"70% Indian Market Share "
Category: BlogNo Comments
1. As per a RBI Report, Indian banking system detected Rs 71,500 Cr worth of frauds in financial year 2018-19. The report also said that the average lag between the date of occurrence and its detection by banks was 22 months. Further, in reply to a RTI query RBI had disclosed that in 2019-20, Scheduled Banks and select FI’s reported 84,545 fraud cases, involving about Rs 1.85 lac Cr. As per information available, bulk of the amounts involved in these frauds has come under ‘loan related’ frauds. The fraud in Punjab National Bank involving Mehul Choksi and Nirav Modi, will be known to all with an interest in the Indian Financial System.
2. Against this background, the role of Internal Audit in Fraud Risk Management has come under intense scrutiny. In case of PNB scam, the Internal Audit executives had to face penal action too.
3. Internal Audit often comes under criticism for not being able to detect frauds during on-site audit or at the least flag the risk of frauds in branches, where eventually instances of frauds come to light. Even in the case of the PNB scam, the concerned branch would have been subjected to a few onsite Audits during the period the fraud unfolded as well as regular Concurrent Audit would have been in place. Yet, the fraud had remained undetected for long. RBI says clearly that bulk of the amounts of frauds are related to loans and also there is considerable delay in detection and reporting. It follows that Credit Audits and periodical Onsite Branch Audits have been unable to detect/ deter loan frauds.
4. As regards other frauds related to operational risk and cyber risk, there is no material available in public domain on the effectiveness of Internal Audit in either detecting or preventing such frauds. Our Banking Advisors opine that currently with Internal Audit mainly depending on periodical onsite audits, its efficacy in contributing to Fraud Risk Management is limited.
Limited Coverage of issues in Credit Audit and Periodical Audit of Loans. Also even in this Digital Age, Audit still remains only a ‘Point in Time Exercise’
Limited scope of Offsite and Concurrent Audit
Not aligning Audit Checklists to Fraud Risk on a continuous basis.
Banks have a wealth information on frauds occurring across the Banking system. RBI, circulates not only data as also the ‘modus operandi’ followed in perpetration of frauds in various Banks. This will enable Banks to identify the control breaches that led to such frauds. Strengthening audit checklist to in relation to the controls the breaches of which led to frauds, will make Internal Audit contribute effectively to ‘Fraud Risk Management’
5. Based on the NCS team’s experience in automating Internal Audit and the domain knowledge of our Banking Advisors, we suggest the way forward as follows for an “Enhanced Role of Internal Audit in Fraud Risk Management”
Moving Loan Review Mechanism (applicable to loans above Rs 5 cr) , which is a regulatory prescription, totally online. Increasing the intensity of LRM. In any Loan related fraud, the warning signals start from the origination stage itself.
Off-site Audit of Post Sanction of High Value Loans
“We are illustrating this with an example. Frauds relating to fraudulent ‘Ware house receipts for Agri products’ have happened in Banks in many States. The usual modus operandi is for a a fraudster in rural/ semi urban centre to get fake warehouse receipts issued in connivance with ware house owners/ authorities without actually putting any produce inside’. Branch Managers fall prey as they see opportunity for bulk business. Also, normally such loans are safe if all the controls are adhered to. The critical control breach which takes place is not verifying that the borrower tendering the ware house receipt, actually has the landholding required for growing the produce he is warehousing. Such documents are available with all genuine farmers. Having an OTMS alert for new warehouse receipt loans for checking borrower capacity will help mitigate the fraud risk”
Aligning Audit Check Lists to Fraud Risk
Root Cause Analysis of New Frauds.
Whenever any new fraud is reported in the Bank or in the Banking system, IA can take up a root cause analysis (small value frauds due to human error can be excluded) to identify the control breaches which contributed to the fraud. Wherever needed modifying/ enhancing audit checklist can be done so that such breaches are identified by IA.
As cyber frauds are on the rise, the scope of Internal audit of IT needs considerable enhancement.
A Dash board can be constructed to keep the Top Management informed about the findings/ developments relating to the above points.