Chapter 11: Bank Audit & Inspection

📚 JAIIB 2026 • AFM • Module A • Chapter 11 of 11 • 🎉 FINAL CHAPTER!

Bank Audit & Inspection
(Who Checks the Bank’s Homework? — The Multiple Layers of Audit!)

A bank handles CRORES of public money every day. Who makes sure it’s all correct, legal, and safe? AUDITORS! But not just one type — banks face MULTIPLE audits: concurrent, internal, statutory, IS audit, forensic, management, and tax audit. Each has a different purpose, different people, different frequency. This chapter covers them all.

⏱ 16 min read🎯 Exam Favourite🧠 8 Memory Tricks⚡ 12 Flash Cards

Banky Meets the Auditors! 🕵️

Banky noticed different people coming to the branch with files and laptops. Monday: concurrent auditor. Wednesday: internal audit team. Friday: statutory auditor. He’s confused — “Why so many auditors?! Are we doing something wrong?” His manager laughs: “No Banky, this is NORMAL. Banks get audited by MULTIPLE teams at DIFFERENT levels. It’s how we stay safe!”

“Sir, this week I’ve met 3 different audit teams! Is our branch in trouble? 😰” — “No! Every branch gets audited regularly. It’s like getting multiple health check-ups. Let me explain who does what!” 🏥
🤔
Section 1 of 9

Why is This Important?

👨‍🏫
Banks handle PUBLIC money — deposits from crores of people. One mistake, one fraud, one non-compliance can shake the entire economy. That’s why RBI, Companies Act, and Banking Regulation Act MANDATE multiple layers of audit. As a banker, you’ll face auditors regularly. Understanding what they look for helps you: (1) Keep your branch AUDIT-READY, (2) Answer audit queries confidently, (3) Score easy exam marks — audit types are ALWAYS asked! Audit = the doctor’s check-up for your bank. Multiple doctors, multiple specialisations, one goal: keep the bank HEALTHY!
🎯

Exam

3–5 questions! Types of audit, who conducts, RBIA, LFAR, CAATs, concurrent vs statutory, HIA reporting line. Very scoring!

💼

Daily Work

Concurrent auditors visit DAILY. Internal audit happens periodically. You need to keep records ready and answer queries.

🛡️

Career

If you become a branch manager, you’re responsible for ALL audit compliances. Understanding audit = better manager!

🚀
Section 2 of 9

The Full Chapter — All Audit Types Explained Simply

🔍 Part 1 — What is Audit? (The Basics)

Audit = A systematic examination of the books of account and records of a business to confirm that: (a) financial statements are TRUE and FAIR, (b) accounting has been done properly, (c) regulatory rules have been followed, and (d) no frauds or errors exist.

Key points from the textbook: The main objective has shifted from just checking ARITHMETICAL accuracy to confirming that statements show a “true and fair view” of the financial position. Audit is now done “THROUGH the computer” (not just “around” it). CAATs (Computer Aided Audit Techniques) are standard. The auditor can only express an OPINION — they can’t check every single transaction. Non-monetary facts (like employee morale) can’t be audited.

Companies Act, 2013 — Chapter X: Covers appointment of auditors, eligibility, qualifications, disqualification, removal, resignation, remuneration, powers, and duties.

Banking Regulation Act, 1949 — Section 30(1): Mandates that the Balance Sheet and P&L of every banking company must be audited.

🧑‍💼 Banky: “Audit = health check-up for the bank 🏥. The doctor (auditor) checks if everything is functioning properly. They can’t check every cell in your body, but they can tell if you’re healthy overall!”

📋 Part 2 — RBIA: Risk-Based Internal Audit

RBI introduced RBIA vide circular dated December 27, 2002 (supplemented January 07, 2021) for all Scheduled Commercial Banks. It’s a MAJOR shift from the old way of auditing.

Old way: Check every transaction, test accuracy of every record — “transaction testing.” New way (RBIA): Focus on RISKS. Which areas are risky? Are controls adequate? Is risk management effective? Prioritise audit resources based on risk level. It’s not about auditing risks — it’s about auditing the MANAGEMENT of risk.

RBI’s key requirements for Internal Audit:

(a) Authority & Independence: Head of Internal Audit (HIA) must be a senior executive with independent judgment. Must have access to ALL records and ANY staff member.

(b) Competence: Internal auditors need skills in banking operations, accounting, IT, data analytics, forensic investigation.

(c) Staff Rotation: Board prescribes minimum period of service in audit function.

(d) HIA Tenure: Minimum 3 years (preferably).

(e) Reporting Line: HIA reports to Audit Committee of the Board (ACB) or MD & CEO. Must NOT have any reporting relationship with business verticals. Must NOT be given business targets. In foreign banks operating as branches, HIA reports to controlling office/head office.

Standards: Banks encouraged to adopt International Internal Audit Standards by Basel Committee on Banking Supervision (BCBS) and Institute of Internal Auditors (IIA).

🧑‍💼 Banky: “Old audit = checking every answer in every notebook 📝. RBIA = checking WHERE students are most likely to cheat, and focusing extra attention there! Smart auditing!” 🧠

🏦 Part 3 — Types of Bank Audits (The Big 7!)

1️⃣ CONCURRENT AUDIT: The “early warning system.” Aims to shorten the gap between a transaction and its examination. Conducted DAILY or very frequently. Like having a teacher check your homework EVERY day! RBI revised guidelines vide circular dated September 18, 2019. Covers: coverage, appointment, accountability, tenure, remuneration, reporting, effectiveness review.

2️⃣ INTERNAL AUDIT / IS AUDIT: Conducted by bank’s OWN staff and CA firms. Ensures accuracy and correctness of books. Focuses on fraud detection, errors, omissions, irregularities. Information Systems (IS) Audit = auditing the TECHNOLOGY — CBS, internet banking, cybersecurity. Uses CAATs. CISA-qualified professionals form separate IS Audit teams. IS audit = essential part of internal audit in the CBS era. Branch managers submit monthly compliance of IS audit DO’s and DON’Ts. Standard on Internal Audit (SA) 14 by ICAI covers IT environment procedures.

3️⃣ STATUTORY AUDIT: Conducted by a Statutory Auditor (external CA firm). MANDATORY under Banking Regulation Act Section 30(1). Not just checking transactions (that’s concurrent/internal audit’s job). Statutory audit looks at: loans, advances, NPA classification, PSL compliance, CRR, SLR, CRAR, and all statutory norms. Issues: (a) Statutory Audit Report (SA 700/705/706 by ICAI), (b) Long Form Audit Report (LFAR) — as per RBI guidelines (format revised September 05, 2020), (c) Tax Audit Report (Income Tax Act, 1961). 17 stages of statutory audit including materiality assessment, going concern evaluation, fraud risk (including money laundering), Basel III conformity, NPA classification (borrower-wise, not facility-wise).

4️⃣ REVENUE AUDIT: Specifically checks if the bank has correctly earned all income and properly accounted for all expenses. Stock and receivables audit — usually only LARGE borrower accounts. Ensures no revenue leakage.

5️⃣ FORENSIC AUDIT: Examination of financial information for use as EVIDENCE IN COURT. Determines whether fraud actually occurred, names the persons involved, checks if business value has been manipulated in the financial statements. Forensic = for LEGAL proceedings.

6️⃣ MANAGEMENT AUDIT: Assesses the MANAGEMENT itself — their methods, policies, strategic planning, use of resources, employee development. Checks if management objectives are being met. Evaluates management EFFICIENCY, not just financial accuracy.

7️⃣ TAX AUDIT (incl. GST): Analyses tax returns to check if income tax payment is correct. Statutory auditors of banks usually handle taxation and GST provisions.

🧑‍💼 Banky: “7 audits = 7 doctors! 👨‍⚕️ Concurrent = daily check-up. Internal = monthly full body test. Statutory = annual specialist exam. IS = technology scan. Forensic = detective investigation. Management = performance review. Tax = tax consultant!” 🏥
🎯
Section 3 of 9

Exam-Ready Points

🎯 Must Remember!

  • Audit = Instrument of financial control. Ensures “true and fair view.” Not just arithmetical accuracy.
  • Companies Act 2013, Chapter X: Appointment, eligibility, powers, duties of auditors.
  • Banking Regulation Act, Section 30(1): BS and P&L of banks MUST be audited.
  • RBIA: Risk-Based Internal Audit. RBI circular Dec 27, 2002 (supplemented Jan 07, 2021). Focus on risk MANAGEMENT, not just transactions.
  • HIA (Head of Internal Audit): Senior executive. Reports to ACB or MD/CEO. NO business targets. Minimum tenure = 3 years preferably.
  • HIA must NOT: Have reporting relationship with business verticals. Be given business targets.
  • In foreign banks: HIA reports to controlling office/head office.
  • Concurrent Audit: Early warning system. DAILY/frequent. RBI guidelines Sept 18, 2019. Shortens gap between transaction and examination.
  • Internal Audit: By bank’s OWN staff (and CAs). Ensures accuracy. Fraud detection focus.
  • IS Audit: Technology audit. CISA-qualified. CAATs used. SA-14 by ICAI. Part of internal audit post-CBS.
  • CAATs = Computer Aided Audit Techniques. Used in critical areas: revenue leakage, treasury, AML, control weaknesses, penetration testing.
  • Statutory Audit: By external STATUTORY AUDITOR (CA firm). Mandatory under B.R. Act. Issues LFAR (Long Form Audit Report). Covers PSL, CRR, SLR, CRAR, NPA classification.
  • LFAR = Long Form Audit Report. Issued by STATUTORY auditor (not concurrent!). Format revised by RBI Sept 05, 2020.
  • 3 Reports by Statutory Auditor: (1) Statutory Audit Report (SA 700/705/706), (2) LFAR, (3) Tax Audit Report.
  • NPA classification in statutory audit: Should be BORROWER-wise, NOT facility-wise.
  • Revenue Audit: Checks income and expenses. Stock & receivables audit — large borrower accounts only.
  • Forensic Audit: For COURT evidence. Determines if fraud occurred. Names persons. Checks manipulated values.
  • Management Audit: Assesses management efficiency, policies, strategic planning. NOT always conducted by management itself!
  • “Management audit is ALWAYS conducted by the management of the bank” = INCORRECT (exam trap!)
  • Primary objective of financial audit = Ensure TRUE and FAIR view of financial statements
  • Auditor limitations: Can only express opinion. Depends on explanations from others. Can’t audit non-monetary facts. Can’t check every transaction (uses sampling).

📝 Past Exam Questions

Q: Long Form Audit Report (LFAR) is issued by?
A: Statutory Auditor (not concurrent, not internal, not tax auditor)
Q: Primary objective of Financial Audit is to?
A: Ensure that the financial statements give a True and Fair view
Q: Internal Audit is generally undertaken by?
A: Bank’s own staff (and to some extent by CA firms)
Q: Internal Audit is aimed at?
A: Ensuring the accuracy and correctness of the books of account of the bank
Q: Which statement is NOT correct?
A: “Management audit is always conducted by the management of the bank” — INCORRECT! It may be done by external experts too.
🧠
Section 4 of 9

Memory Tricks

🧠 Trick 1 — 7 Types of Audit

C-I-S-R-F-M-T
“CISFR-MT = CIS Friends Meet Today!”
C = Concurrent (daily check) 📋
I = Internal (own staff) 👥
S = Statutory (external CA) 📝
R = Revenue (income check) 💰
F = Forensic (court evidence) 🕵️
M = Management (efficiency) 📊
T = Tax/GST (returns) 🧾
7 types of audits banks face. Concurrent is most frequent. Statutory is most important legally.

🧠 Trick 2 — LFAR

Who issues it?
“LFAR = Long Form = STATUTORY!”
L = Long
F = Form
A = Audit
R = Report
Issued by STATUTORY auditor only!
LFAR is the detailed report issued by the statutory auditor as per RBI guidelines. Not concurrent, not internal.

🧠 Trick 3 — RBIA

Audit the MANAGEMENT of risk
“RBIA = Risk Based = SMART audit! 🧠
Old: Check EVERY answer
New: Check WHERE cheating is likely!
Focus on RISK MANAGEMENT,
not just transactions!”
RBI introduced RBIA in 2002. Shifted from transaction testing to risk assessment. Prioritise audit where risk is highest.

🧠 Trick 4 — HIA Rules

Independence is KEY
“HIA = Head of Internal Audit
Reports to: ACB or MD/CEO 📊
NO business targets! 🚫
NO business reporting line! 🚫
Tenure: 3 years minimum ⏰”
HIA must be independent. Can’t have any link to business operations. Must have access to all records and staff.

🧠 Trick 5 — Concurrent vs Statutory

Daily check vs Annual exam
Concurrent = DAILY homework check 📝
(checks transactions as they happen)
Statutory = ANNUAL board exam 📋
(checks overall compliance, PSL, CRR, NPA)
Both are different! Don’t confuse!
Concurrent is frequent and operational. Statutory is annual and compliance-focused. Statutory issues LFAR, concurrent doesn’t.

🧠 Trick 6 — Forensic Audit

Detective work!
“Forensic = for the COURTROOM! ⚖️
Did fraud happen? YES/NO
WHO did it? Names!
HOW MUCH was stolen? Amount!
Like CSI for banks!” 🔍
Forensic audit examines financial info for use as court evidence. Determines fraud occurrence, identifies culprits, measures damage.

🧠 Trick 7 — CAATs

Computer-Aided Audit
“CAATs = CATS that audit! 🐱💻
Recalculate interest
Test controls
Extract samples
Penetration testing
Revenue leakage detection!”
Computer Aided Audit Techniques. Used in IS audit for critical areas: revenue, treasury, AML, general controls, application controls.

🧠 Trick 8 — Exam Traps!

Don’t fall for these!
“Management audit ALWAYS by management”
= ❌ WRONG! (Can be external!)
“LFAR by concurrent auditor”
= ❌ WRONG! (By STATUTORY!)
“Primary objective = error detection”
= ❌ WRONG! (= True & Fair view!)
3 common exam traps. Know the correct answers: Management audit can be external. LFAR = statutory. Primary objective = true & fair view.
📊
Section 5 of 9

The Whole Chapter in One Picture

AFM Chapter 11 — Bank Audit & Inspection 🕵️ 7 DOCTORS FOR THE BANK’S HEALTH! 📋 1. CONCURRENT DAILY check | Early warning RBI circular Sept 2019 👥 2. INTERNAL + 💻 IS AUDIT Bank’s own staff + CAs | Fraud detection | CISA teams CAATs | SA-14 by ICAI | RBIA framework 📝 3. STATUTORY External CA | B.R. Act S.30 LFAR | PSL, CRR, SLR, NPA 💰 4. REVENUE Income/expense check | Large a/c 🕵️ 5. FORENSIC Court evidence | Fraud finding 📊 6. MANAGEMENT Efficiency, policy, strategy 🧾 7. TAX / GST Tax returns, IT Act 1961 🧠 RBIA = Risk-Based Internal Audit RBI 2002/2021 | Not auditing risks — auditing MANAGEMENT of risk HIA → Reports to ACB/MD | NO business targets | Min 3 yrs | BCBS + IIA standards 📝 STATUTORY AUDIT REPORTS 1. Audit Report (SA 700/705/706) | 2. LFAR (RBI format) 3. Tax Audit Report | 17 stages | NPA = borrower-wise NOT facility-wise ⚡ Primary objective = TRUE & FAIR VIEW | Audit “THROUGH” computer not “around” | CAATs = Computer Aided Audit | LFAR = Statutory only! bankerbro.com/ • JAIIB AFM Chapter 11 • Module A • 🎉 FINAL CHAPTER!
Section 6 of 9

Last-Minute Flash Cards

What is Audit?
Systematic examination → “True & Fair View”
Not just arithmetical accuracy. Provides comfort to users of financial statements.
7 Audit Types
CISFR-MT = “CIS Friends Meet Today!”
Concurrent, Internal, Statutory, Revenue, Forensic, Management, Tax
Concurrent Audit
DAILY check | Early warning system
RBI guidelines Sept 2019 | Shortens gap between transaction and examination
Internal Audit
By bank’s OWN staff | Accuracy + fraud detection
RBIA framework | IS Audit = technology audit with CAATs | SA-14 for IT
Statutory Audit
External CA | MANDATORY under B.R. Act S.30
Issues LFAR! Checks PSL, CRR, SLR, CRAR, NPA classification (borrower-wise)
LFAR
Long Form Audit Report — by STATUTORY auditor only!
RBI format revised Sept 2020 | NOT by concurrent or internal auditor
RBIA
Risk-Based Internal Audit | RBI 2002/2021
Audit MANAGEMENT of risk, not just transactions. Prioritise by risk level.
HIA
Reports to ACB/MD | NO business targets | Min 3 yrs
Senior executive. Access to all records. Independent. Foreign banks → HIA reports to HO.
Forensic Audit
For COURT evidence | Detects fraud + names culprits
Like CSI for banks! Checks if fraud occurred, who did it, how much damage.
CAATs
Computer Aided Audit Techniques
Used in IS audit: recalculate interest, test controls, compliance, sampling, penetration testing.
Exam Trap #1
“Management audit ALWAYS by management” = WRONG!
Can be conducted by external experts too. Management audit checks EFFICIENCY of management.
Exam Trap #2
“Primary objective = error detection” = WRONG!
Primary objective = TRUE and FAIR view. Error/fraud detection is INCIDENTAL (secondary).

⚡ Chapter 11 Done! 🎉 MODULE A COMPLETE!

  • Audit: Systematic examination for “true and fair view.” Now done “through” computers using CAATs.
  • 7 Audits (CISFR-MT): Concurrent (daily), Internal (own staff), Statutory (external CA), Revenue, Forensic, Management, Tax.
  • RBIA: Risk-Based Internal Audit. Audit the management of risk, not just transactions. RBI mandate since 2002.
  • HIA: Reports to ACB/MD. Independent. No business targets. Min 3 years tenure.
  • Statutory Audit: Mandatory (B.R. Act S.30). Issues LFAR + Audit Report + Tax Report. NPA = borrower-wise.
  • Forensic Audit: Court evidence. Fraud investigation. Names culprits. Like CSI for banks!
  • Exam Traps: LFAR = statutory only. Primary objective = true & fair (not error detection). Management audit ≠ always by management.
🎉🏆🎊

CONGRATULATIONS! MODULE A — ALL 11 CHAPTERS COMPLETE!

From “What is Accounting?” all the way to “Bank Audit & Inspection” — you’ve mastered the ENTIRE accounting foundation. Banky is now a certified accounting pro! 🌟

Ch1: Definition & Scope ✅ Ch2: Basic Accountancy ✅ Ch3: Cash Books & Ledger ✅ Ch4: Bank Reconciliation ✅ Ch5: Trial Balance & Errors ✅ Ch6: Depreciation ✅ Ch7: Capital & Revenue ✅ Ch8: Bills of Exchange ✅ Ch9: Operational Aspects ✅ Ch10: Back Office ✅ Ch11: Bank Audit ✅ 🏆
🏆

Banky says: “7 audits = 7 doctors for my bank! CISFR-MT! LFAR = Statutory only! RBIA = Smart audit! MODULE A DONE — I’m ready for the exam!” 🎉🏆📚

You’ve completed ALL 11 chapters of AFM Module A — Accounting Principles. Time to move to Module B! 💪

Do You Like it ? Share it to Your Friends
Scroll to Top