Concurrent Audit in Banking: Process, Checklist & Career Guide for CA Students
What Is Concurrent Audit in Banking — Definition vs Statutory Audit
The term "concurrent" means "happening at the same time." In banking, concurrent audit is the examination of bank branch transactions on a continuous, near real-time basis — ideally reviewing the previous day's or previous week's transactions. The auditor is essentially embedded at the branch and examines transactions as they occur rather than reviewing them retrospectively at year-end.
The Reserve Bank of India (RBI) mandated concurrent audit through its guidelines on internal controls in commercial banks. The concept is reinforced in RBI's master circular on internal audit and inspection functions and the guidance notes issued by the Institute of Chartered Accountants of India (ICAI) on bank audits.
Concurrent Audit vs Statutory Audit — Key Differences
| Parameter | Concurrent Audit | Statutory Audit |
|---|---|---|
| Timing | Ongoing, near real-time (daily/weekly) | Annual, post financial year-end |
| Objective | Ensure compliance with bank policy, RBI guidelines, detect irregularities early | True and fair view of financial statements, LFAR |
| Legal Basis | RBI guidelines, bank's internal policy | Companies Act 2013, Banking Regulation Act 1949 |
| Appointment | By the bank from empaneled CA firms | Appointed by shareholders at AGM (after RBI approval) |
| Scope | Transaction-level compliance — KYC, cash, forex, advances, deposits | Balance sheet, P&L, NPAs, provisions, LFAR |
| Coverage | Specific branches above RBI threshold | Entire bank (head office + all branches) |
| Report | Monthly report to branch/zonal management | Audit Report + LFAR (Long Form Audit Report) |
| Fee (approx) | ₹8,000–₹25,000/branch/month | ₹2L–₹10L+ per bank depending on size |
RBI Mandate for Concurrent Audit
The RBI's guidelines on risk-based internal audit require banks to ensure that branches meeting specified thresholds are covered under concurrent audit. The branches typically covered include:
- Large branches with business mix (deposits + advances) above ₹100 crore
- All branches handling forex transactions (Authorized Dealer branches)
- Treasury operations, currency chests, and service branches
- Branches with high-value advances above ₹10 crore outstanding
- Branches with previous history of fraud, irregularity, or poor internal rating
- All digital banking centers and central processing units
Banks are required to ensure that at least 50–70% of their total business (by value) is covered under concurrent audit at any given time. The RBI's periodic inspection of banks includes reviewing the effectiveness of the concurrent audit system.
Concurrent Audit Checklist — Area-wise Coverage
The concurrent auditor's checklist covers multiple areas of a bank branch. Here is a comprehensive checklist organized by area:
1. Cash and Treasury Operations
- Physical cash verification against system balance
- Verification of large cash withdrawals/deposits (above ₹10 lakh — Cash Transaction Reports / CTR under PMLA)
- Soiled note exchange and currency chest operations compliance
- Cash limit maintained within prescribed limits; excess cash not retained overnight
- Proper sealing and lodging of cash in vault
- Cash withdrawals matching system-generated vouchers
2. KYC (Know Your Customer) & AML Compliance
- New account opening — complete KYC documents (Aadhaar, PAN, photograph)
- Periodic updation of KYC for existing customers (risk-based — every 2/8/10 years)
- Suspicious Transaction Reports (STR) — whether flagged and reported to FIU-IND
- Dormant account reactivation — proper KYC re-verification
- Non-face-to-face accounts (video KYC) — special compliance check
- Beneficial ownership declaration for companies and trusts
3. Advances and Loan Portfolio
- Newly sanctioned loans — compliance with sanctioned terms (amount, purpose, security)
- Drawing power calculation for CC/OD accounts — correctness of stock/debtor statement analysis
- Timely submission of stock/debtors statements by borrowers
- Insurance coverage on pledged/hypothecated assets
- Proper creation and registration of mortgage (CERSAI)
- Identification of SMA (Special Mention Account) — SMA-0 (0–30 days), SMA-1 (31–60), SMA-2 (61–90)
- NPA identification — accounts overdue beyond 90 days to be classified NPA
- Gold loan — proper valuation, LTV ratio compliance (75% max), safe custody
4. Deposits and Account Operations
- Premature withdrawal of fixed deposits — proper authorization and penalty applied
- Interest calculation on deposits — accuracy and timely credit
- Auto-renewal of FDs — customer instructions followed
- Dormant account operations — dual authorization obtained
- TDS deduction on interest above ₹40,000 (₹50,000 for senior citizens) — Form 15G/15H check
5. Foreign Exchange Operations (for Authorized Dealer Branches)
- Export bill negotiation — documentation compliance (Bill of Lading, LC, packing credit)
- Import payments — AD-1 category permissions, purpose code compliance
- Forex rates applied — within prescribed spread limits
- FEMA compliance — reporting to RBI (A2 form, ODI reporting)
- NRI account remittances — proper documentation
Concurrent Audit Report Format and Process
The concurrent auditor submits a monthly report to the branch manager, zonal manager, and the bank's internal audit department. The report follows a structured format:
| Report Section | Contents |
|---|---|
| Executive Summary | Period covered, number of transactions reviewed, overall compliance rating (Satisfactory/Needs Improvement/Unsatisfactory) |
| Compliance Status | Area-wise compliance status — KYC, advances, cash, forex, deposits (Red/Amber/Green traffic light system) |
| Irregularities & Observations | Specific transaction-level irregularities with account numbers, amounts, and nature of irregularity |
| Pending Action Items | Follow-up on previous month's observations — whether rectified or pending |
| Surprise Checks | Results of surprise cash count, surprise locker/safe inspection findings |
| Auditor's Certificate | Signed certificate by the CA partner confirming review was conducted as per ICAI/bank guidelines |
Reporting Irregularities
Critical irregularities — fraud, KYC violations, large unauthorized transactions — must be reported immediately (same day) to the bank's Zonal Office or Vigilance Department, in addition to including them in the monthly report. The concurrent auditor has no power to direct staff but must document and escalate findings promptly. Under Section 45MA of the Banking Regulation Act, concealing or delaying the reporting of fraud is an offense.
Empanelment, CA Opportunities & Fee Structure
Concurrent audit is one of the most accessible audit assignments for small and medium CA firms in India. It provides steady monthly income and excellent practical exposure to banking operations.
How CA Firms Get Empaneled
- Watch for advertisements: Banks publish empanelment notices on their official websites, in newspapers, and on ICAI portals, typically once or twice a year (April–May and September–October)
- Eligibility criteria (typical): Firm registered with ICAI, minimum 1–2 partners who are qualified CAs, firm age above 2–3 years, no adverse disciplinary action, UDIN compliance maintained
- Application process: Submit firm profile, list of partners, prior audit experience, and a declaration. Banks now accept online applications through their vendor management systems
- Branch allotment: Empaneled firms are allotted specific branch(es) based on location proximity and availability. Large firms get multiple assignments; small firms typically get 1–3 branches initially
- Rotation: Most banks mandate rotation of concurrent auditors every 3–5 years to maintain independence
Fee Structure for Concurrent Auditors (FY 2024-25)
| Branch Category | Business Mix | Monthly Fee (Approx) |
|---|---|---|
| Small Branch | ₹100–₹300 crore | ₹8,000–₹12,000 |
| Medium Branch | ₹300–₹800 crore | ₹12,000–₹18,000 |
| Large Branch | ₹800–₹2,000 crore | ₹18,000–₹25,000 |
| Very Large Branch / Regional Processing Center | Above ₹2,000 crore | ₹25,000–₹50,000+ |
| Treasury / Forex Branch | High-value forex | ₹30,000–₹60,000+ |
Articleship Opportunities in Concurrent Audit
CA articleship students gain exceptionally rich practical exposure through concurrent audit assignments. Key learning outcomes include:
- Understanding of core banking systems (CBS — Finacle, BaNCS, Flexcube)
- Practical KYC/AML compliance verification — direct applicability for banking and FEMA-related practice
- Credit appraisal fundamentals — understanding working capital, term loans, drawing power
- NPA identification and provisioning — critical for CA Final Strategic Financial Management & Audit papers
- Writing audit observations in professional format — a transferable skill for all audit assignments
- Client interaction experience with bank managers and credit officers
Digital Banking Audit Challenges & CAAT Tools
The rapid digitization of banking has significantly changed the nature of concurrent audit. Mobile banking, UPI, internet banking, and API-based integrations have created new risk areas that traditional transaction sampling misses.
Digital Banking Audit Challenges
- High transaction volumes: A single mid-size branch may process 10,000+ digital transactions daily — manual sampling covers less than 1%. CAATs are essential.
- Cyber fraud detection: Account takeover, phishing-linked transactions, SIM swap fraud — concurrent auditors must review fraud alerts flagged by the bank's CBS
- UPI dispute resolution: Verifying whether customer complaints on UPI transactions are resolved within RBI's mandated 30/45-day timeline
- API banking audit: Corporate clients accessing bank systems via APIs — ensuring transaction limits and authorization controls are in place
- Digital lending: Pre-approved loans disbursed without branch involvement — concurrent audit must verify post-disbursement KYC and purpose confirmation
CAAT Tools Used in Banking Audit
| Tool | Use in Banking Concurrent Audit | Access Type |
|---|---|---|
| IDEA (CaseWare IDEA) | Data extraction from CBS, transaction pattern analysis, duplicate payment detection, Benford's Law analysis | Licensed software |
| ACL (Galvanize/Diligent) | 100% population testing of transactions, exception reporting, risk-based sampling | Licensed software |
| MS Excel + Power Query | MIS reports analysis, pivot tables for large cashflow data, KYC pending accounts identification | Standard, widely used |
| SQL Queries on CBS | Running queries on Finacle/BaNCS database to identify dormant accounts with recent large transactions, accounts with KYC expiry | Read-only DB access |
| Python (pandas/openpyxl) | Automated matching of GL to transaction reports, large-scale SMA account identification | Open source |
⚡ Take Action Now
If your CA firm wants to enter concurrent audit, visit the websites of State Bank of India (sbi.co.in), Punjab National Bank (pnbindia.in), or Bank of Baroda (bankofbaroda.in) today and search for "concurrent audit empanelment." Most public sector banks run annual empanelment drives. Download the eligibility criteria document, verify your firm meets the requirements, and prepare your firm profile — you can be audit-ready for the next cycle within a month.
Explore CorpReady Programs📚 Real Student Story
Rohan Deshmukh, CA Final student from Pune — Rohan's CA firm was empaneled for concurrent audit of a Bank of Maharashtra branch in Pune with a ₹450 crore business mix (₹14,000/month fee). During his articleship rotation, Rohan was assigned to the advances team. In his second month, he noticed that 12 working capital accounts had not submitted stock statements for over 3 months — a clear policy breach. He flagged this in the concurrent audit report. The bank's zonal office followed up, and three accounts turned out to be potential SMA-1 accounts. The branch manager appreciated the timely identification. Rohan's partner used this case study as a training example for the entire firm's audit team. Rohan's hands-on experience with CBS (Finacle system), NPA identification, and drawing power computation gave him a decisive edge in his CA Final preparation for the Advanced Auditing paper.
💼 What Firms Actually Want
CA firms looking to build a banking audit practice (concurrent + statutory) require associates who understand both the regulatory framework (RBI guidelines, Banking Regulation Act, FEMA) and the operational realities of a bank branch. Specific skills in demand: (1) CBS system navigation — at least basic familiarity with Finacle or Infosys Finacle menus for transaction verification; (2) NPA/SMA identification — ability to review overdue reports and correctly identify accounts needing classification; (3) KYC documentation review — knowing exactly which documents are mandatory for different customer types (individual, company, trust); (4) CAAT skills — Excel-based data analysis to handle large transaction datasets. Concurrent audit experience is a strong differentiator for CA Final candidates appearing for Advanced Auditing and increasingly for banking/financial services placement.
Frequently Asked Questions
Concurrent audit is a continuous, near real-time review of banking transactions that happens simultaneously with the transactions — ideally within the same day or next day. It focuses on transaction-level compliance, internal controls, KYC adherence, and policy compliance. Statutory audit, in contrast, is an annual exercise conducted after the financial year ends, focusing on the fair presentation of financial statements and reporting through the Long Form Audit Report (LFAR). Concurrent audit is conducted by empaneled CA firms or internal teams; statutory audit is conducted by firms appointed under the Banking Regulation Act 1949.
As per RBI guidelines, concurrent audit is mandatory for branches with a business mix (total deposits + advances) typically exceeding ₹100 crore, all forex-handling branches (Authorized Dealer branches), treasury operations, currency chests, service branches, and branches handling large corporate advances. Banks are expected to cover at least 50–70% of their total business under concurrent audit at any given time. The exact threshold varies by bank and is reviewed periodically. Branches with prior fraud history or poor internal audit ratings are also mandatorily covered regardless of business size.
CA firms can apply for empanelment by responding to advertisements published by banks on their websites or in financial newspapers, typically once or twice a year. Requirements include: ICAI registration, minimum number of qualified CA partners, no adverse disciplinary proceedings, and preferably prior banking audit experience. After empanelment, assignments are allotted by the bank based on location and availability. Large public sector banks like SBI, PNB, and Bank of Baroda empanel hundreds of CA firms annually. Newly empaneled firms typically receive 1–3 branch assignments initially, with the fee depending on branch size.
Common Computer Assisted Audit Techniques (CAAT) used in banking concurrent audit include: IDEA (CaseWare IDEA) for data extraction and exception reporting from CBS exports; ACL (now Diligent) for 100% transaction population testing; MS Excel with Power Query for MIS analysis and pivot-based reviews; SQL queries on bank's core banking system for targeted data pulls (dormant accounts, SMA accounts, KYC-expired accounts); and increasingly Python with pandas library for automated reconciliation of large datasets. Most CA firms rely on Excel for day-to-day concurrent audit work, while larger firms investing in dedicated audit software use IDEA or ACL for more rigorous analytics.
✅ Key Takeaways
- Concurrent audit is a continuous, real-time audit of bank branch transactions mandated by RBI, covering daily cash, KYC, advances, forex, and deposits — fundamentally different from annual statutory audit.
- Branches with business mix above ₹100 crore, all forex branches, and treasury operations are mandatorily covered; banks must ensure 50–70% of business is under concurrent audit.
- The concurrent auditor covers critical risk areas: KYC document completeness, NPA/SMA identification, drawing power accuracy, insurance on secured assets, and FEMA compliance for forex transactions.
- CA firms are empaneled by banks annually — fees range from ₹8,000 to ₹50,000+ per branch per month based on branch size; public sector banks like SBI and PNB are the largest employers of concurrent auditors.
- Digital banking has created new audit risks — UPI fraud, account takeover, digital loan disbursements — requiring CAAT tools like IDEA, ACL, or even Excel-based data analytics for meaningful coverage of high-volume transactions.
- Articleship exposure to concurrent audit is highly valuable — it provides practical CBS system experience, NPA identification skills, and credit appraisal knowledge directly applicable to CA Final Advanced Auditing and audit career growth.
Ready to Build Your Banking Audit Career?
CorpReady Academy's programs combine practical Indian auditing and banking knowledge with globally recognized US CPA, US CMA, ACCA, and CFA credentials.
Explore CorpReady Programs Talk to a Counsellor