Risk Management
The audit considerations for this aspect include:
Checking whether the bank has adequate risk management process, sound risk measurement procedures, sound information systems, continuous risk monitoring and frequent management reporting for treasury operations.
Examining whether the mid-office monitors the exchange and gap positions for cut loss limits, overnight limits, daylight limit, liquidity, counter party exposure limit and aggregate gap limit fixed in the banks trading policy/ guidelines.
Reviewing the adequacy and effectiveness of the overall risk management system, including compliance with policies, and procedures.
Investigating unusual occurrences such as significant breaches of limits, unauthorized trades and unreconciled valuation or accounting differences.
Inquiring whether there is a ‘New Product Approval’ process prior to undertaking transactions in new or structured derivative products and verifying whether the ‘New Product Paper’ for all new derivative products is approved and signed-off by the Chief Compliance Officer of the bank.
Obtaining the ‘Risk Management Policy’ of the bank and verifying whether risk management pertaining to derivative transactions is an integral part of the policy.
Verify whether the Policy is updated on a periodic basis in line with the dynamic market and regulatory changes.
Verifying that the ‘Risk Management Policy’ for derivative transactions has been approved by the Board. Verifying that the policy inter alia covers the following aspects:
(i). Defines the approved derivative products and the authorized derivative activities;
(ii). Details requirements for the evaluation and approval of new products or activities;
(iii). Ensures appropriate structure and staffing for the key risk control functions, including internal audit;
(iv). Establishes management responsibilities;
(v). Identifies the various types of risks faced by the bank and establishes a clear and comprehensive set of limits to control these;
(vi). Establishes risk measurement methodologies which are consistent
with the nature and scale of the derivative activities;
(vii). Requires stress testing of risk positions;
(viii). Details the type and frequency of reports for monitoring risks which are submitted to the Board (or committees of the Board);
(ix). Typical risks and commonly used risk limits in respect of derivative transactions.