1internal control and compliance-policy, org. structure, process guidelines
TRANSCRIPT
-
8/13/2019 1Internal Control and Compliance-Policy, Org. Structure, Process Guidelines
1/46
Internal Control and Compliance:
Policy, Organization Structure and
Process Guidelines
Speaker
Atul Chandra PanditAssistant Professor, BIBM
November 27, 2012
-
8/13/2019 1Internal Control and Compliance-Policy, Org. Structure, Process Guidelines
2/46
Concept of Control
Control is a three step process
1. Setting standard for a particular task.
2. Comparing actual performance with the
standard3. Taking corrective action
-
8/13/2019 1Internal Control and Compliance-Policy, Org. Structure, Process Guidelines
3/46
Internal Control
Internal control indicates the whole system
of controls, whether f inancial or otherwise,
established by the management to carry outbusiness in line the established policies and
objectives of the organization.
-
8/13/2019 1Internal Control and Compliance-Policy, Org. Structure, Process Guidelines
4/46
Concept of Internal Control
Internal control is the process, effected by the
entity's board of directors, management
and other personnel, designed to provide
reasonable assurance regarding the
achievement of objectives of the management
in the effectiveness and efficiency of
operations, the reliability of financialreporting and compliance with applicable
laws,regulations, and internal & external
policies.
-
8/13/2019 1Internal Control and Compliance-Policy, Org. Structure, Process Guidelines
5/46
Academicians:Weygandt, Kieso,Kimmel
Concept of Internal Control?
Internal control consists of the plan of
organization and all the related methods and
measures adopted within a business to:
1. Safeguard its assetsfrom employee theft, robbery,
and unauthorized use.
2. Enhance the accuracy and reliabilityof accounting
records.
-
8/13/2019 1Internal Control and Compliance-Policy, Org. Structure, Process Guidelines
6/46
Why Internal Control?
1. It is designed to achieve management objective
effectively and efficiently.
2. It provides reasonable assurance regarding the
reliability of financial reporting by ensuringaccuracy and completeness in recording
transactions.
3. It ensure compliance with relevant laws,
regulations, and policies (both internal and
external).
-
8/13/2019 1Internal Control and Compliance-Policy, Org. Structure, Process Guidelines
7/46
Why Internal Control?
4. IC helps to detect and prevent errors, frauds and
malpractice.
5. IC safeguards assets from unauthorized use ordisbursement.
6. IC protects against the incurrence of improper
liabilities.
7. It facilitates internal and external audit.
8. It reduces the control risk.
-
8/13/2019 1Internal Control and Compliance-Policy, Org. Structure, Process Guidelines
8/46
Components of Internal Control
1. Control Environment
2. Risk Assessment
3. Control Activities
4. Information and Communication
5. Monitoring
-
8/13/2019 1Internal Control and Compliance-Policy, Org. Structure, Process Guidelines
9/46
Principles of Internal Control
Establishment of responsibility:
most effective when only one person is responsible for a
given task
Segregation of duties:
the work of one employee should provide a reliable basis forevaluating the work of another employee
Documentation procedures:
documents provide evidence that transactions and events
have occurred
Physical, mechanical, and electronic controls:
safeguarding of assets and enhancing accuracy and
reliability of the accounting records.
-
8/13/2019 1Internal Control and Compliance-Policy, Org. Structure, Process Guidelines
10/46
Physical, Mechanical and Electronic control
-
8/13/2019 1Internal Control and Compliance-Policy, Org. Structure, Process Guidelines
11/46
Principles of Internal Control
Independent internal verification:
the review, comparison, and reconciliation of
information from two sources.
Other controls may include the following-
1. Bonding employees who handle cash2. Rotating employees duties and requiring
employees to vacations etc.
-
8/13/2019 1Internal Control and Compliance-Policy, Org. Structure, Process Guidelines
12/46
Limitations of Internal Control
1. Implementation of internal control system isvery costly.
1. Effectiveness of the internal control system
depends mostly on the human elementandtheirfatigue and carelessnessmay make thecostly system worthless.
1. Collusionamong the employees may make thesystem worthless.
-
8/13/2019 1Internal Control and Compliance-Policy, Org. Structure, Process Guidelines
13/46
Policy Guidelines for Internal
Control Responsibility of the Board of Directors
Responsibility of the Senior Management Risk Recognition and Assessment Control Activities and Segregation of Duties Management Reporting System Monitoring Activities & Correcting Deficiencies Role of External Auditors in Evaluating Internal
Control System Regulatory Compliance Establishment of a Compliance Culture
R b l t th B d
-
8/13/2019 1Internal Control and Compliance-Policy, Org. Structure, Process Guidelines
14/46
Respons b l ty o the Board o
Directors
Board has overall responsibility for Establishing broad business strategy, significant policies
and understanding significant risks.
Monitoring the effectiveness of ICS through Audit
Committee.
Ensuring that all audit reports will be sent to the board
without any intervention of the bank management.
Holding periodic review meetings with the seniormanagement to discuss the effectiveness of the internal
control system
-
8/13/2019 1Internal Control and Compliance-Policy, Org. Structure, Process Guidelines
15/46
Responsibility of the Senior
Management(SM) SM will form MANCOM which will be
responsible for the overall management of thebank.
MANCOM will put in place policies andprocedures to identify, measure, monitor andcontrol various risks.
MANCOM will put in place an I/C structurewhich will assign clear responsibility, authorityand reporting relationship.
-
8/13/2019 1Internal Control and Compliance-Policy, Org. Structure, Process Guidelines
16/46
Cont.
MANCOM will monitor the adequacy and
effectiveness of ICS according to banksestablished policy & procedure.
MANCOM will review on a yearly basis theoverall effectiveness of the control system
and provide a certification to the Board on
the effectiveness of internal control policy,
practice and procedure.
Ri k R i i d A
-
8/13/2019 1Internal Control and Compliance-Policy, Org. Structure, Process Guidelines
17/46
Risk Recognition and Assessment
An effective ICS continually recognizes and assesses all of
the material risksthat could adversely affect the achievement
of thebanksgoals.
Effective risk assessment must identify and consider both
internal and external factors.
Internal factors include complexity of the organization
structure, the nature of a banks activities, the quality of
personnel, organization changes and also employee turnover.
External factors include fluctuating economic conditions,
changes in the industry, socio-political realities and
technological advances.
Risk assessment by ICS(Compliance) differs from the
business risk management process (Business Strategy)
-
8/13/2019 1Internal Control and Compliance-Policy, Org. Structure, Process Guidelines
18/46
Control Activities and
Segregation of Duties Control activities involve two steps: (1) the
establishment of control policies and proceduresand (2) verification that the control policies and
procedures are being complied with.
ICS requires that there is appropriate segregationof duties and personnel are not assignedconflicting responsibilities.
Employees must also be provided with necessaryauthority which will ensure segregation of duties.
-
8/13/2019 1Internal Control and Compliance-Policy, Org. Structure, Process Guidelines
19/46
Cont.
Each employee should have appropriatejob
description.
Areas of potential conflicts of interest
should be identified, minimized and subject
to careful independent monitoring.
-
8/13/2019 1Internal Control and Compliance-Policy, Org. Structure, Process Guidelines
20/46
Management Reporting System
Effective ICS requires that there is an effective
reporting system of information that is relevantto decision making.
The information should be reliable, timelyaccessible and provided in a consistent format.
Information should include external marketinformation & internal information.
There should be appropriate committees within
the organization that would evaluate datareceived through various information systems.
This will ensure supply of accurate information
to the management.
-
8/13/2019 1Internal Control and Compliance-Policy, Org. Structure, Process Guidelines
21/46
Monitoring Activities &
Correcting Deficiencies
Key risk factors & ICSshould be monitored on
an ongoing basis.
The significant deficiencies identified by the
audit team shouldbe reported to board and be
corrected.
Material internal control deficiencies should be
reported to senior management and board of
directors with recommendations where
necessary.
-
8/13/2019 1Internal Control and Compliance-Policy, Org. Structure, Process Guidelines
22/46
Role of External Auditors in
Evaluating ICS. External Auditors by dint of their independence
from the management of the bank can provideunbiased recommendation on the strength andweakness of the internal control system of the
bank.
They can examinethe records, transactions of thebank and evaluate its accounting policy, disclosurepolicy and methods of financial estimation madeby the Bank; this will allow the board and themanagement to have an independent overview onthe overall control system of the bank.
-
8/13/2019 1Internal Control and Compliance-Policy, Org. Structure, Process Guidelines
23/46
Regulatory Compliance
The Central Bank is the primary regulator ofbanks. In addition Tax Authority, Registrar ofJoint Stock Company, Finance Ministry etc. are
different types of regulatory bodies whosedirectives have significant impact on banksbusiness.
ICS must be designed in such a manner that thecompliance with regulatory requirements arerecognized in each activityof the bank.
-
8/13/2019 1Internal Control and Compliance-Policy, Org. Structure, Process Guidelines
24/46
Cont.
The bank must obtain regular informationon regulatory changes and distribute amongthe concerned department, so that they can
take necessary action to adapt to suchchanges.
The bank must develop an effectivecommunication process that will allowsmooth distribution of relevant regulationsamong different departments and personnel.
-
8/13/2019 1Internal Control and Compliance-Policy, Org. Structure, Process Guidelines
25/46
Ensuring a Compliance Culture For establishing a compliance culture within the bank
the board of directors and the senior management mustmaintain and promote high level of integrity and ethicalstandard.
Bank should avoid policies and practices that provide
inadvertent incentive for inappropriate activities. Suchas undue emphasis on performance targets oroperational results, particularly short term ones thatignore long-term risksand compensation schemes that
overly depend on short-term performance. The BOD and the senior management may establish a
Codeof Ethics that all levels of personnel must signand adhere to.
-
8/13/2019 1Internal Control and Compliance-Policy, Org. Structure, Process Guidelines
26/46
Organization Structure Structure for Internal Control System
Structure of the Internal Control Unit
-
8/13/2019 1Internal Control and Compliance-Policy, Org. Structure, Process Guidelines
27/46
Structure for Internal Control
System The essenceof the ideal organizational structure is
the segregation of duties.
The bank should, depending on the structure, size,
location of its branches and strength of itsmanpower try to establish an organizationalstructure which allow segregation of dutiesamongits key functions such as marketing, operations,credit, financial administration etc.
Where such segregation is not possible, there mustbe certain monitoring mechanism that should beindependently reviewed to ensure all policies and
procedures are followed at the branch level
-
8/13/2019 1Internal Control and Compliance-Policy, Org. Structure, Process Guidelines
28/46
Structure of the Internal
Control Unit
A separate organizational structureis preferable
for this unit.
The head of internal control unit should have areporting line with the banks board and MD.
The unit should be adequately staffedso that itcan perform its duty properly.
-
8/13/2019 1Internal Control and Compliance-Policy, Org. Structure, Process Guidelines
29/46
Managing Director Board of Directors
Head of internal Control
and Compliance
Regional Compliance
Officer
Head of Audit
& InspectionHead of MonitoringHead of Compliance
Regional OfficersZonal Audit or
Special Audit
Organization Structure
-
8/13/2019 1Internal Control and Compliance-Policy, Org. Structure, Process Guidelines
30/46
Cont.
The compliance unitwill be responsible toensure that bank complies with allregulatory requirementwhile conducting its
business. The monitoring unit will be responsible to
monitor the operational performance ofvarious branches.
The audit team will perform periodic andspecial audit.
-
8/13/2019 1Internal Control and Compliance-Policy, Org. Structure, Process Guidelines
31/46
3. Process Guidelines
Credit Policy Manual/Guideline
Operations Manual
Finance & Accounting Manual
Treasury Manual
HR Policy Manual
Internal Control Manual
-
8/13/2019 1Internal Control and Compliance-Policy, Org. Structure, Process Guidelines
32/46
Credit Policy Manual / Guideline
This manual should highlight the process ofcredit proposals, obligor risk rating, approving
credit limit, disbursement of loans, monitoring
of credit risk etc.
Risk classes, lending limits and credit
authorities
Lending guidelines
Approval processes
Documentations
Secured loans and collaterals
O ti M l
-
8/13/2019 1Internal Control and Compliance-Policy, Org. Structure, Process Guidelines
33/46
Operations Manual
This manual should contain the role of creditadministration, trade finance, reconciliation,
cash, clients service, treasury back office
etc. It should also reflect a clear guideline
regarding Anti-Money Laundering activityin
order to protect banks interest. Credit
administration will be responsible for
monitoring of limits and outstanding as percredit approval.
-
8/13/2019 1Internal Control and Compliance-Policy, Org. Structure, Process Guidelines
34/46
The basic content of operations manuals are:
Account opening and closing
Check clearing Cash & teller operations
Payment monitoring procedures
Nostro account reconciliation Payment monitoring procedures
Letters of credit, collection
Loan administration
Treasury operations
Anti-money laundering procedures
-
8/13/2019 1Internal Control and Compliance-Policy, Org. Structure, Process Guidelines
35/46
Finance & Accounting Manual
This manual should provide all financial activities
regarding income and expenditure of a bank.
They will look after if there is any exaggeration of
expenditure where it is necessary to get control. They will also ensure the profitability of the bank
by projection of income, expenditure and thereby
achieve ultimate target profit.
Various types of management reports are to be
submitted from this Dept. as per time schedule.
-
8/13/2019 1Internal Control and Compliance-Policy, Org. Structure, Process Guidelines
36/46
Cont.
Treatment of land, building & equipment
Capital adequacy and shareholders equity
Treatment of expenditures Commission, fees and revenues
Income tax procedures
Write-off procedures
-
8/13/2019 1Internal Control and Compliance-Policy, Org. Structure, Process Guidelines
37/46
Treasury Manual
The manual should include the guideline sothat they may manage the banks fundproperly and profitably.
Liquidity Investments
Capital management
Dealing room activity ALCO
-
8/13/2019 1Internal Control and Compliance-Policy, Org. Structure, Process Guidelines
38/46
HR Policy Manual
They will, at first, ensure the proper
distribution of available human resourcesin
the inter structure of the bank.
They will ensure staff welfare that will
ultimately encourage people and create a
healthy working atmosphere.
-
8/13/2019 1Internal Control and Compliance-Policy, Org. Structure, Process Guidelines
39/46
Cont.
Recruitment policy
Background checking policy
Leave policy
Compensation policy
Reward and recognition policy
Termination & retirement policy
Promotion and increment policy
Training guidelines
Internal Control Manual
-
8/13/2019 1Internal Control and Compliance-Policy, Org. Structure, Process Guidelines
40/46
Internal Control Manual This manual should contain three parts internal control
over the operating activities of bank (here, audit means the
internal audit). They will monitor the functions of various
departments of the bank periodically on regular basis.
Depending on the requirement, they should carry out
inspection, surprise inspection in order to help avoidingany fraudulent activities that in turn would strengthen the
bank to set up sound structural base.
Know your customer policy
Code of conduct/Ethics
Gift giving and acceptance
Monitoring procedures
Audit guidelines
-
8/13/2019 1Internal Control and Compliance-Policy, Org. Structure, Process Guidelines
41/46
Internal Control Process
Departmental Control Function Checklist
Loan Documentation Checklist
Quarterly Operations Report
Risk Analysis of Control Functions
Monitoring & follow-up
Reporting Compliance Process
Audit Procedure
Departmental Control Function
-
8/13/2019 1Internal Control and Compliance-Policy, Org. Structure, Process Guidelines
42/46
Departmental Control Function
Checklist
The guideline/procedure deals with mattersrelating to review/verifications of
departmental functions to ensure that prescribed
procedures are being followed by each department.
b) All departments are required to check that
prescribed controls are being observed and laid down procedures are not overlooked &
relaxed.
Departmental Control Function
-
8/13/2019 1Internal Control and Compliance-Policy, Org. Structure, Process Guidelines
43/46
c) Departmental Managers, Line Managers, BranchManagers will review the DCFCL to
ensure that control functions are performed and
documented in the control sheets
(Appendix 1) at the prescribed frequencies i.e. Daily,
weekly, monthly and quarterly.
d) The DCFCL Checklist should be retained with the
branch/departments for future
inspection by Internal Control and Senior Management.
Departmental Control Function
Checklist
Departmental Control Function
-
8/13/2019 1Internal Control and Compliance-Policy, Org. Structure, Process Guidelines
44/46
c) Departmental Managers, Line Managers, BranchManagers will review the DCFCL to
ensure that control functions are performed and
documented in the control sheets
(Appendix 1) at the prescribed frequencies i.e. Daily,
weekly, monthly and quarterly.
d) The DCFCL Checklist should be retained with the
branch/departments for future
inspection by Internal Control and Senior Management.
Departmental Control Function
Checklist
-
8/13/2019 1Internal Control and Compliance-Policy, Org. Structure, Process Guidelines
45/46
c) Departmental Managers, Line Managers, BranchManagers will review the DCFCL to
ensure that control functions are performed and
documented in the control sheets
(Appendix 1) at the prescribed frequencies i.e. Daily,
weekly, monthly and quarterly.
d) The DCFCL Checklist should be retained with the
branch/departments for future
inspection by Internal Control and Senior Management.
Quarterly Operations Report
-
8/13/2019 1Internal Control and Compliance-Policy, Org. Structure, Process Guidelines
46/46
Thanks