identifying the material sets of transactions required to be audited.
Gopal Balachandran says the idea of internal audit is to build an organization driven by core fundamentals of corporate governance. Technology, he says, is like a business partner for the internal audit function, in terms of assisting the team in assessing the areas of concern, which require the attention of the board audit committees and the management. “Today, it is extremely difficult to visualize an internal audit department becoming effective without timely and appropriate use of technology-driven tools and business analytics. A strong visible trend is also the use of artificial intelligence by the internal audit function, in detecting and identifying the appropriate areas of the audit,” says he.
According to Rahul Dey, audit applications have been quite effective in automating and streamlining the whole audit process including audit execution, improved communication during audit and reporting. However, his company’s in-house solution for report generation has helped internal audit team to draw samples, but advanced tools and applications will surely be helpful for drawing proper audit samples from complex data tables, he adds.