F INANCIAL S ERVICES V OLUNTEER C ORPS Developing Examiner Guidelines for Evaluating Commercial Bank Internal Control ( Internal Audit Exam Review ) Banque.

Slides:



Advertisements
Similar presentations
MONITORING OF SUBGRANTEES
Advertisements

Auditing Concepts.
1 Risk-Focused Surveillance Framework Enterprise Risk Management Symposium Chicago, Illinois April 26, 2004 Terri Vaughan, Iowa Insurance Commissioner.
1 The critical challenge facing banks and regulators under Basel II: improving risk management through implementation of Pillar 2 Simon Topping Hong Kong.
Introduction to Enterprise Risk Management (ERM)
Investments Institute of Insurance and Risk Management (IIRM) Hyderabad, India 15 November 2005 Arup Chatterjee – Advisor International Association of.
Internal Control.
Internal Controls Todd Olszowy VP Finance/CFO Water & Power Community CU.
Areti Moularas, Senior Manager
Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.
IS Audit Function Knowledge
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Auditing A Risk-Based Approach To Conducting A Quality Audit
Quality evaluation and improvement for Internal Audit
Section 404 Audits of Internal Control and Control Risk
Internal Control and Internal Audit
Purpose of the Standards
INTERNAL CONTROLS. Session Objectives Understand why an organization should have internal controls Understand the key components of internal controls.
Sarbanes-Oxley Project Summary of COSO Framework Presented by Larry Dillehay & Scott Reitan Parkfield Group LLC.
Elements of Internal Controls Preventing Fraud, Waste, and Abuse in Urban and Rural Transit Systems.
Control environment and control activities. Day II Session III and IV.
Vendor Risk: Effective Management is Essential
Internal Auditing and Outsourcing
Corporate Governance in Financial Institutions OCDE/IAIS/ASSAL Conference on Insurance Regulation & Supervision in Latin America Punta Cana, Dominican.
Challenges Faced in Developing Audit Plans and Programs 21 st March, 2013.
Central Piedmont Community College Internal Audit.
An Educational Computer Based Training Program CBTCBT.
Audits & Assessments: What are the Differences and How Do We Learn from the Results? Brown Bag March 12, 2009 Sal Rubano – Director, Office of the Vice.
Improving Corporate Governance in Malaysian Capital Markets – The Role of the Audit Committee Role of the Audit Committee in Assessing Audit Quality.
Corporate Governance: Basel II and Beyond Corporate Governance Program for Bank Directors of Indian Banks Mumbai December 14, 2005.
Chapter 07 Internal Control McGraw-Hill/IrwinCopyright © 2014 by The McGraw-Hill Companies, Inc. All rights reserved.
Introduction to Internal Control Systems
Chapter 5 Internal Control over Financial Reporting
Considering Internal Control
CDS Operational Risk Management - October 28, 2005 Existing Methodologies for Operational Risk Mitigation - CDS’s ERM Program ACSDA Seminar - October 26.
Internal Control in a Financial Statement Audit
NO FRAUD LEFT BEHIND The Effect of New Risk Assessment Auditing Standards on Schools Runyon Kersteen Ouellette.
9 - 1 ©2003 Prentice Hall Business Publishing, Essentials of Auditing 1/e, Arens/Elder/Beasley Internal Control and Control Risk Chapter 9.
Agency Risk Management & Internal Control Standards (ARMICS)
Corporate Governance Yoshi Kawai Secretary General, IAIS IAIS-ASSAL Regional Seminar Buenos Aires, Argentina, November 2011 PUBLIC.
Evaluation of Internal Control System
The views expressed in this presentation do not necessarily reflect those of the Federal Reserve Bank of New York or the Federal Reserve System Association.
1 Kingsley Karunaratne, Department of Accounting, University of Sri Jayewardenepura, Colombo - Sri Lanka Practice Management.
Evaluation of Internal Control System. Learning Objective 1 Contrast management’s need for internal control with the auditor’s need to consider internal.
Practice Management Quality Control
Risk Management & Corporate Governance 1. What is Risk?  Risk arises from uncertainty; but all uncertainties do not carry risk.  Possibility of an unfavorable.
©2000 Bank for International Settlements 1 F I N A N C I A L S T A B I L I T Y I N S T I T U T E BANK FOR INTERNATIONAL SETTLEMENTS On-site Examination.
McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 6-1 Chapter 6 CHAPTER 6 INTERNAL CONTROL IN A FINANCIAL STATEMENT AUDIT.
A Guide for Management. Overview Benefits of entity-level controls Nature of entity-level controls Types of entity-level controls, control objectives,
Credit risk in banks - importance of appraisal and monitoring PRESENTED BY : KRATI VERMA (09bshyd0390)
Internal/External Audit and Internal Controls February 23, 2000 David Dudley Federal Reserve Bank of NY.
McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Auditing Internal Control over Financial Reporting Chapter Seven.
1 Banking Risks Management Chapter 8 Issues in Bank Management.
Internal Control Chapter 7. McGraw-Hill/Irwin © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. 7-2 Summary of Internal Control Definition.
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley Section 404 Audits of Internal Control and Control Risk Chapter.
Copyright © 2007 Pearson Education Canada 9-1 Chapter 9: Internal Controls and Control Risk.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Page 1 Portfolio Committee on Water and Environmental Affairs 14 July 2009.
ICAJ/PAB - Improving Compliance with International Standards on Auditing Planning an audit of financial statements 19 July 2014.
©©2012 Pearson Education, Auditing 14/e, Arens/Elder/Beasley Considering Internal Control Chapter 10.
Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall. Chapter
1 Vereniging van Compliance Officers The Compliance Function in Banks Amsterdam, 10 June 2004 Marc Pickeur CBFA CBFA.
AUDIT STAFF TRAINING WORKSHOP 13 TH – 14 TH NOVEMBER 2014, HILTON HOTEL NAIROBI AUDIT PLANNING 1.
Chapter 6 Internal Control in a Financial Statement Audit McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
©2005 Prentice Hall Business Publishing, Auditing and Assurance Services 10/e, Arens/Elder/Beasley Internal Control and Control Risk Chapter 10.
Illinois Office of the Comptroller Financial Training Workshop 2016.
SUNY Maritime Internal Control Program. New York State Internal Control Act of 1987 Establish and maintain guidelines for a system of internal controls.
The Elements of appropriate Internal Controls
Internal Control Internal control is the process designed and affected by owners, management, and other personnel. It is implemented to address business.
Presentation transcript:

F INANCIAL S ERVICES V OLUNTEER C ORPS Developing Examiner Guidelines for Evaluating Commercial Bank Internal Control ( Internal Audit Exam Review ) Banque d’Algerie (BdA) June 14-18, 2009 Presented by: Robert Lyon, Retired Credit Risk Officer FRB

2 Internal Audit Examiner Review Review Audit Committee Charter Review Audit structure and Reporting Assess skills of Audit Committee and audit staff Assess independence of Committee and audit staff Review Audit Committee Activities –Agenda –Minutes –Reports to Board

3 Examiner Review (continued) Review Internal Audit performance to plan Determine adequacy of audit coverage Review audit manuals and internal control questionaires Review risk assessments and audit plan Review a sample of audit reports and workpapers Review all internal audit reports since prior exam –Management responses –Significant open issues

4 Examiner Review - Audit Committee Guidance Majority should be independent of management Ensure that the internal audit function reports to the Governing Board Members should have appropriate backgrounds

5 Examiner Review - Audit Function Independence Functionally segregated from operations Board or Audit Committee should review salary and performance of internal audit Determine Committee review of audit findings and frequency Review minutes of Audit Committee and responses thereto Ensure appropriate limits or prohibitions on auditor borrowings

6 Examiner Review – Is the Audit Department adequately staffed? Qualifications of staff, education and experience Evaluate ability to communicate and relate Are staff experienced in specialized areas –MIS, capital markets, trust, fiduciary Evaluation the audit training program Assess the level of turnover and vacancies

7 Examiner review of Internal Control Systems Evaluate Code of Conduct Evaluate Conflict of Interest Evaluate commitment to integrity and ethical values Evaluate reporting relationships Evaluate the provision of information –Does it facilitate monitoring of objectives –Detail financial position and operating results

8 Characteristics of a Strong Audit Committee Includes outside directors Packages allow it to monitor audit effectiveness Approves deviations from plan Can request additional or follow-up audits Approves any special projects requested by internal audit Meets with the internal audit without management Has authority and funding to engage consultants Reviews and approves risk assessments

9 Examination Red Flags related to Internal Audit Activities Staffing is inadequate; key skills missing Training is inadequate Audit Program scope and procedures incomplete Risk assessment coverage is are inadequate –Process lacks completeness –Rating system is unevenly applied Limited or no transaction testing Communication of issues is poor or incomplete –Issues not ranked –Accountability not established Focus is on technology versus people and processes

10 Examination Red Flags Related to Internal Controls Data integrity is poor or inconsistent Segregation of duties or dual control lacking Continuity planning is inadequate Systems access is excessive and beyond business needs Monitoring is weak, absent, or lacks independence Personnel issues –Chronic staff shortages and vacancies in key areas –Hiring and background checking processes weak –Incentive pay not performance based

11 Traditional Process Point-in-time Surprise Entry No reliance on internal audit Revalidation of the balance sheet and income statement; lots of tables and numbers Heavy Compliance emphasis with regulations Significant transaction testing Reviewed a large percentage of loans 11

12 Elements of Change occurred Still point in time, but More emphasis on internal controls Report format still rigid, but less tables Still heavy loan orientation, but added –Liquidity analysis –Interest rate sensitivity

13 Evolution of Examination Process Heavy reliance on bank’s internal controls/risk management systems Continuous supervision/risk assessment Customized examination plan Focused approach is –More effective and efficient –Reduces regulatory burden 13

14 Risk-focused Examination Principles Encourage strong risk management practices in banks Tailor supervisory plan to individual bank risks Early warning system Don’t repeat what has already been performed by reliable sources 14

15 Risk-Focused Process Community Bank Supervision –Annual on-site examinations and quarterly meetings with bank management Large Complex Bank Supervision –Examiners assigned full time to institution with heavy emphasis on continuous monitoring plus a series of target examinations 15

16 Steps in the Process Develop an approach appropriate to the institution Develop a standard set of documents to describe the institution and document the examination approach 16

17 Examination Timeline Off-Site On-Site Review Individual ProfileSupervisory PlanRisk Assessment Scope MemoEntry Letter Analysis Transaction Testing Discussions Follow up Monitor 17

18 The Risk-Focused Exam Process Understanding the Institution and Information Gathering Assessing Institutional Risk by Evaluating Risks and Risk Control Systems Determining Supervisory Work Defining Examination Activities Customizing Information Requests for the On-site Examination Institutional Profile Risk Matrix and Risk Assessment Supervisory Plan / Examination Program Scope Memorandum Entry Letter 18

19 The Risk-Focused Exam Process Performing On-site Examination Reporting Examination Findings Conducting Ongoing Off- Site Supervision Use of Examination Modules: Work paper Program Examination report or other summary documents; Exit Meetings with Management and/or Board Updating Risk-Focused Documents; Surveillance and Monitoring; Management meetings 19

20 Risk Categories Inherent Risk Credit Market Liquidity Operational Legal Reputational 20

21 Inherent Risk The level of risk that is present in business activities conducted by a bank The inherent risk involved in that activity should be described as –High –Moderate, or –Low 21

22 High Inherent Risk High inherent risk exists where the activity is significant or positions are large in relation to the institution’s resources or to its peer group, where there are a substantial number of transactions, or where the nature of the activity is inherently more complex than normal. The activity potentially could result in a significant and harmful loss to the institution. 22

23 Moderate Inherent Risk Moderate inherent risk exists where positions are average in relation to the institution’s resources or to its peer group, where the volume of transactions is average, and where the activity is more typical or traditional. While the activity could result in a loss to the organization, the loss could be absorbed by the organization in the normal course of business 23

24 Low Inherent Risk Low inherent risk exists where the volume, size, or nature of the activity is such that even if the internal controls have weaknesses, the risk of loss is remote or, if a loss were to occur, it would have little negative impact on the institution’s overall financial condition 24

25 Risk Management Effective risk management is the ability to adequately identify, measure, monitor and control the risks that are involved in its various products and lines of business in a safe and sound manner. 25

26 Risk Management Components When assessing the adequacy of an institution’s risk management systems, primary consideration on the following key elements is essential: –Active board and senior management oversight –Adequate of policy and procedures –Adequate risk management, monitoring, and management information system, and –Comprehensive internal controls and audit 26

27 Relative Strength of Risk Management Processes Relative strength should be characterized as –Strong –Acceptable –Weak 27

28 Relative Strength of Risk Management Processes Strong Risk Management indicates that management effectively identifies and controls all major types of risk posed by the relevant activity. Board and management participate in managing risk and ensure proper policies exist. Policies and limits are supported by monitoring procedures, reports and management information systems that are accurate and timely. Internal controls and audit are appropriate for the activities of the institution. There are few exceptions to established policies and none of these exceptions would lead to a significant loss to the organization. 28

29 Relative Strength of Risk Management Processes Acceptable Risk Management indicates that the institution’s risk management systems, although largely effective, may be lacking to some modest degree. It reflects an ability to cope successfully with existing and foreseeable exposure that may arise in carrying out the institution’s business plan. While the institution may have some minor risk management weaknesses, these problems have been recognized and addressed. Overall, the board and senior management oversight, policies, and limits, risk monitoring and information systems are considered effective. Risks are generally controlled in a manner that does not require more than normal supervisory attention. 29

30 Relative Strength of Risk Management Processes Weak Risk Management indicates risk management systems are lacking in important ways and therefore, are a cause for more than normal supervisory attention. The internal control system may be lacking in important aspects, particularly as indicated by continued control exceptions or by the failure to adhere to written policies and procedures. The deficiencies associated in these systems could have adverse effects on the safety and soundness of institution or could lead to a material misstatement of its financial statements if corrective actions are not taken. 30

31 Board and Senior Management Oversight Expectations The board of directors and senior management have identified and have a clear understanding and working knowledge of the types of risks inherent in the institution’s activities and have made appropriate efforts to remain informed about these risks as financial markets, risk management practices, and the institution’s activities evolve. 31

32 Board and Senior Management Oversight Expectations The board has reviewed and approved appropriate policies to limit risks inherent in the institution’s lending, investing, trading, trust, fiduciary and other significant activities or products. 32

33 Board and Senior Management Oversight Expectations The board and management are sufficiently familiar with and are using adequate record keeping and reporting systems to measure and monitor the major sources of risk to the organization. 33

34 Board and Senior Management Oversight Expectations The board periodically reviews and approves risk exposure limits to conform with any changes in the institution’s strategies, addresses new products, and reacts to changes in market conditions. 34

35 Board and Senior Management Oversight Expectations Management ensures that its lines of business are managed and staffed by personnel with knowledge, experience, and expertise consistent with the nature and scope of the banking organization’s activities. 35

36 Board and Senior Management Oversight Expectations Management ensures that the depth of staff resources is sufficient to operate and manage soundly the institution’s activities and that its employees have the integrity, ethical values, and competence that are consistent with a prudent management philosophy and operating style. 36

37 Board and Senior Management Oversight Expectations Management at all levels provides adequate supervision of the daily activities of officers and employees, including management of senior officers or heads of business lines. 37

38 Board and Senior Management Oversight Expectations Management is able to respond to risks that may arise from changes in the competitive environment or from innovations in markets in which the organization is active. 38

39 Board and Senior Management Oversight Expectations Before embarking on new activities or introducing products new to the institution, management identifies and reviews all risks associated with the activity or product and ensures that the infrastructure and internal controls necessary to manage the related risks are in place. 39

40 Adequate Policies, Procedures, and Limits

41 Adequate Policies, Procedures, and Limits The institution’s policies, procedures, and limits provide for adequate identification, measurement, monitoring, and control of the risks posed by its activities. 41

42 Adequate Policies, Procedures, and Limits The policies, procedures, and limits are consistent with management’s experience level, the institution’s stated goals and objectives, and the overall financial strength of the organization. 42

43 Adequate Policies, Procedures, and Limits Policies clearly delineate accountability and lines of authority across the institution’s activities. Policies provide for the review of activities new to the financial institution to ensure that the infrastructures necessary to identify, monitor, and control risks associated with an activity are in place before the activity is initiated. 43

44 Adequate Risk Monitoring and Management Information Systems

45 Adequate Risk Monitoring and Management Information Systems The bank’s risk monitoring practices and reports address all of its material risks. Key assumptions, data sources and procedures used in measuring risk are appropriate, documented, and tested for reliability. 45

46 Adequate Risk Monitoring and Management Information Systems Reports and other forms of communication are consistent with the banking organization’s activities, are structure to monitor exposures and compliance with established limits, goals, or objectives, and as appropriate, compare actual versus expected performance. 46

47 Adequate Risk Monitoring and Management Information Systems Reports to management or to the institution’s directors are accurate and timely and contain sufficient information for decision-makers to identify an adverse trends and to evaluate adequately the level of risk faced by the institution. 47

48 Adequate Internal Controls

49 Adequate Internal Controls The system of internal controls is appropriate to the type and level of risks posed by the nature and scope of the organization’s activities. The institution’s organizational structure establishes clear lines of authority and responsibility for monitoring adherence to policies, procedures and limits. 49

50 Adequate Internal Controls Reporting lines provide sufficient independence of the control areas from the business lines and adequate separation of duties throughout the organization’s activities. Official organization structures reflect actual operating practices. 50

51 Adequate Internal Controls Financial, operational, and regulatory reports are reliable, accurate, and timely; wherever applicable, exceptions are noted and promptly investigated. Adequate procedure exist for ensuring compliance with applicable laws and regulations. 51

52 Audit Internal audit or other control review practices provide for independence and objectivity. The institution’s audit committee or board of directors reviews the effectiveness of internal audits and control review activities on a regular basis. 52

53 Audit Internal controls and information systems are adequately tested and reviewed; the coverage, procedures, findings, and responses to audits and review tests are adequately documented; identified material weaknesses are given appropriate and timely high level attention; and management’s actions to address material weaknesses are objectively verified and reviewed. 53

54 Onsite Review From the off-site risk scoping process, the examiner needs to take the hypothesis of the bank’s condition and develop examination techniques for the on-site review to assess the level of risk. What are the trends? What functional exam areas will be targeted? 54

55 Pre Examination Meeting Central point of contact and staff –Meets with bank management –Requests information to review Minutes Policies Board and management reports Audit reports

56 Pre examination meeting -2 Concentrate on shifts in strategy New products Management and senior staffing changes Current issues Operations and technology challenges

57 Onsite Review Review transactions/processes Evaluate Models Observe Discuss Finalize financial analysis Finalize analysis of risk management 57

58 Leveraging Internal Audit Eliminate duplicative efforts Ensure that the exam is focused, streamlined Reduction in regulatory burden Focus on reviewing areas of highest risk Greatest vulnerability

59 Reporting Examination Findings Meetings with bank management or board of directors at conclusion of examination Written report of examination Following-up monitoring, reporting and corrective action 59

60 Continuous Supervision Begin the risk-focused process by following up on examination findings and continuously reviewing changes in the bank’s financial condition and risk management practices 60

61 Questions 61

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.