IAL-9 RISK BASED INTERNAL AUDIT (RBIA)

1 OBJECTIVES / SCOPE & COVERAGE

The Risk Based Internal Audit encompasses all the areas of Branch functioning including
those covered by the Concurrent Audit as also Income Audits. Every Branch is subjected to
Risk Based Internal Audit at the prescribed periodicity. The Inspection Reports are sent by
the Internal Inspectors to the Inspection & Audit Division/Circle Audit Offices which
coordinates with the Zonal Offices for rectification and closure of the reports within the
period prescribed for closure. The Internal Auditors evaluates the Branches on the basis of
the findings of the Inspection Reports. Risk Based Internal Audit is expected to aid ongoing
risk management practices in Banks by providing necessary checks and balances in the
system.

2 PERIODICITY OF INSPECTION [EXCLUDING OTHER OFFICES / FUNCTIONAL DIVISIONS]

Sl. Risk Ratings Secured by the Periodicity at which Branch to be

No. Branch in previous Inspection. Inspected (from the date of last
inspection)
1 Low Risk Branches. Within 15 to 18 months.
2 Medium Risk Branches. Within 12 to 15 months.
3 High, Very High & Extremely High Within 9 to 12 months
Risk Branches.
4 Newly Opened Branches Within 6 to 9 months from the date of
starting operations.
5 Branches which are not rated in Within 12 months
the Past

REPORTING

1 The Branch Inspection Reports should be prepared by the Inspecting Officials in the structured format
covering all the functional areas.
2 While the Original copy of Inspection Report should be handed over to the Branch Head after
detailed discussion by the Internal Auditor/s against his acknowledgement, Second copy
of the report should be forwarded to the concerned Zonal Office for follow up of
rectification of irregularities by the Branch. The third copy of the report shall be forwarded
to the Circle Audit Office / Inspection & Audit Division HO, as prescribed from time to time.
The internal auditor also prepares an executive summary highlighting the serious
irregularities/deficiencies observed in the report and submit the same to Circle Audit Office
(CAO) and Inspection & Audit Division-HO.
3 In respect of Exceptionally Large Branches and Designated branches forth copy has to be prepared
and submitted to IAD-HO, who will be monitoring for rectification and closure of these reports.
 SCRUTINY OF THE INSPECTION REPORT
1 Immediately on receipt of the copy of the Branch Inspection Report, the Inspection & Audit
Division/Circle Audit Office, will scan the report and Executive.
2 Summary and place the same before the General Manager heading the Division/ Executive in-
charge of C AO. Directions of the General Manager/ Executive in-charge of the Circle
Audit Office will be communicated to the Branch/ Zonal Office for compliance along with
the copy of the Executive Summary.
3 The Inspection & Audit Division/Circle Audit Office will make available copies of the relevant
pages of the Executive Summary of the report to the concerned Functional Divisions at
Head Office for their information & necessary follow-up action.
4 However, a note on important inspection findings along with action taken/proposed to be taken
thereon in respect of all Exceptionally Large Branches, Specialised Branches and High Risk
Branches securing less than 50% marks in the rating, shall be placed before the Audit
Committee of Top Executives (ACE) / Audit Committee of Board (ACB). The directions of
the Audit Committee of Top Executives (ACE) / Audit Committee of Board (ACB) on the
note shall be communicated to the concerned Branch
Office/Zonal Office/Functional Division for compliance.

RECTIFICATION OF IRREGULARITIES AND REPORTING COMPLIANCE

1 The Branch shall submit its first compliance report (first reply) to the concerned Zonal Office
within 30 days if not on the concluding day of audit covering the entire report with a copy
marked to the concerned CAO/ Inspection & Audit Division- HO, as the case may be.
Subsequent periodical compliance reports, however, shall be submitted to the concerned
Zonal Office under copy to CAO/IAD-HO as the case may be, till irregularities pointed out
in the report are fully rectified.
2 The Zonal Office should follow up with the Branches for early rectification of the irregularities/
deficiencies observed in the Inspection Reports. For this purpose, the Zonal Office should
forward to the Branch a list of irregularities pending for rectification, in duplicate, with
directions to return the original duly incorporating therein the rectification. This process
should continue till the irregularities reported are fully rectified.
3 On being fully satisfied that all the major and rectifiable irregularities/deficiencies are rectified
by the Branch, Zonal Office should arrange for Compliance Test Audit (CTA) to scrutinise
the Rectification reports submitted by the branch and it the CTA report is satisfactory, ZO
submit its recommendation depending upon the category of the Branch to the Circle
Audit Office or Inspection & Audit Division, Head Office, for closure of the report,
enclosing a copy of the irregularities pending rectification by the Branch with an
undertaking to follow up rectification of the remaining irregularities within a definite time
frame.
4 CAOs to ensure that Compliance Test Audit (CTA) is carried out by the Zonal Office, before
recommending the RBIA report for closure. Under CTA, the rectification of critical and
major irregularities of the branches be got verified by a competent Officer working in Zonal
Office or nearby branches who has not worked in the auditee branch and is not involved in
the credit sanction process related to the auditee branch. The authorized Official
shall test check compliance of 25% of the major and critical irregularities and also ensure
100% verification of NPA A/Cs.
5 On the basis of such recommendation and on being satisfied itself that the Branch has rectified
with all the major and rectifiable irregularities, the Circle Audit Office/Inspection & Audit
Division HO should close the report and communicate the date of closure to the
concerned Branch/Zonal Office and also to the Circle Audit Office, in case the report is
closed by Inspection & Audit Division HO.
6 The Zonal Office and the Branch, however, should continue the process of rectification
of irregularities/deficiencies pending as on the date of closure of the report till the
same is fully rectified.
7 The Zonal Office should submit, at the end of each calendar quarter, a feedback report to the
Inspection & Audit Division/Circle Audit Office in the prescribed format as to the
rectification of pending irregularities subsequent to the closure of the report.
8 Progress in rectification of deficiencies of very high risk/ extremely high risk rated Branches
should, however, be placed before the ACB at quarterly intervals.

RISK RATING OF THE BRANCHES

1 Performance and functioning of Branches /Offices should be evaluated based on the internal
inspection findings on major business risk parameters viz; Reputation Risk, Liquidity Risk,
Credit Risk, Earning Risk, Control Risk and follow-up and rectification of the
irregularities/deficiencies pointed out in previous Inspection Reports. However,
Branches/Offices like Service Branches, Asset Recovery Branches, Currency Chests
and other non-business units need not be rated. Similarly, newly opened Branches also not
to be rated during the first inspection.
2 The risk identified and assessed by the Internal Auditor/s should be verified and confirmed by
the Inspection & Audit Division, HO in respect of ELBs/ Circle Audit Office in respect of
other branches, on receipt of the copy of the Inspection Report and the same should be
communicated to the Branch as also to the concerned Zonal Office. Reports which are
processed by IAD HO, rating to be communicated to the concerned Circle Audit Office also.
3 The Inspection & Audit Division/Zonal Audit Office should determine the level of risk (high,
medium or low) and trend (increasing, stable or decreasing) of inherent business risks and
control risks using both quantitative and qualitative approaches for conducting Risk Based
Internal Audit.
4 The risk assessment methodology should include the following parameters.
a. Previous Internal Audit reports and compliance.
b. Proposed changes in business lines or change in focus.
c. Results of latest regulatory inspection report.
d. Reports of External Auditors.
e. Time elapsed since last audit.
f. Volume of business and complexity of activities.
g. Substantial performance variations from the budget.
5 The risk assessment should be undertaken on the basis of the risk profile of the Branch periodically.
The Risk Matrix should be arrived as under:

Sl. Business Risk Control Risk Rating of the branch

No
1 High Low High Risk
 2 High Medium Very High Risk
3 High High Extremely High Risk
4 Medium Low Medium Risk
5 Medium Medium High Risk
6 Medium High Very High Risk
7 Low Low Low Risk
8 Low Medium Medium Risk
9 Low High High Risk

6 The Risk Based Audit should at the minimum, review and report on the process by which risks
are identified and managed in various areas:
The control environment in various areas
a. Gaps, if any, in control mechanism which might lead to frauds and identification of
fraud prone areas.
b. Data integrity, reliability and integrity of MIS.
c. Internal regulatory and statutory compliance.
d. Budgetary control and performance reviews.
e. Transaction testing/verification of assets to the extent considered necessary.
f. Monitoring compliance with the Risk Based Internal Audit report.
g. Variation, if any, in the assessment of risks under the audit plan vis-à-vis the Risk Based
Internal Audit.
h. Review of systems in place for ensuring compliance with money laundering controls.
i. Identifying potential inherent business risks and control risks.
j. Suggesting various corrective measures and undertaking follow up reviews to monitor
the action taken thereon.
k. Internal Audit Division should also leverage audits by focusing on areas that are
material and far reaching.

7 The system of assessment should be reviewed and revised from time to time based on the
changed priorities and objectives with the approval of Audit Committees of the Top
Executives/ Audit Committees of the Board. A periodical analysis of assessments
of rating/risk secured by Branches should be placed before the Audit Committee of the
Board/ACE/Risk Management Committee of Executives. A copy of such analysis should be
made available to the concerned Zonal Office and also the concerned Functional Division
at Head Office for initiating corrective measures in the weak/high risk areas identified
during the inspection.

Consequent to the change in modalities of inspection to Risk Based Internal Audit, the
audit process is required to identify and assess the risk prevailing in each business activity
undertaken by the Branch/Bank and suggest remedy for mitigation of the same.
 TIME NORMS FOR REPORTING COMPLIANCE

1 Branches have to submit rectification report (first reply) on regular Inspection Report to the
Inspection & Audit Section, Head Office/Circle Audit Office as per the guidelines, with a
copy to the concerned Zonal Office preferably, on the concluding day of the inspection to
take advantage of the bonus marks allotted for submission of the first reply on the
concluding day of inspection together with the Inspection Report.
2 Under any circumstances, the first compliance report should be submitted within thirty days from
the date of the report.
3 The benefit of submission of first reply on the concluding day of inspection is manifold. This
facilitates the Branch to set right maximum irregularities simultaneously with
the inspection findings. It means that the Branch is in total control of the situation and
imparts better image from inspection angle. It helps the Branch in earning grace marks
allocated for submitting first reply on the concluding day of inspection. This prompts the
Branch to get the report closed within the minimum period of one month from the date of
the report which again earns grace marks for the Branch. It also helps the
Branch/ZO/IAD/CAO by reduction in cross correspondence and utilisation of available
manpower for other purposes.
4 The subsequent rectification reports should be submitted within a maximum period of thirty days
from the date of previous compliance report to the concerned Zonal Office.
5 The time norms fixed for Branches and Controlling Offices for rectifying irregularities and reporting
compliance are given below:

Type of report Time limit for final compliance by Time limit for ZOs for
Branches submission of closure
recommendations
Risk Based Small 45 days from the date50 days from the date of report
Internal Audit Branch of report as the time for closure of report is
(RBIA) 90 days
Medium & 70 days from the date 80 days from the date of report
Large of report as the time norm for closure of
report is 90 days.
ELBs / 100 days from the 110 days from the date of report
VLBs date of report as the time norm for closure of
report is 120 days.
Risk Based 20 days from date of report 25 days from date of report as the
Snap time norm for closure of report is
30 days.

ROLE OF ZONAL OFFICE/HEAD OFFICE/CIRCLE AUDIT OFFICE

1 The role played by the respective Zonal Office, Inspection & Audit Division, Head Office
/Circle Audit Office, as well as other Functional Divisions at Head Office in ensuring
rectification of irregularities and closure of the Inspection Report are summarised below:
 A. INSPECTION AND AUDIT DIVISION, HO/CIRCLE AUDIT OFFICE

2 The Inspection & Audit Division - Head Office, conducts inspection of Branches at prescribed
periodicity through the Circle Audit Offices. The Circle Audit Office ensures submission
of the Inspection Reports simultaneously to the Branches and Zonal Offices on conclusion
of the inspection. While one copy of the report is retained by Office in case of Small,
Medium and Large &very Large branches, the same is forwarded to IAD-HO in case of
ELBs and Designated branches or as communicated by IAD-HO from time to time. The
auditor is also expected to submit an executive summary highlighting the major findings
on different areas.

3 The Inspection Report/Executive summary report should be scanned immediately on receipt

of the same either at the Inspection and Audit Division, HO or at the Circle Audit Office
as per the guidelines in vogue and the Executive Summary, highlighting the major
findings on different areas such as staff, business development, credit, recoveries,
internal control support services, etc.; shall be finalized.. On the basis of the Executive
Summary, performance of the Branch should be evaluated under 2 major risk parameters
viz., Inherent Business Risk and Control Risk, and rated accordingly using a rating chart.

4 Executive Summary and rating evaluation chart should be placed before the General Manager
of the Division/ CAO Head together with comparative risk rating secured by the Branch
for previous and present inspections.

5 A copy of the Executive Summary with remarks of the Executives of the Division/ CAO should
be forwarded to the Zonal Office for information of the Zonal Manager for compliance
of the directions/observations of the Executives of the Division/CAO on the Summary.
A letter furnishing the details of serious irregularities observed should be sent to the
Zonal Office with a copy to the Branch Head under the signature of the General Manager
(IAD)/Executive of CAO as the case may be.

6 The relative portion of the Executive Summary should also be made available to the concerned
Functional Divisions at Head Office. This will facilitate various sections at Zonal Office
and Functional Divisions at Head Office to have a glance of the Branch functioning and
enable them to guide the Branch for speedy rectification of the irregularities.

7 The Internal Auditors awards rating to the Branch based on inspection findings and
communicates the same to the Branch and the Zonal Office. IAD-HO in case of ELBs, and
CAOs in case of other branches, will confirm the rating given by Auditors.

8 Based on the recommendations of the Zonal Office and after satisfying that all major
rectifiable irregularities are rectified by the Branch, the Inspection & Audit Division/
Office will close the report under intimation to respective Zonal Office and to the
Branch.
9 Inspection & Audit Division/Zonal Audit Office should preserve the list of pending irregularities
submitted by the Zonal Office while recommending for closure of the
report and make it available to the next team of Internal Inspectors for verification as to
their rectification.

B. VARIOUS FUNCTIONAL DIVISIONS AT HO:

10 On receipt of photo copy of relevant portion of the Executive Summary, the Functional
Division should guide the Branch/Zonal Office for speedy rectification of serious
irregularities relating to their functional areas.

C. ZONAL OFFICE

11 The Inspection Cell at the Zonal Office should apprise the Zonal Head of the serious
irregularities/deficiencies observed in the Inspection Report immediately on its receipt
and seek instructions/guidance from the Zonal Head and follow up
with the Branches for early rectification of irregularities. The Zonal Head should go
through the serious irregularities/deficiencies that are placed before him as also the
full set of Executive Summary received from the Inspection & Audit Division/Circle Audit
Office thoroughly to initiate specific action on all major deficiencies. He should
record his orders/ observations on each of the findings which are to be complied
with by the concerned sections at the Zonal Office.

12 Relative portion of the Inspection Report as also the Executive Summary should be passed
on to the concerned section at the Zonal Office together with the
directions/observations of the Executives therein including that of the Zonal Manager so
as to apprise the section-in-charge, of the deficiencies in the particular functional area
of the Branch.

13 Zonal Office should ensure submission of first compliance report by the Branch within
the stipulated time frame.

14 On receipt of the first compliance report, the irregularities complied with therein should be
rounded off in the Inspection Report noting therein the reference number and date of
the compliance report. The pending irregularities should be fed into the system and a
hard copy thereof should be forwarded to the concerned Branch in duplicate, with
directions to comply with them and return the first copy thereof, reporting the
compliance against each of the pending irregularities at regular intervals of not more
than 30 days. It should be ensured by the Zonal Office that while taking out the printout
of the pending irregularities that they should appear on the left hand portion of the hard
copy leaving the right hand portion for the use of the Branch for reporting compliance.

15 On receipt of the copy of the printout from the Branch, for reporting further compliance,
delete the fully rectified irregularities from the system and mail once again, in
duplicate, the list of pending irregularities to the Branch for submission of further
rectification report in a similar manner. This exercise should be continued not only till
 such time the irregularities are satisfactorily complied with and the Inspection Report is
closed, but also to be continued even after closure of the Inspection Report till all
irregularities are fully complied with.

16 Zonal Office should ensure that all rectifiable serious/major irregularities are rectified by
the Branch before recommending for closure of the Inspection Reports. However, if any
irregularities of minor nature are persisting beyond the control of the Branch requiring
longer time for compliance, a list of such irregularities should be enclosed to their letter
of recommendation for closure of the report to IAD-HO/ CAO as the case may be. These
persisting irregularities should be followed up by the ZO for rectification.

17 Zonal Office should submit recommendation, which should be duly signed by the Zonal Head,
to the Inspection & Audit Division/Circle Audit Office for closure of the report within the
time frame stipulated which is as follows.

TIME NORMS FOR CLOSURE OF RISK BASED INTERNAL AUDIT REPORTS:

Sl. No. Type of Branch As per Internal Norms

1. Small Branches 3 months
2. Medium Branches 3 months
3. Large Branches 4 months
4. VLBs/ELBs 6 months
5. Forex Audit of DBs 6 months
6. Special Report 3 months
7 New Branches /Other Offices 3 months
1 Zonal Office is required to submit to the Inspection & Audit Division/Circle Audit Office by e-
mail, a feedback report on follow up of Inspection Reports on Branches subsequent to
the closure of the report at quarterly intervals to reach the Division by10th of the month
succeeding the calendar quarter, in the prescribed format as per Annexure – I.

2 It is expected that the above system of follow up and monitoring of Inspection Reports would
enable the Zonal Offices as also the concerned Functional Divisions at Head Office to
bestow more focused attention on the Branch administration in general and timely
rectification and mitigation of risk, if any, by rectification of inspection irregularities in
particular.
 ANNEXURE-I
CORPORATION BANK

Ref. No. Date:

……………… From,
…………………… Zonal Office

To;
The General Manager / Asst. General. Manager / Chief
Manager, Inspection & Audit Division/Circle Audit Office

Head Office, Mangalore

FEEDBACK REPORT ON FOLLOW UP OF REGULAR INSPECTION

REPORTS ON BRANCHES SUBSEQUENT TO CLOSURE OF THE REPORT
FOR THE QUARTER ENDED JUNE / SEPTEMBER / DECEMBER / MARCH
20............
(Ref. H.O. Circular No. 252/98 dated 26.08.1998)

DATE OF

Sl. Branch Inspection Closure 1st Receipt of Reminders, Remarks

Report of compliance further if any, from
No Name if any*
report Report compliance the ZO
during during the
the quarter quarter
under under
report report

* Please indicate here whether irregularities pointed out in the report are fully rectified with,
requiring no follow-up.

Place ZM / AGM / DGM / GM

Date
4.10 RISK CATEGORISATION OF BRANCHES

4.10.1 The Inspection & Audit Division, Head Office/ Circle Audit Office, has a system of evaluating
the Branches under 2 important parameters; viz; (I) Inherent Business Risk and (II) Control
Risk. Control Risk is further classified into Control Risk – Credit and Control Risk –
Operational. The various factors covered under the above parameters, along with the
maximum marks for each factor is furnished in Para 11.1.2.

4.10.2 With effect from 01.04.2008, in the total matrix of 1000, Inherent Business Risk i.e.,
Quantitative & Control Risk i.e., Qualitative parameters are apportioned at 300 and 700
respectively.

Marks
Parameters
Quantitative Qualitative Total
I. Inherent Business
Risk
- Credit 60
- Recovery 50
- Cash 20
- Deposits 70
- Profitability 100

300
II. Control Risk

A. Control Risk - Credit

- Credit Risk Management - 200
Recovery Management. 100

B. Control Risk – Operational 80

- Deposits 10
- Income Leakage 20
- Cash 20
- Customer Service
20
10
- Safe Deposit Locker
120
- Staff
- Others 20
- Closure Status/Adherence to
time frame 50
- Information System 50 700
- External Compliance

TOTAL 1000
4.10.3 On completion of the of Inspection, the Internal Auditors will cast marks allotted under various
items of the sub- parameters in the evaluation chart. The total marks secured under various
groups will be entered in the evaluation chart and total marks under the quantitative and
qualitative parameters arrived at (out of total marks of 300 and 700 respectively). IAD-HO in
case of ELBs, and CAOs in case of other branches, will review the rating awarded by Auditors
and confirm to respective branches under copy to concerned Zonal office.

Final marks in percentage terms is arrived at therefrom, and risk is assigned accordingly to
Quantitative and Qualitative Parameters.

4.10.4 Eligible bonus marks for first reply and closure of Inspection Report within the time norms
are added to final percentage of marks secured under Qualitative parameter and rating is
arrived at. Thereafter, final rating will be assigned keeping in view rating matrix of RBI.
The details of risk level approved by ACB are furnished hereunder:

Marks / Ratings Secured by the Risk Level

Above 60% Low Risk Branches
Above 30% up to & including 60% Medium Risk Branches
0 to 30% High Risk Branches
Very High Risk
Extremely High Risk

4.10.5 Transaction testing would also continue to remain as an essential aspect of Risk Based
Internal Audit. The extent of transaction audit will be determined based on the risk
assessment/ identification.

4.10.6 Bringing in level of compliance of IS audit, various directions of RBI, Committee (External
Compliance), closure of audits earlier conducted etc., necessitated the required stress
on Qualitative parameters.

4.10.7 The maximum marks in terms of percentage to be awarded to evaluate the

performance of the Branch on inspection findings, with increased weightage for qualitative
performances are as under: (Reduced from a combined matrix of 1000 marks):

Parameters Areas covered Weightage

Credit Risk Achievement of credit targets, pre-sanction, post- 26%
Management sanction supervision, documentation, credit
administration etc.
Recovery NPAs, cash recoveries and Recovery 15%
Administration
Cash Cash & other valuables, Maintenance of local Bank 4%
Management balance, General Administration
Deposits Resource Mobilisation and Deposit Administration 15%
Profitability Achievement of Targets, Increase in Non-Interest 10%
Income, Staff Productivity, Reduction in Operative
Expenses
Income Recovery of all income leakage detected in earlier 1%
Leakage and present Reports, application of service charges
correctly
 Customer Implementation of Goiporia 2%
Service Committee Recommendations, Customer Meet,
Disposal of Customer Complaints etc.
Safe Deposit Procedural aspects, Follow of arrears of rent 2%
Locker
Staff Rotation of Staff duties, punctuality 1%
Others Balancing, sundry debtors! creditors, returns, 12%
internal control, systems & Procedures Inspection
follow-up, general administration, fixed assets
Closure of Adherence to Time-Frame 2%
Inspection
Reports
Information Awareness on Information System, Hardware 5%
System Software Management, Environmental Control,
Incident
Management, Access Control, Antivirus
Software
External Compliance on Issues pertaining to 5%
Compliance Statutory/Regulatory guidelines
100%

4.11 BONUS MARKS:

4.11.1 With a view to encourage Branches that are prompt in attending to Inspection Report and
rectifying the irregularities at the earliest, the concept of bonus marks has been introduced,
which at present is as follows:

For submission of first reply on the concluding day of the inspection, Upto 2% marks For
closure of Inspection Report within one month, Upto 3% marks

4.12 RATING SCALE

4.12.1 As per RBI Guidance note as approved by the Board of Directors, in the Overall Risk
assessment, both the Inherent Business Risk (Quantitative) & Control Risk
(Qualitative) are factored in. The overall risk assessment as reflected in each cell on the
risk matrix is as under:

Inherent
Business Risk Control Risk Overall Risk

High + Low High = High (H)

Medium + High = Very High (VH )
High + High = Extremely High (EH)
Medium + Low = Medium (M ) High
Medium + Medium = (H)
 High + Medium = Very High (VH )
Low + Low = Low (L)
Low + Medium = Medium (M)
Low + High = High (H)
High
4.12.2 Based on the above, the Branches will be rated as Low Risk, Medium Risk, High Risk,
Very High Risk and Extremely High Risk, on the basis of risk exposed by them under
Business Risk and Control Risk.

4.12.3 Under Risk Based Internal Audit, Inherent Business Risk (Quantitative) & Control Risk
(Qualitative) parameters will be rated as Low, Medium and High as per the Risk Assessment
Matrix approved by the Audit Committee of Board as under.

Risk Rating is arrived at based on the percentage of marks scored.

Percentage of Marks Secured Rating

Above 60% Low Risk

Above 30% upto & including 60% Medium Risk
0% to 30% High Risk
4.12.4 Effective from 01.04.2003, Inspection & Audit Division HO is conducting Risk Based
Internal Audit at all the Branches of the Bank. Further, effective from 01.04.2008, IADHO
has redesigned the Evaluation Chart and Rating Chart by realigning the risk parameters to
make the format Basel II compliant and also to include activity-wise/ segment-wise risk levels
as required under RBI guidance note.

4.13 CONSEQUENCE OF POOR GRADATION

4.13.1 In a few cases, gradation of the Branches may slip to High Risk due to various factors like
negative growth in Deposits/Advances, substantial delinquency in loan portfolio, non
regularisation of long outstanding TODs/ excesses allowed, considerable deviations from
appraisal and disbursement norms of loans and advances, non- adherence to systems and
procedures putting the Bank’s interest in jeopardy, unenforceable loan documentation,
continuously loss making, etc.;

4.13.2 In all cases, where the Branch has slipped to HIGH RISK (securing aggregate percentage marks
of less than 50%) in inspection rating, the Inspection & Audit Division will place before the
ACE/ACB, a note containing major irregularities and compliance thereof, for information.

4.13.3 In the case of HIGH RISK branches securing 50% or less mark, the Zonal Head may be
advised to visit the branch for detailed interaction on steps already initiated and to be
initiated, to turn around branch performance under both quantitative and qualitative
parameters within a definite time frame.

4.13.4 During the interaction, the Branch Manager has to put forth concrete proposals
envisaged by the branch to improve the branch performance under all parameters. Audit
Committee of Executives/ Circle Audit Committee may also suggest corrective steps to be
taken up by the branch on priority basis. Performance of the High Risk rated branches will
be monitored by the Zonal Head on an ongoing basis.
4.14 RISK-BASED SNAP AUDIT (RBSA) Objectives / Scope & Coverage

4.14.1 Risk Based Snap Audit will be conducted of all High Risk rated Branches inclusive of ELBs / VLBs.
In addition, 10% of ELBs/VLBs (Other than High Risk rated Branches), as identified by the General
Manager of the Division, where risk perception commensurate with high volume of business shall also
be subjected to Snap Audit.

4.14.2 Reports in respect of Risk Based Snap Audit should be submitted to the concerned Branch and
Zonal Office as also to the Inspection & Audit Division/Circle Audit Office, simultaneously
on conclusion of the inspection. These reports are to be followed up with the Branches by
the concerned Zonal Office for early rectification of the irregularities and closure. First
compliance report should be submitted by the Branches to the Zonal Office within 15 days
from the date of the report or within such period as may be stipulated from time to time.
The Zonal Offices should ensure that these reports are fully complied with by the Branches
and closed by IAD-HO / CAO within 1 month from the date of the report.

4.14.3 The Inspection & Audit Division, Head Office, should place before the Audit Committee
of the top Executives/Board for review, a quarterly status report on the number of Snap
Audits conducted

4.15 OTHERS: SNAP AUDIT Objectives/ Scope & Coverage

4.15.1 The main objective of the snap audit is to check / verify whether the branches/ offices/ other
units are complying with the laid down guidelines, approved systems and procedures etc.

4.15.2 Snap audit will be conducted by the Inspection & Audit Division at select branches taking into
account, reports received about noncompliance of laid down guidelines while handling
business, as under:

1. Wide fluctuation in business figures, i.e. Deposits and Advances during March - April.
2. Sudden spurt in credit under certain lending schemes.
3. KYC compliance in respect of large number of new accounts opened during the campaign
period.
4. Sanction of large number of loans under a particular loan scheme like Corp Home,
Corp Vidya, Corp Personal etc., to verify appraisal system etc.
5. Surprise verification of cash held by Replenishing Agencies for the purpose of loading cash
in ATMs.
6. Business correspondent activities / Branchless banking business
7. Efficacy in decision making process at Retail Hubs, CCPCs
8. On any other critical business related audit at the specific request of any functional
Division.
9. Re-verification of compliances reported by branches/ offices by way of First reply,
rectification report submitted in compliance of some of the audits reports of RBI.
10. Snap Audit may also be conducted in any of the Branches identified by the Division
11. Similarly snap audits are conducted by the Inspection & Audit Division in other areas such
as campaigns for special products like Corp Home loans, Corp Rental loans, Savings
Bank/Current Account campaigns etc., to find out deviations from laid down systems and
procedures.
4.16 MANAGEMENT AUDIT OF ZONAL OFFICES/ OTHER OFFICES/ FUNCTIONAL DIVISIONS AT
HEAD OFFICE.

4.16.1 PERIODICITY
Names of Offices/Divisions Periodicity of Inspection

Currency Chest Once in 12 months

Functional Divisions at Head Office Once in 24 months

Lead Bank Offices, COBSETI Once in 24 months

Subsidiary Companies Once in 12 Months

IIBD- Mumbai, Once in 6 Months

Foreign Remittance Proc. Centre-Bangalore, Foreign
Exchange Service-Mumbai

CAPS/ Mini CAPS, Retail Hubs, ARMBs Once in 12 months

Service Branches Once in 12 months

Zonal Offices Once in 12 months

Other Non-Business units Once in 12 to 24 months

Such as (depending upon the volume
-MICR-CPCs, of transactions)
-PPCs
-ATM centres,
-Centralised Pension Processing centres
-Web server set up etc., APCs,

4.16.2 Submission of Reports/ First Reply and Closure Norms

Names of Offices/Divisions Submission of Submission of Closure Norms

Report First Reply (from the date
of report)

Currency Chest CAO 15 days 1 month

Functional Divisions at Head IAD-HO 30 days 3 months

Office
 Lead Bank Offices, COBSETI IAD-HO 30 days 2 months

Subsidiary Companies IAD-HO 30 days 3 months

IIBD- Mumbai IAD-HO 30 days 3 months

Foreign Remittance Proc. 15 days 1 month
Centre- Bangalore, Foreign 15 days 1 month
Exchange Service-Mumbai

CAPS/ Mini CAPS, Retail Hubs, CAO 15 days 1 month

ARMBs

Service Branches CAO 15 days 1 month

Zonal Offices IAD-HO 30 days 4 months

Other non-business units CAO/ IAD- 15 days 1 month

HO
As the case
may be

4.16.3 The General Manager of respective functional divisions, viz., IIBD, HO-Divisions, COBSETI,
RRB, Lead Banks, etc., should follow-up for compliance and recommend for closure of reports
of to the Inspection & Audit Division, Head Office within the stipulated period.

4.16.4 The Inspection Reports in respect of Functional Divisions at Head Office should be followed
up for compliance by the General Manager in charge of the Functional Division and
recommend to the Inspection & Audit Division, Head Office, for closure by ensuring that the
report is closed within three months from the date of the report. The first reply by the
Functional Divisions to be given within 30 days from the date of report.

4.16.5 Inspection & Audit Division shall place before the ACE/ACB for review, a status report on the
position of compliance of inspection reports of these Offices/ Divisions periodically. The
Division shall also place before the ACE/ACB for review summary reports on the important
inspection findings so also action taken/proposed to be taken thereon and the Directions of
the Committee, if any, shall be communicated to the concerned Offices/Divisions for
compliance. However, except CAPS branches, performance of these Offices and Functional
Divisions are not rated.

4.17 GAPS OBSERVED IN REPORTING

4.17.1 Inspection Reports should bring out clearly all the irregularities and malpractices, if any, at
the Branch. It should reveal how efficiently the Branch is being run and whether the Branch
Manager is conducting the business within the framework laid down by the Head Office vide
various Circulars and Manuals of Instructions or is exceeding its authority.
4.17.2 The Inspection Report should make a critical analysis of the conduct of business at the Branch,
its profitability and the scope for further improvement.
 4.17.3 The Inspector should bring out in his report in unambiguous and clear language his opinion
about the credit portfolio particularly those accounts which have become NPA or have
thrown up alarming signals.

4.17.4 The Inspector should ascertain whether staff discipline is being maintained properly and
there is adequate co-operation and co-ordination amongst various members of the staff.
Should there be any disturbing features, it should be brought out clearly in the Inspection
Report and remedial measures should be suggested.

4.17.5 To ensure that the report is not lengthy, the Inspector should see that his comments are
brief and touch only the broad outlines. However, while mentioning irregularities enough
data should be given to enable the Head Office to grasp the background. All comments
should be based on factual data and should not be in biased manner.

4.18 SPECIAL REPORTS

4.18.1 Scope & Coverage

Serious irregularities surfaced during the course of regular inspection shall be reported
immediately, separately by means of special reports, copies of which are to be handed over
to the Branch head unless his involvement is suspected in such irregularities, for immediate
corrective action. The Special Report shall be submitted to IAD HO under copy to CAO. IAD HO
shall forward a copy of the report to the concerned Zonal Office for taking up the matter with
Branch for immediate rectification. IAD-HO, depending upon the gravity of the case, may
place a note along with the feedback/action taken report from ZO, before Executive Director
in charge of Inspection Division, for instructions to take further action on the Special Report.
A copy along with directions from Executive Director/ GM IAD shall be forwarded to the
concerned Functional Division/Anti-Fraud Section/Vigilance Cell/ HRM Division at Head Office,
as the case may be, for information and suitable action, including for fixing of staff
accountability, if any.

4.18.2 The Inspecting Officer should submit special reports in case he comes across a serious
irregularity or malpractice which may result in loss or jeopardise interest of the Bank if
immediate action is not taken thereon. It should be ensured by the Inspectors that the special
reports submitted by them are complete in all respects to enable the Head Office to take
corrective measures.

4.18.3 Credit Related Area:- The following vital information should be provided unfailingly
in special report:

a. Amount of Advance
b. Name of the sanctioning authority
c. Compliance of terms and conditions of sanction
d. Present liability and extent of overdue
e. Available securities and its enforceability
f. Existence of unit or otherwise
g. Problematic financial exposure to the Bank
h. Name of the Official responsible for the irregularities.
i. Any other information that will aid the investigating department.
4.18.4 Similarly in other areas such as deposits, loans against deposits, debits to income, debits to
interest paid, sundry debtors, utilisation of subsidy in social lending schemes etc., the special
reports should be precise and complete. Cases of fraud, defalcation, embezzlement,
misappropriation should be reported with necessary details in full.

**********