Page 260 - CA Final Audit Titanium Full Book. (With Cover Pages)
P. 260

CA Ravi Taori
         Planning:
         Documentation:  Properly  record  details  regarding  timing,  extent  of  checking,  and  audit  procedures  at
         assertion level.
         Flexibility: Plan should be adaptable and updated or changed when required.
         Establish the Engagement Team:
         Assignment: Assigning qualified and experienced professionals is crucial for managing engagement risk.
         Composition: Depends on the bank's size, nature, and complexity of operations.

         (CNO-BA.120) Stage II: Understanding
         Understanding the Bank and Its Environment including Internal Control:
         Understanding the bank, its environment, and internal control helps the auditor:
         • Identify and assess risk; • Formulate an audit plan to evaluate controls and address specific risks.
         Understand the Bank’s Accounting Process:
         The accounting process provides management with financial data and supports the bank's internal control.
         Understanding it is vital for identifying RMM and designing audit procedures.
         Understanding the Risk Management Process:
         Management develops controls and uses performance indicators to aid in managing key business and financial
         risks. An effective risk management system in a bank generally requires the following.
         Oversight by Governance
         Approval: Those charged with governance (BOD/CEO) should approve risk management policies.
         Consistency: Policies should align with the bank's business objectives and strategies. Consideration of capital
         strength, management expertise, and regulatory requirements.
         Acceptable Risk : Policies should define acceptable types and amounts of risk.

         Risk Management Process
         Identification: Identify risks impacting the bank's goals.
         Measurement: Measure those risks.
         Monitoring: Monitor risks against pre-approved limits and criteria.

         Control Activities
         Segregation: Effective segregation of duties between front and back offices.
         Security: Ensuring physical security
         Approval,  Measurement  &  Reporting:  Accurate  measurement,  reporting  of  positions,  and  transaction
         approvals.
         Reconciliation: Reconciliation of positions with set limits and results.
         Exceptions: Reporting and approval of deviations.
         Contingency Plan: Having a contingency plan in place.

         Monitoring Activities
         Assessment: Regularly evaluate risk management models, methodologies, and assumptions.
         Update: Ensure they are current and relevant.
         Oversight: Function overseen by the independent risk management unit.

         Reliable Information Systems
         Reliable:  Banks  need  reliable  information  systems.  Systems  should  provide  financial,  operational,  and
         compliance data.
         Timeliness: Information should be available promptly and consistently.
         Clarity:  Governance  and  management  need  easily  understood  risk  management  information.  Information


        www.auditguru.in                                                                                      14.4
   255   256   257   258   259   260   261   262   263   264   265