Even in today’s heavily regulated environment, company oversight organizations may not substantially cover several operational functions important to managing the business’s top-tier risks. In other instances, internal and external oversight groups redundantly monitor business processes. Additionally, simultaneously occurring assessments often burden and may overwhelm the company’s operational staff. Consequently, there exists a need to better align assessment activities with business risks and coordinate audits between oversight groups. StrategyDriven’s Risk Assurance Maps address all of these challenges.
StrategyDriven’s Risk Assurance Maps enable visualization of the relationships between enterprise risks and their associated operational processes. Concurrently, they reveal the degree of oversight applied to these processes and the residual risk remaining based on the outcomes of these assessments and the performance revealed by the organization’s performance measurement system.
To learn more, visit: http://www.strategydriven.com/risk-assurance-maps/
Establishing Effective ERM of IT: Implementation and Operational Issues of th...Robert Stroud
IT risk is receiving growing attention from executive management, risk managers and regulators to indentify and correctly manage risk in the operational environment. This pressure requires the implementation of an effective risk management process. ISACA recently delivered the RISK IT Framework to assist IT too effectively identify risk and how to develop processes to accept or mitigate risk.
When leveraged in conjunction with the COBIT® Framework which provides the generally accepted control framework, the RISK IT Framework will deliver an effective enterprise risk management solution.
This session will demonstrate how to establish effective enterprise risk management of IT including implementation and operational issues using ISACA’s new ‘Risk IT Practitioner Guide’.
Five lines of assurance a new paradigm in internal audit & ermDr. Zar Rdj
• Boards are provided with a tangible vehicle to demonstrate they are actively overseeing the company’s “risk appetite framework” (“RAF”)
• The process is designed to fully integrate with strategic planning, new product/service initiatives, and M&A activities.
• The process provides a clear response to emerging expectations like the UK Governance Code, Canadian Securities Administrators, SEC, FSB, credit agencies, institutional investors and TSB.
• The main role of internal audit is to report on the effectiveness of the risk management processes and the consolidated report on residual risk status the board receives from the CEO or his/her designate and to help the company build and maintain robust risk management processes
• Boards are provided with a tangible vehicle to demonstrate they are actively overseeing the company’s “risk appetite framework” (“RAF”)
• The process is designed to fully integrate with strategic planning, new product/service initiatives, and M&A activities.
• The process provides a clear response to emerging expectations like the UK Governance Code, Canadian Securities Administrators, SEC, FSB, credit agencies, institutional investors and TSB.
• The main role of internal audit is to report on the effectiveness of the risk management processes and the consolidated report on residual risk status the board receives from the CEO or his/her designate and to help the company build and maintain robust risk management processes.
Strategic Planning Society Webinar- Integrating Strategy and Risk ManagementAndrew Smart
• The credit crunch and its subsequent fall-out has rewritten the rules on strategy execution and risk management.
• The balanced scorecard and risk management approaches have evolved as silo processes over approximately 20 years – an approach that integrates both is a natural evolution.
• To effectively streamline management and regulatory reporting, organisations need to adopt an integrated framework, which covers strategy execution, risk management & compliance.
Even in today’s heavily regulated environment, company oversight organizations may not substantially cover several operational functions important to managing the business’s top-tier risks. In other instances, internal and external oversight groups redundantly monitor business processes. Additionally, simultaneously occurring assessments often burden and may overwhelm the company’s operational staff. Consequently, there exists a need to better align assessment activities with business risks and coordinate audits between oversight groups. StrategyDriven’s Risk Assurance Maps address all of these challenges.
StrategyDriven’s Risk Assurance Maps enable visualization of the relationships between enterprise risks and their associated operational processes. Concurrently, they reveal the degree of oversight applied to these processes and the residual risk remaining based on the outcomes of these assessments and the performance revealed by the organization’s performance measurement system.
To learn more, visit: http://www.strategydriven.com/risk-assurance-maps/
Establishing Effective ERM of IT: Implementation and Operational Issues of th...Robert Stroud
IT risk is receiving growing attention from executive management, risk managers and regulators to indentify and correctly manage risk in the operational environment. This pressure requires the implementation of an effective risk management process. ISACA recently delivered the RISK IT Framework to assist IT too effectively identify risk and how to develop processes to accept or mitigate risk.
When leveraged in conjunction with the COBIT® Framework which provides the generally accepted control framework, the RISK IT Framework will deliver an effective enterprise risk management solution.
This session will demonstrate how to establish effective enterprise risk management of IT including implementation and operational issues using ISACA’s new ‘Risk IT Practitioner Guide’.
Five lines of assurance a new paradigm in internal audit & ermDr. Zar Rdj
• Boards are provided with a tangible vehicle to demonstrate they are actively overseeing the company’s “risk appetite framework” (“RAF”)
• The process is designed to fully integrate with strategic planning, new product/service initiatives, and M&A activities.
• The process provides a clear response to emerging expectations like the UK Governance Code, Canadian Securities Administrators, SEC, FSB, credit agencies, institutional investors and TSB.
• The main role of internal audit is to report on the effectiveness of the risk management processes and the consolidated report on residual risk status the board receives from the CEO or his/her designate and to help the company build and maintain robust risk management processes
• Boards are provided with a tangible vehicle to demonstrate they are actively overseeing the company’s “risk appetite framework” (“RAF”)
• The process is designed to fully integrate with strategic planning, new product/service initiatives, and M&A activities.
• The process provides a clear response to emerging expectations like the UK Governance Code, Canadian Securities Administrators, SEC, FSB, credit agencies, institutional investors and TSB.
• The main role of internal audit is to report on the effectiveness of the risk management processes and the consolidated report on residual risk status the board receives from the CEO or his/her designate and to help the company build and maintain robust risk management processes.
Strategic Planning Society Webinar- Integrating Strategy and Risk ManagementAndrew Smart
• The credit crunch and its subsequent fall-out has rewritten the rules on strategy execution and risk management.
• The balanced scorecard and risk management approaches have evolved as silo processes over approximately 20 years – an approach that integrates both is a natural evolution.
• To effectively streamline management and regulatory reporting, organisations need to adopt an integrated framework, which covers strategy execution, risk management & compliance.
Risk management is an integral part of business management. This set of principles was developed by the industry for the industry. They have been drafted to make them so practical that they will resonate with any financial organization.
Shaping Your Culture via Risk Appetite Andrew Smart
Andrew Smart will briefly explain risk appetite and how it can be linked into the overall strategy and risk management process of an organisation. He will then go on to clarify how Risk Appetite statements work alongside Vision statements; creating the right ‘tone from the top’, and how that can be cascaded through the organisation in the form of Risk Tolerances and KRI's. The webinar will conclude with a demonstration of how to enable and embed change, leveraging your SharePoint investment.
Please contact andrew.smart@stratexsystems.com for more details about the presentation or to have a talk about our software solutions.
Abstract: Risk management is an activity which integrates recognition of risk, risk assessment, developing strategies to manage it, and mitigation of risk using managerial resources. Some traditional risk managements are focused on risks stemming from physical or legal causes (e.g. natural disasters or fires, accidents, death). Financial risk management, on the other hand, focuses on risks that can be managed using traded financial instruments. Objective of risk management is to reduce different risks related to a pre-selected domain to an acceptable. It may refer to numerous types of threats caused by environment, technology, humans, organizations and politics. The paper describes the different steps in the risk management process which methods are used in the different steps, and provides some examples for risk and safety management.
investment decisions, risk and uncertainity, types of risk, techniques of measuring risk, cost of capital, importance, factors affecting cost of capital, computation of cost of capital, capital structure, capital structure theories, dividend theories, walter model, gordon model, mm model, working capital management, types of working capital, factors influencing working capital, preparation of cash budget, problems on working capital, corporate valuation,methods
The concept of heightened expectations was no surprise to banks, even before the publication of the notice of proposed rulemaking (NPR) that appeared in the Federal Register on January 27, 2014 (Volume 79, No. 17, page 4282). The OCC had been raising these issues for years. The NPR however, did provide more detail on OCC expectations.
How to Create a Risk Profile for Your Organization: 10 Essential StepsCase IQ
Understanding your organization’s risks is the first step in developing an effective anti-corruption compliance program. But for many businesses, identifying and understanding their risks is a complex process, involving research, analysis and cooperation from all levels of the organization. Since every company needs a robust compliance program, an effective risk analysis is crucial. The consequences of getting this step wrong can be astronomical.
Join anti-corruption experts Marc Tassé and Patrice Poitevin, as they outline the steps and tools necessary to create a risk profile for your organization.
The webinar will cover:
Tools to help determine areas of risk
Factors to evaluate
The importance of due diligence once risks are identified
Continuous evaluation of your compliance program
How to achieve accountability and transparency
Deloitte’s risk management philosophy – Risk Intelligence (RI), focuses on maintaining the right balance between risk and reward. Asking the right questions and finding effective answers to them is critical to developing the right risk management capabilities. Most organizations already have a multitude of Enterprise Risk Management (ERM) practices and processes to address risks but the lack of a strategic view to an ERM program, can expose risk management gaps and redundancies and prevent sufficient insight into key risk interdependencies
Risk management is an integral part of business management. This set of principles was developed by the industry for the industry. They have been drafted to make them so practical that they will resonate with any financial organization.
Shaping Your Culture via Risk Appetite Andrew Smart
Andrew Smart will briefly explain risk appetite and how it can be linked into the overall strategy and risk management process of an organisation. He will then go on to clarify how Risk Appetite statements work alongside Vision statements; creating the right ‘tone from the top’, and how that can be cascaded through the organisation in the form of Risk Tolerances and KRI's. The webinar will conclude with a demonstration of how to enable and embed change, leveraging your SharePoint investment.
Please contact andrew.smart@stratexsystems.com for more details about the presentation or to have a talk about our software solutions.
Abstract: Risk management is an activity which integrates recognition of risk, risk assessment, developing strategies to manage it, and mitigation of risk using managerial resources. Some traditional risk managements are focused on risks stemming from physical or legal causes (e.g. natural disasters or fires, accidents, death). Financial risk management, on the other hand, focuses on risks that can be managed using traded financial instruments. Objective of risk management is to reduce different risks related to a pre-selected domain to an acceptable. It may refer to numerous types of threats caused by environment, technology, humans, organizations and politics. The paper describes the different steps in the risk management process which methods are used in the different steps, and provides some examples for risk and safety management.
investment decisions, risk and uncertainity, types of risk, techniques of measuring risk, cost of capital, importance, factors affecting cost of capital, computation of cost of capital, capital structure, capital structure theories, dividend theories, walter model, gordon model, mm model, working capital management, types of working capital, factors influencing working capital, preparation of cash budget, problems on working capital, corporate valuation,methods
The concept of heightened expectations was no surprise to banks, even before the publication of the notice of proposed rulemaking (NPR) that appeared in the Federal Register on January 27, 2014 (Volume 79, No. 17, page 4282). The OCC had been raising these issues for years. The NPR however, did provide more detail on OCC expectations.
How to Create a Risk Profile for Your Organization: 10 Essential StepsCase IQ
Understanding your organization’s risks is the first step in developing an effective anti-corruption compliance program. But for many businesses, identifying and understanding their risks is a complex process, involving research, analysis and cooperation from all levels of the organization. Since every company needs a robust compliance program, an effective risk analysis is crucial. The consequences of getting this step wrong can be astronomical.
Join anti-corruption experts Marc Tassé and Patrice Poitevin, as they outline the steps and tools necessary to create a risk profile for your organization.
The webinar will cover:
Tools to help determine areas of risk
Factors to evaluate
The importance of due diligence once risks are identified
Continuous evaluation of your compliance program
How to achieve accountability and transparency
Deloitte’s risk management philosophy – Risk Intelligence (RI), focuses on maintaining the right balance between risk and reward. Asking the right questions and finding effective answers to them is critical to developing the right risk management capabilities. Most organizations already have a multitude of Enterprise Risk Management (ERM) practices and processes to address risks but the lack of a strategic view to an ERM program, can expose risk management gaps and redundancies and prevent sufficient insight into key risk interdependencies
THE NEW AXIS OF FINANCIAL REPORTING - IND AS AND ICDSRSM India
The New Axis of Financial Reporting – IND AS & ICDS: This publication is intended to provide the readers, a broad understanding of applicability of Ind AS and Income Computation and Disclosure Standards (ICDS), some key differences with IFRS and Accounting Standards (AS) presently applied by companies.
Publication - RSM India Budget 2016 Key AspectsRSM India
We are pleased to enclose herewith our publication viz. 'India Budget 2016 – Key Aspects'which provides a broad overview of the Union Budget 2016-17 presented on 29thFebruary 2016. While we have largely covered direct and indirect tax proposal of the Indian Government for the fiscal year 2016-17, other major policy initiatives having significant impact on the business in general, have been briefly dealt with.
In the midst of an uncertain global economic outlook, India is emerging as the new ‘global economic hotspot’. The Indian economy is estimated to grow at 7.6% in FY 2015-16 and is expected to grow at 7% to 7.75% in FY 2016-17, making it the fastest growing major economy in the world. The Union Budget 2016 is primarily driven with the objective of accelerating investment in infrastructural sector, fiscal consolidation and reducing litigation.
In our budget publication, we have analysed the significant budget proposals and have additionally included the following reference chapters:
• G20 Countries - Comparative Corporate and Personal Tax Rates
• DTAA Rates
• Tax Incentives for Businesses
• Direct Taxes and Service Tax Compliance Calendar
• TDS Chart
We trust you will find the same useful.
Doing Business in India - RSM India publication (2012)RSM India
The aim of this book, published by RSM India group in 2012, is to provide general information about doing business in India and every effort has been made to ensure the contents are accurate and current. However, tax rates, legislation and economic conditions referred to in this publication are only accurate at the time of writing.
AUDITOR, ROLE OF AN AUDITOR, KINDS OF AUDITOR, INTERNAL AUDITORS, GOVERNMENT AUDIOTRS, INDEPENDENT AUDITORS, IMPORTANCE OF AUDITOR & PROBLEM FACED BY AN AUDITOR.
Mahindra Satyam has over two decades of experience in offering IT services and innovative solutions to different sectors in banking, financial services and insurance sectors. This brochure outlines domain expertise and our solutions.
DISUSSION-1RE Chapter 15 Embedding ERM into Strategic Planning.docxmadlynplamondon
DISUSSION-1
RE: Chapter 15: Embedding ERM into Strategic Planning at the City of Edmonton
COLLAPSE
Top of Form
The two strategic processes
The two strategic processes which are tightly connected to ERM in the current scenario of Edmonton City ERM implementation are:
Results based budgeting and Performance measurement.
Results based budgeting (RBB):
ERM helps organizations to allocate the resources based on the requirement for completing the tasks and to produce the desired output. The RBB assists to determine the funding allocation requirements which are mandatory to fulfill the strategic objectives of organization. This budget formulation is performed based on predefined objectives such as priority, resource availability and expected results etc. here the expected results represents the desired outputs which organization expects to meet its strategic goals. In simple words the Results-based budgeting is about emphasizing performance and accountability.
Performance measurement:
The continuous performance measurement helps organizations to drive the progress in risk mitigation and it provides insights where additional attention is required. The Key performance indicators (KPIs) can be used to measure the effectiveness of risk management activities. The Performance measurement in ERM sends the list of desired outcomes to RBB and receives list of prioritized programs and costs to ensure ERM works at its full potential (Fraser, J., Simkins, B. J., & Narvaez, K., 2015).
Two criteria’s must be balanced in a successful ERM model
The two criteria are model power and user-friendliness. The powerful model can provide large amount of information and lets the organization to compare the results and risks, effectiveness’ of current program and impact of future initiatives. The user friendliness program helps to easily add information, add new features and easy to understand by the user with simple steps. The user friendliness also includes if needed some unnecessary steps could also be removed without losing model robustness (Fraser, J., Simkins, B. J., & Narvaez, K., 2015).
Thank you
References
Fraser, J., Simkins, B. J., & Narvaez, K. (2015). Implementing enterprise risk management: Case studies and best practices. Hoboken: Wiley.
Bottom of Form
DISCUSSION-2
1. What the other strategic processes are closely tied to ERM?
The strategic processes may have success strategy which is linked to the command of risk and organization understanding. The selection of strategy is an exercise of high-stakes. Approx. 80% of the underperformer may against the industry who have lost their wat over the prior 10 years because of blunder who are strategic and the business and strategy magazine. It may blame on failure on operations errors and the external event or compliance fault.
2. What are three kinds of risks are identified within the city of Edmonton?
There may be three risks which may involve avoidance or risk termination, tolerance or acceptance of ...
The ever increasing regulations and expansion of organisations across the globe into new markets exposed the organisations to greater regulatory and compliance risks. To Know More : https://www2.deloitte.com/in/en/pages/audit/articles/internal-audit.html
Effect of Enterprise Risk Management on Sustainable Financial Performance of ...AJSERJournal
The paper is aimed at determining the effect of Enterprise Risk Management (ERM) on Sustainable
financial performance of deposit money banks in Nigeria. The specific objectives of the research is to determine the
effect of ERM on earning per share (EPS) and to ascertain the effect of ERM on Tobin Q. Descriptive research design
was adopted for the study considering the total population of all the twenty-one listed deposit money banks in Nigeria.
Data were gathered via secondary source from five (5) public annual reports of the listed deposit money banks for a
period of six years ranged from 2013-2018 and analysed using percentages and ratios. Multiple regressions was
employed in data analysis and testing the hypotheses; in determining if there is a significant effect of Enterprise Risk
Management on Earnings per Share and Tobin Q of listed deposit money banks in Nigeria. The study revealed that
there is a positive and significant relationship between ERM (Firms Size, Leverage) and sustainable financial
performance (TQ & EPS) of listed deposit money banks in Nigeria. Based on the findings, the study recommends that
financial institutions in Nigeria should employ robust Enterprise Risk Management Practices as these are likely to
greatly influence their financial performance in one way or the other and that Central Bank of Nigeria and other
regulators should endeavour to strengthen the enforcement of risk control mechanism to boost a robust bank
performance.
Business and Risk go hand in hand, the professionals like chartered accountants with expertise in finance, management and audit are well suited for the role of forecasting, evaluating, and mitigating prospective risk involve in any organization’s activity and seize opportunities to take the growth of business on next level. This article brings you in-depth details of the role of a chartered accountant in Enterprise Risk Management.
This white paper explains the concepts, legal requirements, strategies, and global framework for the implementation of risk management. It also deals with fraud and reputation risk management and how the negative reputation of an entity may harm the operations and profitability.
This white paper may be useful in performing the advisory role in Risk Management and Risk Governance.
“Today’s fast-paced business environment encounters a complex and ever-changing risk landscape that may negatively impact organizational value. The only way to respond to it is by having a dynamic and holistic perspective of the risk management approach to ensure business continuity.”
– Jack Zahran, President, Pinkerton
RSM India Newsflash - Startup India: Launch of 'Portal & Mobile App' and 'FAQs'RSM India
The ‘Startup India’ initiative was launched by the Prime Minister of India, Shri Narendra Modi on 16 January 2016 at Vigyan Bhavan, New Delhi and as part of the event, a Startup India Action Plan was released. The Action Plan highlighted various initiatives envisaged by the Government to develop a conducive Startup ecosystem in the country, one of the integral part being the launching of ‘Startup India portal and mobile app.’ Accordingly, the portal and app have been launched.
Also, frequently asked questions (FAQs) have been issued recently by the Department of Industrial Policy and Promotion.
Our newsflash captures:
A. Key features of the portal and app
B. Recently released FAQs
IFRS in India - RSM India publication (pre 2010)RSM India
This book, published (before 2010) by RSM India group, intended to provide its readers a broad understanding of IFRS requirements in India and some key differences between IFRS and Indian Accounting Standards.
Operations Consulting Overview - RSM India publicationRSM India
This book, published by RSM India group (before 2010), intends to give an overview of the various standards and the Operations Consulting services offered by us.
Accessing Capital, An Insight - RSM India publication (2011)RSM India
This publication by RSM India group, published in April 2011, is general in nature and endeavors to to analyse certain significant aspects of tapping capital.
RSM India - Service Tax Regulations In India-An Insight (2013)RSM India
This publication by RSM India group (dated September 2013) intends to provide a broad overview of Service Tax Regulations prevalent in India and primary assistance to those transacting service business in India.
RSM India publication - India Budget 2015 HighlightsRSM India
This publication offers a broad outline of the highlights of Union Budget 2015. Contains the proposals and amendments as given in the Finance Bill, 2015
RSM India Publication - Executive remuneration - Certain Tax & Legal AspectsRSM India
This publication provides a broad outline of certain tax regulations and other related aspects of Executive Remuneration prevailing in India and relating to income from salaries
Newsflash - increase in MVAT rate with effect from 1 October 2015RSM India
On 30th September 2015, Maharashtra VAT Department has issued the Notification VAT. 1515/C.R. 128A/Taxation-1. and VAT. 1515/C.R. 128B/Taxation-1 for increase in MVAT Rate with effect from 1 October 2015.
We have summarized the said notification in form of newsflash and trust you will find the same useful.
White paper income computation & disclosure standardsRSM India
White Paper on ‘Income Computation and Disclosure Standards’ by RSM Astute Consulting The Central Government within the powers conferred upon it under the Income-tax Act, have notified 10 Income Computation and Disclosure Standards’ dated 31 Mar '15 to be followed for computing income for tax purposes. This is likely to create a substantial impact in the approach & methodology of computing & offering income to Income-tax. Our white paper discusses the need & objective of ICDS, applicability to entities & period, material tax outlays, significant aspects & its implications, open issues, etc
White paper payment banks - changing landscape of retail bankingRSM India
The RBI has recently decided to grant in-principle approval to 11 applicants for setting up ‘Payment Banks.’ This move is to enhance financial inclusion by providing access to small saving accounts and payments, migrant labour work force, small businesses in unorganized sectors, etc. The payment banks are expected to use high technology platform to provide services at low cost, thereby redefining the retail banking landscape.
We are pleased to attach our White Paper: ‘Payment Banks – Changing Landscape of Retail Banking’ and trust you will find the same useful.
The world of search engine optimization (SEO) is buzzing with discussions after Google confirmed that around 2,500 leaked internal documents related to its Search feature are indeed authentic. The revelation has sparked significant concerns within the SEO community. The leaked documents were initially reported by SEO experts Rand Fishkin and Mike King, igniting widespread analysis and discourse. For More Info:- https://news.arihantwebtech.com/search-disrupted-googles-leaked-documents-rock-the-seo-world/
Personal Brand Statement:
As an Army veteran dedicated to lifelong learning, I bring a disciplined, strategic mindset to my pursuits. I am constantly expanding my knowledge to innovate and lead effectively. My journey is driven by a commitment to excellence, and to make a meaningful impact in the world.
Understanding User Needs and Satisfying ThemAggregage
https://www.productmanagementtoday.com/frs/26903918/understanding-user-needs-and-satisfying-them
We know we want to create products which our customers find to be valuable. Whether we label it as customer-centric or product-led depends on how long we've been doing product management. There are three challenges we face when doing this. The obvious challenge is figuring out what our users need; the non-obvious challenges are in creating a shared understanding of those needs and in sensing if what we're doing is meeting those needs.
In this webinar, we won't focus on the research methods for discovering user-needs. We will focus on synthesis of the needs we discover, communication and alignment tools, and how we operationalize addressing those needs.
Industry expert Scott Sehlhorst will:
• Introduce a taxonomy for user goals with real world examples
• Present the Onion Diagram, a tool for contextualizing task-level goals
• Illustrate how customer journey maps capture activity-level and task-level goals
• Demonstrate the best approach to selection and prioritization of user-goals to address
• Highlight the crucial benchmarks, observable changes, in ensuring fulfillment of customer needs
B2B payments are rapidly changing. Find out the 5 key questions you need to be asking yourself to be sure you are mastering B2B payments today. Learn more at www.BlueSnap.com.
Discover the innovative and creative projects that highlight my journey throu...dylandmeas
Discover the innovative and creative projects that highlight my journey through Full Sail University. Below, you’ll find a collection of my work showcasing my skills and expertise in digital marketing, event planning, and media production.
Recruiting in the Digital Age: A Social Media MasterclassLuanWise
In this masterclass, presented at the Global HR Summit on 5th June 2024, Luan Wise explored the essential features of social media platforms that support talent acquisition, including LinkedIn, Facebook, Instagram, X (formerly Twitter) and TikTok.
3.0 Project 2_ Developing My Brand Identity Kit.pptxtanyjahb
A personal brand exploration presentation summarizes an individual's unique qualities and goals, covering strengths, values, passions, and target audience. It helps individuals understand what makes them stand out, their desired image, and how they aim to achieve it.
Implicitly or explicitly all competing businesses employ a strategy to select a mix
of marketing resources. Formulating such competitive strategies fundamentally
involves recognizing relationships between elements of the marketing mix (e.g.,
price and product quality), as well as assessing competitive and market conditions
(i.e., industry structure in the language of economics).
2. RSM International
6th largest network of independent
accounting and consulting firms worldwide
Annual revenue of US$ 3.87 billion
736 offices across 76 countries
www.astuteconsulting.com
RSM Astute Consulting Group
Indian Member of RSM International
Personnel strength of over 750
Ranked as the 6th largest accounting and consulting group in india
(Source : International Accounting Bulletin, August - 2008)
Nation-wide presence in 10 cities
International delivery capabilities
Multi-disciplinary team
3. Internal Audit and Risk Management
BFSI Sector
|INTERNAL AUDIT AND RISK MANAGEMENTAstute Consulting
7. Banking, Financial Services and Insurance (BFSI) sector is set to grow exponentially in
India due to growth in Gross Domestic Product, rising per capita income, introduction of
new products to meet the emerging requirements, innovation in technology and
expandingdistributionnetwork.
BFSI sector in India has demonstrated resilience in the midst ofglobal financial turmoil of
last2yearsduetoitsstrongregulatoryandcomplianceframeworkandprudentmonetary
and fiscal policies. However, the extreme volatility in the global markets and the
vulnerability of the BFSI sector makes it imperative to have an appropriate risk
management framework. The increasing role of technology and e-banking requires
contemporaryandrealtimecontrols. Theincreasingroleoffinancialinstrumentssuchas
options, futures and derivatives warrants new governance and risk management tools as
evidencedbytherecentUSregulationsonfinancialreforms.
BFSI sector is the backbone ofthe fiscalsystem and a strong BFSI sector is a pre-requisite
forsustainableeconomicgrowth.
ImportantregulatorsintheBFSIsectorinclude:
ReserveBankofIndia(Banking)
SecuritiesandExchangeBoardofIndia(FinancialServices)
InsuranceRegulatoryandDevelopmentAuthority(Insurance)
The role of Internal Audit and Risk Management will be very critical for organisations to
meet challenges of growth, technology and corporate governance through an adequate
riskmanagement.
This booklet is intended to provide an insight into the role of Internal Audit and Risk
Management in BFSI sector. The booklet is not intended to be a comprehensive document
but rather to reflect the emerging trends and the changing role of Internal Audit and Risk
ManagementinthecontextofBFSIsector.
}
}
}
Chapter 1: Background
2|INTERNAL AUDIT AND RISK MANAGEMENTAstute Consulting
9. Chapter 2: Role Of Internal Audit And Risk
Management
4|INTERNAL AUDIT AND RISK MANAGEMENTAstute Consulting
Internal Audit and Risk Management in BFSI sector is primarily intended to provide the
managementwithclear,comprehensiveandunbiasedanalysisoftheadequacy,existence
and effectiveness of internal controls and risk management framework of the entity. It
reviews the functional efficiency of the organisation with a view to suggest areas for
possibleimprovements.Itisanimportanttoolwhichenablesanorganisationinachieving
itsstrategicbusinessgoals,meetingoperationalandbusinessenvironmentalchallenges,
complyingwithregulatorynormsandmanagingreportingrequirements.
InternalAuditincludes:
Critical evaluation of internal controls, performing GAP analysis and suggesting
areasforstrengthening;
Constructive review of business operations by keeping the organisation's
businessneedsinfocus;
Identification and recommendation of areas for cost reduction, revenue
optimisationandimprovementinoperationalefficiency;
Critical evaluation of systems and procedures and adherence to Standard
OperatingProcedures;
ReviewofInformationTechnology(IT)controlsandBusinessContinuityPlan;
Identification,assessmentsandcontrolofrisks;
Review of compliances with the various regulatory provisions and operations
manuals;
Reviewofadherencetothecorporategovernancerequirements.
As per the Institute of Internal Auditors ‘Enterprise-Wide Risk Management (ERM) is a
structured, consistent and continuous process across the whole organisation for
identifying, assessing, deciding on responses to and reporting on opportunities and
threatsthataffecttheachievementofitsobjectives’.TheresponsibilityofERMiswiththe
BoardofDirectors.
Internal audit is an independent, objective assurance activity and can provide valuable
insightinprovidingassurancethatmajorbusinessrisksarebeingmanagedappropriately
andtheriskmanagementandinternalcontrolframeworkisoperatingeffectively.
}
}
}
}
}
}
}
}
10. 5 | INTERNAL AUDIT AND RISK MANAGEMENT Astute Consulting
ERMroleshallincludethefollowing:
Facilitatingidentificationandevaluationofkeyrisks;
Evaluatingandreportingofkeyrisks;
Consolidatingrisksacrosstheorganisation;
DevelopingandmaintainingtheERMframework.
However, internal audit should not be involved in setting risk appetite, taking decision on
riskresponse,implementingriskresponseortakingaccountabilityofriskmanagement.
InternalAudit'scoreroleinrelationtoERMshouldbeprovidingassurancetomanagement
andtotheBoardontheeffectivenessofriskmanagement.
Internal Auditand Risk Management in today's global competitive environmentsdepends
heavily on Information System for decision making. Business processes are increasingly
getting automated and controls becoming less person dependant. In such a scenario, the
significance of Information Technology (IT) and Information System (IS) cannot be
underminedasthesearepervasivethroughoutthebusiness.Someareasthatcanbenefit
include Information System Development, Assessment of risks and its management,
Business Continuity Plan and Disaster Recovery Plan, Hardware, Software and Network
auditsetc.
InternalAuditobjectivesandapproachcanbesummarisedasfollows:
}
}
}
}
Facilitate achievement of business objectives
Optimum utilisation of client’s resources
Evaluate internal controls, systems and procedures
Safeguarding of client’s assets
Identification, assessment and control of risks
Facilitating corporate governance code compliance and
reporting independently to the audit committee
Reviewing compliance with policies, procedures, laws and
regulations
Increasing reliability of financial statements
V
A
L
U
E
C
O
S
T
Internal Audit Objectives
11. 6|INTERNAL AUDIT AND RISK MANAGEMENTAstute Consulting
Internal Audit Approach
Traditional Approach
Accounts oriented
Transaction focused
Over cautious and
bureaucratic
Passive detection
Compliance oriented
Covering all routine
areas
Critic
Manual checking
Excessive coverage –
time consuming
Contemporary Approach
Business orientated
Process focused
Value creating
Real time detection
Prevention oriented
Risk based audit
Strategic partner
Use of latest techniques
(CAATs)
Time and cost efficient
Risk Based Audit Approach
Risk is everywhere………………………
………….………… process is the only solution.
Early
identification
Assessment
Evaluate
controls
Monitor
and
report
L
O
S
S
E
S
P
R
O
F
I
T
S
TheRiskBasedAudit(RBA)approachisshownbelow:
12. 7 | INTERNAL AUDIT AND RISK MANAGEMENT Astute Consulting
Establish
objectives and
classify them
under Strategic,
Operational,
Compliance and
Reporting.
Identify the
risks likely to
have an impact
on the
achievement of
identified
objectives.
Assess the
likelihood and
impact of the
risk.
Evaluate
appropriate
responses to
risks viz.
avoiding,
accepting,
reducing or
sharing.
Help in
effective
implementation
and
monitoring of
the selected
responses.
Risk Based Audit Approach
Theapproachtoriskmanagementisdepictedbelow:
Approach – Risk Management
Indicative
Time Lines
This depends on size of
and can take from 4-10 weeks
operations
Phase 2
1-2 weeks
Phase 3
2-3 weeks
Phase 1
Prepare framework for
assessment
Implementing ERM processes, finalising
procedure manual and training
Based on understanding of strategy and processes,
prepare draft manuals for implementation
Conduct training workshops on risk and ERM framework,
roles and responsibilities, etc.
Understanding of organisation businesses, key
processes, level of documentation, etc.
Project understanding, Scope definition, Timelines,
Roles and Responsibilites, Fees, etc.
a
e
en
Eng
g
m
t
s
D scus
ions
i
ERM
awareness
training
p
ERM
olicy
/p
d
roce
ure
m
n
a
a
u
l
l me
Imp e
nt
M
ER
r
ce
s
s
p o
s
e
&
a
i
tr in ng
Self
m
assess
ent
13. 8|INTERNAL AUDIT AND RISK MANAGEMENTAstute Consulting
COSO Framework
Identification and
assessment of
risks
Policies and procedures;
approval, authorisation,
reconciliation, security,
segregation, etc.
Communication system
for internal and external
communication on
roles, deficiency, etc.
Ongoing monitoring,
periodic review,
separate evaluation,
etc. Risk
assessment
Control
activities
Information and
communication
Monitoring
Control
Environment
(COSO)
The Committee of Sponsoring Organisations of the Treadway Commission (COSO)
frameworkispresentedbelow:
Approach
CEO / CFO Certification
To Internal Control Assessment and Documentation –
1
2
3
4
5
6
7
8
9
10
Design
Test
Report
Assessing the risk of material misstatement
Identifying Company level controls
Identifying significant processes
Determining which locations / units should be evaluated
Documenting design of controls
Evaluating the design effectiveness of controls
Testing operating effectiveness of controls
Communicating / Reporting Internal Control deficiency
Remediation plan
Evaluating operating effectiveness
15. Chapter 3: Banking Sector
10|INTERNAL AUDIT AND RISK MANAGEMENTAstute Consulting
3.1 SectorBackground
The Reserve Bank of India (RBI) Act was passed in 1934 and RBI came into
existencein1935onthebasisofcentralbankinginquirycommittee.In1949,
theBankingRegulationActwaspassedwhichgavewidepowerstoRBI.
The first bank in India, though conservative, was established in 1786. From
1786tilltoday,thejourneyofIndianBankingSystemcanbesegregatedinto
3distinctphasesasfollows:
Early phase from 1786 to 1969 of Indian Banks. The government's
Regulatory Policy for Indian banks since 1969 has paid rich
dividends with the nationalisation of 14 major private banks of
India.
Nationalisation of Indian banks and up to 1991 prior to Indian
bankingsectorreforms.
New phase of Indian Banking System with the advent of Indian
FinancialandBankingSectorReformsafter1991.
}
}
l
l
l
Banking Structure In India
Reserve Bank Of India (RBI)
Apex Authority
Scheduled
Banks*
Non
Banks**
-Scheduled
Commercial
Banks
Cooperative
Banks
Local Area
Bank
Rural
Cooperative
Urban
Cooperative
Foreign
Banks
Private
Sector
Public
Sector
16. *Scheduled Banks are those, which are included in the second schedule of
theReserveBankofIndiaAct,1934.Tobeincludedinthesecondschedule,a
bank musthave a paid up capital and reservesofan aggregate value ofnot
less than Rs.5,00,000 and satisfy the RBI that its affairs are not conducted
in a manner detrimental to the interest of its depositors, shareholders and
thesociety.
**Non-Scheduled Banks are not included in the second schedule of the
ReserveBankofIndiaAct,1934.
As on 31 March 2010, total deposits of Indian banks stood at Rs. 2,12,66,136
croresandadvancesonthatdatewereRs.1,85,80,819crores.
Totalemployeesinbankingsectoroverlast3yearsinIndiawereasfollows:
Currently more than 44,000 locations in India have ATM access facility and
expectedtorisecontinuously.
In the Review of Monetary Policy for 2009-10, the RBI observed that the
Indian economy showed a degree ofresilience as it recorded a better-than-
expectedgrowthof7.9%duringthesecondquarterof2009-10.
The banking Industry has grown at a compounded annual growth rate
(CAGR) of 20% over the last decade and has grown by over 5 times in the
sameperiod.
It is projected that Indian banks will add another 400 million customers in
next 10 years. This will necessitate significant scaling up of systems and
processesandemployeeproductivitytomanagethisgrowth.
}
}
}
}
}
}
}
}
3.2 GrowthAndSize
11 | INTERNAL AUDIT AND RISK MANAGEMENT Astute Consulting
FinancialYear Numberofemployees
2009-2010 9,78,048
2008-2009 8,85,414
2007-2008 8,40,000
17. 3.3 RegulatoryFramework
3.3.1 RegulatoryFrameworksinIndiacanbeclassifiedintotwoumbrellaacts:
ReserveBankofIndiaAct,1934:governstheReserveBankfunctions.
BankingRegulationAct,1949:governsthefinancialsector.
3.3.2 In addition to above, the banking operations are alsosubject to legal provisions of
certainotheractsasunder:
Actsgoverningspecificfunctions
Public Debt Act, 1944 / Government Securities Act (Proposed):
Governsgovernmentdebtmarket.
Securities Contract (Regulation) Act, 1956: Regulates government
securitiesmarket.
IndianCoinageAct,1906:Governscurrencyandcoins.
Foreign Exchange Regulation Act, 1973 / Foreign Exchange
ManagementAct,1999:Governstradeandforeignexchangemarket.
‘Payment and Settlement Systems Act, 2007: Provides for
regulationandsupervisionofpaymentsystemsinIndia’.
Actsgoverningbankingoperations
CompaniesAct,1956:(Governsbanksascompanies).
Banking Companies (Acquisition and Transfer of Undertakings) Act,
1970/1980:Relatestonationalisationofbanks.
Bankers'BooksEvidenceAct,1891.
NegotiableInstrumentsAct,1881.
Actsgoverningindividualinstitutions
StateBankofIndiaAct,1954.
The Industrial Development Bank (Transfer of Undertaking and
Repeal)Act,2003.
The Industrial Finance Corporation (Transfer of Undertaking and
Repeal)Act,1993.
NationalBankforAgricultureandRuralDevelopmentAct,1981.
NationalHousingBankAct,1987.
DepositInsuranceandCreditGuaranteeCorporationAct,1961.
}
}
}
l
l
l
l
l
}
l
l
l
l
}
l
l
l
l
l
l
12|INTERNAL AUDIT AND RISK MANAGEMENTAstute Consulting
18. Co-operativeSocietiesAct,1912.
Regional Rural Banks Act, 1976 State Bank of India (Subsidiary
Banks)Act,1959.
PreventionofMoneyLaunderingAct,2002.
CreditInformationCompaniesRegulationAct,2005.
InformationTechnologyAct,2000.
Securitisation and Reconstruction of Financial Assets and
EnforcementofSecurityInterestAct,2002.
3.3.3 RoleofRBI
Reserve Bank of India (RBI) is apex governing body in the Indian Banking
industry. It formulates, implements and monitors the monetary policy to
ensure a robust and healthy banking environment. It is responsible for
overseeingtheactivitiesofotherbanks.Itissueslicensestootherbanksto
start new branches, install ATMs, etc. It also conducts regular checks to
ensure that all guidelines are being adhered to. It is responsible for
issuance of currency, regulation of currency and acting as banker to state
and central governments and maintains banking accounts of all scheduled
banks.
Currently, India has 96 scheduled commercial banks (SCBs) - 27 public
sector banks (that is with the Government of India holding a stake), 31
private banks (these do not have government stake; they may be publicly
listedandtradedonstockexchanges)and38foreignbanks.
l
l
l
l
l
l
}
}
3.4 KeyPlayers
13 | INTERNAL AUDIT AND RISK MANAGEMENT Astute Consulting
Top Banking Sector Players
•
•
•
•
•
State Bank of India
Bank of India
Bank of Baroda
Union Bank of India
Punjab National Bank
•
•
•
•
•
HDFC Bank
AXIS Bank
ICICI Bank
Kotak Mahindra
ING Vysya
•
•
•
•
Saraswat
Shamrao Vithal
NKGSB
Cosmos
•
•
•
•
•
HSBC
Citibank
StanChart
ABN-Amro
Barclays
Public Sector Banks Foreign BanksCo-operative BanksPrivate Sector Banks
19. 3.5 KeyElementsAndPeculiarities
3.6 MajorSub-SegmentsOfTheBankingSector
Banking institutions are financial intermediaries specialising in the
activitiesofbuyingandsellingfinancialproducts,contractsandsecurities.
A bank providesa public good in terms ofliquidity and means ofpayments.
A bank is also distinguished from an ordinary firm by virtue of nature of
risksitfaces.Whileitistruethatexistenceofanintermediarylikebankhas
a net cost advantagerelative to direct lending and borrowing,banksfacea
double-edged risk, one from the side of the lender and other one from the
side of the borrower. This is because the equity base of a bank is typically
smallrelativetotheliability.
Asubstantialcomponentofliabilityofabankconsistsofitsdeposits.Apart
from Current and Savings Accounts (CASA), even term deposits can be
subject to premature withdrawal. It faces a withdrawal or liquidity risk
when creditors are unwilling to extend or renew their credit to the bank, or
theyarewillingtorenewatdifferenttermsalone.
A default risk arises when the debtors of the bank are not able or willing to
meet their obligations to the bank at the agreed upon time. A certain
amount of control appears to be necessary to ensure that no unwarranted
exit takesplacein banking industry. Unlike any other enterprise, which can
exist without a central control, a bank cannot. The entire banking industry
ismonitoredbytheReserveBankofIndia.
RetailLiabilities(CASA,TermDeposits).
RetailAssets(HomeFinance,VehicleFinance,PersonalLoans).
RuralandAgriculturalBanking.
SmallandMediumEnterprises(SME)Segment.
InvestmentBanking.
TradeFinance.
ProjectFinance.
TreasuryOperations.
InternationalBanking.
DepositoryParticipant.
CashManagementServices.
}
}
}
}
}
}
}
}
}
}
}
}
}
}
14|INTERNAL AUDIT AND RISK MANAGEMENTAstute Consulting
20. 3.7 RoleOfInformationTechnology
}
}
l
l
l
l
l
l
l
}
}
Information Technology (IT) continues to be the single largest facilitating
force behind the successful transformation of transactions and analytical
processing of banking business in the country. Developments which have
takenplaceduringthelastfewyearsallhaveITasthepivotalcentre-point.
Since the publication of the Financial Sector Technology (FST) Vision in
July,2005,therehavebeensignificantchangesinthebankingsectorofthe
country, as far as IT implementation is concerned. Some of the major
developmentswhichhavetakenplacesincethenareasfollows:
CoreBankingSolution(CBS).
InternetBanking.
MobileBanking.
AutomatedTellerMachines(ATMs).
MultifunctionalATMsandsharedATMservices.
LargescaleusageofRealTimeGrossSettlement(RTGS).
ElectronicClearingServices(ECS).
TechnologicalDevelopmentsInBanks
Banks in India are using Information Technology (IT) not only to improve
their own internal processes but also to increase facilities and services to
their customers. Efficient use of technology has facilitated accurate and
timely management of the increased volumes of transactions of banks,
consistentwithalargercustomerbase.
During 2008-09, the transmission of clearing data (both for cheque and
electronic clearing services) and collation of inputs from currency chests
as part of the Integrated Currency Chest Operations and Management
System(ICCOMS)wasdoneusingsecuredwebsites.TheprevalentITsystem
to process the accounting requirements of the State and Central
Governments are replaced by the Centralised Public Accounts Department
System (CPADS), which is considered more robust and user friendly. To
facilitate a smoother and faster bidding in the Primary Dated Securities
AuctionsheldbytheReserveBank,anewversionoftheNegotiatedDealing
SystemAuctionmodule,developedandhostedbytheClearingCorporation
of India, was developed in 2008-09, leading to its launch with effect from
11May2009.
15 | INTERNAL AUDIT AND RISK MANAGEMENT Astute Consulting
21. 16|INTERNAL AUDIT AND RISK MANAGEMENTAstute Consulting
}
}
}
l
l
l
}
l
l
One of the major achievements during 2008-09 was the increase in the
number of branches providing Core Banking Solutions (CBS). The total
number of branches of Public Sector Banks that have implemented CBS
increasedfrom35,464ason31March2008to44,304ason31March2009.
The computerisation of the banking sector, which is regarded as the
precursor to other technological initiatives, is almost in completion stage.
The proportion of PSB branches that achieved full computerisation
increased from 93.7% as of end-March 2008 to 95.0% as of end-March
2009. That continuous progress is being made by banks is reflected in the
increase in the number of banks moving into the 'more than 90% but less
than100%’category.During2008-09,thetotalnumberofATMsinstalledby
banksgrewby25.4%.
A risk management system is essential in view of the Basel II Accord on
Capital adequacy. Under the proposed Accord, a Three Pillar approach is to
beadoptedforassessmentofCapitaladequacy.
Wherein the first pillar which deals with the minimum capital,
heavily relies on the risk assessment in the areas of credit, market
andoperationalrisksinbanks.
Underthesecondpillar,thesupervisorisrequiredtoreviewtherisk
management processes in the banks in order to satisfy it that the
capital maintained by the banks is in relation to the risks being
takenbythem.
Lastly, the third pillar proposes to bring in market discipline on
banksbyintroducingmoreandmoredisclosureandtransparency.
TheClause49ofthelistingagreement(SEBI)states:
‘The company shall lay down procedure to inform board members
about the risk assessment and minimisation procedures. These
procedures shall be periodically reviewed to ensure that executive
management controls risk through means of a properly defined
framework.’
The clause also makes the CEO/CFO certification on internal
controlsmandatory.
3.8 RegulatoryProvisionRelatedToInternalAuditAndERM
22. INHERENT RISK CONTROL RISK
Inherentrisksareofthreetypes:CreditRisks,MarketRisksandOperational
Risks.
Creditrisksareassociatedwithlossesduetoerosioninthecreditquality.
Examples:
Interestorprinciplenotpaidbytheborrower(Directlending).
Funds not paid on crystallization of liability (Guarantee or Letter of
Credit).
Freeforexfundsrestricted(crossborderexposure).
Marketrisksrelatetolossescausedbychangesinthemarketvariables.
Examples:
Inabilitytomeetliabilities(liquidityrisk).
Adversechangesininterestrates(Interestratesrisk).
Adverseforexrates(Forexrisk).
Operational risks relate to losses resulting from inadequate or failed
processes,peopleorexternalevents.
Examples:
Peopleturnover,skillcompetency(Peoplerisk).
Violationoflimits,moneylaundering(Processrisk).
Systemfailure,communicationfailure(Systemrisk).
Non-compliancetolaws(Legalandregulatoryrisk).
Lossofreputation(Reputationrisk).
UnanticipatedChanges(Eventrisk).
Control risk refers to the risk that controls are inadequate to detect
weaknesses.
}
l
l
l
l
l
l
l
l
l
l
l
l
}
RiskBasedInternalAuditInBanks
Risksinbankingareclassifiedasfollows:}
17 | INTERNAL AUDIT AND RISK MANAGEMENT Astute Consulting
23. 3.9 Important Areas Covered By Internal Audit And Potential Value
Additions
RetailLiability
RetailLiabilityincludesfollowing:
CASAandTermDepositsasperKYCguidelines.
NRE/NROAccounts.
InstructionsfromCustomerwithapplicableRBInorms.
InternetBankingPIN&DebitCardPIN.
MonitoringofSuspenseAccount.
ExchangeHouseTransactions.
ReconciliationofNostroAccount.
Lien/ODagainstTermdeposits.
InwardandoutwardremittanceunderFEMA.
KeyValueAdditions
ComplianceofAMLguidelinesandKYCguidelinesissuedbyRBI.
Identificationoffraudulentaccounts.
Identification of revenue leakage related to non collection of
chargesrelatedtoCASAandTermDeposits.
RetailAsset
Retail Asset includes application for various loans and advances received
from customers, preparation of detailed proposals by credit team,
submission of proposal to the credit committee as per delegation or
authority matrix, approval by the Board of Directors, etc. Once the
decisions are given by the credit committee / Board of Directors then the
term sheet / sanction letter is issued to the customer for final acceptance.
RetailAssetsproductsinclude:
HomeLoans
LoanagainstProperty/RealEstateFinance
PersonalLoan/Businessloans
CommercialVehicleloans
TermLoan
CashCredit/WorkingCapitalDemandLoan
DealerFunding
AgricultureFinance
}
l
l
l
l
l
l
l
l
l
l
l
l
}
l
l
l
l
l
l
l
l
18|INTERNAL AUDIT AND RISK MANAGEMENTAstute Consulting
24. KeyValueAdditions
Compliance to SOP related to Loans and Advances including
AuthorityMatrixandDelegationMatrix.
Identification of non collection of interests and penalties on a
timelybasis.
CorporateBanking/TradeFinance
Bankingservicesandsolutionswhichareprovidedtocorporateclientsand
institutions are called Corporate Banking or Trade Finance. The major
productsunderthiscategoryinclude:
DomesticActivities
LetterofCredit(LC)
BillforCollection(Inland)
BankGuarantee
TermLoanandStructuredLoan
PurchaseOrderFinance
Billdiscounting/InvoiceDiscounting
BillDiscountingBackedByLC(LCBD)
ExportActivities
ExportBillforcollection
AdvanceagainstExport
ExportBilldrawnunderLetterofCredit
ExportBillforNegotiation/Purchase/ Discounting
InwardRemittance
ImportActivities
OutwardDirectRemittance
OutwardAdvanceRemittance
Import Collection Bill under Non Letter of Credit (Lodgment and
Realisation)
ImportCollectionunderLetterofCredit
LetterofCredit
BuyersCredit
l
l
}
l
l
l
l
l
l
l
l
l
l
l
l
l
l
l
l
l
l
19 | INTERNAL AUDIT AND RISK MANAGEMENT Astute Consulting
25. KeyValueAdditions
Prevention of revenue leakage due to non collection of processing
chargesonatimelybasis.
Enforcing Turn Around Time (TAT) for timely collection of various
charges.
Enforcing adequate adherence to Delegation Matrix and other
policyguidelinesissuedbyindividualbankingorganisation.
Preventionoffraudsinbankingsectorisoneofthekeyfactorsresponsible
for introduction of Concurrent Audits in banks in October 1993 pursuant to
the recommendationsofthe Ghosh Committee on Frauds and Malpractices
inbanks. Hence,KYCnormsweremadevery stringentandfollowingaudits
areintroducedtoeffectivelymonitorbanksonacontinuousbasis:
MonthlyconcurrentAuditofRetailLiabilityBranches
Monthly Concurrent Audit of Central Processing Centre and
RegionalProcessingCentre
StockAuditsorSecurityAudits
RevenueAudits
ExpenditureAudits
Pre-DisbursementAudit
PostdisbursementAudit
InformationSystemsAudit
DepositoryParticipantAudit
l
l
l
}
l
l
l
l
l
l
l
l
l
20|INTERNAL AUDIT AND RISK MANAGEMENTAstute Consulting
27. Chapter 4: Insurance Sector
22|INTERNAL AUDIT AND RISK MANAGEMENTAstute Consulting
4.1 SectorBackground
4.1.1 WhatisInsurance?
Insurance is a contract between the Insurer and the policyholder, whereby
the insurer undertakes to pay to the policyholder a sum of money on
happening of a specified event within the specified period. The
policyholder pays a small sum of money, called premium to the insurer
during the specified period towards his services. The maximum amount
payable under the contract is called Sum Assured. Normally, the insurer
paysloweroftheSumAssuredandactuallossincurredbythepolicyholder.
Insuranceworksontheprincipalofsharingoflossesoffewpeoplethrough
smallcontributionsmadebylargenumberofpeople.
4.1.2 InsuranceinIndia-ImportantMilestones
1818: First English Company, Oriental Life Insurance Company Ltd. began its
businessinKolkata.
1850: FirstGeneralInsuranceCompany,TritonInsuranceCompanyLtd.startedits
businessinKolkata.
1870: First Indian Insurance Company, Bombay Mutual Assurance Society Ltd.,
formedinMumbai.
1912: EnactmentofTheIndianLifeAssuranceCompaniesAct.
1938: EnactmentofInsuranceAct.
1956: Nationalisation ofLife Insurancebusiness. Life InsuranceCorporation (LIC)
ofIndiawasformedanditabsorbed245LifeInsurersoperatinginIndia.
1972: General Insurance Business Act was passed, which resulted in the
nationalisation of General Insurance Business w.e.f. 1 January 1973. General
Insurance Corporation (GIC) of India with its four subsidiaries viz. National
Insurance Company Ltd., New India Assurance Company Ltd., Oriental
InsuranceCompanyLtdandUnitedIndiaInsuranceCompanyLtd.startedits
operations w.e.f. 1 January 1973. All 107 General Insurers operating in India
weregroupedandmergedwiththefoursubsidiaries.
1993: Government set up a committee under the chairmanship of R N Malhotra,
former Governor of RBI, to propose recommendations for reforms in the
insurancesector.
}
28. 1994: The committee submitted its report wherein, among other things, it
recommended the entry of private sector in the insurance industry. It also
recommended that foreign companies be allowed to enter by floating
Indiancompanies,preferablyajointventurewithIndianpartners.
1999: Constitution of Insurance Regulatory and Development Authority (IRDA) to
regulateanddeveloptheinsuranceindustry.
2000: Incorporation of IRDA as a statutory body. IRDA opened up the Insurance
market by inviting application for registration. Foreign companies were
also allowed with a cap of 26% of the ownership. In December, 2000, the
subsidiaries of the General Insurance Corporation of India were
restructured as independent companies and GIC was converted into a
nationalre-insurer.Parliamentpassedabillde-linkingthefoursubsidiaries
fromGICinJuly,2002.
Insurance Sector has shown phenomenal growth over the last decade. The
size of the Industry in terms of Investment as on 31 March 2009 reached
Rs. 9,75,257 crores. The table below gives key indicators about the size of
theindustry.
4.2 SizeOfTheIndustry
}
4.3 GlobalAndIndianScenario
As per Swiss Re, global insurance premiums in calendar year 2008 were
US$ 4,270 billion. Life business accounted for US$ 2,491 billion; and non-life
insuranceaccountedfortheremainingUS$1,779billion.
}
Particulars Life General
Insurance Insurance
AnnualPremiumfor2008-09
(Rs.incrores) 2,21,791.26 31,428.40
No.ofPoliciesunderwrittenin2008-09 5,09,23,377 6,70,60,087
TotalInvestmentason31March2009
(Rs.incrores) 9,16,365 58,893
ContributiontoGDP(2008-09) 4.17% 0.57%
Source: IRDA Annual Report 2008-2009
23 | INTERNAL AUDIT AND RISK MANAGEMENT Astute Consulting
29. International Comparision Of Insurance Density (in US$)
Australia 2,038.0 1,348.6 3,386.5
Brazil 115.4 129.1 244.5
Canada 1,442.7 1,728.0 3,170.8
France 2,791.9 1,339.2 4,131.0
Germany 1,346.5 1,572.7 2,919.2
Netherlands 2,366.0 4,483.5 6,849.5
Russia 5.4 268.1 273.5
Switzerland 3,551.5 2,827.9 6,379.4
UK 5,582.1 1,275.7 6,857.8
US 1,900.6 2,177.4 4,078.0
India 41.2 6.2 47.4
Hong Kong 2,929.6 380.8 3,310.3
Japan 2,869.5 829.2 3,698.6
Malaysia 225.9 119.5 345.4
Singapore 2,549.0 630.0 3,179.0
Indonesia 20.1 9.4 29.5
Iran 4.0 54.8 58.8
Pakistan 2.8 4.0 6.8
China 71.7 33.7 105.4
Country Life Non-Life Total
Source: Swiss Re, Sigma volumes 3/2008 and 3/2009
24|INTERNAL AUDIT AND RISK MANAGEMENTAstute Consulting
Even after recent growth in the Indian insurance industry, the density and
penetrationbytheindustrystillremainatverylowlevelcomparedtoother
developed and developing countries. Those figures on the other hand
indicatevastopportunityintheIndianInsuranceSector.
Following are the figures published by Swiss Re. All the figures except for
India are for calendar year 2008. For India, figures for the financial year
2008-2009aretaken.
Insurance Density is measured as ratio of premium to total
population.
}
}
30. }InsurancePenetrationismeasuredascontributionofthesectortoGDP.
InternationalComparisonOfInsurancePenetration(in%)
Source: Swiss Re, Sigma volumes 3/2008 and 3/2009
Australia 4.4 2.9 7.3
Brazil 1.4 1.6 3.0
Canada 3.2 3.8 7.0
France 6.2 3.0 9.2
Germany 3.0 3.5 6.6
Netherlands 4.5 8.5 12.9
Russia 0.0 2.3 2.3
Switzerland 5.5 4.4 9.9
UK 12.8 2.9 15.7
US 4.1 4.6 8.7
India 4.0 0.6 4.6
Hong Kong 9.9 1.3 11.2
Japan 7.6 2.2 9.8
Malaysia 2.8 1.5 4.3
Singapore 6.3 1.6 7.8
Indonesia 0.9 0.4 1.3
Iran 0.1 1.1 1.1
Pakistan 0.3 0.4 0.8
China 2.2 1.0 3.3
Country Life Non-Life Total
4.4 GrowthInPastFewYears
In spite of lot of initial reservations about the privatisation of insurance
industry , we have witnessed a huge growth in the industry since 2000-01.
Even during the period of world wide recession, the sector registered
growth of 10.15% and 9.09% respectively in Life and General Insurance
segments.
Growth in the Life Insurance was particularly significant. The annual
premiumcollectionincreasedfromRs.34,898.48croresintheyear2000-01
to Rs. 2,21,791.26 crores in the year 2008-09. Number of offices of Life
}
}
25 | INTERNAL AUDIT AND RISK MANAGEMENT Astute Consulting
31. InsuranceCompaniesalsoincreasedfromaround2,200intheyear2000-01
to 11,815 in 2008-09. Number of individual agents were 29,37,435 as on 31
March 2009 as compared to around 10,00,000 in the year 2000-01.
Insurance Act, 1938: It is the principal act governing the Insurance
BusinessinIndia.
Insurance Regulatory and Development Authority Act, 1999: This act
dealswiththeformationofIRDAasacontrollingbodyofinsuranceinIndia.
The Act states the regulatory provisions regarding the rights and
functioningofIRDA.
Life Insurance Corporation of India Act, 1956: Provides for the
constitutionalframeworkforfunctioningofLICofIndia.
General Insurance Corporation of India Act, 1972: Provides for the
constitutionalframeworkforfunctioningofGICofIndia.
Companies Act, 1956: All the new Insurance companies being Body
CorporatesaregovernedbytheprovisionsofthisAct.
Insurance Councils: Insurance Councils are formed for Life and Non-life
Insurance with all the CEO of Insurance companies as their members. Two
members are nominated by IRDA, one of whom is a chairperson of the
council. Important matters related to Insurance Business are discussed in
InsuranceCouncils.
Insurance Ombudsman: Insurance Councils appoint Insurance
Ombudsman to deal with policyholders' complaints related to claims,
premiums and policy servicing. They can deal with the matters where
dispute up to Rs. 20 lacs is involved. Their report is binding on the insurer,
but not on the policyholder. At present, there are 12 Ombudsmen
functioningalloverIndia.
Size of the sector in terms of number of companies: Prior to IRDA there
was only one and four companies operating in Life and General Insurance
sector respectively. After opening up, the industry has witnessed entry of
41newplayersinthelastdecade.
4.5 RegulatoryFramework
4.6 CriticalDevelopments
}
}
}
}
}
}
}
}
26|INTERNAL AUDIT AND RISK MANAGEMENTAstute Consulting
32. At present, there are 23 companies each registered with IRDA for
conducting business in Life and General Insurance. Apart from them, GIC of
IndiaoperatesasReinsuranceCompany.
Development of new distribution channels: Prior to privatisation,
insurance business was mostly conducted through individual agents.
However, the sector witnessed emergence of following new distribution
channels:
Corporate agents: Corporate entities are allowed to operate as
Insurance Agents. They have been quite successful due to huge
database, substantial resources and ability to penetrate the market
acrossvarioussegments.
Brokers: Normal types of agents are allowed to sell the products of
only one company. Whereas, Brokers are allowed to sell the
products of all the companies in the market. This allows them to
offerwidechoicetotheircustomers.
Bancassurance: Cross selling of insurance by banks is termed as
Bancassurance. Due to existing customer base of the banks, they
arebetterpositionedtosellinsuranceproductstotheircustomers.
Direct marketing: Thisis a new channel where the insurers selltheir
productsdirectlythroughtheiremployees.Inthisarrangement,the
companysavescostrelatedtocommissionspaidtoagents.
Other channels: Apart from the above channels, the companies are
now resorting to Telemarketing, Online selling and Mall assurance
(sellingofinsuranceinMalls)fordistributionpurpose.
Development of new variety of insurance products: Prior to
privatisation, the pace of product development was very slow, as the
element of competition was missing. However, post IRDA all the insurers
have given a lot of efforts on development of innovative products to stand
outinthecompetitivemarket.Someofthehighlightsinthisareaare:
Unit linked products (ULIP) became the mainstay of Life Insurance
Industry due to flexibility, transparency and possibility of growth in
fund.
Riders (Additionaloptional covers) became important aspect ofthe
insuranceproduct.Itgivesvariousoptionstothecustomerstogoin
forproductswhichsuittheirneeds.
}
l
l
l
l
l
}
l
l
27 | INTERNAL AUDIT AND RISK MANAGEMENT Astute Consulting
33. 28|INTERNAL AUDIT AND RISK MANAGEMENTAstute Consulting
De-tariffingofMotorInsurance.
Development of Micro-insurance policies to cater to the need of
peopleinunorganisedsector.
Improvement in customer service standards: One of the objectives
behindformationofIRDAwastoimproveuponstandardsofserviceoffered
to customers. In 2002, IRDA came out with Policyholders' Protection
Regulationwhichspecifies,amongotherthings,keystandardsofservicing.
It has issued various guidelines from time to time to safeguard the
interestsofthepolicyholders.
Focus on new marketing segments: IRDA has set mandatory minimum
business standards for the insurers, regarding business in rural and
socially unorganised sectors. These regulations ensure even spread of
insurance across all sections in the society. IRDA has also come out with
regulation regarding Micro-insurance, which is aimed at providing benefits
ofinsurancetoeconomicallyweakersectionofsociety.
There is a quantum leap in the use of information technology that has
revolutionised the entire insurance sector. Insurance industry deals with
huge data base and thus, there is a need to use the voluminous data for
processing, servicing and trend analysis as well as improved customer
service.
Some of the key services offered by insurers due to improvement in
informationtechnologyare:
Offeringpolicyservicing,premiumpayment,claimsinanybranchof
theinsureracrossthecountry,aspercustomer'sconvenience.
Onlineissuanceofpoliciesincertaincases.
Provisionofonlinepasswordtothepolicyholdertoaccesshispolicy
accountonlineandtogetsomeofthepolicyservicingactivitiesand
premiumpaymentdonethroughinternet.
ProvidinginformationrelatedtoCompanyonthewebsite.
Directcreditinbankaccountincaseofclaims.
Portals for employees and sales force where they can log in to get
informationabouttheirsalaries,incentivesandcommissions.
l
l
}
}
}
l
l
l
l
l
l
4.7 RoleOfInformationTechnology
34. 29 | INTERNAL AUDIT AND RISK MANAGEMENT Astute Consulting
4.8 RegulatoryProvisions
4.8.1 GuidelinesonCorporateGovernanceissuedbyIRDA
Given the risks that an insurer takes in carrying out its operations and its
potentialimpactonhisbusiness,itisimportantthattheBoardhasinplace:
Robust and efficient mechanisms for identification, assessment,
quantification,control,mitigationandmonitoringoftherisks;
Appropriate processes for ensuring compliance with the Board
approvedpolicy,andapplicablelawsandregulations;
Appropriate internal controls to ensure that the risk management
andcompliancepoliciesareobserved;
An internal audit function capable of reviewing and assessing the
adequacy and effectiveness of, and the insurer's adherence to its
internal controls as well as reporting on its strategies, policies and
procedures;and
Independence of the control functions, including the risk
management function, from business operations demonstrated by
acrediblereportingarrangement.
The responsibility for the oversight of control functions of an insurer
should be entrusted to directors possessing the appropriate integrity,
competence, experience and qualifications, and they should meet proper
criteriainitiallyandonanon-goingbasis.
For insurers within a group, appropriate and effective group-wide risk
controlsystemsshouldbeinplaceinadditiontothecontrolsystemsatthe
leveloftheinsurer.Itisessentialtomanagerisksappropriatelyonagroup-
widebasisaswell.
4.8.2 AuditCommittee(Mandatory)
The Audit Committee shall oversee the financial statements, financial
reportinganddisclosureprocesses.
TheChairmanoftheAuditCommitteeshouldbeanindependentdirectorof
the Board and should ideally be a Chartered Accountant or a person with
strong financial analysis background. The association of the CEO in the
Audit Committee should be limited to eliciting any specific information
concerningauditfindings.
}
l
l
l
l
l
}
}
}
}
35. 30|INTERNAL AUDIT AND RISK MANAGEMENTAstute Consulting
The Audit Committee will oversee the efficient functioning of the internal
audit department and review its reports. The Committee will additionally
monitor the progressmade in rectification ofirregularities and changes in
processeswhereverdeficiencieshavecometonotice.
The Audit Committee shall be directly responsible for the appointment,
remuneration, performance and oversight of the work of the auditors
(internal / statutory / concurrent). In case of statutory audit, the
independence of the external auditors shall be ensured (although the
approval of appointment, remuneration and removal of the statutory
auditors shall be done by the shareholders at the general body meeting).
TheAuditCommitteeshallestablishprocedurestoattendtoissuesrelating
to maintenance of books of account, administration procedures,
transactions and other matters having a bearing on the financial position
oftheinsurer,whetherraisedbytheauditorsorbyanyotherperson.
Any work other than audit that is entrusted to the auditor or any of its
associated persons or companies shall be specifically approved by the
Board who shall keep in mind the necessity to maintain the independence
and integrity ofthe audit relationship.All such other workentrusted to the
auditor or its associates shall be specifically disclosed in the annual
accountsoftheinsurer.
4.8.3 RiskManagementCommittee(Mandatory)
Itisnowwellrecognisedthatthesoundmanagementofaninsurerasinthe
caseofotherfinancialsectorentities,isdependentonhowwellthevarious
risks are managed across the organisation. In pursuit of development of a
strong risk management system and mitigation strategies, insurers shall
set up a separate Risk Management Committee to lay down the company's
Risk Management Strategy. The risk management function shall be
organised in such a way that it is able to monitor all the risks across the
variouslinesofbusinessofthecompanyandtheoperatingheadhasdirect
access to the Board. Conventionally this function is under the overall
guidance and supervision of the Chief Risk Officer (CRO) with a clearly
defined role. The insurers can, however, presently organise the function
appropriately to the size, nature and complexity of their business keeping
in view the need for operative independence of the Head of the risk
managementfunction.
}
}
}
}
}
36. 31 | INTERNAL AUDIT AND RISK MANAGEMENT Astute Consulting
}
l
l
l
l
}
l
l
l
}
}
Broadly,theRiskManagementCommitteeshall:
Assist the Board in effective operation of the risk management
systembyperformingspecialisedanalysesandqualityreviews;
Maintainingagroup-wideandaggregatedviewontheriskprofileof
theinsurerinadditiontothesoloandindividualriskprofile;
Report to the Board details on the risk exposures and the actions
takentomanagetheexposures;
Advise the Board with regard to risk management decisions in
relation to strategic and operational maters such as corporate
strategy,mergersandacquisitionsandrelatedmatters.
4.8.4 InvestmentAudits:
AsperIRDAcircularref:INV/CIR/023/2009-10,guidelinesissuedinrespectof
InvestmentAuditsofInsuranceCompaniesareasfollows:
All the insurance companies having AUM (Assets Under
Management) less than Rs. 1,000 crores of their investment
transactionseveryquarter.
All the insurance companies having AUM (Assets Under
Management) more than Rs. 1,000 crores will be subjected to
Concurrent Audit of their Investment transactions to be done by
ExternalAuditors.
Every insurer will get its systems and processes audited at least
oncein3yearsbyExternalAuditors.
Large network of offices: Insurance business model operates with large
number of offices spread across various geographical locations. Having
control over the day to day functioning is not possible for controlling Head
Office. It relies on periodical statements sent by the offices. The role of
Internal Audit becomes very crucial for the top management as it requires
independentreviewoftheworkingoftheseoffices.
Large number of financial transactions: Every office of the Insurers
undertakes large number of financial transactions related to business.
Strict control over these transactions is required to avoid any chances of
misappropriation,fraudandmistakesofcriticalnature.
4.9 Value-AdditionOpportunitiesThroughInternalAudit
37. 32|INTERNAL AUDIT AND RISK MANAGEMENTAstute Consulting
}
}
}
}
}
l
l
l
l
l
l
l
l
Regulatory compliances: Every office of the Insurer is subject to the
compliance of large number of regulatory provisions. The controller has
been more and more aggressive on this front to protect the interests of
policyholders. Internal Audit plays vital role in ensuring the regulatory
compliances.
Employee turnover: Private insurance sector is prone to large employee
turnover. This results into frequent changes in the overall management of
offices of Insurer. Here again, the role of internal audit is very important to
appraise the management about the effect of such movements on the
overallworking.
Highly technical processes: Insurance industry requires lot of domain
expertise for its functioning. Similarly, the procedures of the insurance
companies are subject to constant review due to the changes in
regulations and technology. Internal Audit plays very important role in
suggesting the changes in procedures followed by the insurer and any
deviationobservedinimplementationofproceduresandprocesses.
Use of Information Technology: Nowadays, insurance business is highly
automatedanduseslatestsoftwaresforitsoperations.Completereviewof
systems is very critical given the huge amounts invested in information
technologyandtheextentofdependenceontechnology.
NewBusiness
NewBusinessdepartmentdealswithallthefunctionsstartingfromreceipt
ofnewproposalstoissuanceanddispatchofpoliciestothepolicyholders.
MajorNewBusinessfunction
Underwritingofnewproposals
Followupofpendingproposals
Developmentofmedicalnetwork
Issuanceanddispatchofpolicies
Controloverpolicystamps
ReinsuranceArrangements
Controloverundeliveredpolicies
Refundofexcessdepositsincaseofcancelled/rejectedproposals
4.10 ImportantAreasCoveredByInternalAudit
38. 33 | INTERNAL AUDIT AND RISK MANAGEMENT Astute Consulting
ImportantareascoveredbyInternalAudit
TurnAroundTimeobservedinrespectofpolicyissuance,conveying
pendingrequirementstocustomerandrefundofexcessdeposits.
Procedure followed for undelivered policies, refund of excess
deposits and refund of deposits in respect of cancelled/ rejected/
postponedproposals.
AdequacyofMedicalExaminers'network.
ImplementationofAMLguidelinesforallnewproposals.
Accuracy and adequacy of supporting documents collected from
theproposer,asperunderwritingmanual.
Adequacy of the mechanism for attending customer complaints in
respect of non receipt of policy documents, forged signatures
across proposal forms, third party cheques, tampered supporting
documents,etc.
KeyValueAdditions
ComplianceofAMLguidelinesinrespectofnewbusinessfunctions.
Identificationofhighriskareaslikeunder-calculationofsumunder
consideration which will affect decisions pertaining to medical /
financialunderwriting,reinsuranceandKYCdocumentation.
Identification of revenue leakages in the form of non recovery of
necessarychargesfromrefundofexcessdeposits.
PolicyServicing
Insurance contract is generally a long term relationship between the
policyholderandtheinsurer.Duringthecourseofcontractvarioustypesof
services are required by the policyholder and such services are provided
bythePolicyServicingdepartment.
Majorpolicyservicingfunctions
Nomination/Assignment
Surrender/Partialwithdrawal
Loan
Fundswitching
Freelookcancellation
Revival
Changeinsumassured/Changeinterm
l
l
l
l
l
l
l
l
l
}
l
l
l
l
l
l
l
39. 34|INTERNAL AUDIT AND RISK MANAGEMENTAstute Consulting
ImportantareascoveredbyInternalAudit
Observance of TAT in respect of all policy servicing aspects viz.
change of nomination, assignment, partial withdrawals, surrender,
loan, change of address, fund switching, free look cancellation,
renewal etc.
Accuracy and adequacy of the supporting documents collected
frompolicyholder.
Checkingtheaccuracyofcalculations.
ImplementationofAML guidelinesas per IRDA guidelinesin respect
offreelookcancellations,surrenders,assignmentsandrenewal.
Adequacy of the mechanism for attending customer complaints
particularly in respect of high risk areas viz. misrepresentation,
wrong selling, frauds, third party cheques, misuse of policy
premiumcollectedfromcustomer,etc.
KeyValueAdditions
Compliance of AML guidelines for respective policy servicing
functions.
Identification of revenue leakages in the form of non recovery of
necessary charges from surrender / partial withdrawal / free look
cancellationcases.
Identification of areas of operations which require immediate
correctivemeasurestomaintainthestandardsofpolicyservicing.
Claims
Claims department deals with all functions related to registration,
processing and admission / rejection of claims. The major types of claims
forlifeinsurersaredeath,maturity,survivalanddisability.Whereasincase
ofgeneralinsurerstherearehealthandothernonlifeclaims.
Majorclaimsfunctions
Registrationofclaims.
Followupofpendingclaimcases.
Development of network of TPA, surveyors and claim investigation
agencies.
Claiminvestigations.
Admissionandpaymentofclaims.
Repudiationoffraudulentclaims.
l
l
l
l
l
l
l
l
}
l
l
l
l
l
l
40. 35 | INTERNAL AUDIT AND RISK MANAGEMENT Astute Consulting
ImportantareascoveredbyInternalAudit
TAT observed in respect of registration of claims, claim settlement,
conveying pending requirements to claimants, claim investigation,
etc.
Procedure followed for claims registration after receipt of claim
intimation,followupwiththeclaimantforpendingrequirements.
Adequacy of the investigations carried out in respect of suspicious
claims.
Checkingtheaccuracyofcalculations.
Checking the accuracy and adequacy of the supportive documents
asperClaimsmanualandcirculars.
Adequacy of the mechanism for attending customer complaints in
respectofrepudiatedclaims,delayedclaimsettlement,etc.
KeyValueAdditions
ComplianceofAMLguidelinesinrespectofClaimsfunctions.
Identification of high risk areas like inadequacy of claim
investigationsandrepudiationsnotconformingtotheprovisionsof
Claimsmanual /InsuranceAct.
Identificationofrevenueleakagesduetowrongcalculations,wrong
selection of risk at underwriting level, inadequate reinsurance
done,etc.
SalesAdministration
Sales administration department deals with the issues related to sales
forceviz.agents,salesmanagers,branchmanagers,etc.oftheinsurer.
MajorSalesAdministrationfunctions
ArrangementofIRDAtraining.
Licensingofnewagents.
Renewalofagents'licenses.
DevelopmentofnetworkofIRDAtraininginstitutes.
Commissionpayouts.
Salescompetitionpayouts.
AppraisalofSalesManager'sperformance.
Promotionordemotionorterminationofsalesmanagers.
l
l
l
l
l
l
l
l
l
}
l
l
l
l
l
l
l
l
41. 36|INTERNAL AUDIT AND RISK MANAGEMENTAstute Consulting
ImportantareascoveredbyInternalAudit
Checking of data related to IRDA training, IRDA examinations,
licensingofnewagents,renewalofagents'licenses,etc.
AdequacyofIRDAtraininginstitutes.
Checking the accuracy of payments made to IRDA training
institutes.
Procedureforterminationofandreinstatementofagency.
Checking the accuracy of commission payouts particularly in
respectofreinstatedagents,terminatedagentsandagentseligible
undersection44.
Data related sales competition for verifying the accuracy of
compilationofeligibleagents/employees'listaspertheguidelines
ofschemecirculars.
Adequacyofthemechanismforattending complaintsinrespectof
non receipt of commission / scheme prizes, non receipt of IRDA
licenses,disputesregardingbonuses,promotioncriteria,etc.
Checking of sales promotional expenses, entertainment expenses
and salesrelatedreimbursements.
KeyValueAdditions
Identification of revenue leakages due to wrong commission
payouts, calculationerrors in SalesManager'sbonuses, wrong data
compilationforcompetitions,etc.
Identification of high risk areas such as licensing without proper
documentation, non supervision of performance of appointed IRDA
traininginstitutes.
FinanceandAccounts
All the matters related to general accounting, banking, budgeting and
financialreportingaretakencarebyFinanceandAccountsDepartment.
MajorFinanceandAccountsfunctions
CashandBankManagement.
PreparationofFinancialStatements.
Control over payments made to policyholders, vendors and
employees.
l
l
l
l
l
l
l
l
l
l
}
l
l
l
42. 37 | INTERNAL AUDIT AND RISK MANAGEMENT Astute Consulting
PreparationofBudget.
Controloverexpensesundervariousaccountingheads.
Bankreconciliations.
Submission of the periodical statements sent to higher offices /
IRDA.
ImportantareascoveredbyInternalAudit
TAT observed in respect of making various payouts, bank
reconciliations,submissionoftrialbalance,etc.
Procedures adopted for deposition of cash in bank, custody and
movement of safe keys, maintaining safety of cash counter / cash
box,etc.
Checkingofallcashdepositswithpay-in-slips.
Physical verification of cash, stamps, cheque books and fixed
assets.
Checkingofallbankreconciliations.
Accuracyoftheperiodicalstatementssenttohigheroffices/IRDA.
KeyValueAdditions
Identificationofrevenueleakagesduetodelayindepositsinbanks,
wrongbankcharges,delayedcreditbybanks,etc.
Identificationofhighriskareaslike
1) Misuseofcash,stamps,etc.
2) Flawsinmaintenanceofcashcounter/cashboxsafety.
3) Paymentsmadewithoutproperauthorisation.
GeneralAdministration
All matters related to office administration, human resources and salary
arehandledbyGeneralAdministrationDepartment.
MajorGeneralAdministrationfunctions
Compliance of the requirements under applicable labour and
industrialacts.
Control over expenses related to general administration such as
conveyance,postage,rents,taxes,etc.
Entering into lease agreements and sales agreements for the
officesofinsurer.
l
l
l
l
l
l
l
l
l
l
l
l
}
l
l
l
43. 38|INTERNAL AUDIT AND RISK MANAGEMENTAstute Consulting
Making arrangement with the vendors for supply of necessary
materialrequiredforofficeadministration.
Salaryadministration.
Handling of HR related work such as recruitment, transfers,
promotions,retirement,resignation,etc.
ImportantareascoveredbyInternalAudit
Verification of compliance of the requirements under applicable
labourandIndustrialacts.
Verification of expenses related to general administration such as
conveyance,postage,rents,taxes,etc.
Verificationofleaseagreements.
Verificationofalltheagreementswiththevendors.
Salarypaymentverification.
KeyValueAdditions
Identificationofrevenueleakagesdueto
1) Mistakes in calculation of full and final settlements, bonus
calculations,increments,etc.
2) Wrongpaymentsmadetovendors.
3) Excessiveamountsdisproportionatetothelevelofbusiness
activityspentundervariousaccountingheads.
Identificationofareasofhighrisksuchas
1) Lackofcontroloverleaverecords.
2) Lackofcontroloverinventory.
3) Non compliance of regulatory requirements with regards to
labourandindustrialacts.
Actuarial
Actuarial department deals with the jobs related to mathematical basis of
theinsurance.
MajorActuarialfunctions
DevelopmentofnewInsuranceProducts.
Determinationofpremiumtables.
ValuationofInsuranceBusiness.
Determinationofsurplus.
MaintenanceofSolvencyMargin.
l
l
l
l
l
l
l
l
l
l
}
l
l
l
l
l
44. 39 | INTERNAL AUDIT AND RISK MANAGEMENT Astute Consulting
Investment
Investment Department deals with the activities related to Investment of
moniescollectedbyInsurerasperthestatutoryguidelines.
MajorInvestmentfunctions
Investment of policyholders' fund in accordance with section 27 of
InsuranceAct,1938.
SubmissionofperiodicalreturnstoIRDA.
GroupInsuranceandPensions
Group Insurance deals with the policies issued by insurers to a group of
persons viz. employees, members of association, debtors, etc. Contrary to
individual insurance policies group insurance policies are tailor-made to
catertotherequirementsofgroup.
Majortypesofgroupinsurancepolicies
Groupterminsurance.
Group healthinsurance.
Groupgratuity.
Groupannuity.
Groupsavinglinkedinsurance.
ImportantareascoveredbyInternalAudit
Agreementbetweenmasterpolicyholderandinsurer.
Underwritingofgrouppolicies.
Claimsettlementundergrouppolicies.
Policyservicing.
Accountingofpremiumsreceived.
Procedureforentryandexitofmembers.
Adequacyofdatacollectedfromgrouppolicyholder.
Calculationofpremium.
Generalaccounting.
KeyValueAdditions
Indication of revenue leakages due to application of wrong
premiumtables,allowingentry ofnewmemberswithoutfulfillment
ofminimuminsurabilityconditions,etc.
}
l
l
}
l
l
l
l
l
l
l
l
l
l
l
l
l
l
l
45. 40|INTERNAL AUDIT AND RISK MANAGEMENTAstute Consulting
IRDACompliance
ObservanceofregulationsissuedbyIRDA.
Formations of various committees as per IRDA corporate
governanceguidelinesandtheirfunctioning.
Appointment and functioning of various officers as per IRDA
guidelines.
SubmissionofperiodicalreturnstoIRDA.
Study of Business Model: In insurance, business model followed by
various insurers varies depending upon size of business, level of expertise
available and overall business policy followed by the management. Before
the start of audit, thorough understanding of the business model is very
important. Identification of key areas, various processes, level of
delegation,degreeofinternalcontrolandregulatoryenvironmentmustbe
carefullyunderstood.
Classification of risk: Based on the above study, auditors should classify
the major risk areas and decide the weightage to be attached to each
process. For classification, industry benchmarks and past experiences can
beveryuseful.Highandmediumriskareasmustbescrutinisedthoroughly.
Use of technically qualified people: There are areas like actuarial,
investment, underwriting, claim assessment, etc. which require use of
domainexpertsforaudit.
l
l
l
l
}
}
}
4.12 AuditObjectives,ApproachAndMethodology
47. 42|INTERNAL AUDIT AND RISK MANAGEMENTAstute Consulting
Chapter 5: Financial Services Sector
5.1 SectorBackground
5.2 SizeOfTheIndustryAndEconomicAspects
India has emerged as one of the fastest-growing economies in the
developing world and has shown a constant growth. In 2009, the Global
th
Competitiveness Report ranked India 16 in financial market
th th
sophistication,27 inbusinesssophisticationand30 ininnovation;ahead
ofseveraladvancedeconomies.
Financial Services sector in India has witnessed remarkable changes in the
recent past. Policies of the government, rapid development in
communication and information technology in financial services created
radical changes in respect of innovative financial products and financial
markets. In India credit cult is developing very fast. The use of
sophisticated and advanced technology could be reckoned as another
specific feature of the global financial service industry. The growth of
financialsectorinIndiaatpresentisnearly8.5%peryear.
The Indian economy is estimated to have grown by 6.7% in 2008-09.
AccordingtothelatestCentralStatisticalOrganisation(CSO)data,financial
services, banking, insurance and real estate sectors rose by 7.8% in the
thirdquarterof2009-10.
Thegovernmenthastakenanumberofstepsinrecentmonthstorevivethe
economy, including slashing interest rates, lowering factory levies and
morethandoublingthelimitonforeigninvestmentincorporatebonds.The
financialservicesspaceisrapidlygrowinginIndia.
As per SEBI number of registered FIIs as on 29 March 2010 was 1,710 and the
cumulative investments in equity since November 1992 to 29 March 2010,
was US$ 76.74 billion, while the cumulative investments in debt during the
sameperiodwereUS$11.85billion.
The average assets under management of the mutual fund industry stood
at US$ 174.06 billion for the month of February 2010, an increase of nearly
36%fromUS$111.55billioninFebruary2009,accordingtothedatareleased
byAssociationofMutualFundsinIndia(AMFI).
}
}
}
}
}
}
48. Funds raised by the Indian corporate sector via ADRs / GDRs have jumped
over 33 times from around US$ 101.72 million in 2008 to about US$ 3.50
billionin2009.
Furthermore,witheconomicoutlookonIndianaswellglobalmarketsbeing
positive, PE funds are closing deals more speedily than last year. The
merger and acquisition (M&A) activity has shown similar momentum, with
domesticdealsrulingthecharts.
PE funds closed 29 deals in January 2010 compared to only 16 during the
same period last year. The value of such deals saw a significant jump of
303%,fromUS$309millioninJanuary2009toUS$1.24billionthisyear.
Also, a study by Project Finance International (PFI), a source of global
projectfinanceintelligenceandaThomsonReuterspublicationhasranked
India on top in the global project finance (PF) market in 2009, ahead of
Australia,SpainandtheUS.
The study said the main market for PF in 2009 was the domestic Indian
market, which raised US$ 30 billion, accounting for 21.5% of the global PF
market.ThiswasupfromUS$19billionin2008.
Reforms of the financial sector constitute the most important component
of India's programme towards economic liberalisation. The recent
economic liberalisation measures have opened the door to foreign
competitors to enter into our domestic market which was not the case
before. Deregulation in the form of elimination of exchange controls and
interest rate ceilings have made the market more competitive. Innovation
hasbecomeamustforsurvival.
Manyoftheprovidersandusersofcapitalhavechangedtheirrolesallover
the world. Financial intermediaries have come out of their traditional
approach and they are ready to assume more credit risks just like the
global organisaton. As a consequence, many innovations have taken place
in the global financial sector which have its own impact on the domestic
sector also. Theemergenceofvarious financialinstitutionsand regulatory
bodies has transformed the financial services sector from being a
conservative industry to a very dynamic one. In this process this sector is
facinganumberofchallenges.
}
}
}
}
}
}
}
5.3 GlobalAndIndianScenario
43 | INTERNAL AUDIT AND RISK MANAGEMENT Astute Consulting
49. ImpressiveprogressinITandIT-enabledservices,bothrailandroadtraffic,
and fast addition to existing stock of telephone connections, particularly
mobiles,playedakeyroleinsuchgrowth.
Due to globalisation, financial services industry is in a period of transition.
Market shifts, competition, and technological developments are ushering
in unprecedented changes in the global financial services industry.
Organisations in this highly competitive and increasingly regulated
industrywillespeciallyneedtofocusonmakingthemselvesmore:
Adept to face increasing transaction volumes, regulation and the
integrationofpreviouslydisparateglobalmarkets.
Agileatidentifyingandmanagingrisk.
OperationallyefficientandCustomer-centric.
Optimisedinbothbusinessandtechnology.
Inthisscenario,spearheadingITinitiativeshasbecomecriticallyimportant.
Major spending initiative priorities tend to focus on automation to reduce
costs and lessen risk, along with using BPO to gain efficiency and allow
internal IT organisations to focus on strategic initiatives. Delivery of these
capabilities at a high efficiency level but at low costs is one of the major
successfactorsforanyfinancialservicesbusiness.
Growth in financial services at global stage is being bolstered by the
opportunitiesofdemography,emergingmarketsandevermoreinnovative
products and services. Yet, organisations also face the challenges of
mounting competition, more complex regulations and ever more meeting
customer expectations. Effective growth strategies are therefore likely to
cut across all operating processes and functional boundaries. Key
priorities include ensuring that the business model takes full account of
customers' needs, tax, financial and regulatory considerations and the
organisation's capacity to change the way it does business. In turn, the
objectivesandcriteriaforsuccessneedtobeclearlymeasured.
All financial service companies need to comply with the legislations
enactedbythefollowingregulatoryboardsofIndia:
SecuritiesandExchangeBoardofIndia(SEBI).
ReserveBankofIndia(RBI).
}
}
l
l
l
l
}
}
}
l
l
5.4 RegulatoryFrameworkGoverningTheSector
44|INTERNAL AUDIT AND RISK MANAGEMENTAstute Consulting
50. l
l
l
l
l
}
l l
l l
l l
l l
l l
l l
l l
l
l l
l l
l l
l l
l
MinistryofFinance(MOF).
Forward Markets Commission (FMC). The key legislation governing
the forward commodities market is the Forward Contracts
(Regulation) Act, 1952 (FCRA) which empowers the Central
Government (in consultation with FMC) to regulate forward
contractsincertaingoods.
InsuranceRegulatoryandDevelopmentAuthority(IRDA).
MinistryofCorporateAffairs(MCA).
MinistryofCommerceand Industry(FDIPolicy).
TheMajorSegmentsofthefinancialservicesare:
MutualFunds ForeignInstitutionalInvestors(FII)
NBFC MerchantBankers
VentureCapital Underwriters
CreditRatingAgencies RegistrarsandShareTransferAgents
ClearingHouse IntermediationorAdvisoryServicesCompany
Depositories Conglomerates
StockBrokers SecuritiesMarket
PrivateEquity
i. MutualFund
MutualFund is a type ofInvestmentCompany or a form ofjoint investment.
The mutual funds are actually huge funds where a number of investors
invest their money. This huge amount is invested in several projects and
companiesthatcanprovidedesiredgrowthtomoney.Themutualfundsare
managedbythefundmanagers/portfoliomanagers.
There are a number of mutual funds that are differentiated according to
their areas of investment. Some of these types of mutual funds are as
follows:
Open-EndedFunds MoneyMarketorLiquidFunds
Close-EndedFunds GiltFunds
Growth/EquityOrientedFunds IndexFunds
Income/DebtOrientedFunds ExchangeTradedIndexFunds
BalancedFunds
AsonApril2010therewere45MutualFundsregisteredwithSEBI.
5.5 MajorSegments
45 | INTERNAL AUDIT AND RISK MANAGEMENT Astute Consulting
51. 46|INTERNAL AUDIT AND RISK MANAGEMENTAstute Consulting
Compliances:
The mutual funds are subjected to a different set of rules and
regulations regarding administration and tax structure. They are
governedbySEBI(MutualFunds)Regulation1996.
System Audit is Mandatory for Mutual Funds and has to be
conductedonceintwoyears.
Statement of Additional Information (SAI) and Scheme Information
Document(SID)tobemadeavailableonSEBIwebsite.
ii. Non-BankingFinancialCompanies(NBFCs)
NBFCs are fast emerging as an important segment of Indian financial
system. The NBFCs as a whole account for 9.1% of the assets of the total
financial system. It is an heterogeneous group of institutions (other than
commercial and co-operative banks) performing financial intermediation
in a variety of ways, like accepting deposits, making loans and advances,
leasing,hirepurchase,etc.
They raise funds from the public, directly or indirectly, and advance loans
to the various wholesaleand retail traders, small-scaleindustriesand self-
employed persons. Thus, they have broadened and diversified the range of
productsandservicesofferedbyfinancialsector.Gradually,theyarebeing
recognisedascomplementarytothebankingsectorduetotheircustomer-
oriented services, simplified procedures, attractive rates of return on
deposits, flexibility and timeliness in meeting the credit needs of specified
sectors,etc.
A reclassification of NBFCs was effected in December 2006, whereby
companies financing real / physical assets for productive / economic
activities are classified as Asset Finance Companies, while the other two
categoriesareInvestmentCompaniesandLoanCompanies.
The NBFC sector has been witnessing a consolidation process in recent
years,whereintheweakerNBFCsaregraduallyexiting,pavingthewayfora
strongerNBFCsector.
Compliances:
TheworkingandoperationsofNBFCsareregulatedbythe:
Reserve Bank of India (RBI) within the framework of the Reserve
BankofIndiaAct,1934.
l
l
l
l
52. RegulatoryframeworkofNBFCGuidelinesissuedbyRBI.
NBFCPrudentialNormsDirectives.
CompaniesAct,1956.
iii. VentureCapital(VC)
VC is an important source of finance for those small and medium-sized
firms, which have very few avenues for raising funds. Venture capital is a
commitment of capital, or shareholdings, for the formation and setting up
of small scale enterprises at the early stages of their life cycle. Venture
capitalistscompriseofprofessionalsfromvariousfields.
They provide funds (known as Venture Capital Fund) to these firms after
carefully scrutinising the projects. Their main aim is to earn huge returns
on their investments, but their concepts are totally different from the
traditional moneylenders. They take active participation in the
management ofthe company as wellas provide the expertise and qualities
of a good banker, technologist, planner and managers. Thus, the venture
capitalistandtheentrepreneurliterallyactaspartners.
InIndia,VCfirmshaveinvestedUS$475millionover92dealsinIndiaduring
calendar2009.
l
l
l
47 | INTERNAL AUDIT AND RISK MANAGEMENT Astute Consulting
VentureCapitalFundsason April2010 154
ForeignVentureCapitalFundsasonApril2010 144
Theventurecapitalrecognisesdifferentstagesoffinancing,namely:
Earlystagefinancing.
Expansionfinancing.
Acquisition/buyoutfinancing.
In India, the venture capital funds (VCFs) can be categorised into the
followinggroups:
ThosepromotedbytheCentralGovernment.
ThosepromotedbyStateGovernment.
Thosepromotedbypublicbanks.
Thosepromotedbyprivatesectorcompanies.
Thoseestablishedasanoverseasventurecapitalfund.
l
l
l
l
l
l
l
l
53. 48|INTERNAL AUDIT AND RISK MANAGEMENTAstute Consulting
Compliances:
SEBI(VentureCapitalFunds)Regulations,1996.
SEBI (Foreign Venture Capital Investors) Regulations, 2000. These
regulations provide broad guidelines and procedures for
establishment of venture capital funds both within India and
outsideIndiatheirmanagementstructureandsetup;aswellassize
andinvestmentcriteriaofthefunds.
FDIPolicy.
iv. CreditRatingAgencies
The credit rating agencies are those firms that evaluate different types of
financial services companies. These ratings are based on a number of
factors like the kind of services, risk factor involved with the services,
customer facilitation and many more. The types of Rating are Debenture /
BondRating,EquityRating,CommercialPaperRating,etc.Thereare5credit
ratingagenciesregisteredwithSEBIasonApril2010.
Compliance:
SEBI(CreditRatingAgencies)Regulations,1999.
IncaseofCompany,under CompaniesAct,1956.
In case of bank, provisions under Banking Regulation Act, 1949 /
ApprovalfromRBI.
v. ClearingHouse
Clearing house is a form of financial institution, which offers settlement
and clearing facilities for monetary deals normally on a futures exchange.
A clearing house frequently functions in the form of a key counterparty.
Clearinghousesalsoextendservicesrelatedtonovation.
Novation refers to the replacement of a new agreement or loan for a
previous one, as well as various facilities related to credit growth to its
participants.OnemajorinstanceofaclearinghouseistheOptionsClearing
Corporation, which operates with a goal to clear equity options so that to
assuretheappropriateusageofthesedevices.
Compliances:
SEBIRegulations.
RBIGuidelines.
l
l
l
l
l
l
l
l
54. 49 | INTERNAL AUDIT AND RISK MANAGEMENT Astute Consulting
vi. Depositories
Depositories are establishments with the objective of ensuring free
transferability of securities with speed, accuracy and security,
dematerialising the securities in the depository mode, providing for
maintenanceofownershiprecordsinbookentryform.
Compliances:
SEBI(DepositoriesandParticipants)Regulations,1996.
TheDepositoriesAct,1996.
SecuritiesContractRegulationAct,1956.
CompaniesAct,1956.
vii. StockBrokers
A stock broker is a regulated professional broker who buys and sells
shares and other securities through market makers on behalf of investors.
Business of stock exchange can only be transacted by a member of the
StockExchange.
Compliances:
SecuritiesContractRegulationAct,1956.
SEBIAct,1992andvariousRules,RegulationsandNotifications.
In August 2008, SEBI issued a circular to the various stock exchanges
requiring mandatory internal audit for their stock-brokers / clearing
membersonahalf-yearlybasis.
The scope of the said audit includes the existence, scope and efficiency of
theinternalcontrolsystem,compliancewiththeprovisionsoftheSEBIAct,
1992, Securities Contracts (Regulation) Act, 1956, SEBI (Stock Brokers and
Sub-Brokers) Regulations, 1992, circulars issued by SEBI, agreements,
know-your-customer requirements, by-laws of the exchanges, and data
security and insurance in respect of the operations of stock brokers /
clearingmembers.
During the last few years, there have been substantial regulatory,
structural, institutionaland operational changes in the securities industry,
which has been brought in with the objective of improving market
efficiency, enhancing transparency, preventing unfair trade practices and
bringing the Indian market up to the international standards. Some of the
l
l
l
l
l
l
55. significantchangesarelistedbelow.
Screen-Based Trading in place of physical trading, which has
enabledtradingtobecarriedoutfromvariousregions.
ReductioninTradingandSettlementcyclefromT+14tovirtuallyT+2
/T+1daycycleinaprogressivemanner.
Tradinginderivatives,options,futures,etc.
Dematerlisation of securities and virtual discontinuance of trading
inphysicalform.
Development of Risk Management System in Stock Exchanges like
constant monitoring of exposure and turnover, indemnity
insurance, on-line monitoring and automatic disablement, virtual
surveillance,introductionofcircuitbreakersetc.
Globalisation of markets with highly sophisticated and matured
players like FIIs, Mutual Funds, High Networth Individuals, etc.
entering India and high inter-connect between Global stock
exchangesandIndianstockexchanges.
The recent capital market reforms and globalisation of the economy have
opened up various business avenues as well as increased the exposure to
certainrisksforthestock-brokingcommunityarisingfrom:
Substantialincreaseingeographiesoperations.
Considerableincreaseinscaleofoperations.
Polarisation of stock exchanges, with the Bombay Stock Exchange
(BSE) and the National Stock Exchange (NSE) together accounting
forover99.98%ofthenationalturnoveroftrades.
IncreaseduseofInformationTechnology.
Change in the type and scale of investors, with the emergence of a
new class of investors in mutual fund houses (MFs), venture capital
funds,privateequityplayers,portfoliomanagers,etc.
Increasedtransparencyandmediaexposure.
Increasedreporting requirements and greater responsibility on the
variousfunctionaries.
Increased volatility in the markets following greater and quicker
information flow, and the integration of Indian capital market with
globalcapitalmarkets.
l
l
l
l
l
l
l
l
l
l
l
l
l
l
50|INTERNAL AUDIT AND RISK MANAGEMENTAstute Consulting
56. InternalAuditofStockbrokers
Theareasthatareoftheutmostimportancewhereintheinternalauditcan
addvalueare:
Clientacceptanceandanti-moneylaunderingcompliances.
Clientexposureandmarginpolicyaspects.
Treasurymanagement.
IT systems' review and IT security aspects including business
continuityanddisastermanagementplan.
Revenue audit based on contractual arrangements with client and
revenuesharingagreementwiththefranchisees/subbrokers.
Manpowercostreviewincludingperformancebasedincentives.
Reviewofoperatingcosts,includinginfrastructureandIT.
Compliancewithapplicableregulations,suchasthoseofSEBI,stock
exchange regulations, Securities Transaction Tax, Service Tax,
IncomeTax,andCompaniesAct(incaseofcorporateentities).
viii. PrivateEquity(PE)
Private equity is money invested in companies that are not publicly traded
on a stock exchange or invested as part of buyouts of publicly traded
companies in order to make them private companies. The majority of
private equity consists of institutional investors and accredited investors
who can commit large sums of money for long periods of time. Private
equity investments often demand long holding periods to allow for a
turnaround of a distressed company or a liquidity event such as an IPO or
saletoapubliccompany.
Private equity funds often use leveraged buyouts (LBOs) to acquire the
firms in which they invest. The most successful private equity funds can
generate returns significantly higher than those provided by equity
markets.
Compliances:
TheSEBI(VentureCapitalFunds)Regulation,1996.
TheSEBI(ForeignVentureCapitalInvestors)Regulations,2000.
l
l
l
l
l
l
l
l
l
l
51 | INTERNAL AUDIT AND RISK MANAGEMENT Astute Consulting
57. 52|INTERNAL AUDIT AND RISK MANAGEMENTAstute Consulting
FEMA (Transfer or Issue of Security by a person resident outside
India)Regulations,2000.
IncomeTaxAct,1961.
ix. ForeignInstitutionalInvestors(FII)
‘Foreign Institutional Investor’ means an institution established or
incorporated outside India which proposes to make investment in India in
securities(equity,debt,derivatives,IDR,etc.)
DatasourcedfromtheSEBIasof31December2009showsthat
NumberofregisteredFIIsstoodat1,706;
Numberofregisteredsub-accountsroseto5,331;
FIIs transferred a record US$ 17.46 billion in domestic equities
duringthecalendaryear2009.
Compliances:
SEBI(ForeignInstitutionalInvestors)Regulation,2006.
RBIGuidelines.
FEMARegulations.
FDIPolicy.
x. MerchantBanker
A Merchant Banker is a person who is engaged in the business of issue
management either by making arrangements regarding selling, buying or
by subscribing to securities as manager, consultant, adviser or rendering
corporate advisory servicein relation to such issue management. They act
as a totalsolutions provider as far as any corporate, desirous ofmobilising
capitalisconcerned.
l
l
l
l
l
l
l
l
l
Merchant Banking Services
Merchant Banker
Advisory
Market
Operations
Issue
Management
Financial Services
(Non Fund)
58. 53 | INTERNAL AUDIT AND RISK MANAGEMENT Astute Consulting
Compliances:
SEBI(MerchantBankers)Rules,1992.
xi. Underwriters
Underwriters are either a company or other entity that administers the
public issuance and distribution of securities from issuing body. An
underwriter works closely with the issuing body to determine the offering
price of the securities buys them from the issuer and sells them to
investorsviatheunderwriter'sdistributionnetwork.
Underwriters generally receive underwriting fees from their issuing
clients, but they also usually earn profits when selling the underwritten
shares to investors. However, underwriters assume the responsibility of
distributing securities issue to the public. If they cannot sell all of the
securities at the specified offering price, they may be forced to sell the
securities for less than they paid for them, or retain the securities
themselves.
Compliances:
TheSEBI(Underwriters)Regulations,1993.
xii. Registrars
It is an organisation, usually a bank or a trust company, that maintains a
registry of the share owners and number of shares held for a mutual fund,
bond or stock, and makes sure that more shares are not issued than are
authorised.
Compliances:
SEBI(RegistrarstoanissueandShareTransferAgents)Rules,1993.
xiii. IntermediationorAdvisoryServicesCompany
Thereareanumberofinvestmentoptionsavailablefortheinvestorsbutat
the same time, every investor is not meant for every kind of investment
option. There are a number of factors like returns from the investment,
security of the investment and several other risk factors that are involved
withtheinvestments.
l
l
l
59. 54|INTERNAL AUDIT AND RISK MANAGEMENTAstute Consulting
These companies are designed to provide advice to the investors in
selectingthe right investmentoptionsthat suit their investmentplans and
also the risk tolerance capacity. At the same time, the intermediation or
advisory services companies are handling the investor's money and
investingitaccordingtotheclient'schoice.
xiv. Conglomerates
A financial services conglomerate is a financial services firm that is active
in more than one sector of the financial services market e.g. life insurance,
general insurance, health insurance, asset management, retail banking,
wholesale banking, investment banking, etc. A key rationale for the
existence of such businesses is the existence of diversification benefits
thatarepresentwhendifferenttypesofbusinessesareaggregated.
xv. SecuritiesMarket
Allow firms to raise capital more directly from investors, in
particularbyissuingequitiesandbonds,inturnallowinginvestorsa
share in the success of the economy. Securities markets have
witnessed rapid growth over recent decades and become
increasinglyinternationalised.
Capital markets continue to innovate. Commodity markets allow
firms to fix prices for products in the future, removing risks and
allowing firms greater certainty in production and investment
decisions. Derivatives are securitised products that allow business
risks such as movements in the price of commodities. The global
derivatives market, including 'over-the-counter' (OTC) and
exchange-tradedderivatives,hasgrownrapidly.
The number of shareholders in India is estimated at 25 million. However,
only an estimated 2 lakh persons actively trade in stocks. There has been a
dramatic improvement in the country's stock market trading
infrastructure during the last few years. Expectations are that India will be
an attractive emerging market with tremendous potential. Unfortunately,
during recent times the stock markets have been constrained by some
unsavory developments, which have led to retail investors deserting the
stockmarkets.
l
l
}
5.6 CriticalDevelopments
60. MutualFunds
The mutual funds industry is now regulated under the SEBI (Mutual
Funds)Regulations,1996andamendmentsthereto.Withissuanceof
SEBI guidelines, the industry has a framework for establishment of
manymoreplayers,bothIndianandforeignplayers.
The Unit Trust of India remains the biggest mutual fund controlling
a corpus of nearly Rs. 70, 000 crores, but its share is going down.
The biggest shock to the mutual fund industry during recent times
was the insecurity generated in the minds of investors regarding
theUS64scheme.Withthegrowthinthesecuritiesmarketsandtax
advantages granted for investment in mutual fund units, mutual
fundsstartedbecomingpopular.
The foreign owned AMCs are the ones which are now setting the
pace for the industry. They are introducing new products, setting
new standards of customer service, improving disclosure
standards and experimenting with new types of distribution.
The insurance industry is the latest to be thrown open to
competition from the private sector including foreign players.
Foreign companies can only enter joint ventures with Indian
companies, with participation restricted to 26% of equity. It is too
early to conclude whether the erstwhile public sector monopolies
will successfully be able to face up to the competition posed by the
newplayers,butitcanbeexpectedthatthecustomerwillgainfrom
improvedservice.
The new players will need to bring in innovative products as well as
fresh ideas on marketing and distribution, in order to improve the
low per capita insurance coverage. Good regulation will, of course,
beessential.
The Capital Issues (Control) Act, 1947, repealed, offices of the
Controller of Capital Issues were abolished and the initial share
pricing were decontrolled. SEBI, the capital market regulator was
establishedin1992.
Foreigninstitutionalinvestors(FIIs)wereallowedtoinvestinIndian
capital markets after registration with the SEBI. Indian companies
were permitted to access international capital markets through
euroissues.
l
l
l
l
l
l
l
55 | INTERNAL AUDIT AND RISK MANAGEMENT Astute Consulting
61. l
l
l
l
The National Stock Exchange (NSE), with nationwide stock trading
and electronic display, clearing and settlement facilities was
established.Severallocalstockexchangeschangedoverfromfloor
basedtradingtoscreenbasedtrading.
Privatemutualfundspermitted
The Depositories Act had given a legal framework for the
establishment of depositories to record ownership deals in book
entry form. Dematerialization of stocks encouraged paperless
trading. Companies were required to disclose all material facts and
specific risk factors associated with their projects while making
publicissues.
To reduce the cost of issue, underwriting by the issuer were made
optional, subject to conditions. The practice of making preferential
allotment of shares at prices unrelated to the prevailing market
priceswasstoppedandfreshguidelineswereissuedbySEBI.
SEBI reconstituted governing boards of the stock exchanges,
introduced capital adequacy norms for brokers, and made rules for
making client or broker relationship more transparent which
includedseparationofclientandbrokeraccounts.
56|INTERNAL AUDIT AND RISK MANAGEMENTAstute Consulting
Key Players in the Sector – Private and Public
Financial Service Sector
Mutual
Funds
Venture
Capital
Private
Equity Firms
Foreign
Institutional
Investors
Ventureast,
Intel Capital,
Benchmark Capital,
Serquoia Capital,
@Ventures,
UTI Ventures.
ICICI PE,
Goldman Sachs PE,
Tata Capital PE,
Kotak PE Group.
SBI Mutual
Reliance Mutual Fund,
Franklin Templeton
Mutual Fund,
HDFC Mutual Fund,
ICICI Mutual Fund.
Fund, Deutsche
Citi Bank,
Indiabulls Real
Estate Ltd,
Goldman Sachs.
Bank,
62. 57 | INTERNAL AUDIT AND RISK MANAGEMENT Astute Consulting
5.7 KeyElementsAndPeculiarities
i. Marketreporting
Successful financial services organisations recognise that greater
transparency and clear explanation of the rationale for business
strategies will be critical in boosting market confidence and
securingaccesstolimitedcapitalinthewakeofthefinancialcrisis.
Smart firms are therefore looking beyond basic compliance to
provide real insights into the appetite for risk, the priorities and
assumptions governing risk management and how risk influences
keybusinessdecisions.
Forward-looking companies are also looking closely at how to
influence and respond to planned changes in market reporting to
ensure they reflect the realities of their business and provide more
relevantandreliableinformationforanalystsandinvestors.
ii. Operations
Many financial services organisations have found that their
attempts to cut costs and improve efficiency in the wake of the
financial crisis have been far less successful than hoped and is
already proving difficult to sustain. There is a particular risk that
knee-jerkoperationalshake-upscoulddamagecustomerserviceor
jettisonthetalentthebusinessneedstocapitaliseon.
Further improvements could be achieved through a more
aggressive approach to product rationalisation, reducing needless
management layers and identifying opportunities for integration
and consolidation in areas. Streamlining and simplification can not
only cut costs, but also strengthen management control and
oversight, as well as support and secure operationally organic and
externalgrowth,whetherdomesticallyorinternationally.
With their wide view of value chains processes cost, risk and
profitability,thefinanceandoperationsfunctionstojointlyidentify
opportunities for savings, operational improvements and
developingstrong,realistic,andexecutablebusinesscases.
iii. People
Forward-looking financial services organisations recognises that a
l
l
l
l
l
l
l
63. 58|INTERNAL AUDIT AND RISK MANAGEMENTAstute Consulting
different set of skills, smart deployment of talent and the
realignment of compensation structures will be critical to their
ability to adapt to the fundamentally different competitive and
regulatoryenvironmentthatisemergingfromthefinancialcrisis.
As tough market conditions diminish the opportunities for short-
term trading returns, successful firms will have to look at how to
attract and nurture people with the mindset and ideas to develop
lasting relationships, work within tougher risk and compliance
demandsandcreatevalueoverthelong-term.
A particular challenge is how to reward people when compensation
policiesarefacingatighterrein.
Ultimately, the commitment and behavior of the people within an
organisation is critical in rebuilding the trust of consumers,
markets and governments, without which investment, growth and
profitabilitywillnotrecover.
iv. Regulation
The financial crisis has highlighted questions about the adequacy
of the regulatory regimes governing financial services, which are
being met with increasing demands and changes in the regulatory
environment under which organisations operate. Leading Financial
organisations should be able to use the changes in regulation as an
opportunity to develop a systematic approach to governance, risk
and capital management and use these capabilities to provide a
more informed and assured approach to decision-making. Facing
greater media and political scrutiny, they will also be able to
balance the need to restore profitability with the expectations of
beingaresponsiblecorporatecitizen.
v. Restructuring
The ability to measure current and prospective risk-adjusted
returns will be critical in identifying what businesses to develop or
divest and convey the rationale for restructuring strategies to
analystsandinvestors.
Restructuring will open up valuable opportunities for agile and
strongly capitalised firms, who can step in to take advantage of
divestment or market exit by weaker competitors. Firms need to
l
l
l
l
l
l
64. explore alternative and innovative financing options to support
their growth strategies. This could include private equity funding,
eitherintheformofcapitalinjectionsorstrategicpartnerships.
vi. Risk
In the face of an increasingly complex and uncertain commercial,
regulatory and geopolitical environment, financial services
organisations are looking to develop a more proactive, systematic
and integrated approach to governance and risk management.
However, governance, risk management and compliance are still
primarily seen as a regulatory obligation rather than a value driver.
Effective enterprise risk management can help to underpin sound
governance and related compliance requirements by providing a
comprehensive framework of internal controls and reporting
procedures. The results are enhanced stakeholder confidence and
sustainablevaluecreation.
5.8.1 As Financial Services have become more complex, offering new products in more
channels, the scrutiny and the need for data management oversight and
consistencyhasgreatlyincreased.
AmongthekeyITchallengesfacingtheFinancialServicesindustrytodayare:
Preserving investments in old systems while leveraging new technologies
todrivedowntransactionscosts,expandandimprovecustomerservice.
Integrating organisation-wide disparate systems to gain operational
efficiencies.
Substantiallyreducingtimefordeploymentofnewsystems.
Reducing IT costs and obtaining better ROIs for new investments in the
long-term.
Onehotissuethatcontinuestopickupsteamwithinthefinancialservicesindustry
(FSI) is that of Data Governance. Financial Institutions (FI) produce and consume
extremely large volumes of data and rely on insights they gain from their data to
run their business. In this point of view, one needs to understand as to why Data
Governance will continue to play a significant role in the coming years across the
Industry.
l
l
}
}
}
}
5.8 RoleOfInformationTechnology
59 | INTERNAL AUDIT AND RISK MANAGEMENT Astute Consulting
65. 5.8.2 Theneedforassessmentisrequiredkeepingthebelowfactorsasafocalpoint:
Data Governance need to take a ‘front seat’ in the prioritisation of future
projects.
The process by which one manages the quality, consistency, usability,
security,andavailabilityoforganisation'sdata.
The fact that lack of transparency into risk and financial information may
have substantially contributed to the sudden nature and speed with which
thecreditcrunchimpactedtheworldfinancialsystem.
FI’s information capabilities, including the ability to produce clear and
concise reports that illustrate the financial health of an institution, are
becomingevermorepresentandnecessary.
ThecurrenteconomicclimatehaspresentedtheFinancialServiceIndustry
with the challenge of increased cost-cutting measures, which often cause
Data Governance initiatives to be put on the back burner or eliminated
altogether.
Runaway costs and process inefficiencies caused by incorrect data. Data
problems can be very expensive to fix because the root cause is often not
adequatelyaddressed.
Missedrevenueopportunitiesresultingfromalackofinsight.
Regulatory penalties or damaged reputations resulting from a lack of data
transparency.
A lack of user confidence and / or understanding of business data, which
constrainsvaluerealizationfromothertechnologyinvestments.
Redundantdatabasesandnoclearsystemofrecord.
Noclearownershiporaccountabilityforqualityandconsistencyofdata.
Noclearstandardstomeasurequalityofdataresources.
No method to measure data quality and the impact of poor data quality.
Shadowfinanceandtechnologyorganisationsoftenmanuallyfixproblems
insteadofaddressingrootcauses.
Clear policies, standards, and procedures that will be used across the
organisationarecritical.
}
}
}
}
}
}
}
}
}
}
}
}
}
}
60|INTERNAL AUDIT AND RISK MANAGEMENTAstute Consulting
66. l l
l l
l l
l l
l l
l l
RiskManagement Key risks identification and maintenance
ofriskregisters.
RegulatoryCompliances Compliance to SEBI guidelines, Companies
ActandIncomeTaxcompliances.
SOPCompliance Documented Systems and Processes
related to Trade and Settlement, Treasury
and Funds Management, Portfolio
Management Services (Brokerage, Mutual
funds,AssetManagementCompanies).
CostControlandCost Allmajorcostareas/functions.
Reduction
InformationTechnology IT Controls Effectiveness Review and
identification of ‘Gaps’ in existing and
desiredITcontrolssystem.
HumanResources(HR) ImplementationReviewoftheHRPolicy.
Areas Key Value-Addition Opportunities
Data Governance is not solely a technology issue, nor should the initiative
be owned by information technology. In fact, it is absolutely critical that
ownership for Data Governance starts and ends, with the Business, with
supportfrominformationtechnology.
Requires a multidisciplinary approach, and through the exact roles and
structures of the data owners may change from situation to situation, the
final structure should be documented and communicated throughout the
organisation.
InternalAuditinFinancialServicesSectorcanincludefollowingareas:
}
}
5.9 Value-AdditionOpportunitiesThroughInternalAudit
61 | INTERNAL AUDIT AND RISK MANAGEMENT Astute Consulting
67. Mumbai
13th Floor, Bakhtawar,
229, Nariman Point,
Mumbai - 400 021.
3rd Floor, Ahura Centre,
82, Mahakali Caves Road,
Andheri (E), Mumbai - 400 093.
608, Sagar Tech Plaza-B,
Sakinaka, Andheri (E),
Mumbai - 400 072.
Bengaluru (Bangalore)
“Sujaya” No.1007, 2nd Cross,
13th Main, HAL II Stage,
Bangalore - 560 038.
Chennai
1A, Chamiers Apartments,
62/121, Chamiers Road,
R. A. Puram, Chennai - 600 028.
Kolkata
2058/A, Mercantile Building,
Block “A”, 9 Lal Bazar Street,
Kolkata - 700 001.
New Delhi - NCR
3rd Floor, Tower-B,
B-37, Sector-1,
Nodia - 201 301.
Surat
B/604-605, Tirupati Plaza,
Athwa Gate, Nanpura,
Surat - 395 001.
T-720, Belgium Tower,
Opp. Liner Bus Stop,
Ring Road, Surat - 395 002.
Gandhidham
79, Gokul Dham,
Golpadhar, Adipur PO,
Gandhidham - 370 205.
Ahmedabad
504, Narnarayan Complex,
Navrangpura,
Ahmedabad - 380 009.
RSM Astute Consulting Group
Hyderabad
Kolkata
New Delhi-NCR
68. For further information please contact:
RSM Astute Consulting Private Limited
13th Floor, Bakhtawar, 229, Nariman Point, Mumbai - 400 021.
T: (91-22) 6696 0644 / 2287 5770 F: (91-22) 2287 5771 / 2820 5685
E: emails@astuteconsulting.com www.astuteconsulting.com
Offices:Mumbai(Andheri),NewDelhi-NCR,Chennai,Kolkata,
Bengaluru,Surat,Ahmedabad,Hyderabad&Gandhidham.
RSM Astute Consulting Private Limited is an independent member firm
of RSM international, an affiliation of independent accounting and
consulting firms. RSM International is the name given to a network of
independent accounting and consultingfirms each of which practicesin
its own right. RSM International does not exist in any jurisdiction as a
separatelegalentity.
The aim of this publication is to provide general information about
certain aspects of “Internal Audit and Risk Management in BFSI Sector”
andeveryefforthasbeenmadetoensurethecontentsareaccurateand
current. However, tax rates, legislation and economic conditions
referred to in this publication are only accurate at time of writing.
Information in this publication is in no way intended to replace or
supersede independent or other professional advice. It may be noted
that nothing contained in this publication should be regarded as our
opinion and facts of each case will need to be analyzed to ascertain
applicability or otherwise of the said publication and appropriate
professionaladviceshouldbesoughtforapplicabilityoflegalprovisions
based on specific facts. We are not responsible for any liability arising
fromanystatementsorerrorcontainedinthispublication.