Click here to Visit the RBI’s new website


(5 kb)
Risk-based internal audit

DBS.CO.PP.BC . 10 /11.01.005/2002-03

December 27, 2002

All Scheduled Commercial Banks
(Except Regional Rural Banks)

Dear Sirs,

Risk-based internal audit

Please refer to Part II of the discussion paper on `Move towards risk-based supervision of banks' forwarded to you vide letter No. DBS. CO. RBS.58/ 36.01.002/ 2001-02 dated August 13, 2001 wherein five areas of bank level preparation had been identified, which will be significant in facilitating a smooth switchover to risk-based supervision (RBS) of banks by the Reserve Bank. One of the areas relate to the introduction of a risk-based internal audit system by banks. The guidelines have now been finalised and the guidance note relating to risk-based internal audit system is enclosed.

2. The guidance note may please be placed before the Board of Directors for deliberation at the next meeting, and banks may immediately initiate necessary steps to review their current internal audit systems and prepare for transition to a risk-based internal audit system in a phased manner, keeping in view their risk management practices, business requirements, manpower availability, etc.

3. Banks should form a Task Force comprising senior executives and entrust them with the responsibility of chalking out an action plan for switching over to risk-based internal audit. The task force may identify and address transitional and change management issues, implement the action plan, monitor the progress in the transitional period and report periodically to the Board of Directors and Top Management. A quarterly report beginning from the quarter ending March 31, 2003 on the progress made in implementation of risk-based internal audit may be submitted to us as also to the Regional Office of Department of Banking Supervision under whose jurisdiction the Head Office of the bank is situated.

4. Kindly acknowledge receipt.

Yours faithfully,

(P.V. Subba Rao)
Chief General Manager-in Charge

Encl: Guidance note on risk-based internal audit