LO 37.3: Describe features of an effective control environment and identify specific controls that should be in place to address operational risk.
An effective control environment must include the following five components: 1. A control environment.
2. Risk assessment.
2018 Kaplan, Inc.
Page 7
Topic 37 Cross Reference to GARP Assigned Reading – Basel Committee on Banking Supervision
3. Control activities.
4.
Information and communication.
3. Monitoring activities. Senior managers should conduct top-level reviews of progress toward stated risk objectives, verify compliance of standards and controls, review instances of non-compliance, evaluate the approval system to ensure accountability, and track reports of exceptions to risk limits and management overrides and deviations from risk policies and controls. Managers should also ensure that duties are segregated and conflicts of interest are identified and minimized.
Specific controls that should be in place in the organization to address operational risk include: Clearly established lines of authority and approval processes for everything from new
products to risk limits.
Safeguards to limit access to and protect bank assets and records. Careful monitoring of risk thresholds and limits.
An appropriately sized staff to manage risks. An appropriately trained staff to manage risks. A system to monitor returns and identify returns that are out of line with expectations
(e.g., a product that is generating high returns but is supposed to be low risk may indicate that the performance is a result of a breach of internal controls).
Confirmation and reconciliation of bank transactions and accounts. A vacation policy that requires officers and employees to be absent for a period not less
than two consecutive weeks.
Ma n a g in g Te c h n o l o g y Ris k a n d O u t s o u r c in g Ris k