An Illustrative Checklist on Audit Considerations in CIS environment
While carrying out the audit in fully computerised environment, it is important to note that the primary audit objective does not undergo change, it is only the approach and methodology that undergoes a change. For achieving the primary objective in each of the aspects of the financial statements – balance sheet, profit and loss account, financial disclosures, notes to accounts, and special purpose certificates, the auditors must consider the following broad suggestions-
Clearly identify and document the underlying audit objective and also the significant inherent risks (accounting, compliance, etc.) involved in each
of the area.
Gain an understanding of the IT system in use, flow of activities/processes, data interface, flow of accounting entries, regular
and exception reports generated on daily basis, critical manual processes and controls.
Understand and document the processes involved and IT systems used for month end and year end financial closures and data extractions.
Identify sample size and carry out test of controls and substantive checking.
Document process and results.
Form an opinion.
The following indicative checklist can be used (centralised and decentralised) while undertaking the audit in fully computerised environment:
|
Sr. No |
Particulars | Yes/No/NA |
Comments |
|
A |
Basic Approach and Methodology –Centralised
|
||
|
i |
i. Have you understood the overall IT Policy, IT organization structure, IT Governance framework and control environment of the bank and the relation thereof to the preparation and presentation of financial statements?
|
||
|
ii |
ii. Have you obtained sufficient appropriate information about the total IT systems in use and the area covered therein?
|
||
|
iii |
iii. Have you obtained flow charts of activities in relation to data entry, recording, processing, storage and interface in each of the systems? Obtain a list of unprocessed transactions as at the year end. | ||
|
iv |
iv. Have you gathered information about the critical IT and manual controls in relation to data processing and data interface, in general, and accounting and preparation and presentation of financial statements in particular? | ||
|
v |
Have you reviewed the process documents for all the critical processes having bearing on recording of transactions and preparation and presentation of financial statements? In case the processes are not documented, have you ensured that written representation explaining the whole process has been taken on record? | ||
|
vi |
Have you reviewed the work done by other agencies, such as, internal auditors, concurrent auditors, internal inspectors and system auditors in relation to IT processes and systems? Have you documented significant observations, if any, made by any of the above agencies? | ||
|
vii |
Have you enquired about the major breakdowns/corruption in system/data during the year having bearing on the preparation and presentation of financial statements and how the same were resolved? Obtain details of unresolved issues, if any, as at the year end. | ||
|
vii |
Have you identified the samples for test of controls and substantive checking? Have you documented the process of sampling and the details of sample selected? Have you taken screen shots of the relevant accounts/data used in sampling? | ||
|
ix |
Have you compared the outcome of testing with the financial records? Are you satisfied with the results of test of controls and substantive checking? If not, have you taken some more samples for further testing? | ||
|
x |
If you are not satisfied with the results, has this been escalated to concerned officials and those issues have been resolved. | ||
|
xi |
Are there any unresolved issues and have you noted the same for final reporting?
|
||
|
xii. |
Have you documented the entire audit process and significant observation at all stages | ||
|
xiii. |
Have you obtained written representations from the management on all the required matters?
|
||
|
B |
System of accounting and record keeping – Centralised | ||
|
i |
Have you understood the process of creating head of accounts? Are there adequate controls on creating new heads of accounts and closing unused heads of account? Obtain a list of accounts heads created and closed during the year?
|
||
|
ii |
ii. Have you understood the nature and title of all the account heads used in preparation and presentation of financial statements? Obtain written note on basic purpose and usage of all head of accounts and their mapping/linkage with main heads of financial statements
|
||
|
iii |
Have you understood process of recording transactions in all the heads of accounts including routing/intermediary accounts? Obtain a list of all the routing accounts and purpose and usage thereof? Review the balances held and the ageing of these accounts as at the year end.
|
||
|
i |
iv. Have you understood the concept of out of the book entries passed at the year end for the purpose of financial closure and subsequent accounting/reversal thereof? Obtain a list of common OBE passed the year end. Have you reviewed the OBE passed at year end and also subsequent accounting and reversal thereof till the date of signing?
|
||
|
v |
. Have you ensured that the balances as the general ledger are tallied with the balances as per the sub-systems used for recording primary transactions? In case of significant differences, ensure that the same are reported in the audit report as qualification? | ||
|
vi |
In respect of financial information required for disclosures in the notes to accounts and also for special purpose certificate, have you understood the process of compiling information and the underlying systems used? Obtain all the back up papers used for generating such financial information. | ||
|
C |
Certain specific aspects – Decentralised |
||
|
i |
In case of deposits have you understood the process for compliance with KYC? Please carry out test check of certain cases and document the test results. , | ||
|
ii. |
In case of deposits have you understood various types of deposits and carried out test check to ensure interest accrual, application, year end provisions, TDS calculations, etc., are correct? (In view of voluminous records/accounts, many a times, it is not possible to compare the results of test of controls and substantive checking for year end interest accrual with the books of account as individual customer level data is not generated.) Please document the process and test results.
|
||
|
iii. |
In case of advances have you understood various types of facilities being offered, the process of monitoring the limits and interest accrual and application (including year end provisions) in accounts under various types of facilities? Special care needs to be taken while monitoring the excesses/over-limits in case of fungible /interchangeable limits. Special care also needs to be taken for new age products being offered by various banks such as, Channel Financing, Business Banking, Small and Medium Enterprises Financing, Gold Loans, etc. (In view of voluminous records /accounts, many a times, it is not possible to compare the results of test of controls and substantive checking for year end interest accrual with the books of account as individual customer level data is not generated.) Please document the process and test results. | ||
|
iv |
In case of advances have you understood the process of identifying non-performing assets (NPA) under various types of facilities (cas credit, overdraft, term loan, packing credit, bill purchase and discounting) and segments (wholesale and retail)? Special care need to be taken while reviewing the overdue or DPD
(days past due) reports provided by the banks, as many banks have filtration process before final reports are generated. (In case private sector and foreign banks, the retail assets are categorised under various products and monitored accordingly for asset classification and security-wise classification. Even the NPA norms (which are generally more stringent than RBI norms) and securitywise classification is decided on product level basis and applied accordingly. |
||
| v | Have you understood the process of
identifying NPA borrower-wise and not facility-wise? (In case of private sector banks and foreign banks, due to voluminous data, such identification is either not done or is done at a time lag and in some case, the customer data in retail portfolio is not matched with wholesale portfolio for this purpose. Further, special care need to be taken in case of new age products as, in some banks, these facilities may not fall within wholesale and retail portfolio for the purpose of monitoring.) Please document the process and test results. |
||
| In case of foreign currency assets and
liabilities, have you understood the process of revaluation (as per Accounting Standard (AS) 11 /FEDAI guidelines) periodically and at the year end, as the case may be? Please document the process and results. |
|||
| In case of sundry assets and liabilities, have
you understood the usage, process of clearance of outstanding items, periodic ageing and reporting and provisioning of old items? (In case of fully computerised banks, some of these heads of account are used as routing accounts and have specified frequency for periodic clearance.) Please document the process and test results. |
|||
| In case of day to day operating expenses,
have you understood the process of accounting, payments, TDS calculation and year end provisioning? (In case of private sector banks, the accounting and payment of expenses is centralised and generally there is substantial time gap between receipt of goods/services, receipt of bill and accounting thereof. Special care need to be taken for provision for expenses as at the year end. Further in case of payments to staff, many banks do not provide access to staff records due to confidentiality. In such cases, please ensure that alternate audit approach is used to verify aggregate payments instead of merely relying on representation by the management or outsourced service provider.) Please document the process and test results. |
|||
| In case of fixed assets have you understood
the process of the entire process of purchasing fixed assets and the capitalisation and amortisation thereof? (Due to voluminous transactions and internal processes involved in purchase of fixed assets, many banks follow the practice of capitalising the assets (largely in case of it assets) on the date of payment rather than date on which asset is ready for use or date on which asset is put to use. Such practices must be corrected.) Please document the process and test results. |
|||
| Have you understood the process of maturitywise
classification of assets and liabilities of the bank? (In many banks it is not possible to compare the results of test check carried out in this regard with the actual classification, as it is in-built in the basic system and moreover, the account level information is not readily available.) Please document the process and test results. |
|||
| In case of data migration from one platform to
another platform have you verified that the same was error free and there are no pending issues having bearing on the preparation and presentation of financial statements with migration report? |
|||
| In case of errors spotted during the audit,
have you enquired about the primary reason/s and specific pattern/s, if any for the errors? (In computerised accounting, due to automated data processing, it is quite likely that there are some primary reasons and some patterns behind the errors which, if not detected, could lead to serial misstatement in the financial statements.) Please document the process and test results. |