What is the scope of a bank branch audit in India?

A bank branch audit covers verification of advances portfolio including NPA classification and provisioning adequacy, deposit verification including unclaimed deposits and dormant accounts, investment verification at branches holding securities, income recognition verification to ensure compliance with RBI norms, review of off-balance sheet items like letters of credit and bank guarantees, cash and balancing of books verification, verification of contingent liabilities, review of internal controls and compliance with bank policies, and preparation of the Long Form Audit Report (LFAR) covering specific areas prescribed by RBI. The scope is defined annually through the engagement letter from the bank's central office and guidance from ICAI.

How are NPAs classified and what provisioning is required?

Non-Performing Assets are classified into three categories based on the period for which the asset has remained non-performing. Sub-standard assets are those that have remained NPA for a period not exceeding 12 months, requiring 15 percent provisioning for secured portions and 25 percent for unsecured portions. Doubtful assets are NPAs exceeding 12 months, requiring 25 percent provisioning for the secured portion for the first year, 40 percent for one to three years, and 100 percent beyond three years, plus 100 percent for the unsecured portion. Loss assets are those identified by the bank, internal or external auditor, or RBI inspection as uncollectible, requiring 100 percent provisioning. The 90-day norm applies for identifying NPAs from the date of the account becoming past due.

What is LFAR and what does it cover in bank audit?

The Long Form Audit Report (LFAR) is a detailed questionnaire-based report that bank branch auditors are required to submit alongside the audit report. LFAR covers specific observations on advances management including credit appraisal quality, documentation adequacy, security creation and valuation, NPA identification accuracy, and compliance with exposure norms. It also covers deposit operations, foreign exchange transactions, housekeeping standards, internal controls effectiveness, fraud reporting, IT controls in the CBS environment, and compliance with RBI master directions. LFAR findings are aggregated by the bank's statutory central auditors and form a critical input for the bank's overall audit report and regulatory reporting to RBI.

What is concurrent audit in banks and how does it work?

Concurrent audit is a continuous audit process conducted at bank branches on an ongoing basis, typically with the auditor present at the branch during banking hours. Unlike statutory audit which is conducted after the financial year, concurrent audit provides near real-time assurance on transactions. The concurrent auditor reviews daily transactions for compliance with sanctioned limits and bank policies, verifies new loan disbursements and documentation, monitors cash management and vault operations, checks adherence to KYC and AML norms, reviews high-value transactions and fund transfers, and reports exceptions to the bank's inspection department. RBI mandates concurrent audit for branches above specified business thresholds and for all branches handling treasury and forex operations.

How does CBS affect bank audit procedures?

Core Banking Solution has fundamentally transformed bank audit procedures. In a CBS environment, all transactions are recorded centrally in real-time, meaning branch-level books are generated from the central database. Auditors must understand the CBS platform used by the bank like Finacle, Flexcube, or BaNCS to navigate reports and extract audit-relevant data. Key CBS audit considerations include verifying system-generated NPA classification against manual assessment, testing automated interest application and reversal logic, reviewing user access controls and segregation of duties in the CBS, examining exception reports and override transactions, validating data integrity between branch reports and central records, and testing the accuracy of regulatory returns generated from CBS data. Auditors need training on specific CBS platforms to effectively perform their audit procedures.

What are the career opportunities in bank audit for CAs?

Bank audit offers significant career opportunities for chartered accountants including statutory branch audit appointments through the ICAI panel system, concurrent audit appointments at individual branches providing steady monthly income, central statutory audit of smaller banks and cooperative banks, specialized assignments such as revenue audit, credit audit, and IS audit, risk-based internal audit positions within banks, and consulting roles helping banks with regulatory compliance, IFRS implementation, and technology audit. Experienced bank auditors can also build practices focused on NBFC audit and financial services consulting, leveraging their knowledge of financial sector regulations and RBI guidelines.

#234 Consideration Updated: March 29, 2026 36 min read

Bank Audit India: Practical Guide for Chartered Accountants

Bank audit is one of the most specialized and demanding areas of audit practice in India, requiring chartered accountants to navigate complex RBI regulations, understand Core Banking Solution environments, and apply rigorous NPA classification and provisioning norms. This comprehensive guide covers every aspect of bank audit practice including branch audit procedures, CBS-based audit techniques, NPA identification and classification, LFAR preparation, concurrent audit methodology, and the regulatory framework governing bank auditing in India. CorpReady Academy's guide equips both aspiring and practicing CAs with practical knowledge for effective bank audit engagements.

Explore Tools Book Free Counseling Browse Article Library

Bank Audit Landscape in India: Understanding the Ecosystem

The Indian banking sector comprises 12 public sector banks, 21 private sector banks, 43 foreign banks operating in India, approximately 1,500 urban cooperative banks, and over 96,000 rural cooperative banks as of 2026. Each of these entities requires various forms of audit -- statutory audit, branch audit, concurrent audit, internal audit, and specialized audits such as information systems audit, revenue audit, and credit audit. For chartered accountants, bank audit represents one of the largest and most consistent sources of professional engagement in India.

The bank audit ecosystem operates within a highly regulated framework established by the Reserve Bank of India, the Banking Regulation Act 1949, the Companies Act 2013, and the Standards on Auditing issued by ICAI. RBI's role is particularly significant as it prescribes specific audit requirements through its Master Directions and circulars, determines the composition of audit panels, sets timelines for audit completion, and uses audit findings as a critical input for its supervisory assessments. The relationship between RBI regulations and audit practice makes bank audit fundamentally different from the audit of manufacturing or service companies.

The appointment process for bank branch auditors follows a structured system. ICAI maintains a panel of chartered accountants eligible for bank branch audit, updated annually. Banks select auditors from this panel for branch appointments, with RBI approval required for the statutory central auditors of public sector banks. The engagement period is typically one year, with a rotation policy ensuring fresh perspectives. For private sector and cooperative banks, the appointment process may differ but still follows regulatory guidelines.

Types of Bank Audits

Audit Type	Frequency	Scope	Appointed By
Statutory Branch Audit	Annual	Financial statements, LFAR, advances review	Bank central office from ICAI panel
Concurrent Audit	Continuous (monthly reporting)	Daily transactions, compliance, controls	Bank management
Revenue Audit	Annual or Half-yearly	Income leakage, interest computation, charges	Bank internal audit department
Credit Audit	Annual	Large credit facilities, appraisal quality, NPA	Bank credit audit department
IS Audit	Annual	IT controls, CBS, cybersecurity, data integrity	Bank with RBI oversight

Bank Branch Audit: Step-by-Step Procedures

The bank branch audit is the most common entry point for chartered accountants into bank audit practice. It requires a systematic approach covering advances, deposits, investments, income recognition, expenditure, off-balance sheet items, and compliance with internal controls and regulatory requirements. The following detailed procedures guide auditors through each major area of a branch audit.

Pre-Audit Planning and Preparation

Effective branch audit begins with thorough preparation before visiting the branch. The auditor should study the engagement letter and audit instructions from the bank's central office, review the ICAI guidance note on bank audit for the relevant year, familiarize themselves with the bank's CBS platform and the reports available for audit purposes, obtain prior year audit report and LFAR to understand previous findings, study the branch profile including size, business composition, and number of accounts, prepare audit checklists tailored to the branch's business mix, and ensure the audit team has the necessary CBS access credentials. A well-planned audit can be completed in 10 to 15 working days for a medium-sized branch, while large branches with significant advances portfolios may require 20 to 25 working days.

Advances Audit Procedures

The advances portfolio is typically the most critical and time-consuming area of branch audit. The auditor must verify classification of advances into standard, sub-standard, doubtful, and loss categories in accordance with RBI norms. This involves reviewing the aging analysis of all accounts where payments are overdue, checking whether the CBS has correctly flagged accounts as NPA based on the 90-day past-due criterion, examining restructured accounts to verify that restructuring conditions are met and the asset classification is appropriate, reviewing accounts where NPA classification has been upgraded to standard to verify that the upgrading criteria are satisfied, testing the adequacy of provisioning against each NPA account based on the asset classification and security valuation, and examining large advances for compliance with exposure norms and credit appraisal quality.

The auditor should also perform a detailed review of the top 20 advances accounts at the branch, examining sanction authority, documentation completeness, security creation and valuation, end-use monitoring, and renewal or review status. For advances above a materiality threshold, the auditor should assess the creditworthiness of borrowers using available financial statements, project reports, and industry information.

Deposit Verification

Deposit audit procedures include verifying the interest rates applied to various deposit categories against the bank's approved rate card, checking for unauthorized interest rate concessions particularly on bulk deposits, reviewing dormant accounts and unclaimed deposits for compliance with RBI guidelines on Depositor Education and Awareness Fund transfers, testing the accuracy of interest computation on a sample of term deposits, verifying KYC compliance for new accounts opened during the year, and examining staff accounts for any irregularities or preferential treatment. The auditor should pay special attention to large deposits mobilized near the year-end which may indicate window-dressing of the branch's deposit figures.

NPA Classification and Provisioning: The Core of Bank Audit

Non-Performing Asset identification and classification is the heart of bank branch audit. The accuracy of NPA classification directly impacts the bank's profitability, capital adequacy, and regulatory compliance. RBI has prescribed detailed norms for NPA identification, classification, and provisioning that auditors must thoroughly understand and rigorously verify.

NPA Identification: The 90-Day Norm

An asset including a leased asset becomes non-performing when it ceases to generate income for the bank. A loan or advance is classified as NPA when interest or installment of principal remains overdue for a period of more than 90 days for term loans, the account remains out of order for more than 90 days for overdraft and cash credit accounts, the bill remains overdue for more than 90 days for bills purchased and discounted, the installment of principal or interest remains overdue for two crop seasons for short duration crops and for one crop season for long duration crops in agricultural advances, and any amount to be received remains overdue for more than 90 days for other accounts. The CBS system automatically identifies accounts meeting the 90-day norm, but the auditor must verify this automated classification through independent testing, particularly for accounts near the NPA threshold.

NPA Classification Categories and Provisioning Norms

Category	Period as NPA	Secured Provision	Unsecured Provision
Sub-Standard	Up to 12 months	15%	25%
Doubtful (up to 1 year)	12-24 months	25%	100%
Doubtful (1-3 years)	24-36 months	40%	100%
Doubtful (over 3 years)	Beyond 36 months	100%	100%
Loss	Identified as uncollectible	100%	100%

Practical NPA Verification Techniques

Auditors employ several techniques to verify the accuracy of NPA classification. The CBS exception report for overdue accounts is the starting point, but auditors must go beyond automated reports to identify potential NPAs that the system may have missed. This includes examining accounts where frequent credits are made just before the due date to prevent NPA flagging (known as evergreening), reviewing accounts where interest has been debited but not actually recovered from the borrower, checking whether accounts classified as standard have genuine business activity justifying the credit turnover, examining restructured accounts to verify compliance with restructuring terms, and testing a sample of standard accounts for hidden stress indicators such as frequent overdrawing, declining turnover in cash credit accounts, or requests for ad hoc limits.

Auditing in the CBS Environment

The Core Banking Solution has transformed bank operations by centralizing all transaction processing, account management, and reporting on a single technology platform. For auditors, CBS creates both opportunities and challenges. The opportunities include access to comprehensive data, automated reports, and system-enforced controls. The challenges include the need to understand complex IT systems, the risk of over-reliance on system-generated reports, and the requirement to test IT general controls alongside financial statement assertions.

Major banks in India use platforms such as Infosys Finacle, Oracle Flexcube, TCS BaNCS, and FIS Profile. Each platform has its own navigation interface, report generation capabilities, and user access control mechanisms. Auditors assigned to a bank must receive orientation training on the specific CBS platform to effectively navigate the system and extract audit-relevant data. Key CBS reports that auditors routinely use include the trial balance and branch financials, advances aging report showing overdue accounts, NPA register with classification details, interest suspense account details for NPA accounts, large deposit report, dormant and inoperative account listing, exception and override transaction reports, and user access and privilege reports.

IT Controls Testing in CBS

Auditors must evaluate the effectiveness of IT controls within the CBS environment as part of the branch audit. Key areas include logical access controls (user authentication, password policies, role-based access), segregation of duties (ensuring no single user can both create and approve transactions), transaction authorization controls (checking that override limits are appropriate), data backup and recovery procedures, and input controls validating data accuracy. Weaknesses in IT controls should be documented in the LFAR and communicated to the bank's management and IT department.

LFAR Preparation: The Comprehensive Reporting Framework

The Long Form Audit Report is a structured questionnaire that branch auditors must complete and submit to the bank's statutory central auditors. The LFAR format is prescribed by ICAI in consultation with RBI and covers every significant aspect of the branch's operations. A well-prepared LFAR requires thorough audit work and provides valuable information to both the bank's management and the regulatory authorities.

The LFAR is organized into sections covering general branch information including business size and staff strength, advances management including credit appraisal quality, sanctioning authority compliance, documentation adequacy, security creation and valuation, NPA identification accuracy, provisioning adequacy, and compliance with RBI exposure norms. It also covers deposit operations, housekeeping quality, compliance with KYC and AML norms, fraud reporting, information technology controls, and any other matters the auditor considers significant. Each section requires specific observations based on audit procedures performed, not generic or boilerplate responses.

LFAR Best Practices

Experienced bank auditors follow several best practices in LFAR preparation. They document specific findings with account numbers and amounts rather than making vague observations. They distinguish between systemic issues (which indicate control weaknesses) and isolated exceptions (which may be individual errors). They quantify the financial impact of findings wherever possible, enabling the central auditors and management to prioritize corrective action. They maintain consistency between LFAR observations and the audit report qualifications. They ensure that prior year LFAR findings have been followed up and report whether corrective action has been taken. And they submit the LFAR within the prescribed timeline to avoid delays in the overall audit process.

Concurrent Audit: Continuous Assurance Methodology

Concurrent audit is a systematic examination of financial transactions on a regular basis to ensure accuracy, authenticity, compliance with procedures, and guidelines as prescribed by the bank and regulatory authorities. Unlike statutory audit which is retrospective, concurrent audit provides near real-time assurance and serves as an early warning system for irregularities and compliance failures.

RBI mandates concurrent audit for branches with deposits of 500 crore rupees or more, branches with advances of 500 crore rupees or more, all specialized branches handling treasury operations, forex operations, and large credit processing. The concurrent auditor is typically present at the branch during business hours and reviews transactions on a daily or weekly basis, submitting monthly reports to the bank's inspection department.

Concurrent Audit Coverage Areas

The concurrent auditor's daily checklist typically includes verification of all new loan sanctions and disbursements against sanctioned limits and terms, review of large cash transactions above the threshold prescribed under Prevention of Money Laundering Act, verification of foreign exchange transactions including documentary compliance, checking interest rate applications on new deposits and renewals, review of override transactions in CBS requiring management authorization, verification of vault cash and its reconciliation with CBS records, monitoring of clearing operations and reconciliation of inter-branch accounts, and review of new account opening documentation for KYC compliance.

RBI Regulatory Framework for Bank Audit

The Reserve Bank of India's regulatory framework governs every aspect of bank audit. Key RBI Master Directions that auditors must be familiar with include the Master Direction on Income Recognition and Asset Classification (IRAC) which prescribes the norms for NPA identification, classification, and provisioning. The Master Direction on Frauds Classification and Reporting prescribes the framework for fraud identification and reporting obligations. The Master Direction on Know Your Customer prescribes KYC and AML compliance requirements. The Master Direction on Priority Sector Lending prescribes the targets and classification norms for priority sector advances. Auditors must also monitor RBI circulars issued during the audit period for any changes that affect the financial statements or compliance requirements.

RBI's expectations from bank auditors have evolved significantly over the years. Beyond the traditional verification role, RBI now expects auditors to assess the adequacy of risk management frameworks, evaluate the effectiveness of internal controls, report on compliance with regulatory guidelines, and provide early warning on emerging risks. This expanded role requires bank auditors to develop capabilities in risk assessment, data analytics, and regulatory compliance beyond traditional financial statement audit skills.

Your Action Step This Week

Download the latest ICAI Guidance Note on Bank Audit and the RBI Master Direction on Income Recognition and Asset Classification. Study the NPA classification norms and prepare a flowchart showing the decision tree for classifying an advance as Standard, Sub-Standard, Doubtful, or Loss. Practice identifying NPAs using sample account data with different overdue periods.

Time Needed 5-6 hours over one week

Tools ICAI website, RBI Master Directions, NPA classification flowchart

Outcome A clear understanding of NPA classification norms with a ready reference flowchart for audit fieldwork

Real Student Story

Rajesh, a CA who qualified in 2023, was assigned his first bank branch audit as an audit assistant at a mid-size audit firm. The branch was a large semi-urban branch of a public sector bank with advances of over 200 crore rupees. Feeling underprepared, Rajesh spent two weekends before the audit studying the ICAI guidance note and the bank's CBS platform documentation. During the audit, his thorough review of the advances portfolio identified three accounts totaling 4.5 crore rupees that had been incorrectly classified as standard despite meeting the NPA criteria. His findings were significant enough to affect the branch's profitability figures and provisioning requirements. The engagement partner was impressed with his diligence, and the bank's central auditors specifically commended the quality of the branch LFAR. This experience launched Rajesh's specialization in bank audit -- he now leads a team of six and handles eight branch audits annually, earning recognition as a skilled bank auditor within his firm.

What Banks Look for in Branch Auditors

Bank managements and audit committees value branch auditors who complete their work within the prescribed timeline without compromising quality, understand the CBS environment and can navigate system reports independently without excessive reliance on branch staff, identify genuine issues in NPA classification rather than raising trivial observations that consume management's time, prepare comprehensive LFAR reports with specific findings rather than generic comments, maintain professional independence despite the relationship-building pressures in recurring appointments, and communicate findings constructively, enabling the branch manager to take corrective action. Auditors who consistently demonstrate these qualities are more likely to be recommended for larger branches and specialized audit assignments.

Frequently Asked Questions

Bank branch audit covers verification of the advances portfolio including NPA classification and provisioning, deposit verification, income recognition compliance, off-balance sheet items, cash verification, internal controls review, and preparation of the Long Form Audit Report covering all areas prescribed by RBI and ICAI.

NPAs are classified as Sub-Standard (up to 12 months, 15-25% provision), Doubtful (12+ months, 25-100% provision based on period and security), and Loss (100% provision). The 90-day overdue norm applies for identification. Provisioning rates differ for secured and unsecured portions of the advance.

LFAR (Long Form Audit Report) is a detailed questionnaire-based report covering advances management, deposit operations, documentation, security creation, NPA accuracy, housekeeping, IT controls, and regulatory compliance. It is submitted alongside the audit report and provides critical input for the bank's central auditors and RBI.

CBS centralizes all transactions and reports, requiring auditors to understand platforms like Finacle, Flexcube, or BaNCS. Auditors must verify system-generated NPA classification, test automated controls, review user access permissions, examine exception reports, and validate data integrity between branch and central records.

Concurrent audit is continuous assurance conducted at branches during business hours, reviewing daily transactions for policy compliance, verifying loan disbursements, monitoring cash operations, checking KYC compliance, and reporting exceptions monthly. RBI mandates it for branches above specified business thresholds.

Opportunities include statutory branch audit through ICAI panel, concurrent audit appointments, central statutory audit of smaller banks, specialized audits like revenue and credit audit, risk-based internal audit positions within banks, and consulting roles in regulatory compliance and technology audit.

Key Takeaways

Bank audit operates within a highly regulated RBI framework requiring specialized knowledge beyond general audit practice
NPA classification using the 90-day norm and appropriate provisioning verification is the core of branch audit
CBS proficiency in platforms like Finacle, Flexcube, or BaNCS is essential for effective audit procedures
LFAR preparation requires specific, quantified findings rather than generic observations to add value
Concurrent audit provides continuous assurance and is mandated by RBI for branches above specified thresholds
Bank audit offers diverse career paths from branch audit to concurrent audit, credit audit, IS audit, and internal audit roles

Ready to Excel in Bank Audit Practice?

CorpReady Academy's practical training programs include specialized bank audit modules with CBS simulation exercises, NPA classification workshops, and LFAR preparation templates. Build the skills that make you a sought-after bank auditor.

Explore CorpReady Programs Explore Tools Talk to an Advisor