Assessment of controls
The audit procedure may include verifying and assessing controls including:
Existence of comprehensive treasury policy and operating procedures manual (SOP).
Review of the policies and procedures document and assess comprehensiveness of the same.
Determining whether the above document addresses, in granular detail, the framework within which the treasury business and operations have to be conducted.
Inquiring on the procedures the bank has when there is a change over or new appointment to a ‘review’ role within the treasury function.
Understanding the level of detail in which the process of, i.e., handover of responsibilities operates.
Inquiring whether there has been any change in responsibilities in the current period and in case there are changes, verifying whether there is an appropriate training mechanism and whether sign offs have been regularized after the new superior has taken over the responsibilities.
On a test check basis, verifying whether the review process and controls were working effectively during the transition period.
Obtaining and reviewing on test check basis, the daily Profit and Loss prepared for MIS purpose and assessing the granularity and exhaustiveness of the same;
Assessing whether such Profit and Loss is granular enough to provide desk wise, product wise and various price component wise Profit and Loss.
Assessing whether gross position reviews are undertaken and also whether such Profit and Loss are prepared and reviewed at a gross trade level.
Reviewing the Bank’s policy on valuation. On a test check basis, verifying whether the material valuation adjustments are reviewed, authorized and are appropriate.
Verifying whether these valuation adjustments are disclosed / visible in the reconciliation.
Assessing whether there is an independent ‘Valuation Control’ team.
Checking whether dealers have access to adjust or modify trade values.
Checking whether the reconciliations are prepared on a timely basis and the un-reconciled items are independently inquired by the back office.
Reviewing the ageing and quantum of the un-reconciled items and inquire for the high value and long outstanding reconciling items.
Assessing whether the escalations are done in a timely manner for the large / unusual / recurring reconciliation items.
Market Risk System
Reviewing the key market risk reports generated and verifying that these reports are in sync with risk attributes of the products being traded and convey the risk positions appropriately.
Cancelled / amended / late (C/A/L) booking of futures trades into the Front Office risk system
Reviewing the policy of the bank as regards the cancelled / amended / late booked trades and whether there is a clear policy describing the Front office supervisor’s responsibility in respect of reviewing and signing off on these instances.
Reviewing whether these instances are reported to the senior management as per the policy and are ratified.
Verifying whether the system is capable to capture the C/A/L and obtaining a complete inventory of these instances.
Reviewing the frequency of such instances during the period and verifying on a test check basis whether there is a justification of such cancellations / amendments / delays.
Checking the process relating to late trades – how does these get captured in risk reporting’s (if there is a time cut off when such reports are generated).
Fictitious trades with deferred settlement dates and/or at off-market prices and subsequent amendments
Reviewing the controls over cancellation of trades before reaching
settlement dates and check whether these are ratified by the authorized personnel with appropriate justifications.
Reviewing the “Rate scan” process performed by mid-office and whether the exceptions noted in the rate scan are inquired.
Reviewing the Day 1 Profit or Loss assessment process and verify whether the Day-1 Profit or Loss is sufficiently assessed and explained.
Verifying whether the change in pricing / other criterion is approved and confirmed with the counterparty.
Breaches of the Net Delta Limits
Verifying whether the breaches to the delta limits set by the Bank are monitored on a frequent basis and whether the breaches (if any) are ratified by the authorized personnel and the reason is recorded for such breaches.
Failure to identify and escalate risk issues
Verifying whether a process is in place to educate employees about escalation mechanism to report any events that represent a risk to the institution and is embedded in the code of conduct. This may include directly reporting the incidences to the highest authorities on a no name basis, hotline numbers etc.
Quality of supervision
Assessing and determining the nature of comments and queries that are posed by the reviewer on any reconciliation breaks, long unexplained balances, exceptional trades, follow up on responses, etc.
Determining and assessing whether the review function is not a mere sign off and it is conducted with appropriate supervisory intent. Temporary discontinuance of a process or control
Verifying that the controls identified and tested have been operational throughout the period and where there has been a temporary discontinuance (for any reason) verify whether there were alternative controls.
Rewards and recognition policy not in sync with ideal ‘risk and control’ culture
Reviewing the remuneration policy and independently assess how and to what degree it addresses matters relating to risk and compliance with control policies as part of the employee remuneration for treasury staff members.
Outsourced/Hubbed process
Reviewing the Service Level Agreements (SLAs) and agreements with such agencies and verify the robustness of the controls that reside in house in the bank to review and understand the work undertaken at outsourced / hub locations.
Reviewing and verifying the documentary evidence of the communication the bank has with these agencies on a regular basis. The forward contracts in banks are now a days increasingly being collateralized and using Customer Support Annex (CSA) margins, which form part of the ISDA agreement. The auditor should devise audit procedures required to be performed for verification of these margin balances as per the underlying agreements.