deepak bholusaria fca member banking research group nirc of icai deepak@bholusaria com n.
Skip this Video
Loading SlideShow in 5 Seconds..
Bank Audit under CBS Environment PowerPoint Presentation
Download Presentation
Bank Audit under CBS Environment

Loading in 2 Seconds...

play fullscreen
1 / 54

Bank Audit under CBS Environment - PowerPoint PPT Presentation

  • Uploaded on

Deepak Bholusaria, FCA Member, Banking Research Group, NIRC of ICAI Bank Audit under CBS Environment. Objective of this presentation. Beginner’s guide to Audit under Core Banking Solution. Giving rough idea as on how CBS works and its architecture.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

Bank Audit under CBS Environment

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
deepak bholusaria fca member banking research group nirc of icai deepak@bholusaria com
Deepak Bholusaria, FCA

Member, Banking Research Group, NIRC of ICAI

Bank Audit under CBS Environment

objective of this presentation
Objective of this presentation
  • Beginner’s guide to Audit under Core Banking Solution.
  • Giving rough idea as on how CBS works and its architecture.
  • What kind of Controls are built in CBS environment?
  • What kind of reports a CBS system generates which may help in audit of Branches?
  • Brief overview of sample audit checks.
what is cbs
What is CBS?

Core banking solution refers to a :

  • Common IT solution, wherein
  • A central shared database support the entire banking application.
  • Based on client-server architecture
what is cbs1
What is CBS?
  • Business processes in all the branches of a bank update a common database in a central server located at Data centre, which gives a consolidated view of the bank’s operations
  • Branches function asdelivery channels providing services to the customers of the bank.
components of cbs
Components of CBS

Major components are:

  • Data centre
  • Network connectivity
  • CBS application software
  • Hardware at branch and data centre
  • Delivery channels
  • Disaster recovery site
  • A strong business continuity plan
cbs architechture
CBS Architechture

Central Server

Branch router

Branch Router

Branch Router










system architechture general
System Architechture (General)
  • Front End
  • Provide Screens and Forms to Users

Web Server

  • Contains Application
  • Business Logic Running
  • Processes requests from Servers
  • Access the Database Server

Application Server (APS)

  • Hosts RDBMS
  • Processes requests from APS
  • Store Date in External Storage

Database Server (DBS)

cbs setup
CBS Setup
  • The branch confines itself to creating manual documents capturing data required for input into software, internal authorization, initiating Beginning-of-day (BOD) operations, End-of-day (EOD) operations, reviewing reports for control and error correction.
cbs setup1
CBS Setup
  • All data processing, storage, backup, report generation, inter branch account reconciliation are done centrally.
risk assessment controls aas 6
Risk Assessment & Controls (AAS-6)

Branch auditors’ should satisfy himself that:

  • Audit risk is at acceptably low level.
  • Adequate procedures exist to ensure data transmitted is complete and correct.
  • Cross-verification of records, reconciliation statement and various controls exist between online and offline records.
role of auditor in cbs environment
Role of Auditor in CBS Environment

Branch auditors’ role is divided into following:

  • Software/CBS Application related Control Checks.
  • Review of Controls and implementation of CIA principles.
  • Management practices
  • Checking manual documents which is the basis for input into the system.
cia principle
CIA Principle
  • Confidentiality
    • Information is shared amongst authorised personnel (Maker – Checker concept)
  • Integrity
    • Information is authentic and complete. Information is sufficiently accurate to rely upon.
  • Availability
    • Systems responsible for delivering, storing and processing information are accessible when needed.
controls in cbs branches
Controls in CBS Branches

Answer lies in

    • Existence of Controls; and
    • Review of their implementation

Types of controls:

  • Operational Controls
  • Physical Controls
  • Environmental Controls
operational controls
Operational Controls
  • Start with SoD!
  • Whether all accounts (Opening & Closing) are duly authorised.
  • Whether officials other than branch have authority to record transactions in branch books?

SoD means Segregation of Duties

operational controls1
Operational Controls
  • Whether the Account Master and balance can be modified /amended /altered except by the authorised personnel?
  • Whether Beginning of the Day and End of the Day register maintained? Whether Time is properly entered and time and date are normal and during office hours only?
  • No operation on Holidays !
operational controls2
Operational Controls
  • Whether the records of errors arising during daily operations are reported? And how they are rectified?
  • Whether dummy accounts created using master creation still exist in the Branch
  • A sample verification of SDRs / FDRs should be carried out to ascertain whether lien is marked on such deposit receipts in the system.
  • Availability of command prompt (Run-Cmd)
  • Access to group policies (gpedit.msc) is restricted
access controls
Access Controls

(as part of operation controls)

  • Pursue access control matrix
    • Password Management and History
  • Cross verify the same with actual number of users in the branch
    • Inactive user ids and guest Ids
  • Review the process of activation of users
  • What about users transferred to other branches?
  • Review access logs
  • Special emphasis on unsuccessful logon attempts
physical controls
Physical Controls
  • Router / Modem/Network equipments – Entry restricted to Branch Manager / authorised personnel
  • Ensure floppy/Pen-drive access is not allowed on Nodes (unless required for RTGS etc.)
  • Hardware Access Register
  • Software Patch Application Register
  • PC having internet access should be separate from CBS computers
  • ATM Cards/Passwords envelopes are stored in Secured Area under double lock !
enviornment controls
Enviornment Controls
  • Power back ups – ONLINE UPS
  • Any downtime register maintained?
  • How transactions are recorded in case of downtime?
  • Machinery Breakdown register.
  • Insurance/AMC of machinery and equipments
  • Fire extinguisher is installed and active.
is it necessary to be it savvy1
Is it necessary to be IT savvy?
  • YES!
  • Because, there are no short cuts to success!
  • Because, being IT savvy is “IN” thing!
  • Its is demand of the hour!
audit risk analysis in cbs
Audit Risk Analysis in CBS


Branch: Computerised

Auditor : Not computer expert

Branch : Manual

Auditor : May or may not computer expert

Branch : Computrised

Auditor: Computer expert

application level controls checks
Application Level Controls & Checks
  • System generated transaction numbers noted on the vouchers.
  • Vouchers have been initialled by same operators who entered vouchers
  • Vouchers have been initialled by same officer who authorised on screen.
  • Overdue Terms Deposits/LCs are parked in separate heads in GL by the system
  • Zero Balance accounts in system
application level controls checks1
Application Level Controls & Checks
  • Unconfirmed entries (Exception reports)
  • Suspense accounts
  • Application of Interest applied by systems (separate reports are available)
  • Change in Drawing Powers (Exception report)
  • Cheque book issuance charges are automatically charged
  • Charges for stop payment are automatically charged
application level controls checks2
Application Level Controls & Checks
  • Daily review of ToD – Whether with in the power of branch?
  • If not, has it been reported to HO and approved/ratified by HO
opening of accounts
Opening of Accounts

The auditor has to verify from parameters that:

  • Whether correct product is chosen
  • Correct Drawing Power is entered (for advances)
  • The master data is complete and correct
  • Check Maker-Checker control has been exercised
opening of accounts1
Opening of Accounts

Special Checks:

  • Interest rate parameters checking in case loans sanctioned at special rates
  • Correct scheme ID has been entered.
  • Log register for changes in scheme IDs
  • Authorization from the controlling authority to open the account and the interest rate
opening of accounts2
Opening of Accounts

Special Checks:

  • Duplication of Customer IDs
  • Interest rate variation/exception reports for Deposits as well as Advances
  • Drawing Power variation/exception report
verification of interest
Verification of Interest
  • Penal Interest is fed into the system as per sanction/review letter
  • Correct Product is chosen/selected
  • Alteration of Special Rates (for deposits as well as Advances) effected at Branch Level. Check relevant register
  • Manual Check for manual recovery:
    • Loan processing charges
    • LC, BG charges
    • Godown Inspection charges
verification of interest1
Verification of Interest
  • Whether TDS enabled or not?
  • Check for 15G/15H cases
other parameters
Other Parameters
  • Standing instruction charge (Global)
  • Stop payment instruction charges (Global)
  • Cheque book charges (Global)
  • Account closing charges (Global)
  • Password change parameters (Global)
  • Authorization of users
  • Authorization for exceptional transactions
  • Penal Interest Parameters
classification of advances
Classification of Advances
  • Generally there is Separate Software for classification
  • Classification generally done manually by Branch in Customer Master
  • Report of irregular Advances
  • Report of likely NPA – June 10, September 10 December 2011 and March 11
  • Exception Report on changes in NPA parameters
inter branch ho account
Inter Branch/HO account
  • In CBS, Intermediate accounts should generally shown NIL Balances. Analysis in case of balance in these accounts
  • Tally HO account tallied with HO Statement and confirmed by HO
  • SOL Transactions – Reconciliation
general ledger and balancing
General Ledger and Balancing
  • If there is a balance in system suspense account, it indicates that some posting is incomplete in the CBS system. This has to be corrected to arrive at final TB.
  • ATM's security control may be reviewed, like access to ATM is secured by double lock, cash replacement procedures, rejected bin cash counting process, network security
general ledger and balancing1
General Ledger and Balancing
  • All the sub ledger accounts are in built in the system and cross checked and tallied by the system itself
  • Trial balance extraction is automatically done by the system
  • The auditor has to ensure thatAll the system control accounts are NIL.
impersonal office account
Impersonal / Office Account
  • Sundry credit accounts
  • Sundry deposit accounts
  • Suspense accounts

Check for ghost entries and correctness of these accounts.

system level controls
System Level Controls
  • Operating System / RDBMS manual / installation guidelines
  • Computer Manual
  • DIT guidelines in separate file
  • User ID Register
  • Duty Roaster
  • Password expiration
  • Antivirus updation
exception variation reports
Exception/Variation Reports
  • Interest rate variation
  • Irregular advances
  • Advances pending renewal
  • Cash deposits/withdrawal beyond a defined limit
  • CC/OD exceeding DP
  • Errors in day book
exception variation reports1
Exception/Variation Reports
  • Debit /Credit balance change
  • Maturity record deleted
  • Inactive accounts reactivated
  • Excess allowed over limit
  • Debits to Income head accounts
  • Overdue bills and bills returned
  • Withdrawal against clearings
exception variation reports2
Exception/Variation Reports
  • Deposits accounts debit balance
  • Temp O/D beyond sanction limit
  • Standing instruction failed in day
error reports
Error Reports
  • CBS provides a number of in-built checks to prevent unauthorized data entry, mis­match of data, entry not posted, entry truncated while processing, errors during process etc. These are provided by way of EoD execption reports for corrective action. These reports can be verified and checked for action taken at the year end.
tips and tricks
Tips and tricks
  • Understand and feel the CBS system by using Auditor login (Read only/view only access).
  • Go through User Manuals
  • Explore intranet of bank
  • Use Excel as Audit Tool
suggested readings1
Suggested readings
  • Auditing in Core-Banking Environment - Some Special Considerations. Author: CA. Ishwar Chandra. Page 1404, The Chartered Accountant, Mar 2007
  • Job Cards – Work Flow for Core Banking Solutions. Prepared by Bank of India for Indian Institute of Banking and Finance
  • New Age Banking and Auditing – It’s different. Author: CA. Manoj Daga. Page 1210, The Chartered Accountant, Feb 2007
deepak bholusaria fca deepak@bholusaria com 91 9810 575 565
Deepak Bholusaria, FCA

+91 9810 575 565

Thank you for patient hearing!!