外文翻译银行业务的核心在风险管理规范内部控制

原文：Managing Core Risks In Banking: Internal Comtrol&ComplianceInternal Control Policy1.1 OverviewBanking has a diversified and complex financial activity which is no longer limited within the geographic boundary of a country. Since its activity involves high risk, the issue of effective internal control system, corporate governance, transparency, accountability has become significant issues to ensure smooth performance of the banking industry throughout the world. In many banks internal control is identified with internal audit; the scope of internal control is not limited to audit work. It is an integral part of the daily activity of a bank, which on its own merit identifies the risks associated with the process and adopts a measure to mitigate the same.Internal Audit on the other hand is a part of Internal Control system which reinforces the control system through regular review.According to an IMF publication Internal Control refers to the mechanism in place on a permanent basis to control the activities in an organization, both at a central and at a departmental/divisional level. A key component of effective internal control is the operation of a solid accounting and information system.In Bangladesh analysis on the performances of the banks has pointed out that an effective internal control system could have contributed significantly in improving the performance of the commercial banks if the control culture is brought in through policy guidelines and structural changes at these banks.1.2 DefinitionInternal control is the process, effected by a companys board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the effectiveness and efficiency of operations, the reliability of financial reporting and compliance with applicable laws, regulations, and internal policies.Internal controls are the policies and procedures established and implemented alone, or in concert with other policies or procedures, to manage and control a particular risk or business activity, or combination of risks or business activities, to which the company is exposed or in which it is engaged.1.3 Internal Control EnvironmentThe internal control environment is the framework under which internal controls are developed, implemented and monitored. It consists of the mechanisms and arrangements that ensure internal and external risks to which the company is exposed are identified; appropriate and effective internal controls are developed and implemented to soundly and prudently manage these risks; reliable and comprehensive systems are to be put in place to appropriately monitor the effectiveness of these controls.Each company needs to have in place an appropriate and effective internal control environment to ensure that the company is managed and controlled in a sound and prudent manner. The factors which together comprise the control environment are: *a board of directors that is actively concerned with sound corporate governance and that understands and diligently discharges its responsibilities by ensuring that the company is appropriately and effectively managed and controlled; *a management that actively manages and operates the company in a sound and prudent manner;*organizational and procedural controls supported by an effective management information system to soundly and prudently manage the companys exposure to risk; and*an independent audit mechanism to monitor the effectiveness of the organizational and procedural controls.1.4 Objective of Internal ControlThe primary objective of internal control system in a bank is to help the bank perform better through the use of its resources. Through internal control system bank identifies its weaknesses and takes appropriate measures to overcome the same. The main objectives of internal control are as follows:*Efficiency and effectiveness of activities (performance objectives).*Reliability, completeness and timelines of financial and management information (information objectives) * Compliance with applicable laws and regulations (compliance objectives)1.5 Policy Guidelines For Internal Control1.5.1 Responsibility of the Board of Directors*The overall responsibility of establishing broad business strategy,significant policies and understanding significant risks of the bank rests with the Board of Directors.*Through the establishment of Audit Committee the Board of Directors can monitor the effectiveness of internal control system. Bangladesh Bank has already instructed the banks to establish Audit Committee (Appendix 5.4).*The internal as well as external audit reports will be sent to the board without any intervention of the bank management and ensure that the management takes timely and necessary actions as per the recommendations.*Have periodic review meetings with the senior management to discuss the effectiveness of the internal control system of the bank and ensure that the management has taken appropriate actions as per the recommendations of the auditors and internal control.1.5.2 Responsibility of the Senior Management*In setting out a strong internal control framework within the organization the role of Managing Director is very important. He/she will establish a Management Committee (MANCOM), which will be responsible for the overall management of the Bank.*With governance & guidance from the Board of Directors the MANCOM will put in place policies and procedures to identify, measure, monitor and control these risks.*The MANCOM will put in place an internal control structure in the banking organization, which will assign clear responsibility, authority and reporting relationship.*The MANCOM will monitor the adequacy and effectiveness of the internal control system based on the banks established policy & procedure.*The MANCOM will review on a yearly basis the overall effectiveness of the control system of the organization and provide a certification on a yearly basis to the Board of Directors on the effectiveness of Internal Control policy, practice and procedure.1.5.3 Risk Recognition and Assessment*An effective internal control system continually recognizes and assesses all of the material risks that could adversely affect the achievement of the banks goals.*Effective risk assessment must identify and consider both internal and external factors. Internal factors include complexity of the organization structure, the nature of the Banks activities, the quality of personnel, organization changes and also employee turnover. External factors include fluctuating economic conditions, changes in the industry, socio-political realities and technological advances. *Risk assessment by Internal Control System differs from the business risk management process which typically focuses more on the review of business strategies developed to maximize the risk/reward trade-off within the different areas of the bank. The risk assessment by Internal Control focuses more on compliance with regulatory requirements, social, ethical and environmental risks those affect the banking industry.1.5.4 Control Activities and Segregation of Duties:*Effective internal control system requires that an appropriate control structure is set up with control activities defined at every business level, i.e. top level review; appropriate activity controls for different departments or divisions; physical controls; checks for compliance with exposure limits and follow-up on non-compliance; a system for approvals and authorizations and system pf verification and reconciliation. *Control activities involve two steps: (1) the establishment of control policies and procedures and (2) verification that the control policies and procedures are being complied with.*Senior management should ensure that adequate control activities are an integral part of the daily functions of all relevant personnel; this enables quick response to changing conditions and avoids unnecessary costs. Control activities are most effective when they are viewed by management and all other personnel as an integral part of daily activities rather than an addition to it.*One of the most important aspects of internal control system requires that there is appropriate segregation of duties and personnel are not assigned conflicting responsibilities.*Furthermore the employees must also be provided with necessary authority which will enforce segregations of duties.*For employees to carry out their responsibilities properly each employee should have appropriate job description.*Areas of potential conflicts of interest should be identified, minimized and subject to careful independent monitoring.1.5.5 Management Reporting System:*Effective internal control system requires that there is an effective reporting system of information that is relevant to decision making. The information should be reliable, timely accessible and provided in a consistent format.*Information would have to include external market information about events and conditions that are relevant to decision making. Internal information include financial, operational and compliance data.*There should be appropriate committees within the organization which would evaluate data received through various information systems. This will ensure supply of correct and accurate information to the management.*Internal information must cover all significant activities of the bank. These systems including those that hold and use data in electronic form must be secure, monitored independently and supported by contingency arrangements.*Most importantly the channels of communication must ensure that all staff fully understand and adhere to policies and procedures effecting their duties and responsibilities and that other relevant information is reaching the appropriate personnel.1.5.6 Monitoring Activities & Correcting Deficiencies:*Effectiveness of the Banks internal controls should be monitored on an ongoing basis. Key/high risk items should be identified and monitored as part of daily activities. In addition there should be periodic evaluation by the business lines and internal audit team.*There should be an effective and comprehensive internal audit of the internal control system carried out by operationally independent, appropriately trained and competent staff specially designated by the management. The significant deficiencies identified by the audit team should be reported to the board on a periodic basis. The Audit Committee of the board should be the cell to whom such report should be forwarded for review.*Preferably the internal control team should be reporting to the board of directors or its audit committee. If practical considerations do not permit internal control team to directly report to the board of directors then it can report directly to the MD. *Internal control deficiencies, whether identified by business lines, internal audit or other control personnel should be reported in a timely and prompt manner to the appropriate management level and addressed immediately.*Material internal control deficiencies should be reported to senior management and board of directors with recommendations where necessary. Each bank should set out its own guideline regarding what should be considered as major branches. However, it should be noted that consideration should be given to major financial exposure or loss, significant process lapses, serious employee misconduct etc.1.5.7 Role of External Auditors in Evaluating Internal Control System:*External Auditors by dint of their independence from the management of the bank can provide unbiased recommendation on the strength and weakness of the internal control system of the bank.*They can examine the records, transactions of the bank and evaluate its accounting policy, disclosure policy and methods of financial estimation made by the Bank; this will allow the board and the management to have an independent overview on the overall control system of the bank.1.5.8 Regulatory Compliance:* For the banks Central Bank is the primary regulator, who governs the activities of banks. In addition Tax Authority, Registrar of Joint Stock Company, Finance Ministry etc. are different types of regulatory bodies whose directives have significant impact of banks business. *The internal control system should always take into account the banks internal processes to meet the regulatory requirement before conducting any operation. *The internal control system of the bank must be designed in a manner that the compliance with regulatory requirements is recognized in each activity of the bank. The bank must obtain regular information on regulatory changes and distribute among the concerned department, so that they can take necessary action to adapt to such changes.*The bank must develop an effective communication process which will allow smooth distribution of relevant regulations among different departments and personnel.1.5.9 Establishment of a Compliance Culture: *A bank is said to have strong compliance culture when throughout the organization employees are encouraged to comply with policies, procedures and regulation. Even an individual at the lowest echelon should be empowered to speak up without the fear of reprisal if she/he identifies something non-compliant.*The board of directors and the senior management must establish a compliance culture within the banking organization that emphasizes and demonstrates to all levels of personnel the importance of internal control.*In order to establish a compliance culture the board of directors and senior management must promote a high ethical and integrity standard.*In reinforcing ethical values the banking organization should avoid policies and practices that provide inadvertent incentive for inappropriate activities. Examples of such policies and practices include undue emphasis on performance targets or operational results, particularly short term ones that ignore long term risks and compensation schemes that overly depend on short term performance.*The board of directors and the senior management may establish a Code of Ethics that all levels of personnel must sign and adhere to.Source: Mr. Jahangir Alam, Mr. Jalal Ahmed, Mr. R. Q. M. Forkan,Mr. Moinul Islam,Mr. Rais Uddin Ahmad,Mr. Siddiqur Rahman,2007.“managing core risks in banking:internal control&compliance” . Journal of Accounting and Economics.pp. 166192.译文：银行业务的核心在风险管理：规范内部控制内部控制政策1.1概述银行拥有多元化和复杂的金融活动，不再是一国范围内的地理边界所限制。由于其活动涉及高风险，以有效的内部控制制度，公司治理，透明度，问责等用来确保世界各地的银行业平稳。在许多银行内部控制等同于内部审计；经营范围内部控制的范围并不局限于审计工作。它是中国不可分割的日常活动的银行，在它自己的标准风险识别的过程中采用一种措施来减少像内部审计，另一方面是部分的内部控制制度通过定期复习加强了控制系统。根据国际货币基金组织，出版的内部控制是指对一个长期机制，以控制国际组织一个中心和一个部门/司级的活动。一个有效的内部控制的关键组成部分是一个扎实的会计和信息系统。 在孟加拉国银行的性能分析指出，建立有效的内部控制系统能大大促进改善商业银行的业绩，如果控制文化的赞助商，就要通过政策的指导原则和这些银行的结构性变迁来进行。 1.2定义内部控制是一个过程，由公司的董事会，管理层和其他影响人员设计提供合理保证以实现目标的的有效性和经营的效率性，财务报告的可靠性和遵守适用的法律，法规和内部政策。内部控制的政策和程序是单独使用,或者会同其他政策或程序建立并实施,有特别的风险管理和商业活动控制活动,或多种危险的商务活动，它会暴露公司已经从事这些活动。1.3内部控制环境内部控制环境是内部控制的框架下制定，实施和监测。它由机制和安排，确定公司内部和外部的风险承受，适当和有效的内部控制是制定和实施，以稳健和审慎地管理风险，可靠和全面的系统到位，可以适当地监督这些控制的有效性。 每家公司都需要在适当的地方有一个有效的内部控制环境，以确保该公司管理健全的控制和慎重的态度。它们共同的因素包括控制环境是：*董事会,正积极关注良好的公司治理结构，理解并努力肩负起公司的责任。*有效管理和控制的合理性。*公司以积极经营和管理谨慎的态度。*独立的审计机制，以监察组织和程序控制的有效性1.4内部控制的目标在一家银行的内部控制制度的主要目的是帮助该行通过更好地利用其资源。通过银行内部控制系统识别它的弱点，并采取适当措施，以克服相同。内部控制的主要目标如下： *效率和效果的活动(业绩目标)。*可靠性,完全性和时限的金融和管理信息(信息目标)*遵守适用的法律及规章(合规目标)1.5内部控制政策指引1.5.1董事会的责任*关于建立广泛的业务战略的总体责任， 重大政策和银行的重大风险的认识在于董事会。*通过审计委员会监察内部控制制度的有效性，董事会董事可成立。孟加拉银行已指示银行建立审计委员会（附录5.4）*内部和外部审计报告将送呈董事会没有任何该银行的管理干预，确保管理层按其建议采取及时和必要的行动。*定期开审查会议，与高级管理层讨论银行内部控制系统的有效性，并确保管理层根据审计师和内部控制采取了适当行动的建议。1.5.2高级管理人员的责任*在本组织范围内建立一个强有力的行政总监的内部控制框架的作用是非常重要的。他/她将建立一个 “管理委员会”，这将负责银行的全面管理。*董事会与公司治理和指导的政策和程序，管理委员会将到位以识别、测量、监控和控制这些风险。*管理委员会将设立内部控制结构的金融机构,指派清晰的职责、权威和报告的关系。*管理委员会在监督内部控制系统的正确性与有效性的基础上,建立银行一贯的政策和程序。*管理委员会将回顾一年整体组织有效性控制系统的基础上，提供认证一年董事会内部控制的有效性政策,实务和程序。1.5.3风险识别和评估*一个有效的内部控制制度不断识别和评估所有的的重大风险可能造成银行成就目标的负面影响。*有效的风险评估必须找出并考虑内部和外部的因素。内部因素包括复杂的组织结构银行的性质的活动、人员组织的质量变化并员工离职。外部因素还包括经济波动条件,通过改变工业、现实社会政治和技术研究进步。*风险评估内部控制系统不同于业务风险管理过程,典型的评论更注重业务策略, 银行在不同地区最大限度地开发交易风险或者报酬的。内部控制风险评估更多关注符合那些影响风险银行业的规管要求、社会、伦理和环境。1.5.4控制活动和职责分工：*有效的内部控制系统需要一个合适的控制结构设置在每个业务层面与控制活动的定义，即顶层审查不同的部门或部门相应的控制活动; 物理控制是检查风险限额和对不遵守规定的后