Launch offer — 25% off with code LAUNCH-25 See plans →
Try now → N
📚 Learn/ / AUDIT
Microlesson · 5-min read

Bank Audit Approach & Control Environment

# Bank Audit Approach & Control Environment

## Drawing the Audit Plan

An audit plan should be drawn up based on:

1. Nature and level of operations of the bank/branch.

2. Nature of adverse features identified.

3. Level of compliance based on previous reports.

4. Audit risks based on inadequacies in Internal Control (IC).

## Control Environment - The 5W1H Framework

When evaluating control activities at a bank, the auditor uses a structured 5W1H approach:

### WHO performs the control?

  • Who actually performs the control?
  • Does that person have the requisite knowledge and authority to perform it?

### WHAT evidence exists?

  • What evidence is available to prove that the control is performed?

### WHEN is it performed?

  • When and with what frequency is the control performed?
  • Is the frequency enough to prevent, detect and correct Risk of Material Misstatement (ROMM)?

### WHERE is the evidence retained?

  • Where is evidence of control performance retained?
  • For how long is the evidence retained?
  • Is the evidence available for review?

### WHY is the control performed?

  • Why is this control being performed?
  • What type of errors are prevented or detected through performance of this control?

### HOW is it performed?

  • How exactly is the control performed?
  • What are the control activities?
  • Can these activities be bypassed?
  • Can a bypass, if any, be detected?
  • How are deviations resolved on identification?
  • What is the time frame for resolving deviations?

## Audit Planning Memorandum (APM)

The auditor should summarise the audit plan by preparing an APM to:

  • Describe the expected scope and extent of audit procedures.
  • Highlight all significant issues and risks identified during planning and Risk Assessment Procedures (RAP).
  • Provide evidence that the engagement was planned appropriately.

## Form & Content of Financial Statements

Banking Regulation Act, 1949 — Third Schedule:

  • Form A → Form of Balance Sheet
  • Form B → Form of Profit & Loss A/c

Worked example

### Example 1

Example — Using 5W1H:

The bank has a control that 'all cash payments above ₹50,000 require Manager approval'. Test using 5W1H:

  • Who: Branch Manager. Does the manager have authority? Yes — per delegation matrix.
  • What: Manager's signature on the payment voucher.
  • When: At the time of each payment above ₹50,000.
  • Where: Signed vouchers filed in cashier's daily file, retained for 8 years.
  • Why: To prevent unauthorised high-value cash outflows.
  • How: Cashier brings voucher to manager; can this be bypassed? Cashier could pay without signature — bypass detected by daily cash reconciliation.

⚠️ Common exam mistakes

  • Treating audit planning as a single document — it is a continuous process documented in the APM.
  • Missing the 'can it be bypassed?' question — auditors must consider override of controls.
Bare-Act text Third Schedule (Form A & Form B) · Banking Regulation Act, 1949 · click to expand
Form A of the Third Schedule to the Banking Regulation Act, 1949 prescribes the form of Balance Sheet, and Form B prescribes the form of Profit & Loss Account for banking companies.
← Previous
Bank Audit - Types of Banks &
Next →
Bank Audit Reports & Engagemen
Now that you've read this — what's next?
Move from understanding → mastery in 3 clicks. Each option below picks up from this lesson's topic.
🔥 Drill 5 Qs on this → ✍️ Adaptive practice →
Start 15-min diagnostic