CGAP Training Operational Risk Management Slides

Download CGAP Training Operational Risk Management Slides

Post on 24-May-2015




4 download

Embed Size (px)


Slides for CGAP's training on Operational Risk Management.


<ul><li> 1. Risk Management in MFIsRisk Management in MFIs </li></ul> <p> 2. GoalGoal Improve the quality of risk management in microfinance institutions (MFIs) by: understanding the importance of an institutional culture of support for strong control systems assessing and measuring the vulnerability of your own institutions to areas of risk applying techniques for identifying and mitigating risks monitoring effectiveness of risk management strategies RM1-O1 3. Risk Management ObjectivesRisk Management Objectives Define risk management as it applies specifically to microfinance Identify risk areas (areas of vulnerability) for MFIs Educate stakeholders on the importance of risk management strategy to an MFI Ensure that client protection plays a critical role in prevention and social/operational risk management Develop internal controls for your MFI in conjunction with stakeholders Install internal audit in the internal control system for effective monitoring Ensure that information systems play a critical role in the risk management system Commission and use external audits effectively RM1-O2 4. Categories of Microfinance RisksCategories of Microfinance Risks RM2-O1 Social risks Mission drift Negative impact on clients Vulnerability of clients Internal conflicts Operational risks Credit Fraud Security inefficiency Financial risks Related to financial sustainability Asset-liability management Savings management Information quality Dependence External risks Regulation Competition Natural environment Macroeconomics Reputational Risk Reputational Risk 5. Risk ManagementRisk Management A Systematic ApproachA Systematic Approach Identifying, Measuring, and Mitigating Risks in an MFI RM2-O2 6. Control EnvironmentControl Environment RM2-O3 External Audit Risk Management Internal Control Internal Audit 7. Risk Management ProcessRisk Management Process Feedback LoopFeedback Loop RM2-O4 Adapted from Campion, Anita. 2000. Improving Internal Control: A Practical Guide for Microfinance Institutions. Technical Guide No. 1, MFN/GTZ International. 3. Design policies and procedures to mitigate risks 6. Revise policies and procedures 2. Develop strategies to measure risk 1. Identify, assess, and prioritize risks 4. Implement and assign responsibility 5. Test effectiveness and evaluate results 8. Internal ControlsInternal Controls RM2-O5 Preventive Detective Corrective 9. RM3-O1 EVERYONE Has a Role in Risk Management 10. A Mission StatementA Mission Statement RM3-O2 Describes the purpose of the MFI or its reason for existing. Provides the strategic orientation for the MFI. Communicates to stakeholders where the MFI is going. It tells us the MFIs contribution and commitment to its stakeholders. 11. WHY? BecauseWHY? Because Values Affect Operations RM3-O3 12. Keys to Effective Risk ManagementKeys to Effective Risk Management Stated mission and core values Motivated and confident people Conducive environment Well defined policies and procedures Sound methodology Accountability and transparency Security RM3-O4 13. The MFIThe MFI RM4-O1 PEOPLE Organizational Structure Mission and Values Technology Systems, Policies, and Procedures 14. My MFIMy MFI RM4-O2 Board of Directors General Manager Human Resource Manager Operations Manager Branch Auditor Savings Officer Accountant Cashiers Internal AuditorBranch Manager Branch Manager Bookkeepers IS Manager Credit Officer Finance Manager Branch Cashier 15. RM4-O3 16. Policies indicate direction Procedures tell how to implement and follow the policies Effective policies and procedures are Written Simple and clear Available Understood Relevant and up-to-date Implemented RM4-O4 17. Ask if the information isAsk if the information is Relevant Timely Accurate Distributed to the correct people Accessed by the correct people Well formatted Retrievable Traceable (able to be audited)RM4-O5 18. RM4-O6 19. Business Cycles of an MFIBusiness Cycles of an MFI MFI Credit and Savings Operations Cycle Procurement Cycle Treasury and Financing Cycle RM5-O1 20. Pillars and CyclesPillars and Cycles RM5-O2 Credit and Savings Procurement Treasury Human Resources Policies and Procedures Tools and Technology 21. Steps to Identifying Risks and InternalSteps to Identifying Risks and Internal Controls Using the Cycle ApproachControls Using the Cycle Approach Classify transactions, activities, and process by cycle Identify who is involved in the activities Identify risk points Prioritize risks Establish and implement policies to mitigate risk (internal controls) RM5-O3 22. RM5-O4 FRAUD The risk of loss of earnings or capital as a result of intentional deception by an employee or client* MFIs most vulnerable to fraud Weak information and accounting systems Changing systems Late completion of reports Weak internal control system High employee turnover Nonstandardized products and operations Loan officers handling cash High rate of growth *Adapted from Campion, Anita. 2000. Improving Internal Control: A Practical Guide for Microfinance Institutions. Technical Guide No. 1, MFN/GTZ International. 23. RM5-O5 Cost versus benefits Abnormalities Human error Staff turnover Workload volume Staff irresponsibility Judgment Management override Staff resistance Collusion Breakdowns Obsolete systems 24. External Audit RM6-O1 Control EnvironmentControl Environment Risk Management Internal Control Internal Audit 25. Internal AuditInternal Audit An internal audit is a systematic, objective appraisal of the diverse operations and controls within an organization to determine whether Financial and operating information is accurate and reliable Risks to the enterprise are identified and minimized External regulations and acceptable internal policies are followed Satisfactory operating criteria are met Resources are used efficiently and economically Clients are informed of the terms and conditions for the proposed services, and the services are of good quality, offered within the expected time limits and disbursed according to established procedures (specifically in terms of assessment of repayment ability) The MFIs goals are actually achieved; in particular, the client profiles are in line with the established goals. RM6-O2 26. RM6-O3 Internal AuditInternal Audit External AuditExternal Audit Conducted by an employee of MFI Done by an independent contractor Serves the needs of the MFI Also serves third parties Focuses on past and future events by evaluating controls to ensure achievement of goals Focuses on whether statements reflect historical events clearly and accurately Is directly concerned with preventing fraud Is incidentally concerned with fraud controls Source: CGAP Audit Manual, p. 12. Comparison of Internal andComparison of Internal and External AuditsExternal Audits 27. Function of the Internal AuditorFunction of the Internal Auditor Acts independently Reviews transactions in the field Compares actual procedures with those documented events Frequently reports to the board through written reports and presentations Reports on open items from previous audits RM6-O4 28. Major Areas of Focus of Internal AuditMajor Areas of Focus of Internal Audit Cash Loan operations Write-offs Savings operations Procurement Tools and technology Client protection, social performance Are policies and procedures being followed? RM6-O5 29. Internal Audit Output ExampleInternal Audit Output Example Audit Finding Sheet RM6-O6 Condition Criteria Cause Impact Recommendation Interest calculation for loan #101 was short $2/per month. Interest on this loan should be $10/per month. The loan officer used an outdated interest rate to make the calculation. The MFI lost $2 per month over the past three months, for a total loss of $6. Designated person reminds loan officers that interest rates are updated at the beginning of each month. Source: Campion, Anita. 2000. Improving Internal Control: A Practical Guide for Microfinance Institutions. Technical Guide No. 1, MFN/GTZ International. detail/2587. 30. InternalInternal AuditAudit OutputOutput ExampleExample Situation Criterion Cause Impact Recommendation Client complaints about unacceptable loan officer conduct Reported during client interviews Lack of ethics code, policies and procedures to define what is acceptable or unacceptable Client drop out Bad MFI reputation Clients under pressure Management should meet with employees to review MFI core values and rules A code of conduct should be set up Procedures should specify progressive collection measures Employees should receive training on MFI core values, code of conduct, and collection procedures RM6-O7 31. Internal Audit Output ExampleInternal Audit Output Example (continued)(continued) Summary Audit Report RM6-O8 No. Item Recommendation 1 No more than $10,000 cash should be kept at branch, but $16,000 found. Excess funds should be transferred to headquarters. Branch manager should oversee cash better and excess cash should be deposited immediately. 2 In a visit to the business of loan client #243, it was found that his shop had been closed for two months. Supervision measures should be Implemented to verify that businesses are still operating at the time a new loan is granted. Source: Campion, Anita. 2000. Improving Internal Control: A Practical Guide for Microfinance Institutions. Technical Guide No. 1, MFN/GTZ International. detail/2587. 32. Summary Audit Report Item Recommendation 3 The MFI requires physical collateral that exceeds the value of the loan by far and is unrealistic for the target population according to its mission statement and operational context. It should develop voluntary savings accounts that could serve as collateral, rely more on client repayment ability, develop forms of leasing (collateral based on the equipment bought with the loan). 4 The procedures manuals stress the importance of clearly explaining the terms and conditions when the loan is granted, but we observed very little communication between loan officers and clients during our audits. Introductory letters written in the local language should be drafted, which loan officers can read aloud and give to the client. RM6-O9 33. External AuditExternal Audit Benefits Lends credibility to financial statements and other management reports Ensures accountability of investors funds Identifies weaknesses in internal controls and systems The scope of audits may differ significantly and cannot be limited, and objectives can be added to each audit. RM7-O1 A formal, independent review of an entitys financial statements, records, transactions, and operations that is performed to express an opinion of an MFIs financial statements 34. Why have MFI external audits notWhy have MFI external audits not delivered desired results in the past?delivered desired results in the past? Poorly understood audit purpose Weak information system and internal controls Minimal compliance with normal standards Poor credibility of auditors Management techniques not matched to MFI portfolio risks Costs Auditors lack sufficient microfinance experience BUT external audits can and do deliver!! RM7-O2 35. External AuditExternal Audit PlanPlanningning 1. Appoint a contact person to oversee the audit. 2. Determine the scope of work and type of audit. 3. Prepare Terms of Reference for the audit. 4. Call for proposals. 5. Negotiate fees, schedule, and work plan. 6. Choose an auditor. RM7-O3 Source: CGAP Audit Manual, pp. 2023. 36. Resources and information sources for a social audit Depth of analysis Links SPI social audit by Cerise and ProsperA Audit Depends on the method used (internal audit only, internal audit backed up by an external resource, external audit) Focuses on 4 social performance dimensions: Targeting clients Quality of services Benefits to clients Social responsibility to employees, clients, the environment http://www.cerise-microfinance QAT Social Audit by Imp-Act and MFC Audit Audit backed up by external resource Focuses on the mission, the systems and procedures set up by the MFI The Smart Campaigns client protection assessment Audit Assessment and audit on the application of client protection measures in an MFIs processes, procedures and activities Social rating Rating If an MFI has no internal auditor, it can request a social rating, which is even more external than an audit. Each rating agency has its own standardized methodology MIX Market social performance reporting Reporting This is a framework for reporting, but an MFI can use it as a guide to identify certain standard aspects assessed internationally to measure the social performance of an MFI and to review the core components of a social audit SocialSocial AuditAudit ResourcesResources RM7-O4 37. Terms of Reference includesTerms of Reference includes Objective of the audit Scope of the audit Audit report and financial statements Management letter Agreed-upon procedures General issues Timing of the audit Cost proposal Submission of proposals Oral presentation RM7-O5 38. Desired Audit OutputDesired Audit Output Financial statements Notes to financial statements Unqualified opinions Management letter Other output as agreed upon Social audit report, if included RM7-O6 </p>