Subscribe to the Bombay Chartered Accountant Journal Subscribe Now!

July 2019

FROM PUBLISHED ACCOUNTS

By HIMANSHU V. KISHNADWALA
Chartered Accountant
Reading Time 26 mins

STATE
BANK OF INDIA

 

Key
Audit Matters

Key Audit
Matters are those matters that in our professional judgement were of most
significance in our audit of the Standalone Financial Statements for the year
ended 31st March, 2019. These matters were addressed in the context
of our audit of the Standalone Financial Statements as a whole and in forming
our opinion thereon and we do not provide a separate opinion on these matters.
We have determined the matters described below to be the Key Audit Matters to
be communicated in our report:

 

                Key audit matter

How the
matter was addressed in our audit

Sr. No.

 Key Audit Matters

Auditors’ Response

i

Classification of advances and
identification of and provisioning for non-performing advances in accordance
with the RBI guidelines (Refer Schedule 9 read with Note 3 of Schedule 17 to
the financial statements).

 

Advances include bills purchased and
discounted, cash credits, overdrafts loans repayable on demand and term
loans. These are further categorised as secured by tangible assets (including
advances against book debts), covered by bank / government guarantees and
unsecured advances.

 

Advances constitute 59.38% of the Bank’s
total assets. They are, inter alia, governed by income recognition,
asset classification and provisioning (IRAC) norms and other circulars and
directives issued by the RBI from time to time which provide guidelines
related to classification of advances into performing and non-performing
advances (NPA). The Bank classifies these advances based on IRAC norms as per
its accounting policy No. 3.

 

Identification of performing and
non-performing advances involves establishment of proper mechanism. The Bank
accounts for all the transactions related to advances in its Information
Technology System (IT System), viz., Core Banking Solutions (CBS) which also
identifies whether the advances are performing or non-performing. Further,
NPA classification and calculation of provision is done through another IT
System, viz., Centralised Credit Data Processing (CCDP) Application.

 

The carrying value of these advances (net of
provisions) may be materially misstated if, either individually or in
aggregate, the IRAC norms are not properly followed.

Our audit approach towards advances with reference to the IRAC
norms and other related circulars / directives issued by the RBI and also
internal policies and procedures of the Bank includes the testing of the
following:

 

  The accuracy of the
data input in the system for income recognition, classification into
performing and non- performing advances and provisioning in accordance with
the IRAC Norms in respect of the branches allotted to us;

 

– Existence and effectiveness of monitoring mechanisms such as
internal audit, systems audit, credit audit and concurrent audit as per the
policies and procedures of the Bank;

 

We have examined the efficacy of various internal controls over
advances to determine the nature, timing and extent of the substantive
procedures and compliance with the observations of the various audits
conducted as per the monitoring mechanism of the Bank and RBI Inspection.

 

In carrying out substantive procedures at the branches allotted
to us, we have examined all large advances / stressed advances while other
advances have been examined on a sample basis including review of valuation
reports of independent valuers provided by the Bank’s management.

 

Reliance is also placed on audit reports of other statutory
branch auditors with whom we have also made specific communication.

 

We have also relied on the reports of external IT System audit
experts with respect to the business logics / parameters inbuilt in CBS for
tracking, identification and stamping of NPAs and provisioning in respect
thereof.

 

Considering the nature of the transactions,
regulatory requirements, existing business environment, estimation /
judgement involved in valuation of securities, it is a matter of high
importance for the intended users of the Standalone Financial Statements.
Considering these aspects, we have determined this as a Key Audit Matter.

 

Accordingly, our audit was focused on income
recognition, asset classification and provisioning pertaining to advances due
to the materiality of the balances.

 

ii

Classification and valuation of investments,
identification of and provisioning for Non-Performing Investments (Schedule 8
read with Note 2 of Schedule 17 to the financial statements).

 

Investments include investments made by the
Bank in various government securities, bonds, debentures, shares, security
receipts and other approved securities.

 

Investments constitute 26.27% of the Bank’s total assets. These
are governed by the circulars and directives of the Reserve Bank of India
(RBI). These directions of RBI, inter alia, cover valuation of investments,
classification of investments, identification of non-performing investments,
the corresponding non-recognition of income and provision there against.

 

The valuation of each category (type) of the
aforesaid securities is to be done as per the method prescribed in circulars
and directives issued by the RBI which involves collection of data /
information from various sources such as FIMMDA rates, rates quoted on BSE /
NSE, financial statements of unlisted companies etc. Considering the
complexities and extent of judgement involved in the valuation, volume of
transactions, investments on hand and degree of regulatory focus, this has
been determined as a Key Audit Matter.

 

Accordingly, our audit was focused on
valuation of investments, classification, identification of non-performing
investments and provisioning related to investments.

 

Our audit approach towards investments with reference to the RBI
Circulars / Directives included the review and testing of the design,
operating effectiveness of internal controls and substantive audit procedures
in relation to valuation, classification, identification of non-performing
investments, provisioning / depreciation related to investments. In
particular,

 

a. We evaluated and understood the Bank’s internal control
system to comply with relevant RBI guidelines regarding valuation,
classification, identification of Non-Performing Investments, provisioning /
depreciation related to investments;

 

b. We assessed and evaluated the process adopted for collection
of information from various sources for determining fair value of these
investments;

 

c.  For the selected
sample of investments in hand, we tested accuracy and compliance with the RBI
Master Circulars and directions by re-performing valuation for each category
of the security. Samples were selected after ensuring that all the categories
of investments (based on nature of security) were covered in the sample;

 

d. We assessed and evaluated the process of identification of
NPIs and corresponding reversal of income and creation of provision;

 

e. We carried out substantive audit
procedures to re-compute independently the provision to be maintained and
depreciation to be provided in accordance with the circulars and directives
of the RBI. Accordingly, we selected samples from the investments of each
category and tested for NPIs as per the RBI guidelines and re-computed the
provision to be maintained in accordance with the RBI Circular for those
selected samples of NPIs;

 

f. We tested the mapping of investments between the investment
application software and the financial statement preparation software to ensure
compliance with the presentation and disclosure requirements as per the
aforesaid RBI Circular / directions.

iii

Assessment of provisions and contingent
liabilities in respect of certain litigations including direct and indirect
taxes, various claims filed by other parties not acknowledged as debt
(Schedule 12 read with Note 18.9 of Schedule 18 to the financial statements):

There is high level of judgement required in
estimating the level of provisioning. The Bank’s assessment is supported by
the facts of the matter, their own judgement, past experience and advices
from legal and independent tax consultants wherever considered necessary.
Accordingly, unexpected adverse outcomes may significantly impact the Bank’s
reported profit and the balance sheet.

Our audit approach involved:

 

a. Understanding the current status of the litigations / tax
assessments;

b.  Examining recent
orders and / or communication received from various tax authorities /
judicial forums and follow-up action thereon;

 

c.  Evaluating the merit
of the subject matter under consideration with reference to the grounds
presented therein and available independent legal / tax advice; and

 

 

We determined the above area as a Key Audit
Matter in view of associated uncertainty relating to the outcome of these
matters which requires application of judgement in interpretation of law.
Accordingly, our audit was focused on analysing the facts of the subject
matter under consideration and judgements / interpretation of law involved.

d. Review and analysis of evaluation of the contentions of the
Bank through discussions, collection of details of the subject matter under
consideration, the likely outcome and consequent potential outflows on those
issues.

 

 

 

 

YES
BANK LTD.

 

Key
Audit Matters

Key audit
matters are those matters that, in our professional judgement, were of most
significance in our audit of the standalone financial statements of the current
period. These matters were addressed in the context of our audit of the
standalone financial statements as a whole, and in forming our opinion thereon,
and we do not provide a separate opinion on these matters.

 

Key audit
matter

How the
matter was addressed in our audit

Identification of Non-Performing Assets
(NPAs) and provisions on advances

Charge: Rs. 20,836 million for year ended 31st
March, 2019

Provision: Rs. 33,977 million as at 31st
March, 2019

Refer to the accounting policies in the Financial Statements:
Significant Accounting Policies – use of estimates and “Note 18.4.3 to the Financial
Statements: Advances”

Significant estimates and judgement involved

 

Identification of NPAs and provisions in respect of NPAs and
restructured advances are made based on management’s assessment of the degree
of impairment of the advances subject to and guided by the minimum
provisioning levels prescribed under the RBI guidelines with regard to the
prudential norms on income recognition, asset classification &
provisioning, prescribed from time to time.

The provisions on NPA are also based on the valuation of the
security available. In case of restructured accounts, provision is made for
erosion / diminution in fair value of restructured loans, in accordance with
the RBI guidelines. In addition, the contingency provision that the Bank has
established in the current year on assets currently not classified as NPAs is
based on management’s judgement.

We identified identification of NPAs and provision on advances
as a Key Audit Matter because of the level of management judgement involved
in determining the provision (including the provisions on assets which are
not classified as NPAs) and the valuation of the security of the NPA loans
and on account of the significance of these estimates to the financial
statements of the Bank.

Our key audit procedures included:

 

Design / Controls

Assessing the design, implementation and operating effectiveness
of key internal controls over approval, recording and monitoring of loans,
monitoring process of overdue loans (including those which became overdue
subsequent to the reporting date), measurement of provisions, identification
of NPA accounts and assessing the reliability of management information (including overdue reports). In addition, for
corporate loans we tested controls over the internal ratings process, monitoring
of stressed accounts, including credit file review processes and review
controls over the approval of significant individual impairment provisions.

Evaluated the design, implementation and operating effectiveness
of key internal controls over the valuation of security for NPAs and the key
controls over determination of the contingency provision including
documentation of the relevant approvals along with basis and rationale of the
provision.

Testing of management review controls over measurement of provisions
and disclosures in financial statements.

Involving our information system specialists in the audit of
this area to gain comfort over data integrity and calculations, including
system reconciliations.

 

Substantive tests

Test of details for a selection of exposures over calculation of
NPA provisions including valuation of collaterals for NPAs as at 31st
March, 2019; the borrower-wise NPA identification and provisioning determined
by the Bank and also testing related disclosures by assessing the
completeness, accuracy and relevance of data and to ensure that the same is
in compliance with the RBI guidelines with regard to the Prudential Norms on
Income Recognition, Asset Classification & Provisioning.

 

Key audit matter

How the
matter was addressed in our audit

 

We also selected a number of loans to test potential cases of
loans repaid by a customer during the period by fresh disbursement(s) to
these higher risk loans.

 

We selected a sample (based on quantitative and qualitative
thresholds) of larger corporate clients where impairment indicators had been
identified by management. We obtained management’s assessment of the
recoverability of these exposures (including individual provisions
calculations) and challenged whether individual impairment provisions, or
lack of these, were appropriate.

 

This included the following procedures:

 

Reviewing the statement of accounts, approval process, board
minutes, credit review of customer, review of Special Mention Accounts
reports and other related documents to assess recoverability and the
classification of the facility; and

 

For a risk-based sample of corporate loans not identified as
displaying indicators of impairment by management, challenged this assessment
by reviewing the historical performance of the customer and assessing whether
any impairment indicators were present.

Information technology

 

IT systems and controls

 

The Bank’s key financial accounting and
reporting processes are highly dependent on information systems including
automated controls in systems, such that there exists a risk that gaps in the
IT control environment could result in the financial accounting and reporting
records being misstated. Amongst its multiple IT systems, five systems are
key for its overall financial reporting.

 

In addition, large transaction volumes and
the increasing challenges to protect the integrity of the bank’s systems and
data, cyber security has become a more significant risk in recent periods.

 

We have identified ‘IT Systems and Controls’
as Key Audit Matter because of the high level automation, significant number
of systems being used by the management and the complexity of the IT
architecture.

 

Our key IT audit procedures included:

 

We focused
on user access management, change management, segregation of duties, system
reconciliation controls and system application controls over key financial
accounting and reporting systems.

 

We tested a sample of key controls operating over the
information technology in relation to financial accounting and reporting
systems, including system access and system change  management, programme development and
computer operations.

 

We tested the design and operating effectiveness of key controls
over user access management, which includes granting access right, new user
creation, removal of user rights and preventive controls designed to enforce
segregation of duties.

 

For a selected group of key controls over financial and
reporting systems, we independently performed procedures to determine that
these controls remained unchanged during the year or were changed following
the standard change management process,

 

Other areas that were assessed included password policies,
security configurations, system interface controls, controls over changes to
applications and databases and that business users and controls to ensure
that developers and production support did not have access to change
applications, the operating system or databases in the production
environment.

 

Security configuration review and related. Tests on certain
critical aspects of cyber security on network security management mechanism,
operational security of key information infrastructure, data and client
information management, monitoring and emergency management.

Valuation of Financial Instruments
(Investments and Derivatives)

Refer to the accounting policies in the
financial statements: ‘Significant Accounting Policies – use of estimate,’
‘Note 18.4.2 to the Financial Statements: Investments’ and ‘Note 18.4.6 to
the Financial Statements: Accounting for derivative transactions’.

Subjective estimates and
judgement involved

 

Investments

 

Investments
are classified into ‘Held for Trading’ (‘HFT’), ‘Available for Sale’ (‘AFS’)
and ‘Held to Maturity’ (‘HTM’) categories at the
time of purchase. Investments, which the Bank intends to hold till
maturity are classified as HTM investments.

 

Investments classified as HTM are carried at
amortised cost. Where, in the opinion of management, a diminution other than
temporary, in the value of investments has taken place, appropriate
provisions are required to be made.

 

Investments classified as AFS and HFT are
marked-to-market on a periodic basis as per the relevant RBI guidelines.

 

We identified valuation of investments as a
Key Audit Matter because of the management judgement involved in determining
the value of certain investments (bonds and debentures, commercial papers and
certificate of deposits, security receipts) based on the policy and model
developed by the bank, impairment assessment for HTM book and the overall
significant investments to the financial statements of the Bank.

Our key audit procedures included:

 

Design/controls

 

Assessing the design, implementation and operating effectiveness
of management’s key internal controls over classification, valuation and
valuation models.

 

Reading investment agreements / term sheets entered into during
the current year, on a sample basis, to understand the relevant investment
terms and identify any conditions that were relevant to the valuation of
financial instruments.

 

Engaging our valuation specialists to assist us in evaluating
the valuation models used by the bank to value certain instruments and to
perform, on a sample basis, independent valuations of the instruments and
comparing these valuations with the Bank’s valuations.

 

Assessed the appropriateness of the valuation methodology and
challenging the valuation model by testing the key inputs used such as
pricing inputs, measure of volatility and discount factors. Compared the
valuation methodology to criteria in the accounting standards / RBI
guidelines.

Derivatives

 

The Bank has exposure to derivative products
which are accounted for on fair value (mark-to-market) in the books of
account.

 

The valuation of the Bank’s derivatives,
held at fair value, is based on a combination of market data and valuation
models which often require a considerable number of inputs. Many of these
inputs are obtained from readily available data, the valuation techniques for
which use quoted market prices and observable inputs. Where such observable
data is not readily available, then estimates are developed which can involve
significant management judgement.

 

We identified assessing the fair value of
derivatives as a Key Audit Matter because of the degree of complexity
involved in valuing certain financial instruments and the degree of judgement
exercised by management in identifying the valuation models and determining
the inputs used in the valuation models.

Substantive tests

 

For sample of instruments we re-performed independent valuation
where no direct observable  inputs were
used. We examined and challenged the assumptions used by considering the
alternate valuation method and sensitivity of other key factors;

 

Assessing whether the financial statement disclosures
appropriately reflect the Bank’s exposure to investments and derivatives
valuation risks with reference to the requirements of the prevailing
accounting standards and RBI guidelines.

 

 

 

BANDHAN
BANK LTD.

 

Key
Audit Matters

Key Audit
Matters are those matters that, in our professional judgement, were of most
significance in our audit of the financial statements for the financial year
ended 31st March, 2019. These matters were addressed in the context
of our audit of the financial statements as a whole, and in forming our opinion
thereon, we do not provide a separate opinion on these matters. For each
matter, below our description of how our audit addressed the matter is provided
in that context.

 

We have
determined the matters described below to be the Key Audit Matters to be
communicated in our report. We have fulfilled the responsibilities described in
the auditor’s responsibilities for the audit of the financial statements
section of our report, including in relation to these matters. Accordingly, our
audit included the performance of procedures designed to respond to our
assessment of the risks of material misstatement of the financial statements.
The results of our audit procedures, including the procedures performed to
address the matters below, provide the basis for our audit opinion on the
accompanying financial statements.

 

Key audit
matter

How the
matter was addressed in our audit

Identification of Non-Performing Advances and provisioning for
advances (refer Schedule 17.4.3 to the financial statements)

Loans and advances constitute a major
portion of the Bank’s assets and the quality of the Bank’s loan portfolio is
measured in terms of the proportion of non-performing assets (NPAs) to the
total loans and advances. As at 31st March, 2019, the Bank has

We considered the Bank’s accounting policies for NPA
identification and provisioning and assessing compliance with the prudential
norms prescribed by the RBI (IRAC Norms);

reported total gross loans and advances of
Rs. 4,023,463.28 lakhs (31st March, 2018: Rs. 2,991,327.29 lakhs),
gross non­performing advances of Rs. 81,955.65 lakhs (31st March,
2018:

Rs. 37,314.06 lakhs) and a corresponding
provision for non­performing advances of Rs. 59,123.91 lakhs (31st
March, 2018: Rs. 20,023.68 lakhs).

 

Identification and provisioning of NPAs is
governed by the prudential norms prescribed by the Reserve Bank of India (RBI).
These norms prescribe several criteria for a loan to be classified as a NPA
including overdue aging.

Tested the operating effectiveness of the controls (including
application and IT dependent controls) for classification of loans in the
respective asset classes, viz., standard, sub-standard, doubtful and loss
with reference to IRAC norms;

Performed test of details to test whether the provisioning rates
applied for respective asset classes were in accordance with the Bank’s
accounting policies and assessed the rates used by the management wherever
such rates were higher than the minimum rates prescribed by RBI;

Performed inquiries with the credit and risk departments to
ascertain if there were indicators of stress or an occurrence of an event of
default in a particular loan account or any product category which need to be
considered as NPA.

Given the volume and variety of loans,
judgement is involved in the application of RBI norms for classification of
loans as NPA and in view of the significance of this area to the overall
audit of financial statements, it has been considered as a Key Audit Matter.

 

 

Considered the special mention accounts (SMA) reports submitted
by the Bank to the RBI’s central repository of information on large credits
(CRILC) to assess whether any accounts from such reporting need to be
considered as non-performing;

Tested the Bank’s controls to identify loan accounts of a common
borrower to ensure all facilities availed by a delinquent customer are
classified as NPA;

Reviewed the fraud listing and the fraud returns submitted by
the Bank during the year to Reserve Bank of India (RBI) and verified that
provisions are as per IRAC norms;

Performed analytical procedures on various financial and
non-financial parameters to test accounts identified as NPA;

Tested the arithmetical accuracy of computation of provision for
advances.

 

IT systems and controls

 

As a Scheduled Commercial Bank that operates
on core banking solution across its branches, the reliability and security of
IT systems plays a key role in the business operations. The Bank continued to
be highly dependent on third party service providers for its core IT
infrastructure. Since large volume of transactions are processed daily, the
IT controls are required to ensure that applications process data as expected
and that changes are made in an appropriate manner.

 

The IT infrastructure is critical for smooth
functioning of the Bank’s business operations as well as for timely and
accurate financial accounting and reporting.

 

Due to the pervasive nature and complexity
of the IT environment we have ascertained IT systems and controls as a key
audit matter.

 

 

For testing the IT general controls and application controls, we
included specialised IT auditors as part of our audit team. The specialised
team also assisted in testing the accuracy of the information produced by the
Bank’s IT systems;

 

We tested the design and operating effectiveness of the Bank’s
IT access controls over the information systems that are critical to
financial reporting;

 

We tested IT general controls (logical access, changes
management and aspects of IT operational controls). This included testing
that requests for access to systems were reviewed and authorised;

 

We inspected requests of changes to systems for approval and
authorisation. We considered the control environment relating to various
interfaces, configuration and other application controls identified as key to
our audit;

 

In addition to the above, we tested the design and operating
effectiveness of certain automated controls that were considered as key
internal controls over financial reporting;

 

If deficiencies were identified, we tested compensating controls
or performed alternate procedures.

 

 

HDFC
BANK LTD.

 

Key
Audit Matters

Key Audit
Matters are those matters that, in our professional judgement, were of most
significance in our audit of the standalone financial statements for the
financial year ended 31st March, 2019. These matters were addressed
in the context of our audit of the standalone financial statements as a whole
and in forming our opinion thereon, and we do not provide a separate opinion on
these matters. For each matter below, our description of how our audit
addressed the matter is provided in that context.

 

We have
determined the matters described below to be the Key Audit Matters to be
communicated in our report. We have fulfilled the responsibilities described in
the ‘Auditor’s Responsibilities for the Audit of the Standalone Financial
Statements’ section of our report, including in relation to these matters.
Accordingly, our audit included the performance of procedures designed to
respond to our assessment of the risks of material misstatement of the
standalone financial statements. The results of our audit procedures, including
the procedures performed to address the matters below, provide the basis for
our audit opinion on the accompanying standalone financial statements.

 

Key
audit matter

How the
matter was addressed in our audit

Identification of Non-Performing Advances
and provisioning of advances:

Advances
constitute a significant portion of the Bank’s assets and the quality of
these advances is measured in terms of the ratio of Non-Performing Advances
(NPA) to the gross advances of the Bank. The Bank’s net advances constitute
65.84 % of the total assets and the gross NPA ratio of the Bank is 1.36% as
at 31st March, 2019.

The Reserve
Bank of India’s (RBI) guidelines on Income Recognition and Asset
Classification (IRAC) prescribe the prudential norms for identification and
classification of NPAs and the minimum provision required for such assets.
The Bank is also required to apply its judgement to determine the
identification and provision required against NPAs by applying quantitative
as well as qualitative factors. The risk of identification of NPAs is
affected by factors like stress and liquidity concerns in certain sectors.

The
provisioning for identified NPAs is estimated based on ageing and
classification of NPAs, recovery estimates, value of security and other
qualitative factors and is subject to the minimum provisioning norms specified
by RBI.

Additionally,
the Bank makes provisions on exposures that are not classified as NPAs,
including advances in certain sectors and identified advances or group
advances that can potentially slip into NPA. These are classified as
contingency provisions.

The Bank
has detailed its accounting policy in this regard in Schedule 17 –
Significant Accounting Policies under Note C – 2 Advances.

Since the
identification of NPAs and provisioning for advances require significant
level of estimation and given its significance to the overall audit, we have
ascertained identification and provisioning for NPAs as a key audit matter.

 

The audit
procedures performed, among others, included:

Considering
the Bank’s policies for NPA identification and provisioning and assessing
compliance with the IRAC norms;

Understanding, evaluating and
testing the design and operating effectiveness of key controls (including
application controls) around identification of impaired accounts based on the
extant guidelines on IRAC.

Performing
other procedures including substantive audit procedures covering the
identification of NPAs by the Bank. These procedures included:

Considering
testing of the exception reports generated from the application systems where
the advances have been recorded;

Considering
the accounts reported by the Bank and other Banks as Special Mention Accounts
(SMA) in RBI’s central repository of information on large credits (CRILC) to
identify stress;

Reiewing
account statements and other related information of the borrowers selected
based on quantitative and qualitative risk factors;

Performing
inquiries with the credit and risk departments to ascertain if there were
indicators of stress or an occurrence of an event of default in a particular
loan account or any product category which need to be considered as NPA.
Examining the early warning reports generated by the Bank to identify
stressed loan accounts;

 

Holding
specific discussions with the management of the Bank on sectors where there
is perceived credit risk and the steps taken to mitigate the risks to
identified sectors.

With
respect to provisioning of advances, we performed the following procedures:

Gained an
understanding of the Bank’s process for provisioning of advances;

Tested on
a sample basis the calculation performed by the management for compliance
with RBI regulations and internally laid down policies for provisioning;

For loan accounts, where the
Bank made provisions which were not classified as NPA, we reviewed the Bank’s
assessment for these provisions.

Evaluation
of open tax litigations (Direct and Indirect Tax)

The Bank has material open tax litigations
including matters under dispute which involve significant judgement to
determine the possible outcome of these disputes.

Since the assessment of these open tax
litigations requires significant level of judgement, we have included this as
a Key Audit Matter.

Gained an
understanding of the Bank’s process for determining tax liabilities and the
tax provisions

Involved
direct and indirect tax specialists to understand the evaluation of
likelihood and level of liability for significant tax risks after considering
legal precedence, other rulings and new information in respect of open tax
positions as at reporting date;

Agreed
underlying tax balances to supporting documentation, including correspondence
with tax authorities;

Assessed
the disclosures within the standalone financial statements in this regard.

Information
Technology (‘IT’) Systems and Controls

The reliability and security of IT systems
plays a key role in the business operations of the Bank. Since large volumes
of transactions are processed daily, the IT controls are required to ensure
that applications process data as expected and that changes are made in an
appropriate manner. These systems also play a key role in the financial
accounting and reporting process of the Bank.

Due to the pervasive nature and complexity
of the IT environment we have ascertained IT systems and controls as a Key
Audit Matter.

For
testing the IT general controls, application controls and IT dependent manual
controls, we involved IT specialists as part of the audit. The team also
assisted in testing the accuracy of the information produced by the Bank’s IT
systems;

Tested
the design and operating effectiveness of the Bank’s IT access controls over
the information systems that are critical to financial reporting. We tested
IT general controls (logical access, change management and aspects of IT
operational controls). This included testing that requests for access to
systems were appropriately reviewed and authorised;

Tested
the Bank’s periodic review of access rights. We inspected requests of changes
to systems for appropriate approval and authorisation. We considered the
control environment relating to various interfaces, configurations and other
application layer controls identified as key to the audit;

In
addition to the above, the design and operating effectiveness of certain
automated controls that were considered as key internal controls over
financial reporting were tested;

Tested
compensating controls and performed alternate procedures where necessary. In
addition, understood where relevant, changes made to the IT landscape during
the audit period and tested those changes that had a significant impact on
financial reporting.

You May Also Like