Scribd
Upload
185 views2 pages

Internal Control Components

The document discusses the five key components of internal control for a bank: control environment, risk assessment, control activities, accounting/information/communication systems, and self-assessment/monitoring. It provides details on what each component involves, such as the control environment reflecting management's commitment and operating style, risk assessment identifying internal and external risks, control activities establishing policies/procedures to carry out directives, systems capturing pertinent financial/compliance information, and self-assessment evaluating departmental controls. Strong internal control involves qualified personnel, risk analysis, separation of duties, timely information flow, and monitoring processes.

Uploaded by

danikadolor
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
185 views2 pages

Internal Control Components

The document discusses the five key components of internal control for a bank: control environment, risk assessment, control activities, accounting/information/communication systems, and self-assessment/monitoring. It provides details on what each component involves, such as the control environment reflecting management's commitment and operating style, risk assessment identifying internal and external risks, control activities establishing policies/procedures to carry out directives, systems capturing pertinent financial/compliance information, and self-assessment evaluating departmental controls. Strong internal control involves qualified personnel, risk analysis, separation of duties, timely information flow, and monitoring processes.

Uploaded by

danikadolor
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 2

Internal Control Components

• A control environment.
• Risk assessment.
• Control activities.
• Accounting, information, and communication systems.
• Self-assessment or monitoring.

Control Environment
The control environment reflects the board of directors’ and management’s commitment to internal
control. It provides discipline and structure to the control system. Elements of the control environment
include
• The organizational structure of the institution. (Is the bank’s organization centralized or
decentralized? Are authorities and responsibilities clear? Are reporting relationships well designed?)
• Management’s philosophy and operating style. (Are the bank’s business strategies formal or informal?
Is its philosophy and operating style conservative or aggressive? Have its risk strategies been
successful?)
• The integrity, ethics, and competence of personnel.
• The external influences that affect the bank’s operations and risk management practices (e.g.,
independent audits).
• The attention and direction provided by the board of directors and its committees, especially the audit
or risk management committees.
• The effectiveness of human resources policies and procedures.

Risk Assessment
Risk assessment is the identification, measurement, and analysis of risks, both internal and external,
controllable and uncontrollable, at individual business levels and for the bank as a whole. Management
must assess all risks facing the bank because uncontrolled risk-taking can prevent the bank from
reaching its objectives or can jeopardize its operations. Effective risk assessments help determine what
the risks are, what controls are needed, and how they should be managed.

Control Activities
Control activities are the policies, procedures, and practices established to help ensure that bank
personnel carry out board and management directives at every business level throughout the bank.
These activities help ensure that the board and management act to control risks that could prevent a
bank from attaining its objectives. They should include
• Reviews of operating performance and exception reports. For example, senior management regularly
should review reports showing financial results to date versus budget amounts, and the loan
department manager should review weekly reports on delinquencies or documentation exceptions.
• Approvals and authorization for transactions and activities. For example, an appropriate level of
management should approve and authorize all transactions over a specified limit, and authorization
should require dual signatures.
• Segregation of duties to reduce a person’s opportunity to commit and conceal fraud or errors. For
example, assets should not be in the custody of the person who authorizes or records transactions.
• The requirement that officers and employees in sensitive positions be absent for two consecutive
weeks each year.
• Design and use of documents and records to help ensure that transactions and events are recorded.
For example, using pre-numbered documents facilitates monitoring.
• Safeguards for access to and use of assets and records. To safeguard data processing areas, for
example, a bank should secure facilities and control access to computer programs and data files.
• Independent checks on whether jobs are getting done and recorded amounts are accurate. Examples
of independent checks include account reconciliation, computer-programmed controls, management
review of reports that summarize account balances, and user review of computer-generated reports.

Accounting, Information, and Communication Systems


Accounting, information, and communication systems capture and impart pertinent and timely
information in a form that enables the board, management, and employees to carry out their
responsibilities. Accounting systems are the methods and records that identify, assemble, analyze,
classify, record, and report a bank’s transactions. Information and communication systems enable all
personnel to understand their roles in the control system, how their roles relate to others, and their
accountability. Information systems produce reports on operations, finance, and compliance that
enable management and the board to run the bank. Communication systems impart information
throughout the bank and to external parties such as regulators, examiners, shareholders, and
customers.

Self-assessment or monitoring
Self-assessment or monitoring is the bank’s own oversight of the control system’s performance. Self-
assessments are evaluations of departmental or operational controls by persons within the area.
Ongoing monitoring should be part of the normal course of daily operations and activities. Internal and
external audit functions, as part of the monitoring system, may provide independent assessments of the
quality and effectiveness of a control system’s design and performance. All bank personnel should share
responsibility for self-assessment or monitoring; everyone should understand his or her responsibility to
report any breaches of the control system.
Strong control cultures typically incorporate qualified personnel, effective risk identification and
analysis, clear designation and appropriate separation of responsibilities, accurate and timely
information flow, and established monitoring and follow-up processes. For example, the lending area
should have (1) a board of directors active in approving and monitoring loan policies and practices; (2) a
loan review function that evaluates the risk and quality of loan portfolios; (3) policies and procedures
governing, among other things, types of loans, loan approvals, maturity limits, rate structure, and
collateral requirements; and (4) information systems that allow for proper management and monitoring
of the lending area.

Internal Control Evaluation


Evaluating internal control involves (1) identifying the internal control objectives relevant to the bank,
department, business line, or product3; (2) reviewing pertinent policies, procedures, and
documentation; (3) discussing controls with appropriate levels of bank personnel; (4) observing the
control environment; (5) testing transactions as appropriate; (6) sharing findings, concerns, and
recommendations with the board of directors and senior management; and (7) determining that the
bank has taken timely corrective action on noted deficiencies.

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy