Internal Control Is Compliance (ICC)

Internal Control and Compliance (ICC):

An overview

Md. Shoaib Ahmed

Executive Vice President

Mercantile Bank Ltd.

Bank has diversified and complex financial activities. Since its activity involves high risk, the issue of effective control system, corporate governance, transparency, accountability has become significant issues to ensure smooth performance of the country industry throughout the world.

In many backs, internal control is identified with internal audit; the scope of internal control is not limited to audit work. It is an integral part of the daily activities of a bank which identifies the risks associated with the process and adopts a measure to mitigate the same.

Definition:

According to IMF publication, Internal Control refers to the Mechanism in place on a permanent basis to control the activities in an organization, both at a central and at a departmental/divisional level.

However, Internal control is the process, designed to provide reasonable assurance regarding the achievement of objectives in the effectiveness and efficiency of operations, the reliability of financial reporting and compliance with applicable laws, regulations, and internal policies.

Objectives of Internal Control and Compliance (ICC) :

The primary objective of internal control system in a bank is to help the bank perform better through the use of its resources. Through internal control system, bank identifies its weaknesses and takes appropriate measures to overcome the same. The major objectives of internal control are as follows:

1. Efficiency and effectiveness of activities : Performance objective
2. Reliability, Completeness and timelines of financial and management information: Information Objectives.
3. Compliance with applicable laws and regulations : Compliance Objective

Internal Control Environment:

The internal control environment is the framework under which internal control is developed, implemented and monitored.

Each company needs to have in place an appropriate and effective internal control framework to ensure that the company is managed & controlled in a sound and prudent manner.

The factors with together comprise the control framework are:

1. Board of Directors
2. Audit Committee (AC)
3. MANCOM/Senior Management
4. An independent Internal Control and Compliance Department (ICCD).
5. An effective Management Information System (MIS).

Responsibility of Board of Directors:

Establishing--

a)Business Strategy

b)Formation of Audit Committee (AC) to monitor the effectiveness of internal control system.

c)Internal and External audit reports discussion

d)Ensure that management (MANCOM) take necessary actions as per recommendations of Board

e)Periodic review meeting with MANCOM.

Responsibility Audit Committee (AC) :

-Review whether internal control strategies recognized in internal and external auditors have implemented by MANCOM/Management.

-Review the Internal and External audit reports.

-Made recommendations for proper rectifications thereof.

-Review the annual financial statement whether they are complete and consistent with accounting standards.

-Review the efficiency and effectiveness of ICC.

-Made recommendations to the Board regarding the appointment of External Auditors.

-Review whether regulatory instructions and internal regulations approved by Board have been complied with.

Responsibility of the MANCOM/Senior Management:

-Put in place policies and procedures to identify, manager, monitor and control these risks.

-Put in place an internal control structure which will assign clear responsibility authority and reporting relationship.

-Monitor the adequacy and effectives of ICC.

-Review the overall effectiveness ICC system yearly and provide a certificate to the Boards regarding this.

Structure of ICCD.

Organization structure plays a vital role in establishing effective internal control system. The essence of the ideal organizational structure that will facilitate effectiveness of the internal control and compliance system is the segregation of duties.

The bank should, depending on the structure, size, location of its branches and strength of its manpower, try to establish an organizational structure which allow segregation of duties among its key functions such as marketing, operations, audit, financial administrations etc.

Note that upto which level, this segregation will take place will depend on an individual bank.

For an effective control and compliance system, a separate organizational structure is also provided for this department. The organizational structure of the internal control will depend on the tasks performed by the units and the size of the organization. A bank with large branches may have regional level internal control unit.

The Head of Internal and Compliance department (ICCD) should have a reporting line with the bank’s Board while the Audit Committee (AC) of the board will be the “Contact Point” for this dept. This dept. also has a reporting line with the MD/CEO of the Bank.

In order to ensure the availability of efficient people with ICCD the banks will make it mandatory for all “middle to senior management staff” to spend at least 02 (two) years with internal control and compliance deptt.

A brief discussion of the structure has also been provided.\

Functions of :

a) Monitoring Units:

- monitor the operational performance of branches/deptt.

- Collect relevant data and analyze these to assess the risks of individual units.

- Recommend the Head of ICC for sending audit and inspection team in case of major deviation.

b) Audit on Inspection Unit:

- Conduct Risk Based Annual Audit

- Conduct special audit

- Surprise audit

- Make using reports audit findings

- Annual health report of the bank.

c) Compliance unit:

-Ensure that bank complies with all regulatory requirements while conducting its

business.

-Maintain liaison with the regulatory bodies.

-Maintain liaison with the head of all level and noting the other units about regulatory changes.

Management Reporting/Information System (MIS):

Effective internal control system requires that there is an effective reporting system of information that is relevant to decision making. The information should be reliable, timely accessible and provided in a consistent format.

Information should include external market information about events in conditions that are relevant to decision making and Internal information include financial, operational and compliance data.

An appropriate committee for MIS that will evaluate data received through various information systems which will ensure supply of correct ad accurate information to the management.

Establishment of Compliance Culture:

-The board of directors and the senior management must establish a compliance culture within the bank that emphasizes and demonstrates to all levels of personnel the importance of internal control and compliance culture.

-In order to establish a compliance culture, the board of directors and senior management must promote a high ethical and integrity standards.

-The board of directors and the senior management should establish a “Code of Conducts/Ethics” that all levels of personnel must sign and adhere to.

Therefore, a bank is said to have strong compliance culture when throughout the organization/bank employees are encouraged to comply with policies, procedures and regulation.

Even an individual at the lowest or at the highest level should be empowered to speak up without the fear of reprisal it she/he identifies something non-compliant.

Policy/Process guidelines :

Each bank should have some policy guidelines in order to ensure an effective control and compliance system over its process in various fields i.e. Credit, HR, Finance & Accounts, Treasury, Customer Service etc.

1. Credit policy manual/guideline

-Risk classes, lending limits is credit authorities

-Leading guidelines

-Approval processes

-Documentations

-Secured loans & collaterals

2. Operational Manual

-A/C opening and closing

-Cash and letter operations

-Payment monitoring procedures

-Nostro account reconciliation

-L/C, collection, B to B reimbursement

-Loan Administration

-Treasury operations

-Anti-Money Laundering Procedures.

3. Finance & Accounting Manual:

-Treatment of land building & equipment

-Capital adequacy & shareholders equity

-Treatment of expenditure

-Commission, Fees & Revenues

-Income tax procedures

-Write off procedures

4. Treasury Manual:

-Liquidity

-Investment

-Capital Management

-Dealing room activity

-ALCO

5. HR Policy Manual:

-Recruitment policy

-Background checking policy

-Leave policy

-Compensation policy

-Reward & Recognition Policy

-Termination & Retirement Policy

-Promotion & Increment Policy

-Training

6. ICC Manual:

-KYC

-Code of Conducts

-Gift giving & acceptance

-Monitoring procedures

-Audit & Inspection Guideline

Tools of ICC System:

1. Department Control Function checklist (DCFCL).

-Daily

-Weekly

-Monthly

-Quarterly

1. Loan Documentation Checklist (LDC).

1. Quarterly Operations Report (QOR).

Risk Recognition & Assessment:

Individual items in the DCFCL need to be assigned a risk rating in terms of the following dimensions:

a) Impact:

-Before taking into account of the mitigation what is the impact/result of the lapses/omission.

b) Probability:

-After taking into account of the mitigation what is the likelihood/ chance of the vent occurring.

Risk Matrix

Probability / 3 / High / High / High
2 / medium / medium / high
1 / low / medium / high
1 / 2 / 3
Impact

-o-

Thank You.