Session 4

Question 1

What are the main objectives of the Internal control process?

Answer 1

1. Efficiency and effectiveness of activities (performance objectives).
2. Reliability, completeness and timeliness of financial and management information
   (information objectives)
3. Compliance with applicable laws and regulations (compliance objectives)

Question 2

What are the major elements of the Internal control framework?

Answer 2

1. Management oversight and the control culture
   a. Board of directors
   b. Senior management
   c. Control culture
2. Risk recognition and assessment
3. Control activities and segregation of duties
4. Information and communication
5. Monitoring activities and correcting deficiencies

Question 3

How do you create an effective risk recognition internal control system?

Answer 3

Continuously assessing & recognizing material risks

Covering all the risks facing the bank

Internal control revisions of these risks

Question 4

What are some risks a bank could face?

Answer 4

credit risk,

country and transfer risk,

market risk,

interest rate risk,

liquidity risk,

operational risk,

legal risk and reputational risk,

cyber-security risk.

Question 5

How do you conduct an effective activity control system?

Answer 5

Top level reviews on controls for each department

Checking for exposure

System of approvals and authorizations

system of verification

Question 6

how do you conduct a good internal control system using information and communication?

Answer 6

Get good data of internal activities, external events to make good decisions.

Reliable info systems on the activities of the bank

Good channels of communication so all staff understand policies and adheres

Question 7

How do you conduct the monitoring on the internal control system?

Answer 7

Daily monitoring done by the business line themselves.

Periodic monitoring done by internal audit

Independent internal audit, they report to board of directors or audit committee

Timely reporting sent to relevant management

Question 8

How do supervisory authorities evaluate internal control systems?

Answer 8

Consistent internal controls based on the company & their activities.

A control which is responsive to the environment

Question 9

What are the three lines of the defence?

Answer 9

1st LOD or the front-line/business

2nd LOD or “independent risk management”

3rd LOD or “internal audit”

Question 10

What does the first line of the defence do?

Answer 10

verify the quality of their employees’ work whilst assessing the risks associated with their activities

Question 11

Who is in charge of conducting the first line of defence?

Answer 11

Its a permanent control conducted by the operational line managers

Question 12

What does the second line of defence do?

Answer 12

They work as a preventive force analysing risks creating frameworks to evaluate if the risk assumed is permissible.

continuous risk monitoring (analyses, following indicators and checking the limits)

Question 13

Who is in charge of conducting the second line of defence?

Answer 13

The permanent task of the risk management team

Question 14

Who is in charge of the thrid line of defence?

Answer 14

The internal audit department.

They do these periodic assessments and provide their findings to the audit committee

Question 15

What does the third line of defence do?

Answer 15

Evaluation of and reporting :

• On the quality of the financial status of each audited unit,
• They concur with levels of risks involved (does the risk level make sense?)
• They assess the valuation devices and of the control of risk.
• Assess the reliability and integrity of the accounting and management information.
• Evaluate compliance