vector

INTERNAL CONTROL

Mike Trigg

vector

WHAT IS INTERNAL CONTROL?

A key part of effective corporate governance Policies and processes to:

- make operations efficient and responsive to risk- ensure quality of internal/external reporting- ensure compliance with internal rules, regulations and laws

vector

COMPONENTS Controls Information and communication

processes Monitoring processes

vector

KEY FEATURES Embedded in bank’s operations and part

of the culture Able to respond quickly to changing

risks inside and outside the bank Procedures for urgent escalation of

control weaknesses

vector

DEVELOPING THE INTERNAL CONTROL

REGIME1 Define objectives2 Define risks and risk appetite3 Assess significant risks4 Design controls5 Allocate ownership and accountability6 Monitor

vector

(1) OBJECTIVES Clear objectives Communicated to, and understood by,

all employees Critical success factors and performance

indicators

vector

(2) DEFINE RISKS AND RISK APPETITE

Internal External Operational Credit Liquidity Market Reputational

vector

(3) RISK ASSESSMENT

PROBABILITY

IMPACT

vector

(4) DESIGN CONTROLS

Focused on significant risks Responsive Early alert Define accountability Define freedom of action Effective flow of information

vector

(5) MONITOR

The Board Risk functions The Business Audit Committee Internal Audit External Audit

vector

Risk Appetite Policies Controls

Local Business Operations

Business Senior Management

Risk Functions

Board Reporting RiskReporting Performance

vector

BOARD/DIRECTORS

Ultimate responsibility to maintain internal control system

Must set policies Must review effectiveness of regime Must disclose status of regime to

stakeholders (regulators?)

vector

RISK FUNCTIONS

Design and recommend policy Formulate risk assessment tools Independent view Approvals within policy

vector

THE BUSINESS All employees are accountable Implement policy Identify, evaluate, escalate risks Create internal controls that reflect:

- Board policy - Risk appetite - Risk assessment - Bank’s objectives

vector

AUDIT COMMITTEE

Receive reports Independent assessment Recommendations to full Board

vector

INTERNAL AUDIT/EXTERNAL AUDIT External Audit is finance focused Provides assurance on implementation of

policies and controls Recommends corrective action Determines audit programme through risk

assessment Independent line to Chairman/CEO

vector

CONCLUSIONS

1 Define bank’s objectives2 Define risks to those objectives3 Design policies and controls to manage

risks4 Define ownership and accountability5 Encourage honesty and transparency6 Monitor aggressively