Term Paper on Controlling Proceess

Govt. Titumir College condition w altogetherpaper On Application of domineering Process in depository pecuniary institutioning Sector in Bd. Prep bed By administrate by Name Md. Golap Mia Rita Khandoker Roll181 Year BBA (2nd year) Lecturer Session 2011-12 section of Management NU Roll No 9613648 Govt.Titumir College De per centumment of Management Dhaka. Govt. Titumir College, Dhaka. Date of gentility 26. 01. 2012 letter of Transmittal To Lecturer segment of Management Govt. Titumir College, Dhaka. Sub Letter of transmittal. Dear Sir. I would like to draw your kind circumspection that we argon fill inmitting our field whatever(prenominal)what the headic of Application of defendling Process in avering Sector in Bd. We vex tried our best to prepargon this distinguish which forget fulfill our prerequisite.We believe all these impertinent ideas from this Term Paper will help us in our future practical life. We will be gamyly grateful to your honor if you woul d kindly accept our Term Paper and obliged thereby. Thanking you Name Golap Mia Year BBA (2nd year) Session 2011-12 NU Roll No 9613648 Department of Management Govt. Titumir College,Dhaka. Table of contents and counts ChapterTopic chance onPage count 1 Introduction4 2Conceptual yields5-6 3Database7 4Findings of study8-24 5Conclusion& recommendations25-27 1. upcountry get over Policy 1. 1) Overview vernacularing has a diversified and complex fiscal bodily do which is no longer limited within the geographic boundary of a country. Since its doance sees high lay on the open fireal, the issue of effectual versed curbs trunk, corporate g everywherenance, transpargonncy, obligation has become world-shattering issues to chink smooth runance of the blasphemeing manufacture through and throughout the world. In m separately banks familiar oblige is determine With immanent visit the range of inherent confine is non limited to analyse black market.It is an i nbuilt part of the daily activity of a bank, which on its own meritoriousness identifies the dangers associated with the attend to and adopts a measure to mitigate the aforementi 1d(prenominal). ingrained audit on the duster(a) hand is a part of essential chair system which reinforces the admit body through lawful check up on. According to an IMF publication home(a) affirm refers to the mechanics in quad on a fixed basis to visit the activities in an political science, both(prenominal) at a rudimentary and at a departmental divisional take.A place comp mavinnt of effectual inside correspond is the operation of a solid grudgeing and selective in physiqueation corpse. In Bangladesh analysis on the manageances of the banks has pointed out that an effective inborn influence remains could bring on contributed substantially in improving the performance of the mer flush toilettile banks if the go through finishing is brought in through polity sig nposts and structural switch overs at these banks and procedural gibes. (1. 2) Objective of suppressnal inhibitThe primary objective of indispensable concord system in a bank is to help the bank perform better through the use of its re commencements. by inner(a) fudge system bank identifies its weaknesses and earns tolerate measures to overcome the same. The main objectives of interior controller be as fol deplorables Efficiency and military capability of activities (performance objectives). Reliability, complete(a)ness and quantifylines of fiscal and counsel t each(prenominal)ing ( culture objectives) conformance with applicable laws and mandates ( respectfulness objectives) .Accountability to the poster. (2) STANDARDS OF INTERNAL CONTROL Internal control policies launch onwards slightly standards that departments moldiness move over and incorporate in an natural control complex body part (I)Cover all activities All fiscal institutions should take natural controls which have indemnifyage over all their functions, in general, and the key take a chance beas (KRA) in extra. Key danger Areas accept those core activities, the break down of which whitethorn render a pecuniary institutions unable to meet its obligations to its customers, governors and the sponsors.Further, the pretend originating from much(prenominal)(prenominal) activities is of the type that it whitethorn cause in systemic failure of different pecuniary institutions. Examples of key risk aras ar fluidness Risk, Interest position Risk, Foreign substitution Risk, course acknowledgment Risk, Operational Risk, and so forth (II) Regular let Control activities should be an integral part of the daily activities of a fiscal institutions / DFI in such(prenominal) a manner that it becomes ingrained in their on-going surgical mathematical operationes rather than a year-end fire drill to satisfy certificate requests from auditors and supervisors. III) Separation of Duties Duties should be divided so that no one soul has complete control over a key function or activity. (IV) Authorization and Approval All transactions should be authorized beforehand recording and execution. (V) Custodial and Security Ar governments Responsibility for custody of assets unavoidablenesss to be separated from the cerebrate record keeping. (VI) Review and Reconciliation Records should be examined and harmonize to regularly determine that transactions ar by rights solveed, ratified and booked. VII) carnal Controls Equipment, inventories, cash and separate assets should be secured materially, counted periodically and comp argond with amounts shown on control records. (VIII) dres burble and Supervision Qualified, substantially-trained and supervised employees always help fancy that control mathematical operationes function the right way. (IX) Documentation Documented policies and agencys promote employee below(a)standing of duties an d help figure tenaciousness during employee absences or swage. Therefore, policies and procedures (in the form of operations manual(a)s and desk instructions) should embody in all pecuniary institutions / DFI. X) Communication of vastness of Internal Controls Setting standards of professional law and work ethics and ensuring that all levels of force play in their ecesis know the importance of intrinsic controls and understand their bureau in the immanent controls transit and be fully engaged in the process. (XI) Cost/Benefit It is for the monetary institutions to measure the costs associated with control processes commensurate with the expected benefits. The controlling process selective tuition are collected in a standardized way.To start, the controlling process squad, with academic advisers, designs a questionnaire. The questionnaire uses a simple control case to visualise comparability across economies and over whilewith assumptions about the legal form of the control, its size, its location and the genius of its operations. Questionnaires are administered through to a greater extent than 28 local experts, including lawyers, banker, chore consultants, accountants, freight forwarders, government officials and oppositewise professionals routinely administering or advising on legal and restrictive requirements.These experts have several rounds of interaction with the controlling process team, involving conference calls, written correspondence and visits by the team. For Controlling process 2012 team members visited 4 economies to verify data and recruit respondents. The data from questionnaires are subjected to m each(prenominal) rounds of verification, leading to revisions or expansions of the instruction collected. It is not a statistical survey, and the texts of the pertinent laws and regulations are collected and answers checked for accuracy. The methodology is inexpensive and easily replicable, so data flowerpot be collected in a puffy sample of economies.Because standard assumptions are utilize in the data collection, comparisons and benchmarks are valid across economies. Finally, the data not only highlight the point of specific regulative obstacles to rail line but likewise identify their source and point to what might be reformed. Limits to what is measured The Controlling process methodology has 5 limitations that should be considered when interpreting the data. First, the collected data refer to line of cropses in the economys largest note city and whitethorn not be representative of regulation in opposite parts of the economy. To cost this limitation, sub nationalControlling process indicators were created (see the section on sub national controlling process indicators). arc molybdenum, the data often focus on a specific business formgenerally a commercial bank (or its legal equivalent) of a specified sizeand may not be representative of the regulation on other businesses, for exampl e, Islami Bank Third, transactions described in a standardized case scenario refer to a specific set of issues and may not represent the full set of issues a banking encounters. Fourth, the measures of time strike an element of judgment by the expert respondents.When sources indicate different estimates, the time indicators report in Controlling process represent the median value of several responses given under the assumptions of the standardized case. Finally, the methodology assumes that a business has full information on what is required and does not waste time when completing procedures. In practice, completing a procedure may take longer if the business lacks information or is unable to follow up promptly. ELEMENTS OF A SOUND SYSTEM OF INTERNAL CONTROLS AND THE PRINCIPLES FOR ASSESSING THE SYSTEM (A)Elements of Internal ControlsAn effective interior control system consists of quest interrelated dowrys 4. 1. Management perplexity & Control environment 4. 2. Risk sullen j udgement & charge 4. 3. Control activities & separatism of duties 4. 4. news report, information & conference and 4. 5. Self assessment & superintend 4. 1 Control Environment The environment in which home(a) control operates has an cushion on the say-so of the control procedures. In fact it is institutions control environment which embodies the principles of strong privileged control. Besides giving coordinate to the inner(a) control system, it provides iscipline and protocol. The success of control environment is judged according to the integrity, ethics, and competence of personnel the organisational mental synthesis of the institution trouble by the come on of directors and study(ip)(postnominal) heed directions philosophy and ope military rank(a) style attention and direction provided by the wit of directors and its committees, especially the audit and risk prudence committees personnel policies and practices and extraneous influences affect operations and pr actices. In order for inherent controls to be effective, an book control environment should demonstrate following behaviors circuit tabular array of directors critical look backwards policies and procedures periodically and realises their accord carte du jour of directors determines whether there is an audit and control system in place to periodically test and monitor compliance with inner control policies/procedures and to report to the dining table instances of noncompliance bill of fare of directors ensure liberty of natural and external auditors such that inwrought audit directly reports to the audit committee of the bill of fare which is responsible to the board and that external auditor interacts with the give tongue to committee and presents focal point letter to the board directly Board ensures that eliminate remedial action has been taken when instance of noncompliance are report and that system has been improved to avoid recurring errors/mistakes Managem ent information systems provides comme il faut information to the board and that the board can have purpose of attack to fiscal institutions records, if need arises Board and direction ensure communication of conduct or ethics policies and compliance thereof down the line within the organization In short, a strong control environment and an effective upcountry audit function, can portentously complement specific control procedures.However, typography of cozy control environment at a point-of-time does not, by itself, ensure the lastingness of the overall system of indwelling control but it is the ceaseless supervision by solicitude to ensure if it is functioning as plus and is modified as appropriate. M each innate control failures that resulted in significant losses for pecuniary institutions could have been substantially lessened or trade surface avoided if the board and old wariness of the organizations had establish strong control cultures. derelict control cultures often had 2 common elements First, aged(a) worry failed to strain the importance of a strong system of internal control through their words and actions, and most gravely, through the criteria employ to determine compensation and promotion.Second, senior(a) management failed to ensure that the organisational structure and managerial accountabilities were well- delineate. For example, senior management failed to require adequate to(predicate) supervision of key shutdown projectrs and describe of the personality and conduct of business activities in a timely manner. Senior management may weaken the control culture by promoting and rewarding managers who are successful in gene paygrade profits but fail to implement internal control policies or yell problems identify by internal audit. such actions send a message to others in the organization that internal control is considered secondary to other goals in the organization, and thus diminish the commitment to and eccentric of the control culture. 4. 2 Risk assessment and managementEvery financial institutions activity involves some kind of risk and this creates a compulsion for the financial institutions that, as part of an internal control system, these risks are cosmos identified, assessed and mitigated. From an internal control perspective, risk assessment involves acknowledgement and paygrade of factors, both internal and external, that could adversely affect performance, information and compliance objectives of a financial institutions. Internal factors accommodate complexity, nature and size of operations caliber of personnel and employee turnover objectives and goals, and so forth External factors entangle fluctuating economic conditions, changes in the industry and technological advances, degree of aggressiveness of the market and competition faced by the market participants, etceteraIt may be noted that it differs from the risk management process, which typically focuses mo re on the review of business strategies and plans developed to maximize the risk/reward trade-off within the different areas of the financial institutions. This risk identification should be done across the full spectrum of activities denotationing both measurable and non-measurable aspects of risks. Second part of risk assessment evaluation is done to determine which risks are controllable by the financial institutions and which are not. For those risks that are controllable, the financial institutions essential assess whether to accept those risks or the extent to which it wishes to mitigate the risks through control procedures.For those risks that cannot be controlled, the financial institutions must decide, for the present, whether to these risks or to withdraw from or pore the level of business activity concerned. But for the future, internal controls may need to be revised to appropriately address whatever new or antecedently uncontrolled risks. An effective risk assessme nt system allows the board and the management to plan for and respond to quick and emerging risks in the financial institutions activities. For that matter, such a system needs to demonstrate following Board and management involve audit personnel or other internal control experts in the risk assessment and risk evaluation process.Those experts should be competent, knowledgeable, and provided with adequate resources. As the risks mutate with time and with changing circumstances, the board and the management, with referable involvement of audit personnel, should appropriately approximate the risks and consider control issues related to existing products and those germane(predicate) to new products and activities. Risk coverage in the form of insurance (that is risk transfer) or provisioning (contingency fund) in relation to the financial institutions risk profile is adequate. In the recent past, inadequate risk assessment has contributed to some organizations internal control prob lems and related losses.In some cases, the capability high yields associated with ac doctrineed loans, investments, and derivative instruments distracted management from the need to thoroughly assess the risks associated with the transactions and devote sufficient resources to the continual observe and review of risk exposures. losings have also been caused when management has failed to update the risk assessment process as the organizations operating environment changed. For example, as more complex or sophisticated products within a business line are developed, internal controls may not be reard to address the more complex products. A second example involves entry into a new business activity without a full, objective assessment of the risks involved.Without this limited review of risks, the system of internal control may not appropriately address the risks in the new business. 4. 3 Instituting Controls Control activities are designed and implemented to address the risk that the financial institutions identified through the risk assessment process as described above. Control activities involve (a) establishment of control policies and procedures, (b) verification that the control policies and procedures are being complied with. It is desired that control activities should involve all levels of personnel in the financial institutions, including senior management as well as front line personnel. Instituting an appropriate controls structure ensures the expertness of an internal control system. This process involvesExistence and compliance of policies and procedures ensuring that decisions are make with appropriate approvals and authorizations for transactions and activities while assuring that expulsions to the policies are minimal and describe to the board and the evanesce management Timely reconciliation of accounts so that big(p) items, both on-and of balance-sheet, are resolved and cleared Segregation of duties, existence of cross-checks, more-th an-one-person authorization, ternary controls, joint custody of keys, safeguards for access to and use of sensitive assets and records and forced throw policies, employees rotation systems are functioning in sensitive positions or risk-taking activities so that concerned employees do not have absolute control over areas Building of such reporting lines within a business or functional area that independence of the control function is ensured Accountability mechanism for the actions taken by the personnel as per their responsibilities and uthorities Structure and functioning of compliance inningwork through which the board and senior management establishes that compliance with applicable laws and regulations is ensured. In short, top level reviews appropriate activity controls for different departments or divisions physical controls checking for compliance with exposure limits and follow-up on noncompliance a system of approvals and authorizations and, a system of verification and reconciliation are major constituents of the control activities. 4. 4 Accounting breeding and Communication Systems An institutions accounting, information, and communication systems ensure that risk-taking activities are within insurance policy guidelines and that the systems are adequately tested and reviewed.For this the following is important to note Effective internal control system requires that there is an effective reporting system of information that is germane(predicate) to decision making. The information should be received, timely accessible and provided in a consistent format. Information would have to let in external market information about events and conditions that are pertinent to decision making. Internal information allow financial, operative and compliance data. There, should be appropriate committees within the organization which would evaluate data received through various information systems. This will ensure supply of correct and accurate information to the management.Internal information must cover all significant activities of the financial institutions. These systems including those that hold and use data in electronic form must be secure, monitored independently and supported by contingency arrangements. Most importantly the channels of communication must ensure that all s fully understand and adhere to policies and procedures effecting their duties and responsibilities and that other relevant information is reaching the appropriate personnel. An accounting system is adequate if it properly identifies, assembles, analyzes, classifies, records, and reports the institutions transactions in accordance with prescribed formats and multinational best practices.The adequateness of information systems is determined by the type, number, and depth of reports it generates for operational, financial, managerial, and compliance-related activities and the access and authorization to information systems. An ideal information system cover s the full range of its activities in such a manner that information remains comprehendible and useful for audit trail. fair to middling information and effective communication are essential to the proper functioning of a system of internal control. From the financial institutions perspective, in order for information to be useful, it must be relevant, reliable, timely, accessible, and provided in a consistent format.Information accommodates internal financial, operational and compliance data, as well as external market information about events and conditions that are relevant to decision making. Internal information is part of a record-keeping process that should include open procedures for record retention. On the one hand, the enough of communication systems is established by the fact that it imparts significant information throughout the institution (from the top down and from the bottom up, and laterally), ensuring that personnel understand whatever has been enunciated and on the other hand, communication system should ensure that significant information is imparted to external parties such as regulators, shareholders, and customers. Without effective communication, information is useless.Senior management of financial institutions needs to establish effective paths of communication in order to ensure that the obligatory information is reaching the appropriate people. This information relates both to the operational policies and procedures of the financial institutions as well as information regarding the actual operational performance of the organization. The organizational structure of the financial institutions should facilitate a complete flow of information up(a), downward and across the organization. A structure that facilitates this flow ensures that information flows upward so that the board of directors and senior management are aware of the business risks and the operating performance of the financial institutions.Information flowing dow n through an organization ensures that the financial institutions objectives, strategies, and expectations, as well as its established policies and procedures, are egestd to humble level management and operations personnel. This communication is essential to achieve a unified effort by all financial institutions employees to meet the financial institutions objectives. Finally, communication across the organization is requisite to ensure that information that one division or department knows can be shared with other affected divisions or departments. 4. 5 Self- sound judgement and Monitoring An integral component of internal control system is self-assessment and monitor which includes Board and senior management oversight of the internal control, control reviews, and audit findings.Before starting full scale control review, the board and senior management should give their approval of the overall scope of the control review activities (e. g. , audit, loan review, etc. ). Frequent and comprehensive reporting of deviations to the board or board committee and senior management regarding adequateness of details and timely presentation to allow for resolution and appropriate action. Adequate documentation of management responses to audit or other control review findings so that it can be tracked for adequate follow-up. Board or board committee or senior management review of the qualifications and independence of the personnel evaluating controls (e. g. , external auditors, internal auditors, or line managers). pecuniary institutions is a dynamic, rapidly evolving industry.Financial institutions must continually monitor and evaluate their internal control systems in light of changing internal and external conditions, and must enhance these systems as necessary to put forward their effectiveness. Monitoring the effectiveness of internal controls should be part of the daily operations of the financial institutions but also include separate periodic evaluations of the overall internal control process. The frequency of monitor different activities of a financial institution should be determined by considering the risks involved and the frequency and nature of changes occurring in the operating environment. Ongoing monitoring activities can offer the advantage of quickly detecting and correcting deficiencies in the system of internal control.Such monitoring is most effective when the system of internal control is integrated into the operating environment and produces regular reports for review. Examples of ongoing monitoring include the review and approval of journal entries, and management review and approval of excommunication reports. (B) CONTROL PRINCIPLES So far we have contended about the elements of a sound internal control. Now the question is how to assess the internal controls of a particular organization The following principles related to the fundamental elements of control should be borne in head word while assessing internal control A. Management Oversight and Control Environment dominion 1The board of directors should have responsibility for pass and periodically reviewing the overall business strategies and significant policies of the financial institutions understanding the major risks run by the financial institutions, lay acceptable levels for these risks and ensuring that senior management takes the steps necessary to identify, measure, monitor and control these risks approving the organizational structure and ensuring that senior management is monitoring the effectiveness of the internal control system. The board of directors is ultimately responsible for ensuring that an adequate and effective system of internal controls is established and maintained. article of faith 2Senior management should have responsibility for implementing strategies and policies approved by the board developing processes that identify, measure, monitor and control risks incurred by the financial institutions maintain ing an organizational Structured that clearly assigns responsibility, authority and reporting relationships ensuring that delegated responsibilities are efficaciously carried out setting appropriate internal control policies and monitoring the enough and effectiveness of the internal control system. belief 3 The board of directors and senior management are responsible for promoting high ethical and integrity standards, and for establishing a culture within the organization that emphasizes and demonstrates to all levels of personnel the importance of internal controls. All personnel at a financial institution sing organization need to understand their role in the internal controls process and be fully engaged in the process. B) Risk Recognition and assessment Principle 4An effective internal control system requires that the material risks that could adversely affect the achievement of the financial institutions goals are being accept and continually assessed. This assessment sh ould cover all risks facing the financial institutions (that is, credit risk, country and transfer risk, market risk, interest rate risk, liquidity risk, operational risk, legal risk and reputation risk). Internal controls may need to be revised to appropriately address any new or previously uncontrolled risks. C) Control Activities and Segregation of Duties Principle 5 Control activities should be an integral part of the daily activities of a financial institution. An effective internal control system requires that an appropriate control structure be set up, with control activities defined at every business level.These should include top level reviews appropriate activity controls for different departments or divisions physical controls checking for compliance with exposure limits and follow-up on non-compliance a system of approvals and authorizations and, a system of verification and reconciliation. BIS Framework for Internal Control Systems in Financial institutions. Principle 6 An effective internal control system requires that there is appropriate segregation of duties and that personnel are not designate conflicting responsibilities. Areas of authorization conflicts of interest should be identified, minimized, and subject to careful, independent monitoring. D) Information and communication Principle 7An effective internal control system requires that there are adequate and comprehensive internal financial, operational and compliance data, as well as external market information about events and conditions that are relevant to decision making. Information should be reliable, timely, accessible, and provided in a consistent format. Principle 8 An effective internal control system requires that there are reliable information systems in place that cover all significant activities of the financial institutions. These systems, including those that hold and use data in an electronic form, must be secure, monitored independently and supported by adequate conti ngency arrangements. Principle 9An effective internal control system requires effective channels of communication to ensure that all staff fully understand and adhere to policies and procedures affecting their duties and responsibilities and that other relevant information is reaching the appropriate personnel. (E) Monitoring Activities and Correcting Deficiencies Principle 10 The overall effectiveness of the financial institutions internal controls should be monitored on an ongoing basis. Monitoring of key risks should be part of the daily activities of the financial institutions as well as periodic evaluations by the business lines and internal audit. Principle 11 There should be an effective and comprehensive internal audit of the internal control system carried out by operationally independent, appropriately trained and competent staff.The internal audit function, as part of the monitoring of the system of internal controls, should report directly to the board of directors or it s audit committee, and to senior management. Principle 12 Internal control deficiencies, whether identified by business line, internal audit, or other control personnel, should be describe in a timely manner to the appropriate management level and address promptly. Material internal control deficiencies should be reported to senior management and the board of directors. RESPONSIBILITIES OF THE PARTIES TO INTERNAL CONTROL The board of directors, senior management and other personnel of financial institutions are responsible for establishing, maintaining, and operating an appropriate internal control system on an ongoing basis. Board of DirectorsThe Board of Directors of all financial institutions is responsible for ensuring that an adequate and effective internal control system exists in their organization and that the senior management is maintaining and monitoring the performance of that system. Moreover, Board should periodically review the internal control systems and the signif icant findings. From the above it can be said that The overall responsibility of setting acceptable level of risk, ensuring that the senior management committee take necessary steps to identify , measure , monitor and control these risks, establishing broad business strategy, significant policies and understanding significant risks of the company rests with the Board of Directors.Through the establishment of an scrutinise direction of the Board and Internal Control Department the Board of Directors can monitor the effectiveness of internal control system. The internal as well as external audit reports will be sent to the board without any intervention of the management and ensure that the management takes timely and necessary actions as per the recommendations. The Board should have periodic review meetings with the senior management to discuss the effectiveness of the internal control system of the company and ensure that the management has taken appropriate actions as per the re commendations of the auditors and internal control. ManagementSenior management of financial institutions have the responsibility for implementing strategies and policies as approved by the board in work place developing processes that identify, measure, monitor and control risks incurred by the financial institutions maintaining an organizational structure that clearly assigns responsibility, authority and reporting relationships ensuring that delegated responsibilities are effectively carried out setting appropriate internal control policies and monitoring the adequacy and effectiveness of the internal control system. audited account Committee of the Board This Committee shall be formed by the Board of a company.The members of the scrutinize Committee shall be the selected Directors and the Managing Director. The Committee shall seat at least every quarter in a year. The Committee shall perform its work through an Internal Control Unit comprising of the analyze & Inspection win g and accordance wing. The Committee shall monitor the adequacy and effectiveness of the Internal Control System establish on established policies and procedure. The Committee vide its two wing shall produce, on quarterly basis, a report on internal control system and significant findings and present it to the Board. The terms of reference of the Audit Committee, frequency of meeting , name of the members of the Committee shall be decided by the Board. External AuditorThe external auditors are not part of a financial institution and, therefore, are not part of its internal control system, yet they have an important impact on the quality of internal controls through their audit activities, including discussions with management and recommendations for improvement of internal controls. The external auditors provide important feedback on the effectiveness of the internal control system. The concept of external reporting on internal controls is well established and supported in the acc ounting literature. It is expected that external / statutory auditors shall review control systems for the impact they have on financial reporting and compliance with relevant policies, procedures, regulations and laws.The extent of attention given to the internal control system may vary by auditor and by financial institutions however, it is generally expected that the auditor would identify significant weaknesses that exist at a financial institutions and report material weaknesses to management and the board in the form of an audit report/ management letter. As regards internal control and the role of external auditors the following things should be borne in mind by the auditors External Auditors by dint of their independence from the management of the financial institutions can provide unbiased recommendation on the strength and weakness of the internal control system of the financial institutions.They can examine the records, transactions of the financial institutions and evalu ate its accounting policy, disclosure policy and methods of financial estimation do by the financial institutions this will allow the board and the management to have an independent overview on the overall control system of the financial institutions. It should be made obligatory on the part of the auditor to report to the Bangladesh Bank immediately if during the course of audit the auditor come across any facts which (1) might warrant qualification (2) endanger the entity audited and (3) indicate that the organization has badly infringed the regulatory provisions/guidelines. RegulatorThe Financial Institutions Department(FID) of Bangladesh Bank is the direct supervisor of the financial institutions of Bangladesh. FID has many responsibilities to the Financial Institutions to protect interest of the public and to maintain financial discipline. The responsibilities of FID should be regulatory as well as advisory. In order to achieve the regulatory and supervisory objectives the Ba ngladesh Bank may record a comprehensive supervisory framework. Supervision can be of two types a. On Site Supervision and b. off-key Site Supervision Off site supervision would structurally be an in-house review and analysis base on various statutory returns and other statements.On site supervision includes physical visit and inspection by Bangladesh Bank Official ensuring regulatory compliance, evaluation of financial soundness, appraisal of management and identification of areas requiring corrections, review of asset quality , analysis of key financial indicators etc. As a regulator the Bangladesh Bank may record a system whereby the name of the Financial Institute which had not complied with the regulatory directions could be published in the newspapers. The Bank may make it compulsory for the NBFIs to do credit rating periodically. The Bank may introduce an on-line corporate memory/profile create process based on the observations generated from off-site surveillance system , , market intelligence, complaints, supervisory rating, record of compliance with directions and inspection findings.Bangladesh Bank may destine of create mentally a suitable system for co-coordinating the Onsite inspection in tandem with the other regulatory authorities so that these NBFIs are subject to one excavation examination by different regulatory authorities. The Bank may think of introducing a supervisory rating system for the NBFIs. Such a rating system should be designed on the basis of different levels of regulatory compliance, capital adequacy and rating assigned by the credit rating agencies. Based on the rating the NBFIs may be placed in three different supervisory watch list with low, medium and high risks. The rating assigned may primarily be the tool for triggering on-the-scene(prenominal) inspection at various intervals.It shall play its role as a watch dog, review the compliances of the regulations and Circulars issued from time to time through periodic ins pections and visits, issue new directives for the betterment of macro economy, take restorative actions, if necessary, provide necessary advises and clarifications to the NBFIS. During the course of regular inspection of financial institutions or when required, Financial institutions Department (FID)of Bangladesh Bank shall review the internal control system of any financial institutions in order to ensure compliance with these guidelines and all other relevant regulations and laws, circulars issued and enforced from time to time.In growth to that, the FID may review the report of the internal auditor of the financial institutions, assessment report of the management regarding effectiveness of the internal control and Boards endorsement thereof and the external/statutory auditors evaluation of the management regarding effectiveness of the internal control. In addition to the above the following points shall also apply to the regulators For the financial institutions Bangladesh Bank is the primary regulator, who governs the activities of financial institutions. In addition Tax Authority, Registrar of Joint Stock Company Finance Ministry, Securities and Exchange Commission etc. are different types of Govt. bodies whose directives have significant impact of financial institutions business. The internal control system should always take into account the financial institutions internal processes to meet the regulatory requirement before conducting any operation.The internal control system of the financial institutions must be designed in a manner that the compliance with regulatory requirements is recognized in each activity of the financial institutions. The financial institutions must obtain regular information on regulatory changes and distribute among the concerned department, so that they can take necessary, action to adapt to such changes. The financial institutions must develop an effective communication process which will allow smooth dissemination of rel evant regulations among different departments and, personnel. IMPLEMENTATION OF INTERNAL CONTROLS Various models/methodologies are used for the design and implementation of internal controls.However, it is the decision of the organizations to decide what model / strategy suit the size, nature, complexity, scope, risk exposure, etc. of their activities. Nevertheless, following is a brief epitome of the key points that should be kept in mind while implementing the internal controls Compare current practices to the internal control system and identify gaps. For an internal control expert, the most important consideration should be to evaluate the existing system of internal control in comparison to one defined by these guidelines and other international best practices. In this regard the prime(prenominal) step is to identify what is and what is not covered by existing practices. shoot senior management, the audit committee, audit staff, other key players.The thought process and impl ementation of change should not be considered as just other audit things. Senior management and the audit committee must be perceived as driving the change and developing the control culture. Assess business environment, organization culture and key players. Before the process of change is set in, it would be necessary to understand (1) what is changing in the culture (2) What is changing in the organizations businesses and systems (3) Are there organizational initiatives which internal control system implementation could link to (4) What is the perception about the internal auditing function within the organization .Decide on implementation strategy. If the new practices can be designed to align with other organizational initiatives, or if senior management has taken ownership, this step is relatively easy. In any case, having a realistic implementation strategy is critical to success. Most implementers introduce the new ideas slowly and informally, building on personal relationsh ips within the organization, earreach as much as talking, and gradually building a consensus for change. support training to everyone involved. The most critical factor to the successful implementation of a control model is that everyone involved must understand internal control.Effective training depends heavily on how concepts are phrased and the concrete examples and exercises which make the concepts real to participants. discipline & Improvement The findings of the internal audit department and that of other experts should be reported back to the relevant staff/office for rectification and improvement of the internal control system. Instituting an appropriate organization structure Organization structure plays a vital role in establishing effective internal control system. It is the sometimes called the pictorial representation of the range of command and the authority and supervision chain of an organization.The essence of the ideal organizational structure that will facili tate effectiveness of the internal control system is the segregation of duties. The financial institutions should, depending on the nature of business, structure, size, location of its wooden leges and strength of its manpower try to establish an organizational structure which allow segregation of duties among its key functions such as marketing, operations, credit, financial administration etc. Up to which level this segregation will take place will depend on an individual financial institution. For instance a financial institution which has small branch operations at unconnected places of the country may not find it feasible to have such functional segregation of duties at that branch level.However at the higher level such segregation should exist and where possible this should be extended to the branch levels. In cases where such segregation is not possible, there must be certain monitoring mechanism which should be independently reviewed to ensure all policies and procedures a re followed at the branch level. A detail guideline in this respect is given in the following section. Structure of the Internal Control Unit For an effective control system a separate organizational structure is also provided for this unit. The audit committee of the board shall be the match point for the internal control unit. The unit should be adequately staffed so that it can perform its duty properly.In order to ensure that availability of competent people with internal control the financial institutions will make it authorization for all middle to senior management staff to spend at least two years with internal control on second meant. The head of internal control will report directly to the Audit Committee of the Board He will be responsible for the both compliance and control related tasks which include compliance with laws and regulation, audits and inspection, monitoring activities and risk assessment. The audit team of the internal control unit will perform periodic and special audit and inspection. The compliance unit will be responsible to ensure that financial institution complies with all regulatory requirement while conducting its business.They will maintain liaison with the regulators at all level and notify the other units regarding regulatory changes. Audit Committee of Board Audit & Inspection Wing Inspector Compliance Wing Internal Control Unit Preparing various guidelines/manuals Each Financial institution should have a policy guideline in line with relevancy laws and internal documents in order to ensure an effective control over its process in various fields e. g. credit, human resources, finance & accounts, treasury, audit, customer service etc. There should be a written policy guideline for each Departments function which may be as follows. (a) cadence Operating Procedures -Credit & Operations The main objective of change money is to ensure maximum return of lend able fund.This manual should highlight the process starting from review of credit proposals, obligor risk rating, approving credit limit, disbursal of loans, monitoring of credit risk etc. Various types of MIS should be provided in order to have better control over assets of the financial institutions which can be generated if the system is in place. This manual should also apply role of Credit Admin. , Trade Finance, Reconciliations, Cash, Clients service, Treasury, Back office etc. It should also reflect a clear guideline regarding Anti-Money clean activity in order to protect Financial institutions interest. Credit Admin will be responsible for monitoring of limits and outstanding as per credit approval.This manual should cover the following areas inter alias Risk classes, lending limits and credit authorities Investment policies Policies on financial & other product & services Lending guidelines Approval processes Documentations Securities and collaterals etc. Account Opening and closing Payment monitoring procedures Loan Administration T reasury Operations Anti-money Laundering procedures etc. (b) Finance & Accounting manual of arms This manual should provide guidelines on financial activities regarding income and expenditure of a financial institution. They will look after(prenominal) if there is any exaggeration of expenditure where it is necessary to get control.This manual must incorporate a clause which shall make it mandatory to take aim and present an annual budget which shall exact target business, revenue, expenses, capital expenditures etc. This budget should be placed to the Board before starting of a new year and a periodic review of the actual achievement. Through this process it can also ensure the profitability of the financial institutions. The basic content of Finance Manuals are Financial & Accounting Policies Financial Accounting Financial Management & Administration Fixed Assets Control Procurement of Goods and go Audit and Internal Control General Clause Capital structure policies Treatment of Land, Building & Equipment Capital Adequacy and Shareholders EquityTreatment of revenue and expenditures Income tax procedures put down procedures etc. (c) Treasury Manual This manual should include activities of fund transfer. Inter financial institutions fund management is one by them. The manual should include the guideline so that they may manage the financial institutions fund properly and profitably. There may be some idle fund in the financial institutions which is to be taken into account so as to make them invested in optimum profit seeking area. They should also ensure the aegis of the fund. If possible, they may look into international money market subject to the getable opportunity in the money market arena.While framing a treasury manual the following things should be considered inter alias Internal Items Liquidity Cost of fund Vs. yield from assets Policies & Procedure Skill of staff etc. External Items Market Liquidity Risks including changes in Exchange Rates Changes in regulations etc. Investments Capital management etc. (d)Human Resource Policy Manual They will, at first, ensure the proper distribution of available human resources in the infrastructure of the financial institutions. It should also delineate the authority and responsibility of each employees . To find out the right person for setting up them at the right position is very crucial.The rewarding method of that department should be impartial. They will ensure staff welfare which will ultimately pass on people and create a healthy working atmosphere. This manual should contain inter alias the following Recruitment policy Background checking policy Leave policy Compensation policy Reward and Recognition policy Termination & retirement policy Promotion and increment policy train guidelines Employees code of conduct etc. (e)Information Technology Manual This manual should contain the following areas MIS to be generated Security of Data and programme Back up system Control mec hanism of data and files Disaster recovery plan NetworkingHardware maintenance Service agreements etc. Training Manpower backup military unit backup system Data storage 20 EXAMINATION OR EVALUATION OF CONTROL As soon as the implementation of control is completed the beside question is how to evaluate the effective functioning of this system. military rating may be done in the following ways a. tick of departmental function through Check List b. Reviewing the documentation relating to operational activities through a check list c. Preparing quarterly report and reviewing the same d. Risk analysis e. Audit Process & communication of weakness departmental Control Function Checklist (DCFCL) Appendix 7. 1 to 7. 4 ) The guideline/procedure deals with matters relating to review/verifications of departmental functions to ensure that prescribed procedures are being followed by each department. b) All departments are required to check that prescribed controls are being observed and laid do wn procedures are not overlooked & relaxed. c) Departmental Managers/ section Managers will review the DCFCL to ensure that control functions are performed and documented in the control sheets (Appendix 1) at the prescribed frequencies i. e. Daily, weekly, monthly and quarterly. d) The DCFCL Checklist should be retained with the branch/departments for future inspection by Internal Control and Senior Management. Loan Documentation Checklist Appendix 7. 6The checklist deals with matters relating to security/other documentation for sanctioning credit facilities to ensure that prescribed documentation is being obtained to safe guard financial institutions interest in case of litigation. write of the loan documentation check list shall be sent to the read/loans department for their use. Quarterly Operations Report Appendix 7. 5 This guideline/procedure relates to reporting of operational functions of each branch/centre under the following heads on the enclosed format i. Policies, Proce dures and Controls ii. Protection of Valuables iii. Proofs/Verifications and Internal Checks iv. personal and Supervision and v. Premises Management vi. Confirmation on Regulatory Compliance This report will be prepared by the Departmental/Branch Head .This will be prepared in duplicate copies one reduplicate is to be dispatched to Internal Audit Department and another copy to the Audit Committee of the Board by 10th of the following month. The items which are not applicable for individual Department should be marked as N/A and no signature is required against the items marked as N/A. Any deviation in the quarterly operations report must be reported in a separate exception report or shall be marked specially in the report. Risk Analysis of Control Functions Individual items in the DCFCL need to be assigned a risk rating in terms of the following dimensions a) allude Before taking into account the mitigation (i. e. Insurance) what is the impact of the lapse/omission. b) prospect A fter taking into account of the mitigation what is the likelihood of the event occurring.To do in this task, the following matrix (Table 1) can be used. However some financial institutions may consider customization of this matrix to suit their own risk profile. Where appropriate, additional details (e. g. financial values can be added). The key principle is that all financial institutions should be able to differentiate among different levels of risk in their own area of activity and indeed ensure appropriate controls are established. Scores should be plotted on the following table to determine a category of high, medium and low risk. Conclusion Recommendations The quality of internal control is (strong, satisfactory, weak). Note Examiners should use appropriate tools (e. g. the CEO questionnaire,ICQs, and FDICIA internal control assertion work papers) and findings from all areas under examination, including the OCCs review of the banks audit functions, when completing these obj ectives and steps. When substantive supervisory concerns about the adequacy of internal control or the integrity of financial reporting controls exist after achieving the following objectives and performing the following steps, examiners should consider performing additional examination procedures, such as victimization ICQs,for those areas of concern. If, after completing those additional procedures, examiners remain concerned about internal control adequacy or financial reporting control integrity, they should perform appropriate verification procedures to confirm the existence and description of bank assets.As an alternative, examiners may require the bank to expand its own verification program to include the areas of weakness or deficiency however, this alternative will be used only if management has demonstrated a capacity and willingness to address regulatory problems, if there are no concerns about managements integrity, and if management has initiated timely corrective actio n in the past. Use of this alternative must result in timely resolution of each identified supervisory problem. If examiners use this alternative, supervisory follow-up must include a review of work papers in areas where the banks program was spread out The institutions internal control is (strong, satisfactory, weak)Objective Assess the overall effectiveness and adequacy of the institutions internal control, communicate findings to the EIC, management, and the board of directors, and complete/update OCC work papers. 1. Prepare written conclusion summaries, discuss findings with the Rican communicate findings to management.Conclusion summaries should address, as appropriate, Whether the internal control environment poses actual or potential undue risk to the institutions financial performance for any of the following reasons The magnitude of control exceptions. Financial effect of inaccurate, untimely, or awry(p) transactions. Previous losses from fraud. Claims against insuranc e policies. Employee turnover. Other high operational losses. Violations of laws or regulations and nonconformance with established internal policies and procedures related to the internal control functions. The adequacy of internal control policies, procedures, and programs to control and limit risk in bank operations. Whether bank personnel operate in conformance with established policies and, if not, the causes and consequences of nonconformance. The adequacy of information on the internal control function received by the board or its committee Significant areas of control weakness identified by internal or external audits or other control reviews and the boards and managements progress in addressing those weaknesses. Audit or other control review report findings not acted upon by management, as well as any other concerns or recommendations resulting from the review of internal control functions. Recommended corrective actions, if applicable, and managementscommitments. 2. instruct how the quality of internal control affects the aggregate level and direction of OCC risk assessments.Examiners should refer to steerage provided under the OCCs risk assessment programs for large and community banks. 3. Determine how the quality of internal control affects the banks composite and component CAMELS ratings. In coordination with examiners performing information system/technology, asset management, and fiduciary reviews, communicate the effect of control findings and conclusions on Uniform Rating System for Information Technology (URSIT), Uniform Interagency Trust Rating System (UITRS),and compliance ratings. 4. Determine, in consultation with the EIC, whether the risks identified are significant enough to merit deliverance them to the boards attention in the report of examination.If so, prepare items for inclusion under the heading Matters Requiring Attention (MRA). MRA glosss should cover practices that (1)deviate from sound fundamental principles and a re likely to result in financial deterioration if not addressed or (2) result in substantive noncompliance with laws or internal policies or processes. The examiner should provide details regarding Factors contributing to the problems and management Consequences of inaction.. Managements commitment to corrective action. The time frame for any corrective action and who is responsible further action. 5. Update any applicable schedule or table and include a comment on internal control in the report of examination.The comment should address Adequacy of internal control policies and processes, internal control and overall programs, personnel, and board oversight. Significant problems discerned by the auditors or other control reviewers that have not been corrected. Any deficiencies or concerns reviewed with management, any corrective actions recommended by examiners, and management commitments to corrective actions. 6. Prepare a memorandum and update OCC work programs with any inform ation that will facilitate future examinations. Make recommendations about the scope of the next internal control review and determine whether internal control findings should change the scopes of other area reviews. 7. Update the OCC databases, including rating screens/schedules.