Azilon Risk Auditor is designed as
per RBI's guidelines and focuses on risk identification,
prioritization of audit areas and allocation of audit
resources in accordance with the risk assessment.
While focusing on effective risk management and controls,
in addition to appropriate transaction testing, Azilon
Risk Auditor offers suggestions for mitigating current
risks and also anticipates areas of potential risks
and plays an important role in protecting the bank
operation from various risks.
Azilon Risk Auditor enables risk
calibrated planning, execution and management of audit
process. It identifies risk in a systematic manner
thus reducing the likelihood of failure in the auditing
process. The focus is on auditing resources where
the impact of risk may be high. Azilon Risk Auditor
minimizes unwarranted audit intervention resulting
in smoother workflow leading to effective audits.
With the progressive deregulation
and liberalization of the financial sector, banks
are increasingly exposed to various kinds of risk
- both financial and non-financial. Efficiency of
every bank depends on how effectively it manages the
risks and in ensuring a competitive risk adjusted
return on capital. A sound internal audit function
plays an important role in contributing to the effectiveness
of the internal control system. It provides the management
with accurate information on the effectiveness of
risk management and internal controls including regulatory
compliance by the bank.
Banks currently depends on Score
Based Rating system, which deals with verification
of data accuracy and transaction testing but does
not provide any opinion on the qualitative dimension
of business management including risk management.
As such, there is a need for redefining and redirecting
the scope of audit so as to take care of adoption
of modern tools of risk management, adequacy and effectiveness
of such tools, as well as to assist the business units
to mitigate the risks. All these objectives are achieved
with implementation of Azilon Risk Auditor system.
Azilon Risk Auditor streamlines
and supports the following processes:
Entity Definition:
This enables the administrator to define entities,
maintain all details and lay down hierarchical structure
for product line, geographical units and organization
(including matrix reporting structure).
Content Development:
This allows Audit Content Manager to define the content
of audit including the Business Risk Template, Control
Risk Template, Processing Format and the Audit Unit
profile Templates.
Identifying Significant Business
Entities:
The Program Manager can select significant business
entities based on initial set of data, returned by
respondents associated with various entities. Based
on past audit dates, Program manager can decide on
taking up selected entities for further investigation
and assign auditors to specific units.
Auditor Assessment:
Auditors analyze the data/response, after collection
and then assign rating to each parameter. To facilitate
the process, the Auditor has been given access to
analytics tools, including rating capability for quantitative
parameters based on certain predefined rules. These
rules would have to be defined by the Program Manager
and are extremely flexible. The Auditor also rates
individual incidents, based on the data and feedback
collected, about severity and frequency.
Audit Reviewing:
Higher authorities including the Process Manager with
Competent Authority reviews and finalizes the audit.
Risk Ranking:
Analysis leads to generation of BC Matrix (Business
risk versus Control risk matrix), FSI/ZTL Reports,
Irregularity Reports, RBIA final reports.
Managing Irregularities:
The Processing Manager with Competent Authority handles
the irregularities upon escalation process. The auditor
and the processing manager are involved to discuss
about the irregularity.
Carry over of Audit Details:
The Audit Unit profile Data as well as reported irregularities
gets automatically carried over to the next audit.