Shubham Housing Development Finance

Company Limited

1
Index
1. Introduction 03 - 04
2. Scope of work 05 - 06
3. Observations Summary 07 - 09
4. Detailed Report – Credit Underwriting 10 - 12
5. Detailed Report – Loan Operations 13 - 21
6. Detailed Report – Collateral Valuation 22 - 24
7. Detailed Report – Branch Review 25 - 30
8. Detailed Report – Loan File Review 31 - 33
9. Status of open audit observations 34 - 37

2
Introduction
01
Introduction

Background
Shubham Housing Development Finance Company Limited has an Internal Audit vertical which is primarily responsible for conducting internal audit of various business
functions. The company has approached Mazars Advisory LLP to provide support services to the Internal Audit team for completion of internal audit plan for FY 2024-25.
The review areas for quarter-I includes Credit underwriting, Loan Operations, Collateral valuations, Branch review, and Loan files review.

Approach

Internal Audit for Quarter 1, FY 2024-25 was conducted by Mazars team under supervision and guidance of Head – Internal Audit of Shubham Housing Development
Finance Company Limited. Mazars team has provided support to Internal audit team in completion of audits as per scope of work. The work performed by Mazars has
been shared, deliberated and finalized with the Head – Internal Audit. The working papers generated by Mazars are provided to the Internal Audit team after retaining a
working paper copy for internal record. The reporting and presentation to the management and/or audit committee of the company is the responsibility of the Head –
Internal Audit and Mazars team will support, wherever required. The final decision on significance of observation and rating was with Head – Internal Audit.

4
Scope of work
02
Scope of work
The scope of work includes the review of Credit underwriting, Loan operations, Collateral valuations, Branch Review and Loan
files review. The detailed scope of work includes under each of the review function includes following:

Loan Operations Credit Underwriting

o Customer acquisition and set up procedures o Review of risk policy applied and eligibility of the customer as per
o Control over completeness and accuracy of loan documentation bank’s standard policies / credit checks;
o Control over acceptance and custody of sanction letter o Review of underwriting guidelines and adherence thereto;
o Collection of processing fee, other legal charges and disbursal as per sanction letter o Review adherence with regulatory requirements;
o Control over agreement execution, legal vetting and standard terms and condition o Control over issue of sanction letters including terms and conditions
o Review procedures and control over Mortgage creation including CERSAI registration o Operations team’s decision practices including approval authority
o Control over regular monitoring and conduct of account o Review of control over adherence with KYC Norms
o Cheque Handover and OTC process
o Control and monitoring over post disbursal procedures/ documentation (PDD)
o Insurance, PDC and ACH process
o Review of Foreclosure procedures
o Collection of charges and control over waiver approvals as per matrix
o Instrument Bounce Analysis
o Loan Closure Process
Branch Review (2 branches) Loan file Review
o Review of cash /CMS transactions o Review control over completeness & accuracy of loan documentation
o Safety and security measures o Review of control over issuance of sanction letter
o Compliances with key local laws o Review of control over adherence with KYC norms
o Review adherence with regulatory requirements
Collateral Valuations
o Review control over engagement of valuation expert
o Review of control over availability and completeness of report

6
Observation Summary
03
Observation Summary
# Observation Risk Rating Root Cause
Credit Underwriting
1 Employee loans not repriced (interest rate) on separation Medium Operational Inefficiency
2 Non-adherence to deviation matrix for higher LTV approval Medium Operational Inefficiency
Loan Operations
3 Short / excess collection of charges from customers Medium System Limitation
4 CERSAI Search conducted post disbursement Medium Operational Inefficiency
5 MIS preparation needs strengthening Low Operational Inefficiency
6 Property documents not dispatched to branch within 30 days Medium Operational Inefficiency
Collateral Valuations
7 Valuers' reappointment approval not obtained as per policy Medium Operational Inefficiency
Branch Review
8 Vault register not updated for access of critical documents Low Operational Inefficiency
9 Adherence to Key Movement protocols is needed Medium Operational Inefficiency
10 Cash register maintaining process to be strengthening Medium Operational Inefficiency
Loan File Review
11 Loan file documentation needs strengthening Low Operational Inefficiency

8
Risk Rating Criteria
The internal Audit observation rating criteria and risk rating criteria as per the pre-defined parameters specified by the
company’s management, is as follows:

Process Observations related to absence of defined process or weakness in existing processes.

PD
Example : Absence of maker checker control.
Root Cause

Deficiency

Operational Observations related to non-adherence to defined process or discipline issues.

OI
Inefficiencies Example : Nonadherence to PF provisions.

System Limitation Observations related absence or sub-optimal utilization of system functionalities.

SL
Example : Non utilization of approval functionality in system.

A weakness where there is substantial risk of loss, fraud, impropriety, poor value for money, or failure to
achieve process /organizational objectives. Such risk could lead to an adverse impact on the business.
High H
Remedial measures must be taken urgently. The issue is reviewed and escalated to management, as
appropriate, before the audit report is completed
Risk Rating

A weakness in control which, although not fundamental, relates to shortcomings which expose individual
Medium M business systems to a less immediate level of threatening risk or poor value of money. Such a risk could
impact on operational objectives and should be of concern to management and requires specific action

L Areas that individually have no significant impact, but where management would benefit from improved
Low controls and/or can have the opportunity to achieve greater effectiveness /efficiency

9
Detailed Report – Credit Underwriting
04
1. Employee loans not repriced (interest rate) on separation M OI

Process Background & Observation Business Risk Implication

Process Background: As per the Credit Policy, employee loans are provided to SHDFC • Failure to reprice the interest rates to the normal lending rate /
employees at a low rate of interest. If any employee exits before the maturity of the loan, market rate may lead to financial loss
the loan should be repriced to the rate of interest prevailing at the time of the employee’s
separation.
Root Cause Analysis
Observation: Employees of the company are offered loans at minimum rate of interest • Non-compliance of company’s credit policy
however; these loans are not repriced at market rate / rates offered to other customers in
case of employee separation. During the review of loan register for the period from April
2024 to June 2024, we noted that the interest rates for four (04) separated employees Recommendations
were not repriced to the market rate of interest**. These employees were originally
provided loans at concessional rate of interest. • Improve the communication and coordination between the HR
and loan operation team to ensure timely updates of employee
Summary of the instances are tabulated below for reference :-
status and corresponding loan repricing. Training must be
Application no. Applicant name Loan sanction ROI at time of Current ROI (%) imparted to employees to ensure a clear understanding of the
amount sanction (%) As on date policy and its implementation.
APPL05263816 Tejveer Singh ₹ 12,04,025 10.9 10.9 • Periodic review of loan register and compliance with the Credit
APPL05296210 Shivpoojan Pherai Yadav ₹ 13,97,171 10.9 10.9 Policy must be ensured.
APPL05305980 Gadikota Nagaraju ₹ 25,82,682 9.9 9.9
APPL05328094 Mudavath Naresh ₹ 29,94,968 9.9 9.9

** Other formal salaried customer of SHDFC are provided loan at an average interest rate of 12% PA.

Management Action Plan Responsibility Timeline

1.1 In the above mentioned 4 cases, loans are given to employees at the prevailing retail rates as per the scheme, not on Manjari September-24
subsidized rates. However, we will make the necessary changes in the process.

11
 2. Non-adherence to deviation matrix for higher LTV approval M OI

Process Background & Observation Business Risk Implication

Process Background: As per credit policy, any deviation in the LTV ratio up to a maximum of • Non-compliance with the company’s credit policy.
10% over the permissible limit, must undergo a formal approval process. Specifically, in case of • Approving loans with higher-than-authorized LTV ratios
Home loan – other than the formal salaried, maximum deviations in LTV ratio i.e., up to 10% without proper approval increases the credit risk to the
(beyond 80% up to 90%) requires explicit approval from the L3 (Head - Credit Underwriting, company.
ZCM & RCM)
Root Cause Analysis
Observation: Finnone system is configured to raise deviation approval for LTV ratio (up to • Updation in deviation matrix not configured in Finnone.
10%) to L7 (Disbursement Manager) instead raising it to L3 (Head - Credit Underwriting, ZCM
& RCM) which is resulting into violation of Credit Policy.
Recommendations
During our review, we noted one instance where LTV offered was more than allowed LTV of
80% as per policy however the deviation approval in system was raised to and approved by L7 • Implement a compliance monitoring mechanisms to ensure
level instead of L3 as required under credit policy. that all deviations from the prescribed LTV limits are
Summary of the instance is tabulated below :- properly documented and approved. The system
configuration must be changed as per company policy.
S. Loan Number Product type Sanction LTV (%) Permissible Deviation
No. Loan Amount Limit
0BLR240300000 HL- Other than Formal
1. ₹ 9,59,616 89.82% 80% 9.82%
5083011 salaried

Management Action Plan Responsibility Timeline

1.1 We will strengthen the process, though the LTV is within NHB norms and LTV on market value is within the policy Manjari Jhingran Immediate
parameters.

12
Detailed Report – Loan Operations
05
3.
1. Short / excess collection of charges from customers M SL

Process Background & Observation Business Risk Implication

Process Background: As per current practice, the application fee as specified in Schedule of • Allowing branch team to manually change application
Charges, is collected from customers at the time of case login. Loan applications are logged in fee leading to revenue loss / customer dissatisfaction.
through Shubh FTR application by branch team. Customer is communicated a link to pay • Short collection of charges may lead to financial loss
application fee through Shubh FTR and application is forwarded to branch manager after fee to company
payment. Further, “Administrative and Operational Cost – Disbursal” is collected as per Credit
Policy. Root cause
• Manual updation of application fee amount not
Observation: Application fee amount automatically reflects on Shubh FTR application, however;
restricted in Shubh FTR and Finnone system.
the Shubh FTR application does not restrict users from making changes in fee amount. Further,
“Administrative and Operational Cost – Disbursal” is deducted from the loan amount to be disbursed Recommendations
to customers. The amount is manually updated in Finnone System by Operations team at the time
• Feasibility of restricting users from editing application /
of loan sanctioning. During review, we noted:
• Application fee amounting to Rs.2.33 lakh was short collected in 181 cases and Rs.0.92 lakh was Administrative and Operational Cost – Disbursal fee
excess collected in 56 cases during our review period (April 2024 to May 2024). may be explored and implemented.
• Administrative and Operational Cost (at disbursal) fee amounting to Rs. 0.20 lakh was short • Fee collected should be periodically reviewed to
collected in 2 instances. (Details are as per Annexure 1) ensure that the same is not short / excess collected
Management Action Plan Responsibility Timeline
1.1 • Due to frequent changes in the application fee campaigns, some cases got logged in by the field team as per their Manjari Jhingran Immediate
commitment with the customer, but at the time of processing the fee got changed, hence we have honored the
commitment given by the filed team. However, we have put the check in place for the cases that will come for
disbursal. The deviation will be raised and will be approved by Head of Operations
• 7 applications are of CF product where Application fee is 7500/- Balance are the cases where earlier the case was
logged in LAP but was finally approved for HL or the loan was of higher loan amount, but final decisioned for lower
loan amount.
• In one case the approval is there for the fees, but due to typing error it is not coming out clearly, ratified approval from
CBO is taken now and in the second case there are two loans(main loan and the top up loan) in which the fee taken
as per the main loan.

14
Annexure 1: Details of administrative and operational costs charged
Loan no Sanctioned amount Admin & operational charges 3% of sanctioned amount Amount Undercharged
0DEL2403000005081381 3,43,346 8,103 10,300 2,197
0SNP2405000005084724 14,50,313 25,671 43,509 17,838
Total 20,036

15
 4. CERSAI Search conducted post disbursement M OI

Process Background & Observation Business Risk Implication

Process Background: As per current practice in the company, CERSAI Search is to be • Risk of financial loss in case of default by borrowers with
conducted prior to disbursement of loan amount. CERSAI search helps in verifying if the undisclosed encumbrances.
property intended to be mortgaged or financed is free from any existing encumbrances or
liabilities.
Root Cause Analysis
Observation: During the review of 26 loan files for March 24 to May 24 on sample basis it was
noted that in 2 instances CERSAI search was conducted after disbursement of the loan • Miss out by operations team at the time of disbursement
(cheque handover). For details refer the table below:-
Recommendations
Sr. No. Loan Number Applicant Name Loan Amount
• The CERSAI search procedure needs to be strengthened
1 0NDA2403000005082900 Ashish Jain 39,47,441
to ensure that CERSAI searches are conducted for all
2 0VRN2405000005084778 Geeta Devi 9,74,493 relevant loans according to specified timelines.

Management Action Plan Responsibility Timeline

1.1 Delay observed in 2 cases in Q1. We will strengthen the process to address the issue. Manjari Jhingran Immediate

16
5.
1. MIS preparation needs strengthening L OI

Process Background & Observation Business Risk Implication

Process Background: Operations team uses various MIS & trackers like OTC tracker, • Incorrect MIS can lead to decisions based on flawed data.
PDD tracker, Cheque release MIS, Cheque clearance MIS, etc. for monitoring purposes • Incorrect MIS may lead to non-compliance with regulatory
and to ensure smooth functioning of operations. These MIS & trackers are maintained requirements, resulting in penalties or legal consequences.
manually over excel sheets.

Observation: During the review of Loan operations various MIS and trackers, we noted Root cause
discrepancies in data captured in different trackers. Many trackers containing similar nature
of data were reflecting different status. • Absence of periodic MIS review and monitoring procedure

Details are as below: Recommendations

• In 89 Instances, cheque status was updated as “Cleared” in Cheque clearance MIS.
However, the status of cheque was “On Hold” in Cheque Release MIS. Both these MIS • MIS and trackers must be updated on real time basis to ensure
were updated up to 29th May 2024. that data is complete and accurate.
• Various team members responsible for preparation and
• In 80 instances, cheques status was updated as “Released” in cheque release MIS. updation of MIS should reconcile their data on periodic basis.
However, the status was “On Hold” in OTC Tracker.

(For details – Refer Annexure-2A & 2B)

Management Action Plan Responsibility Timeline
1.1 We are developing an online module for updating and managing the complete OTC module. This will be implemented Manjari Jhingran Oct’24
from Oct’24 onwards to avoid such instances

17
Annexure 2A: Sample cases of Cheque release and Cheque Clear MIS
Cheque clear date as per cheque
Application no Status as per cheque release MIS Amount
clear MIS
APPL05298644 Hold In Karampura Hub 21-03-2024 3,60,938
APPL05291229 Hold In Branch 12-03-2024 4,79,772
APPL05308288 Hold In Belapur Hub 20-04-2024 8,99,974
APPL05313238 Hold In Karampura Hub 02-04-2024 11,24,139
APPL05317653 Hold In Branch 24-04-2024 1,49,461
APPL05317653 Hold In Branch 24-04-2024 4,18,431
APPL05318915 Hold In Karampura Hub 01-03-2024 10,54,157
APPL05321658 Hold In Branch 11-03-2024 4,02,236
APPL05317101 Hold In Pune Hub 14-03-2024 15,90,918
APPL05322524 Hold In Branch 24-04-2024 3,83,627
APPL05323402 Hold In Karampura Hub 25-04-2024 5,07,335
APPL05324987 Hold In Branch 08-03-2024 11,85,322
APPL05314532 Hold In Branch 15-03-2024 3,37,168
APPL05321082 Hold In Naigaon Hub 14-03-2024 86,096
APPL05322345 Hold In Branch 11-04-2024 6,47,781
APPL05322345 Hold In Branch 11-04-2024 3,34,690
APPL05313953 Hold In Branch 14-03-2024 13,00,000
APPL05326536 Hold In Branch 30-04-2024 9,51,395
APPL05320429 Hold In Pune Hub 18-03-2024 18,00,000

18
Annexure 2B: Sample cases of OTC MIS
Cheque Release date as per Disbursal cheque status in
Application no. Disbursal Date
cheque clear MIS OTC tracker
APPL05249813 28-02-2023 14-05-2024 Hold
APPL05298644 26-11-2023 21-03-2024 Hold
APPL05291229 14-12-2023 12-03-2024 Hold
APPL05308288 27-12-2023 20-04-2024 Hold
APPL05312521 31-12-2023 14-05-2024 Hold
APPL05313238 12-01-2024 02-04-2024 Hold
APPL05299102 15-01-2024 14-05-2024 Hold
APPL05318077 30-01-2024 09-05-2024 Hold
APPL05317653 31-01-2024 24-04-2024 Hold
APPL05318915 31-01-2024 01-03-2024 Hold
APPL05313953 21-02-2024 14-03-2024 Hold
APPL05321658 21-02-2024 11-03-2024 Hold
APPL05317101 21-02-2024 14-03-2024 Hold
APPL05324987 22-02-2024 08-03-2024 Hold
APPL05322524 22-02-2024 24-04-2024 Hold
APPL05323402 22-02-2024 25-04-2024 Hold
APPL05323178 23-02-2024 21-05-2024 Hold
APPL05322527 23-02-2024 08-05-2024 Hold
APPL05321121 23-02-2024 01-05-2024 Hold

19
6. Property documents overdue for handover to customer M OI

Process Background & Observation Business Risk Implication

Process Background: The RBI is the central regulatory authority for financial institutions in India, • Failure to comply with RBI guidelines may result in
including HFCs. Compliance with RBI guidelines ensures that HFCs operate within a regulated legal repercussions, including litigation, regulatory
framework that promotes financial stability and consumer protection. investigations, and enforcement actions.

Observation: As per RBI guideline, HFCs shall release all the original movable / immovable property
documents within a period of 30 days after full repayment/ settlement of the loan account. We reviewed
the loans closed during April and May 2024 and noted 15 instances where property documents were not Root cause
handed over to customer after 30 days.
• Process not aligned with regulatory requirements
On further analysis we noted that these documents were not dispatched to the branch however; the
customers were communicated to collect documents from concerned branch. These documents are
Recommendations
overdue for 37 to 87 days.
• The company should ensure due compliance of
(For details – Refer Annexure-3) RBI guidelines applicable to them on a priority
basis.

Management Action Plan Responsibility Timeline

1.1 • As advised, the SMS intimation will be amended to align the communication with the regulatory guideline. The Nishant Bansal August 2024
documents will still be sent only after the customer is available to collect the same from the branch.

20
Annexure 3: Cases where property documents not released / released with delay
Loan No. Loan Closure date Applicant Name Paper sent date Delay
JAI_1308_010786 04-04-2024 Sher Singh To be Dispatch -
0ALG2101000005033445 04-04-2024 Krishan Murari To be Dispatch -
0JBL2010000005030468 23-04-2024 Sheikh Mehraj To be Dispatch -
0VRN2009000005029511 25-04-2024 Surendra Seth To be Dispatch -
0CTR2312000005073896 23-04-2024 Raj Kumar Sahoo To be Dispatch -
0GGN1607000005000800 06-05-2024 Vijay Kumar Yadav To be Dispatch -
0JHN1609000005001780 06-05-2024 Rakesh Kumar Sahu To be Dispatch -
LUD_1510_047011 06-05-2024 Ajit Kumar To be Dispatch -
0CDN1811000005015796 06-05-2024 Punam C Pillay To be Dispatch -
0MAT1911000005024140 06-05-2024 Vedbir Singh To be Dispatch -
0AGR1910000005023700 06-05-2024 Sachin Kumar Sharma To be Dispatch -
0CTR2009000005029567 06-05-2024 Shiwani Baliyan To be Dispatch -
0ALG2201000005042854 06-05-2024 Subedar Singh To be Dispatch -
0ALB2010000005030670 22-05-2024 Soni Devi Sahu To be Dispatch -
0AKO2210000005052435 24-05-2024 Pankaj Manohar Parate To be Dispatch -

21
Detailed Report – Collateral Valuation
06
7.
1. Valuers reappointment approval not obtained as per policy M OI

Process Background & Observation Business Risk Implication

Process Background: Company has a policy for valuation of properties and empanelment • Non-compliance with the company's policies and procedure
of valuers (version 1.3), which outlines the following compliance for the purpose of
empanelment / re-empanelment of valuers, As per policy, no valuer can be appointed for Root Cause Analysis
more than 3 years without obtaining reappointment approval from the Executive Director /
Head of Credit Service / Head of Credit Policy. • No effective tracking system in place to monitor the approval
status of valuers.
Observation: Valuers are reappointed after 3 continuous years without obtaining
reappointment approval from Executive Director / Head of Credit Service / Head of Credit
Recommendations
Policy.
During our review, we noted that in 12 sample instances (100% deviation), approval for • Monthly review should be conducted to ensure the compliance
reappointment of valuer as per policy (from ED/ Head – Credit / Head of Credit Policy) was with the policy
not obtained.

(Details are as per Annexure-4)

Management Action Plan Responsibility Timeline

1.1 The National Technical Manager is authorized to appoint vendors and execute vendor agreements. We have updated Simmi Dhingra Immediate
our technical policy accordingly and policy will be placed for approval in Board meeting.

23
Annexure 4: Non-compliance of the valuer's empanelment policy
S. No. Vendor Name Date of Onboarding Agreement expiry date
1 Abhilasha Architect 16-Feb-18 31-Oct-25
2 Anand & Anand 01-Sep-16 31-Aug-25
3 Design Plus 29-Jun-21 28-Jun-24
4 Ekistic Advisory 03-Sep-16 02-Sep-25
5 Khanna & Sohi Archineers 26-Aug-20 30-Jun-24
6 Klarheit Valuers & Engineering Services Pvt Ltd 17-Nov-18 16-Nov-24
7 Nagesh Deshmukh 15-Sep-16 14-Sep-25
8 NAV Technocrats Pvt Ltd 05-Oct-18 04-Oct-24
9 R K Architectual Works 29-Jun-18 28-Jun-24
10 R Vyas Associates 25-Oct-18 24-Oct-24
11 RDSP Valuation Services 06-Dec-18 05-Dec-24
12 USP Valuation 16-Jun-21 15-Jun-24

24
Detailed Report – Branch Review
07
8.
1. Vault register not updated for access of critical documents L OI

Process Background & Observation Business Risk Implication

Process Background: SHDFC branches use vault to store cash and critical documents • In the absence of updation of vault access register, the
like disbursement cheques, PDC obtained from customers, loan agreements, PDD etc. A responsibilities for loss of critical documents may not be
Vault access register is maintained by the branches. All instances of accessing the vault are established.
updated in the register.
Root Cause Analysis
Observation: 2 branches were visited by the audit team on sample basis. On verification of • Absence of defined process and monitoring
vault register following were noticed:-
A. Gwalior Branch(Date of visit - 07.06.2024)
• FRFC register is maintained from 10th May 2024 onwards, entries for the cash and PDD Recommendations
deposition are not maintained before that.
• 30 PDDs were found in the vault and out of 30 entries for receipt of 12 PDDs is not done • Instances for storage and withdrawal of documents should be
in the FRFC register, further entries for cash withdrawal and PDD dispatch to HO are not updated in Vault access register on timely basis to facilitate
maintained in the FRFC register. cash reconciliation. This will help establishing responsibility in
case of cash mismatches.
B. Ludhiana Branch(Date of visit - 07.06.2024)
• Three closure documents of customers were found for which no records are maintained
due to the branch's failure to maintain the FRFC Register.

(Refer Annexure-5)
Management Action Plan Responsibility Timeline
1.1 • Gwalior- Noted. The branch has taken a corrective action. Manjari Jhingran -
• Ludhiana- These docs were received from HO for handover to customer after closure of Loan, As per the branch
entry of all the cases are available in register now.

26
Annexure 5: PDD for which entries in the FRFC Register are not found
Sr. No. Customer Name
1 Saurabh Giri Goswami
2 Mukesh Sharma
3 Pooran Singh Pal
4 Sahir Ali
5 Dinesh Kushwah
6 Naresh Naresh
7 Sanjay Gurjar
8 Mukesh Jatav
9 Umesh Sharma
10 Pervaz Ahmad
11 Ramvatar Gaud
12 Raj Kumar'

27
9. Adherence to Key Movement protocols needed
1. M OI

Process Background & Observation Business Risk Implication

Process Background: As per the current process branch shutter key is kept by 2 officials • It is difficult to determine responsibility in case of any
and details of the custodian of the Branch shutter key is maintained in the Key movement discrepancies or incidents, as the key movement does not align
register. with the actual person opening the branch.
Root Cause Analysis
Observation: During the visit to the Gwalior branch, the following discrepancy we noted
that the branch shutter key was handed over to Zahir Khan (Disbursement Officer) by • Non maintenance of documents.
Bhupendra Jadon (Credit Manager) on April 14, 2024, as per Key Movement register.
However, the branch opening register indicated that Bhupendra Jadon continued to open Recommendations
the branch after April 14, 2024.
• Both the key movement register and the branch opening
register are consistently updated and cross-checked for
accuracy.
(Refer Annexure-6) • Ensure that all staff members strictly adhere to the key
movement protocols. The official who receives the key must be
the one to open the branch.

Management Action Plan Responsibility Timeline

1.1 Accepted, have given necessary training to the employee. Manjari Jhingran -

28
Annexure 6: Snapshot of key movement register and daily entry register

Branch Key Movement Register

Daily Entry Register

29
10. Cash register maintaining process to be strengthened
1. M OI

Process Background & Observation Business Risk Implication

Process Background: As per the company process cash register is updated on a real • Unreconciled Cash balance.
real-time basis. Daily MIS of funds collected and deposited through CMS is communicated
to HO.
Root Cause Analysis
Observation: During the visit to the Ludhiana branch, the following discrepancy was
noted:- • Non adherence with the process.
• Entries for cash deposit to CMS are not done in the Cash register in 3 instances(16th,
7th, and 8th May). Recommendations
• Incorrect entry in the cash register for the recording of opening and closing cash balance
in 3 Instances(7th, 8th, and 9th May). • The maker checker control should be implemented for cash
• Denomination of cash collected is not recorded in the cash register. register updating and reconciliation. Denomination-wise details
of currency collected from borrowers and deposited into bank
through CMS should be maintained for ease of cash
reconciliation.

Responsibility Timeline
1.1 Accepted, there was mistake in entry by employees, however there is no financial irregularities. All the cash deposited Manjari Jhingran -
in bank and reconciled by HO team. HO team also sending the MIS to branches if cash receipt created in Finnone and
not deposited. This was human error and employees has been instructed by the senior to do error free entry in all the
registers. Cash denominations are recorded in registered at the time of deposit.

30
Detailed Report – Loan File Review
08
 11. Loan file documentation needs strengthening L OI

Process Background & Observation Business Risk Implication

Process Background: As per the existing procedure, specific documents required for loan • Inaccuracies or incomplete information in loan processing.
approval are stored within the loan files. These documents includes income statements, RCU
Report, CIBIL reports, Notarized Dual Name declarations or self-declaration for dual KYC and
others.
Root Cause Analysis
Observation: During the review of 25 loan files on sample basis for the period March 24 to • Inadequate review mechanism for loan documents
May 24, the following were noted:
• In 1 instance, loan amounting to INR 49.97 Lakhs, the RCU report was not signed and stamp
by the RCU vendor. Recommendations
• In 1 instance, loan amounting to INR 9.73 Lakhs, guarantor acted as the financial guarantor
however; income documents were not obtained. • Strengthen document management protocols to ensure all
required documents as per the credit policy are consistently
(For details-Refer Annexure-7) collected, verified, and attached to loan files. Stringent
maker checker control for document verification must be
implemented.

Management Action Plan Responsibility Timeline

1.1 • Stamped RCU report is available and uploaded by RCU team in DDFS. Manjari Jhingran -
• Guarantor is the brother of the applicant, the reason to take him as a Guarantor is since he is supporting the
applicant in his work. There are no separate financials of the Guarantor

32
Annexure 7: Instances for discrepancies in loan file documentation
Application Number Loan Number Loan Amount Customer Name Sanction Date Remarks

APPL05332583 0JDW2403000005082794 49,97,995 Inakesaf Alam 31-03-2024 The RCU report lacked stamp or signature.
Income documents of financial guarantor were not obtained nor
APPL05332554 0VRN2405000005084778 9,74,493 Geeta Devi 20-03-2024 considered.

33
Action Taken Report - Status and open observations
09
Status of open observations
Open Observations at Open observations Observations Open observations at
Audit Area beginning of Q4 reported during Q4 closed during Q1 the close of Q1 review
(FY 23-24) (FY 23–24) (FY 24–25) (FY 24–25)
Information Technology General
3 - - 3
Controls (ITGC)
Collection Management - 2 - 2

Treasury Management - 2 1 1

Repossession & Legal Collection - 1 1 -

Total 3 5 2 6

35
Open observations and revised action plan
# Audit Area Audit Observation Revised Action Plan

1 Information Multifactor authentication not used on Finnone Application Finnone 6.5 UAT is expected to complete in August 2024,
Technology and to mitigate operational risk of doing cutover in Sep
General Information technology policy of the organization is silent on use of Multifactor 2024, we plan to go-live in Sep 2024 with Finnone 6.5.
Control (ITGC) authentication (MFA) for various applications. It may be noted that Users can
access Finnone application over the internet as well as on personal devices Original Timelines: 31 Dec 2022
using user ID and password. Updated Timelines: 30 Sep 2024

2 Information Password lifetime rules not configured / followed For Finnone this would be completed with go-live
Technology application.
General Finnone do not enforce users to change password mandatorily after expiry of
Control (ITGC) defined period of 70-day. Original Timeline: 31 Jan 2024
Updated Timeline: 30 Sep 2024

3 Information Screenshots not restricted in ShubhFTR application Out of 2,000 users, 1,749 installations have been
Technology completed. The remaining installations will be completed by
General Employees with "View" rights on the application can view customer data, August 15, 2024.
Control (ITGC) including customer confidential information. Further, It is possible for
employees to take screenshot of customer documents like driving licences,
Voter IDs, passport etc. on personal mobile phones. Original Timelines: 31 Mar 2024
Updated Timelines: 15 Aug 2024

4 Collection Customer not informed for cash receipt cancellation in M-Collect To be implemented within one month of new version of
Management Finnone implementation
An acknowledgement is submitted to customer on real time basis as soon as
cash receipt is issued in M-Collect. Such receipts can be cancelled during
posting in Finnone by collection team (due to account or amount mismatch),
however; cancellation of receipt is not communicated to customer.

36
Open observations and revised action plan
# Audit Area Audit Observation Revised Action Plan

5 Collection Compliance with RBI Master Direction to be strengthened The possibility to send a SMS to customers on such
Management instances is checked and is under implementation. To be
We reviewed the details maintained for customer visits and noted that implemented from Aug 2024 onwards.
customer were approached / contacted for recovery of overdue loans post 7
PM hence leading to violation of RBI guidelines. The consent of the customer Original Timelines: 31 August 2024
is not documented for visit post 7 PM.

Further, based on the review of remarks captured by collection

representatives, we noted that customer's relatives, neighbors, and tenants
were approached to discuss overdue loans.

6 Treasury Non-compliance with covenants from financial institutions To be implemented within one month of new version of
Management Finnone implementation
Company has obtained credit facility HDFC Bank in the month of Aug 2023
amounting to Rs. 350 crores. On review of compliance with covenants
prescribed by these institutions, we noted that HDFC Bank sanction letter has
a covenant that 50% of loan disbursals by company should be routed through
HDFC Bank account. This routing of disbursal is not yet stared till the date of
audit (15 March 2024).

37
Thank You

38