HomeServicesAudit & AssuranceBank & Concurrent Audit (RBI / Statutory)

Audit & Assurance · Tax & Regulatory Audits

Bank & Concurrent Audit (RBI / Statutory)

Bank concurrent audit is not an annual event — it is a continuous, near-real-time review of a branch's day-to-day transactions, sanctioned to catch control lapses and irregularities as they happen, not months later at year-end.

Chartered Accountants · Chennai · Hyderabad · Bangalore · Dubai · Since 1986

2,000+Clients since 1986
42 yrsCA practice
4Offices · India & UAE
24 hrsResponse time

Bank concurrent audit is not an annual event — it is a continuous, near-real-time review of a branch's day-to-day transactions, sanctioned to catch control lapses and irregularities as they happen, not months later at year-end. Alongside concurrent audit, PNPC also supports RBI-mandated statutory bank audit work — branch statutory audit, IRAC-based advances review, and related banking assignments. At PNPC Global, our partners and audit teams have executed concurrent and statutory audit mandates for public sector, private sector, and cooperative bank branches since 1986. We understand RBI's concurrent audit guidelines, the monthly/quarterly reporting cadence banks expect, the IRAC framework that underlies asset classification, and the operational discipline that on-site, continuous audit coverage genuinely requires.

What it costs

Govt. feesGovernment & statutory fees as applicable to your case
Professional feeFixed professional fee — confirmed in writing before we start

No hidden charges. The exact figure is set in your engagement letter.

What Bank & Concurrent Audit (RBI / Statutory) is

Concurrent audit is an examination of a bank branch's (or a specified business vertical's) transactions that is undertaken as near to the date of the transaction as possible, or ideally, in real time — rather than after the fact at the financial year-end, as a statutory audit is. RBI's guidelines on concurrent audit (issued to banks, most recently consolidated through the Master Circular on concurrent audit and periodic RBI communications) require banks to bring a specified proportion of their business — measured by advances, deposits, or total business volume — under concurrent audit coverage, with high-risk branches, large advances accounts, treasury operations, and specialised verticals typically prioritised for continuous review. Unlike statutory branch audit, which is an annual attest engagement resulting in a signed opinion on the financial statements, concurrent audit is an internal control and transaction-testing function that reports to bank management — usually the branch, zonal, or head office — on a monthly or quarterly cycle throughout the year.

The scope of a concurrent audit assignment is set by the bank's own concurrent audit manual or circular, but typically covers: day-to-day cash transactions and vault operations, adherence to sanctioned lending authority and documentation at the time of disbursement, KYC and anti-money-laundering compliance on new account opening, remittances and clearing transactions, deposit mobilisation and premature closure handling, foreign exchange transactions where the branch is authorised for forex business, and general housekeeping — reconciliation of suspense, sundry, and inter-branch accounts on a running basis rather than only at year-end. Because concurrent audit operates continuously, it is positioned to catch an irregularity — an unauthorised excess drawing, a KYC gap, a documentation lapse on a fresh disbursement — within weeks rather than allowing it to compound for a full financial year before a statutory auditor's sample-based testing might catch it.

Statutory bank audit, in contrast, is the annual RBI/ICAI-empanelled (for public sector banks) or directly appointed (for private/cooperative banks) attest function under Section 30 read with Section 29 of the Banking Regulation Act, 1949, culminating in an audited balance sheet, profit and loss account, and the Long Form Audit Report (LFAR) — a structured, RBI-prescribed questionnaire on asset quality and internal controls. The two functions are complementary rather than duplicative: concurrent audit findings from across the year often inform the statutory auditor's risk assessment and sampling strategy, and a branch with strong concurrent audit coverage typically presents fewer surprises at the annual statutory audit. Some CA firms are engaged for concurrent audit alone, some for statutory branch audit alone, and some — as with PNPC — for both, allowing continuity of institutional knowledge about the branch across the audit calendar.

Beyond commercial bank branches, concurrent audit is also commonly mandated for specialised functions — treasury and investment operations, forex/derivative desks, and centralised loan processing units — where transaction volume and risk concentration justify continuous, rather than periodic, review. Cooperative banks under RBI's banking licence commonly deploy concurrent audit as part of their internal control architecture, and Non-Banking Financial Companies (NBFCs) in the Upper and Middle Layers under RBI's Scale-Based Regulation framework are subject to enhanced internal audit and governance requirements, for which several NBFCs similarly adopt a concurrent-audit-style continuous review as a matter of internal policy. A firm's value in this space is measured by disciplined, on-time monthly/quarterly reporting, the specificity and evidentiary quality of findings, and technical familiarity with the bank's core banking system and internal circulars — not merely the ability to produce a checklist-based report.

When you need bank concurrent or statutory audit support

Your bank has identified a branch, treasury desk, forex cell, or centralised processing unit that meets its concurrent audit coverage criteria and needs an empanelled CA firm to conduct the ongoing review

A private sector or cooperative bank wants continuous, near-real-time transaction testing rather than relying solely on the annual statutory audit cycle to surface control lapses

Your CA firm has been allotted a public sector bank branch for statutory audit through the RBI/ICAI empanelment and bank allotment process and needs an experienced execution team

A branch has shown recurring irregularities in internal audit or prior concurrent audit reports and the bank wants tighter, more frequent independent oversight

A bank's treasury or forex operations require specialised concurrent review given the transaction volume and market-risk sensitivity of those functions

A cooperative bank crossing RBI's applicable concurrent audit coverage threshold, or an NBFC in the Upper/Middle Layer under RBI's Scale-Based Regulation framework strengthening its internal audit and governance function, needs to establish or expand a concurrent-audit-style continuous review

A bank's audit committee wants a single CA firm capable of both statutory branch audit and concurrent audit at the same branch, for continuity of institutional knowledge across the audit calendar

When a different engagement fits better

You need the bank's overall (head office / consolidated) statutory audit — that is a separate, larger engagement typically handled by the bank's Central Statutory Auditors (CSAs) panel, not branch-level or concurrent auditors

You are a company seeking a routine statutory audit of your own financial statements under the Companies Act — see PNPC's company statutory audit service, not bank audit

You need forensic investigation of a specific suspected fraud or diversion of funds — that calls for a forensic audit engagement with a different scope, evidentiary standard, and reporting format

You need only a one-time stock or book-debt audit of a working capital borrower's inventory and receivables — that is a distinct, narrower periodic engagement, not continuous concurrent audit

You are seeking tax audit under Section 44AB of the Income-tax Act for a business — that is a separate engagement with its own scope and Form 3CD reporting

You want a fully automated, software-driven continuous transaction monitoring system rather than a professional CA-led audit function — PNPC can advise on this, but the core concurrent audit deliverable is a professional review, not a monitoring tool

Structure Comparison

Concurrent audit vs related bank audit engagements

FeatureConcurrent AuditStatutory Branch AuditRevenue/Income AuditStock & Book-Debt AuditCentral Statutory Audit (Head Office)
Governing frameworkRBI concurrent audit guidelines / Master Circular + bank's internal concurrent audit manualBanking Regulation Act 1949 (Sec 29/30) + RBI circulars + LFAR formatBank's internal circular + RBI income recognition normsBank's sanction terms + RBI working capital monitoring normsBanking Regulation Act 1949 + Companies Act (bank as company) + RBI CSA norms
Appointment authorityBank's zonal/regional/head office, often via a separate empanelled list from statutory auditorsRBI panel allotment (PSU banks) or direct bank appointment (private/coop banks)Bank's regional/zonal officeSanctioning bank or consortium/lead bankRBI-approved Central Statutory Auditor panel, appointed by bank's Board/shareholders
Nature of engagementContinuous / near-real-time transaction and control testing, not an attest opinionAnnual attest engagement — audit opinion on financial statements + LFARPeriodic review of interest and fee income accuracyPeriodic physical/book verification of stock and receivablesBank-wide consolidated attest engagement
FrequencyOngoing — with monthly or quarterly reports to bank management throughout the yearAnnual — typically at financial year-end (31 March)Periodic — often half-yearly or annual per branch categoryPeriodic per sanction terms — often quarterly or half-yearlyAnnual, with quarterly limited review for listed banks
Reporting outputConcurrent audit report to branch/zonal/head office management, on the agreed cycleSigned audit report + Long Form Audit Report (LFAR) + tax-audit-linked annexures where applicableIncome audit report highlighting leakage/short-recoveryStock/book-debt audit certificate to the bankBank-wide audit report on financial statements prepared per the Banking Regulation Act's Third Schedule, plus LFAR compilation (banking companies are excluded from CARO)
Independence requirementIndependent professional engagement; rotation norms vary by bank's own concurrent audit policyHigh — statutory attest function; rotation and eligibility norms apply under RBI/bank frameworkIndependent professional engagementIndependent professional engagement, often a CA or approved valuerHighest — RBI empanelment, tenure caps, and rotation norms for CSAs
Typical scope at a covered unitCash, KYC/AML at account opening, disbursement documentation, remittances, forex where applicable, ongoing reconciliationBranch-level balance sheet, P&L, advances (IRAC), deposits, LFAR, at year-endInterest and fee income accuracy, income leakage detectionPhysical/book verification of stock and receivables securing a credit facilityBank-wide consolidated financials, key branches, treasury, HO functions
Who typically performs itEmpanelled CA firms or, at some banks, in-house audit teamsRBI/ICAI empanelled CA firms (PSU) or bank-appointed CA firms (private/coop)CA firms empanelled for revenue auditCA firms or approved stock auditors/valuersLarge/mid-size CA firms on RBI's CSA panel

Banks frequently run several of these audit types in parallel — a branch under concurrent audit coverage is also subject to the annual statutory branch audit, and the two functions are complementary rather than duplicative. Empanelment for concurrent audit is generally a separate process from empanelment for statutory branch audit, even within the same bank. PNPC advises firms and, where engaged directly by banks, executes the specific audit type required.

How it works
#Stage & What PNPC DoesWhat Generic Audit Approaches MissTimeline
1Empanelment & Engagement Readiness — bank-specific concurrent audit panel and statutory RBI/ICAI empanelmentConcurrent audit empanelment is generally a separate list from statutory branch audit empanelment, maintained by the bank's own zonal or head office, with its own eligibility criteria on partner strength and prior banking-audit experience. We track both empanelment tracks separately and prepare accurate, complete applications for each — a firm assuming statutory empanelment automatically qualifies it for concurrent audit allotment is a common and avoidable miscalculation.Empanelment cycles vary by bank; typically annual, with communications issued ahead of the financial or calendar year
2Engagement Letter & Scope Confirmation — reading the bank's concurrent audit manual, not assuming a generic scopeEvery bank's concurrent audit manual differs in coverage thresholds, reporting format, and escalation protocol for adverse findings. We read the specific manual and appointment letter for the branch or vertical before planning, including any special focus areas the bank has flagged — a generic checklist approach misses bank-specific requirements that vary meaningfully between institutions.On receipt of appointment/allotment letter
3Baseline Review — prior concurrent audit reports, internal audit findings, and last statutory LFARConcurrent audit is a continuation of institutional oversight, not a fresh start each cycle. We review prior concurrent audit reports, the branch's last internal audit findings, and its most recent statutory LFAR (where available) to identify recurring or unresolved observations that need continued tracking — a discipline generalist teams frequently skip.First 2–3 days of the engagement
4Daily/Weekly Transaction Testing — cash, disbursements, KYC/AML, remittancesConcurrent audit's core value is catching irregularities close to the transaction date. We test fresh disbursements against sanction terms and documentation completeness within days of disbursement (not months later), verify KYC compliance at account opening in real time, and review cash and vault operations on the agreed testing cycle — not a retrospective batch review at month-end that defeats the purpose of 'concurrent' coverage.Ongoing, through each reporting cycle
5Reconciliation & Housekeeping Review — suspense, sundry, and inter-branch accountsAged, unreconciled suspense and inter-branch entries are a recurring finding at year-end statutory audit precisely because they are not caught early. Concurrent audit's continuous cadence is designed to flag these while they are still fresh and traceable, rather than as a stale, hard-to-investigate balance months later.Each reporting cycle — monthly or quarterly per bank mandate
6Forex & Treasury Testing (Where Applicable) — for authorised dealer branches or treasury desksForeign exchange and treasury transactions carry market-risk and regulatory-compliance dimensions (FEMA, RBI's forex master directions) that generic branch-level testing does not cover adequately. Where the branch or unit is under concurrent audit for forex or treasury operations, we deploy team members with specific familiarity with these transaction types.Each reporting cycle, for applicable branches/desks
7Interim Reporting to Bank ManagementConcurrent audit's reporting cadence — typically monthly or quarterly — is the mechanism through which findings reach bank management while they are still actionable. We submit structured, specific reports on the bank's prescribed format and timeline, distinguishing between minor procedural observations and matters requiring immediate escalation.Monthly or quarterly, per the bank's mandate
8Escalation of Serious IrregularitiesSome findings — a suspected unauthorised transaction, a significant documentation gap on a large advance, evidence of KYC circumvention — warrant escalation outside the normal reporting cycle rather than waiting for the next scheduled report. We follow the bank's specified escalation protocol for time-sensitive findings rather than holding them for the routine report.As and when identified, outside the normal cycle where warranted
9Coordination with Statutory Branch Auditor (Where PNPC Holds Both Mandates)Where PNPC is engaged for both concurrent and statutory audit at the same branch, our concurrent audit findings through the year directly inform the statutory audit's risk assessment and sampling strategy at year-end — reducing duplication and surfacing issues earlier than a purely siloed approach would.Throughout the year, culminating at the annual statutory audit
10Quarterly/Annual Summary & Trend ReviewBeyond individual periodic reports, we prepare a consolidated summary highlighting recurring themes, whether prior observations have been resolved, and any deteriorating trend in a specific area (documentation discipline, KYC compliance, reconciliation ageing) that a single period's report would not reveal in isolation.Quarterly or annually, per bank requirement
11Management Response TrackingFindings without follow-up are of limited value. We track whether the branch or zonal office has acted on prior concurrent audit observations and flag unresolved items in each subsequent report, giving the bank's audit committee a clear view of accountability over time.Ongoing, cycle to cycle
12Coverage Renewal & Scope ReviewBank concurrent audit coverage requirements, and the specific branches/units selected for coverage, are reviewed periodically by the bank based on risk profile, business volume, and regulatory expectation. We stay current on the bank's coverage criteria so continuity of engagement is not assumed but actively tracked.Annually, or as the bank's coverage policy is revised
13Multi-Branch / Multi-Bank Coordination for Firms with Several MandatesFirms holding concurrent audit mandates across several branches, alongside statutory audit allotments during the busy season, face genuine scheduling complexity. PNPC's team structure and partner oversight are built for parallel coverage without compromising the depth or timeliness of reporting at any single unit.Ongoing, across the audit calendar

Concurrent audit does not follow a fixed start-to-finish timeline like a statutory audit — it is an ongoing engagement, typically renewed annually, with reporting cadence (monthly or quarterly) set by the bank. PNPC structures staffing for continuous coverage rather than treating it as a periodic project, and coordinates closely with any statutory branch audit mandate at the same branch to avoid duplicated effort and to surface issues earlier in the year.

Document Checklist
Appointment & Engagement Documents

Bank's concurrent audit appointment letter specifying the branch/unit, coverage scope, and reporting cycle

Bank's concurrent audit manual or specific instructions circular for the relevant period

Prior concurrent audit reports for the branch/unit, where PNPC is a new appointee taking over from a predecessor firm

Most recent statutory branch audit report and LFAR, where available, for baseline continuity

Independence and eligibility declaration confirming no disqualification and no conflict of interest with the branch or its major borrowers

Branch/Unit Transaction Records (Ongoing Access)

Daily cash book, vault register, and cash retention limit compliance records

Core banking system (CBS) transaction reports and MIS extracts for the relevant testing period

New account opening register with KYC documentation for each account opened in the period

Loan sanction and disbursement register with linked security documentation for fresh disbursements

Remittance and clearing transaction records (RTGS/NEFT/cheque clearing) for the period under review

Reconciliation & Control Records

Bank reconciliation statements for inter-branch and inter-bank accounts, updated to the review date

Suspense account and sundry deposit/creditor schedules with age-wise breakup

Excess-over-limit and irregular account reports for advances accounts

Delegation-of-authority matrix confirming approval limits applied to disbursements and account operations tested

Locker and safe-custody register, where applicable to the branch's operations

Forex & Treasury Records (Where Applicable)

Authorised dealer licence category and applicable RBI master direction reference for the branch/desk

Forex transaction register with supporting trade/remittance documentation

Treasury deal slips and confirmation records for the period under review

Nostro/vostro account reconciliation statements, where the branch handles correspondent banking transactions

Statutory Bank Audit Records (Where PNPC Also Holds the Statutory Mandate)

Branch trial balance and general ledger as at the balance sheet date

Advances documentation for accounts sampled under statutory audit's IRAC-based testing

NPA classification and provisioning working papers prepared by the branch

KYC/AML compliance registers and cash transaction reports above the prescribed threshold

Prior year's RBI inspection report or internal audit report, where available

Staff & Access Coordination (Provided by Branch/Bank)

Branch Manager and key staff availability for the concurrent audit team's periodic visits or continuous presence

Access to core banking system reports and MIS extracts required for continuous testing

A designated point of contact at zonal or head office for report submission and escalation of urgent findings

Physical access arrangements where the concurrent auditor is stationed on-site rather than conducting periodic visits

Ongoing obligations
PhaseTriggered ByPNPC CA GuidanceRisk If Ignored
Empanelment & Engagement SetupBank's annual concurrent audit empanelment/appointment cycleSeparate, accurate empanelment application for concurrent audit distinct from statutory audit empanelment; review of the bank's specific concurrent audit manual before accepting the engagement.Assuming statutory empanelment covers concurrent audit eligibility can result in a missed appointment opportunity or scope confusion at engagement start.
Baseline ReviewEngagement commencementReview of prior concurrent audit reports, internal audit findings, and the most recent statutory LFAR to establish continuity rather than starting testing with no institutional context.Starting without baseline context repeats known issues and misses recurring patterns the bank's audit committee expects to be tracked over time.
Continuous Testing CycleOngoing, per the agreed reporting cadenceDisciplined testing of fresh transactions close to their transaction date — disbursements, KYC at account opening, cash and vault operations — rather than a retrospective batch review that defeats the purpose of continuous coverage.Deferred or batched testing turns concurrent audit into a delayed, lower-value version of periodic audit, undermining the early-detection rationale for the function.
Periodic ReportingMonthly or quarterly reporting deadline per bank mandateStructured, specific reports distinguishing procedural observations from matters requiring escalation, submitted on the bank's prescribed format and timeline.Late or generic reporting reduces the bank's ability to act on findings while they remain current, and reflects on the firm's reliability for renewal.
Escalation of Serious FindingsIdentification of a significant irregularity outside the normal cycleImmediate escalation per the bank's specified protocol for time-sensitive matters — suspected unauthorised transactions, major documentation gaps, KYC circumvention — rather than holding the finding for the routine report.Delayed escalation of a serious control lapse can allow it to compound, and reflects poorly on the concurrent auditor's judgment if discovered later through other channels.
Coordination with Statutory AuditAnnual statutory branch audit cycle (where PNPC holds both mandates)Concurrent audit findings from across the year are used to inform the statutory audit's risk-based sampling and LFAR preparation, reducing duplication and surfacing issues earlier.Treating concurrent and statutory audit as fully siloed functions, even when held by the same firm, wastes the institutional-knowledge advantage and risks inconsistent findings between the two reports.
Renewal & Scope ReviewBank's periodic review of coverage requirements and firm performanceProactive engagement with the bank's audit committee or zonal office on coverage scope, especially where business volume or risk profile at the branch/unit has changed materially since the last review.Passive assumption of continued engagement without demonstrating value can result in non-renewal when the bank reviews its concurrent audit panel.

Concurrent audit is a continuous relationship, not a one-off project — its value compounds across cycles as recurring observations are tracked to resolution and its findings feed directly into the branch's annual statutory audit. Banks generally review coverage and firm performance on an annual basis; PNPC treats each reporting cycle as an input into that ongoing relationship rather than an isolated deliverable.

Frequently asked
What exactly is bank concurrent audit?

It is an ongoing, near-real-time review of a bank branch's or specialised unit's day-to-day transactions and internal controls, conducted by an appointed Chartered Accountant, reporting to bank management on a monthly or quarterly cycle throughout the year — distinct from the once-a-year statutory branch audit, which culminates in a signed attest opinion and the Long Form Audit Report (LFAR).

Practitioner noteClients sometimes use 'concurrent audit' and 'branch audit' interchangeably. They are not the same function — concurrent audit is continuous and reports to management; statutory branch audit is annual and results in a formal audit opinion. A branch can be, and often is, subject to both.
How is concurrent audit different from statutory branch audit?

Concurrent audit is a continuous, internal control-focused review that reports to bank management (branch, zonal, or head office) on a recurring cycle, with no formal audit opinion issued. Statutory branch audit is an annual attest engagement under the Banking Regulation Act 1949, resulting in a signed audit report on the branch's financial statements plus the RBI-prescribed LFAR. The two are complementary — a branch under active concurrent audit coverage typically enters the annual statutory audit with fewer unresolved issues, because irregularities have already been surfaced and addressed during the year.

Practitioner noteWe encourage banks to view concurrent and statutory audit as two layers of the same oversight architecture rather than redundant exercises — the value compounds when both functions share findings.
How does a CA firm get appointed for bank concurrent audit?

Appointment is generally made by the bank's zonal, regional, or head office through its own concurrent audit empanelment process — which is typically a separate list from the RBI/ICAI statutory branch audit panel, even at the same bank. Eligible CA firms apply to the bank's concurrent audit panel based on the bank's specific eligibility criteria (often partner strength and prior banking-audit experience), and branches or units are then allotted based on the bank's coverage requirements.

Practitioner noteWe advise firms not to assume that RBI/ICAI statutory empanelment automatically qualifies them for a bank's concurrent audit panel — the two lists and their eligibility criteria are usually managed separately, and firms should apply for concurrent audit empanelment specifically.
How often is concurrent audit reporting done?

This is set by the specific bank's concurrent audit manual and the appointment letter — commonly monthly, though some banks specify quarterly reporting for lower-risk units. The underlying testing itself is meant to be near-continuous (close to the transaction date), even where the formal written report is submitted on a monthly or quarterly cycle.

Practitioner noteWe confirm the exact reporting cadence and format at engagement acceptance, since it varies meaningfully between banks — treating every bank's concurrent audit the same way is a common and avoidable mismatch.
Which branches or units does a bank typically place under concurrent audit?

RBI's concurrent audit guidelines require banks to bring a specified proportion of their business under concurrent audit coverage, with priority typically given to high-risk or high-volume branches, large advances portfolios, treasury and investment operations, forex/authorised dealer desks, and centralised processing units — rather than uniform coverage across every branch.

Practitioner noteCoverage criteria differ by bank and can be revised periodically as the bank reassesses its risk profile — we recommend clients confirm current coverage criteria with the bank rather than relying on prior-year scope.
What does a concurrent auditor actually test on a day-to-day basis?

Typical scope includes: cash and vault operations, KYC/AML documentation at new account opening, sanction and documentation compliance at the time of loan disbursement, remittance and clearing transactions, deposit mobilisation and premature closure handling, foreign exchange transactions at authorised branches, and ongoing reconciliation of suspense, sundry, and inter-branch accounts — all tested close to the transaction date rather than in a year-end review.

Practitioner noteThe defining discipline of concurrent audit is testing fresh transactions promptly. A concurrent audit that only reviews transactions in a batch at month-end has lost much of the early-detection value the function is meant to provide.
Does concurrent audit cover advances the same way statutory branch audit does?

Concurrent audit reviews documentation and sanction-term compliance at the point of disbursement and periodically thereafter — a real-time control check. Statutory branch audit's advances testing is a year-end exercise applying RBI's IRAC (Income Recognition, Asset Classification and Provisioning) norms to classify each sampled account as Standard, Special Mention Account, Sub-Standard, Doubtful, or Loss based on overdue days. Both examine advances, but with different objectives and timing — concurrent audit for ongoing control discipline, statutory audit for year-end classification and provisioning accuracy.

Practitioner noteWhere PNPC holds both mandates at a branch, our concurrent audit observations on disbursement documentation through the year directly inform the statutory audit's advances sampling and risk assessment.
What happens if a concurrent auditor finds a serious irregularity?

Serious or time-sensitive findings — a suspected unauthorised transaction, a significant documentation gap on a large disbursement, evidence of KYC circumvention — are escalated to bank management outside the normal reporting cycle, following the bank's specified escalation protocol, rather than held for the next scheduled monthly or quarterly report.

Practitioner noteWe agree the exact escalation protocol and contact point with the bank at engagement acceptance, so there is no ambiguity about who is notified and how quickly when a serious finding arises.
Is concurrent audit mandatory for all bank branches?

No. RBI requires banks to bring a specified proportion of their overall business under concurrent audit coverage based on the bank's own risk assessment and RBI's guidelines, rather than mandating coverage of every branch. Banks select branches and units for coverage based on business volume, risk profile, and any specific regulatory or internal audit concern, and periodically review this selection.

Practitioner noteWe advise banks and cooperative societies approaching the applicable coverage threshold to plan their concurrent audit panel and coverage plan well ahead of the review period, rather than scrambling once the requirement crystallises.
Does concurrent audit apply to cooperative banks and NBFCs, or only commercial banks?

Concurrent audit requirements extend to cooperative banks operating under a banking licence (subject to RBI directions applicable to banking-licensed cooperatives, read with the relevant State Cooperative Societies Act), in addition to commercial bank branches. NBFCs in the Upper and Middle Layers under RBI's Scale-Based Regulation framework are subject to enhanced internal audit and governance norms, and many such NBFCs adopt a concurrent-audit-style continuous review as internal policy, though this is framed under RBI's internal-audit and governance expectations for NBFCs rather than the same concurrent-audit circulars that apply to banks. The specific coverage criteria and reporting expectations differ by category of regulated entity.

Practitioner noteWe confirm the exact regulatory framework applicable to each client — commercial bank, cooperative bank, or NBFC — before finalising the concurrent audit scope, since the governing circulars and reporting formats are not identical across these categories.
Can the same CA firm hold both the concurrent audit and statutory branch audit mandate at one branch?

Yes, subject to the bank's own policy and any independence considerations the bank or RBI framework may apply. Where permitted, holding both mandates allows genuine continuity — concurrent audit findings through the year inform the statutory auditor's risk assessment at year-end, and the statutory audit's LFAR benefits from a fuller picture of the branch's control environment across the year rather than a single point-in-time sample.

Practitioner noteWe confirm with each bank whether dual appointment is permitted under its specific policy before proposing this arrangement — some banks prefer separation between the two functions as a matter of internal governance, and we respect that where specified.
What is the reporting format for a concurrent audit report?

The format is set by the bank's own concurrent audit manual and varies by institution — but typically structures findings by functional area (cash, advances, deposits, KYC/AML, reconciliation, forex where applicable), rates the severity of each observation, and tracks whether prior-period observations have been resolved. PNPC follows the bank's prescribed format precisely rather than substituting a generic template.

Practitioner noteA report that does not track resolution of prior-cycle findings loses much of its value to the bank's audit committee — we build this trend-tracking into every consolidated summary report we submit.
What is the difference between concurrent audit and internal audit?

Internal audit is typically a broader, risk-based review of the bank's or branch's overall operations and controls, often conducted by the bank's own internal audit function (or an external firm engaged for that specific role) on a periodic cycle that may be annual or aligned with a risk-based audit plan. Concurrent audit is narrower in scope but far more frequent — a continuous or near-continuous transaction-level review of specific high-risk areas, run in parallel with, and complementary to, the internal audit function rather than replacing it.

Practitioner noteWe coordinate with a bank's internal audit function where both are engaged at the same branch, to avoid unnecessary duplication of testing effort and to ensure findings from each function are cross-referenced.
How does PNPC ensure independence in a continuous, on-site engagement like concurrent audit?

We conduct a conflict check against the branch's major borrower and account relationships at engagement acceptance, and reassess periodically given the continuous nature of the engagement. Where PNPC has an existing advisory, tax, or audit relationship with a party whose transactions would be reviewed under concurrent audit, we assess and, where appropriate, disclose or decline the relevant portion of the engagement, consistent with ICAI's Code of Ethics.

Practitioner noteIndependence risk in a continuous, on-site engagement is different in character from an annual sample-based audit — we treat conflict checks as an ongoing discipline for concurrent audit mandates, not a one-time exercise at engagement start.
What documentation should a branch keep ready for the concurrent audit team?

At minimum: daily cash and vault registers, CBS transaction reports for the review period, the new account opening register with KYC documentation, the loan disbursement register with linked security documentation, remittance and clearing records, and reconciliation statements for inter-branch and suspense accounts, kept current rather than reconstructed at review time.

Practitioner noteWe share a specific, bank-manual-aligned document checklist with the branch at engagement start — branches that maintain these records current in the ordinary course, rather than only for audit purposes, get materially faster and more useful concurrent audit cycles.
Can a bank change or expand concurrent audit coverage mid-year?

Yes. Banks periodically review coverage based on changing risk profile, business volume growth at a branch, or specific regulatory or internal audit concerns, and can expand (or occasionally reduce) concurrent audit coverage accordingly, subject to the bank's own internal approval process and any RBI-linked minimum coverage requirement.

Practitioner noteWe stay in regular contact with the bank's zonal or head office concurrent audit coordinator specifically to be positioned for expanded scope requests, rather than learning of a coverage change only through a formal fresh appointment letter.
Does concurrent audit cover forex and treasury transactions?

Where the branch or desk is authorised for foreign exchange or treasury operations and is included within the bank's concurrent audit coverage for that function, yes — this typically involves reviewing forex transaction documentation against RBI's applicable master directions, treasury deal confirmations, and nostro/vostro reconciliation, requiring team members with specific familiarity with these transaction types beyond general branch banking.

Practitioner noteWe deploy team members with specific forex/treasury audit experience for these engagements rather than assigning general branch-audit staff — the regulatory framework (FEMA, RBI forex master directions) is materially different from standard branch operations.
What is the fee structure for concurrent audit engagements?

Concurrent audit fees are agreed between the firm and the bank as part of the engagement letter, typically structured as a periodic (monthly or quarterly) retainer reflecting the scope of coverage and the frequency and depth of on-site or on-call testing required, rather than a per-visit fee as with some periodic audit types. PNPC confirms the applicable fee basis with each bank at engagement acceptance.

Practitioner noteBecause concurrent audit is an ongoing commitment rather than a one-time project, we structure our fee proposal to reflect the sustained staffing required across the year, not a discounted introductory rate that cannot support consistent quality over a multi-month engagement.
Can a concurrent audit finding lead to disciplinary or regulatory action against branch staff?

Concurrent audit reports go to bank management, which decides on any disciplinary, corrective, or process action based on the findings — the concurrent auditor's role is to identify and report irregularities accurately, not to determine consequences for staff. In cases involving suspected fraud or serious regulatory breaches, the bank may separately escalate to its vigilance or fraud investigation function, or to RBI, depending on materiality and the bank's own policy.

Practitioner noteWe keep our reporting strictly factual and evidence-based, avoiding characterisations that go beyond what the audit evidence supports — the bank's management and, where applicable, its vigilance function are responsible for any subsequent action.
Does concurrent audit review digital and mobile banking transactions?

Yes, where the branch or bank's coverage scope includes digital channels. As banks shift a growing share of transaction volume to internet banking, mobile banking, and UPI-linked flows, concurrent audit scope increasingly extends to testing controls around digital onboarding, transaction authorisation limits, and reconciliation of digital channel transactions with the core banking system, in addition to traditional over-the-counter branch transactions.

Practitioner noteWe confirm with each bank whether digital channel testing falls within the concurrent audit mandate or is covered by a separate IT/systems audit function, since banks structure this differently and scope assumptions here can leave a genuine gap.
What is the difference between concurrent audit and RBI's own inspection of a bank?

Concurrent audit is a function the bank itself commissions and pays for, using an empanelled CA firm or internal team, reporting to bank management as part of the bank's own internal control architecture. RBI inspection (or supervisory examination) is a distinct regulatory exercise conducted by RBI's own supervisory teams under its statutory powers over banks, assessing the bank's overall health, compliance, and governance — concurrent audit findings can be reviewed by RBI inspectors as part of assessing the bank's internal control environment, but the two are not the same exercise.

Practitioner noteWe advise clients that strong, well-documented concurrent audit coverage often reflects favourably when RBI inspectors assess a bank's internal control framework, even though concurrent audit itself is not an RBI exercise.
Can concurrent audit coverage be conducted off-site, or must the auditor be physically present at the branch?

This depends on the bank's own concurrent audit manual and the nature of the branch or unit. Many banks require on-site presence, at least periodically, for cash verification and physical document review, while allowing certain transaction-level testing to be conducted off-site using core banking system MIS extracts and scanned documentation, particularly for centralised processing units. PNPC confirms the specific on-site/off-site expectation with each bank at engagement acceptance.

Practitioner noteWe do not assume off-site access to system reports is equivalent to on-site verification for all testing areas — cash and physical document verification genuinely require on-site presence, and we plan visit frequency accordingly even where some testing can be done remotely.
What happens when a concurrent audit mandate at a branch ends or is not renewed?

On completion or non-renewal of a concurrent audit mandate, the outgoing firm typically hands over its working papers, outstanding observations, and a status summary of unresolved findings to the bank (and, where applicable, to the incoming firm), so continuity of oversight is not lost at the transition. PNPC provides a structured handover summary in every case, whether the mandate ends by natural conclusion, bank-driven rotation, or non-renewal.

Practitioner noteWe treat handover documentation as a professional obligation regardless of why a mandate ends — a clean handover protects both the bank's continuity of oversight and the firm's professional reputation for future engagements.
How does concurrent audit interact with a bank's statutory tax audit obligations?

Concurrent audit does not itself address the bank's tax audit obligations under Section 44AB of the Income-tax Act, which are typically handled at the entity level by the bank's appointed tax auditors, drawing on consolidated financial data rather than branch-level concurrent audit reports. However, the reconciliation and documentation discipline that concurrent audit reinforces at branch level — accurate TDS deduction records, clean suspense accounts — supports the overall quality of data that eventually feeds the bank's consolidated tax audit.

Practitioner noteWe are clear with clients that concurrent audit is not a substitute for, or a component of, the bank's Section 44AB tax audit — the two are governed by entirely different statutes and reporting requirements.
How does concurrent audit help a bank ahead of its annual statutory audit?

A branch under active, well-executed concurrent audit coverage typically enters its annual statutory audit with fewer unresolved documentation gaps, better reconciliation discipline, and a documented track record of how prior irregularities were identified and addressed — all of which can streamline the statutory auditor's risk assessment, though it does not substitute for the statutory audit's own independent IRAC-based testing and LFAR preparation.

Practitioner noteWe are explicit with clients that concurrent audit complements but never replaces statutory branch audit — the two serve different regulatory purposes and neither can substitute for the other's specific mandate.
What is PNPC's approach to statutory bank branch audit, separate from concurrent audit?

PNPC's statutory bank audit practice covers branch-level statutory audit under the Banking Regulation Act 1949, including IRAC-based advances classification testing, LFAR preparation, and financial statement certification, for public sector banks (through RBI/ICAI empanelment and bank allotment), private sector banks, and cooperative banks (direct appointment). This is offered as a standalone engagement or in combination with concurrent audit at the same branch, at the bank's preference.

Practitioner noteFirms and banks sometimes assume 'bank audit' means only the annual statutory function — we make clear at the outset which specific audit type (or combination) is being scoped, since the governing framework, reporting format, and appointment route differ materially between concurrent and statutory audit.
What is a Long Form Audit Report (LFAR) and does concurrent audit produce one?

The LFAR is a structured, RBI-prescribed questionnaire completed as part of the annual statutory branch audit, covering asset quality, credit appraisal adherence, security documentation, and internal control observations. Concurrent audit does not produce an LFAR — it produces periodic management reports on its own format — but well-documented concurrent audit findings through the year can meaningfully inform the statutory auditor's LFAR responses where the same firm, or a coordinating firm, holds both mandates.

Practitioner noteWe treat concurrent audit's periodic findings as a running input file for the eventual statutory LFAR at year-end, rather than two entirely disconnected work streams, wherever PNPC holds both mandates.
What are IRAC norms and how do they relate to concurrent audit?

IRAC stands for Income Recognition, Asset Classification and Provisioning — RBI's framework for classifying every advance account (Standard, Special Mention Account, Sub-Standard, Doubtful, or Loss) based primarily on overdue days, and determining the provisioning required for each classification. IRAC-based classification testing is core to the annual statutory branch audit rather than concurrent audit's day-to-day scope, though concurrent audit's ongoing review of disbursement documentation and account conduct can flag early warning signs (excess drawings, documentation lapses) relevant to eventual IRAC classification.

Practitioner noteWe are precise with clients about which framework applies to which engagement — IRAC classification is a statutory-audit-stage exercise, while concurrent audit's contribution is upstream control testing that reduces the likelihood of classification surprises at year-end.
How does PNPC handle multiple concurrent audit mandates across different banks simultaneously?

PNPC structures its audit teams with a dedicated engagement lead for each branch or unit under concurrent audit coverage, with partner-level oversight built into the periodic reporting cycle, rather than a single team serially rotating across multiple mandates in a way that compresses testing depth at any one unit.

Practitioner noteWe plan staffing for concurrent audit mandates as an ongoing annual commitment from the outset, not as a project resourced only around reporting deadlines — the continuous nature of the engagement requires continuous, not episodic, staffing discipline.
Is concurrent audit relevant to a branch's KYC/AML compliance specifically?

Yes — KYC documentation completeness at new account opening and ongoing due diligence on existing accounts is a standard and important part of concurrent audit scope, given that KYC/AML gaps are precisely the kind of control lapse that continuous, near-real-time review is positioned to catch quickly, compared to a once-a-year statutory sample.

Practitioner noteWe treat KYC/AML testing as a non-negotiable component of every concurrent audit cycle, reviewing every new account opened in the period rather than a partial sample, given the regulatory sensitivity of this area.
What internal controls beyond advances does concurrent audit typically examine?

Beyond loan disbursement documentation, concurrent audit typically covers: cash handling and dual-custody controls over the vault, adherence to sanctioned delegation-of-authority limits, deposit account operations including premature closures, remittance and clearing transaction accuracy, reconciliation discipline over suspense and inter-branch accounts on a running basis, and — where applicable — forex and treasury transaction compliance.

Practitioner noteReconciliation discipline is an area where continuous concurrent audit adds particular value — aged, unexplained suspense entries are far easier to trace and resolve when flagged within weeks rather than discovered as a stale, unexplained balance at year-end statutory audit.
Why should a bank or CA firm choose PNPC for concurrent and statutory bank audit support?

PNPC has executed concurrent audit, statutory branch audit, and related banking-sector assignments across public sector, private sector, and cooperative banks since 1986. Our teams bring disciplined, on-time periodic reporting for concurrent audit, technical depth in IRAC classification and LFAR preparation for statutory audit, and — where a bank engages PNPC for both functions at the same branch — genuine continuity of institutional knowledge across the audit calendar rather than two disconnected engagements. We are a practising CA firm with decades of banking-audit experience, not a generalist audit team applying a one-size-fits-all checklist to a specialised function.

Practitioner noteThe clearest signal of concurrent audit quality is whether findings are specific, evidence-backed, and tracked for resolution cycle over cycle — that is what we optimise for on every mandate we hold.
Why PNPC Global

PNPC Global vs a generalist audit team for bank concurrent and statutory audit

DimensionGeneralist / First-Time Audit TeamPNPC Global
Concurrent testing disciplineBatch-reviews transactions retrospectively, close to the reporting deadlineTests fresh disbursements, account openings, and cash operations close to the transaction date
Reporting consistencyVariable format and timing, findings not tracked cycle to cycleBank-manual-aligned reports on the agreed cadence, with resolution tracking across cycles
Coordination with statutory auditConcurrent and statutory audit treated as fully separate, disconnected engagementsConcurrent findings feed statutory audit's risk assessment and LFAR preparation where both mandates are held
Escalation of serious findingsHeld for the next routine report regardless of severityEscalated immediately per the bank's specified protocol for time-sensitive matters
Forex/treasury specialisationGeneral branch-audit staff assigned regardless of transaction complexityTeam members with specific forex/treasury audit familiarity for applicable branches
Empanelment trackingAssumes statutory empanelment covers concurrent audit eligibilityTracks concurrent and statutory empanelment as separate, bank-specific processes
Independence & conflict checksOne-time check at engagement startOngoing conflict monitoring appropriate to a continuous, on-site engagement
Cross-audit-type coverageTypically limited to one audit typeConcurrent, statutory branch, revenue, stock/book-debt, and cooperative bank audit capability

What the PNPC package includes

  1. 01

    Concurrent audit engagement planning aligned to the bank's specific concurrent audit manual

  2. 02

    Continuous, near-real-time transaction testing across cash, advances documentation, deposits, and KYC/AML

  3. 03

    Periodic (monthly/quarterly) structured reporting with resolution tracking of prior observations

  4. 04

    Immediate escalation protocol for time-sensitive or serious irregularities

  5. 05

    Forex and treasury transaction review for authorised branches and desks, where mandated

  6. 06

    Statutory branch audit including IRAC-based advances classification and Long Form Audit Report (LFAR) preparation

  7. 07

    Coordinated concurrent-plus-statutory engagement delivery where a bank appoints PNPC for both functions at a branch

  8. 08

    Cooperative bank and NBFC concurrent audit support under the applicable RBI framework

  9. 09

    Working paper documentation and continuity records supporting engagement renewal and future-year audit reference

Concurrent audit rewards firms that treat continuous coverage as genuinely continuous — talk to PNPC before your bank's next concurrent audit empanelment or allotment cycle.

← Back to Audit & Assurance
Talk to a CA