Compliance Audit and Risk Based Supervision

An audit is basically an inspection of the financial accounts, transactions and conduct of an entity or company undertaken by supervisory authorities. Compliance Audit and Risk Based Supervision (Audit) are two prominent forms of audits. In finance sector across the world, regulators are gradually shifting from compliance audit to risk based audit because of the  advantages associated with RBS in addressing emerging risks.     

What is a Compliance Audit? 

A compliance audit is a comprehensive review of the processes and practices of an organization over a period to assess adherence to regulatory guidelines. In a regulated environment, the entities overseen are required to conduct business within the broad parameters set by the regulator. These parameters are prescribed considering the objectives of the industry of the  entity, to safeguard the interest of various stake holders and also with the ultimate aim of ensuring consistent and orderly growth of the particular industry.  

RBS, RBA Compliance audit, regulator, Audit, super vision, Risk Based Super vision, Risk based audit, compliance, risk

Composition of Board, broad parameters to be adhered by board while taking decisions, independent accounting, independent audit, security of IT systems, risk management process, fraud prevention steps, minimum capital requirement, ceilings for investments and borrowings etc are some of the common parameters normally prescribed by various regulators. 

Compliance audit can be described as an assessment made by the regulator on periodical basis to ensure compliance of the entity to these guidelines. The organization should be in a position to prove compliance through documentary evidences.  Under compliance audit, normally common yard sticks are employed to assess various entities irrespective of the business model and size of the entity.  

What is a Risk Based Supervision (RBS)?

Risk Based Supervision (RBS) is also termed Risk Based Audit (RBA). In RBS, the assessment is on the basis of effectiveness and efficiency of integrating risk concepts into the strategies and  policies employed by the organization for business growth. 

A risk in finance represents the uncertainty associated with any investment or business decision. Risk is the possibility that the actual return on an investment may be different from its expected return or that actual outcome of a decision may vary from the intended outcome. 

A Risk Based Supervision attempts the following:  
i.    Understanding the specific risks that may impact the company objectives; 
ii.    Assessment of existing measures and proposed strategies for managing specific risks; and 
iii.    Assessment of the effectiveness of the mechanism for monitoring risk, processes for internal auditing, and reporting practices and procedures. 
Thus, the Risk Based Supervision concentrates on the evaluation of existing risks, the process in place to identify emerging risks, measures to avoid risks and the effectiveness of risk control processes. 

Supervisory stance on an entity depends on the probability of failure of the entity based on the risk assessment and the impact on the industry, in case of failure of the particular entity. The periodicity and intensity of the RBS of an entity may also vary based on these parameters. 

What are the major differences between Compliance Audit and Risk Based Supervision? 

Compliance audit is basically a postmortem of the activities of the organization and also assessment of adherence to the supervisory prescriptions. Focus of compliance audit is on history as it covers the transactions of a previous period. It need not give any indication as to what is going to happen in future. Further, same yard stick is applied for all entities under the regulator irrespective of the nature of business, volume of business and the impact that the failure of the organization can have on the industry and country. 

Under Risk based supervision, each entity is assessed based on the risk profile of the entity,  risks undertaken and the risk practices followed. If the organization is aware of the risks undertaken and if adequate mitigants and controls are in place to tackle such risks, an organization is said to have a good risk culture. The approach taken by the regulator under RBS varies from company to company based on the volume of business and the inherent risk involved in the business model. Under the RBS assessment of both existing and future risks are covered. Thus RBS can be described as an audit with futuristic view. 
 

Leave a Reply

Your email address will not be published. Required fields are marked *