1. Internship Report
On
“Risk Based Internal Audit in
Bangladesh Bank”
Bangladesh Bank
(Central Bank of Bangladesh)
Asian University of Bangladesh (AUB)

2. Internship Report
On
“Risk Based Internal Audit in
Bangladesh Bank”
Prepared For:
Suresh Chandra Dey
Deputy General Manager
Internal Audit Department
Bangladesh Bank. Head Office
Prepared By:
Mohammed Anwarul Hoque
ID: 201310626; Section: A; Batch: 36th
Masters of Business Administration (MBA)
Department of Business Administration
Asian University of Bangladesh (AUB)
Submitted to:
Prof. Md Ashraf Hossain
Dean
Department of Business Administration
Asian University of Bangladesh (AUB)
Internship period: 4th
September to 30th
November/2014
Date of Submission: 17th
December/2014

3. PREFACE
To obtain my professional degree of MBA from Asian University of Bangladesh (AUB), I tried
my best to prepare a professional report on “Risk Based Internal Audit in Bangladesh
Bank”. Though, it is the requirement of MBA but I tried to make this report as a professional
member of Bangladesh Bank.
The discussing report is the terminal formalities of the internship program for the degree of
Masters of Business Administration (MBA) course of Department of Business Administration
of Asian University of Bangladesh (AUB), Bangladesh, which is compact professional
progress rather than specialized. This report has been prepared as per academic requirement of
after the successful completion of 3 (three) months internship organized at Bangladesh Bank
with a view to familiarizing the students with the practical implementation of knowledge
provided in the theoretical aspects.
It is my pleasure and great privilege to submit my report titled “Risk Based Internal Audit in
Bangladesh Bank” worked out at Bangladesh Bank during September to November 2014.
As the presenter of this report, I have tried my level best to get together as much information as
possible to enrich the report while working in the company. I believe that it was a fascinating
experience to work in the Internal Audit section and it has enriched both my knowledge and
experience.
However, after all this, as a human being, I believe everyone is not beyond limitation. There
might have problems regarding lack and limitation in some aspects and also some minor
mistake such as syntax error or typing mistake or lack of information. Please pardon me for
that mistake and clarify these information on those matters.

4. Letter of Authorization
It is my pleasure to certify that Mohammed Anwarul Hoque has successfully completed the practical
Internship program under my supervision at the Internal Audit Department, Bangladesh Bank, Head
Office, Dhaka, from 4th
September to 30th
November, 2014 on “Risk Based Internal Audit in
Bangladesh Bank” with excellent performance.
Mohammed Anwarul Hoque is also an employee of the Internal Audit Department, Bangladesh Bank
(Central Bank Of Bangladesh), Head Office, Dhaka.
I wish him every success in his life.
.......................................
Suresh Chandra Dey (Supervisor)
Deputy General Manager
Internal Audit Department
Bangladesh Bank
Head Office
Dhaka-1000.
Date17th December/2014

5. Letter of transmittal
December 17, 2014
Suresh Chandra Dey
Deputy General Manager
Internal Audit Department
Bangladesh Bank
Head Office
Dhaka-1000.
Subject: Submission of Internship Report on Risk Based Internal Audit in Bangladesh Bank.
Dear Sir,
With due respect & humble submission I have prepared this report on the topic “Risk Based
Internal Audit in Bangladesh Bank” as a part of my internship program. I believe that the
knowledge and experience that I have gathered during the internship program will be helpful
for my professional life. I will be grateful to you if you accept the report.
Your support in this regard will be highly appreciated.
Thanking you.
Sincerely Yours,
___________________
Mohammed Anwarul Hoque
ID: 201310626 Section A; Batch 36th
Masters of Business Administration (MBA)
Department of Business Administration
Asian University of Bangladesh (AUB)
Uttara Branch, Uttara, Dhaka

6. Acknowledgement
First I would like to thank almighty Allah for helping us, who gives us the ability, knowledge
and energy to complete the report paper. Especially I would like to thank my supervisor Prof.
Md Ashraf Hossain the Dean of Asian University of Bangladesh, who helped me a lot to do
this report successfully by giving a lot of instructions and making my practical knowledge
through this term paper. Without his instruction I would not able to prepare this report.
I eagerly and most authentically would like to express my sincere appreciation to my supervisor
at Bangladesh Bank Mr. Suresh Chandra Dey, Deputy General Manager. He gives me a great
flexibility to choose the topic, learning of different issues and help me to understand the
difference between theory and practice.
My Special thanks to Md.Sadrul Huda (F.C.A), General Manager, Mr. Badol Chandra Sharker,
Joint Director, Mrs. Most. Nahida Farzana, Deputy Director, Mr. Ishrat Nahid, Mr. Rabiul
Hossain, Assistant Director of Internal Audit Department, Bangladesh Bank for providing me
with all sort of information related to my report.
Finally, I would like to thank all my colleagues of Internal Audit Department of Bangladesh
Bank; their support has enabled me to complete this report. All of them have been very open
and friendly with me and provided me with all the information that I needed.

7. Executive Summary
Around the world, organizations face escalating financial, operational, strategic and physical
risks that have been increasing steadily in terms of impact, likelihood and complexity. This
should come as no surprise as the pace and complexity of change continues to accelerate
regardless of geography. Corporate governance, regulations and guidelines, financial reporting
requirements, operational efficiencies- all these factors drive the internal audit functions to add
value beyond any standard that has been set in the past.
Bangladesh Bank has introduced “Risk-based Internal Audit” approach in performing
internal audit activities of the Bank. In accordance with the Internal Audit Department charter
approved by the Audit Committee of the Board of Directors of Bangladesh Bank, the Internal
Audit Department (IAD) is to provide independent, objective assurance and consulting services
designed to add value and improve Bangladesh Bank operations. As mentioned in the charter,
IAD is committed to standards of best professional practice, such as International Internal
Auditing standards. The standards consist of Attributable standards, Performance standards,
and Implementation standards.
Bangladesh Bank, the central bank of Bangladesh, was established under the Bangladesh Bank
order, 1972, (President Order No.127 of 1972) after the glorious independence of Bangladesh.
Bangladesh Bank started its journey with the vision of continuous development as a forward
looking central bank with competent & committed professionals of the high ethical standards
for conducting monetary management and financial sector supervision to lead the economic
growth and development of the country. Bangladesh Bank is proud of its talented and skilled
employees. From the beginning this bank has been developing & modernizing its audit process
and practices. These activities are performed strictly by following the rules and regulation
started by BB which are very transparent & which elicit efficient result.

8. Table of Content
Chapter
01 ORIENTATION OF THE REPORT Page no.
1.1 Background of the Report 1
1.2 Objective of the Report 1
1.3 Origin of the Report 1
1.4 Methodology 1
1.5 Limitation of the study 2
Chapter02
Introductory on Bangladesh Bank
2.1 Background 3
2.2 Establishment 4
2.3 History 4
2.4 Vision 5
2.5 Bangladesh Bank Services 6
2.6 Mission 7
2.7 Core Function’s 9
2.8 List of Branches and Head Office’s Department 9
2.9 Organizational Structure 11
2.10 Current Board of Director 12
2.11 Current executive Committee 12
2.12 Foreign relation 13
2.13 Liquidity policy 13
Chapter03
Internal Audit Department (IAD)
3.01 Introduction 14
3.02 Mission of IAD 14
3.03 Scope of Work 14
3.04 Accountability 15
3.05 Responsibility 15
3.06 IAD Organizational Chart 16
3.07 Internal Audit Processes 17
3.08 The Challenges for Internal Audit 19
3.09 IAD Divisions 20
Chapter–04
Risk Based Internal Audit in BB
4.01 Operational Strategy 21
4.02 Internal Control & Internal Audit 22
4.03 Department Goals for the Period 2010-2014 23
4.04 How these objectives will be achieve (1-5) 23
4.05 Auditing of Foreign Reserve Management 26
4.06 Criteria for the Audit 27
4.07 Risk Management Framework in BB 28
4.08 Implementation of the Annual Plan 28
4.09 Auditable Units within BB 31
4.10 Reporting 32

9. Chapter–05
Findings & Recommendations
Conclusion & Recommendation 34
Appendix 35
Bibliography 36
Questionnaire 37

10. CCHHAAPPTTEERR -- 0011
ORIENTATION OF THE REPORT
ORIENTATION OF THE REPORT
1.1 Background of the Report 1
1.2 Objective of the Report 1
1.3 Origin of the Report 1
1.4 Methodology 1
1.5 Limitation of the study 2

11. 1.01 Background of the Report
MBA (Internship), being a mandatory course offered by the Asian University of Bangladesh
(AUB), bears the basic ideology to introduce the young graduates to the work-world as soon as
they reach the completion of post graduate studies to make them efficient and eligible for being
among the leaders of tomorrow.
1.02 Objectives of the Report
A study is very much guided by its objectives. The present study on “Risk Based Internal
Audit in Bangladesh Bank” is conducted towards attaining the following objectives stated
bellow:
To study the Bangladesh Bank profile.
To study the process practiced by Internal Audit Department (IAD) of
Bangladesh Bank.
To study the different strategies and their implementation in achieving the goals
of IAD.
1.03 Origin of the Report
This report is prepared as partial requirement of the 3-months internship program for the BBA
Program. Bangladesh Bank has given me the opportunity to complete internship program. The
intention of Internship Program was to give opportunity to the students to gain some real world
experience by working in a practical environment.
1.04 Methodology
The research is qualitative in nature. The practical experiences and observations during
internship and in-depth discussion with key informant lead us to our answers.
I have collected our data and information from the Internal Audit Department (IAD) in
Division-1, 2, 3 General & Implementation Section. I have also collected our relevant
information by meeting the higher authority both of the departments and Human
Resources Department-2. Some of the information is collected from internet and some are

12. collected from Bangladesh Bank website. The study has been conducted on the basis of
secondary information such as:
• Annual Report of Bangladesh Bank 2010-2011.
• Bangladesh Bank staff Regulation Act, 2003.
• Bangladesh Bank Administrative guidelines, 2003.
• Bangladesh Bank Leave Rule, 2003.
• Bangladesh Bank Accommodation Allotment Rule, 2003.
• Website of Bangladesh Bank.
• Different manuals & publications of Bangladesh Bank.
• Different information collect from different wings and desks
1.05 Limitation of the study
Some limiting factors were faced while preparing the report. Those could be summarized as
follows:
• No secondary issues found for preparing the report such as any report or research paper.
• As employees of Bangladesh Bank, there were limitations of personnel for disclosing
some data and information for obvious reason which might be very much useful.
• The intern could not able to accommodate and spend enough time to make an in-depth
study due to time limitation.

13. CCHHAAPPTTEERR -- 0022
Introductory on Bangladesh Bank
INTROEDUCTORY on BB
2.1 Background 3
2.2 Establishment 4
2.3 History 4
2.4 Vision 5
2.5 Bangladesh Bank Services 6
2.6 Mission 7
2.7 Core Function’s 9
2.8 List of Branches and Head Office’s Department 9
2.9 Organizational Structure 11
2.10 Current Board of Director 12
2.11 Current executive Committee 12
2.12 Foreign relation 13

14. 2.1 Background
Bangladesh Bank (BB) continued to focus on strengthening the financial system and improving
functioning of its various segments. The broad parameters of the reforms undertaken during the
year comprise ongoing deregulation of the operation of institutions within the BB’s regulatory
ambit, tightening of prudential regulation and improvement in supervisory oversight,
expanding transparency and market disclosure, all with a view to improving overall efficiency
and stability of the financial system. The following paragraphs highlight the recent regulatory
and supervisory measures initiated by BB for banks and finance institutions and also the
industry statistics of the banking sector and the performances trends. According to Bangladesh
Bank Order, 1972, it is necessary to establish a central bank in Bangladesh to manage the
monetary and credit system of Bangladesh with a view to stabilizing domestic monetary value
and maintaining a competitive external par value of the Bangladesh Taka towards fostering
growth and development of country’s productive resources in the best national interest.
# TYPES OF BANK #
The banking sector in Bangladesh consists of four types of scheduled banks namely State
owned Commercial Banks (SCBs), government owned Development Finance Institutions
(DFIs), Private Commercial Banks (PCBs) and Foreign Commercial Banks (FCBs).
At present there are four State-owned Commercial Banks (SCBs) operating in Bangladesh. The
second type- Development Finance Institutions (DFIs) that derive their funds mainly from the
government, other financial institutions and supranational organizations development banks
have taken a variety of specific forms, but most of them are oriented toward specific economic
activity or toward a region. There are five Development Financial Institutions (DFIs) in
Bangladesh.
The third category, i.e. private banks financed the development of the currently industrialized
countries. Frequently they were instrumental in identifying investment possibilities: arranging
for the importation of skilled managers, workers and raw materials; and taking initial steps
toward assuring markets for output.
Table: No. of Banks
Bank Types No. of Bank No. of Branches
SCBs 4 3386
DFIs 5 1362
PCBs 30 2082
FCBs 9 56
Total 48 6886
(Source: Bangladesh bank Annual Report 2009)
The profit motive stipulated lending to enterprises to promising sectors. In this category there
are thirty local private commercial banks and nine foreign commercial banks.

15. 2.2 Establishment
Bangladesh Bank, the central bank and apex regulatory body for the country's monetary and
financial system, was established in Dhaka as a body corporate vide the Bangladesh Bank
Order, 1972 (P.O. No. 127 of 1972) with effect from 16th December, 1971. At present it has
nine offices located at Motijheel, Sadarghat, Chittagong, Khulna, Bogra, Rajshahi, Sylhet,
Barisal and Rangpur in Bangladesh; total manpower stood at 5071 (officials 3914, subordinate
staff 1157) as of end FY 2010.
2.3 History
Bank and Central Banking: A Brief Concept
Concept in Brief
A central bank, reserve bank, or monetary authority is a banking institution granted the
exclusive privilege to lend a government its currency. Like a normal commercial bank, a
central bank charges interest on the loans made to borrowers, primarily the government of
whichever country the bank exists for, and to other commercial banks, typically as a 'lender of
last resort'. However, a central bank is distinguished from a normal commercial bank because it
has the monopoly on creating the currency of a nation, which is loaned to the government in
the form of legal tender. It is a bank that can lend money to other banks in times of need. Its
primary function is to provide the nation's Money Supply, but more active duties include
controlling subsidized-Loan Interest Rates, and acting as a lender of last resort to the Banking
Sector during times of financial crisis (private banks often being integral to the national
financial system). It may also have supervisory powers, to ensure that banks and other financial
institutions do not behave recklessly or fraudulently.
History
Strengthening the financial sector is a vital concern for an economy. Efficient banking or sound
financial system serves as an effective channel for mobilizing funds from savers to productive
sectors and thus helps to achieve economic growth. However, the idea of ‘Bank’ is so ancient
and this concept is evolving over time. Around the time of Adam Smith (1776) there was a
massive growth in the banking industry. Within the new system of ownership and investment,
the state's role as an economic actor changed substantially. The Jews in Jerusalem introduced a
kind of banking in the form of money lending before the birth of Christ. The word 'Bank' was
probably derived from the word 'bench' as during ancient time Jews used to do money lending
business sitting on long benches. First modern banking was introduced in 1668 in Stockholm
as 'Svingss Pis Bank' which opened up a new era of banking activities throughout the European
Mainland.
In the South Asian region a major landmark was the establishment of the Hindustan Bank in
1700 at Kolcutta. Dhaka Bank started to operate in1806. Banks established in this region
during the British period include Kurigram Bank (1887), Kumarkhali Bank(1896), Mahalaxmi
Bank, Chittagong bank(1910), Dinajpur Bank(1914), Comilla Banking Corporation (1914) and
Comilla Union Bank(1922). Major Indian Banks also had branches in this territory. In Europe
prior to the 17th century most money was Commodity Money, typically Gold or silver.
However, promises to pay were widely circulated and accepted as value at least five hundred
years earlier in both Europe and Asia. The medieval European Knights Templar ran probably
the best known early prototype of a central banking system. At about the same time, Kublai
Khan of the Mongols introduced Fiat Currency to China, which was imposed by force by the
confiscation of Specie. Although central banks are generally associated with fiat money, under

16. the international Gold Standard of the nineteenth and early twentieth century’s central banks
developed in most of Europe and in Japan, though elsewhere Free Banking or Currency Boards
were more usual at this time. Problems with collapses of banks during downturns, however,
was leading to wider support for central banks in the respective nations which did not as yet
possess them, most notably in Australia.
As the first public bank to "offer accounts not directly convertible to coin", the Bank of
Amsterdam established in 1609 is considered to be the "first true central bank". This was
followed in 1694 by the Bank of England, created by Scottish businessman William Paterson
in the City of London at the request of the English government to help pay for a war.
With the collapse of the gold standard after World War II, central banks became much more
widespread. The banking system at our independence consisted of two branch offices of the
former State Bank of Pakistan established in July 1948: one was in Bangladesh (former East
Pakistan) and the other was in West Pakistan (present Pakistan).
2.4 Vision

17. 2.5 ---- Bangladesh Bank services
Bangladesh Bank serves the people in many ways.
Online Foreign Exchange Transaction Monitoring System
Online Foreign Exchange Transaction Monitoring System is used for monitoring total
foreign exchange transactions of Bangladesh. The system includes Export, Import,
Inward remittance (Wage Earners' remittance and other) and Outward remittance
(Traveling and Miscellaneous). Through its services, Banks and AD Branches issue &
reports Foreign Exchange Transactions to Bangladesh Bank.
Users: Banks, AD Branch of Banks and Customs
Bangladesh Bank Tender System
Bangladesh Bank introduces the online tendering system to facilitate the procurement
process of Bangladesh Bank. The system will help you to participate in the local and
international tender/procurement of Bangladesh Bank.
Returns
An Online Portal Service for Scheduled Banks to submit Electronic Returns using
predefined template for the purpose of Macro Economy Analysis through related BB
Departments.
Users: All Schedule Bank
Special Foreign Currency Account Monitoring System (SFCAMS)
Online Special Foreign Currency Account Monitoring System is used for monitoring
FC account transactions of Bangladesh. Through its services, AD Branches of Banks
report day to day Transactions (Only Special FC A/C) to Bangladesh Bank.
Users: AD Branch of Banks
Online CIB services
To create a disciplined environment for borrowing, the automated CIB service provides
credit related information for prospective and existing borrowers. With this improved
and efficient system, risk management will be more effective. Banks and financial
institutions may furnish credit information to CIB database 24 by 7 around the year;
and they can access credit reports from CIB online.
Users: Banks and FIs

18. Online Agent Information Management System
This system is to be used to send the required information and documents by the
Authorized Dealer Bank for granting permission under Section-18A of Foreign
Exchange Regulation Act, 1947 to work as local agent of foreign principal(s).
2.6 Mission
We at Bangladesh Bank are carrying out its following main functions as the
Country’s central bank:
Formulating monetary and credit policies;
Managing currency issue and regulating payment system;
Managing foreign exchange reserves and regulating the foreign exchange market;
Regulating and supervising banks and financial institutions, and advising the
government on interactions and impacts of fiscal, monetary and other economic
policies.
Towards achieving these, our performance commitments to our diverse broad stakeholder
groups are as follows:
For the Nation
We shall catalyze and support socially responsible and environmentally sustainable
development initiatives, inter alia including fuller financial inclusion of under-served
productive sectors and bringing in needed new dimensions in financial markets and
institutions; to facilitate broad based growth in output, employment and income, for rapid
poverty eradication and inclusive economic and social progress.
For the government
We shall adopt and implement monetary and credit policies conforming to national priorities,
in coordination with government's fiscal and other macroeconomic objectives. We shall
optimize foreign exchange reserves and returns thereon, maintain stability in financial markets
curbing excessive volatility and provide analysis and advice to the government on issues in
economic management and development.
For depositors in banks and financial institutions, investors in financial assets
We shall ensure safety of deposits in licensed banks and financial institutions with on-site and
off-site supervision of their activities and with adequate financial information disclosure
requirements, besides insuring small deposits. We shall maintain an interest rate structure that
provides fair return on financial assets while also supporting growth in the real sector and we
shall promote and support development of markets in bonds and securities.

19. For banks and financial institutions in Bangladesh
We shall provide precise prudential regulatory, risk management and disclosure framework to
protect solvency and liquidity of individual institutions and stability of the overall financial
system, acting as lender of last resort if and when needed. We shall issue regulations and
enforce compliance therewith inter alia on capital adequacy, asset classification, income
recognition and provisioning, large exposure and risk management; through open consultative
processes. We shall maintain external sector viability with exchange rate stability and adequate
foreign exchange reserves. We shall provide a secure and quick payment settlement system.
We shall promote and support development of new financial products, services and
instruments.
For banks abroad
We shall maintain a solvent, liquid domestic financial system with precise prudential
regulatory, risk management and disclosure framework in line with global best practice
standards. We shall maintain external sector viability with exchange rate stability and adequate
reserves. We shall maintain a secure, quick payment system for settlement of claims.
For the business community, including farm and non-farm SMEs
We shall maintain liquidity conditions and credit policies ensuring adequate credit flows at
market driven flexible interest rates for all productive economic activities, including in sectors
like agriculture and SMEs where markets have not been very responsive. We shall foster
macroeconomic stability through monetary and external sector management. We shall promote
and support development of new financial products, services and instruments. We shall
maintain a secure and quick payment system for settlement of claims.
For Bangladeshis abroad
We shall facilitate remittances from your earnings abroad to Bangladesh through legitimate
banking channels free of involvement of money launderers or terrorism financiers. We shall
support and promote development of new investment opportunities for your remittances to
Bangladesh.
For our employees
We shall maintain an environment that reinforces our pride in being employees of Bangladesh
Bank with compensation structure adequate to attract and retain the best in the market, job
assignments and logistically well resourced work situations encouraging continuous learning
and rewarding innovativeness and performance excellence by fast tracking in career path, clear
delegation and delineation of responsibilities and accountabilities, fairness and objectivity in
performance appraisal and personnel placement decisions.

20. 2.7 Core Functions
Bangladesh Bank performs all the core functions of a typical monetary and financial sector
regulator, and a number of other non core functions. The major functional areas include:
Formulation and implementation of monetary and credit policies.
Regulation and supervision of banks and non-bank financial institutions, promotion and
development of domestic financial markets.
Management of the country's international reserves.
Issuance of currency notes.
Regulation and supervision of the payment system.
Acting as banker to the government.
Money Laundering Prevention.
Collection and furnishing of credit information.
Implementation of the Foreign exchange regulation Act.
Managing a Deposit Insurance Scheme.
2.8 List of Branches and Head Office Department
Branches
Barishal Office
Chittagong Office
Motijheel Office
Rangpur Office
Sylhet Office
Bogra Office
Khulna Office
Rajshahi Office
Sadarghat Office
Mymenshingh Office

21. Head Office Departments
1. Accounts and Budgeting Department 2. Agricultural Credit and Financial
Inclusion Department
3. Bangladesh Bank Training Academy 4. Bangladesh Financial Intelligence Unit
5. Banking Regulation and Policy
Department
6. Capacity Development Project
Implementation Unit
7. Central Bank Strengthening Project
Cell
8. Chief Economist's Unit
9. Common Services Department-1 10. Common Services Department-2
11. Credit Information Bureau 12. Debt Management Department
13. Department of Banking Inspection 1 14. Department of Banking Inspection 2
15. Department of Banking Inspection 3 16. Department of Banking Inspection 4
17. Department of Communications and
Publications
18. Department of Currency Management
19. Department of Financial Institutions
and Markets
20. Department of Foreign Exchange
Inspection
21. Department of Off-site Supervision 22. Deposit Insurance Department
23. Equity and Entrepreneurship Fund
Unit
24. Executive Floor
25. Expenditure Management
Department
26. Financial Integrity and Customer
Services Department
27. Financial Stability Department 28. Foreign Exchange Investment
Department
29. Foreign Exchange Operation
Department
30. Foreign Exchange Policy Department
31. Forex Reserve & Treasury
Management Department
32. Governor's Secretariat
33. Green Banking and CSR Department 34. Grihayan Tohbil and Fund
Management
35. Human Resources Department 1 36. Human Resources Department 2
37. Information Systems Development
Department
38. Internal Audit Department
39. Investment Promotion & Financing
Facility Project Cell
40. IT Operation and Communication
Department
41. Law Department 42. Monetary Policy Department
43. Payment Systems Department 44. Research Department
45. Secretary's Department 46. Security Management Department
47. SME & Special Programmes
Department
48. Special Studies Cell
49. Statistics Department 50.

22. 2.9 Organizational Structure
Governor
Deputy Governor
Executive Director Economic Adviser
General Manager System Manager
Deputy General manager Senior System Analyst Deputy Chief Medical Officer
Joint Director Joint
Manager
Systems
Analyst /Sr.
Programmer
Sr.
Maintenance
Engineer
Operation
Manager
Asstt. Chief
Medical
officer
Deputy
Director
Deputy
Manager
Programmer Maintenance
Engineer
Computer
Operation
Supervisor
Sr. Medical
Officer
Assistant
Director
Assistant
Manager
Assistant
Programmer
Assistant
Maintenance
Engineer
Sr. Computer
Operator
Medical
Officer
Officer Cash Officer Data Entry/Control Supervisor
Clerk-1st
Grade Sr. Data Entry
Control
Operator
Stenographer Typist Telephone
Operator
Data Entry/Control Operator
Caretaker-1st
Grade
Caretaker-2nd
Grade
Jomader MLSS
Door Keeper Mali Khedmtfar

23. 2.10 Current Board of Directors
Chairman
Dr. Atiur Rahman
Director
Md. Abul Quasem
Dr. Mustafa Kamal Mujeri
Prof. Sanat Kumar Saha
Dr. Sadiq Ahmed
Prof. Hannana Begum
Md. Ghulam Hussain
Dr. M. Aslam alam
Mr. Mahbub Ahmed
Secretary
Ahmed Jamal
2.11 Current Executive Committee
Governor
Dr. Atiur Rahman
Deputy Governor
Md. Abul Quasem
Abu Hena Mohd. Razee Hassan
Shitangshu Kumar Sur Chowdhury
Nazneen Sultana
Executive Director
Md. Ahsan Ullah
Md. Ebtadul Islam
M. Mahfuzur Rahman
S. M. Moniruzzaman
M. Abdul Haque
Mohammad Naushad Ali Chowdhury
Ahmed Jamal
Gouranga Chakraborty (ICT)
Nirmal Chandra Bhakta
Subhankar Saha
Mohammad Masum Kamal Bhuiyan
Md. Abdur Rahim
Jinnatul Bakeya
Mijanur Rahman Joddar
Md. Mozibar Rahman
Md. Nazimuddin
Economic Advisor
Dr. Md. Akhtaruzzaman

24. 2.12 Foreign Relation
Bangladesh Bank has correspondent relationships with one international and 8 foreign central
banks viz., the Federal Reserve Bank of New York, Bank of Canada, Bank of England, Banque
de France, Deutsche Bundesbank, Bank of Japan, Sveriges Riksbank of Stockholm, Reserve
Bank of India and the Bank for International Settlements, Basle, Besides, Bangladesh Bank has
now invested its foreign exchange reserves with 14 banks at different international financial
centers.
2.13 Liquidity Policy
As guardian of money market Bangladesh Bank has preserve all right to manage liquidity of
the money market. The main objective of liquidity policy is to stabilize the price level and to
gain a higher GDB. Forex reserve is the direct indicator of liquidity in the financial system.
Bangladesh Bank has to follow some indirect initiative to control money circulation in the
market. For this, it controls the scheduled bank reserve which is consistent with total currency
circulation. These reserves are known as cash reserve rate (CRR) and statutory liquidity rate
(SLR). Bangladesh Bank also influences the liquidity of commercial bank by REPO,
REVERSE REPO, change in reserve ratio and change in discount rate.

25. CCHHAAPPTTEERR -- 0033
INTERNAL AUDIT DEPARTMENT
Internal Audit Department (IAD)
3.01 Introduction 14
3.02 Mission of IAD 14
3.03 Scope of Work 14
3.04 Accountability 15
3.05 Responsibility 15
3.06 IAD Organizational Chart 16
3.07 Internal Audit Processes 17
3.08 The Challenges for Internal Audit 19
3.09 Changing the focus 20
3.10 IAD Divisions 21

26. 3.01 Introduction
Around the world, organizations face escalating financial, operational, strategic and physical
risks that have been increasing steadily in terms of impact, likelihood and complexity. This
should come as no surprise as the pace and complexity of change continues to accelerate
regardless of geography. Corporate governance, regulations and guidelines, financial reporting
requirements, operational efficiencies- all these factors drive the internal audit functions to add
value beyond any standard that has been set in the past.
Bangladesh Bank has introduced “Risk-based Internal Audit” approach in performing internal
audit activities of the Bank. In accordance with the Internal Audit Department charter approved
by the Audit Committee of the Board of Directors of Bangladesh Bank, the Internal Audit
Department (IAD) is to provide independent, objective assurance and consulting services
designed to add value and improve the Bangladesh Bank operations. As mentioned in the
charter, IAD is committed to standards of best professional practice, such as International
Internal Auditing standards. The standards consist of Attributable standards, Performance
standards, and Implementation standards.
3.02 Mission of IAD
The Internal audit Department’s mission is closely aligned with that of The Institute of Internal
Auditors. Internal Audit is to provide independent, objective assurance and consulting services
designed to add value and improve the Bangladesh Bank operations. It is to help Bangladesh
Bank (the Bank) accomplish its objectives by bringing a systematic, disciplined approach to
evaluate and improve the effectiveness of risk management, control, and governance processes.
3.03 Scope of Work
Internal Audit is to provide independent, objective assurance and consulting services designed
to add value and improve the Bangladesh Bank operations. It is to help Bangladesh Bank (the
Bank) accomplish its objectives by bringing a systematic, disciplined approach to evaluate and
improve the effectiveness of risk management, control, and governance processes.
The scope of work of the Department is to determine whether the Bank's network of risk
management, control, and governance processes, as designed and represented by management,
is adequate and functioning in a manner to ensure:
Risks are appropriately identified and managed.
Interaction with the various governance groups occurs as needed.
Significant financial, managerial and operating information is accurate, reliable, and
timely.
Employees' actions are in compliance with policies, standards, procedures, and
applicable laws and regulations.
Resources are acquired economically, used efficiently, and adequately protected
Programs, plans, and objectives are achieved.
Quality and continuous improvement are fostered in the Bank's control process.
Significant legislative or regulatory issues impacting the Bank are recognized and
addressed appropriately.
Opportunities for improving management control, profitability and the Bank's image may be
identified during audits. They will be communicated to the appropriate level of management.

27. 3.04 Accountability
Internal Audit Department in the discharge of its duties, shall be accountable to management
and the audit committee to:
Provide annually an assessment on the adequacy and effectiveness of the Bank's
processes for controlling its activities and managing its risks in the areas set forth
under the mission and scope of work.
Report significant issues related to the processes for controlling the activities of
the Bank and its affiliates, including potential improvements to those processes,
and provide information concerning such issues through special reports.
Periodically provide information on the status and results of the annual audit and
inspection plan and the sufficiency of department resources.
Co-ordinate with and provide oversight of other control and monitoring functions
(risk management, compliance, security, legal, ethics, environmental, external
audit).
3.05 Responsibility
The General Manager and officers of Internal Audit Department have responsibility to:
Develop a flexible annual audit & periodical inspection plan using an appropriate risk-
based methodology, including any risks or control concerns identified by management
and submit that annual audit plan to the audit committee for review and approval as
well as periodic updates.
Implement the annual audit & periodical inspection plan, as approved, including as
appropriate any special tasks or projects requested by management and the audit
committee.
Maintain a professional audit staff with sufficient knowledge, skills, experience, and
professional certifications to meet the requirements of the Charter.
Evaluate and assess significant merging/consolidating functions and new or changing
services, processes, operations, and control processes coincident with their
development, implementation, and/or expansion.
Issue periodic reports to the audit committee and management summarizing results of
audit activities.
Keep the audit committee informed of emerging trends and successful practices in
internal auditing.
Provide a list of significant measurement goals and results to the audit committee.
Assist in the investigation of significant suspected fraudulent activities with the Bank
and notify management and the audit committee of the results.
Consider the scope of work of the external auditors and Government, as appropriate,
for the purpose of providing optimal audit coverage to the Bank at a reasonable overall
cost.

28. 3.06 IAD Organizational Chart
GM
DGM
JD
DD
AD
Board of Directors
Audit Committee
Governor

29. 3.07 Internal Audit Processes
INTERNAL AUDIT DEPARTMENT, BANGLADESH BANK
INTERNAL AUDIT PROCESSES
As mentioned in the Charter, Internal Audit Department is committed to standards of best
professional practice, such as International Internal Auditing Standards. The standards consist
of Attributable Standards, Performance Standards, and Implementation Standards.
The basic steps in the internal audit processes are stated below:
1.0 Audit Planning Process
The basic audit planning process consists of two phases: the assessment of business risk and
the development of the annual plan. Assessing of business risk focuses on viz.
(i) defining auditable units,
(ii) defining the risk criteria,
(iii) constructing the risk model
(iv) Ranking the auditable units.
1.1 Defining Auditable units
Auditable units are defined as individual applications, business units, departments or offices
each of these approaches either limits the scope of an audit project or broadens it beyond what
can reasonably be managed.
1.2 Defining the risk criteria
The model is based on operational risk, exposure and controls. Each area is broken down into
sub‐categories as follows:
Operational risk – people, systems, process, contractual, reputational, political
Exposure – financial, regulatory, customer
Controls – people, process, information systems, reporting.
The controls categories are further broken down into the following sub‐categories viz. people,
process and information systems.
1.3 Constructing the Risk Model
The risk assessment and audit planning methodology is a structured approach to a subjective
process. The risk assessment and planning model is the product of value judgments.
1.4 Ranking the Auditable units
The risk profile spreadsheet computes a score for each auditable unit based on risk, exposure
and control. This score is then converted into a ranking for each criterion as follows:
Operational Risk – high, medium, low Page
Exposure – high, medium, low
Control ‐ high, medium, low
These ratings are then fed into a risk matrix which allocates the auditable units from highest
critical areas to the lowest critical areas.

30. 1.5 Development of the Annual Plan
Based on the risk the auditable units are broken down into areas of high, medium and low
criticality for the Bank. The initial audit approach is:
High criticality: Twice in a year
Medium and low criticality: Once in a year.
The exact timing of audit is determined prior to the commencement of each quarter.
2.0 Developing Audit Program
Once the annual plan is developed and approved, Audit Programs are developed for each audit
to be undertaken. Audit Program is to be reviewed prior to the start of each audit to determine
if there have been any changes. The steps in developing an Audit Program are: understand the
operations, develop flowchart or narrative, review the process with the concerned staff and
develop the Audit Program.
3.0 Implementing the Annual Audit Plan
The department undertakes structured approach to accomplish the annual plan and the actual
audit can be broken up into a number of stages stated below.
3.1 Preparation stage
At this stage, the team leader ensures that all the necessary requirements for the audit are
prepared and available and preliminary reviews and information gathering is undertaken.
3.2 Fieldwork
During the fieldwork the auditor gathers evidence in order to determine the status of operations
and controls within a particular area. This evidence is the basis for the auditor’s conclusions
about a particular assignment.
3.3 Documentation or working paper
The working papers are evidence in support of the audit findings and opinion.
3.4 Audit Findings
Findings are pertinent statements of fact uncovered during the course of an audit and these are
to be reported. The findings are reviewed by the Team leader and the Head of Audit prior to
the final report being issued
4.0 Reporting
The audit reports are submitted to the auditable units, senior management and to the Audit
Committee of the Board. The audit reports contain findings which are of a critical nature and
have a major impact on the organization. Other operational issues identified during the audit
which are considered not to be of a material nature but are worth are reported through
‘Management Report’ to the Head of the Department/Office and Head of the area being
audited.

31. 5.0 Follow‐up
Internal Auditors follow up to ensure that appropriate and timely action has been taken on audit
findings and recommendations. Internal Audit Department reports to the Audit Committee on
the current status of outstanding findings and what action is being taken to resolve the issues.
6.0 External Audit
Internal audit uses the external audit reports and ensures that any issues raised by the external
auditor have been followed up by management and whether corrective action has been taken in
a timely manner.
3.08 The challenges for Internal Audit
Control
Ask auditors their prime area of expertise and many will say ‘Control’. Can you
honestly say that you are an expert in all aspects of your organization’s operations? I
doubt it. Why then is Internal Audit obsessed with control?
Compliance
This is an important aspect of the traditional audit role. It is still very important today,
getting the basics wrong can spell disaster for organizations, but should compliance be
the main focus of the Internal Audit role? Our continuing research with Chief
Executives would clearly indicate that this is not the case.
Compliance, as can be seen, is increasingly unlikely to be the prime focus for Internal
Audit, with only 1 per cent of organizations who responded adopting this as the primary
approach. As you can see, the prime focus is very definitely focusing on the key risks.
This is not to say the other processes are not important, but they are unlikely to remain
the dominant focus.
Conflict
Hopefully Internal Audit does not get into too much conflict with management. Over
emphasis on control and the failure to make recommendations that are 100 per cent
practical can, however, lead to such a situation.
Challenge
This is definitely a key role for the modern function. You need to question the ‘we’ve
always done it that way’ mentality and challenge the status quo. If you do not do so in
the course of an audit, who will?
Co-ordinate
Wouldn’t it be useful if Internal Audit co-ordinate its activities with the other assurance
provider in the organization, such as Risk Management, External Audit, Health &
Safety, and so on. This would reduce duplication and create more focus.
Champion
Internal Audit should certainly be regarded as a champion. You have the opportunity to
look right across the organization and identify opportunities and good practice. Sharing
such ideas is key to success and recognition.

32. Catalyst
The very best Internal Audit functions are regarded as a catalyst for change, helping the
organization through the difficulties of changing environments, cultures, and so on.
Another key catalyst role is bringing people together to discuss areas of concern and
opportunit, a best-practice agent.
There are others that you can think of, such as co-operate, convince, conscience, and so
on, but I hope that the above have generated an indication of the trends occurring.
3.09 IAD Division’s
General Manager (GM)
DGM-01 DGM-02 DGM-03 DGM- 4 & 5
Division –03 General Division Division-02
Division –0 1
Implementation

33. CCHHAAPPTTEERR -- 0044
RISK BASED INTERNAL AUDIT
IN BANGLADESH BANK
RISK BASED INTERNAL AUDIT in BB
4.01 Operational Strategy 22
4.02 Internal Control & Internal Audit 23
4.03 Department Goals for the Period 2010-2014 24
4.04 How these objectives will be achieve (1-5) 24
4.05 Auditing of Foreign Reserve Management 27
4.06 Criteria for the Audit 28
4.07 Risk Management Framework in BB 29
4.08 Implementation of the Annual Plan 29
4.09 Auditable Units within BB 32
4.10 Reporting 33

34. 4.01 Operational Strategy
Activities
Internal Audit focuses its efforts on the following activities to accomplish its role and
objectives:
1) Examination and evaluation – includes two components:
Audits - evaluate whether business processes are accomplishing
bank’s objectives as intended and identify ways to improve those
processes.
Investigations - gather, analyze, and present information related to
allegations of individual fiscal misconduct.
2) Counsel - participate on committees or engage in other advisory services to provide
information and advice to management.
Deliverables
During the course of a year, Internal Audit may deliver any one or more of a number of formal
or informal communications to assist the management in identifying and mitigating risks and
improving operations. The nature of the work in progress at the time the issue is
identified and/or the level of perceived risk associated with the issue will generally dictate the
form of communication utilized.
Formal Communications
Audit Report – issued during or at the conclusion of an audit project; addressed to
the Governor; utilizes balanced reporting (i.e. identifies both strengths and risks)
to help ensure audit results are fairly presented; final reports include
management’s responses and action plans with respect to the issues identified.
Specific Issues Report – issued whenever an issue is identified that is of sufficient
risk to trigger reporting to senior management, but may not be directly within
the specific scope of an audit; issued to an appropriate level of management
senior to where the issue resides, although typically to the Governor; includes
management’s response and action plan with respect to the issue identified.
Investigation Report – issued at the conclusion of an investigation of fiscal
misconduct; provides facts and evidence relevant to the law, rule or policy that
may have been violated as a result of the conduct alleged; no management
response or action plan is incorporated in the communication.
Management Advisory – a memorandum issued to an appropriate level of
management; used for audit issues of relatively lesser impact or scale, or to advise
management as the result of consultative services; although suggested actions may
be included in the report, no management response or action plan is incorporated.
Informal Communications- includes memoranda, emails or verbal reports to communicate
relatively lower risks, as well as advisory work.

35. 4.02 Internal Control and Internal Audit
Internal control is a process to help the bank achieve its goals and objectives. Internal audit is a
special part of the internal control system of the central bank. Internal audit as an independent
assessment provides objective information on the management and cost-effectiveness of
business activities and operations, systems and built-in controls, economical and efficient use
and protection of resources, integrity of information and reporting, and compliance with legal
statutes and organizational policies and procedures.
A successful audit effort must build on:
endorsement and acceptance of a clear mandate from the board (of directors) and senior
management of the bank;
the organizational status and authority granted the auditors should be sufficient to
perform the audit mandate;
existence of a professional and competent staff to manage and carry out audits in an
independent and credible manner;
the audit program must be performed according to standards and be flexible and
responsive to changing needs of management; and
the audit results should be used to improve the bank’s operations.
In terms of organizational status, the head of internal audit should report and be directly
accountable to the highest level practicable in the bank and/or to the board of directors. This
will assist in gaining the respect and co-operation of senior management, and permit the
accomplishment of audit responsibilities in an independent and objective manner.
Auditors should have authority to access all information, records, documents, reports, facilities,
sites and equipment that are relevant to their examinations. They are also authorized to
interview employees and others to obtain information and explanations.
Operational independence is also important in that the auditors are not to be involved in
developing or implementing policies, processes, systems or procedures which they may be
called upon to examine. This does not, however, preclude the ex-ante audit of new computer
systems under development or major capital construction projects.
Audit standards exist for internal and external auditors which can be classified under general
standards, field work and reporting standards. General standards relate to competence,
independence and professionalism. Field standards cover planning, internal controls and
evidence, and reporting standards deal with disclosure of audit opinions, and the form and
content of audit reports.

36. 4.03 Departmental Goals for the period 2010-2014
The goals for the period 2010-2014 are set in terms of IAD Charter and stated below:
i. identification and prioritization of risk to prepare ‘Risk matrix’ and periodical audit
plan for the auditable units;
ii. implementation of the ‘Periodical Audit Plan’ and report to the Board through Audit
Committee and to the management;
iii. implementation of audit findings and report on implementation status in a timely
manner;
iv. conduct special inspection/investigation as and when is assigned;
v. conduct regular internal audit of sample transaction of foreign exchange accounting
back office;
vi. conduct audit in Foreign Reserve Management;
vii. implementation of Enterprise-wide Risk management (ERM);
viii. Enhancing audit resources: increasing specific expertise.
4.04 How these objectives will be achieved
(Objectives 1, 2, 3, 4, 5)
4.04.1 Audit Planning
Planning is an essential part of any operation and is also the case in internal auditing. It is
necessary to plan what is to be done to ensure that we are auditing the right areas and
undertaking the right level of coverage with the right resources. The internal auditor’s work
involves identifying areas where internal controls are not in place or where there is a risk of
failure of a control. It is this concept of risk that is an important determinant of which functions
receive the attention of the internal auditor. Thus, the basic audit planning process consists of
two phases:
 Assessing business risk,
 Development of the annual plan
Before assessing business risk and development of the annual plan, it is necessary to set up
performance standards.
Standards:
1. IIA- Standards 2010- Planning
The Chief Audit Executive should establish risk-based plans to determine the priorities of
the internal audit activity, consistent with the organization's goals.

37. 2. IIA- Standard 2030- Resource Management
The Chief Audit Executive should ensure that internal audit resources are appropriate,
sufficient and effectively deployed to achieve the approved plan.
3. IIA- Standards- Communication and Approval
The Chief Audit Executive should communicate the internal audit activity's plans and
resource requirements, including significant interim changes, to senior management and to
the board for review and approval. The Chief Audit Executive should also communicate the
impact of resource limitations.
Assessing Business Risk:
Why risks are identified and assessed? An organization that understands its risks, understands
its opportunities. However:
 If it doesn’t know its risks, it doesn’t know the risks it can accept
 If it doesn’t know the risks it can accept, it doesn’t know the risks to take
 If it doesn’t know the risks to take, it doesn’t know how to grow
 If it doesn’t know how to grow, it will wither away.
If it does not understand its risks, ‘Events’ will knock the organization back; missed
opportunities will hold it back.
So how does any organization control events and seize opportunities? By understanding:
 The risks it faces, both ongoing and in new projects.
 The risks it is prepared to accept.
 The action necessary to manage those risks it is not prepared to accept.
Since the management of the organization is responsible for controlling events and seizing
opportunities, they are responsible for identifying, assessing and managing risks. The correct
operation of these processes is essential if an organization is to achieve its objectives.
Assessing business risk consists of 4 steps:
1) Defining Auditable Units- An auditable unit is simply the subject/business process
that becomes the audit entity. To define the auditable units within the organization,
we need to take each business unit and break them down into sub-units that are
appropriate for audit purposes. The sub-units within a business unit should reflect
different types of operations and different level of risks.
2) Defining the Risk Criteria- The risk criteria should use enough items to be
descriptive of risk assessment without being too cumbersome. One model is based
on operational risk, exposure and controls.
 Operational Risk: People, systems, process, contractual, reputational, and
political.
 Exposure: Financial, regulatory, customer.

38.  Controls: People (expertise, job description, performance appraisal, reward &
recognition), process (policies & procedures, compliance, contractual
agreements, segregation of duties, delegations of authority, KPIs), information
systems (information strategy, functionality, performance, security &
continuity), reporting.
3) Constructing the Risk Model
4) Ranking the Auditable Units- The auditable units need to be ranked from highest
to lowest so that Internal Audit can determine what areas need to be audited. the
risk profile will compute a score for each auditable unit based on risk, exposure, and
control. this score is then converted into a ranking (based on subjective judgment)
for each criteria as follows:
 Operational Risk- high, medium, low
 Exposure- high, medium, low
 Control- high, medium, low
These ratings are the fed into a risk matrix which allocates the auditable units from highest
critical areas to lowest critical areas.
Risk Matrix
InherentBusinessRisk
High A
High Risk
B
Very High Risk
C
Extremely High Risk
Medium D
Medium Risk
E
High Risk
F
Very High Risk
Low G
Low Risk
H
Medium Risk
I
High Risk
Low Medium High
Control Risk
Development of Annual Plan:
Once the risk assessment has been completed, Internal Audit then needs to determine the
frequency and timings of audits as well as the availability of resources to undertake those
audits. The initial audit approach is:
 High Critically- at least once every six months with a follow-up audit in three months if
significant weakness are identified
 Medium Criticality- once every twelve months with a follow-up audit in six months if
significant weakness are identified
 Low Criticality- once every two years if considered warranted based on the impact the
business unit has on the organization.

39. 4.04.2 Developing Audit Programs
Once the annual plan has been developed and approved, audit programs should be developed
for each audit to be undertaken. In order to develop an audit program, the auditor needs to
understand the operations of the area being audited. The audit program should at least cover the
following eight areas:
a. Policies and procedures
b. Delegation of authority
c. Segregation of duties
d. Staffing/training
e. Operations
f. Reconciliations
g. Reporting
h. Systems
4.04.3 Implementing the Annual Plan
Internal Audit Department has a structured approach to undertaking audits. It consists of four
stages:
 Preliminary/Preparation stage- initial discussions with the management about the
timing and scope of the audit, sending engagement letter, the entrance meeting, and
gathering written information.
 Fieldwork- gleaning evidence in order to determine the status of operations and controls
within a particular area. Audit evidence consists of physical documentation, analytical
reviews and comments from staff.
 Documentation/ Working papers
 Findings- should include a statement of what was expected, the factual evidence of
what the auditor found, the reason for the difference/problem, the risk/exposure,
recommendation to resolve the issue.
4.04.4 Reporting
The audit report has three audiences- the audit customer, management, and the audit committee
or Board of Directors. The report should be made up of an executive summary and attachment
which contains the detailed findings.
4.04.5 Follow-up
Follow up is required to ensure that appropriate and timely action has been taken on audit
findings and recommendations.
4.05 Auditing of Foreign Reserve Management
Sound reserve management practices are important because they can increase a country's
overall resilience to shocks. The importance of sound practices has also been highlighted by
experiences where weak or risky reserve management practices have restricted the ability of
the authorities to respond effectively to financial crises, which may have accentuated the
severity of crises. Moreover, weak or risky reserve management practices can also have
significant financial and reputation costs.

40. There should be a framework that identifies and assesses the risks of reserve management
operations and that allows the management of risks within acceptable parameters and levels.
Risk exposures should be monitored continuously to determine whether exposures have been
extended beyond acceptable limits.
An effective and independent audit unit plays an important role in providing an independent
assurance to the senior levels of the reserve management entity that reserve management
operations and internal control and reporting systems are operating properly to safeguard
reserve and other assets. The role of internal audit now tends to focus on a risk-based approach
in assessing that the operating framework is adequate, and that control procedures have no gaps
in addressing key reserve management and operational risks. Particular aspects of reserve
management operations on which internal audit review might focus include:
a) the degree of success in achieving reserve management objectives;
b) determining whether all relevant risks have been identified;
c) Reserve management involves a number of financial and operational risks:
d) the adequacy of the system of internal controls in addressing risks, and monitoring
compliance with procedures and controls
e) the existence of proper safeguards to protect assets
f) the reliability, security, and integrity of Electronic Data Processing (EDP)
communication, and other information systems; and
g) the accuracy of accounting records and processes
4.06 Criteria for the Audit
Operational Risks:
o Non-compliance with the tactical benchmark
o Operational errors not detected or detected late
o Human mistakes, omissions
o Applied out of market price
o Mismatches between confirmations exchanged
o Inaccurate accounting
System related risk:
 Unauthorised access to trading and settlement systems
 Unavailability of systems; inability to carry out normal operations
 Lack of procedures and ability to monitor system problems/availability

41. Risk
Management
Framework
Risk
Identification
Risk Assessment
Risk
Prioritization
Manage/Mitigate
Risk
Financial Strategic Operational
4.07 Risk Management Framework in Bangladesh Bank
4.08 IMPLRMENTING THE ANNUAL PLAN
One major yardstick that management uses to evaluate the internal audit function is how well
the activity accomplishes the annual plan. Audit plans are accomplished by effectively
managing each audit project. Audit projects that are not properly managed do not use resources
effectively. Just as we would expect a production department to maintain production schedules
and labor budgets, the same should be expected of the internal audit activity.
In order for internal Audit to accomplish the Annual plan, there needs to be a structured
approach to undertaking audits. The team leader for each audit needs to ensure that the audit is
done in a planned way and that there is appropriate documentation for the work done.

42. The actual audit can be broken up into a number of stages which include:
Preliminary or preparation stage
Fieldwork
Documentation or working papers
Findings
Preliminary or preparation stage
The preliminary of preparation stage is an important part of any area audit. At the stage, the
team leader should ensure that all the necessary requirements for the audit prepared and
available and preliminary reviews and information gathering in undertaken. This stage in
normally broken up into the following areas:
1) Initial discussions with management form the audit area about the timing of the audit
and scope of the audit. This is usually undertaken prior to commencement of the quarter
in which the audit is being undertaken. The purpose of this discussion is to liaise with
management on the timing of the audit and to identify any other areas that may be
included in the scope of the audit.
2) Engagement letter which is sent to management of the audit area up to two weeks
before the commencement of the audit and included details of subject, objectives,
scope, staffing and timing of the audit .(refer attachment 9 for an example of an
engagement letter)
3) The entrance meeting in normally held prior to the commencement of the audit and
details the scope of the audit and discusses any major issues and seeks management’s
input of any areas of concern .The entrance meeting will also identify any particular
requirements of audit or the business unit.
4) Gathering and review of written information (this can be requested at any of the above
points).The gathering and review of data allows the auditor to review the operations of
the department and also for use during future stages of the audit .The type of
information that may be collected could includes:
Goals and objectives
Policies and procedures
Job descriptions
Budgets
Financial statements
Flowcharts
Department reports
statically data
Field work
Fieldwork is the undertaking of the audit program that has been prepared for the are being
audited .During fieldworks, the auditor gathers evidence in order to determine the status of
operations and controls within a particular area. This evidence is the basis for the auditor’s
conclusions about a particular assignment.

43. Documentation or working papers
Professional standards require proper documentations of audit work. The main reason for
working papers is to provide written evidence of what has been undertaken as part of the audit
process and to document the findings of audit and the action that is to be taken, obtained and
include sufficient information to support the bases for findings and recommendations. Working
papers are a critical part of the audit process.
Audit working papers generally serve to:
Provide principle support for the audit report
Aid in the planning, performance and review of audits
Document whether audit objectives were achieved
Facilitate third party reviews
Provide a basis for evaluating internal audit’s quality assurance
Aid in development of internal audit staff.
The active working papers should include the following documents:
Audit programs
Engagement letter
Documents obtained during gathering of information
Details of any reviews of financial information
Papers relating to completion of the audit programs
Audit findings and recommendations
Supporting evidence for findings of fieldwork.
The actual structure or indexing of working papers can be done in a number of ways but the
most efficient is to follow an indexing plan that conforms to the individual segments of the
audit. Attachment 10 provides an example of an indexing structure for working paper files.
Audit Findings
If the cause of the findings is unintentional, the auditor should confirm the facts with relevant
staff with the business unit being audited and determine appropriate action. The auditor should
develop document the finding in a format that can be included in the audit report. The item to
be included in the report should include the following information:
A statement of what was expected
The factual evidence of what the auditor found
The reason for the difference
The risk of exposure the difference has on the organization and the financial
statements(if applicable)
Recommendation to resolve the issue
Management comments including action to be broken and a date by which the
issue will be resolved (following discussion with management)
The information in finding should be concise but contain sufficient detail to enable the finding
to be acted upon by the appropriate parties and for the issue to be resolved in an appropriate
manner.

44. 4.09 Auditable Units with in Bangladesh Bank
Accounts & Budgeting Department
Bank Bangladesh Accounts
Government Accounts
Administration
Agricultural Credit and Special Programs
Agricultural Credit
Special Programs
Industrial Credit
Anti-Money Laundering Department
Bangladesh Bank Training Academy
Branches
Motijheel
Sadarghat
Chittagong
Khulna
Bogura
Rajshahi
Sylhet
Rangpur
Barisal
Mymenshingh
Banking Regulation and Policy Department
Credit Information Bureau
Common Services Department-1
Common Services Department-2
Expenditure Management Department
Expenditure
Pension & Provident Funds
Salaries
Staff Advances
Department of Banking Inspection 1
Department of Banking Inspection 2
Department of Banking Inspection 3
Department of Banking Inspection 4
Department of Off-Site Supervision
Department of Currency Management & Payment System

45. Department of Public Relations and Publications
Department of Research
Equity and Entrepreneurship Fund Unit
Foreign Exchange Investment department
Foreign Exchange Policy Department
Financial Institutions Department
Forex Reserve & Treasury Management Department
Investments
Clearing Account
ACU
Government Transactions
Foreign Currency
Human Resources Department-1
Human Resources Department-2
Internal Audit Department
General Section
Devision 1, 2 & 3
Implementation
Information Systems Development Department
IT Operations & Communication Department
Law Department
Monetary Policy Department
Secretary’s Department
Security Management Department
Special Studies Cell
Statistics Department
Central Bank Strengthening Project
4.10 REPORTING
The most important aspect of any audit is the final report. The audit report has three audiences,
the audit customer, management and the audit committee or Board of Directors.
As the audit report is being presented to Senior Management within the organization and the
Audit Committee of Board, the report should be structured so as to give a concise summary of
the situation, but be clear and complete enough to be understood by users. Thus, the audit

46. report should be made up an Executive Summary and attachment, which contains the detailed
findings. The Executive Summary should include:
Introduction, covering the area being audited and the reason for the audit
Objectives of the audit
Scope of the audit (including any major areas not covered)
Conclusion (auditor’s opinion) including major areas of concern, if any
Summary of findings.
Audit reports should also be issued if the auditor finds that the operation is performing
satisfactorily and there are no issues to be reported .Senior management and the Board want to
be advised of areas that are performing satisfactorily, so that they can focus their attention on
areas that need improvement .In this instance, the report would only include the Executive
Summary and would not have a summary of findings.
The audit report (including conclusions and recommendations) should be discussed with
Management of the area being audited .If there are any disagreements of misunderstandings,
these should be addressed and resolved. The audit report should not be personal but should
focus on the issue and what needs to done to resolve the issue .The audit report should present
a balanced view and both positive and negative aspects should be reported.
As the audit report is presented to senior management of the organization, as well as the Audit
Committee of Board, it should contain findings which are of a critical nature and have a major
impact on the organization. Other operational issues identified during the audit which are
considered not to be of a material nature but are worth reporting to the department should be
presented in a management letter to the Head of the Department or Head of the area being
audited. It is important that issues be documented so that they can be appropriately addressed
and do not go unnoticed and develops into major problems.

47. CCHHAAPPTTEERR -- 0055
Findings & Recommendation
Findings & Recommendations Page no.
Conclusion & Recommendation 35
Appendix 36
Bibliography 37
Questionnaire 38

48. Conclusion
The last 3 months was quite intriguing to do my internship at Bangladesh Bank, Head Office. I
found out about the nature of actually working in a professional environment.
Above discussion leads to the conclusion that banks can derive dual benefits from the
implementation The Bangladesh Accountant/July - September 2008 75 Banking of RBIA.
Firstly, RBIA methodology is an improved and Effective approach over previous traditional
process or system based approach for conducting internal audit activities. Secondly, it will act
as an important tool that will facilitate management in the development and up-gradation of
risk database, which is an essential document to calculate minimum required capital through
the application of IRB approach under. Thus, bank companies in our country those still not
adopted RBIA methodology should switch to it at earliest convenient time to capitalize the dual
benefit mentioned earlier of this paragraph.
Recommendations
From the report and problem analysis following recommendations can be given by the author
from the perspective of an intern of Bangladesh Bank for achieving better result-
 Specialized Training Program:
More specialized training and development programs should be undertaken in order to
overcome the lake of efficiencies of the employees. It helps to increase the employee’s
expertise and will give better result to completion of business processes.
 Continuous Monitoring:
Continuous monitoring for all employees so it will help to identify any sort of system loss. It
also helps to increase the employee performance.
 Employee Feedback:
Feedback is very important because it help to find out the problem and go for further
development in future without any mistake.
 Knowledge Sharing:
Should give the opportunity of knowledge sharing such as scope of presenting something,
discussing all the matter that he/she learn from abroad, also give opportunity to participate
company major decision.
 Vendor Relationship:
The bank should give the full authority when any employees work on project. Otherwise he/she
not interest to do the work and also their performance decreased.

49. AAAppppppeeennndddiiixxx
The information/data collected from the Internal Audit Department field of Bangladesh Bank
and also from the internet.
We especially browsed
http://intranet.bb.org.bd,
www.bangladesh-bank.org
www.bangladeshbank.org.bd.
Beside this, we also browsed another Risk Based Internal Audit related website to collect
more information about this topic.
The major portions of this internship report are prepared from the information provided by
Internal Audit Department (General Branch)
Human Resources Department-2
Bangladesh Bank
Head Office,
Mothijheel, Dhaka-1000.

50. BBBibliography
• Introduction to Risk Based Auditing, IAD (G.D.) in BB.
• Program on Risk Based Internal Audit in Banks By Mr. Vijay Kumar Khanna
• Bangladesh Bank website
• Office files
• Working papers
www.bangladesh-bb.org
http://intranet.bb.org.bd,
www.bangladesh-bank.org
www.bangladeshbank.org.bd.
http://www.ashgate.com/pdf/SamplePages/Risk-Based_Auditing_Ch1.pdf
http://www.internalaudit.biz/files/implementation/Implementing%20RBIA%20v1.1.pdf

51. QQQuestionnaire
1) So what is risk-based audit?
It is a process, an approach, a methodology and an attitude of mind rolled into one. The
simplest way to think about risk-based audit conceptually is to audit the things that really
matter to your organization.
2) Which are the issues that really matter?
Probably those are as that poses the greatest risks.
3) What else would you really want to review?
If your organization has already identified its key risks then you already have the basis for risk
based auditing. Clearly, if risks have not been formally identified and assessed then there is a
real opportunity for you to work with management to help create this information.
The second way of looking at risk-based audit is as a process. Traditionally audits begin and
end by looking at controls, often regarded as the main expertise that the function has. The
problem with this approach is two-fold.
Firstly, management do not really understand controls, which can be an alien concept for them.
If they do understand the nature of controls they tend to consider the need for more controls as
an unnecessary additional burden.
Secondly, it is unlikely that your Internal Audit function is an expert in control. Can you really
say that you understand the controls in all aspects and all activities within your business? It is
therefore necessary, if you are going to demonstrate your eagle-like qualities, to be able to talk
to management in a language they understand and appreciate. To fully engage management
you need to talk to them about something that is important to them. If you start by discussing
their objectives, what they need to achieve and how this is measured you will attract their
attention.
Having created the common ground (and it is preferable if you have first given some thoughts
to the objectives in the area under review before the meeting), you can now go on to discuss
the threats to the achievement of those objectives, the barriers to success; these are, of course,
the risks.
Again management should be able to elucidate many of the risks or threats, but theoretically, if
you have tried to anticipate the types of threat beforehand this will act as a positive spur.
Having created an understanding of the objectives and risk you can then discuss the risk
appetite, the boundaries set by senior management (by authorization limits and so on) or,
indeed locally, the limits beyond which the management of the function to be audited will not
venture (or is advised not to go) in risk-taking.

52. The next stage is then to discuss the processes in place to mitigate the risks already identified
and those that appear on the horizon and the areas of concern or opportunity in relation to those
processes.
You are now, of course, talking about the controls, but rather than doing so in isolation you
will be discussing them as part of the full management process and should receive a much
more positive response as a result.
The essence of risk-based audit is therefore customer-focused, starting with the objectives of
the activity being audited, then moving on to the threats (or risks) to achievement of those
goals and then to the procedures and processes to mitigate the risks. Risk-based audit is
therefore an evolution rather than a revolution, although the results obtained can be
revolutionary in their magnitude.
The chapters that follow expand these principles into a full process, explain the attitudinal
changes and the broader range of skills required together with the tools and techniques
necessary to adopt the process and to become a world-class Internal Audit function.
4) What techniques should I use?
RBIA doesn’t necessarily change the auditing techniques to be used, but where they will be
used. Physical verification is still vital to ensure what people are telling you should happen is
actually happening. Thus you will still continue to use walkthrough tests, sampling of
transactions, examination of authorizing signatures and verifying balances. The reason for
carrying out these tests is to ensure that the controls that treat risks, and the monitoring controls
that ensure these controls are operating, are effective. The tests are not designed specifically to
detect incorrect, or fraudulent, transactions. That is management’s job.