Following are the checkpoints on internal controls in banks worthy of detailed deliberations and implementation
Principle 1; The board of directors should have responsibility for:
(1) Approving and periodically reviewing the overall business strategies and significant policies of the bank;
(2) Understanding the major risks run by the bank, setting acceptable levels for these risks and ensuring that senior management takes the steps necessary to identify, measure, monitor and control these risks;
(3) Approving the organizational structure;
(4) Ensuring that senior management is monitoring the effectiveness of the internal control system. The board of directors is ultimately responsible for ensuring that an adequate and effective system of internal controls is established and maintained.
Principle 2; Senior management should have responsibility for:
(1) Implementing strategies and policies approved by the board; developing processes that identify, measure,
(2) Monitor and control risks incurred by the bank;
(3) Maintaining an organizational structure that clearly assigns responsibility, authority and reporting relationships;
(4) Ensuring that delegated responsibilities are effectively carried out;
(5) Setting appropriate internal control policies; and
(6) Monitoring the adequacy and effectiveness of the internal control system.
Principle 3; The board of directors and senior management are responsible for promoting high ethical and integrity standards, and for establishing a culture within the organization that emphasizes and demonstrates to all levels of personnel the importance of internal controls. All personnel at a banking organization need to understand their role in the internal controls process and be fully engaged in the process.
Principle 4; An effective internal control system requires that the material risks that could adversely affect the achievement of the bank’s goals are being recognized and continually assessed. This assessment should cover all risks facing the bank that is, credit risk, market risk, interest rate risk, liquidity risk etc operational risk, legal risk and reputational risk). Internal controls may need to be revised to appropriately address any new or previously uncontrolled risks.