INTERNAL AUDIT DIVISION

Internal Audit

Corporate Audit
Department

Field Audit
Department

Information
System Audit

Planning &
Coordination Unit

Policy
Coordination &

Management
Audit Team -I

Implementation
Unit-I

Systems &
Operations Audit
Unit

Management
Audit Team-II

Implementation
Unit -II

Databases &
Applications

Implementation
& coordnation

Commercial
Audit Unit

Networks &
Communication
Audit Unit

AIMS
Appraisal of operations and control to determine whether policies and procedures are
being followed carefully and all resources are used efficiently and judicially

Objectives
Review and appraise the soundness, adequacy, and application of accounting and financial
control and promoting effective control at reasonable cost
Ascertain the extent of compliance with established policies, plans and procedures.
Ascertain to the extent to which the bank assets are accounted for and safeguarded from
losses of all kinds
Ascertain the quality of performance in carrying out assigned responsibilities
Ascertain the reliability of management data developed within the bank
Conduct/Arrange audit of H.O. departments & H.O. units in the field
Recommend operational improvements

FUNCTIONS

 Carry out systematic examination of books of accounts and records maintained by the
Zonal Offices/branches through Audit Zones in order to high-light deviations from
rules and regulations

Over-see and exercise vigilance over Field operations of the Bank.

Check that financial powers are exercised judiciously by the competent authority.
Appraise the quality of performance in carrying out assigned responsibilities.
Recommend operational improvements.

Ensure that systematic examination/audit of books of accounts, vouchers and other

ope r at i ons of t he Br a nc h i s c a rr i e d out b y t he Audit Zone s a s pe r Audi t
Manual/standing instructions and to high-light deviation from rules, regulations and
procedures
Examine the SVP's reports of the branches, Management Audit reports of the
zonal offices, Special Audit Reports and Project Audit reports and to take appropriate
action.
Identify scope of improvement in the operational efficiency of the Bank.
Prepare memo for Audit Committee of DOD and for other meetings based on
reports the Audit Zones.
Issue circulars/circular letters on Audit Policy matters.
Deal with administrative matters of Audit Dept. at HO/Field Audit Zones.
Coordinate with Audit Zones and other departments at H.O.
Prepare periodical Audit Report of the Bank.
Ensure correct processing and investigation of loan cases by the Field
functionaries in the branches through Audit Zones in the field.
Conduct/arrange audit of H.O. departments and H.O. units in the Field.
Audit the management, planning and organization of Information Systems Strategy.

CORPORATE AUDIT DEPARTMENT

CORPORATE AUDIT
DEPARTMENT

Implementation &
Coordination Unit

Management Audit Team

-I

Management Audit Team

-II

AIM
Thorough scrutiny of H.O. financial transactions to ensure efficient and judicious use of
Bank's resources

OBJECTIVES
Conduct periodical review of organizational set-up, changes if any introduced in
the set up. Delegation of Authority, policies and procedures, business plans
and operational strategies devised by Management, keeping in view, the approved
Corporate Mission.
Conduct/arrange Annual Audit of H.O. Departments and H.0 units in the field
Ensure that the expenditures are sanctioned as per the financial and administrative
powers assigned within the budgetary provisions and Bank's rules and
regulations are d y observed.
Ensure that payment is made to genuine payee, properly acknowledged,
correct y classified and recorded.
Ensure that errors and omissions are promptly rectified.
Arrange periodical verification of stock and depreciation charged thereon with a
view to check its accuracy.
Detect weaknesses in system and to recommend remedial measures thereof
based On Audit reports in respect of H.O. Departments and Audit units in the Field.
Handing over/taking over of relevant files and records where functions have been
transferred from one unit to another, from one department to another or from
one Division to another.
Perform administrative functions for the department such as sanctions of leaves, approval

of tour programs, etc.

1. Implementation and Coordination Unit

1.1 Pursue the departments at H.O. and audit / H.O. units in the Field to ensure
compliance of audit observations.
1.2 Arrange settlement of audit paras.
1.3 Keep updating of statistics of audit observations raised/settled and pending audit
paras.
1.4 Deal with administrative matters of the Department including preparation of budget,
maintenance of leave record etc. and other miscellaneous administrative matters.
1.5 Perform administrative functions for the Department such as sanction of leaves,
approval of tour programs, approval of travel allowance etc.

Post Audit Section

Check the vouchers and ensure the booking of expenditure against the
proper G Head.

Ensure that the expenditures are properly sanctioned within the budgetary

provision and to verify the authenticity of bills/receipts.

Ensure that all pre-requisites of payment have been completed.
Check the genuineness of payee and proper acknowledgement.
Check that all the relevant documents are attached with the vouchers.
Verify arithmetical accuracy and check that all procedural formalities have been
completed.
Ensure that vouchers/advices have been signed by the authorized officers.
2.

Management Audit Team - I &II

2.1 Conduct Annual Audit of the departments at H.O. in the light of applicable
rules, regulations, policies and procedures with a view to assess that all
functionaries are performing their duties efficiently and judiciously.
2.2
Conduct the Annual Audit zones and other H.O. units located in the field
2.3
Periodical verification of capital items and depreciation charged at H.O.

FIELD AUDIT DEPARTMENT

FIELD AUDIT
DEPARTMENT

Commercial
Audit Unit

Planning &
Coordination Unit

Implementation
Unit-I

AIM
Appraisal of operations and control to determine whether policies and procedures are
being followed carefully and all resources are used efficiently and economically

Implementation
Unit-II

OBJECTIVES

From the Internal audit perspective, document the Internal Control System designed
and

put in effect by the Management. Understand and evaluate internal control at the
Entity Level and at the Process, Transaction or Application Level on an ongoing
basis. Keep track of changes vis--vis internal controls introduced by Management
from time to time and update audit working manual.
Establish evaluation system of overall effectiveness of Internal Control System,
identify areas for improvement and enforce suitable audit methodology.
Prepare Annual Audit Plan, keeping in view, Credit, Operational, Compliance and
Market risks etc. Coordination with concerned divisions and departments for
assessment of risk profile of the Bank and align the audit approach with the risk
appetite and mitigation system implemented by Management.
Conduct review of the changes in Systems and Procedures developed by
Business Development & Marketing Department as an ongoing process.
Review and appraise the extent of compliance with established policies, plans
and procedures.

INFORMATION SYSTEM AUDIT DEPARTMENT

INFORMATION SYSTEMS AUDIT
DEPARTMENT

Policy Coor. &

Implementation
Unit

Systems &
Operations Audit
Unit

Databases &
Applications
Audit Unit

AIM
Determine the adequacy of security and controls in the Information Systems
environment by assessing technology practices, policies, procedures.

Provide reasonable assurance that business objectives are reasonably achieved.

Networks &
Communication
Audit Unit

Suggest measures with the objective that undesired events are prevented or
detected and corrected.

OBJECTIVES
Provide reasonable assurance that ZTBL's IT infrastructure, control and
governance processes are adequate and functioning in a manner to ascertain quality output. Sufficientl y evaluate control environments in computer application
development, implementation and maintenance process.

FUNCTIONS
1. Conduct periodical audit of IT infrastructure and operational practices to Provide
reasonable assurance for adequate functioning of Bank's IT infrastructure to ascertain:
Risks are appropriately identified and managed.

Important financial, managerial and operating information is framed as per Bank's rules/
regulations and standing instructions.
User actions are compliant to the system and procedures prescribed for the
purpose. IT resources are acquired economically, used efficiently and adequately
protected.
Programs, plans and objectives are achieved.

Quality and continuous improvement are fostered in the control process.

Sufficiently evaluate control environment in computer application development,

implementation and maintenance process and database implementation/ administration
covering areas like:
Software development/acquisitions standards
Database control procedures
Change control procedures
Source code and executable libraries
Documentation
SOPs
Pre and post implementation reviews
3.
Determine whether network and associated components are securely placed into
production, the network re-sources are appropriately monitored and adequate control are in place
to ensure the security and recoverability of the networks.

2. DATABASE & APPLICATIONS AUDIT UNIT

2.1

Conduct audit of information systems application development environment and of database

designing & administration. Sufficiently evaluate control environments in computer application
development, implementation and maintenance process and database administration.
2.2
Review user interface of systems, subsystems and software applications.
2.3 Assess information technology control elements to mitigate information technology risks regarding
the confidentiality, integrity and availability of business information by reviewing areas like:
Software development standards
Database security control

Change control procedures

Source code and executable libraries
Documentation
SOPs
Pre and post implementation reviews

2.4
2.5
2.6

2.7

Assess the utilization, integration, maintenance and enhancement of software applications.

Prepare audit findings regarding the efficiency, accuracy and security of software programs and
databases.
Review the efficiency and effectiveness of basic operational areas e.g.
Access Permission
Security & Confidentiality
Business Continuity
Management
Budget & Procurements
Projects & Feasibilities
Managing the change
Process re-engineering
Trainings
Prepare audit reports in a timely manner.

3. NETWORKS & COMMUNICATION AUDIT UNIT

1.

Plan and manage network communication audits to determine whether network s and associated
components are securely placed into production, the network's resources are appropriately
monitored, and adequate controls are in place to ensure the security and recoverability of the
networks.
1. Audit activities associated with a LAN/WAN/Internet. Review network design and installation,
monitoring and analysis of existing hardware and software and evaluation of network security
controls.
1. Plan and manage network and communication audits covering areas like:
LAN/WAN design/ topology
Security architecture
o Firewalls
o IDS
o Routers
4.
Audit the tuning and capacity planning activities associated with the performance of network
resources.
5. Review operating systems and security software utilized on the network including the addition
of new users to the network and the establishment of rights and privileges.

4.

Review the efficiency and effectiveness of basic operational areas e.g.

Access Permission
Security & Confidentiality

Business Continuity
Management
o

Budget & Procurements

Projects & Feasibilities

Process re-engineering

Trainings

Managing the change

7. Prepare audit reports in a timely manner.

4. POLICY, COORDINATION & IMPLEMENTATION UNIT

Deal with all administrative, financial, policy and miscellaneous matters of the
Department.

Coordinate with other departments at Head Office to dispose of official matters.

Evaluate/analyze audit reports received from Audit Teams.

Pursue for arranging compliance of outstanding audit observations from the concerned
offices.

Prepare plan of audit teams and implementation thereof.