The Reserve Bank of India (RBI) on Wednesday unveiled the risk-based internal audit (RBIA) system for select non-bank lenders and urban co-operative banks, with a view to enhance the quality and effectiveness of their internal audit system.
All the deposit-taking non-banking financial companies (NBFCs) and the ones with an asset size of over Rs 5,000 crore, and urban co-operatives banks (UCBs) with assets of over Rs 500 crore will have to migrate to the new system, the RBI said.
Currently, all the entities supervised by the RBI have their own approaches on internal audit, resulting in certain inconsistencies, risks and gaps in the system, the RBI said.
The NBFCs and UCBs face risks similar to the ones for scheduled commercial banks which require an alignment of processes, it added.
The central bank said the RBIA is an audit methodology that links an organisation's overall risk management framework. It provides an assurance to the board of directors and the senior management on the quality and effectiveness of the organisation's internal controls, risk management and governance-related systems and processes, it added.
The internal audit function is an integral part of sound corporate governance and is considered as the third line of defence, it said.
Historically, the internal audit system at NBFCs/UCBs has generally been concentrating on transaction testing, testing of accuracy and reliability of accounting records and financial reports, adherence to legal and regulatory requirements, which might not be sufficient in a changing scenario.
A shift to a framework which focuses on evaluation of the risk management systems and control procedures in various areas of operations, in addition to transaction testing, will help in anticipating areas of potential risks and mitigating such risks, the RBI said.
RBIA should undertake an independent risk assessment for the purpose of formulating a risk-based audit plan, which considers the inherent business risks emanating from an activity/location and the effectiveness of the control systems for monitoring such inherent risks, it said.
The entities have to implement the RBIA framework by March 31, 2022, and have been asked to constitute a committee of senior executives with the responsibility of formulating a suitable action plan.
The panel may address transitional and change management issues and should report progress periodically to the board and senior management, the central bank said.
(Only the headline and picture of this report may have been reworked by the Business Standard staff; the rest of the content is auto-generated from a syndicated feed.)