1、原文:Managing Core Risks In Banking: Internal Comtrol&ComplianceInternal Control Policy1.1 OverviewBanking has a diversified and complex financial activity which is no longer limited within the geographic boundary of a country. Since its activity involves high risk, the issue of effective internal con
2、trol system, corporate governance, transparency, accountability has become significant issues to ensure smooth performance of the banking industry throughout the world. In many banks internal control is identified with internal audit; the scope of internal control is not limited to audit work. It is
3、 an integral part of the daily activity of a bank, which on its own merit identifies the risks associated with the process and adopts a measure to mitigate the same.Internal Audit on the other hand is a part of Internal Control system which reinforces the control system through regular review.Accord
4、ing to an IMF publication Internal Control refers to the mechanism in place on a permanent basis to control the activities in an organization, both at a central and at a departmental/divisional level. A key component of effective internal control is the operation of a solid accounting and informatio
5、n system.In Bangladesh analysis on the performances of the banks has pointed out that an effective internal control system could have contributed significantly in improving the performance of the commercial banks if the control culture is brought in through policy guidelines and structural changes a
6、t these banks.1.2 DefinitionInternal control is the process, effected by a companys board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the effectiveness and efficiency of operations, the reliability of financial rep
7、orting and compliance with applicable laws, regulations, and internal policies.Internal controls are the policies and procedures established and implemented alone, or in concert with other policies or procedures, to manage and control a particular risk or business activity, or combination of risks o
8、r business activities, to which the company is exposed or in which it is engaged.1.3 Internal Control EnvironmentThe internal control environment is the framework under which internal controls are developed, implemented and monitored. It consists of the mechanisms and arrangements that ensure intern
9、al and external risks to which the company is exposed are identified; appropriate and effective internal controls are developed and implemented to soundly and prudently manage these risks; reliable and comprehensive systems are to be put in place to appropriately monitor the effectiveness of these c
10、ontrols.Each company needs to have in place an appropriate and effective internal control environment to ensure that the company is managed and controlled in a sound and prudent manner. The factors which together comprise the control environment are: *a board of directors that is actively concerned
11、with sound corporate governance and that understands and diligently discharges its responsibilities by ensuring that the company is appropriately and effectively managed and controlled; *a management that actively manages and operates the company in a sound and prudent manner;*organizational and pro
12、cedural controls supported by an effective management information system to soundly and prudently manage the companys exposure to risk; and*an independent audit mechanism to monitor the effectiveness of the organizational and procedural controls.1.4 Objective of Internal ControlThe primary objective
13、 of internal control system in a bank is to help the bank perform better through the use of its resources. Through internal control system bank identifies its weaknesses and takes appropriate measures to overcome the same. The main objectives of internal control are as follows:*Efficiency and effect
14、iveness of activities (performance objectives).*Reliability, completeness and timelines of financial and management information (information objectives) * Compliance with applicable laws and regulations (compliance objectives)1.5 Policy Guidelines For Internal Control1.5.1 Responsibility of the Boar
15、d of Directors*The overall responsibility of establishing broad business strategy,significant policies and understanding significant risks of the bank rests with the Board of Directors.*Through the establishment of Audit Committee the Board of Directors can monitor the effectiveness of internal cont
16、rol system. Bangladesh Bank has already instructed the banks to establish Audit Committee (Appendix 5.4).*The internal as well as external audit reports will be sent to the board without any intervention of the bank management and ensure that the management takes timely and necessary actions as per
17、the recommendations.*Have periodic review meetings with the senior management to discuss the effectiveness of the internal control system of the bank and ensure that the management has taken appropriate actions as per the recommendations of the auditors and internal control.1.5.2 Responsibility of t
18、he Senior Management*In setting out a strong internal control framework within the organization the role of Managing Director is very important. He/she will establish a Management Committee (MANCOM), which will be responsible for the overall management of the Bank.*With governance & guidance from th
19、e Board of Directors the MANCOM will put in place policies and procedures to identify, measure, monitor and control these risks.*The MANCOM will put in place an internal control structure in the banking organization, which will assign clear responsibility, authority and reporting relationship.*The M
20、ANCOM will monitor the adequacy and effectiveness of the internal control system based on the banks established policy & procedure.*The MANCOM will review on a yearly basis the overall effectiveness of the control system of the organization and provide a certification on a yearly basis to the Board
21、of Directors on the effectiveness of Internal Control policy, practice and procedure.1.5.3 Risk Recognition and Assessment*An effective internal control system continually recognizes and assesses all of the material risks that could adversely affect the achievement of the banks goals.*Effective risk
22、 assessment must identify and consider both internal and external factors. Internal factors include complexity of the organization structure, the nature of the Banks activities, the quality of personnel, organization changes and also employee turnover. External factors include fluctuating economic c
23、onditions, changes in the industry, socio-political realities and technological advances. *Risk assessment by Internal Control System differs from the business risk management process which typically focuses more on the review of business strategies developed to maximize the risk/reward trade-off wi
24、thin the different areas of the bank. The risk assessment by Internal Control focuses more on compliance with regulatory requirements, social, ethical and environmental risks those affect the banking industry.1.5.4 Control Activities and Segregation of Duties:*Effective internal control system requi
25、res that an appropriate control structure is set up with control activities defined at every business level, i.e. top level review; appropriate activity controls for different departments or divisions; physical controls; checks for compliance with exposure limits and follow-up on non-compliance; a s
26、ystem for approvals and authorizations and system pf verification and reconciliation. *Control activities involve two steps: (1) the establishment of control policies and procedures and (2) verification that the control policies and procedures are being complied with.*Senior management should ensure
27、 that adequate control activities are an integral part of the daily functions of all relevant personnel; this enables quick response to changing conditions and avoids unnecessary costs. Control activities are most effective when they are viewed by management and all other personnel as an integral pa
28、rt of daily activities rather than an addition to it.*One of the most important aspects of internal control system requires that there is appropriate segregation of duties and personnel are not assigned conflicting responsibilities.*Furthermore the employees must also be provided with necessary auth
29、ority which will enforce segregations of duties.*For employees to carry out their responsibilities properly each employee should have appropriate job description.*Areas of potential conflicts of interest should be identified, minimized and subject to careful independent monitoring.1.5.5 Management R
30、eporting System:*Effective internal control system requires that there is an effective reporting system of information that is relevant to decision making. The information should be reliable, timely accessible and provided in a consistent format.*Information would have to include external market inf
31、ormation about events and conditions that are relevant to decision making. Internal information include financial, operational and compliance data.*There should be appropriate committees within the organization which would evaluate data received through various information systems. This will ensure
32、supply of correct and accurate information to the management.*Internal information must cover all significant activities of the bank. These systems including those that hold and use data in electronic form must be secure, monitored independently and supported by contingency arrangements.*Most import
33、antly the channels of communication must ensure that all staff fully understand and adhere to policies and procedures effecting their duties and responsibilities and that other relevant information is reaching the appropriate personnel.1.5.6 Monitoring Activities & Correcting Deficiencies:*Effective
34、ness of the Banks internal controls should be monitored on an ongoing basis. Key/high risk items should be identified and monitored as part of daily activities. In addition there should be periodic evaluation by the business lines and internal audit team.*There should be an effective and comprehensi
35、ve internal audit of the internal control system carried out by operationally independent, appropriately trained and competent staff specially designated by the management. The significant deficiencies identified by the audit team should be reported to the board on a periodic basis. The Audit Commit
36、tee of the board should be the cell to whom such report should be forwarded for review.*Preferably the internal control team should be reporting to the board of directors or its audit committee. If practical considerations do not permit internal control team to directly report to the board of direct
37、ors then it can report directly to the MD. *Internal control deficiencies, whether identified by business lines, internal audit or other control personnel should be reported in a timely and prompt manner to the appropriate management level and addressed immediately.*Material internal control deficie
38、ncies should be reported to senior management and board of directors with recommendations where necessary. Each bank should set out its own guideline regarding what should be considered as major branches. However, it should be noted that consideration should be given to major financial exposure or l
39、oss, significant process lapses, serious employee misconduct etc.1.5.7 Role of External Auditors in Evaluating Internal Control System:*External Auditors by dint of their independence from the management of the bank can provide unbiased recommendation on the strength and weakness of the internal con
40、trol system of the bank.*They can examine the records, transactions of the bank and evaluate its accounting policy, disclosure policy and methods of financial estimation made by the Bank; this will allow the board and the management to have an independent overview on the overall control system of th
41、e bank.1.5.8 Regulatory Compliance:* For the banks Central Bank is the primary regulator, who governs the activities of banks. In addition Tax Authority, Registrar of Joint Stock Company, Finance Ministry etc. are different types of regulatory bodies whose directives have significant impact of banks
42、 business. *The internal control system should always take into account the banks internal processes to meet the regulatory requirement before conducting any operation. *The internal control system of the bank must be designed in a manner that the compliance with regulatory requirements is recognize
43、d in each activity of the bank. The bank must obtain regular information on regulatory changes and distribute among the concerned department, so that they can take necessary action to adapt to such changes.*The bank must develop an effective communication process which will allow smooth distribution
44、 of relevant regulations among different departments and personnel.1.5.9 Establishment of a Compliance Culture: *A bank is said to have strong compliance culture when throughout the organization employees are encouraged to comply with policies, procedures and regulation. Even an individual at the lo
45、west echelon should be empowered to speak up without the fear of reprisal if she/he identifies something non-compliant.*The board of directors and the senior management must establish a compliance culture within the banking organization that emphasizes and demonstrates to all levels of personnel the
46、 importance of internal control.*In order to establish a compliance culture the board of directors and senior management must promote a high ethical and integrity standard.*In reinforcing ethical values the banking organization should avoid policies and practices that provide inadvertent incentive f
47、or inappropriate activities. Examples of such policies and practices include undue emphasis on performance targets or operational results, particularly short term ones that ignore long term risks and compensation schemes that overly depend on short term performance.*The board of directors and the se
48、nior management may establish a Code of Ethics that all levels of personnel must sign and adhere to.Source: Mr. Jahangir Alam, Mr. Jalal Ahmed, Mr. R. Q. M. Forkan,Mr. Moinul Islam,Mr. Rais Uddin Ahmad,Mr. Siddiqur Rahman,2007.“managing core risks in banking:internal control&compliance” . Journal of
49、 Accounting and Economics.pp. 166192.译文:银行业务的核心在风险管理:规范内部控制内部控制政策1.1概述银行拥有多元化和复杂的金融活动,不再是一国范围内的地理边界所限制。由于其活动涉及高风险,以有效的内部控制制度,公司治理,透明度,问责等用来确保世界各地的银行业平稳。在许多银行内部控制等同于内部审计;经营范围内部控制的范围并不局限于审计工作。它是中国不可分割的日常活动的银行,在它自己的标准风险识别的过程中采用一种措施来减少像内部审计,另一方面是部分的内部控制制度通过定期复习加强了控制系统。根据国际货币基金组织,出版的内部控制是指对一个长期机制,以控制国际组织一个中心和一个部门/司级的活动。一个有效的内部控制的关键组成部分是一个扎实的会计和信息系统。 在孟加拉国银行的性能分析指出,建立有效的内部控制系统能大大促进改善商业银行的业绩,如果控制文化的赞助商,就要通过政策的指导原则和这些银行的结构性