Internal Control and Audit Missions
Category: Strategy Implementation
What are the internal control and audit missions?
The first understanding of these functions is naturally the controls being done to ensure the local and central management that the activity is run the way it is expected. These controls can be considered as essential ex-post reviews of an activity. However, internal control and audit departments can add more to the management of a company than these first level functions.
Internal control departments are usually closer to the day-to-day activity of a bank’s profit centres than the audit function, reporting normally to the general to management and the board of the bank. The audit department runs medium- to long-term missions (up to 2-3 months) on specific areas or branches.
An audit review can result in a validation of a specific area or branch management, or in requests for changes (strategy, people, organisation, and procedures). In that aspect, the audit department has also the power to propose and push to enforce the necessary changes.
As for the internal control departments, their day-to-day responsibility is to review the correct application of the procedures and the way the processes are run. Because they know very well the operational activity and all the support functions, these departments are also useful in the comments or the proposals they can made to improve the functioning of a branch or of a specific area.
The management can then expect from them not only a quick reaction and reporting when things are going wrong, but also a capacity to help a structure in its organisation, the efficiency and safety of its processes.
The day-to-day mission of the internal control
Internal functions are usually attached to operational units. When they do not exist, because of the too small size of the business unit, someone usually is in charge of a part of the function. It could be someone from the back-office or from the operation department.
The first task of the function is to ensure that the procedures are adequately followed by the different services under its jurisdiction. The checking can be run through regular audits of the different departments (for instance, commercial, back-office, accounting and payments), as well as through special missions when something is going wrong (claims, incidents, warning signals).
The internal control can also establish daily report, with some indicators showing the quality of the processing. The list of indicators, if not comprehensive, can be:
Number of the deals (tickets) processed in the different areas
Number of errors in the processing
Pending issues (confirmations, payments) not yet solved; date since the beginning of the issue.
Financial penalties (due to problems with clients and counterparts, delays in payments).
All these indicators can be warning signals, involving a reaction from the internal control people. It could be to call the department showing a problem, to understand the issue and see how to solve it as quickly as possible, or to propose another organisation, when a problem seems to be a permanent one, or even to propose to reinforce an area under pressure. Thus, permanent overtime in the back-office, with a high number of delays and errors could mean that the back-office is understaffed and should hired more people.
Missions of the internal audit
Working for the top management of the bank, reporting to the highest level of the institution (the president) and sometimes also to the Board, the audit is the function in charge of reviewing the whole departments of a bank to explain the president how things actually work, is risks are under control, and if some changes have to be done.
The audit should be sufficiently staffed, with several teams (depending on the missions, teams can have from four to ten people), senior people in charge of the teams, and a manager being able, by his (her) experience and seniority, to convince the top management of the bank. In most of the banks, members of the audit come from different areas of the bank and do not stay more than a few years (three to five) in the audit. This is a way to mix different experiences, to maintain a good level of expertise, and to have people with a high potential to return to the operational departments after a few years of in-depth analysis of the various activities of the bank.
Usually, a part of the audit’s time is organised in order to ensure a regular review of all the units and departments. For instance, two functional head-office units (accountings, systems) and two business units (the New-York subsidiary and the trade finance department) will be reviewed during the first quarter of the year. All of these reviews will be comprehensive, with a final opinion given on the organisation, the profitability if any, the quality of the people, the risk management. If necessary, the audit can propose a change in the activity, another organisation or a change in people. The request for changes will be discussed with the unit’s manager and, then the top management of the bank. It can be officially asked the unit’s manager to follow the audit recommendations.