Finance And Investment

After screening can assess the internal control system in the context of the risks inherent in the proven area. On the approaches to solving this problem as an internal audit process, corporate lending and will be discussed in this article.

To effectively solve this problem in our company has developed a unified methodology that is introduced directly into the program audit. It allows you to assess risks based on the detected violations and shortcomings of control.
The technique

In developing the methodology, in addition to the overall objectives of internal audit, was placed another: the possibility of integrating the results obtained after the risk assessment process, the matrix of all the risks of the bank. This matrix gives the owners, management and the audit committee a clear idea about the effectiveness of internal control and risk levels in different functional areas of the bank. That is literally on one sheet of A4 you can see the status of all functional areas in the context of inherent risks and identify the most problematic areas.

For greater clarity, the results of the audit should use the scale level of risk. For example, risks can be ranged on high, medium and low. Bind the results to this scale should be determined on the basis of the adopted in the bank risk tolerance. Few jumping ahead, we note that in the case of credit risk can fix certain levels of expected losses on the portfolio. For example, if the proportion of expected losses exceed 10% of the total portfolio, the risk of recognized high. In the case of operational risk management, sensitivity to them may be a certain monetary value.

Speaking about the pros techniques should be made use of monetary valuation of risks that can get a general proposition about the level of risk throughout the bank as a whole. Also advantage is the ability to move from individual observations to the overall assessment of the level of risk in a particular area and comparability of the results of audits in terms of consequences for the bank. Addition, you can compare the regional corporate portfolio. Consider the risks inherent in corporate lending, and approaches to their evaluation in more detail.

     How to calculate the expected loss

     The size of the expected loss is determined on the basis of regression analysis of statistics accumulated defaults.

     Regression analysis - a method of mathematical statistics, which allows you to set an expression of the relationship between the studied traits: effective and Factoring. In this case, the resultant sign is the fact of default of the company, and factor variables - the reasons for this default.

     Strategic risk and reputation risk are excluded from the notion of Basel 2 Operational Risk. In extreme cases they may be due to credit (for example, a wave of defaults of borrowers due to the crisis). But due to the fact that these risks will affect the whole bank, they are considered separately.

The risks inherent in the corporate lending

Corporate lending has two groups of risks - credit and operational. There may be a reasonable question: why is it marked? Why no attention by, for example, market risk? Risk Management Policy in the bank is engaged in risk management. Internal Audit closely cooperates with him, but represents the interests of shareholders and does not depend on the company's management. In this regard, approaches to the definition of risk may differ somewhat. For the purposes of internal audit under the definition of "market risk" refers to:

     * The likelihood that the actual transaction price may differ significantly for the worse of the market price;
     * The risk of adverse market fluctuations in prices for bank assets.

In any case, market risk is not peculiar to credit work.
Credit Risk

Under the credit risk means the probability of bank losses because of the inability or unwillingness of the client to fulfill their obligations under the contract (as on principal and on overdue interest). Credit risk arises whenever the bank invests the money or commits to provide them. It does not matter, as these amounts are recognized - as an asset on the balance sheet or as contingent liabilities off their balance sheets. Thus, all loans and bank guarantees are provided for the bank credit risk. To assess this risk was developed following an approach based on its own rating system. In this sense it is more common with the method of assessing the credit risk on the basis of internal ratings of Basel 2 (internal rating-based approach). The system allows on the basis of a number of parameters (the financial situation, the size of the borrower, its market position, credit history) to assess the probability of default of the borrower (probability of default), then calculate the level of expected credit losses, taking into account the quality of the transaction (recovery rate). This will be a monetary value to the credit risk (credit risk exposure - CR). Consequently, the overall level of credit risk inherent in the loan portfolio, will be equal to the sum of expected losses on each loan:

where CRi - the value of the expected loss for the i-th loan.

The value of CR is an absolute monetary terms and, in addition to the quality of loans depends on the magnitude of the size of the loan portfolio. Therefore, for the purposes of assessing the quality of the loan portfolio should be applied relative indicator. As such an indicator is chosen the ratio of credit risk (CR) to the size of the entire portfolio. This figure allows us to estimate the proportion of credit risk in the portfolio. In addition, it helps to compare the quality of various loan portfolios, which is very important in evaluating the performance of regional branches of the bank.

     Sergey Sukhorukov, Senior Auditor Internal Audit Service CJSC Credit Europe Bank "

     In my opinion, with all the diversity of existing approaches to risk classification would be appropriate to apply the recommendations of the CBR, as set out in the letter dated 23.06.2004 № 70-T. They are very similar to the approaches used by banks in our holding in other countries. However, we appreciate that some kind of risk on a verifiable process. For example, in the process of corporate lending are possible following risks:
   # Credit risk (the definition as quoted by the author of the article);
   # Operational risk, which refers to the risk of losses due to mismatch of internal processes and procedures for banking transactions and other transactions, the nature and extent of the credit institution and / or requirements of the legislation. By the operational concerns and the risk of violations of internal procedures for employees of a bank or other persons because of incompetence, unintentional or intentional acts or omissions. This also should include disproportionate risks (lack of) functionality of the information, technological and other systems used by the credit institution, or violations of their functioning. IT-risk manifests itself in the fact that information systems are in the very architecture of software flaws that allow an incorrect operations.

     For example, the program admits that entering information when issuing credit and further support is implemented under the rights of one and the same user (violates the principle of separation of powers), or general permits for operations with the empty fields with the necessary information. Finally, the risk of exposure to external events is also considered to be operating. This risk is assessed in the context of possible internal environment of the bank and internal control system to withstand negative external developments. For example, assessing the external risk of the borrower that may affect the servicing of its debt to the Bank, within the framework of auditing corporate lending to verify the reality of credit ratings services, bank business plan of the borrower and its dependence on external factors (seasonality, market characteristics, the dependence of business on the political situation ). It is also recommended to have a "black list" of organizations for which there is information on the preparation of bogus documents to obtain loans. This list will help expedite the review process and do not miss the application unscrupulous borrowers;


So, as we learned to measure credit risk, it is necessary to estimate the probability of default of the borrower and the quality of software. The Internal Auditor shall ascertain that the evaluation of the required parameters performed correctly. To do this, verify the completeness and correctness of the information specified in the credit application. As collateral can be analyzed on the basis of data specified in the escrow custody. If during the analysis of credit transactions will be found in violation (say, misjudging the financial condition of the borrower or the mortgaged property), the auditor counts the corresponding ratings on the basis of correct assessment. The adjusted ratings are used to calculate credit risk.

In addition, the ratings are revalued if an auditor finds evidence of the precarious financial situation of the borrower (eg, lending), which showed an increased credit risk. All the signs and violations of the auditor identifies with the special audit tests:

     * Testing lending: the internal auditor examines the accounts of the borrower, open a bank and existing credit agreements for the use of borrowed funds to repay loans received.
     * Testing environment agreements: the auditor checks whether the conditions of the agreements the conditions spelled out in the decisions of the credit committees. Violations discovered as a result of this test, indicate significant risks associated with paperwork in the back office.
     * Testing monitor the mortgaged property: this test shows the frequency of monitoring and current state of the property in pledge. It should be noted that the aforementioned risks of violations of business processes (irregularities in the financial monitoring of the borrower, incorrect assessment of the mortgaged property) related to operational risks and the impact on credit risk indirectly, through the calculation of ratings. Accordingly, in the program and working papers (testing the quality of financial monitoring, and evaluation and monitoring of the mortgaged property) is necessary to note that these operational risks also affect the measurement of credit risk.
     * Legal risk - the risk that the credit institution the losses due to:

             - Non-credit organization requirements of normative legal acts and agreements;

             - Admitted legal errors in its activities. As an example - wrong legal advice or incorrect preparation of documents, including the consideration of controversial issues in the judiciary;

             - Imperfect legal system (inconsistency of laws, lack of legal norms to regulate certain issues arising in the course of a credit institution);

             - Violations of regulatory legal acts of the contractors, as well as the conditions of the contracts. Under the definition of legal risk is also valid and "Compliance risk" (which, however, not shown separately in the letter number 70-T, and is distributed between the legal and operational risks). This is a risk of legal or regulatory sanctions, financial loss, damage reputations, which can be converted to the bank as a result of non-compliance with legislation, codes of conduct and standards of good practice that are grouped under the term "laws, regulations and standards." As an example of the realization of this risk in corporate lending can recall notable case in one of Russia's banks, where the standard form of the loan agreement, negotiated with the bank's legal service, dishonest employees were removed items on the mortgage borrower's property, making an unsecured loan collateral;
     * The risk of loss of business reputation of the credit institution (reputation risk) - is a risk of loss due to reduction in the number of customers (contractors) because of the formation of negative societal attitudes about the financial soundness of the credit institution, as the services rendered or the nature of activities in general;
     * Market risk - the risk that the credit institution the losses due to adverse changes in market value of financial instruments of the trading portfolio and derivatives of the credit institution, as well as foreign exchange rates and / or precious metals (this risk can be attributed to the quality of the collateral on the loan). As an example may be the case when, as collateral on the loan taken at the price of non-ferrous metal wires of electricity, passing under an area of half the city.

Operational risks

Attributed to the operating risks of direct or indirect losses resulting from defects or errors in internal business processes, personnel actions, because of failures in information systems or due to external events. This definition includes legal risk but excludes strategic risk and reputation risk, which corresponds to the definition of operational risk in Basel 2. Operational risks are assessed, if the audit reveals any facts that lead to their emergence. Score is based in most cases, the magnitude of probable losses.

There are three basic approaches to risk assessment:

     * Statistics (this method is built on the analysis of credit risk);
     * "Questionnaire" (based on the answers to these questions, the risk is awarded the appropriate level);
     * Expert (the risk is assessed based on the opinions of one or several experts).

Approaches to the assessment of operational risks are ranked according to their type, as well as business processes, they are inherent. For example, if all business processes are working correctly and did not reveal any violations of regulations and legislation, a process inherent in a low level of credit risk. There are the following groups of operational risks:

     * Legal risk and the risk of non-compliance of internal policies;
     * The risk of business processes;
     * Technological risks;
     * The risk of staff;
     * The risk of external events.

     Sergey Sukhorukov

     A classic example is lending the investment loan repayment due to overdraft. And in accordance with paragraph 3.7.2.4 of the CBR from 26.03.2004 № 254-P, the debt service on such a loan may not be considered good, and nedonachislenie reserve threatened with sanctions by regulatory authorities. Chance and option bonuses when the management of credit units in the remote region depend on the implementation of business plans. Then the corporate borrowers, depending on the units of the bank, under pressure from bank management to take out credits to the balance sheet date for repayment of existing loans and to avoid delay. When suspicions perekreditovku in another credit institution, in my experience, it is advisable to connect the security service bank. This helps to quickly clarify the situation.

Legal risk / risk of non-compliance of internal policies - is the risk of loss associated with the violation of laws or regulatory requirements and oversight bodies, as well as the risk of losses caused by the failure of existing internal policies, rules and procedures.

The most striking example of this type of risk is an incorrect calculation of reserves for loan losses. The magnitude of risk is measured penalties for this violation by the Bank of Russia.

The risk of business processes - is the risk of losses associated with failures in business processes, lack of cross-cutting organization processes, misallocation of functions, improper management processes systematically incorrect interaction with contractors, suppliers and / or the bank's internal divisions and lack of internal controls .

A typical example of this risk in lending is the lack of control by the back-office implementation of the requirements of the credit committee of the credit transaction, as well as other lending conditions before issuing loans. The approach to the evaluation of this type of risk should be determined based on the specific facts of the violation.