Audit · concurrent audit
Concurrent audit: meaning, scope and RBI guidelines.
A near-real-time review of a bank's transactions, distinct from the annual statutory audit — what it covers, who does it, and how RBI's framework shapes coverage. Written for practicing CAs and CA-Final students.
- Reviewed July 2026
- 6 min read
- CA Anil Agarwal & the TatvaBooks team
What is concurrent audit — meaning
Concurrent audit is an examination of a bank's transactions carried out close to the time they occur — daily, weekly, or otherwise near-continuously — rather than after the financial year closes. The idea is simple: catch a control lapse, a documentation gap, or an irregular transaction within days, while it can still be corrected, instead of finding it eleven months later during the statutory audit.
It is primarily used in banks (RBI mandates a framework for it), though the same concept — continuous, transaction-level review reporting to management rather than an annual opinion — is sometimes adopted by other regulated or large entities as an internal control measure. Concurrent audit is not a statutory audit: it doesn't result in a certified opinion on the financial statements, and it isn't a substitute for the bank's annual branch or head-office statutory audit.
RBI's framework — who appoints, and how much gets covered
RBI requires every bank to have a board-approved concurrent audit policy that brings a defined proportion of the bank's business under concurrent audit, prioritising branches and business areas with higher risk — large advances, treasury, forex, and high-value or high-volume transaction points. Within that framework, each bank decides:
- Which branches and departments are covered (often based on business size or risk category, not every branch).
- Whether the auditor is an external CA firm, a retired bank official empanelled for the purpose, or the bank's own dedicated concurrent audit staff.
- Reporting frequency and escalation process for serious findings.
The specific coverage percentage of business RBI expects under concurrent audit, and the categories of branches/activities that must be covered, are revised from time to time. Verify the current requirement on the RBI website and against the specific bank's latest concurrent audit circular before scoping or accepting an engagement — don't rely on a figure from a previous cycle.
Typical scope of a concurrent audit
Coverage areas vary by bank, but most concurrent audit mandates centre on the transaction points where money moves fastest and controls matter most:
| Area | What's typically reviewed |
|---|---|
| Advances | Sanction and disbursement terms followed before money goes out; documentation completeness; end-use of funds; drawing power computed off the latest stock/book-debt statement; renewal and review dates not overdue. |
| Deposits | Interest rates applied match the sanctioned/card rate; premature closures and renewals processed correctly; KYC on new accounts; dormant/inoperative account controls followed. |
| Foreign exchange (forex) | Export/import bill documentation, LC and bank guarantee terms honoured, FEMA-linked reporting triggers not missed, forex deal rates within the bank's authorised limits for that dealer/branch. |
| Cash | Cash retention limits observed, physical cash agrees to the till/vault balance at the time of review, cash transactions above reporting thresholds flagged per the bank's AML process. |
| Clearing & remittances | Inward/outward clearing entries settled and reconciled without unexplained old outstanding items; RTGS/NEFT transactions processed within authorised limits. |
| Revenue leakage | Service charges, processing fees, locker rent, and penal/overdue interest correctly levied — this is usually where concurrent audit recovers real money for the bank quickly. |
The exact checklist, sampling depth and thresholds are set by each bank's concurrent audit manual — a manual for a public sector bank's large branch will look different from one for a small finance bank's retail branch. Always work off the specific bank's current concurrent audit format rather than a generic checklist.
Concurrent audit vs statutory audit vs internal audit
These three are commonly confused because they can review overlapping subject matter at the same branch. The distinction that matters is timing, appointment and what the output actually is.
| Concurrent audit | Statutory audit | |
|---|---|---|
| Who appoints | The bank itself (or its internal audit function) — not shareholders, not RBI directly. | Shareholders (company) or the bank's board on RBI's empanelment process, for the branch/entity as a whole. |
| Timing | Continuous or near-continuous — reviewing transactions as they happen or within days, not after year-end. | Periodic — typically annual, covering a full financial year retrospectively. |
| Objective | Early detection of control lapses and irregularities so they can be corrected immediately, not found months later. | Forming an opinion on whether the financial statements give a true and fair view. |
| Output | Periodic (often monthly) reports to the bank's management/audit committee — not a public audit opinion. | A formal, signed audit report and opinion, often with an LFAR for bank branches. |
| Scope driver | RBI's concurrent audit guidelines plus the bank's own internal circular — coverage areas and thresholds vary by bank and change from time to time. | Standards on Auditing, the Companies Act (for corporates) or RBI's branch audit framework (for banks). |
Internal audit sits alongside both — usually broader and more risk/process-focused, on a periodic (not continuous) cycle, reporting to the bank's own audit committee. See our internal audit vs statutory audit page for that comparison in detail, and the bank branch audit guide for how the annual statutory branch audit itself works.
Practical notes for a practicing CA
- Read the bank's concurrent audit manual first. Scope, thresholds and reporting format are set by the individual bank, not a single all-India standard — don't carry over a checklist from a different bank's engagement.
- Escalate serious findings immediately, not in the next periodic report. The entire value of concurrent audit is speed; a fraud indicator sitting in a monthly report that's compiled two weeks late defeats the purpose.
- Track rectification, not just detection. Most bank formats expect you to report whether earlier-flagged irregularities have actually been corrected — an open item repeated across three reports is itself a finding.
- Independence matters even though this isn't a statutory opinion. Confirm you're not also engaged as the branch's statutory or internal auditor for the same period, and check the bank's rotation policy for concurrent auditors.
- Keep working papers contemporaneous. Given the frequency of reporting, it's easy to let documentation lag behind fieldwork — build a simple daily/weekly log rather than reconstructing it before each periodic report is due.
Managing a concurrent audit practice
If your firm runs concurrent audit mandates across several branches or clients, the bottleneck is rarely the audit judgement — it's tracking findings, rectification status and recurring deadlines across each mandate without them falling through the cracks between periodic reports. TatvaBooks gives a CA firm one place to manage client-facing books and compliance workflow, so your team's time goes into the audit work that needs judgement rather than chasing status updates.
Frequently asked questions
What is concurrent audit — in simple terms?
Is concurrent audit mandatory for all bank branches?
How is concurrent audit different from internal audit?
Can the same CA firm do concurrent audit and statutory branch audit of the same branch?
What reports does a concurrent auditor submit?
Read next
Keep going.
Built for practicing CAs
Run your practice's client books on one platform.
TatvaBooks gives your firm one place to manage client books, GST and compliance — while you focus on the audit work that actually needs your judgement.