Structure of Internal Control Procedures in a Bank :
The specific internal control procedures to be followed in an enterprise depend on the nature, volume and complexities of its operations and the
management’s attitude towards control. As in the case of other enterprises, the internal control procedures relevant to assertions made in the financial statements of bank generally fall under the following categories:
I. Delegation of Powers
Banks have detailed policy on delegation of powers. The financial and administrative powers of each committee/each official/each position are fixed and communicated to all persons concerned. This policy on delegation of powers is approved either by Board of Directors or Executive Committee.
II. Authorisation of Transactions
Authorisation may be general (i.e., it may relate to all transactions that conform to prescribed conditions referred to as routine transactions) or it may be specific with reference to a single transaction (non-routine transactions and accounting estimates). It is necessary to establish procedures which provide assurance that authorisations are issued by persons acting within the scope of their authority, and that the transactions conform fully to the terms of the authorisations. The following procedures are usually established in banks for this purpose:
All financial decisions at any level are required to be reported to the next higher level for confirmation/information. For example, in case of a money market transaction, if the dealer exceeds the pre-defined limits such as a position limit or counterparty limit, then the transaction has to be vetted and confirmed by the head dealer.
All transactions entered into the applications require authorization at different level based on authority to get executed.
Any deviation from the laid down procedures requires confirmation from/intimation to higher authorities.
Branch managers have to send periodic confirmation to their controlling authority on compliance of the laid down systems and procedures.
Auditors should specifically review the delegation of powers to note the authorization, approval, exception, waiver and ratification powers of each bank official.
III. Segregation and Rotation of Duties
A fundamental feature of an effective internal control system is the segregation and rotation of duties in a manner conducive to prevention and
timely detection of occurrence of frauds and errors. Functions typically segregated are authorisation of transactions; execution of transactions; physical custody of related assets; maintenance of records and documents etc.
Banks usually adopt the following measures:
Work of one staff member is invariably supervised / checked by another staff member, irrespective of the nature of work.
Banks have a system of rotation of job amongst staff members, which reduces the possibility of frauds and is also useful in detection of frauds and
errors. Most banks usually have a process of giving “block” leave to its staff members wherein the employee stays away from work for at least a
continuous period of 2 weeks.
RBI vide its circulars and notifications suggested banks to establish effective segregation in its functions, for example, the master circular on prudential norms for classification, valuation and operation of investment portfolio by banks, clearly advises banks to have functional separation of trading, settlement, monitoring and accounting activities.
IV. Maintenance of Adequate Records and Documents
Accounting controls should ensure that the transactions are recorded at correct amount and in the accounting periods in which they are executed, and that they are classified in appropriate accounts. Moreover, recording of transactions should be such as would facilitate maintaining the accountability for assets. The procedures established in banks to achieve these objectives usually include the following:
All records are maintained in the prescribed books and registers only. This ensures that all requisite particulars of a transaction are adequately recorded and also that the work of finalisation of accounts is facilitated. For example, deal slips pertaining to purchase and sale of securities along with the respective counter party confirmations for the deals are filed together in the deal register.
All Bank branches have a unique code number which is circulated amongst all offices of the bank and is required to be put on all important instruments.
All books are to be balanced periodically and it is to be confirmed by an official specifically assigned for the same. For example, in case of purchase
and sale of security transactions, the banks periodically reconcile the security balance in the banks book vis-à-vis the balance in the custodian account (i.e., Subsidiary General Ledger or Demat account). It may be noted that the RBI vide its Master Circular DBR No. BP. BC.6/21.04.141/2015-16
dated July 1, 2015, “Prudential Norms for Classification, Valuation and Operation of Investment Portfolio by Banks” has also mandated that
investment balances as per bank’s book should be reconciled at quarterly intervals with the balances in the Public Debt Office’s books. If the number of transactions warrant, such reconciliation should be undertaken more frequently, say on a monthly basis. This reconciliation should be periodically
checked by the internal audit department.
All inter-office transactions are to be reconciled within a specified time frame.
V. Accountability for and Safeguarding of Assets :
The accountability for assets starts at the time of their acquisition and continues till their disposal. The accountability for assets is achieved by
maintenance of records of assets and their periodic physical verification. To safeguard the assets, it is also necessary that access to assets is limited to authorised personnel and covers direct physical access and also indirect access through preparation or processing of documents that authorise the use or disposal of assets. The following are some of the important controls implemented by banks in this regard:
Particulars of lost security forms which are immediately advised to branches to exercise caution.
Specimen signatures of all officers are captured and scanned in the system and available for view/access in all branches which were earlier maintained in a book. The officials approving the payment of the instruments drawn on their branches by other branches are required to confirm the signatures on the instruments with reference to the specimen signatures. Likewise, the branches have on record the specimen signatures of the authorised officials of approved correspondent banks also.
Instruments of fund remittances above a cut-off level are to be signed by more than one official.
Important financial messages, when transmitted electronically, are generally encrypted.
Negative lists like stop-payment cheques or stop payment instructions are kept which may deal with the particular kind of transaction. There may be a caution list for advances also.
Sensitive items like currency, valuables, draft forms, term deposit receipts, traveller’s cheques and other such security forms are in the custody of at least two officials of the branch. (However, in the case of very small branches having only one official, single custody is also permitted.)
All assets of the bank/charged to the bank are physically verified at specified intervals.
VI. System Configuration and Account Mapping
Information technology (IT) has played a major role in providing a competitive edge to banks in differentiating themselves in the market place and to deliver their services more effectively at a lower cost.
VII. Independent Checks
Independent checks involve a periodic or regular review of functioning of the system by independent persons to ascertain whether the control
procedures are being performed properly. Banks have an elaborate system of various forms of independent checks covering virtually every key aspect of their functioning.