Need Tally
for Clients?

Contact Us! Here

  Tally Auditor

License (Renewal)
  Tally Gold

License Renewal

  Tally Silver

License Renewal
  Tally Silver

New Licence
  Tally Gold

New Licence
 
Open DEMAT Account with in 24 Hrs and start investing now!
« Latest Circulars »
Open DEMAT Account in 24 hrs
 Auction of State Government Securities Feb 23, 2024
 RBI imposes monetary penalty on The Adinath Co-Operative Bank Limited, Dist. Surat, Gujarat
 The Relevance of SEACEN in a Turbulent World (Closing remarks by Michael Debabrata Patra, Deputy Governor, Reserve Bank of India - February 15, 2024 - at the 59th SEACEN Governors' Conference
  Business restrictions imposed on Paytm Payments Bank Limited vide Press Releases dated January 31 and February 16, 2024
 Extension of validity of Directions under Section 35A read with section 56 of the Banking Regulation Act, 1949 (As Applicable to Co-operative Societies) - HCBL Co-operative Bank Ltd., Lucknow (U.P.)
 Business restrictions imposed on Paytm Payments Bank Limited vide Press Releases dated January 31 and February 16, 2024
 Directions under Section 35 A read with section 56 of the Banking Regulation Act, 1949 Shimsha Sahakara Bank Niyamitha, Maddur, Mandya District Extension of Period
 Reserve Bank of India (Government Securities Lending) Directions, 2023
 Building resilient brand India amidst global uncertainty (Speech by Shri Swaminathan J, Deputy Governor, Reserve Bank of India - December 28, 2023 - at the 10th SBI Banking and Economic Conclave in Mumbai)
 Trade Credit for imports into India Submission of return on issuance of bank guarantees for Trade Credits on the Centralised Information Management System (CIMS)
 Minutes of the Monetary Policy Committee Meeting, December 6 to 8, 2023

Risk Based Internal Audit (RBIA) Framework Strengthening Governance arrangements
January, 12th 2021

RBI/2020-21/83
Ref.No.DoS.CO.PPG./SEC.04/11.01.005/2020-21

January 07, 2021

The Chairman / Managing Director / Chief Executive Officer
All Scheduled Commercial Banks (Excluding RRBs)
All Local Area Banks
All Small Finance Banks and
All Payments Banks

Madam / Dear Sir,

Risk Based Internal Audit (RBIA) Framework – Strengthening Governance arrangements

In terms of the Guidance Note on Risk-Based Internal Audit issued by RBI vide circular DBS.CO.PP.BC.10/11.01.005/2002-03 dated December 27, 2002, banks, inter alia, are required to put in place a risk based internal audit (RBIA) system as part of their internal control framework that relies on a well-defined policy for internal audit, functional independence with sufficient standing and authority within the bank, effective channels of communication, adequate audit resources with sufficient professional competence, among others.

2. While the aforesaid Guidance Note lays out the basic approach for risk based internal audit functions, banks are expected to re-orient their approach, in line with the evolving best practices, as a part of their overall Governance and Internal Control framework. Banks are encouraged to adopt the International Internal Audit standards, like those issued by the Basel Committee on Banking Supervision (BCBS) and the Institute of Internal Auditors (IIA).

3. To bring uniformity in approach followed by the banks, as also to align the expectations on Internal Audit Function with the best practices, banks are advised as under:

  1. Authority, Stature and Independence - The internal audit function must have sufficient authority, stature, independence and resources within the bank, thereby enabling internal auditors to carry out their assignments with objectivity. Accordingly, the Head of Internal Audit (HIA) shall be a senior executive of the bank who shall have the ability to exercise independent judgement. The HIA as well as the internal audit function shall have the authority to communicate with any staff member and have access to all records or files that are necessary to carry out the entrusted responsibilities.

  2. Competence - Requisite professional competence, knowledge and experience of each internal auditor is essential for the effectiveness of the bank's internal audit function. The desired areas of knowledge and experience may include banking operations, accounting, information technology, data analytics and forensic investigation, among others. Banks should ensure that internal audit function has the requisite skills to audit all areas of the bank.

  3. Staff Rotation - Except for the entities where the internal audit function is a specialised function and managed by career internal auditors, the Board should prescribe a minimum period of service for staff in the Internal Audit function. The Board may also examine the feasibility of prescribing at least one stint of service in the internal audit function for those staff possessing specialized knowledge useful for the audit function, but who are posted in other departments, so as to have adequate skills for the staff in the Internal Audit function.

  4. Tenor for appointment of Head of Internal Audit - Except for the entities where the internal audit function is a specialised function and managed by career internal auditors, the HIA shall be appointed for a reasonably long period, preferably for a minimum of three years.

  5. Reporting Line - The HIA shall directly report to either the Audit Committee of the Board (ACB) / MD & CEO or Whole Time Director (WTD). Should the Board of Directors decide to allow the MD & CEO or a WTD to be the ‘reporting authority’ of the HIA, then the ‘reviewing authority’ shall be with the ACB and the ‘accepting authority’ shall be with the Board in matters of performance appraisal of the HIA. Further, in such cases, the ACB shall meet the HIA at least once in a quarter, without the presence of the senior management, including the MD & CEO/WTD. The HIA shall not have any reporting relationship with the business verticals of the bank and shall not be given any business targets. In foreign banks operating in India as branches, the HIA shall report to the internal audit function in the controlling office / head office.

  6. Remuneration - The independence and objectivity of the internal audit function could be undermined if the remuneration of internal audit staff is linked to the financial performance of the business lines for which they exercise audit responsibilities. Thus, the remuneration policies should be structured in a way that it avoids creating conflict of interest and compromising audit’s independence and objectivity.

4. The internal audit function shall not be outsourced. However, where required, experts, including former employees, could be hired on contractual basis subject to the ACB being assured that such expertise does not exist within the audit function of the bank. Any conflict of interest in such matters shall be recognised and effectively addressed. Ownership of audit reports in all cases shall rest with regular functionaries of the internal audit function.

5. Banks must ensure and demonstrate through proper documentation that their risk-based internal audit framework captures all the significant criteria / principles suited for their organisational structure, the business model and the risks.

6. The instructions contained in this circular shall come into effect immediately from the date of this circular.

7. This circular supplement the guidelines issued by Reserve Bank of India on December 27, 2002 on Risk-based internal audit along with other circulars/instruction on the subject issued from time-to time and for any common areas of guidance, the prescription of this circular shall be followed.

Yours faithfully,

(Ajay Kumar Choudhary)
Chief General Manager-In-Charge

Home | About Us | Terms and Conditions | Contact Us
Copyright 2024 CAinINDIA All Right Reserved.
Designed and Developed by Ritz Consulting