Internal Control System in Banks
Internal Control System in Banks
Internal Control System in Banks
PROJECT REPORT
ON
CERTIFICATE
This is to certify that, Celeste Cedric Dsa of
T.Y.B.com (Banking and insurance). Semester V
[2016-2017] has successfully completed project on
INTERNAL CONTROL SYSTEM IN BANKS under the
guidance of Mr. Ramchandra Tawde
[Signature of coordinator]
[Signature of
External Examiner]
Date:
Place: Sawantwadi.
DECLARATION
I hereby declare that the project report on,
Internal Control System in Banks is completed
and written by me has not previously formed that
basis for the award of any degree or diploma or
other similar title of these or any other University
or examine body.
Date:
Place: SAWANTWADI
Cedric Dsa)
(Celeste
ACKNOWLEDGEMENT
A project is the fruit of experiment and
experience and it goes a long way to modeling a
person and gaining a new insight in that field of
research.
In this rewarding experience, one
recognizes the help and support rendered by kind
heart behind its success.
I would take this opportunity to thank all
my teachers. I would like to thank Mr. Ramchandra
Tawde, my project guide, who sincerely guided and
supported me in doing the project.
I would also like to show my gratitude
towards my family, friends and all others who have
helped and supported me in doing the project.
Date:
Place: Sawantwadi.
(Celeste Cedric Dsa)
INDEX
SR
PARTICULARS
NO
1. Chapter 1
INTRODUCTION
Principles for the assessment of internal control
system
2.
Chapter 2
BACKGROUND
3.
Chapter 3
4.
PAGE
NO
4.1
4.2
4.3
4.4
4.5
5.
Chapter 5
Evaluation of Internal Control
Systems by Supervisory
Authorities
Chapter 6
Roles and Responsibilities of
External Auditors
Chapter 7
Conclusion
References
6.
7.
CHAPTER 1
Introduction
Principle 2:
Senior management should have responsibility for implementing
strategies and policies approved by the board; developing processes that
identify, measure, monitor and control risks incurred by the bank;
maintaining an organizational structure that clearly assigns
responsibility, authority and reporting relationships; ensuring that
delegated responsibilities are effectively carried out; setting appropriate
internal control policies; and monitoring the adequacy and effectiveness
of the internal control system.
Principle 3:
The board of directors and senior management are responsible for
promoting high ethical and integrity standards, and for establishing a
culture within the organization that emphasizes and demonstrates to all
levels of personnel the importance of internal controls. All personnel at a
banking organization need to understand their role in the internal
controls process and be fully engaged in the process.
Principle 6:
An effective internal control system requires that there is appropriate
segregation of duties and that personnel are not assigned conflicting
responsibilities. Areas of potential conflicts of interest should be
identified, minimized, and subject to careful, independent monitoring.
Principle 8:
An effective internal control system requires that there are reliable
information systems in place that cover all significant activities of the
bank. These systems, including those that hold and use data in an
electronic form, must be secure, monitored independently and supported
by adequate contingency arrangements.
Principle 9:
An effective internal control system requires effective channels of
communication to ensure that all staff fully understand and adhere to
policies and procedures affecting their duties and responsibilities and
that other relevant information is reaching the appropriate personnel.
Principle 11:
There should be an effective and comprehensive internal audit of the
internal control system carried out by operationally independent,
appropriately trained and competent staff. The internal audit function, as
part of the monitoring of the system of internal controls, should report
directly to the board of directors or its audit committee, and to senior
management.
Principle 12:
Internal control deficiencies, whether identified by business line, internal
audit, or other control personnel, should be reported in a timely manner
to the appropriate management level and addressed promptly. Material
internal control deficiencies should be reported to senior management
and the board of directors.
profile (for example, does not cover all of the principles contained in this
document), they should take appropriate action.
CHAPTER 2
Background
CHAPTER 3
THE OBJECTIVES AND
ROLE OF THE INTERNAL
CONTROL OF BANKS
CHAPTER 4
THE MAJOR ELEMENTS
OF AN INTERNAL
CONTROL SYSTEM
A.
1. Board of directors
Principle 1:
The board of directors should have responsibility for approving and
Periodically reviewing the overall business strategies and significant
policies of the bank; understanding the major risks run by the bank,
setting acceptable levels for these risks and ensuring that senior
management takes the steps necessary to identify, measure, monitor and
control these risks; approving the organizational structure; and ensuring
that senior management is monitoring the effectiveness of the internal
control system. The board of directors is ultimately responsible for
ensuring that an adequate and effective system of internal controls is
established and maintained.
The board of directors provides governance, guidance and
oversight to senior management. It is responsible for approving
and reviewing the overall business strategies and significant
policies of the organization as well as the organizational
structure. The board of directors has the ultimate responsibility
for ensuring that an adequate and effective system of internal
controls is established and maintained. Board members should
be objective, capable, and inquisitive, with a knowledge or
expertise of the activities of and risks run by the bank. In those
countries where it is an option, the board should consist of some
members who are independent from the daily management of
the bank. A strong, active board, particularly when coupled with
effective upward communication channels and capable
2. Senior management
Principle 2:
Senior management should have responsibility for implementing
strategies and policies approved by the board; developing processes that
identify, measure, monitor and control risks incurred by the bank;
maintaining an organizational structure that clearly assigns
responsibility, authority and reporting relationships; ensuring that
delegated responsibilities are effectively carried out; setting appropriate
internal control policies; and monitoring the adequacy and effectiveness
of the internal control system.
Senior management is responsible for carrying out the directives of
the board of directors, including the implementation of strategies
and policies and the establishment of an effective system of
internal control. Members of senior management typically delegate
responsibility for establishing more specific internal control
policies and procedures to those responsible for a particular
business unit. Delegation is an essential part of management;
however, it is important for senior management to oversee the
managers to whom they have delegated these responsibilities to
ensure that they develop and enforce appropriate policies and
procedures.
Compliance with an established internal control system is heavily
dependent on a well documented and communicated organisational
structure that clearly shows lines of reporting responsibility and
authority and provides for effective communication throughout the
B.
Principle 4:
An effective internal control system requires that the material risks that
Could adversely affect the achievement of the banks goals are being
recognized and continually assessed. This assessment should cover all
risks facing the bank and the Consolidated banking organization (that is,
credit risk, country and transfer risk, market risk, interest rate risk,
liquidity risk, operational risk, legal risk and reputational risk). Internal
controls may need to be revised to appropriately address any new or
previously uncontrolled risks.
Banks are in the business of risk-taking. Consequently it is
imperative that, as part of an internal control system, these risks
are being recognized and continually assessed. From an internal
control perspective, a risk assessment should identify and evaluate
the internal and external factors that could adversely affect the
achievement of the banking organizations performance,
information and compliance objectives. This process should cover
all risks faced by the bank and operate at all levels within the
bank. It differs from the risk management process which typically
focuses more on the review of business strategies developed to
maximize the risk/reward trade-off within the different areas of the
bank.
C.
Principle 5:
Control activities should be an integral part of the daily activities of a
bank. An effective internal control system requires that an appropriate
control structure is set up, with control activities defined at every
business level. These should include: top level reviews; appropriate
activity controls for different departments or divisions; physical
Controls; checking for compliance with exposure limits and follow-up
on noncompliance; a system of approvals and authorizations; and, a
system of verification and reconciliation.
Control activities are designed and implemented to address the
risks that the bank identified through the risk assessment process
described above. Control activities involve two steps:
(1)
(2)
Principle 6:
An effective internal control system requires that there is appropriate
D.
Principle 7:
An effective internal control system requires that there are adequate and
Comprehensive internal financial, operational and compliance data, as
well as external market information about events and conditions that are
relevant to decision making. Information should be reliable, timely,
accessible, and provided in a consistent format.
Adequate information and effective communication are essential
to the proper functioning of a system of internal control. From the
banks perspective, in order for information to be useful, it must be
relevant, reliable, timely, accessible, and provided in a consistent
format. Information includes internal financial, operational and
compliance data, as well as external market information about
events and conditions that are relevant to decision making.
Internal information is part of a record-keeping process that should
include established procedures for record retention.
Principle 8:
An effective internal control system requires that there are reliable
Information systems in place that cover all significant activities of the
bank. These systems, including those that hold and use data in an
electronic form, must be secure, monitored independently and supported
by adequate contingency arrangements.
In addition to the risks and controls above, inherent risks exist that
are associated with the loss or extended disruption of services
caused by factors beyond the banks control. In extreme cases,
since the delivery of corporate and customer services represent
key transactional, strategic and reputational issues, such problems
could cause serious difficulties for banks and even jeopardize their
ability to conduct key business activities. This potential requires
the bank to establish business resumption and contingency plans
using an alternate off-site facility, including the recovery of critical
systems supported by an external service provider. The potential
for loss or extended disruption of critical business operations
requires an institution-wide effort on contingency planning,
involving business management, and not focused on centralized
computer operations. Business resumption plans must be
periodically tested to ensure the plans functionality in the event of
an unexpected disaster.
Principle 9:
An effective internal control system requires effective channels of
Communication to ensure that all staff fully understand and adhere to
policies and procedures affecting their duties and responsibilities and
that other relevant information is reaching the appropriate personnel.
E.
Principle 10:
The overall effectiveness of the banks internal controls should be
Monitored on an ongoing basis. Monitoring of key risks should be part
of the daily activities of the bank as well as periodic evaluations by the
business lines and internal audit.
Since banking is a dynamic, rapidly evolving industry, banks must
continually monitor and evaluate their internal control systems in
the light of changing internal and external conditions, and must
enhance these systems as necessary to maintain their effectiveness.
In complex, multinational organizations, senior management must
ensure that the monitoring function is properly defined and
structured within the organization
. Monitoring the effectiveness of internal controls can be done by
personnel from several different areas, including the business
function itself, financial control and internal audit. For that reason,
it is important that senior management makes clear which
personnel are responsible for which monitoring functions.
Monitoring should be part of the daily activities of the bank but
also include separate periodic evaluations of the overall internal
control process. The frequency of monitoring different activities of
a bank should be determined by considering the risks involved and
Principle 11:
There should be an effective and comprehensive internal audit of the
Internal control system carried out by operationally independent,
appropriately trained and competent staff. The internal audit function, as
part of the monitoring of the system of internal controls, should report
Principle 12:
Internal control deficiencies, whether identified by business line,
internal audit, or other control personnel, should be reported in a timely
manner to the appropriate management level and addressed promptly.
Material internal control deficiencies should be reported to senior
management and the board of directors.
Internal control deficiencies, or ineffectively controlled risks,
should be reported to the appropriate person(s) as soon as they are
identified, with serious matters reported to senior management and
the board of directors. Once reported, it is important that
management corrects the deficiencies on a timely basis. The
internal auditors should conduct follow-up reviews or other
appropriate forms of monitoring, and immediately inform senior
management or the board of any uncorrected deficiencies. In order
to ensure that all deficiencies are addressed in a timely manner,
senior management should be responsible for establishing a system
to track internal control weaknesses and actions taken to rectify
them.
The board of directors and senior management should periodically
receive reports summarizing all control issues that have been
identified. Issues that appear to be immaterial when individual
control processes are looked at in isolation, may well point to
trends that could, when linked, become a significant control
deficiency if not addressed in a timely manner.
CHAPTER 5
EVALUATION OF
INTERNAL CONTROL
SYSTEM BY
SUPERVISORY
AUTHORITY
Principle:
Supervisors should require that all banks, regardless of size, have an
Effective system of internal controls that is consistent with the nature,
complexity, and risk inherent in their on- and off-balance-sheet activities
and that responds to changes in the banks environment and conditions.
In those instances where supervisors determine that a bank's internal
control system is not adequate or effective for that banks specific
Risk profile (for example, does not cover all of the principles contained
in this document), they should take appropriate action.
Although the board of directors and senior management bear the
ultimate responsibility for an effective system of internal controls,
supervisors should assess the internal control system in place at
individual banks as part of their ongoing supervisory activities.
The supervisors should also determine whether individual bank
management gives prompt attention to any problems that are
detected through the internal control process.
Supervisors should require the banks they supervise to have strong
control cultures and should take a risk-focused approach in their
supervisory activities. This includes a review of the adequacy of
internal controls. It is important that supervisors not only assess
the effectiveness of the overall system of internal controls, but also
evaluate the controls over high-risk areas (e.g., areas with
characteristics such as unusual profitability, rapid growth, new
the supervisor that its controls are adequate for its business. Other
supervisors may require periodic external audits of key areas,
where the supervisor defines the scope. And finally, supervisors
may combine one or more of the above techniques with their own
on-site reviews or examinations of internal controls.
Supervisors in many countries conduct on-site examinations and a
review of internal controls is an integral part of such examinations.
An on-site review could include both a review of the business
process and a reasonable level of transaction testing in order to
obtain an independent verification of the bank's own internal
control processes.
An appropriate level of transaction testing should be performed to
verify:
1. the adequacy of, and adherence to, internal policies, procedures
and limits;
2. the accuracy and completeness of management reports and
financial records; and
3. the reliability (i.e., whether it functions as management intends)
of specific controls identified as key to the internal control
element being assessed.
In order to evaluate the effectiveness of the five internal control
elements of a banking organization (or a unit/activity thereof)
supervisors should:
1. Identify the internal control objectives that are relevant to the
organization, unit or activity under review (e.g., lending,
investing, accounting);
2. evaluate the effectiveness of the internal control elements, not just
by reviewing policies and procedures, but also by reviewing
documentation, discussing operations with various levels of bank
CHAPTER 6
ROLE AND
RESPONSIBILITIES OF
EXTERNAL AUDITOR
CHAPTER 7
Conclusion
References
REFERENCES