A comprehensive review of key controls across various departments to ensure robust risk management.
Testing of controls related to loan application verification, credit scoring accuracy, and adherence to the credit approval matrix. The focus is on ensuring a robust and consistent evaluation process to minimize default risk.
Review of controls governing the end-to-end loan disbursement process, data entry integrity, and reconciliation of loan accounts. Key focus is on preventing manual errors and ensuring operational efficiency.
Evaluation of controls for adherence to fair collection practices, communication protocols with borrowers, and the process for escalating non-performing assets. This aims to mitigate legal and reputational risks.
Testing to ensure compliance with all regulatory requirements (e.g., RBI guidelines), internal policies, and anti-money laundering (AML) procedures. A key control is the periodic review of policy documents.
Review of controls related to system development lifecycle, change management, and IT infrastructure maintenance. The goal is to ensure the reliability and security of core banking systems.
Testing access controls, data encryption mechanisms, and incident response plans. The primary objective is to protect sensitive customer data and prevent cyber-attacks.
Evaluation of controls for complaint resolution, customer feedback mechanisms, and adherence to service level agreements (SLAs). This is crucial for maintaining customer trust and satisfaction.
Review of controls over financial reporting, bank reconciliation processes, and expense management. The aim is to ensure the accuracy and integrity of financial data.
Testing of controls related to payroll accuracy, employee data management, and compliance with labor laws. This mitigates risks associated with human resources and operational continuity.
Evaluation of controls for physical security, asset management, and vendor onboarding processes. Key focus is on safeguarding physical assets and ensuring vendor reliability.
Testing of controls for marketing material approvals, adherence to regulatory guidelines for advertising, and managing brand reputation risks. This ensures ethical and compliant communication.
Review of controls for corporate governance, maintenance of statutory registers, and timely submission of filings to relevant authorities. This ensures the NBFC's legal standing and compliance.
Evaluation of controls for legal document review, contract management, and management of any litigation or legal disputes. This is crucial for mitigating legal and financial risks.
Testing of controls related to cash flow forecasting, liquidity management, and fund transfer processes. This ensures the NBFC has sufficient funds to meet its obligations and operate smoothly.
The ORM team conducts this exercise, but also tests its own controls, such as the effectiveness of risk identification processes, risk assessments, and the accuracy of risk reporting.
Review of controls to ensure appropriate insurance coverage for the NBFC's assets and operations, and proper management of claims processes.
Testing of controls on sales practices, lead generation, and the quality of customer onboarding. The focus is on ensuring a transparent and compliant sales process to prevent mis-selling.
Evaluation of controls related to the allocation of funds for Corporate Social Responsibility activities, tracking of project milestones, and reporting compliance.