The Evolving Role of Internal Auditors (IA) in NBFC Risk Management

Deepti Rathor

The NBFC sector in India has seen phenomenal growth in terms of size, operations, technological & digital sophistication with entry into newer areas of financial services and products. We have witnessed RBI cut the arbitrage of NBFCs and moved to bank-like regulations. The RBI from time to time has come up with a slew of measures to shield the sector from all angles especially post ILFS and DHFL crises to avoid any systemic slipovers. This evolution has made it extremely necessary for the control functions such as internal audit to pull up their socks and gear-up rapidly to meet the demanding stakeholder expectations and stay attuned to the evolving NBFC risk landscape.

In the past we have seen internal auditors been questioned on failures to locate material internal control lapses (we witnessed this big-time during Satyam & Punjab National Bank Scam). With the aftermath of every corporate collapse and upon root cause analysis it was understood that these collapses could have been averted or at least forewarned if a strong internal audit mechanism was in place. Since then and now the internal audit function has evolved and today we find internal audit standing as the 3rd line of defence and supporting in sound corporate governance and risk management in almost every organisation.

Lately in 2021, internal audit in the NBFC sector became talk of the town and came under the spotlight when RBI issued a circular on Risk Based Internal Audit (RBIA) mandating implementation of the RBIA framework by March 31, 2022 for select NBFC’s with an asset size and above. The internal audit of these NBFC’s has been directed to undertake risk assessment (as per the RBI guidance) and plan audits in the pecking order of perceived business risks & its severity so that all high-risk areas are assessed and reviewed first. This directive from the Regulator was seen to be a welcoming change for the financial service industry clearly indicating the direction of the regulators towards a risk and control environment.

Given the RBIA regulatory mandate, would like to touch upon 2 key underlining factors which contribute to an increase in opportunities for internal audit are;

  • Extensive products and digital innovations in the NBFC space:

With business & IT operations becoming more and more complex, today Management expects IA to not only provide advice for ongoing or future organisation endeavours but also to assesses if the business is undertaking its innovation and IT transformation initiatives in the best possible manner. To keep pace with this expectation, to foster and thrive in today’s digital ever-changing business environment it is very important for internal auditors to keep upgrading themselves with specialised skills & knowledge of not only auditing complex business processes and IT systems but also to have good knowledge of using IT tools & techniques for data collection and data analysis. With lack of such in-house expertise, today we find Heads of Internal Audit (HoIA) increasingly relying on third-party expertise who provide services for auditing these specialised areas. Information Technology and Cyber Security audit is the most common area where HoIA depend and rely on third party services these days.

  • Organisation striving to build a resilient and robust risk & control environment:

With the changes in the risk and controls landscape which leads to propensity for frauds, revenue and data leakages etc, boards and senior management have started to pay closer attention to their internal control frameworks so that they remain effective in preventing, detecting, and responding to such untoward situations. Here the expertise of Internal auditors is seen to be increasingly sought at a preliminary stage to seek assurance on any process even before its rolled out or on any IT system before its deployment or on any control at its design implementation itself so as to pre-test its effectiveness at a incipient stage and seek opportunities for improvement.

With great opportunites also comes great responsiblities and many challenges for the Internal audit to operate at its full potential. With RBI RBIA circular coming into effect, many of these challenges have got automatically addressed for select NBFC’s where the Regulator has empowered Internal Audit with sufficient authority, stature & position within the organisation. This step towards RBIA is perceived to be meeting the essential requirements of the NBFC sector.

To conclude, as the expectations from internal audit with respect to providing assurance on the efficacy of Internal Control systems, Risk Management and Corporate Governance continue to increase and evolve, the challenge for the internal audit department, today, is to grab this opportunity and reinforce its value proposition to position itself as an integral part of the corporate governance ecosystem. This requires;\

Also Read | Embracing the Unpredictable: The Evolving Role of Risk Management in Insurance

  • Fundamental cultural and mindset change towards internal audit. l Unprecedented Board and Senior Management support backed with “requisite department budget” for the IA function to operate and discharge its roles and responsibilities effectively. For boards and audit committees internal audit can be their first line of defence that they can very much rely on.

Views expressed by: Deepti Rathor, Director – Group Head Internal Audit, JM Financial

"Exciting news! Elets Banking & Finance Post is now on WhatsApp Channels Subscribe today by clicking the link and stay updated with the latest insights!" Click here!

Elets The Banking and Finance Post Magazine has carved out a niche for itself in the crowded market with exclusive & unique content. Get in-depth insights on trend-setting innovations & transformation in the BFSI sector. Best offers for Print + Digital issues! Subscribe here➔

Get a chance to meet the Who's who of the Banking & Finance industry. Join Us for Upcoming Events and explore business opportunities. Like us on Facebook, connect with us on LinkedIn and follow us on Twitter, Instagram & Pinterest.