Published September 1, 2012 | September 2012 issue
Although part of the basic “blocking and tackling” of running a bank, internal controls frequently get overlooked during stressful times as management focuses on visible and critical problems. But such controls are critical for preventing the types of fraud at financial institutions that have gained local and national attention. We have seen several cases of fraud at smaller institutions that have had devastating effects on the institution and the community over the past few years. In light of such reminders and with banking conditions improving across the country and in the Ninth District, now is a good time to review internal controls to ensure that they continue to serve the bank well going forward.
Internal controls are the systems, policies, procedures and processes implemented by the board and senior management to safeguard bank assets, limit or control risks and achieve the bank’s objectives. Effective internal controls may prevent or detect mistakes, potential fraud or noncompliance with bank policies. Banks should also maintain an effective internal or external audit program to help detect any deficiencies in the bank’s internal controls.
In a small community bank, officers and staff have multiple jobs, making it challenging to effectively segregate duties. However, all banks should strive to establish and maint a strong system of internal controls to minimize the potential for errors or internal fraud. When we review internal controls, we focus on the following factors based, in part, on what we and others have learned from fraud cases.
When banks cannot effectively segregate duties or establish dual controls, banks should implement compensating controls, such as having another person spot check entries and reports for accuracy. Audits should focus on areas where segregation is lacking. These controls can vary based upon bank resources, but they should provide an independent review of entries, transactions or reports. Additionally, management may consider periodically rotating duties to provide a fresh perspective.
Also, in many small community banks, management teams have been together for years and effectively run the bank, trusting that others on the team will do their jobs well. In rare cases, however, this trust can be abused. Such possibilities should prompt management to “trust, yet verify.” Management teams are well served not only by establishing and maintaining a strong system of internal controls, but also by avoiding complacency.
No matter how strong the internal controls, determined individuals can perpetrate internal fraud. However, a strong system of internal controls and a “trust, yet verify” perspective minimizes the risk of internal fraud or errors.