Bongko roland final report
Upcoming SlideShare
Loading in...5
×

Like this? Share it with your network

Share
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
395
On Slideshare
395
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
1
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. GENERAL INTRODUCTION:Unity Co-operative Society (UNICS) was created on the 15th of February 2000 by a resolution of aconstituent general meeting, with the goal to create added value to the Cameroonian economy. Thecreation of UNICS is backed by law No 92/006 of 14 August 1992 relating to the Co-operative Societiesand Common Initiative Groups and by its degree of implementation No 92/455/PM of 23rd November1992.UNICS is accredited to COBAC (D2002/48 OF 27/11/2002).UNICS has as mission to co-operate and solve future economic problems through present daydecisions and actions.UNICS’s primary objectives include; alleviation of poverty and unemployment through the creation ofwealth and financing of micro projects, provide efficient and rapid financial services to society throughthe medium of her dynamic staff.After 8 years of hard work and dedication, UNICS now boasts of 9 branches. These include; 1. Yaounde Marche Central, 2. Yaounde BiyemAssi, 3. Douala Deido, 4. Douala Bonaberi, 5. Buea, 6. Bamenda, 7. Kribi, 8. Limbe and 9. Bafut branches.UNICS also has correspondent branches abroad in the UK and in the USAFor 8 years (15/01/2000-31/12/2008) UNICS operated as a category I microfinance institution. Underthis category her activities were limited to those of a co-operative. She was considered a non profitmaking entity composed of members.As of 1st January 2009, UNICS becomes a category II microfinance institution and also moves fromUNICS to UNICS PLC (UNITY CO-OPERATIVE SOCIETY PUBLIC LIMITED COMPANY).The 28th of March 2009 marked an important step in the growth and development of UNICS. On thisUNIC’s status of a category II microfinance institution was approved by the General Assembly whichwas held in Bamenda.She now has the status of a profit making institution. She is now subjected togreater government scrutiny (She is now liable to value added tax (VAT)).The micro-finance sector in Cameroon is steadily growing. The sector has about 520,000 customers.(www.allafrica.com). UNICS has a customer portfolio of over 20 000 customers (THE LENDER.1stedition) as at 31st December 2008.This means that UNICS PLC has a microfinance market share ofabout 4% in Cameroon. 1
  • 2. PART ONE PRACTICAL TRAINING EXPERIENCE AT VARIOUS SERVICES Chapter 1 SERVICES AND ACTIVITIES(a) INTRODUCTIONI was recruited into UNICS PLC on the 2nd of February 2002.I had a probation period of three months. Itwas carried out in two phases: the Orientation Phase at Head Office/Yaounde Marche Central Branchand Technical Phase at the UNICS Kribi branch (as internal control trainee). During this probationperiod, I had the opportunity to visit all the services indicated below.It is worth noting that the branch isthe microcosm of the general organization of UNICS PLC. It is the commercial center of organization.(b) PRACTICAL EXPERIENCE ACQUIRED THROUGH SERVICES.(1) SERVICE/ OBSERVATIONS RECOMMANDATION ACTIVITIES Accounting Inconsistent filling Every personnel must be trained to keep archive Collects, records, and Ensure weekly check on archives. analyses and documentation Employees who fail to classify their documents should be reports financial sanctioned. statements of Access to affairs of UNICS documents not Each service must have a register to record movement of PLC restricted Insufficient filing archives and those responsible space(2) SERVICE/ OBSERVATIONS RECOMMANDATION ACTIVITIES Internal Control and audit Provide assurance to management about ; Inadequate Internal controllers should be given -Effectiveness of operations training adequate training and should -Economical and effective use of resources acquire enough experience in other -Reliability of financial reporting Lack of a to be able to do their work -Compliance with policies, procedures, and complete internal effectively. regulations, control audit -Safeguarding of assets manual An efficient an effective standard -Integrity, reliability of information, accounts audit and internal control system and data should be put in place.(pages 8,12 ) - Fraud, irregularity or corruption - risk management 2
  • 3. (3) SERVICE/ OBSERVATIONS RECOMMANDATION ACTIVITIES Banking operations, Customer service and tellers Chronos are not filed Ensure rearrangement of chronos in a chronological Receive, direct in a serial order. order. orientate and serve clients at different Not all accounts have The customer service should endeavor to produce a levels. pictures and list of all clients who haven’t got their pictures or signatures attributed signature in their accounts. to them. Staff working especially at the front office needs to be given regular training on customer relationship.(4) SERVICE/ OBSERVATIONS RECOMMANDATION ACTIVITIES Credit and Recovery, The entire Growing A clear plan for follow up of the client is very essential to ensure management delinquency rate. timely repayment. and recovery of loans. Increase debits in Ensure solid agreements exist between UNICS and her clients accounts. counterparties.Fixed assets are ideal as collaterals. A follow up of the strict implementation of the new credit policy should be put in place.(5) SERVICE/ OBSERVATIONS RECOMMANDATION ACTIVITIES Local and International Operations , Absence of updated account history with International transfer For local(speedy the Bank of America, this implies that there transactions should have a cash)and international is little or no control to approved deposits formal procedure. money transfers made in BOA for payout here in Cameroon. Recent crackdown of fraud of the 1st of April 2009 which included the depositing of fraudulent electronic cheques against the UNICS account of HSBC in London. 3
  • 4. (6) SERVICE/ OBSERVATIONS RECOMMANDATION ACTIVITIES General . . Shortages reported by tellers Electronic banking seems to be the final word. The may just be another means to use of automatic teller machines can effectively solve obtain a fast overdraft as the this problem or, final punishment is an Shortages or overages reported by tellers should be well investigated before sanctions are given to them. obvious debit into their account. The speedy cash network is very The system should be coded such that it can be exposed. An employee who has opened only on a particular computer in the office as the password to the website can it is done for Western Union. seat at any cyber cafe completely out of the office and effect a transfer or payment. Inadequate protection of UNICS should consider the desire for customer employee and client information. privacy and data security (bank secrecy), as well as the legislative and cultural norms. Some customers prefer assurances that their data will not be shared with third parties without their prior consent and that safeguards are in place to prevent illegal access by third parties. UNICS should ensure all employees are given a copy of the company’s data protection policy. Collectors may be existing as The risk may be minimized by recruiting only female “ghost banks” bearing UNICS collectors. PLC’s name (that is collecting cash from clients and taking Figures without clients signatures should not be custody of the sums). posted into the system and collectors must make Also it has been noticed that sure the clients sign against their deposits clients hardly sign against amounts deposited with Collectors should be given proper training on the collectors and therefore a risk products they market and the risk involved. exist that collectors may alter figures in their registers or . clients may claim inflated amounts. Collectors are untrained and can They (collectors) should also be trained on how to fill hardly market the products in figures involving overdrafts in the booklets of client. question. Constant electricity disruption Generators be made available to branches during working hours. 4
  • 5. PART TWO EXAMINE THE FUNCTIONING OF A STANDARD AUDIT AND CONTROL SYSTEMS IN A MICROFINANCE INSTITUTION (Case Study: UNICS PLC) Chapter 2 OVERVIEW OF SUBJECT MATTER(a) INTRODUCTION:This study is shaped to help UNICS improve the quality of internal audit and controls and her riskmanagement processes. It focuses on problem prevention (preventive control) and early problemidentification (detective control). The study provides guidelines for establishing operational activitiesthat will assist UNICS in identifying vulnerabilities, designing and implementing controls; monitoring theeffectiveness of controls. It also highlights problem resolution (corrective control) as a means for riskmanagement.More generally, objectives, budgets, plans and other expectations are bases for control and audit. Bysetting objectives, management can then identify the risks involved in achieving these objectives. Toaddress these risks, management may implement specific internal controls. The effectiveness ofinternal control can then be measured by how well the objectives were achieved and how effectively therisks were managed.One of the primary objectives of internal auditing in relation to corporate governance is helping theAudit Committee of the Board of Directors (or equivalent) perform its responsibilities effectively. Thismay include reporting critical internal control problems, informing the Committee privately on thecapabilities of key managers, suggesting questions or topics for the Audit Committees meetingagendas, and coordinating carefully with the external auditor and management to ensure that objectivesetting is considered a precondition to internal control.(b) DEFINITIONSAudit: The general definition of an audit is an evaluation of a person, organization, system, process,project or product. Audits are performed to ascertain the validity and reliability of information; also toprovide an assessment of a systems internal control. The goal of an audit is to express an opinion onthe person/organization/system (etc) in question, under evaluation based on work done on a test basis.Those who perform audits are called auditors (www.google.com).Control: A control is any action taken by the Board, Management and other parties to manage risk andincrease the likelihood that established objectives and goals will be achieved. Management plans,organizes, and directs the performance of sufficient actions to provide reasonable assurance thatobjectives and goals will be achieved (www.google.com).Microfinance institutions: refers to the provision of financial services to poor or low-income clients,including consumers and the self-employed. The term also refers to the practice of sustainablydelivering those services (www.google.com). 5
  • 6. Internal audit and internal controlAlthough internal control and internal audit are closely related, they are distinct from each other.Internal control is defined as a process affected by an organizations structure, work and authorityflows, people and management information systems, designed to help the organization accomplishspecific goals or objectives. It is a means by which an organizations resources are directed, monitored,and measured. It plays an important role in preventing and detecting fraud and protecting theorganizations resources, both physical (e.g. property) and intangible (e.g., reputation or intellectualproperty such as trademarks).Internal audit: An independent appraisal service to management that measures and evaluates theeffectiveness and efficiency of internal control system .It uses and investigative/detective approach.However, internal auditors are not responsible for the execution of company activities, they advisemanagement and the Board of Directors (or similar oversight body) regarding how to better executetheir responsibilities.(c) THE ROLE OF EXTERNAL AUDIT. • It should not be a part of the internal control process. • It should provide independent external comment on the standard, quality and coverage of internal audit. • It should not duplicate the internal audit work except grounds for concern. • Should examine and comment on both internal audit and internal control quality. 6
  • 7. Chapter 3 INTERNAL CONTROL STRUCTURE(a) INTRODUCTIONEffective internal controls and standard audits are the foundation of safe and sound banking systems.The purpose of internal controls is not to entrap employees; rather, good internal controls provide aworking environment in which good employees are not tempted to do something they would notordinarily do. The formality of internal control system will depend largely on an institutions size, thecomplexity of operations and its risk profile. However fraud and embezzlement schemes are not solely a problem of larger institutions. In fact, thevery size of small microfinance institutions creates opportunities for a weak internal control structureand fraud. Therefore the Board and Management of UNICS PLC should work within her scope todevelop methods that will safeguard the institutions resources and clients accounts and reduce theopportunity for fraud.A proposed internal control flow chart for UNICS PLC is presented below. (Figure 1) 7
  • 8. Figure 1: Proposed Internal Control Flow Chart for UNICS Plc Elements ofManagement Control System BOD and Management Control Environment External auditors and regulators Internal and External Risk Assessment Controllable and Uncontrollable Control Activities Approval and Authorization Segregation of duties Physical Controls Information Processing Obligatory Vacation for Staff Accounting, Information and Communication Monitoring 8
  • 9. (b) CHARACTERISTICS OF INTERNAL CONTROL/OBSERVATIONS /RECOMMENDATIONSControl environmentReflects the Board of Directors and Management’s commitment to internal control. This providesdiscipline and structure to the internal system. Management is accountable to the Board of Directors,which provides governance, guidance and oversight.The Board of Directors should: 1. Periodically discuss the internal control systems effectiveness with management, 2. Review internal control evaluation conducted by management and auditors, 3. Monitor management action on auditor recommendations, 4. Review the institutions strategies and risk limits. 5. Ensure that Management properly considers the risks and control issues associated with emerging technologies and also embrace electronic banking.The Board may delegate some of these duties and responsibilities to an Audit Committee or a riskcommittee.The General Manager of UNICS PLC has overall responsibility for designing and implementingeffective internal control. More than any other individual, the General Manager sets the "tone at the top"that affects integrity and ethics and other factors of a positive control environment. Virtually allemployees produce information used in the internal control system or take other actions needed toeffect control.Elements of a control environment • Organizational structure of the UNICS PLC • Management philosophy and operating style (All business strategies should be formal ) • The integrity, ethics and competence of personnel should be taken seriously into consideration. • External influences that affect the institution’s operations and its risk management for example independent audits should be taken into account.The effectiveness of human resource, policies and procedures should be reviewed on regular basis.However, whether UNICS PLC achieves operational and strategic objectives may depend on factorsoutside the enterprise, such as competition or technological innovation.Risk assessmentThis involves identification, measurement and analysis of risk (internal and external, controllable anduncontrollable) at individual business levels and for the institution as a whole. The Management ofUNICS should assess all risks facing the institution because uncontrollable risk taking can prevent theinstitution from reaching its objectives or can jeopardize operations.Control activitiesThese are policies, procedures and practices established to help ensure that bank personnel carry outBoard and Management directives at all business levels of the institution.I therefore propose that; • Only approved and authorised transactions and activities should be executed and violators should be given due punishment. • Duties should be segregated and rotated to reduce a person’s opportunity to commit and conceal fraud or errors (for example assets should not be in the custody of the person who procures, authorizes and records it) 9
  • 10. • Physical safeguards for assess to and the use of assets and records should be improved. (For example UNICS should secure facilities and control access to computer programmes and data files.) .The use of cameras to protect property is recommended. • Independent checks should be conducted on whether jobs are getting done and records accurate. Control over information whether automatic or manual should be adequate to ensure the integrity of management information systems, books and records. • UNICS employees should enter pertinent information into the processing systems in a timely manner ,A significant deficiency in a control system is a deficiency in risk management (for example the failure to process transaction in an accurate, thorough and timely manner which is a failure of internal control ,exposes the system to potential loses) • There should exist a requirement that officers and employees in sensitive positions be absent for two consecutive weeks each year. This will eliminate the risk of fraud due to a continues and uninterrupted presence.Accounting, information and communication systemsThis captures and imparts pertinent and timely information in a form that enables the Board,Management and employees to carry out their responsibilities. This includes accounting systems(methods and records that identify, assemble, analyze, classify, records and report an institution’stransactions). Information and communication systems (enable all personnel to understand their rolesin the control system, how their roles relate to others and their accountability). These systems ofinformation are very important as they produce reports on operations, finance and compliance thatenable Management and Board to run the institution. It also provides information to external partiessuch as regulators, shareholders and customers. It is important to note that Management InformationSystems are distinct from regular information systems in that they are used to analyze other informationsystems applied in operational activities in the organization.Self assessmentThis will involve UNICS’s own oversight of the control system performance. These are evaluation ofdepartmental or operational controls by persons within the area. All UNICS personnel should shareresponsibility for self assessment or monitoring. Also, all personnel should be responsible forcommunicating upward problems in operations, noncompliance with the code of conduct, or otherpolicy violations or illegal actions. Internal control must be consistently applied and well understood bybank staff if board and management policies are to be effectively implemented.However effective and well designed internal control systems are still subject to execution risk. In otherwords, most control systems are executed by human beings whom even if well trained and with thebest of intentions can still be subjected to distraction, carelessness, tiredness, or confusion 10
  • 11. Chapter 4 STRUCTURING OF A STANDARD AUDIT(a) INTRODUCTIONInternal audit is going through a significant period of development and change in UNICS which providesa number of opportunities and challenges. Corporate governance development in general has providedmuch focus on the rule of internal audit and internal auditors/controllers need to demonstrate the rightskills, knowledge and understanding of the organizations system of internal control. An organizationsinternal control structure is at the heart of its processes and controls. The Audit Committee or itsequivalent, with its responsibility of evaluating the efficiency of the organizations internal controlservice, needs to understand the concepts of internal control in order to be effective and efficient.Internal audit is vital in assessing, reporting and proposing solutions to management about theeffectiveness and efficiency of internal control systems.(b) INTERNAL AUDIT STRUCTUREThere are two possible structures:- A Centralized System where all auditors are stationed at head office and only go down to the field onregular basis for control and-A decentralized system where controllers are stationed at the branches or subsidiaries, perform auditsand report to a central controller.It is important to emphasise that internal control and internal audit are related but are different fromeach other.UNICS PLC uses the name internal controller to refer to internal auditors.My proposal is that the name internal controller should be changed and should be called internalauditor so that the functions of internal control and internal audit can be well understood..A proposed internal and decentralized audit organizational structure for UNICS PLC is as indicatedbelow. Figure 2.(also see reporting structure). 11
  • 12. Figure 2:Proposed Decentralised Internal Audit Structure for UNICS Plc Board of Directors Internal Audit Committee Chairman of the Board of Directors Vice Chairman of the Board of Directors National Internal Auditor Internal Auditor Internal Auditor Internal Auditor Reporting System Board of Directors Internal Audit Committee Chairman of the Chairman of the Board of Directors Internal Audit Committee (Chairman Vice Chairman of of the Board of the Board of Directors) Directors e National Internal AuditorInternal Auditor Internal Auditor Internal Auditor 12
  • 13. A developing best practice will be for the internal auditors who should be at the level of the UNICS PLCbranches to report directly to the National Internal Auditor who should be stationed at the Hea Office. The National Internal Auditor should report to the Audit Committee through the chairman ofthis committee who should be the chairman of the Board of Directors. In such cases, the commttee should have a means to evaluate the performancInternal audits should be designed as an integrated process, independent from other businessoperations, for evaluating the extent to which internal control achieves its objectives in key areas,including appropriate risk management, efficient and effective business operations, reliable financialreporting and compliance with laws, regulations and internal rules. It should offer advice and remedialrecommendations in connection with any problems that may be identified. Through this process,internal audits will assist the Boards of Directors of UNICS PLC to fulfill their managerial dutiesefficiently and effectively.The internal Audit Committee should determine all important matters concerning internal audits. Thecommittee should be chaired by the chairman of the board of directors. The internal Audit Committeeshould be able to monitor and manage internal audits at all UNICS PLC branches through internal auditreports prepared by internal auditors and submitted to the National Internal Auditor. These decisionstogether with the results of their examination of the internal audit reports are sent to the Board ofDirectors.(c) ROLE OF THE AUDIT COMMITTEE.Since the occurrence of significant frauds can frequently be attributed to an override of internal controls,the Audit Committee plays an important role to ensure that internal controls address the appropriaterisk areas and are functioning as designed. If fraud or irregularities are asserted or discovered, theAudit Committee, through the internal auditors, should investigate, and, if necessary, request legalcounsel to assert claims on the organization’s behalf. If fraud is discovered, or there is a reasonablebasis to believe that fraud may have occurred, the Audit Committee is responsible for ensuring that aninvestigation is undertaken and necessary measures taken.With a decentralized internal audit system UNICS will benefit as follows; 1. Fraudulent or erroneous transactions may be prevented before they occur because the internal auditors are present in the field and are monitoring all transactions. 2. Objective assessment of the effectiveness and efficiency of operations is easily accomplished. 3. Internal auditors at various levels of the institution will use their knowledge to spread good practices throughout the organization. 4. Management can easily get advice on whether the institution has sound systems of internal controls and therefore be in an ideal position to protect the organization against loses. 5. May detect mistakes caused by personal distraction, carelessness, fatigue, arrows in judgment, or unclear instructions in addition to fraud or deliberate non compliance with policies. 6. Can help UNICS measure performance, make decisions, evaluate processes and limit risk. 13
  • 14. Chapter 5 CATEGORIES OF FRAUD(a)INTRODUCTIONAn understanding of fraud is essential for the Audit Committee to carry out its responsibilities. The AuditCommittee also needs to be aware of the fact that, fraud affecting the organization often falls within oneof three categories: • Management fraud, which involves senior management’s intentional misrepresentation of financial statements, or theft or improper use of company resources. • Employee fraud, which involves nonsenior employee theft or improper use of company resources. • External fraud, which involves theft or improper use of resources by people who are neither management nor employees of the firm.This categorization of fraud is useful, but not absolute. This is because middle management employeesmay intentionally misrepresent financial statement transactions, for example, to improve their apparentperformance, or outside individuals may collude with company management or employees.It is proposed that internal audit staff be experienced and trained in fraud prevention and deterrence.With such training internal auditors can serve a vital role in aiding in fraud prevention and deterrence.This will help to provide assurance that • Risks are effectively identified and monitored; • Organizational processes are effectively controlled and tested periodically; and • Appropriate follow-up action is taken to address control weaknesses. The Audit Committee needs to ensure that internal auditors are carrying out their responsibilities in connection with potential fraud.(b) INTERNAL CONTROL AND FRAUD PREVENTION. (WHAT COULD BE DONE TO AVOID FRAUD ANDEMBEZZLEMENT IN UNICS)(1)AVENUE POSSIBLE FRAUD RECOMMENDATIONS This is one of the most A supervisor may regularly review a sample of all new important symptoms of loans issued and determine whether required fraud. Inaccurate or documentations are present, and if not, confirm missing incomplete records are information with third parties.Missing often used to hide fraud.documentatio Make sure loan documentation is complete: guaranteen Fictitious loans could be titles, insurance, charges deducted. Be aware of made in the name of counterfeit collateral. former borrowers. This way UNICS can also identify fraudulent practices by loan officers or non adherence to new policies before they are replicated on a wide scale. 14
  • 15. (2) AVENUE POSSIBLE FRAUD RECOMMENDATIONS MIS officers or managers or MIS reports should contain proper Resistance to some employees may be information for review by management for improve the resisting efforts to modify or internal control purposes. Management improve the MIS. There Information are“ghosts and skeletons” Management should regularly review MIS System(MIS) by the which they do not want to reports and consider possible modifications management or bring out. or improvements. some employees(3) AVENUE POSSIBLE FRAUD RECOMMENDATIONS I would say that the second most General ledger suspense accounts or frequent category of frauds (fictitious transit accounts should be reconciled Existence of loans being first) are done using general and checked weekly by an internal transit or ledger suspense accounts or transit controller. suspense accounts. accounts General ledger suspense accounts generally are used to temporarily "store" a transaction until all necessary information is available, but can also be used to hide an unauthorized transaction.(4) Embezzlements usually require the Policies that require managers andAVENUE POSSIBLE FRAUD RECOMMENDATIONS Lack of embezzlers ongoing attention. employees to take at least one and mandatory preferably two weeks vacation (not a day vacation policy here and there) reduce the risk of embezzlements.(5) AVENUE POSSIBLE FRAUD RECOMMENDATIONS Combination of duties may allow a Therefore total Segregation of duties is highly manager or supervisor to approve recommended to be fully applied or improved in the loans, set them up on the UNICS. No one should have full control of a Lack of system, issue the checks, and whole process or activity. segregation then cash them through a teller of duties. drawer. Make sure that managers and supervisors don’t (Combination know the tellers’ passwords and make sure the of duties as a Microfinance institutions with tellers change their passwords regularly. result of limited staff are often at risk of inadequate errors, fraud and embezzlement staff). because the critical work is done by few people.(6) 15
  • 16. AVENUE POSSIBLE FRAUD RECOMMENDATIONS Weak software can be used to A review and evaluation of the MIS by outside hide fraud. experts can reveal flaws in risk management and May be the programmers who internal control.Weak did conceive the softwaresoftware received no directions from For example a good application should log and experts in internal control as to report the user name and event date/time of all what internal control principles entry and deletion of transactions and also for or procedures to integrate into creating, editing, and deleting clients, loans, and the software (for example, schedules of installments. segregation of duties).(7) AVENUE RECOMMENDATIONS Adequate audit trails should be maintained. Audit trails will enable the tracing of any given item through the UNICS books. The internal controller or auditor should pull all loan files him/herself. He/sheInadequate audit should keep in mind that any person he/she is asking to assist could be a thief.trails The controller should verify every explanation that an employee offers. In some cases, the auditor should contact the loan recipient. Software should also have a thorough audit trail built in.(8) AVENUE RECOMMENDATIONS UNICS can benefit from outside experts to help her set up and makeAbsence of improvements to their internal control systems. It is often easier for an impartialtechnical third party to identify shortcomings in the internal control system than forassistance operational staff to objectively evaluate its effectiveness.(9) AVENUE RECOMMENDATIONS UNICS may encourage donor participation given that ; Donors can facilitate the development of internal control mechanisms by providing funds for the initial risk assessment and implementation of internal controls.Absence They may require UNICS to have some type of internal control mechanism, appropriateof donor to the UNICS’s level of developmentrule They may encourage UNICS to develop an operations manual and to conduct client visits as part of its regular operations. In addition, donors can support microfinance in their efforts to test new ways to mitigate old risks through new products, such as micro insurance, or operational control tools, such as internal audit software 16
  • 17. Chapter 6 IDENTIFYING AND MANAGING RISK(a) INTRODUCTIONSurprises may be fatal to UNICS. Risk is inevitable, avoiding risk impossible. Risk management is thekey. The more you know about what you are doing, the less risk you run. If you can define risks, youcan limit them. If business was good yesterday, good today, it is not a guarantee that it will be goodtomorrow. The recent case of bankruptcy by the Lehman brothers on September 15 2008 can clearlyexplain this.Management performs risk assessment activities as part of the ordinary course of business in each ofthese categories: strategic planning, marketing planning, capital planning, budgeting, hedging, incentivepayout structure, and internal auditors are typically part of the project team in an advisory role.(b) VARIOUS RISKS FACED BY UNICS PLC/RECOMMENDATIONS • Credit risk: This is the risk that the borrower will be unable or unwilling to pay back the loan. -Solid agreements should exist between UNICS PLC and her borrowers. • Counterparty risk: The risk that a party to a contract will be unable or unwilling to uphold their obligations (co-maker or co-signer). -Solid agreements should exist between UNICS and her counterparties. • Asset price risk: The risk that assets will depreciate in value, resulting in financial losses, for example those held as securities of collaterals for loans. -The long term effect on assets held as collaterals should be well evaluated. • Capital risk: A common concern with any investment is that you may lose the money you invest (your capital). -UNICS should implement a system of effective planning and objective setting in order to minimise loses. • Financial risk: UNICS shareholders bear an additional risk when UNICS uses debt in addition to equity financing. Companies that issue more debt instruments would have higher financial risk than companies financed mostly or entirely by equity. -Little or no dependency on debt financing will eliminate the risk. • Operational risk: The risk arising from execution of all UNICSs business functions. These involve; 1. Fraud (internal or external). 2. Clients, products, and business practice -market manipulation, antitrust and improper trade. 17
  • 18. 3. Damage to physical assets - natural disasters, terrorism and vandalism. 4. Business disruption and systems failures - utility disruptions, software and/or hardware failures. 5. Execution, delivery, and process management - data entry errors, accounting errors, failed mandatory reporting and negligence. To reduce operational risk adequate and flexible systems must be put in place; -Only valid or authorized transactions are processed. -Transactions occurred during the correct period or were processed timely. -All transactions are completely processed with no omissions. -Transactions are calculated using an appropriate methodology or are compute accurately. -Assets represent the rights of the company, and liabilities its obligations, as of a given date.Components of financial statements (or other reporting) are properly classified (by type or account) anddescribed. • Currency risk. Given that UNICS holds foreign currencies and also performs international transfers which involves exchange between currencies (the US dollar and the British pound), she runs the risk that currency movements alone may affect the value of the currencies she holds. -UNICS should limit the amount of foreign currencies she holds at a given time period. • Legal risk: (Data protection) UNICS runs the risk that the information she holds may not comply with the laws and regulations in force. This refers to the personal or client information UNICS holds and how it processes it. For example UNICS uses the internet for communication. The passwords to the email address boxes are not restricted to particular employees or are changed on a regular basis. This means that an employee who has resigned or is dismissed can still have access to the entire UNICS information being carried over the internet at anytime anywhere provided there is internet connection. Confidential information may easily reach unauthorized third parties. The therefore propose that passwords to UNICS email address boxes should be restricted to particular employees and should be changed on a monthly basis. UNICS should also review the security of her IT systems and premises regularly. • Legal risk: (Health and safety).Threat of accidents and casualties. For example the cashiers risk falling sick as a result of the continues touching of cash and the inhaling of its smell. -The Board must now, therefore, more than ever, embrace their overall responsibilities towards employee health. • Technology risk. UNICS runs the risk that key processes that she uses to develop, deliver, and manage its products, services, support operations, entry, transfer and storage of data may be lost .The importance of looking at technology risks in the context of UNICS business strategy is underscored by recent lessons learned from the tragedies of September 11th (While the vast majority of information systems recovered well and demonstrated the effectiveness of disaster planning measures, significant gaps in the continuity of key business process were experienced). By understanding the role that technology plays in supporting various business 18
  • 19. functions, UNICS management is in a better position to determine the relative importance of these functions and prioritize the systems, applications, and data involved. -An information classification program can be instrumental in prioritizing data, and the systems and applications through which it flows. Information classification involves distinguishing classes of data, or systems, and assigning relative priorities. A basic classification system might incorporate three or four categories ranging from” highly confidential" to "public" with various degrees in between. Once categorized, each class of data would be accorded certain treatment. Knowing the classifications allows bank management to trace the flows of information with an eye to ensuring proper protection throughout the system. Obviously, one would not want to see "highly confidential" and "public" information following the same transmission path or stored on the same computer server with only rudimentary controls. The information classification process will assist UNICS PLC Management in focusing attention on priority areas first and pinpointing key areas of vulnerability. • Political risk UNICS PLC faces complications as a result of what are commonly referred to as political decisions or any political change that alters the expected outcome and value of a given economic action by changing the probability of achieving business objectives. For example the recent government circular restricting banks from collecting account holding charges for deposit accounts. -UNICS may have a Chief Risk Officer who is charged with managing political risk or, in many cases, this is the obligation of the Chief Financial Officer.(c)RISK MANAGEMENT AND BUSINESS CONTINUITY.Risk management is simply a practice of systematically selecting cost effective approaches forminimising the effect of unforeseen circumstances to the organization. All risks can never be fullyavoided or mitigated simply because of financial and practical limitations. Therefore all organizationshave to accept some level of residual risks.The strategies involved in Risk Management include: 1. Transferring the risk to another party, 2. Avoiding the risk, 3. Reducing the negative effect of the risk and, 4. Accepting some or all of the consequences of a particular risk. • Risk avoidance: Includes not performing an activity that could carry risk. An example would be not buying a property or business in order not to take on the liability that comes with it. • Risk reduction: Involves methods that reduce the severity of the loss or the likelihood of the loss from occurring. • Risk retention: Involves accepting the loss when it occurs. True self insurance falls in this category. All risks that are not avoided or transferred are retained by default. War is an example since most property and risks are not insured against war, so the loss attributed by war is retained. • Risk transfer: In the terminology of practitioners and scholars alike, the purchase of an insurance contract is often described as a "transfer of risk." 19
  • 20. However if risks are improperly assessed and prioritized, time can be wasted in dealing with risk of losses that are not likely to occur. Spending too much time assessing and managing unlikely risks can divert resources that could be used more profitably. GENERAL CONCLUSION.The lack of effective internal controls is one of the remaining impediments to the development of asustainable microfinance industry; microfinance institutions (MFIs), technical assistance providers,donors, practitioner networks and regulators all have a role in overcoming this obstacle.The officials of UNICS PLC can study these internal control weaknesses that are common elements offraud or embezzlement and make necessary revisions to the UNICS internal controls. The ultimatetests of the effectiveness of UNICS internal control systems will be time and investor interest.Unfortunately, UNICS may suffer serious unforeseeable financial loss before discovering theweaknesses inherent in her internal audit and control systems if she becomes complacent, assumingthat what works well today will work well tomorrow.Microfinance institutions that proactively apply the principles of risk management and implement aneffective feedback programme will be able to uncover and address risk exposures and succeed the testof time. MFIs that prove their ability to manage and mitigate risk will be more likely to demonstrateconsistent profits, the primary objective of private investors.In addition, MFIs that implement effective internal control systems that aid in the risk managementprocess will be most effective in fulfilling the social mission to provide financial services to low incomesectors over the long-term.However if internal control system is implemented only to prevent fraud and comply with laws andregulations, then an important opportunity is missed. The same internal controls can also be used tosystematically improve businesses, particularly in regard to effectiveness and efficiency. 20