1Internal Control and Compliance-Policy, Org. Structure, Process Guidelines

8/13/2019 1Internal Control and Compliance-Policy, Org. Structure, Process Guidelines

1/46

Internal Control and Compliance:

Policy, Organization Structure and

Process Guidelines

Speaker

Atul Chandra PanditAssistant Professor, BIBM

November 27, 2012


2/46

Concept of Control

Control is a three step process

1. Setting standard for a particular task.

2. Comparing actual performance with the

standard3. Taking corrective action


3/46

Internal Control

Internal control indicates the whole system

of controls, whether f inancial or otherwise,

established by the management to carry outbusiness in line the established policies and

objectives of the organization.


4/46

Concept of Internal Control

Internal control is the process, effected by the

entity's board of directors, management

and other personnel, designed to provide

reasonable assurance regarding the

achievement of objectives of the management

in the effectiveness and efficiency of

operations, the reliability of financialreporting and compliance with applicable

laws,regulations, and internal & external

policies.


5/46

Academicians:Weygandt, Kieso,Kimmel

Concept of Internal Control?

Internal control consists of the plan of

organization and all the related methods and

measures adopted within a business to:

1. Safeguard its assetsfrom employee theft, robbery,

and unauthorized use.

2. Enhance the accuracy and reliabilityof accounting

records.


6/46

Why Internal Control?

1. It is designed to achieve management objective

effectively and efficiently.

2. It provides reasonable assurance regarding the

reliability of financial reporting by ensuringaccuracy and completeness in recording

transactions.

3. It ensure compliance with relevant laws,

regulations, and policies (both internal and

external).


7/46

Why Internal Control?

4. IC helps to detect and prevent errors, frauds and

malpractice.

5. IC safeguards assets from unauthorized use ordisbursement.

6. IC protects against the incurrence of improper

liabilities.

7. It facilitates internal and external audit.

8. It reduces the control risk.


8/46

Components of Internal Control

1. Control Environment

2. Risk Assessment

3. Control Activities

4. Information and Communication

5. Monitoring


9/46

Principles of Internal Control

Establishment of responsibility:

most effective when only one person is responsible for a

given task

Segregation of duties:

the work of one employee should provide a reliable basis forevaluating the work of another employee

Documentation procedures:

documents provide evidence that transactions and events

have occurred

Physical, mechanical, and electronic controls:

safeguarding of assets and enhancing accuracy and

reliability of the accounting records.


10/46

Physical, Mechanical and Electronic control


11/46

Principles of Internal Control

Independent internal verification:

the review, comparison, and reconciliation of

information from two sources.

Other controls may include the following-

1. Bonding employees who handle cash2. Rotating employees duties and requiring

employees to vacations etc.


12/46

Limitations of Internal Control

1. Implementation of internal control system isvery costly.

1. Effectiveness of the internal control system

depends mostly on the human elementandtheirfatigue and carelessnessmay make thecostly system worthless.

1. Collusionamong the employees may make thesystem worthless.


13/46

Policy Guidelines for Internal

Control Responsibility of the Board of Directors

Responsibility of the Senior Management Risk Recognition and Assessment Control Activities and Segregation of Duties Management Reporting System Monitoring Activities & Correcting Deficiencies Role of External Auditors in Evaluating Internal

Control System Regulatory Compliance Establishment of a Compliance Culture

R b l t th B d


14/46

Respons b l ty o the Board o

Directors

Board has overall responsibility for Establishing broad business strategy, significant policies

and understanding significant risks.

Monitoring the effectiveness of ICS through Audit

Committee.

Ensuring that all audit reports will be sent to the board

without any intervention of the bank management.

Holding periodic review meetings with the seniormanagement to discuss the effectiveness of the internal

control system


15/46

Responsibility of the Senior

Management(SM) SM will form MANCOM which will be

responsible for the overall management of thebank.

MANCOM will put in place policies andprocedures to identify, measure, monitor andcontrol various risks.

MANCOM will put in place an I/C structurewhich will assign clear responsibility, authorityand reporting relationship.


16/46

Cont.

MANCOM will monitor the adequacy and

effectiveness of ICS according to banksestablished policy & procedure.

MANCOM will review on a yearly basis theoverall effectiveness of the control system

and provide a certification to the Board on

the effectiveness of internal control policy,

practice and procedure.

Ri k R i i d A


17/46

Risk Recognition and Assessment

An effective ICS continually recognizes and assesses all of

the material risksthat could adversely affect the achievement

of thebanksgoals.

Effective risk assessment must identify and consider both

internal and external factors.

Internal factors include complexity of the organization

structure, the nature of a banks activities, the quality of

personnel, organization changes and also employee turnover.

External factors include fluctuating economic conditions,

changes in the industry, socio-political realities and

technological advances.

Risk assessment by ICS(Compliance) differs from the

business risk management process (Business Strategy)


18/46

Control Activities and

Segregation of Duties Control activities involve two steps: (1) the

establishment of control policies and proceduresand (2) verification that the control policies and

procedures are being complied with.

ICS requires that there is appropriate segregationof duties and personnel are not assignedconflicting responsibilities.

Employees must also be provided with necessaryauthority which will ensure segregation of duties.


19/46

Cont.

Each employee should have appropriatejob

description.

Areas of potential conflicts of interest

should be identified, minimized and subject

to careful independent monitoring.


20/46

Management Reporting System

Effective ICS requires that there is an effective

reporting system of information that is relevantto decision making.

The information should be reliable, timelyaccessible and provided in a consistent format.

Information should include external marketinformation & internal information.

There should be appropriate committees within

the organization that would evaluate datareceived through various information systems.

This will ensure supply of accurate information

to the management.


21/46

Monitoring Activities &

Correcting Deficiencies

Key risk factors & ICSshould be monitored on

an ongoing basis.

The significant deficiencies identified by the

audit team shouldbe reported to board and be

corrected.

Material internal control deficiencies should be

reported to senior management and board of

directors with recommendations where

necessary.


22/46

Role of External Auditors in

Evaluating ICS. External Auditors by dint of their independence

from the management of the bank can provideunbiased recommendation on the strength andweakness of the internal control system of the

bank.

They can examinethe records, transactions of thebank and evaluate its accounting policy, disclosurepolicy and methods of financial estimation madeby the Bank; this will allow the board and themanagement to have an independent overview onthe overall control system of the bank.


23/46

Regulatory Compliance

The Central Bank is the primary regulator ofbanks. In addition Tax Authority, Registrar ofJoint Stock Company, Finance Ministry etc. are

different types of regulatory bodies whosedirectives have significant impact on banksbusiness.

ICS must be designed in such a manner that thecompliance with regulatory requirements arerecognized in each activityof the bank.


24/46

Cont.

The bank must obtain regular informationon regulatory changes and distribute amongthe concerned department, so that they can

take necessary action to adapt to suchchanges.

The bank must develop an effectivecommunication process that will allowsmooth distribution of relevant regulationsamong different departments and personnel.


25/46

Ensuring a Compliance Culture For establishing a compliance culture within the bank

the board of directors and the senior management mustmaintain and promote high level of integrity and ethicalstandard.

Bank should avoid policies and practices that provide

inadvertent incentive for inappropriate activities. Suchas undue emphasis on performance targets oroperational results, particularly short term ones thatignore long-term risksand compensation schemes that

overly depend on short-term performance. The BOD and the senior management may establish a

Codeof Ethics that all levels of personnel must signand adhere to.


26/46

Organization Structure Structure for Internal Control System

Structure of the Internal Control Unit


27/46

Structure for Internal Control

System The essenceof the ideal organizational structure is

the segregation of duties.

The bank should, depending on the structure, size,

location of its branches and strength of itsmanpower try to establish an organizationalstructure which allow segregation of dutiesamongits key functions such as marketing, operations,credit, financial administration etc.

Where such segregation is not possible, there mustbe certain monitoring mechanism that should beindependently reviewed to ensure all policies and

procedures are followed at the branch level


28/46

Structure of the Internal

Control Unit

A separate organizational structureis preferable

for this unit.

The head of internal control unit should have areporting line with the banks board and MD.

The unit should be adequately staffedso that itcan perform its duty properly.


29/46

Managing Director Board of Directors

Head of internal Control

and Compliance

Regional Compliance

Officer

Head of Audit

& InspectionHead of MonitoringHead of Compliance

Regional OfficersZonal Audit or

Special Audit

Organization Structure


30/46

Cont.

The compliance unitwill be responsible toensure that bank complies with allregulatory requirementwhile conducting its

business. The monitoring unit will be responsible to

monitor the operational performance ofvarious branches.

The audit team will perform periodic andspecial audit.


31/46

3. Process Guidelines

Credit Policy Manual/Guideline

Operations Manual

Finance & Accounting Manual

Treasury Manual

HR Policy Manual

Internal Control Manual


32/46

Credit Policy Manual / Guideline

This manual should highlight the process ofcredit proposals, obligor risk rating, approving

credit limit, disbursement of loans, monitoring

of credit risk etc.

Risk classes, lending limits and credit

authorities

Lending guidelines

Approval processes

Documentations

Secured loans and collaterals

O ti M l


33/46

Operations Manual

This manual should contain the role of creditadministration, trade finance, reconciliation,

cash, clients service, treasury back office

etc. It should also reflect a clear guideline

regarding Anti-Money Laundering activityin

order to protect banks interest. Credit

administration will be responsible for

monitoring of limits and outstanding as percredit approval.


34/46

The basic content of operations manuals are:

Account opening and closing

Check clearing Cash & teller operations

Payment monitoring procedures

Nostro account reconciliation Payment monitoring procedures

Letters of credit, collection

Loan administration

Treasury operations

Anti-money laundering procedures


35/46

Finance & Accounting Manual

This manual should provide all financial activities

regarding income and expenditure of a bank.

They will look after if there is any exaggeration of

expenditure where it is necessary to get control. They will also ensure the profitability of the bank

by projection of income, expenditure and thereby

achieve ultimate target profit.

Various types of management reports are to be

submitted from this Dept. as per time schedule.


36/46

Cont.

Treatment of land, building & equipment

Capital adequacy and shareholders equity

Treatment of expenditures Commission, fees and revenues

Income tax procedures

Write-off procedures


37/46

Treasury Manual

The manual should include the guideline sothat they may manage the banks fundproperly and profitably.

Liquidity Investments

Capital management

Dealing room activity ALCO


38/46

HR Policy Manual

They will, at first, ensure the proper

distribution of available human resourcesin

the inter structure of the bank.

They will ensure staff welfare that will

ultimately encourage people and create a

healthy working atmosphere.


39/46

Cont.

Recruitment policy

Background checking policy

Leave policy

Compensation policy

Reward and recognition policy

Termination & retirement policy

Promotion and increment policy

Training guidelines

Internal Control Manual


40/46

Internal Control Manual This manual should contain three parts internal control

over the operating activities of bank (here, audit means the

internal audit). They will monitor the functions of various

departments of the bank periodically on regular basis.

Depending on the requirement, they should carry out

inspection, surprise inspection in order to help avoidingany fraudulent activities that in turn would strengthen the

bank to set up sound structural base.

Know your customer policy

Code of conduct/Ethics

Gift giving and acceptance

Monitoring procedures

Audit guidelines


41/46

Internal Control Process

Departmental Control Function Checklist

Loan Documentation Checklist

Quarterly Operations Report

Risk Analysis of Control Functions

Monitoring & follow-up

Reporting Compliance Process

Audit Procedure

Departmental Control Function


42/46


Checklist

The guideline/procedure deals with mattersrelating to review/verifications of

departmental functions to ensure that prescribed

procedures are being followed by each department.

b) All departments are required to check that

prescribed controls are being observed and laid down procedures are not overlooked &

relaxed.



43/46

c) Departmental Managers, Line Managers, BranchManagers will review the DCFCL to

ensure that control functions are performed and

documented in the control sheets

(Appendix 1) at the prescribed frequencies i.e. Daily,

weekly, monthly and quarterly.

d) The DCFCL Checklist should be retained with the

branch/departments for future

inspection by Internal Control and Senior Management.


Checklist



44/46










Checklist


45/46









Quarterly Operations Report


46/46

Thanks

Documents

1Internal Control and Compliance-Policy, Org. Structure, Process Guidelines