RBIA using XAI

Risk Based Internal Audit

  • 1 Team Size
  • 2019 Founding Year
  • India Location
  • Idea, pre-funding Project Status
  • youtu.be/jKrTZTChLyM Website
  • 2 Billion SFr, B2B, bank, Insurance Markets

The Internal audit objective is to reassure the Board of Directors and the other stake holders that the Internal control systems are adequate and effective, commensurate with the business operations of the entity. The Current Challenges - The problem Statement Banks have been adopting the internal audit as a third line of defence for reassurances to the Board of Directors on the internal control systems.

Banks adopt the ABC analysis on the total exposures of the ‘Profit Centres’ to conduct internal audit for its operation. It is carried out on the assumption that the Business volume and the risk factors have a linear equation. Further, the audit done at the branch is a only transaction audit.

Thus the banks conduct internal audit at the ‘Profit Centres’ of the bank. Its main focus is only on the compliance of the internal guidelines, in the day to day operations of the Bank.

Currently, the Internal Audit fails to take into account the risk nodes around the ‘Cost Centres’. As a result, the internal audit fails to bring on surface the risks dormant in its enterprise wide operations.

The dynamics of the banks are changing very fast owing to innovations and digital operations. This has put the ‘known and the unknown’ ‘ risks at an accelerating speed. This has altered the risk perception of the business processes of the Bank . The Risk nodes have moved from the physical branch to the business process.
Internal Audit centred on the physical branch is totally inadequate to highlight the risk perception, as majority of the banking operations now a days are conducted outside the banking premises. Further, virtual banks like N26, (https://n26.com/en-eu) have started emerging now.

To address the novel challenges thrown by the changing scenario, the banks have to take the risk focus at enterprise wide level so that the monitoring and risk mitigation becomes meaningful. Hence, there is a need for the banks to revisit their Internal Audit function.

Keeping this in mind, the Bank for International Settlements (BIS) at Basel, Switzerland has instructed the Central Banks of the member countries, as a part of The Basel Committee on Banking Supervision (BCBS) guidelines, to take the Risk focus while conducting the internal audit in the Banks.


Risk based internal audit (RBIA) is a methodology that enable the banks to take risk focus in their Internal audit function. RBIA will help board of directors to better manage enterprise risks because the risk nodes are quantified and measured. Our product is a technological tool that embraces RBIA methodology using AI and assesses the bank branches by grading them with scores. The Internal auditors can perform digital audit across various locations of the branches and complete the audit at the speed of the risk. There are numerous use cases for the use of various stake holders in the bank. The risk scores are more realistic as we deploy XAI algorithm to measure the risks using huge volume of data.

Our product will be used for conducting internal audit in the Bank at various locations, by the internal auditors. We identify the risks in the enterprise wide operations of the bank and quantify by them with help XAI technology. The banking operations are broken down into various business processes such as ‘Mortgage finance’, ‘Forex operations’, ‘Data centres’, ‘Net banking’ etc and such business process are called ‘Auditable entities’. Risk nodes are identified and are quantified for each of the ‘Auditable entities’. The bank is now ready with the risk scores for all the auditable entities of the bank and the internal auditor will carry this digital tool while commencing the internal audits at the branches. Internal auditor assess the risk mitigation activities of the branches in their day to day operations and puts the auditable entities in the risk matrix. Audit reports are generated immediately and submitted to the multiple stake holders through workflow. There are eight use cases in the product and the stake holders will have real time access to information based on their roles and responsibilities. Swiss Financial Market Supervisory Authority (FINMA) is responsible for the financial regulation in Switzerland supervising the banks and the insurance companies. Our proposed product RBIA will facilitate the offsite supervision by the FINMA.

Since our solution is B2B , the customers are bankers. Since it is also a regulatory push, all the bankers are invariably required to adopt the RBIA methodology in Auditing. Further there are some incentives in the capital for the banks in the Basel II/III guidelines. later the same product can be applied to Insurance companies also. Only risk nodes and scores will vary for the insurance companies but the back ground engine will be the same,