Internship Report

On

“Risk Based Internal Audit in

Bangladesh Bank”

Bangladesh Bank

(Central Bank of Bangladesh)

Asian University of Bangladesh (AUB)

Internship Report

On

“Risk Based Internal Audit in

Bangladesh Bank”

Prepared For:

Suresh Chandra Dey

Deputy General Manager

Internal Audit Department

Bangladesh Bank. Head Office

Prepared By:

Mohammed Anwarul Hoque

ID: 201310626; Section: A; Batch: 36th

Masters of Business Administration (MBA)

Department of Business Administration

Asian University of Bangladesh (AUB)

Submitted to:

Prof. Md Ashraf Hossain

Dean

Department of Business Administration

Asian University of Bangladesh (AUB)

Internship period: 4th

September to 30th

November/2014

Date of Submission: 17th December/2014

PREFACE

To obtain my professional degree of MBA from Asian University of Bangladesh (AUB), I tried

my best to prepare a professional report on “Risk Based Internal Audit in Bangladesh

Bank”. Though, it is the requirement of MBA but I tried to make this report as a professional

member of Bangladesh Bank.

The discussing report is the terminal formalities of the internship program for the degree of

Masters of Business Administration (MBA) course of Department of Business Administration

of Asian University of Bangladesh (AUB), Bangladesh, which is compact professional

progress rather than specialized. This report has been prepared as per academic requirement of

after the successful completion of 3 (three) months internship organized at Bangladesh Bank

with a view to familiarizing the students with the practical implementation of knowledge

provided in the theoretical aspects.

It is my pleasure and great privilege to submit my report titled “Risk Based Internal Audit in

Bangladesh Bank” worked out at Bangladesh Bank during September to November 2014.

As the presenter of this report, I have tried my level best to get together as much information as

possible to enrich the report while working in the company. I believe that it was a fascinating

experience to work in the Internal Audit section and it has enriched both my knowledge and

experience.

However, after all this, as a human being, I believe everyone is not beyond limitation. There

might have problems regarding lack and limitation in some aspects and also some minor

mistake such as syntax error or typing mistake or lack of information. Please pardon me for

that mistake and clarify these information on those matters.

Letter of Authorization

It is my pleasure to certify that Mohammed Anwarul Hoque has successfully completed the practical

Internship program under my supervision at the Internal Audit Department, Bangladesh Bank, Head

Office, Dhaka, from 4th September to 30

th November, 2014 on “Risk Based Internal Audit in

Bangladesh Bank” with excellent performance.

Mohammed Anwarul Hoque is also an employee of the Internal Audit Department, Bangladesh Bank

(Central Bank Of Bangladesh), Head Office, Dhaka.

I wish him every success in his life.

.......................................

Suresh Chandra Dey (Supervisor)

Deputy General Manager

Internal Audit Department

Bangladesh Bank

Head Office

Dhaka-1000.

Date17th December/2014

Letter of transmittal

December 17, 2014

Suresh Chandra Dey

Deputy General Manager

Internal Audit Department

Bangladesh Bank

Head Office

Dhaka-1000.

Subject: Submission of Internship Report on Risk Based Internal Audit in Bangladesh Bank.

Dear Sir,

With due respect & humble submission I have prepared this report on the topic “Risk Based

Internal Audit in Bangladesh Bank” as a part of my internship program. I believe that the

knowledge and experience that I have gathered during the internship program will be helpful

for my professional life. I will be grateful to you if you accept the report.

Your support in this regard will be highly appreciated.

Thanking you.

Sincerely Yours,

___________________

Mohammed Anwarul Hoque

ID: 201310626 Section A; Batch 36th

Masters of Business Administration (MBA)

Department of Business Administration

Asian University of Bangladesh (AUB)

Uttara Branch, Uttara, Dhaka

Acknowledgement

First I would like to thank almighty Allah for helping us, who gives us the ability, knowledge

and energy to complete the report paper. Especially I would like to thank my supervisor Prof.

Md Ashraf Hossain the Dean of Asian University of Bangladesh, who helped me a lot to do

this report successfully by giving a lot of instructions and making my practical knowledge

through this term paper. Without his instruction I would not able to prepare this report.

I eagerly and most authentically would like to express my sincere appreciation to my supervisor

at Bangladesh Bank Mr. Suresh Chandra Dey, Deputy General Manager. He gives me a great

flexibility to choose the topic, learning of different issues and help me to understand the

difference between theory and practice.

My Special thanks to Md.Sadrul Huda (F.C.A), General Manager, Mr. Badol Chandra Sharker,

Joint Director, Mrs. Most. Nahida Farzana, Deputy Director, Mr. Ishrat Nahid, Mr. Rabiul

Hossain, Assistant Director of Internal Audit Department, Bangladesh Bank for providing me

with all sort of information related to my report.

Finally, I would like to thank all my colleagues of Internal Audit Department of Bangladesh

Bank; their support has enabled me to complete this report. All of them have been very open

and friendly with me and provided me with all the information that I needed.

Executive Summary

Around the world, organizations face escalating financial, operational, strategic and physical

risks that have been increasing steadily in terms of impact, likelihood and complexity. This

should come as no surprise as the pace and complexity of change continues to accelerate

regardless of geography. Corporate governance, regulations and guidelines, financial reporting

requirements, operational efficiencies- all these factors drive the internal audit functions to add

value beyond any standard that has been set in the past.

Bangladesh Bank has introduced “Risk-based Internal Audit” approach in performing

internal audit activities of the Bank. In accordance with the Internal Audit Department charter

approved by the Audit Committee of the Board of Directors of Bangladesh Bank, the Internal

Audit Department (IAD) is to provide independent, objective assurance and consulting services

designed to add value and improve Bangladesh Bank operations. As mentioned in the charter,

IAD is committed to standards of best professional practice, such as International Internal

Auditing standards. The standards consist of Attributable standards, Performance standards,

and Implementation standards.

Bangladesh Bank, the central bank of Bangladesh, was established under the Bangladesh Bank

order, 1972, (President Order No.127 of 1972) after the glorious independence of Bangladesh.

Bangladesh Bank started its journey with the vision of continuous development as a forward

looking central bank with competent & committed professionals of the high ethical standards

for conducting monetary management and financial sector supervision to lead the economic

growth and development of the country. Bangladesh Bank is proud of its talented and skilled

employees. From the beginning this bank has been developing & modernizing its audit process

and practices. These activities are performed strictly by following the rules and regulation

started by BB which are very transparent & which elicit efficient result.

Table of Content C

ha

pte

r

01

ORIENTATION OF THE REPORT Page no.

1.1 Background of the Report 1

1.2 Objective of the Report 1

1.3 Origin of the Report 1

1.4 Methodology 1

1.5 Limitation of the study 2

Ch

ap

ter

02

Introductory on Bangladesh Bank

2.1 Background 3

2.2 Establishment 4

2.3 History 4

2.4 Vision 5

2.5 Bangladesh Bank Services 6

2.6 Mission 7

2.7 Core Function’s 9

2.8 List of Branches and Head Office’s Department 9

2.9 Organizational Structure 11

2.10 Current Board of Director 12

2.11 Current executive Committee 12

2.12 Foreign relation 13

2.13 Liquidity policy 13

Ch

ap

ter

03

Internal Audit Department (IAD)

3.01 Introduction 14

3.02 Mission of IAD 14

3.03 Scope of Work 14

3.04 Accountability 15

3.05 Responsibility 15

3.06 IAD Organizational Chart 16

3.07 Internal Audit Processes 17

3.08 The Challenges for Internal Audit 19

3.09 IAD Divisions 20

Ch

ap

ter –

04

Risk Based Internal Audit in BB

4.01 Operational Strategy 21

4.02 Internal Control & Internal Audit 22

4.03 Department Goals for the Period 2010-2014 23

4.04 How these objectives will be achieve (1-5) 23

4.05 Auditing of Foreign Reserve Management 26

4.06 Criteria for the Audit 27

4.07 Risk Management Framework in BB 28

4.08 Implementation of the Annual Plan 28

4.09 Auditable Units within BB 31

4.10 Reporting 32

Ch

ap

ter –

05 Findings & Recommendations

Conclusion & Recommendation 34

Appendix 35

Bibliography 36

Questionnaire 37

CCHHAAPPTTEERR -- 0011

ORIENTATION OF THE REPORT

ORIENTATION OF THE REPORT

1.1 Background of the Report 1

1.2 Objective of the Report 1

1.3 Origin of the Report 1

1.4 Methodology 1

1.5 Limitation of the study 2

1.01 Background of the Report

MBA (Internship), being a mandatory course offered by the Asian University of Bangladesh

(AUB), bears the basic ideology to introduce the young graduates to the work-world as soon as

they reach the completion of post graduate studies to make them efficient and eligible for being

among the leaders of tomorrow.

1.02 Objectives of the Report

A study is very much guided by its objectives. The present study on “Risk Based Internal

Audit in Bangladesh Bank” is conducted towards attaining the following objectives stated

bellow:

To study the Bangladesh Bank profile.

To study the process practiced by Internal Audit Department (IAD) of

Bangladesh Bank.

To study the different strategies and their implementation in achieving the goals

of IAD.

1.03 Origin of the Report

This report is prepared as partial requirement of the 3-months internship program for the BBA

Program. Bangladesh Bank has given me the opportunity to complete internship program. The

intention of Internship Program was to give opportunity to the students to gain some real world

experience by working in a practical environment.

1.04 Methodology

The research is qualitative in nature. The practical experiences and observations during

internship and in-depth discussion with key informant lead us to our answers.

I have collected our data and information from the Internal Audit Department (IAD) in

Division-1, 2, 3 General & Implementation Section. I have also collected our relevant

information by meeting the higher authority both of the departments and Human

Resources Department-2. Some of the information is collected from internet and some are

collected from Bangladesh Bank website. The study has been conducted on the basis of

secondary information such as:

• Annual Report of Bangladesh Bank 2010-2011.

• Bangladesh Bank staff Regulation Act, 2003.

• Bangladesh Bank Administrative guidelines, 2003.

• Bangladesh Bank Leave Rule, 2003.

• Bangladesh Bank Accommodation Allotment Rule, 2003.

• Website of Bangladesh Bank.

• Different manuals & publications of Bangladesh Bank.

• Different information collect from different wings and desks

1.05 Limitation of the study

Some limiting factors were faced while preparing the report. Those could be summarized as

follows:

• No secondary issues found for preparing the report such as any report or research paper.

• As employees of Bangladesh Bank, there were limitations of personnel for disclosing

some data and information for obvious reason which might be very much useful.

• The intern could not able to accommodate and spend enough time to make an in-depth

study due to time limitation.

CCHHAAPPTTEERR -- 0022 Introductory on Bangladesh Bank

INTROEDUCTORY on BB

2.1 Background 3

2.2 Establishment 4

2.3 History 4

2.4 Vision 5

2.5 Bangladesh Bank Services 6

2.6 Mission 7

2.7 Core Function’s 9

2.8 List of Branches and Head Office’s Department 9

2.9 Organizational Structure 11

2.10 Current Board of Director 12

2.11 Current executive Committee 12

2.12 Foreign relation 13

2.1 Background

Bangladesh Bank (BB) continued to focus on strengthening the financial system and improving

functioning of its various segments. The broad parameters of the reforms undertaken during the

year comprise ongoing deregulation of the operation of institutions within the BB’s regulatory

ambit, tightening of prudential regulation and improvement in supervisory oversight,

expanding transparency and market disclosure, all with a view to improving overall efficiency

and stability of the financial system. The following paragraphs highlight the recent regulatory

and supervisory measures initiated by BB for banks and finance institutions and also the

industry statistics of the banking sector and the performances trends. According to Bangladesh

Bank Order, 1972, it is necessary to establish a central bank in Bangladesh to manage the

monetary and credit system of Bangladesh with a view to stabilizing domestic monetary value

and maintaining a competitive external par value of the Bangladesh Taka towards fostering

growth and development of country’s productive resources in the best national interest.

# TYPES OF BANK #

The banking sector in Bangladesh consists of four types of scheduled banks namely State

owned Commercial Banks (SCBs), government owned Development Finance Institutions

(DFIs), Private Commercial Banks (PCBs) and Foreign Commercial Banks (FCBs).

At present there are four State-owned Commercial Banks (SCBs) operating in Bangladesh. The

second type- Development Finance Institutions (DFIs) that derive their funds mainly from the

government, other financial institutions and supranational organizations development banks

have taken a variety of specific forms, but most of them are oriented toward specific economic

activity or toward a region. There are five Development Financial Institutions (DFIs) in

Bangladesh.

The third category, i.e. private banks financed the development of the currently industrialized

countries. Frequently they were instrumental in identifying investment possibilities: arranging

for the importation of skilled managers, workers and raw materials; and taking initial steps

toward assuring markets for output.

Table: No. of Banks Bank Types No. of Bank No. of Branches

SCBs 4 3386

DFIs 5 1362

PCBs 30 2082

FCBs 9 56

Total 48 6886

(Source: Bangladesh bank Annual Report 2009)

The profit motive stipulated lending to enterprises to promising sectors. In this category there

are thirty local private commercial banks and nine foreign commercial banks.

2.2 Establishment

Bangladesh Bank, the central bank and apex regulatory body for the country's monetary and

financial system, was established in Dhaka as a body corporate vide the Bangladesh Bank

Order, 1972 (P.O. No. 127 of 1972) with effect from 16th December, 1971. At present it has

nine offices located at Motijheel, Sadarghat, Chittagong, Khulna, Bogra, Rajshahi, Sylhet,

Barisal and Rangpur in Bangladesh; total manpower stood at 5071 (officials 3914, subordinate

staff 1157) as of end FY 2010.

2.3 History

Bank and Central Banking: A Brief Concept Concept in Brief A central bank, reserve bank, or monetary authority is a banking institution granted the

exclusive privilege to lend a government its currency. Like a normal commercial bank, a

central bank charges interest on the loans made to borrowers, primarily the government of

whichever country the bank exists for, and to other commercial banks, typically as a 'lender of

last resort'. However, a central bank is distinguished from a normal commercial bank because it

has the monopoly on creating the currency of a nation, which is loaned to the government in

the form of legal tender. It is a bank that can lend money to other banks in times of need. Its

primary function is to provide the nation's Money Supply, but more active duties include

controlling subsidized-Loan Interest Rates, and acting as a lender of last resort to the Banking

Sector during times of financial crisis (private banks often being integral to the national

financial system). It may also have supervisory powers, to ensure that banks and other financial

institutions do not behave recklessly or fraudulently.

History

Strengthening the financial sector is a vital concern for an economy. Efficient banking or sound

financial system serves as an effective channel for mobilizing funds from savers to productive

sectors and thus helps to achieve economic growth. However, the idea of ‘Bank’ is so ancient

and this concept is evolving over time. Around the time of Adam Smith (1776) there was a

massive growth in the banking industry. Within the new system of ownership and investment,

the state's role as an economic actor changed substantially. The Jews in Jerusalem introduced a

kind of banking in the form of money lending before the birth of Christ. The word 'Bank' was

probably derived from the word 'bench' as during ancient time Jews used to do money lending

business sitting on long benches. First modern banking was introduced in 1668 in Stockholm

as 'Svingss Pis Bank' which opened up a new era of banking activities throughout the European

Mainland.

In the South Asian region a major landmark was the establishment of the Hindustan Bank in

1700 at Kolcutta. Dhaka Bank started to operate in1806. Banks established in this region

during the British period include Kurigram Bank (1887), Kumarkhali Bank(1896), Mahalaxmi

Bank, Chittagong bank(1910), Dinajpur Bank(1914), Comilla Banking Corporation (1914) and

Comilla Union Bank(1922). Major Indian Banks also had branches in this territory. In Europe

prior to the 17th century most money was Commodity Money, typically Gold or silver.

However, promises to pay were widely circulated and accepted as value at least five hundred

years earlier in both Europe and Asia. The medieval European Knights Templar ran probably

the best known early prototype of a central banking system. At about the same time, Kublai

Khan of the Mongols introduced Fiat Currency to China, which was imposed by force by the

confiscation of Specie. Although central banks are generally associated with fiat money, under

the international Gold Standard of the nineteenth and early twentieth century’s central banks

developed in most of Europe and in Japan, though elsewhere Free Banking or Currency Boards

were more usual at this time. Problems with collapses of banks during downturns, however,

was leading to wider support for central banks in the respective nations which did not as yet

possess them, most notably in Australia.

As the first public bank to "offer accounts not directly convertible to coin", the Bank of

Amsterdam established in 1609 is considered to be the "first true central bank". This was

followed in 1694 by the Bank of England, created by Scottish businessman William Paterson

in the City of London at the request of the English government to help pay for a war.

With the collapse of the gold standard after World War II, central banks became much more

widespread. The banking system at our independence consisted of two branch offices of the

former State Bank of Pakistan established in July 1948: one was in Bangladesh (former East

Pakistan) and the other was in West Pakistan (present Pakistan).

2.4 Vision

2.5 ---- Bangladesh Bank services

Bangladesh Bank serves the people in many ways.

Online Foreign Exchange Transaction Monitoring System

Online Foreign Exchange Transaction Monitoring System is used for monitoring total

foreign exchange transactions of Bangladesh. The system includes Export, Import,

Inward remittance (Wage Earners' remittance and other) and Outward remittance

(Traveling and Miscellaneous). Through its services, Banks and AD Branches issue &

reports Foreign Exchange Transactions to Bangladesh Bank.

Users: Banks, AD Branch of Banks and Customs

Bangladesh Bank Tender System

Bangladesh Bank introduces the online tendering system to facilitate the procurement

process of Bangladesh Bank. The system will help you to participate in the local and

international tender/procurement of Bangladesh Bank.

Returns

An Online Portal Service for Scheduled Banks to submit Electronic Returns using

predefined template for the purpose of Macro Economy Analysis through related BB

Departments.

Users: All Schedule Bank

Special Foreign Currency Account Monitoring System (SFCAMS)

Online Special Foreign Currency Account Monitoring System is used for monitoring

FC account transactions of Bangladesh. Through its services, AD Branches of Banks

report day to day Transactions (Only Special FC A/C) to Bangladesh Bank.

Users: AD Branch of Banks

Online CIB services

To create a disciplined environment for borrowing, the automated CIB service provides

credit related information for prospective and existing borrowers. With this improved

and efficient system, risk management will be more effective. Banks and financial

institutions may furnish credit information to CIB database 24 by 7 around the year;

and they can access credit reports from CIB online.

Users: Banks and FIs

Online Agent Information Management System

This system is to be used to send the required information and documents by the

Authorized Dealer Bank for granting permission under Section-18A of Foreign

Exchange Regulation Act, 1947 to work as local agent of foreign principal(s).

2.6 Mission

We at Bangladesh Bank are carrying out its following main functions as the

Country’s central bank:

Formulating monetary and credit policies;

Managing currency issue and regulating payment system;

Managing foreign exchange reserves and regulating the foreign exchange market;

Regulating and supervising banks and financial institutions, and advising the

government on interactions and impacts of fiscal, monetary and other economic

policies.

Towards achieving these, our performance commitments to our diverse broad stakeholder

groups are as follows:

For the Nation

We shall catalyze and support socially responsible and environmentally sustainable

development initiatives, inter alia including fuller financial inclusion of under-served

productive sectors and bringing in needed new dimensions in financial markets and

institutions; to facilitate broad based growth in output, employment and income, for rapid

poverty eradication and inclusive economic and social progress.

For the government

We shall adopt and implement monetary and credit policies conforming to national priorities,

in coordination with government's fiscal and other macroeconomic objectives. We shall

optimize foreign exchange reserves and returns thereon, maintain stability in financial markets

curbing excessive volatility and provide analysis and advice to the government on issues in

economic management and development.

For depositors in banks and financial institutions, investors in financial assets

We shall ensure safety of deposits in licensed banks and financial institutions with on-site and

off-site supervision of their activities and with adequate financial information disclosure

requirements, besides insuring small deposits. We shall maintain an interest rate structure that

provides fair return on financial assets while also supporting growth in the real sector and we

shall promote and support development of markets in bonds and securities.

For banks and financial institutions in Bangladesh

We shall provide precise prudential regulatory, risk management and disclosure framework to

protect solvency and liquidity of individual institutions and stability of the overall financial

system, acting as lender of last resort if and when needed. We shall issue regulations and

enforce compliance therewith inter alia on capital adequacy, asset classification, income

recognition and provisioning, large exposure and risk management; through open consultative

processes. We shall maintain external sector viability with exchange rate stability and adequate

foreign exchange reserves. We shall provide a secure and quick payment settlement system.

We shall promote and support development of new financial products, services and

instruments.

For banks abroad

We shall maintain a solvent, liquid domestic financial system with precise prudential

regulatory, risk management and disclosure framework in line with global best practice

standards. We shall maintain external sector viability with exchange rate stability and adequate

reserves. We shall maintain a secure, quick payment system for settlement of claims.

For the business community, including farm and non-farm SMEs

We shall maintain liquidity conditions and credit policies ensuring adequate credit flows at

market driven flexible interest rates for all productive economic activities, including in sectors

like agriculture and SMEs where markets have not been very responsive. We shall foster

macroeconomic stability through monetary and external sector management. We shall promote

and support development of new financial products, services and instruments. We shall

maintain a secure and quick payment system for settlement of claims.

For Bangladeshis abroad

We shall facilitate remittances from your earnings abroad to Bangladesh through legitimate

banking channels free of involvement of money launderers or terrorism financiers. We shall

support and promote development of new investment opportunities for your remittances to

Bangladesh.

For our employees

We shall maintain an environment that reinforces our pride in being employees of Bangladesh

Bank with compensation structure adequate to attract and retain the best in the market, job

assignments and logistically well resourced work situations encouraging continuous learning

and rewarding innovativeness and performance excellence by fast tracking in career path, clear

delegation and delineation of responsibilities and accountabilities, fairness and objectivity in

performance appraisal and personnel placement decisions.

2.7 Core Functions

Bangladesh Bank performs all the core functions of a typical monetary and financial sector

regulator, and a number of other non core functions. The major functional areas include:

Formulation and implementation of monetary and credit policies.

Regulation and supervision of banks and non-bank financial institutions, promotion and

development of domestic financial markets.

Management of the country's international reserves.

Issuance of currency notes.

Regulation and supervision of the payment system.

Acting as banker to the government.

Money Laundering Prevention.

Collection and furnishing of credit information.

Implementation of the Foreign exchange regulation Act.

Managing a Deposit Insurance Scheme.

2.8 List of Branches and Head Office Department

Branches

Barishal Office

Chittagong Office

Motijheel Office

Rangpur Office

Sylhet Office

Bogra Office

Khulna Office

Rajshahi Office

Sadarghat Office

Mymenshingh Office

Head Office Departments

1. Accounts and Budgeting Department 2. Agricultural Credit and Financial

Inclusion Department

3. Bangladesh Bank Training Academy 4. Bangladesh Financial Intelligence Unit

5. Banking Regulation and Policy

Department

6. Capacity Development Project

Implementation Unit

7. Central Bank Strengthening Project

Cell

8. Chief Economist's Unit

9. Common Services Department-1 10. Common Services Department-2

11. Credit Information Bureau 12. Debt Management Department

13. Department of Banking Inspection 1 14. Department of Banking Inspection 2

15. Department of Banking Inspection 3 16. Department of Banking Inspection 4

17. Department of Communications and

Publications

18. Department of Currency Management

19. Department of Financial Institutions

and Markets

20. Department of Foreign Exchange

Inspection

21. Department of Off-site Supervision 22. Deposit Insurance Department

23. Equity and Entrepreneurship Fund

Unit

24. Executive Floor

25. Expenditure Management

Department

26. Financial Integrity and Customer

Services Department

27. Financial Stability Department 28. Foreign Exchange Investment

Department

29. Foreign Exchange Operation

Department

30. Foreign Exchange Policy Department

31. Forex Reserve & Treasury

Management Department

32. Governor's Secretariat

33. Green Banking and CSR Department 34. Grihayan Tohbil and Fund

Management

35. Human Resources Department 1 36. Human Resources Department 2

37. Information Systems Development

Department

38. Internal Audit Department

39. Investment Promotion & Financing

Facility Project Cell

40. IT Operation and Communication

Department

41. Law Department 42. Monetary Policy Department

43. Payment Systems Department 44. Research Department

45. Secretary's Department 46. Security Management Department

47. SME & Special Programmes

Department

48. Special Studies Cell

49. Statistics Department 50.

2.9 Organizational Structure

Governor

Deputy Governor

Executive Director Economic Adviser

General Manager System Manager

Deputy General manager Senior System Analyst Deputy Chief Medical Officer

Joint Director

Joint Manager

Systems Analyst /Sr. Programmer

Sr. Maintenance Engineer

Operation Manager

Asstt. Chief Medical officer

Deputy Director

Deputy Manager

Programmer Maintenance Engineer

Computer Operation Supervisor

Sr. Medical Officer

Assistant Director

Assistant Manager

Assistant Programmer

Assistant Maintenance

Engineer

Sr. Computer Operator

Medical Officer

Officer Cash Officer Data Entry/Control Supervisor

Clerk-1st Grade Sr. Data Entry Control

Operator

Stenographer Typist Telephone Operator

Data Entry/Control Operator

Caretaker-1st Grade

Caretaker-2nd Grade

Jomader MLSS

Door Keeper Mali Khedmtfar

2.10 Current Board of Directors

Chairman

Dr. Atiur Rahman

Director

Md. Abul Quasem

Dr. Mustafa Kamal Mujeri

Prof. Sanat Kumar Saha

Dr. Sadiq Ahmed

Prof. Hannana Begum

Md. Ghulam Hussain

Dr. M. Aslam alam

Mr. Mahbub Ahmed

Secretary

Ahmed Jamal

2.11 Current Executive Committee

Governor

Dr. Atiur Rahman

Deputy Governor

Md. Abul Quasem

Abu Hena Mohd. Razee Hassan

Shitangshu Kumar Sur Chowdhury

Nazneen Sultana

Executive Director

Md. Ahsan Ullah

Md. Ebtadul Islam

M. Mahfuzur Rahman

S. M. Moniruzzaman

M. Abdul Haque

Mohammad Naushad Ali Chowdhury

Ahmed Jamal

Gouranga Chakraborty (ICT)

Nirmal Chandra Bhakta

Subhankar Saha

Mohammad Masum Kamal Bhuiyan

Md. Abdur Rahim

Jinnatul Bakeya

Mijanur Rahman Joddar

Md. Mozibar Rahman

Md. Nazimuddin

Economic Advisor

Dr. Md. Akhtaruzzaman

2.12 Foreign Relation

Bangladesh Bank has correspondent relationships with one international and 8 foreign central

banks viz., the Federal Reserve Bank of New York, Bank of Canada, Bank of England, Banque

de France, Deutsche Bundesbank, Bank of Japan, Sveriges Riksbank of Stockholm, Reserve

Bank of India and the Bank for International Settlements, Basle, Besides, Bangladesh Bank has

now invested its foreign exchange reserves with 14 banks at different international financial

centers.

2.13 Liquidity Policy

As guardian of money market Bangladesh Bank has preserve all right to manage liquidity of

the money market. The main objective of liquidity policy is to stabilize the price level and to

gain a higher GDB. Forex reserve is the direct indicator of liquidity in the financial system.

Bangladesh Bank has to follow some indirect initiative to control money circulation in the

market. For this, it controls the scheduled bank reserve which is consistent with total currency

circulation. These reserves are known as cash reserve rate (CRR) and statutory liquidity rate

(SLR). Bangladesh Bank also influences the liquidity of commercial bank by REPO,

REVERSE REPO, change in reserve ratio and change in discount rate.

CCHHAAPPTTEERR -- 0033

INTERNAL AUDIT DEPARTMENT

Internal Audit Department (IAD)

3.01 Introduction 14

3.02 Mission of IAD 14

3.03 Scope of Work 14 3.04 Accountability 15

3.05 Responsibility 15

3.06 IAD Organizational Chart 16

3.07 Internal Audit Processes 17

3.08 The Challenges for Internal Audit 19

3.09 Changing the focus 20

3.10 IAD Divisions 21

3.01 Introduction

Around the world, organizations face escalating financial, operational, strategic and physical

risks that have been increasing steadily in terms of impact, likelihood and complexity. This

should come as no surprise as the pace and complexity of change continues to accelerate

regardless of geography. Corporate governance, regulations and guidelines, financial reporting

requirements, operational efficiencies- all these factors drive the internal audit functions to add

value beyond any standard that has been set in the past.

Bangladesh Bank has introduced “Risk-based Internal Audit” approach in performing internal

audit activities of the Bank. In accordance with the Internal Audit Department charter approved

by the Audit Committee of the Board of Directors of Bangladesh Bank, the Internal Audit

Department (IAD) is to provide independent, objective assurance and consulting services

designed to add value and improve the Bangladesh Bank operations. As mentioned in the

charter, IAD is committed to standards of best professional practice, such as International

Internal Auditing standards. The standards consist of Attributable standards, Performance

standards, and Implementation standards.

3.02 Mission of IAD

The Internal audit Department’s mission is closely aligned with that of The Institute of Internal

Auditors. Internal Audit is to provide independent, objective assurance and consulting services

designed to add value and improve the Bangladesh Bank operations. It is to help Bangladesh

Bank (the Bank) accomplish its objectives by bringing a systematic, disciplined approach to

evaluate and improve the effectiveness of risk management, control, and governance processes.

3.03 Scope of Work

Internal Audit is to provide independent, objective assurance and consulting services designed

to add value and improve the Bangladesh Bank operations. It is to help Bangladesh Bank (the

Bank) accomplish its objectives by bringing a systematic, disciplined approach to evaluate and

improve the effectiveness of risk management, control, and governance processes.

The scope of work of the Department is to determine whether the Bank's network of risk

management, control, and governance processes, as designed and represented by management,

is adequate and functioning in a manner to ensure:

Risks are appropriately identified and managed.

Interaction with the various governance groups occurs as needed.

Significant financial, managerial and operating information is accurate, reliable, and

timely.

Employees' actions are in compliance with policies, standards, procedures, and

applicable laws and regulations.

Resources are acquired economically, used efficiently, and adequately protected

Programs, plans, and objectives are achieved.

Quality and continuous improvement are fostered in the Bank's control process.

Significant legislative or regulatory issues impacting the Bank are recognized and

addressed appropriately.

Opportunities for improving management control, profitability and the Bank's image may be

identified during audits. They will be communicated to the appropriate level of management.

3.04 Accountability

Internal Audit Department in the discharge of its duties, shall be accountable to management

and the audit committee to:

Provide annually an assessment on the adequacy and effectiveness of the Bank's

processes for controlling its activities and managing its risks in the areas set forth

under the mission and scope of work.

Report significant issues related to the processes for controlling the activities of

the Bank and its affiliates, including potential improvements to those processes,

and provide information concerning such issues through special reports.

Periodically provide information on the status and results of the annual audit and

inspection plan and the sufficiency of department resources.

Co-ordinate with and provide oversight of other control and monitoring functions

(risk management, compliance, security, legal, ethics, environmental, external

audit).

3.05 Responsibility

The General Manager and officers of Internal Audit Department have responsibility to:

Develop a flexible annual audit & periodical inspection plan using an appropriate risk-

based methodology, including any risks or control concerns identified by management

and submit that annual audit plan to the audit committee for review and approval as

well as periodic updates.

Implement the annual audit & periodical inspection plan, as approved, including as

appropriate any special tasks or projects requested by management and the audit

committee.

Maintain a professional audit staff with sufficient knowledge, skills, experience, and

professional certifications to meet the requirements of the Charter.

Evaluate and assess significant merging/consolidating functions and new or changing

services, processes, operations, and control processes coincident with their

development, implementation, and/or expansion.

Issue periodic reports to the audit committee and management summarizing results of

audit activities.

Keep the audit committee informed of emerging trends and successful practices in

internal auditing.

Provide a list of significant measurement goals and results to the audit committee.

Assist in the investigation of significant suspected fraudulent activities with the Bank

and notify management and the audit committee of the results.

Consider the scope of work of the external auditors and Government, as appropriate,

for the purpose of providing optimal audit coverage to the Bank at a reasonable overall

cost.

3.06 IAD Organizational Chart

GM

DGM

JD

DD

AD

Board of Directors

Audit Committee

Governor

3.07 Internal Audit Processes

INTERNAL AUDIT DEPARTMENT, BANGLADESH BANK

INTERNAL AUDIT PROCESSES

As mentioned in the Charter, Internal Audit Department is committed to standards of best

professional practice, such as International Internal Auditing Standards. The standards consist

of Attributable Standards, Performance Standards, and Implementation Standards.

The basic steps in the internal audit processes are stated below:

1.0 Audit Planning Process

The basic audit planning process consists of two phases: the assessment of business risk and

the development of the annual plan. Assessing of business risk focuses on viz.

(i) defining auditable units,

(ii) defining the risk criteria,

(iii) constructing the risk model

(iv) Ranking the auditable units.

1.1 Defining Auditable units

Auditable units are defined as individual applications, business units, departments or offices

each of these approaches either limits the scope of an audit project or broadens it beyond what

can reasonably be managed.

1.2 Defining the risk criteria

The model is based on operational risk, exposure and controls. Each area is broken down into

sub‐categories as follows:

Operational risk – people, systems, process, contractual, reputational, political

Exposure – financial, regulatory, customer

Controls – people, process, information systems, reporting.

The controls categories are further broken down into the following sub‐categories viz. people,

process and information systems.

1.3 Constructing the Risk Model

The risk assessment and audit planning methodology is a structured approach to a subjective

process. The risk assessment and planning model is the product of value judgments.

1.4 Ranking the Auditable units

The risk profile spreadsheet computes a score for each auditable unit based on risk, exposure

and control. This score is then converted into a ranking for each criterion as follows:

Operational Risk – high, medium, low Page

Exposure – high, medium, low

Control ‐ high, medium, low

These ratings are then fed into a risk matrix which allocates the auditable units from highest

critical areas to the lowest critical areas.

1.5 Development of the Annual Plan

Based on the risk the auditable units are broken down into areas of high, medium and low

criticality for the Bank. The initial audit approach is:

High criticality: Twice in a year

Medium and low criticality: Once in a year.

The exact timing of audit is determined prior to the commencement of each quarter.

2.0 Developing Audit Program

Once the annual plan is developed and approved, Audit Programs are developed for each audit

to be undertaken. Audit Program is to be reviewed prior to the start of each audit to determine

if there have been any changes. The steps in developing an Audit Program are: understand the

operations, develop flowchart or narrative, review the process with the concerned staff and

develop the Audit Program.

3.0 Implementing the Annual Audit Plan

The department undertakes structured approach to accomplish the annual plan and the actual

audit can be broken up into a number of stages stated below.

3.1 Preparation stage

At this stage, the team leader ensures that all the necessary requirements for the audit are

prepared and available and preliminary reviews and information gathering is undertaken.

3.2 Fieldwork

During the fieldwork the auditor gathers evidence in order to determine the status of operations

and controls within a particular area. This evidence is the basis for the auditor’s conclusions

about a particular assignment.

3.3 Documentation or working paper

The working papers are evidence in support of the audit findings and opinion.

3.4 Audit Findings

Findings are pertinent statements of fact uncovered during the course of an audit and these are

to be reported. The findings are reviewed by the Team leader and the Head of Audit prior to

the final report being issued

4.0 Reporting

The audit reports are submitted to the auditable units, senior management and to the Audit

Committee of the Board. The audit reports contain findings which are of a critical nature and

have a major impact on the organization. Other operational issues identified during the audit

which are considered not to be of a material nature but are worth are reported through

‘Management Report’ to the Head of the Department/Office and Head of the area being

audited.

5.0 Follow‐up

Internal Auditors follow up to ensure that appropriate and timely action has been taken on audit

findings and recommendations. Internal Audit Department reports to the Audit Committee on

the current status of outstanding findings and what action is being taken to resolve the issues.

6.0 External Audit

Internal audit uses the external audit reports and ensures that any issues raised by the external

auditor have been followed up by management and whether corrective action has been taken in

a timely manner.

3.08 The challenges for Internal Audit

Control

Ask auditors their prime area of expertise and many will say ‘Control’. Can you

honestly say that you are an expert in all aspects of your organization’s operations? I

doubt it. Why then is Internal Audit obsessed with control?

Compliance

This is an important aspect of the traditional audit role. It is still very important today,

getting the basics wrong can spell disaster for organizations, but should compliance be

the main focus of the Internal Audit role? Our continuing research with Chief

Executives would clearly indicate that this is not the case.

Compliance, as can be seen, is increasingly unlikely to be the prime focus for Internal

Audit, with only 1 per cent of organizations who responded adopting this as the primary

approach. As you can see, the prime focus is very definitely focusing on the key risks.

This is not to say the other processes are not important, but they are unlikely to remain

the dominant focus.

Conflict

Hopefully Internal Audit does not get into too much conflict with management. Over

emphasis on control and the failure to make recommendations that are 100 per cent

practical can, however, lead to such a situation.

Challenge

This is definitely a key role for the modern function. You need to question the ‘we’ve

always done it that way’ mentality and challenge the status quo. If you do not do so in

the course of an audit, who will?

Co-ordinate

Wouldn’t it be useful if Internal Audit co-ordinate its activities with the other assurance

provider in the organization, such as Risk Management, External Audit, Health &

Safety, and so on. This would reduce duplication and create more focus.

Champion

Internal Audit should certainly be regarded as a champion. You have the opportunity to

look right across the organization and identify opportunities and good practice. Sharing

such ideas is key to success and recognition.

Catalyst

The very best Internal Audit functions are regarded as a catalyst for change, helping the

organization through the difficulties of changing environments, cultures, and so on.

Another key catalyst role is bringing people together to discuss areas of concern and

opportunit, a best-practice agent.

There are others that you can think of, such as co-operate, convince, conscience, and so

on, but I hope that the above have generated an indication of the trends occurring.

3.09 IAD Division’s

General Manager (GM)

DGM-01 DGM-02 DGM-03 DGM- 4 & 5

Division –03 General Division Division-02

Division –0 1

Implementation

CCHHAAPPTTEERR -- 0044

RISK BASED INTERNAL AUDIT

IN BANGLADESH BANK

RISK BASED INTERNAL AUDIT in BB

4.01 Operational Strategy 22

4.02 Internal Control & Internal Audit 23

4.03 Department Goals for the Period 2010-2014 24

4.04 How these objectives will be achieve (1-5) 24

4.05 Auditing of Foreign Reserve Management 27

4.06 Criteria for the Audit 28

4.07 Risk Management Framework in BB 29

4.08 Implementation of the Annual Plan 29

4.09 Auditable Units within BB 32

4.10 Reporting 33

4.01 Operational Strategy

Activities

Internal Audit focuses its efforts on the following activities to accomplish its role and

objectives:

1) Examination and evaluation – includes two components:

Audits - evaluate whether business processes are accomplishing

b a n k ’ s objectives as intended and identify ways to improve those

processes.

Investigations - gather, analyze, and present information related to

allegations of individual fiscal misconduct.

2) Counsel - participate on committees or engage in other advisory services to provide

information and advice to management.

Deliverables

During the course of a year, Internal Audit may deliver any one or more of a number of formal

or informal communications to assist the management in identifying and mitigating risks and

improving operations. The nature of the work in progress at the time the issue is

identified and/or the level of perceived risk associated with the issue will generally dictate the

form of communication utilized.

Formal Communications

Audit Report – issued during or at the conclusion of an audit project; addressed to

the Governor; utilizes balanced reporting (i.e. identifies both strengths and risks)

to help ensure audit results are fairly presented; final reports include

management’s responses and action plans with respect to the issues identified.

Specific Issues Report – issued whenever an issue is identified that is of sufficient

risk to trigger reporting to senior management, but may not be directly within

the specific scope of an audit; issued to an appropriate level of management

senior to where the issue resides, although typically to the Governor; includes

management’s response and action plan with respect to the issue identified.

Investigation Report – issued at the conclusion of an investigation of fiscal

misconduct; provides facts and evidence relevant to the law, rule or policy that

may have been violated as a result of the conduct alleged; no management

response or action plan is incorporated in the communication.

Management Advisory – a memorandum issued to an appropriate level of

management; used for audit issues of relatively lesser impact or scale, or to advise

management as the result of consultative services; although suggested actions may

be included in the report, no management response or action plan is incorporated.

Informal Communications- includes memoranda, emails or verbal reports to communicate

relatively lower risks, as well as advisory work.

4.02 Internal Control and Internal Audit

Internal control is a process to help the bank achieve its goals and objectives. Internal audit is a

special part of the internal control system of the central bank. Internal audit as an independent

assessment provides objective information on the management and cost-effectiveness of

business activities and operations, systems and built-in controls, economical and efficient use

and protection of resources, integrity of information and reporting, and compliance with legal

statutes and organizational policies and procedures.

A successful audit effort must build on:

endorsement and acceptance of a clear mandate from the board (of directors) and senior

management of the bank;

the organizational status and authority granted the auditors should be sufficient to

perform the audit mandate;

existence of a professional and competent staff to manage and carry out audits in an

independent and credible manner;

the audit program must be performed according to standards and be flexible and

responsive to changing needs of management; and

the audit results should be used to improve the bank’s operations.

In terms of organizational status, the head of internal audit should report and be directly

accountable to the highest level practicable in the bank and/or to the board of directors. This

will assist in gaining the respect and co-operation of senior management, and permit the

accomplishment of audit responsibilities in an independent and objective manner.

Auditors should have authority to access all information, records, documents, reports, facilities,

sites and equipment that are relevant to their examinations. They are also authorized to

interview employees and others to obtain information and explanations.

Operational independence is also important in that the auditors are not to be involved in

developing or implementing policies, processes, systems or procedures which they may be

called upon to examine. This does not, however, preclude the ex-ante audit of new computer

systems under development or major capital construction projects.

Audit standards exist for internal and external auditors which can be classified under general

standards, field work and reporting standards. General standards relate to competence,

independence and professionalism. Field standards cover planning, internal controls and

evidence, and reporting standards deal with disclosure of audit opinions, and the form and

content of audit reports.

4.03 Departmental Goals for the period 2010-2014

The goals for the period 2010-2014 are set in terms of IAD Charter and stated below:

i. identification and prioritization of risk to prepare ‘Risk matrix’ and periodical audit

plan for the auditable units;

ii. implementation of the ‘Periodical Audit Plan’ and report to the Board through Audit

Committee and to the management;

iii. implementation of audit findings and report on implementation status in a timely

manner;

iv. conduct special inspection/investigation as and when is assigned;

v. conduct regular internal audit of sample transaction of foreign exchange accounting

back office;

vi. conduct audit in Foreign Reserve Management;

vii. implementation of Enterprise-wide Risk management (ERM);

viii. Enhancing audit resources: increasing specific expertise.

4.04 How these objectives will be achieved (Objectives 1, 2, 3, 4, 5)

4.04.1 Audit Planning

Planning is an essential part of any operation and is also the case in internal auditing. It is

necessary to plan what is to be done to ensure that we are auditing the right areas and

undertaking the right level of coverage with the right resources. The internal auditor’s work

involves identifying areas where internal controls are not in place or where there is a risk of

failure of a control. It is this concept of risk that is an important determinant of which functions

receive the attention of the internal auditor. Thus, the basic audit planning process consists of

two phases:

Assessing business risk,

Development of the annual plan

Before assessing business risk and development of the annual plan, it is necessary to set up

performance standards.

Standards:

1. IIA- Standards 2010- Planning

The Chief Audit Executive should establish risk-based plans to determine the priorities of

the internal audit activity, consistent with the organization's goals.

2. IIA- Standard 2030- Resource Management

The Chief Audit Executive should ensure that internal audit resources are appropriate,

sufficient and effectively deployed to achieve the approved plan.

3. IIA- Standards- Communication and Approval

The Chief Audit Executive should communicate the internal audit activity's plans and

resource requirements, including significant interim changes, to senior management and to

the board for review and approval. The Chief Audit Executive should also communicate the

impact of resource limitations.

Assessing Business Risk:

Why risks are identified and assessed? An organization that understands its risks, understands

its opportunities. However:

If it doesn’t know its risks, it doesn’t know the risks it can accept

If it doesn’t know the risks it can accept, it doesn’t know the risks to take

If it doesn’t know the risks to take, it doesn’t know how to grow

If it doesn’t know how to grow, it will wither away.

If it does not understand its risks, ‘Events’ will knock the organization back; missed

opportunities will hold it back.

So how does any organization control events and seize opportunities? By understanding:

The risks it faces, both ongoing and in new projects.

The risks it is prepared to accept.

The action necessary to manage those risks it is not prepared to accept.

Since the management of the organization is responsible for controlling events and seizing

opportunities, they are responsible for identifying, assessing and managing risks. The correct

operation of these processes is essential if an organization is to achieve its objectives.

Assessing business risk consists of 4 steps:

1) Defining Auditable Units- An auditable unit is simply the subject/business process

that becomes the audit entity. To define the auditable units within the organization,

we need to take each business unit and break them down into sub-units that are

appropriate for audit purposes. The sub-units within a business unit should reflect

different types of operations and different level of risks.

2) Defining the Risk Criteria- The risk criteria should use enough items to be

descriptive of risk assessment without being too cumbersome. One model is based

on operational risk, exposure and controls.

Operational Risk: People, systems, process, contractual, reputational, and

political.

Exposure: Financial, regulatory, customer.

Controls: People (expertise, job description, performance appraisal, reward &

recognition), process (policies & procedures, compliance, contractual

agreements, segregation of duties, delegations of authority, KPIs), information

systems (information strategy, functionality, performance, security &

continuity), reporting.

3) Constructing the Risk Model

4) Ranking the Auditable Units- The auditable units need to be ranked from highest

to lowest so that Internal Audit can determine what areas need to be audited. the

risk profile will compute a score for each auditable unit based on risk, exposure, and

control. this score is then converted into a ranking (based on subjective judgment)

for each criteria as follows:

Operational Risk- high, medium, low

Exposure- high, medium, low

Control- high, medium, low

These ratings are the fed into a risk matrix which allocates the auditable units from highest

critical areas to lowest critical areas.

Risk Matrix

Inh

eren

t B

usi

nes

s R

isk

High A

High Risk

B

Very High Risk

C

Extremely High Risk

Medium D

Medium Risk

E

High Risk

F

Very High Risk

Low G

Low Risk

H

Medium Risk

I

High Risk

Low Medium High

Control Risk

Development of Annual Plan:

Once the risk assessment has been completed, Internal Audit then needs to determine the

frequency and timings of audits as well as the availability of resources to undertake those

audits. The initial audit approach is:

High Critically- at least once every six months with a follow-up audit in three months if

significant weakness are identified

Medium Criticality- once every twelve months with a follow-up audit in six months if

significant weakness are identified

Low Criticality- once every two years if considered warranted based on the impact the

business unit has on the organization.

4.04.2 Developing Audit Programs

Once the annual plan has been developed and approved, audit programs should be developed

for each audit to be undertaken. In order to develop an audit program, the auditor needs to

understand the operations of the area being audited. The audit program should at least cover the

following eight areas:

a. Policies and procedures

b. Delegation of authority

c. Segregation of duties

d. Staffing/training

e. Operations

f. Reconciliations

g. Reporting

h. Systems

4.04.3 Implementing the Annual Plan

Internal Audit Department has a structured approach to undertaking audits. It consists of four

stages:

Preliminary/Preparation stage- initial discussions with the management about the

timing and scope of the audit, sending engagement letter, the entrance meeting, and

gathering written information.

Fieldwork- gleaning evidence in order to determine the status of operations and controls

within a particular area. Audit evidence consists of physical documentation, analytical

reviews and comments from staff.

Documentation/ Working papers

Findings- should include a statement of what was expected, the factual evidence of

what the auditor found, the reason for the difference/problem, the risk/exposure,

recommendation to resolve the issue.

4.04.4 Reporting

The audit report has three audiences- the audit customer, management, and the audit committee

or Board of Directors. The report should be made up of an executive summary and attachment

which contains the detailed findings.

4.04.5 Follow-up

Follow up is required to ensure that appropriate and timely action has been taken on audit

findings and recommendations.

4.05 Auditing of Foreign Reserve Management

Sound reserve management practices are important because they can increase a country's

overall resilience to shocks. The importance of sound practices has also been highlighted by

experiences where weak or risky reserve management practices have restricted the ability of

the authorities to respond effectively to financial crises, which may have accentuated the

severity of crises. Moreover, weak or risky reserve management practices can also have

significant financial and reputation costs.

There should be a framework that identifies and assesses the risks of reserve management

operations and that allows the management of risks within acceptable parameters and levels.

Risk exposures should be monitored continuously to determine whether exposures have been

extended beyond acceptable limits.

An effective and independent audit unit plays an important role in providing an independent

assurance to the senior levels of the reserve management entity that reserve management

operations and internal control and reporting systems are operating properly to safeguard

reserve and other assets. The role of internal audit now tends to focus on a risk-based approach

in assessing that the operating framework is adequate, and that control procedures have no gaps

in addressing key reserve management and operational risks. Particular aspects of reserve

management operations on which internal audit review might focus include:

a) the degree of success in achieving reserve management objectives;

b) determining whether all relevant risks have been identified;

c) Reserve management involves a number of financial and operational risks:

d) the adequacy of the system of internal controls in addressing risks, and monitoring

compliance with procedures and controls

e) the existence of proper safeguards to protect assets

f) the reliability, security, and integrity of Electronic Data Processing (EDP)

communication, and other information systems; and

g) the accuracy of accounting records and processes

4.06 Criteria for the Audit

Operational Risks:

o Non-compliance with the tactical benchmark

o Operational errors not detected or detected late

o Human mistakes, omissions

o Applied out of market price

o Mismatches between confirmations exchanged

o Inaccurate accounting

System related risk:

Unauthorised access to trading and settlement systems

Unavailability of systems; inability to carry out normal operations

Lack of procedures and ability to monitor system problems/availability

Risk Management Framework

Risk Identification

Risk Assessment

Risk Prioritization

Manage/Mitigate Risk

Financial Strategic Operational

4.07 Risk Management Framework in Bangladesh Bank

4.08 IMPLRMENTING THE ANNUAL PLAN

One major yardstick that management uses to evaluate the internal audit function is how well

the activity accomplishes the annual plan. Audit plans are accomplished by effectively

managing each audit project. Audit projects that are not properly managed do not use resources

effectively. Just as we would expect a production department to maintain production schedules

and labor budgets, the same should be expected of the internal audit activity.

In order for internal Audit to accomplish the Annual plan, there needs to be a structured

approach to undertaking audits. The team leader for each audit needs to ensure that the audit is

done in a planned way and that there is appropriate documentation for the work done.

The actual audit can be broken up into a number of stages which include:

Preliminary or preparation stage

Fieldwork

Documentation or working papers

Findings

Preliminary or preparation stage

The preliminary of preparation stage is an important part of any area audit. At the stage, the

team leader should ensure that all the necessary requirements for the audit prepared and

available and preliminary reviews and information gathering in undertaken. This stage in

normally broken up into the following areas:

1) Initial discussions with management form the audit area about the timing of the audit

and scope of the audit. This is usually undertaken prior to commencement of the quarter

in which the audit is being undertaken. The purpose of this discussion is to liaise with

management on the timing of the audit and to identify any other areas that may be

included in the scope of the audit.

2) Engagement letter which is sent to management of the audit area up to two weeks

before the commencement of the audit and included details of subject, objectives,

scope, staffing and timing of the audit .(refer attachment 9 for an example of an

engagement letter)

3) The entrance meeting in normally held prior to the commencement of the audit and

details the scope of the audit and discusses any major issues and seeks management’s

input of any areas of concern .The entrance meeting will also identify any particular

requirements of audit or the business unit.

4) Gathering and review of written information (this can be requested at any of the above

points).The gathering and review of data allows the auditor to review the operations of

the department and also for use during future stages of the audit .The type of

information that may be collected could includes:

Goals and objectives

Policies and procedures

Job descriptions

Budgets

Financial statements

Flowcharts

Department reports

statically data

Field work

Fieldwork is the undertaking of the audit program that has been prepared for the are being

audited .During fieldworks, the auditor gathers evidence in order to determine the status of

operations and controls within a particular area. This evidence is the basis for the auditor’s

conclusions about a particular assignment.

Documentation or working papers

Professional standards require proper documentations of audit work. The main reason for

working papers is to provide written evidence of what has been undertaken as part of the audit

process and to document the findings of audit and the action that is to be taken, obtained and

include sufficient information to support the bases for findings and recommendations. Working

papers are a critical part of the audit process.

Audit working papers generally serve to:

Provide principle support for the audit report

Aid in the planning, performance and review of audits

Document whether audit objectives were achieved

Facilitate third party reviews

Provide a basis for evaluating internal audit’s quality assurance

Aid in development of internal audit staff.

The active working papers should include the following documents:

Audit programs

Engagement letter

Documents obtained during gathering of information

Details of any reviews of financial information

Papers relating to completion of the audit programs

Audit findings and recommendations

Supporting evidence for findings of fieldwork.

The actual structure or indexing of working papers can be done in a number of ways but the

most efficient is to follow an indexing plan that conforms to the individual segments of the

audit. Attachment 10 provides an example of an indexing structure for working paper files.

Audit Findings

If the cause of the findings is unintentional, the auditor should confirm the facts with relevant

staff with the business unit being audited and determine appropriate action. The auditor should

develop document the finding in a format that can be included in the audit report. The item to

be included in the report should include the following information:

A statement of what was expected

The factual evidence of what the auditor found

The reason for the difference

The risk of exposure the difference has on the organization and the financial

statements(if applicable)

Recommendation to resolve the issue

Management comments including action to be broken and a date by which the

issue will be resolved (following discussion with management)

The information in finding should be concise but contain sufficient detail to enable the finding

to be acted upon by the appropriate parties and for the issue to be resolved in an appropriate

manner.

4.09 Auditable Units with in Bangladesh Bank

Accounts & Budgeting Department

Bank Bangladesh Accounts

Government Accounts

Administration

Agricultural Credit and Special Programs

Agricultural Credit

Special Programs

Industrial Credit

Anti-Money Laundering Department

Bangladesh Bank Training Academy

Branches Motijheel

Sadarghat

Chittagong

Khulna

Bogura

Rajshahi

Sylhet

Rangpur

Barisal

Mymenshingh

Banking Regulation and Policy Department

Credit Information Bureau

Common Services Department-1

Common Services Department-2

Expenditure Management Department

Expenditure

Pension & Provident Funds

Salaries

Staff Advances

Department of Banking Inspection 1

Department of Banking Inspection 2

Department of Banking Inspection 3

Department of Banking Inspection 4

Department of Off-Site Supervision

Department of Currency Management & Payment System

Department of Public Relations and Publications

Department of Research

Equity and Entrepreneurship Fund Unit

Foreign Exchange Investment department

Foreign Exchange Policy Department

Financial Institutions Department

Forex Reserve & Treasury Management Department

Investments

Clearing Account

ACU

Government Transactions

Foreign Currency

Human Resources Department-1

Human Resources Department-2

Internal Audit Department

General Section

Devision 1, 2 & 3

Implementation

Information Systems Development Department

IT Operations & Communication Department

Law Department

Monetary Policy Department

Secretary’s Department

Security Management Department

Special Studies Cell

Statistics Department

Central Bank Strengthening Project

4.10 REPORTING

The most important aspect of any audit is the final report. The audit report has three audiences,

the audit customer, management and the audit committee or Board of Directors.

As the audit report is being presented to Senior Management within the organization and the

Audit Committee of Board, the report should be structured so as to give a concise summary of

the situation, but be clear and complete enough to be understood by users. Thus, the audit

report should be made up an Executive Summary and attachment, which contains the detailed

findings. The Executive Summary should include:

Introduction, covering the area being audited and the reason for the audit

Objectives of the audit

Scope of the audit (including any major areas not covered)

Conclusion (auditor’s opinion) including major areas of concern, if any

Summary of findings.

Audit reports should also be issued if the auditor finds that the operation is performing

satisfactorily and there are no issues to be reported .Senior management and the Board want to

be advised of areas that are performing satisfactorily, so that they can focus their attention on

areas that need improvement .In this instance, the report would only include the Executive

Summary and would not have a summary of findings.

The audit report (including conclusions and recommendations) should be discussed with

Management of the area being audited .If there are any disagreements of misunderstandings,

these should be addressed and resolved. The audit report should not be personal but should

focus on the issue and what needs to done to resolve the issue .The audit report should present

a balanced view and both positive and negative aspects should be reported.

As the audit report is presented to senior management of the organization, as well as the Audit

Committee of Board, it should contain findings which are of a critical nature and have a major

impact on the organization. Other operational issues identified during the audit which are

considered not to be of a material nature but are worth reporting to the department should be

presented in a management letter to the Head of the Department or Head of the area being

audited. It is important that issues be documented so that they can be appropriately addressed

and do not go unnoticed and develops into major problems.

CCHHAAPPTTEERR -- 0055

Findings & Recommendation

Findings & Recommendations Page no.

Conclusion & Recommendation 35

Appendix 36

Bibliography 37

Questionnaire 38

Conclusion

The last 3 months was quite intriguing to do my internship at Bangladesh Bank, Head Office. I

found out about the nature of actually working in a professional environment.

Above discussion leads to the conclusion that banks can derive dual benefits from the

implementation The Bangladesh Accountant/July - September 2008 75 Banking of RBIA.

Firstly, RBIA methodology is an improved and Effective approach over previous traditional

process or system based approach for conducting internal audit activities. Secondly, it will act

as an important tool that will facilitate management in the development and up-gradation of

risk database, which is an essential document to calculate minimum required capital through

the application of IRB approach under. Thus, bank companies in our country those still not

adopted RBIA methodology should switch to it at earliest convenient time to capitalize the dual

benefit mentioned earlier of this paragraph.

Recommendations

From the report and problem analysis following recommendations can be given by the author

from the perspective of an intern of Bangladesh Bank for achieving better result-

Specialized Training Program:

More specialized training and development programs should be undertaken in order to

overcome the lake of efficiencies of the employees. It helps to increase the employee’s

expertise and will give better result to completion of business processes.

Continuous Monitoring:

Continuous monitoring for all employees so it will help to identify any sort of system loss. It

also helps to increase the employee performance.

Employee Feedback:

Feedback is very important because it help to find out the problem and go for further

development in future without any mistake.

Knowledge Sharing:

Should give the opportunity of knowledge sharing such as scope of presenting something,

discussing all the matter that he/she learn from abroad, also give opportunity to participate

company major decision.

Vendor Relationship:

The bank should give the full authority when any employees work on project. Otherwise he/she

not interest to do the work and also their performance decreased.

AAAppppppeeennndddiiixxx

The information/data collected from the Internal Audit Department field of Bangladesh Bank

and also from the internet.

We especially browsed

http://intranet.bb.org.bd,

www.bangladesh-bank.org

www.bangladeshbank.org.bd.

Beside this, we also browsed another Risk Based Internal Audit related website to collect

more information about this topic.

The major portions of this internship report are prepared from the information provided by

Internal Audit Department (General Branch)

Human Resources Department-2

Bangladesh Bank

Head Office,

Mothijheel, Dhaka-1000.

BBB ibliography

• Introduction to Risk Based Auditing, IAD (G.D.) in BB.

• Program on Risk Based Internal Audit in Banks By Mr. Vijay Kumar Khanna

• Bangladesh Bank website

• Office files

• Working papers

www.bangladesh-bb.org

http://intranet.bb.org.bd,

www.bangladesh-bank.org

www.bangladeshbank.org.bd.

http://www.ashgate.com/pdf/SamplePages/Risk-Based_Auditing_Ch1.pdf

http://www.internalaudit.biz/files/implementation/Implementing%20RBIA%20v1.1.pdf

QQQuestionnaire

1) So what is risk-based audit?

It is a process, an approach, a methodology and an attitude of mind rolled into one. The

simplest way to think about risk-based audit conceptually is to audit the things that really

matter to your organization.

2) Which are the issues that really matter?

Probably those are as that poses the greatest risks.

3) What else would you really want to review?

If your organization has already identified its key risks then you already have the basis for risk

based auditing. Clearly, if risks have not been formally identified and assessed then there is a

real opportunity for you to work with management to help create this information.

The second way of looking at risk-based audit is as a process. Traditionally audits begin and

end by looking at controls, often regarded as the main expertise that the function has. The

problem with this approach is two-fold.

Firstly, management do not really understand controls, which can be an alien concept for them.

If they do understand the nature of controls they tend to consider the need for more controls as

an unnecessary additional burden.

Secondly, it is unlikely that your Internal Audit function is an expert in control. Can you really

say that you understand the controls in all aspects and all activities within your business? It is

therefore necessary, if you are going to demonstrate your eagle-like qualities, to be able to talk

to management in a language they understand and appreciate. To fully engage management

you need to talk to them about something that is important to them. If you start by discussing

their objectives, what they need to achieve and how this is measured you will attract their

attention.

Having created the common ground (and it is preferable if you have first given some thoughts

to the objectives in the area under review before the meeting), you can now go on to discuss

the threats to the achievement of those objectives, the barriers to success; these are, of course,

the risks.

Again management should be able to elucidate many of the risks or threats, but theoretically, if

you have tried to anticipate the types of threat beforehand this will act as a positive spur.

Having created an understanding of the objectives and risk you can then discuss the risk

appetite, the boundaries set by senior management (by authorization limits and so on) or,

indeed locally, the limits beyond which the management of the function to be audited will not

venture (or is advised not to go) in risk-taking.

The next stage is then to discuss the processes in place to mitigate the risks already identified

and those that appear on the horizon and the areas of concern or opportunity in relation to those

processes.

You are now, of course, talking about the controls, but rather than doing so in isolation you

will be discussing them as part of the full management process and should receive a much

more positive response as a result.

The essence of risk-based audit is therefore customer-focused, starting with the objectives of

the activity being audited, then moving on to the threats (or risks) to achievement of those

goals and then to the procedures and processes to mitigate the risks. Risk-based audit is

therefore an evolution rather than a revolution, although the results obtained can be

revolutionary in their magnitude.

The chapters that follow expand these principles into a full process, explain the attitudinal

changes and the broader range of skills required together with the tools and techniques

necessary to adopt the process and to become a world-class Internal Audit function.

4) What techniques should I use?

RBIA doesn’t necessarily change the auditing techniques to be used, but where they will be

used. Physical verification is still vital to ensure what people are telling you should happen is

actually happening. Thus you will still continue to use walkthrough tests, sampling of

transactions, examination of authorizing signatures and verifying balances. The reason for

carrying out these tests is to ensure that the controls that treat risks, and the monitoring controls

that ensure these controls are operating, are effective. The tests are not designed specifically to

detect incorrect, or fraudulent, transactions. That is management’s job.