Overview

Inspection Department was set up in 1935 when the Reserve Bank of India commenced its operations. The Department is tasked with the mandate of providing an independent and objective risk assurance/feedback on the operations/working of the offices of the Reserve Bank. It examines/evaluates and reports on the adequacy and reliability of the Reserve Bank's risk management, internal controls and governance process.

The Inspection Department is the Secretariat and also reports its assessments to the Audit and Risk Management Sub-Committee (ARMS) of the Central Board of the Reserve Bank. Audit observations which have been classified as High Risk are also placed before the Executive Directors’ Committee (EDC) for their review and guidance. Findings of Information Systems (IS) audits are also placed before the Executive Directors’ Committee (EDC) and Audit and Risk Management Sub-Committee (ARMS) of the Board. The Internal Audit function constitutes a key dimension in the Reserve Bank's governance architecture.

Streams of Inspection in the Reserve Bank

Presently, the following types of inspections are carried out/co-ordinated by the Department.

• Risk Based Internal Audit (RBIA)

• Information Systems Audit

• Concurrent Audit (CA)

• Control Self-Assessment Audit (CSAA)

• Compliance Audit

• Project Audit

Risk Based Internal Audit (RBIA)

Under the Risk Based Internal Audit (RBIA), the Inspection Department provides independent and objective opinion to the management on whether or not the Reserve Bank's business processes and risks are being properly managed. The RBIA reviews the outcomes of all other audits. Audit of various business units, i.e. Central Office Departments (CODs), Regional Offices (ROs), Training Establishments (TEs), Banking Ombudsman Offices (BO) and Associate Institutions (AIs) are taken up at different periodicities ranging from 12 to 36 months.

Information System Audit (ISA)

The Information System (IS) Audit is carried out as part of Risk Based Internal Audit (RBIA) along with functional audit to assess the adequacy and effectiveness of internal controls and provide independent assurance about the compliance of Information Systems being used in the Bank. The objective of this audit is to check adherence to the provisions of Bank’s IS Policy.

Concurrent Audit (CA)

As a part of internal control mechanism, all the business units are required to get their transactions (mainly financial transactions) audited by external chartered accountant firms, concurrently with the occurrence of such transactions.

Control Self-Assessment Audit (CSAA)

This is a self-assessment/health check-up exercise to assess gaps in risk controls so that timely reviews are made, and corrective action taken/initiated to address the gaps. The assessments are carried out by persons unconnected with the operations/process being assessed. All business units are required to conduct CSAA at least twice in a year, that is, for the half-year ended June and December every year.

Compliance Audit

Compliance Audit is an important risk mitigation tool in the organization through which the compliance status of RBIA submitted by the Auditee offices and its sustenance is ascertained. Compliance Audit is conducted by Inspection Department during the middle of the cycle, as per the directions of the Top Management for those Auditee offices which have been rated as ‘High Risk’.

Project Audit

Project Audit is an independent and objective project risk assessment function to provide assurance to the Top Management. The project audit is carried out under the aegis of Inspection Department with its internal resources or with the assistance of domain experts from other departments within the Bank or external audit firm if the need arises. Project Audit provides benefits by assessing and reconfirming feasibility of/obstacles to project, providing early warning signals/alerts, identifying and suggesting scope for improvements and saving time and cost etc.

Compliance, Follow-up and Reporting

Inspection Department follows up on the audit observations (RBIA, ISA, CA, CSAA, Compliance Audit and Project Audit) to ensure that prompt corrective actions or risk mitigating counter-measures are instituted. The Department undertakes off-site monitoring as well as on-site evaluation, wherever necessary. Off-site monitoring is undertaken by obtaining periodical returns from business units, analysing them and initiating follow-up as deemed appropriate.

ARMS & EDC Meetings

The Department co-ordinates and arranges periodical meetings of Audit & Risk Management Sub Committee (ARMS) and Executive Directors' Committee (EDC). The meetings of ARMS and EDs' Committee are conducted approximately once in three months.

Contact the Executives