Page 260 - CA Final Audit Titanium Full Book. (With Cover Pages)
P. 260
CA Ravi Taori
Planning:
Documentation: Properly record details regarding timing, extent of checking, and audit procedures at
assertion level.
Flexibility: Plan should be adaptable and updated or changed when required.
Establish the Engagement Team:
Assignment: Assigning qualified and experienced professionals is crucial for managing engagement risk.
Composition: Depends on the bank's size, nature, and complexity of operations.
(CNO-BA.120) Stage II: Understanding
Understanding the Bank and Its Environment including Internal Control:
Understanding the bank, its environment, and internal control helps the auditor:
• Identify and assess risk; • Formulate an audit plan to evaluate controls and address specific risks.
Understand the Bank’s Accounting Process:
The accounting process provides management with financial data and supports the bank's internal control.
Understanding it is vital for identifying RMM and designing audit procedures.
Understanding the Risk Management Process:
Management develops controls and uses performance indicators to aid in managing key business and financial
risks. An effective risk management system in a bank generally requires the following.
Oversight by Governance
Approval: Those charged with governance (BOD/CEO) should approve risk management policies.
Consistency: Policies should align with the bank's business objectives and strategies. Consideration of capital
strength, management expertise, and regulatory requirements.
Acceptable Risk : Policies should define acceptable types and amounts of risk.
Risk Management Process
Identification: Identify risks impacting the bank's goals.
Measurement: Measure those risks.
Monitoring: Monitor risks against pre-approved limits and criteria.
Control Activities
Segregation: Effective segregation of duties between front and back offices.
Security: Ensuring physical security
Approval, Measurement & Reporting: Accurate measurement, reporting of positions, and transaction
approvals.
Reconciliation: Reconciliation of positions with set limits and results.
Exceptions: Reporting and approval of deviations.
Contingency Plan: Having a contingency plan in place.
Monitoring Activities
Assessment: Regularly evaluate risk management models, methodologies, and assumptions.
Update: Ensure they are current and relevant.
Oversight: Function overseen by the independent risk management unit.
Reliable Information Systems
Reliable: Banks need reliable information systems. Systems should provide financial, operational, and
compliance data.
Timeliness: Information should be available promptly and consistently.
Clarity: Governance and management need easily understood risk management information. Information
www.auditguru.in 14.4