Main Tasks of Internal Audit is to Assess the Effectiveness of Risk Management
0 comments Posted by DeXtR at 4:08 AM
After screening can assess the internal control system in the context of the risks inherent in the proven area. On the approaches to solving this problem as an internal audit process, corporate lending and will be discussed in this article.
To effectively solve this problem in our company has developed a unified methodology that is introduced directly into the program audit. It allows you to assess risks based on the detected violations and shortcomings of control.
The technique
In developing the methodology, in addition to the overall objectives of internal audit, was placed another: the possibility of integrating the results obtained after the risk assessment process, the matrix of all the risks of the bank. This matrix gives the owners, management and the audit committee a clear idea about the effectiveness of internal control and risk levels in different functional areas of the bank. That is literally on one sheet of A4 you can see the status of all functional areas in the context of inherent risks and identify the most problematic areas.
For greater clarity, the results of the audit should use the scale level of risk. For example, risks can be ranged on high, medium and low. Bind the results to this scale should be determined on the basis of the adopted in the bank risk tolerance. Few jumping ahead, we note that in the case of credit risk can fix certain levels of expected losses on the portfolio. For example, if the proportion of expected losses exceed 10% of the total portfolio, the risk of recognized high. In the case of operational risk management, sensitivity to them may be a certain monetary value.
Speaking about the pros techniques should be made use of monetary valuation of risks that can get a general proposition about the level of risk throughout the bank as a whole. Also advantage is the ability to move from individual observations to the overall assessment of the level of risk in a particular area and comparability of the results of audits in terms of consequences for the bank. Addition, you can compare the regional corporate portfolio. Consider the risks inherent in corporate lending, and approaches to their evaluation in more detail.
How to calculate the expected loss
The size of the expected loss is determined on the basis of regression analysis of statistics accumulated defaults.
Regression analysis - a method of mathematical statistics, which allows you to set an expression of the relationship between the studied traits: effective and Factoring. In this case, the resultant sign is the fact of default of the company, and factor variables - the reasons for this default.
Strategic risk and reputation risk are excluded from the notion of Basel 2 Operational Risk. In extreme cases they may be due to credit (for example, a wave of defaults of borrowers due to the crisis). But due to the fact that these risks will affect the whole bank, they are considered separately.
The risks inherent in the corporate lending
Corporate lending has two groups of risks - credit and operational. There may be a reasonable question: why is it marked? Why no attention by, for example, market risk? Risk Management Policy in the bank is engaged in risk management. Internal Audit closely cooperates with him, but represents the interests of shareholders and does not depend on the company's management. In this regard, approaches to the definition of risk may differ somewhat. For the purposes of internal audit under the definition of "market risk" refers to:
* The likelihood that the actual transaction price may differ significantly for the worse of the market price;
* The risk of adverse market fluctuations in prices for bank assets.
In any case, market risk is not peculiar to credit work.
Credit Risk
Under the credit risk means the probability of bank losses because of the inability or unwillingness of the client to fulfill their obligations under the contract (as on principal and on overdue interest). Credit risk arises whenever the bank invests the money or commits to provide them. It does not matter, as these amounts are recognized - as an asset on the balance sheet or as contingent liabilities off their balance sheets. Thus, all loans and bank guarantees are provided for the bank credit risk. To assess this risk was developed following an approach based on its own rating system. In this sense it is more common with the method of assessing the credit risk on the basis of internal ratings of Basel 2 (internal rating-based approach). The system allows on the basis of a number of parameters (the financial situation, the size of the borrower, its market position, credit history) to assess the probability of default of the borrower (probability of default), then calculate the level of expected credit losses, taking into account the quality of the transaction (recovery rate). This will be a monetary value to the credit risk (credit risk exposure - CR). Consequently, the overall level of credit risk inherent in the loan portfolio, will be equal to the sum of expected losses on each loan:
where CRi - the value of the expected loss for the i-th loan.
The value of CR is an absolute monetary terms and, in addition to the quality of loans depends on the magnitude of the size of the loan portfolio. Therefore, for the purposes of assessing the quality of the loan portfolio should be applied relative indicator. As such an indicator is chosen the ratio of credit risk (CR) to the size of the entire portfolio. This figure allows us to estimate the proportion of credit risk in the portfolio. In addition, it helps to compare the quality of various loan portfolios, which is very important in evaluating the performance of regional branches of the bank.
Sergey Sukhorukov, Senior Auditor Internal Audit Service CJSC Credit Europe Bank "
In my opinion, with all the diversity of existing approaches to risk classification would be appropriate to apply the recommendations of the CBR, as set out in the letter dated 23.06.2004 № 70-T. They are very similar to the approaches used by banks in our holding in other countries. However, we appreciate that some kind of risk on a verifiable process. For example, in the process of corporate lending are possible following risks:
# Credit risk (the definition as quoted by the author of the article);
# Operational risk, which refers to the risk of losses due to mismatch of internal processes and procedures for banking transactions and other transactions, the nature and extent of the credit institution and / or requirements of the legislation. By the operational concerns and the risk of violations of internal procedures for employees of a bank or other persons because of incompetence, unintentional or intentional acts or omissions. This also should include disproportionate risks (lack of) functionality of the information, technological and other systems used by the credit institution, or violations of their functioning. IT-risk manifests itself in the fact that information systems are in the very architecture of software flaws that allow an incorrect operations.
For example, the program admits that entering information when issuing credit and further support is implemented under the rights of one and the same user (violates the principle of separation of powers), or general permits for operations with the empty fields with the necessary information. Finally, the risk of exposure to external events is also considered to be operating. This risk is assessed in the context of possible internal environment of the bank and internal control system to withstand negative external developments. For example, assessing the external risk of the borrower that may affect the servicing of its debt to the Bank, within the framework of auditing corporate lending to verify the reality of credit ratings services, bank business plan of the borrower and its dependence on external factors (seasonality, market characteristics, the dependence of business on the political situation ). It is also recommended to have a "black list" of organizations for which there is information on the preparation of bogus documents to obtain loans. This list will help expedite the review process and do not miss the application unscrupulous borrowers;