|7. Forensic Report on Fraud|
|What you need to know||Join the meeting||Review the Reports||The Board's response|
Directors routinely receive materials, often in the board packet, reporting on all aspects of a bank’s operations, including credit, liquidity and market risk (collectively called portfolio risks). It is no less important for the board to receive regular reports on operational risk. However, unlike portfolio risk monitoring reports, which focus largely on quantitative measures, such as non-performing loans, liquidity gaps, and income and capital at risk, many operational risk-related reports tend to focus more on qualitative matters.
As a board member, it can be very helpful to be aware of controls and indicators of operational risk incidents. These include:
Because a significant part of a bank’s operational risk control is accomplished through its internal controls process, the principle concern is whether the process is appropriate (in terms of effectiveness and efficiency) for the risk in the bank’s activities. Traditionally, this assessment is a job assigned to internal and external audit; for more information, review The Internal Audit Function.
In general, audit assesses the adequacy, appropriateness and adherence to a bank’s system of controls. Consequently, audit helps identify control weaknesses that deserve management’s attention, making audit reports an important monitoring tool. For more information on audit reports, review Reading Audit Reports. It is equally important for the board to ensure that management addresses weakness found and to track management’s progress in correcting those weaknesses.
Regulatory reports of examination, both safety & soundness and compliance, also contain helpful information on the bank’s operational risks. The regulatory agencies review bank management systems, processes and procedures during the course of their examinations. In some instances, they may go so far as to perform an in-depth review of the processes underlying some of the bank’s inherently risky activities, such as wire transfer, loan administration and securities. Where they find weaknesses in internal controls, bank examiners will comment on them and bring them to the attention of management and the board.
Although there are other monitoring tools, a final one is reminiscent of an old management tool called the “walk-about manager.” Being a walk-about board member can be a highly effective monitoring tool, especially in smaller banks. This monitoring approach entails informally visiting with and observing personnel in the bank’s high-risk areas and asking questions about what you see.
Some questions that can be helpful for a walk-about board member to ask include the following:
Later, compare your notes with the bank’s written policies and procedures. This can be a time-consuming process, but it forces you to become more knowledgeable about these and other controls and makes them more real by observing and hearing how they are implemented. Ultimately, this increases understanding of audit reports and other monitoring data that you are likely to review.
In summary, operational risk requires regular monitoring, and banks accomplish this in a variety of ways. Audit reports and commercial bank examination reports are two important monitoring tools. Suspicious activity report reviews, key risk indicators, and exception report reviews provide insight into the bank’s operational risks and emphasize concerns which need to be monitored further. Finally, firsthand knowledge from conversations with bank personnel who work in the bank’s high-risk activities increases understanding of risk management processes in those areas. It’s also helpful in interpreting audit reports and additional information provided by other operational risk monitoring tools.
|Return to Meeting Agenda Page
(Main Page for the Course)