Bank Internal Control Flashcards by sinuka sinuko

True or False. The internal control as defined by BSP states that Banks shall have in place adequate and effective internal control framework for the conduct of their business

True

How well did you know this?

Not at all

Perfectly

The _____________________ shall embody management oversight and control culture; risk recognition and assessment; control activities; information and communication; and monitoring activities and correcting deficiencies.

internal control framework (BSP definition)

How well did you know this?

Not at all

Perfectly

Is the process designated and effected by the BOD, senior management, and all levels of personnel to provide reasonable assurance on the achievement of objectives.

Internal Control – BSP Definition

How well did you know this?

Not at all

Perfectly

Ultimately responsible for ensuring that senior management establishes and maintains an adequate, effective and efficient internal control framework

The Board

How well did you know this?

Not at all

Perfectly

Ensure that the internal audit function has an appropriate stature and authority within the bank and is provided with adequate resources

The Board

How well did you know this?

Not at all

Perfectly

Overseeing senior management in establishing and maintaining an adequate, effective and efficient internal control framework

Audit Committee

How well did you know this?

Not at all

Perfectly

Ensure that systems and processes are designed to provide assurance in areas including reporting, monitoring compliance with laws, regulations and internal policies, efficiency and effectiveness of operations, and safeguarding of assets.

Audit Committee

How well did you know this?

Not at all

Perfectly

maintaining, monitoring and evaluating the adequacy and effectiveness of the internal control system and reporting on the effectiveness of internal controls

Senior Management

How well did you know this?

Not at all

Perfectly

develop a process that identifies, measures, monitors and controls risks; maintain an organizational structure that clearly assigns responsibility, authority and reporting relationship

Senior Management

How well did you know this?

Not at all

Perfectly

ensure that delegated responsibilities are effectively carried out

Senior Management

How well did you know this?

Not at all

Perfectly

Implement internal control policies and ensure that activities are conducted by qualified personnel

Senior Management

How well did you know this?

Not at all

Perfectly

ensure that bank personnel undertake continuing professional development and that there is an appropriate balance in the skills and resources of the front office, back office, and control functions

Senior Management

How well did you know this?

Not at all

Perfectly

shall promptly inform the internal audit function of the significant changes in the bank’s risk management systems, policies and processes.

Senior Management

How well did you know this?

Not at all

Perfectly

need to understand their roles and responsibilities in the internal control process

All Personnel

How well did you know this?

Not at all

Perfectly

should be fully accountable in carrying out their responsibilities effectively

All Personnel

How well did you know this?

Not at all

Perfectly

should communicate to the appropriate level of management any problem in operations, action or behavior that is inconsistent with documented internal control processes and code of ethics.

All Personnel

How well did you know this?

Not at all

Perfectly

Who are the responsible for management oversight and culture?

the board
audit committee
senior management
all personnel

How well did you know this?

Not at all

Perfectly

Risk recognition and assessment involves:

Internal control
risk assessment

How well did you know this?

Not at all

Perfectly

shall identify, evaluate and continually assess all material risks that could affect the achievement of the bank’s performance, information and compliance objectives.

Internal Control (Risk Recognition and Assessment)

How well did you know this?

Not at all

Perfectly

the potential for fraud shall be considered in assessing the risks to the achievement of said objectives

Internal Control (Risk Recognition and Assessment)

How well did you know this?

Not at all

Perfectly

risk assessment shall cover all risks facing the bank

Internal Control (Risk Recognition and Assessment)

How well did you know this?

Not at all

Perfectly

identifies and considers both internal and external factors that could affect the internal control framework

Risk Assessment (Risk Recognition and Assessment)

How well did you know this?

Not at all

Perfectly

shall be conducted at the level of individual business units and across all bank activities/groups/units and subsidiaries

Risk Assessment (Risk Recognition and Assessment)

How well did you know this?

Not at all

Perfectly

Internal controls shall be revised to address any new or previously uncontrolled or unidentified risks.

Risk Assessment (Risk Recognition and Assessment)

How well did you know this?

Not at all

Perfectly

Control Activities involves:

1. System that provides for top and functional level reviews 2. Checking compliance with exposure limits and follow-up on non-compliance 3. System of approvals and authorizations, which shall include the approval process for new products and services 4. System of verification and reconciliation

Internal Control under Control Activities involves:

1. Clear arrangements for delegating authority 2. Adequate accounting policies, records and processes 3. Robust physical and environmental controls to tangible assets and access controls to information assets 4. Segregation of conflicting functions.

Information and communication:

- Reliable management information system - Effective channels of communication - All personnel are cognizant of their duty to promptly report any deficiency to appropriate levels of management or to the board of directors,

Monitoring Activities and Correcting Deficiencies (Monitoring)

- Adequately defined by Management - Integrated in the operating environment - Should produce regular reports for review

Monitoring Activities and Correcting Deficiencies (Evaluation)

- Done by personnel from the same operational area or from other areas - Adequately documented - Internal control deficiencies and weaknesses identified shall be reported on a timely basis

Committee of Sponsoring Organizations (COSO) Internal Control-Integrated Framework

I. Internal control components 1. control environment 2. risk assessment 3. control activities 4. information & communication 5. monitoring

internal control components which is responsible for • Demonstrates commitment to integrity and ethical values • Exercises oversight and responsibility • Establishes structure, authority, and responsibility • Demonstrates commitment to competence • Enforces accountability

control environment

internal control components responsible for: • Specifies suitable objectives • Identifies and analyzes risks • Assesses fraud risk • Identifies and analyzes significant change

risk assessment

internal control components responsible for: • Selects & develops control activities • Selects & develops general controls over technology • Deploys through policies and procedures

control activities

internal control components responsible for: • Uses relevant information • Communicates internally • Communicates externally

information & communication

internal control components responsible for: • Conducts ongoing and/or separate evaluations • Evaluates and Communicates deficiencies

monitoring

Which part of the MORB is the BSP – Internal Control Framework referenced to?

MORB section 162

The principles under The Institute of Internal Auditors (IIA) Three Lines Model includes:

1. governance 2. governing body roles 3. management and 1st and 2nd line roles 4. 3rd line roles 5. 3rd line independence 6. creating and protecting value

accountability to stakeholders for organizational oversight

governing body

governing body roles

- integrity - leadership - transparency

actions (including managing risk) to achieve organizational objectives

management

what are the 2 line roles of management as stated in the Institute of Internal Auditors (IIA) Three Lines Model?

1. first line roles 2. second line roles

provision of products/services to clients; managing risk

first line roles (management)

expertise, support, monitoring, and challenge on risk-related matters

second line roles (management)

independent assurance

internal audit

independent and objective assurance and advice on all matters related to the achivement of objectives.

third line roles (internal audit)

key stated in the Institute of Internal Auditors (IIA) Three Lines Model

- ⬆️ accounting, reporting - ⬇️ delegation, direction, resources, oversight - ↔️ alignment, communication, coordination, collaboration

External assurance providers under the Institute of Internal Auditors (IIA) Three Lines Model are:

1. governing body 2. management 3. internal audit

Management control techniques’ means of control involves:

- Organization - Policies - Procedures - Personnel - Accounting - Budgeting

An approved intentional structuring of roles assigned to people within the entity so that it can achieve its objectives efficiently and economically.

organization

responsibilities of organization

1. division of responsibility 2. management authority 3. individual responsibility 4. effective system of follow-up 5. exercise authority without close supervision

Any stated principle that requires, guides, or restricts action.

policies

policies’ qualifications

1. clearly stated in writing 2. systematically communicated 3. conform with applicable laws and regulations 4. provide satisfactory degree of assurance that resources are safeguarded 5. periodically reviewed

Methods employed to carry out activities in conformity with prescribed policies

procedures

requirements in writing procedures

1. Coordinated (one’s work is automatically checked by another) 2. Not so detailed as tostifle the use of judgement 3. simple and inexpensive 4. not overlapping, conflicting, or duplicative 5. periodically reviewed and improved

People hired or assigned should have the qualifications to do the jobs.

personnel

under the personnel, it involves:

1. New employees should be investigated as to honesty and reliability 2. Employees should be given necessary training 3. Employees should be given information on the duties and responsibilities of other segments of the organization 4. Employee performance should be periodically reviewed

Indispensable means of financial control over activities and resources; financial scorekeeper of the organization

accounting

under accounting, it involves:

1. Fit the needs of managers for rational decision- making 2. Based on lines of responsibility 3. Permits controllable costs to be identified

A __________ is a statement of expected results expressed in numerical terms.

budget

A budget is a statement of expected results expressed in numerical terms. It sets a standard for input of resources and what should be achieved as output.

budgeting

under budgeting, it involves:

1. Persons responsible for meeting a budget should participate in its preparation and should be provided with adequate information that compares budgets with actual events 2. Subsidiary budgets should tie into the overall budget 3. Budgets should set measurable objectives 4. Should help sharpen the organizational structure

Reports received by Management are the basis of its decision.

reporting

reports should:

1. be in accordance with assigned responsibilities 2. be a simple as possible and consistent with the nature of the subject matter 3. be timely 4. be polled periodically (report recipients) 5. Individuals/Units should be required to report only on those matters for which they are responsible 6. Cost of accumulating data and preparing reports should be weighed against the benefits to be obtained

___________________ refers to the disclosure or filing of a complaint by an employee, group of employees, or other stakeholders who in good faith, believes that the Bank or any of his/their colleagues is engaging/has engaged in acts of fraud, malpractice, conflict of interest or violation of internal/regulatory policies, procedures and controls.

Whistle blowing

who are covered in metrobank’s whistle blowing program?

all employees

true or false. principles of Metrobank MOPP L2 - whistleblowing apply in instances when an employee or stakeholder deems it more prudent to report violations or offenses to another authorized unit/person within the Bank for proper handling, investigation and resolution

true

true or false. principles of Metrobank MOPP L2 - whistleblowing states that When the matter which is brought to the attention of the immediate superior or Bank personnel is not acted upon in accordance with the standard reporting procedures, or is concealed, or the immediate superior or Bank personnel is himself involved in the infraction, or the reporting employee or stakeholder fears reprisal.

true

responsible persons/units of metrobank whistleblowing program

1. IAG Head 2. IAG and HRMG

the designated recipient of complaints from Reporting Employees and other stakeholders

IAG Head

These units ensures that investigations are undertaken in case of whistleblowing

IAG and HRMG

These units identifies the appropriate unit(s) in the Bank responsible to conduct the investigation

IAG and HRMG

These units disseminates and communicates the whistle blowing policy to all employees

IAG and HRMG

Identity of the Reporting Employee or stakeholder (if provided) shall be treated as ________

Confidential

Identity of the Reporting Employee or stakeholder (if provided) shall be treated as Confidential

protection of reporting person

exceptions from the protection of the reporting person:

1. person agrees to be identified 2. Identification is necessary to allow the Bank to investigate or respond effectively 3. Required by Law

_________________ may be filed through the Bank’s website or sent via email

Complaints/concerns

True or false. It is required for the Reporting Employee/ complainant to disclose his identity and details on the complaint/concern should be submitted

false. There is no requirement for the Reporting Employee/ complainant to disclose his identity but details on the complaint/concern should be submitted

when filing for complaints/concerns, these details should be submitted:

• Full name, position and unit of the person subject of the complaint • Brief statement on relevant and material facts • Evidence of the act committed, if any

___________ refers to an act of reprisal, discrimination, harassment, intimidation or adverse personnel action by the Bank’s directors, officers, executives, supervisors or employees whether directly or indirectly, against a Reporting Employee or a witness.

Retaliation

true or false. Retaliation is allowed against any Reporting Employee or stakeholder.

false. Retaliation shall not be allowed against any Reporting Employee or stakeholder.

_______________ shall be considered as misconduct and erring officers/staff involved shall be dealt with following existing policies on Omissions, Errors, and Offenses

Retaliatory actions

Details on the complaint/concern

• Name and position of the director, officer, employee alleged to have retaliated • Brief description and date of the complaint to which the alleged retaliation relates • Brief description and details of the alleged retaliation • Relevant evidence

true or false. Complaints in writing may not be filed directly with the Chairman of the Board

false. Complaints in writing may be filed directly with the Chairman of the Board

The __________________ may deputize IAG/HRMG to assist in the investigation.

Chairman of the Board

If a Reporting Employee or Stakeholder or Witness believes he has been retaliated upon for filing a complaint or for participating or cooperating in an investigation, a written complaint may be filed with the IAG Head within ______________ from the occurrence of the alleged act or retaliation incident

one month

all of the following are under organization except (management control techniques): a. division of responsibilities b. effective system of follow-up c. individual responsibility d. none of the above

d. none of the above

which is not under policies (management control techniques): a. simple and inexpensive b. not overlapping, conflicting, or duplicative c. based on lines of responsibility d. all of the above

d. all of the above

all of the following are under procedures (management control techniques) except? a. should help sharpen the organizational structure b. coordinated (automatically checked by another employee) c. not so detailed as to stifle the use of judgement d. periodically reviewed and improved

a. should help sharpen the organizational structure

Management control technique’s personnel states that New employees should be investigated as to _______ and ________.

honesty, reliability

true or false. Management control technique’s personnel states that Employees should be given necessary training

true

true or false. Management control technique’s personnel states that Employees should not be given information on the duties and responsibilities of other segments of the organization

false. Employees should be given information on the duties and responsibilities of other segments of the organization

Bank Internal Control Flashcards

(91 cards)