National Bank of Pakistan Branch Audit Checklist

Evaluation of Internal Control System Doc. No. 1 May 2017 Page 1 of 12

1. OVERALL EVALUATION OF INTERNAL CONTROL SYSTEM

Objectives and Importance

A review of internal control system is the primary responsibility of internal auditors.

They are required to carry out necessary audit procedures to assess the adequacy of
design of internal control system of the entity and its implementation in order to render
an opinion on "the adequacy and effectiveness of the overall system of internal
control". Further increasing trend of frauds at the branches necessitates the review of
adequacy of the Internal Controls at the branches and controlling offices to highlight the
discrepancies to the branch management and their controlling offices for timely
corrective actions.

In this regards some key risk areas that usually lead to frauds are highlighted for
information of auditors. All the field auditors should specifically review these areas and
raise the exceptions accordingly, detail as under:

Key Risk Areas:

1. Incompetent branch Managers & Operations Managers having no capacity to

understand the risks associated with various types of branch operations and
methodology to address the risks.

2. Allowing unauthorized persons to the sensitive areas of the branch operations i.e.
Cash Departments, Accounts Department and Profile-CBA (System) through
unauthorized Sharing of IDs & Passwords.

3. Absence of dual control / electronic control over cash receipts & payments
(including government collections and pension payments) and General Ledger
entries resulting into non detection of the customer’s money pocketed by cashiers
well in time.

4. Non Supervision of DTRs / Review of individual transactions with relevant vouchers

on daily basis to detect flying / unauthorized entries well in time. Non adherence of
maker /checker rule.

5. Non perusal of outstanding NBP General Account entries / Suspense Account

entries resulting into hiding the flying / unauthorized entries. Non Focus on long
outstanding entries for their settlement/reversal.

Controlled copy, DO NOT duplicate For Internal Use Only

National Bank of Pakistan Branch Audit Checklist
Evaluation of Internal Control System Doc. No. 1 May 2017 Page 2 of 12

6. Non balancing of manually maintained accounts including Suspense A/C, Sundry

Deposits, DD Payable A/C, ATM Settlement A/C, etc. resulting into hiding the flying /
unauthorized entries.

7. Non compliance of the Treasury Rules related to government receipts / payments

and maintenance of relevant record.

8. Non verification of Gold ornaments in presence of authorized officers in the branch

premises or at Goldsmith shop resulting into accepting the over assessed / fake
gold ornaments as security for Gold Loans.

9. Non-keeping the gold ornaments and relevant evaluation certificate of goldsmith in

sealed bags under dual control.

10. Ineffective monitoring of branch operations by RMTs and Compliance Officers.

11. Non rotation of staff as per approved policy.

12. Non availment of mandatory leaves by the branch staff.

13. Shortage of staff with reference to volume of branch operations.

14. Non-monitoring the life style of staff at branches by managers.

15. Nonfunctional / faulty CCTV camera and other security arrangements.

16. Delayed disciplinary actions against the delinquents Staff and involvement of
delinquent staff in day to day activities of the branch operations.

In order to verify the existence of the above said red flags, auditors should check / review
the working of branch covering audit period using sample techniques as mentioned in
Internal Audit Manual by at least adopting the following audit procedure / check list and
other check lists specific to the areas of operations, e.g. Advances, Deposits, Remittances.
The auditors may also check and highlight other significant areas of concerns as he / she
observed during the course of audit,

Audit Checklist

Level of risk Definition of Risk levels

Controlled copy, DO NOT duplicate For Internal Use Only
National Bank of Pakistan Branch Audit Checklist
Evaluation of Internal Control System Doc. No. 1 May 2017 Page 3 of 12

Observations that can seriously compromise the system of internal control and data integrity resulted in material
High Risk financial/ reputational loss required to be considered as High Risk (H). Higher volume of Violations related to Non
compliance of Regulatory Requirements should also be considered.
The control weakness is more likely to result in material loss of the bank's revenue or goodwill or material non-
Moderate compliance with the statutory requirements or the Bank’s policies and procedures. Compensating controls are
Risk generally not present to reduce the likelihood of any such loss or non-compliance. These areas would be
considered as Moderate Risk (M).
- The control weakness less likely to result in a loss of the bank's revenue or goodwill or non-compliance with
the statutory requirements or the Bank’s policies and procedures (not being a material loss or non-
compliance). However, compensating controls generally exist to reduce likelihood of any such loss or non-
Low Risk
compliance; or
- The observation is more in the nature of a procedural improvement rather than a control weakness.
These areas would be considered as Low Risk (L)

Audit Procedures Yes / Risk Remarks of

No or H/M/L Auditor/Audit
NA Observations
Policies & Procedures
1. Whether the laid down policies, NO H
procedures & circulars of the bank
pertaining to the branch operations are
communicated to all staff members of the
branch & properly understood?
2. Whether the approved code of conduct NO H
is communicated to all staff and got
signed by them for implementation?
3. Whether the staff is aware and compliant NO H
of laws & regulations including SBP, PRs
affecting their responsibilities?
Staffing
4. Whether the branch manager / operations NO H
manager and other staff members are
competent and experienced to perform
their duties in an efficient and effective
manner?
5. Whether the duties & responsibilities are NO H Duty list is not
properly segregated, defined and available at the
documented as JDs? branch
6. Whether the staff performs their duties & NO H Duty list is not
responsibilities as per JDs? available at the
branch
7. Whether the required trainings are provided to NO H All the staff is under
the branch staff enabling them to carry out trained and
their duties in an effective and efficient incompetent in
manner? handling CBA
8. Whether the Branch is sufficiently staffed NO H Proper computer
keeping in view the volume & scope of its literate staff is
activities? required at the
branch on immediate
basis

Controlled copy, DO NOT duplicate For Internal Use Only

National Bank of Pakistan Branch Audit Checklist
Evaluation of Internal Control System Doc. No. 1 May 2017 Page 4 of 12

Audit Procedures Yes / Risk Remarks of

No or H/M/L Auditor/Audit
NA Observations
9. Whether the staff rotation policy is properly YES H
implemented and no staff members are
overstaying in the branch in violation of
policy circulated vide letter no.
HRM&AG/PAW/2013/6322 dated
03.05.2013?

10. Whether adequate number of security NO

guards are posted in the branch and they
perform their security duties as per define
procedures?
11. Whether account statements of all types of YES H
accounts maintained by the staff members
(including clerical & non-clerical) are
reviewed / perused for identification of un-
authorized / un-usual transactions, if any?
12. Whether the payments made to the staff NA H
on account of late sittings (if any) is duly
approved by the competent Authority and
supported with the documentary
evidences?
Authorization & Approval of Transactions
13. Whether all the financial & non financial NO Non-financial register
transactions are reviewed and approved H is not generated at
by designated individuals at appropriate the branch.
levels of the branch?
14.Whether financial / non-financial NO H Non of the non-
transactions are duly authorized and financial transactions
properly documented? are authorized at the
branch.
15.Whether delegation of authority for NO H
approval of transactions is justified and
exist no conflict of interest in execution
of transactions?
16.Whether no blood relative or spouse of NO H
any staff is posted at the branch?
Documentation & Recording
17. Whether all financial and non-financial NO H Financial and non-
entries are adequately explained and financial transactions
supported with relevant documents / are not supported by
evidences? evidence/documents.
18. Whether all accounting records / books NO H
are updated on a timely basis?
Controlled copy, DO NOT duplicate For Internal Use Only
National Bank of Pakistan Branch Audit Checklist
Evaluation of Internal Control System Doc. No. 1 May 2017 Page 5 of 12

Audit Procedures Yes / Risk Remarks of

No or H/M/L Auditor/Audit
NA Observations
19. Whether no direct debit to the GL heads YES H
has been made to credit some one’s
account unauthorized for financial
accommodation?
20. Whether complete working of audit taken- YES H
up date and one complete day working in
every Quarter cross checked with the
supporting evidences in order to identify
flying entries / mis-posting etc.?
Reconciliations & Balancing of Books
21. Whether an effective reconciliation system NO H
in place for NBP General A/C, Accounts
with other banks or A/C with SBP, if any,
and periodic balancing of ledgers?
22.Whether the un-reconciled entries and NO H
differences in the balancing are
effectively perused with the concerned
authorities for their resolution?
23. Whether fixed assets of branch are placed YES H
under proper security and control?
24. Whether physical counts of assets are NO H Dead stock tagging
conducted and results thereof matched list is not available at
with the records on regular intervals? the branch therefore
they can not be
matched.
IT Related Controls
25. Whether physical access to the computer NO H
systems is restricted to authorized
personnel only?
26. Whether access to the information / data NO H User IDs and
on the systems is restricted with User IDs passwords are being
& Passwords to authorized staff and there shared at the branch
is no unauthorized Sharing of IDs /
Passwords?
27. Whether access to the system through YES H
user IDs of employee who have left branch
is effectively disabled?
28. Whether the CCTV system is installed at YES H
proper location and properly working for
recording and monitoring of suspicious
personnel / activities in the branch?
29. Whether CCTV recording has been NO H
retained as backup for at least 6 months

Controlled copy, DO NOT duplicate For Internal Use Only

National Bank of Pakistan Branch Audit Checklist
Evaluation of Internal Control System Doc. No. 1 May 2017 Page 6 of 12

Audit Procedures Yes / Risk Remarks of

No or H/M/L Auditor/Audit
NA Observations
for reference in case of need?
30. Whether workstations, Cash counter, NO
lockers entrance, strong room, ATMs are
properly covered in CCTV for future ready
reference?
Other Controls
31. Whether the approved timings for opening YES H
and closing of the branch are observed?
32. Whether the Smoke Detector, Fire Alarms NO H
and Fire Extinguishers are installed and
found operational in the branch &
periodically checked for maintenance?
Whether strong room / vault have not been NO H
used for other purpose like record room,
kitchen, stationery store etc. (The Cash
Vault must only contain Cash & Cash
Equivalents)?
33. Whether the Mandatory Leave Plan is NO H
prepared and leaves are allowed to staff
accordingly?
34. Whether access to the sensitive areas NO H
including Cash Department, Vaults,
Computers, etc. has been restricted to
authorized staff only/ No unauthorized
person works in the branch
35. Whether no unauthorized persons have NO H
been engaged at the branch for any
banking related assignments?
36. Whether handing over / taking over of NO H
charge, if any, by the Manager, Manager
Operations and Head Cashier were proper
and complete as per bank rules, during the
audit period?
37. Whether the staff performing duties as NA
reliever, is posted in the branch with
written Office Order / Email instead of
verbal instructions?
38. Whether the duplicate keys of vault / YES H
strong room are maintained with other
branch as per procedure and properly
checked / documented by incoming
branch manager?
39. Whether the charge handing over / taking NO H
over certificates, where applicable, were
sent to the Regional Office well in time?
40. Whether the life style of the branch staff YES H
commensurate with their salaries and

Controlled copy, DO NOT duplicate For Internal Use Only

National Bank of Pakistan Branch Audit Checklist
Evaluation of Internal Control System Doc. No. 1 May 2017 Page 7 of 12

Audit Procedures Yes / Risk Remarks of

No or H/M/L Auditor/Audit
NA Observations
allowances?
41. Whether the dual control over the receipts NO H
of Government Collections / taxes and
payments of Pensions are deployed?
42. Whether the door of the strong room NO H
remained closed during branch working
time?
43. Whether the keys of Safe/Vault were NO
handed over by the assigned officer being
on leave?
44. Whether the keys are not applied by other YES
than the authorized custodians?
45. Whether the branch book is maintained NO
and all updates have been updated by the
branch?
46. Whether the proceeds of Government NO H
collections are remitted to concerned
branch / Govt. Treasury on daily basis / as
per timelines advised by HO?
47. Whether the visit report of the RMT NO H
members and other Executives are
available in the branch and branch has
taken required corrective actions as per
recommendations given therein?
48. Whether the record of Govt. receipts and NO H
payments is maintained effectively and
necessary reconciliation is done
periodically?
49. Whether the customer / public dealing are NO H
being performed at the counters only?
50. Whether all the suppliers contracts like M
Janitorial Staff Contract, Rent Agreement,
mineral water Supplier etc. and report
abnormalities (if any)?
Information and Communication
51. Whether instances of frauds / wrong NO H
doings by staff, clients or external persons
are timely taken care at branch level
besides their timely reporting to controlling
offices for necessary action?
52. Whether periodical returns are timely NO H
submitted to controlling office after their
review for correctness?

Controlled copy, DO NOT duplicate For Internal Use Only

National Bank of Pakistan Branch Audit Checklist
Evaluation of Internal Control System Doc. No. 1 May 2017 Page 8 of 12

Audit Procedures Yes / Risk Remarks of

No or H/M/L Auditor/Audit
NA Observations
53. Whether Branch Management has issued NO H
the genuine certificates regarding
completion of various assigned tasks
including rectification status of
observations highlighted by the
Internal/External/SBP auditors?
54. Whether information / data required by the NO H
internal auditors or external agencies, if
any, are correctly and timely provided?
Handling of Complaints
55. Whether complaints of customers are NO H
properly attended and relevant record is
maintained properly?
56. Whether lodgment of complaint notified to NO H
concerned Regional Office and
acknowledgement of the complaints sent
to the complaint? (HO Inst. Cir # 19/14)
57. Whether the complaints not resolved NO H
within 30 days are communicated to
concerned Group / Division at HO for
taking proactive action?
58. Whether the important contact numbers, NO H
guidance and information related to
Unclaimed Deposits is prominently placed
on the Notice Board for information of
clients?
59.
Monitoring by the Manager
60. Whether there is an effective supervision NO H
of operations and activities in all areas?
61. Whether the Manager / Manager NO H
Operations supervise DTRs / Reviews
individual transactions with relevant
vouchers on daily basis to detect flying /
unauthorized entries well in time?
62. Whether the branch management takes NO H
timely corrective actions for rectification of
irregularities/ audit exceptions as pointed
out by internal / external auditors and SBP
inspectors?

Controlled copy, DO NOT duplicate For Internal Use Only

National Bank of Pakistan Branch Audit Checklist
Evaluation of Internal Control System Doc. No. 1 May 2017 Page 9 of 12

Audit Procedures Yes / Risk Remarks of

No or H/M/L Auditor/Audit
NA Observations
63. Whether the manager is responsive to H
internal and external audit
recommendations for control
improvements on a timely basis?
64. Whether the staff under suspension, if any, NA H
posted at the branch is not given any
operational assignment?
65. Whether the operational activities, if any, NO H
of the staff already involved / punished in
fraudulent activities are minutely
supervised by the branch manager to
restrict him / her from further fraudulent
activities?
66.Whether the manager adopts necessary NO H
measures to keep the staff motivated
such as removing their justified
grievances through counseling and
taking appropriate action?
67.Whether the Branch Manager NO H
(Conventional/ Corporate/ Islamic)
maintaining & updating of loss / incident
reporting MIS as required by Instruction
Circular # 03/2013 dated January 04,
2013?
68.Whether the Branch Manager NO H
(Conventional/ Corporate/ Islamic)
reporting all operational loss incidents
(except Fraud & Forgery) equal to or
exceeding Rs. 500,000, immediately to
the respective OIDC on a prompt basis
through the Initial Incident Report (IIR)?
69.Whether the Branch Manager NO H
(Conventional/ Corporate/ Islamic)
ensuring that Initial Incident Reporting
(IRR) reporting format of "Operational
Risk Loss Incident Reporting
Mechanism" is properly filled with no
column left blank before reporting.
70.Whether the Branch Manager NO H
(Conventional/ Corporate/ Islamic)
ensuring that Monthly reporting format
of "Operational Risk Loss Incident
Reporting Mechanism" is properly filled
with no column left blank before
reporting immediately after the month
Controlled copy, DO NOT duplicate For Internal Use Only
National Bank of Pakistan Branch Audit Checklist
Evaluation of Internal Control System Doc. No. 1 May 2017 Page 10 of 12

Audit Procedures Yes / Risk Remarks of

No or H/M/L Auditor/Audit
NA Observations
end?
71.Whether the Branch Manager NO H
communicating respective OIDC about
the current status of the open cases?
72.Whether the Branch Manager ensuring NO H
continuous monitoring of operational risk
exposure, losses and potential loss
events within Branch?
73.Whether various certifications, like NO H
updating KYC/EDD of top 100
depositors etc., issued by the branch
management to respective ROs/HO
from time to time are reflecting correct
figures/position?
Monitoring by Controlling Office
74. Whether the officials (RMT) from NO H
controlling office periodically visit the
branch as per approved frequency for
inspection and submit their reports
highlighting the weak areas with directives
for corrective action?
75. Whether the controlling office monitors & NO H
follows up for the compliance /
implementation of their directives given in
the visit reports of RMT?
76. Whether the Compliance Officer posted at NO H
the branch / vising Regional Inspector
performs his / her duties effectively by
highlighting the discrepancies for
corrective action?
77. Whether the controlling office monitors the NO H
timely compliance of the Exceptions of
Compliance Officers / findings of internal /
external auditors / SBP Inspectors and
takes actions to avoid their recurrence in
future?
78. Whether the periodical comparison of NO H
budget and actual performance of branch
is made and variances are investigated for
corrective action by the controlling office?

Controlled copy, DO NOT duplicate For Internal Use Only

National Bank of Pakistan Branch Audit Checklist
Evaluation of Internal Control System Doc. No. 1 May 2017 Page 11 of 12

Audit Procedures Yes / Risk Remarks of

No or H/M/L Auditor/Audit
NA Observations
79. Whether the Regional Head as NO H
Operational Incident Data Custodian
(OIDC) maintaining & updating of loss /
incident reporting MIS as required by
Instruction Circular # 03/2013 dated
January 04, 2013?
80.Does OIDC ensure that the every NO H
branch maintains the record of reported
incidents?
81. Whether the Regional Head reporting all NO H
operational loss incidents (except Fraud
& Forgery) equal to or exceeding Rs.
500,000, immediately to the respective
Group Chief/ Divisional Head with a
copy marked to Head ORMW, RMG on a
prompt basis through the Initial Incident
Report (IIR)?
82. Whether the Regional Head ensuring NO H
that Initial Incident Reporting (IRR)
reporting format of "Operational Risk
Loss Incident Reporting Mechanism" is
properly filled with no column left blank
before reporting immediately upon the
occurrence of the incident?
83. Whether the Regional Head submitting NO H
monthly report of incident losses to
Operational Risk Management Wing not
later that 10th day of every month?
84. Whether the Regional Head ensuring NO H
that Monthly reporting format of
"Operational Risk Loss Incident
Reporting Mechanism" is properly filled
with no column left blank before
reporting?
85. Whether the Regional Head NO H
communicating respective Groups/
Divisions along with operational Risk
Management Wing, RMG about the
current status of the open cases?
86. Whether the Operational Incident Data NO H
Custodian ensuring continuous
monitoring of operational risk exposure,
losses and potential loss events and
within their functional area?

Controlled copy, DO NOT duplicate For Internal Use Only

National Bank of Pakistan Branch Audit Checklist
Evaluation of Internal Control System Doc. No. 1 May 2017 Page 12 of 12

Audit Period: ______________ Branch / Auditable Entity Name: ________________

Prepared By: _____________________________________ Date: ______________

(Name and Title)

Reviewed / Supervised By: __________________________ Date: ______________

(Name and Title)

Note: The above said Checklist properly filled in and supported with the relevant
documentary evidences, where deemed necessary, should be retained as audit working
paper for future ready references.

Controlled copy, DO NOT duplicate For Internal Use Only