Evolving Role of Internal Auditors (IA) in NBFC Risk Management

In the intricate landscape of Non-Banking Financial Companies (NBFCs), where risk is inherent and volatility can be unpredictable, the role of Internal Auditors (IA) has undergone a profound evolution. Once confined to financial scrutiny and compliance checks, internal auditors now find themselves at the forefront of risk management, playing a pivotal role in protecting the stability and integrity of NBFC operations. In this article, we will delve into the evolving role of internal auditors in NBFC Risk Management.

Traditional Role of Internal Auditor

Historically, the internal audit system in banks has been concentrating on transaction testing, testing of accuracy and reliability of accounting records and financial reports, integrity, reliability, and timeliness of control reports, and adherence to legal and regulatory requirements.

But the evolvement of financial instruments and markets has enabled banks to undertake varied risk exposures. In the context of these developments and the progressive deregulation and liberalization of the Indian financial sector, having in place effective risk management and internal control systems has become crucial to the conduct of banking business. 

Recent Guidelines by RBI

The Reserve Bank of India on 3rd February 2021, in order to increase focus on the risk management function of NBFCs / UCBs issued a circular prescribing the requirement for Risk-Based Internal Audit.

What is Risk Based Internal Audit (RBIA)

The Risk Based Internal Audit undertakes an independent risk assessment solely for the purpose of formulating the risk-based audit plan keeping in view the inherent business risks of an activity/location and the effectiveness of the control systems for monitoring the inherent risks of the business activity. It needs to be emphasized that while formulating the audit plan, every activity/location of the bank, including the risk management function, should be subjected to risk assessment by the risk-based internal audit.

Applicability of Risk Based Internal Audit

The Risk Based Internal Audit in banks like commercial banks, payments bank, local area bank, small finance banks have been already implemented by the RBI. The said circular of Risk Based Internal Audit is applicable on:

• All deposit taking NBFCs, irrespective of their size
• All non-deposit taking NBFC with asset size of 500 crore or more
• UCBs having asset size of 500 crore and above

Advantages of risk based internal audit

The advantages of Risk-Based Approach of the Internal Audit Function in Banks are as follows:

• It appropriately defines the audit universe and identifies the auditable bank branches within the Bank for which these analyses would be carried out. 
• It assists the management in identification of appropriate risk factors to reflect the managements concerns.
• It results in development of an appropriate format for evaluating risk factors so that the more important risk factors play a more prominent role in the risk assessment process than less important risk factors.
• It develops a combination rule for each branch, which will properly reflect its riskiness over several risk factors that have been identified and a method of setting up audit priorities for the bank branches.
• It results in appropriate audit coverage plan, which provides a roadmap for the management of internal audit staff skills so that they are available to carry out audits of appropriate scope when they are needed the most.

Need of Risk Based Internal Audit for NBFC

In recent times, Non-Banking Financial Companies (NBFCs) / Urban Co-operative Banks (UCBs) have grown in size and have become systemically important in the economy given their increased participation in the financial credit market. Just like banks, NBFCs and UCBs face similar risks by virtue of being engaged in financial intermediation activities, hence, it makes sense that their internal audit systems should also broadly align while keeping in mind the principle of proportionality.

The Internal Audit function in NBFCs / UCBs has generally been concentrated on accounting requirements and regulatory compliance etc. However, considering the market developments, testing limited to these factors may not be sufficient. Therefore, the current framework includes:

• Sufficient Authority
• Proper stature
• Independence
• Adequate resources
• Professional competence

The RBIA should be conducted based on a RBIA plan which is required to be formulated after considering the elements of risk management framework of the entity.

Conclusion

As NBFCs continue to navigate an increasingly complex and challenging environment, the importance of internal auditors in mitigating risks and ensuring regulatory compliance cannot be overstated. They are not merely guardians of financial integrity but strategic partners in driving sustainable growth and resilience in the ever-changing landscape of NBFCs. Stay updated with more such legal updates with team Legal Window. Feel free to reach us at admin@legalwindow.in.