CC BY
73
УДК 336.71.078.3 DOI 10.12737/8794
Получено 22.10.2014 Одобрено 15.11.2014 Опубликовано 17.03.2015
Кириллов Р.А.
эксперт 1-й категории Департамента допуска на финансовый рынок Центрального Банка Российской Федерации
e-mail: 1331949@mail.ru
В статье обоснована необходимость формирования современной концепции внутреннего контроля на примере компаний банковской сферы. Автор рассматривает определение внутреннего контроля и его ключевых компонентов, прослеживая историю развития этого понятия в различных международных документах и научных исследованиях разных авторов. Раскрыты сущность и современное содержание внутреннего контроля, обозначены подходы к его оценке, критерии эффективности и перспективы развития в компаниях банковского сектора.
Ключевые слова:
концепция внутреннего контроля, внутренний контроль, система внутреннего контроля, внутренний аудит.
Внутренний контроль в банке: перспективы развития
Аннотация
Kirillov R.A.
Expert the 1st Category Department of Approval to the Financial Market of the Central Bank of the Russian Federation
e-mail: 1331949@mail.ru
Internal Control in the Bank: Development Prospects
Abstract
In the article justified the need for creating a modern concept of internal control by the example of the banking sector. The author considers the definition of internal control and its key components, tracing the history of the development of this concept in various international instruments and research of various authors. The essence and the current content of the internal control is exposed, identified approaches to its assessment, performance criteria and development prospects of the banking sector companies.
Keywords:
the concept of internal control, internal control, system of the internal control, internal audit.
The internal control concept is basic for effective actions of any company. It's the starting point for forming the internal control system in accordance with the existing corporate strategy
The importance of the internal control problem has always been admitted (acknowledged) by bank community. Daily routine practice aimed at minimizing risks made Russian banks realize the necessity of creating internal control systems of this or that type . The problems of strengthening risk control systems and management control in the sphere of corporate governance are drawing more and more attention of the top governance all over the world There is a close interrelationship among corporate governance, risks control and internal control . Effective corporate governance implies taking risk into consideration at the stage of developing the strategy Risks control, in its turn, is based on effective corporate governance . Control and risk are also interdependent as control implies any actions of the management, the Board of Directors and other bodies involved in risks control and increasing the probability of achieving the formulated aims and fulfilling tasks
The internal control system is an integral part of a company doing a civilized and socially responsible business . At this it's necessary to point out its two most important aspects — strategic and operational . From the strategic point of view the system of the internal control has to correspond to the chosen corporate strategy, organizational structure and economic goals
In the sphere of the operational aspect control has to sustain the activities in such a way that the values of the chosen indexes stay within the optimal parameters Due to this the company will be able to get information as to the efficiency of its strategic goal The control system enables the company to compare the indexes it has got with the pre-planned ones and correct them if they are outside the acceptable values
The effective system of internal control ensures the increasing of productivity (= performance) of financial and economic activities as well as risks control and assets and liabilities control It also ensures reliability, completeness and transparency of financial, accounting and statistic reports as well as following federal laws and regulations, standards of bank activities and rules of
professional conduct, internal regulations of the bank concerning its policy and activities .
The analysis of the evolution of corporate relationships shows that Russian practical tendencies of control and management copy those of economically developed countries with the delay of about 15 — 20 years . The present situation gives a chance to change the delay for an advantage by avoiding the same mistakes as well as by seeing beforehand and evaluating possible risks in advance, by developing and using the suitable and effective systems of internal control
During the Soviet period there was a conception of total control . Its weak points were the facts that checks were too simple and formal, there were strict regulations of any activities . It was difficult to find out any deviation from the current standards, the regulations of controllers were very uncertain and only included references to some regulation without describing the causes and consequences of the particular failure .
As a reaction to the imperfect idea of total control there appeared the concept of the risk-oriented control known as COSO among professionals . The Russian control authorities and financial institutions are gradually giving up the idea of using total control . However the process of developing a common conception of internal control that would be similar to that of COSO hasn't been finished yet . As far as the Bank of Russia and The Federal Commission for the Securities Market are concerned they pay the greatest attention — among all the goals of internal control — to the goal of ensuring the correspondence of the activities of credit institutions to its regulations as well as to the reliability of accounting [1]. As for a separate bank company it considers the most important thing of its activities achieving its own strategic goals . It means that the existing internal control is going to concentrate on, the more so that the discrepancy with the regulations can be considered as a kind of a risk — an important but not the only one .
Experts think that adapting the model of COSO to the Russian economic practice and developing a Russian internal control conception could solve the contradiction . Using the components of the internal control system of COSO could have a positive influence as it would decrease risks in the unstable conditions and enable the owners and management to concentrate their efforts on achieving strategic goals instead of the current process of bank activities
This idea is confirmed by the fact that the Bank of Russia (Central Bank of Russia) is constantly renewing its regulating and methodical documents that deal with approaches to the development of corporate governance, risks control systems and internal control The numerous documents issued in this sphere by the Central Bank
of Russia within 2004—2007 have already been realized practically on the whole by commercial banks . Progressive Recommendations of Basel [2] committee of bank supervision as well as other international regulators and organizations are correspondingly becoming more and more important not only for separate Russian banks that attract resources and actively participate in other operation abroad, but for other credit institutions that are the main mass of bank community
Attracting foreign investments is strongly recommended by the regulations of International Bank for Reconstruction and Development that demand that annual reports of public borrowing companies must include an internal control report checked by an external auditor and must hold information:
About the work of the company authorities aimed at creating and ensuring the functioning of the internal control system adequate to the business;
About assessment of the efficiency of the company's internal control system and the procedures applied to the financial statements
The Federal Commission of Securities Market (FCSM) actively works in the sphere of analysis and further development of requirements concerning the internal control system in financial institutions involved in the securities market by attracting to the checks of internal control self-regulatory organizations . When the law "Of Counteracting the legalization proceeds of crime" was adopted, the Russian Government, the Bank of Russia and FCSM issued documents obliging all financial institutions to use their internal control against the legalization of proceeds of crime
In March 2014 the Regulations № 242-P «About the organization of internal control in credit institutions and banking groups» were amended which essentially boils down to a shift in the emphasis of internal controls to detect and prevent the regulatory risks
This injunction of state regulator associated with the development trend of stability improving in the banking industry According to the changes in the Regulation 242-P purpose of the internal control system of the bank should be the identification and monitoring of:
• level of regulatory risk — the risk of losses occurrence from a credit institution because of non-compliance with the legislation of the Russian Federation, the internal documents of the credit institution, as well as the result of application of sanctions and (or) other measures on the part of supervisors;
• development of recommendations aimed at its control and minimization
Increased attention from regulators outputs regulatory risks in the first place of importance, pushing rep-utational risks and risks related to the optimization of
capital and maintenance of liquidity. This determines the need for the development of the structure and the functional content of subsystem regulatory risk management, establishing its relationships with other departments in the corporate governance system
The system of internal corporate controls, primarily determined by its purpose, which in the modern bank should include the following:
• ensuring the efficiency and effectiveness of financial and economic activity related to banking operations and other transactions;
• to ensure the accuracy, completeness, objectivity and timeliness of preparation and presentation of all types of reporting (accounting, financial, tax, statistical, non-financial) for internal and external participants of corporate relations;
• compliance with regulations, standards, self-regulatory organizations, statutory and internal documents;
• opposition to the involvement of the bank and its employees to participate in unlawful activity «laundering» criminal proceeds, the financing of terrorism, and so on )
Based on the goals expressed above, it is appropriate to offer a model system of internal control of the banking organization, consisting of the following bodies:
• Management Bodies of the bank;
• The Audit Commission;
• The Audit Committee;
• Risk Committee;
• Chief Accountant (his deputies);
• Responsible Officer (a division) to counteract the legalization (laundering) of proceeds from crime and financing of terrorism;
• Internal Audit Service (IAS);
• The internal control system (ICS);
• The service risks;
• Comptroller of the professional participant of the securities market;
• Controller Specialized Depositary;
• Other structural units and (or) senior officials in charge of internal control in accordance with the powers granted by the internal documents of the Bank Dwell on the divisions, which have affected the functional changes in the above-mentioned Regulations № 242-P.
In order to facilitate the implementation of the controls, the internal audit service is functioning in the bank, which in the light of recent developments transferred most of the functions of internal control . The objectives of the Internal Audit Service is to conduct internal audits and independent assessment of the quality and effectiveness of the internal control systems, risk management and corporate governance
The Internal Control Service — a structural unit of the bank, whose main purpose is to identify and monitor the level of regulatory risk (the risk that the credit institution losses due to non-compliance with the legislation of the Russian Federation, the internal documents of the credit institution, as well as by the application of sanctions and (or) other measures influence from the supervisory bodies), and to make recommendations aimed at its control and minimization
Controller of the professional participant of the securities market — responsible person carrying out the verification of requirements compliance of the Russian legislation on the securities market, including regulatory legal acts of the federal executive body for the securities market, the Russian Federation legislation on the protection of the rights and legitimate interests of investors in securities market, legislation of the Russian Federation on advertising, the Bank's internal documentation, which are regulating the Bank's activities in the securities market . For the purposes of internal control implementation, the appropriate to a scale of conducted operations and transactions, the bank can create a separate structural unit to monitor the activities of the Bank as a professional participant of the securities market
Controller of Specialized Depositary responsible person carrying out the verification of Specialized Depository's compliance with the legislation of the Russian Federation, including the protection of rights and legitimate interests of investors in the securities market, acts of the federal executive body for the securities market regulating the activities of the specialized depository, Internal documents Special Depository Controller Special Depository can combine their activities with the Comptroller of the professional participant
Service of risks is a set of internal divisions of the bank. The main functionality of risks Service is to provide the operating of risk management system of banking risks (detection, identification, assessment, monitoring and control)
Internal controls can also carry out other structural units and senior executives in accordance with the powers granted by the internal documents of the Bank
General directions of activity of the presented system of internal control are as follows:
• control by the management bodies over the organization of the bank's activities;
• control over the functioning of the bank risk management and assessment of banking risks;
• control the distribution of powers in banking transactions and other transactions;
• control of information flow control (receipt and transmission of information) and information security;
• monitoring of the internal control system functioning in order to assess the the extent of its compliance with the objectives and activities of the bank, to identify gaps, develop proposals and oversee the implementation of solutions to improve the bank's internal control . Conceptually, the internal control system in corporate governance of the banking organization should be carried out on three levels
The internal control carried out ft the first level in accordance with regulatory legal acts of the Bank of Russia and the internal documents (regulations, directives, orders, job descriptions) operations executors and transactions, and employees of the banking organization, endowed with control functions for the post, constant monitoring by the management of the staff, processes, technologies
At the second level the internal control is implemented by the Risk Management Service and Internal Control Service, which are forming the appropriate tools for risk management for specific units engaged in the first level of control, solve problems to improve the regulatory and methodological base the establishment of common approaches to risk management, monitor key risk indicators and control indicators, monitoring losses incident management, scenario planning and testing risks
At the third level, the internal control is carried out by the Internal Audit Service through the audit of business processes, to provide an independent and objective assessment of the quality and effectiveness of risk management, internal control and corporate governance .
In the frame of designated levels of the internal control system in the bank performs the following processes
1) Analysis of business processes . Analysis of business processes performed by the Internal Audit to identify the key points of the control and control methods for assessing their adequacy Analysis of business processes based on the principle of process chains, reflecting the sequence of functions within the business process, relationships between events and functions within the business process
2) Evaluation of existing control procedures . As a result of analysis of business processes internal audit service assesses of sufficiency and effectiveness of existing control mechanisms, and identify the missing control procedures, the lack of which leads to a risk event Assessment of the effectiveness of control procedures carried out on the subject to provide reasonable assurance regarding the achievement of relevant goals of the studied business process
3) Development of control procedures . Development of control procedures is performed by generating set
of measures aimed at reducing the probability of the risk and reduce the impact of negative consequences from them . Concrete activities (financial, marketing, legal, organizational) aimed at minimizing or eliminating the risk, developing on the basis of standard control procedures, as well as the causes and consequences of risk
4) Monitoring . Monitoring of the internal control system is a mechanism for systematic observations of the control procedures, modifying them, effective implementation, in order to identify adverse trends, analysis of the results of observation and preparation of data for decision-making management in the area of internal control Monitoring of the internal control system on an ongoing basis . On the results of monitoring are taking the necessary steps to improve internal controls to ensure its effective operation, including in response to changing internal and external factors .
Monitoring the effectiveness of accepted and established control procedures in the Bank is implemented by Internal Audit Service and Internal Control Service .
Thus, in the Russian banking industry area designated distinct trends of the further development of the internal control systems, needed to be pursued organizational methods to support them
The Russian economics has organizational conditions and economic factors stimulating the development of the internal control system . However, up to now the Russian companies lack a single conception of forming internal control systems . It proves the necessity of doing researches in this field to sum up the bank reports about the conditions of the internal control (annual form 639). On the basis of this analysis it would be possible to offer the bank community a certain average model of System of the Internal Control of Russian bank
The urgency of the current research and the reason for choice of its main directions are caused by:
Lack of a common state conception of forming internal control systems
Lack of scientific and practical developments and methods of organization of functioning internal control systems in Russian companies
Necessity to develop methods of forming and introducing System of the Internal Control? Into Russian companies of bank community as well as recommendations concerning increasing the efficiency of control activities
Thus, does not exist the question of «Do we need the Internal Control Service in banking organizations?» . The only question is «What is meant by Internal Control Service and how to build it?» .
Литература
1. Письмо ЦБ РФ от 10 июля 2001 г. № 87-т «О рекомендациях Базельского комитета по банковскому надзору». http://www.zakonprost.ru/content/ Ьа§е/44573
2. Положение Банка России от 16 декабря 2003 г. № 242-П «Об организации внутреннего контроля в кредитных организациях и банковских группах» с изменениями от 24 апреля 2014 г. Система ГАРАНТ: http://base.garant.rU/584330/#ixzz3EJt ЯсЩ
References
1. Pis 'mo TsB RF ot 10 iyulya 2001 g. № 87-t «O rekomendatsi-yakh Bazel'skogo komiteta po bankovskomu nadzoru» [Letter CBR dated 10 July 2001 № 87-T «On recommendations of the Basel Committee on Banking Supervision»]. Available at: http://www.zakonprost.ru/content/base/44573 (in Russian)
2. Polozhenie Banka Rossii ot 16dekabrya 2003g. № 242-P «Ob organizatsii vnutrennego kontrolya v kreditnykh organizatsi-yakh i bankovskikh gruppakh» s izmeneniyami ot 24 aprelya 2014 g. Sistema GARANT [The Bank of Russia Regulation of 16 December 2003 № 242-P «On the organization of internal control in credit institutions and banking groups» as amended on April 24, 2014 System GARANT]. Available at: http://base.garant.ru/584330/#ixzz3EJtRcIj8 (in Russian)
