/

Bank internal control service: organization and functioning. Internal control and audit Annual report of the internal audit service of the bank

Internal control and the audit of VTB Group operates on the basis of the best global practices and fully complies with both requirements Russian legislation, both legislative and regulations countries where the Group operates. The order of interaction and subordination of the elements of the internal control system ensures the necessary level of their independence, which allows the entire system to function as efficiently as possible.

VTB Group's internal control system ensures:

  • efficiency and effectiveness of the Bank and VTB Group;
  • effectiveness of asset and liability management (including asset security) and risk management;
  • reliability, completeness and timeliness of provision of financial and management information and reporting;
  • information security;
  • compliance with laws, regulations, rules and standards;
  • excluding the involvement of VTB Group and its employees in illegal activities.

The VTB Group Management Committee has a Coordination Commission for Internal Control and Audit, which ensures the effective functioning of the internal control and audit system in the Group, as well as the practical interaction of relevant specialists.

The main objectives of internal control and audit of VTB Group are:

  • independent assessment of the effectiveness of internal control systems, risk management, accounting and reporting business processes, activities of departments and employees, as well as assessment economic feasibility and the effectiveness of transactions and transactions performed;
  • checking the reliability of internal control over the use of automated information systems, as well as checking the methods used to ensure the safety of property;
  • monitoring the main areas of risks and control mechanisms in order to identify shortcomings in the internal control system, new risks, as well as create preventive control mechanisms to prevent risk events;
  • developing recommendations for improving and increasing the efficiency of the systems, processes, procedures, transactions and activities of the Group’s divisions and employees;
  • organization effective interaction with external regulatory authorities and external auditors.

Internal control and audit of VTB Bank

In accordance with the Charter of VTB Bank, the system of internal control bodies of the Bank includes:

  • management bodies of the Bank (General Meeting of Shareholders, Supervisory Board, Management Board, sole executive agency Bank – President – ​​Chairman of the Board);
  • Audit committee;
  • Chief Accountant(his deputies);
  • heads of branches (their deputies) and chief accountants of branches (their deputies);
  • structural divisions (responsible employees) of the Bank exercising internal control.

Audit Committee

Responsibility for the proper functioning of the internal control system lies with the VTB Bank Supervisory Board. For a full-scale analysis and maintenance of an effective internal control system, there is an Audit Committee within the structure of the Supervisory Board.

More detailed information the composition of the Audit Committee and its activities is contained in the “Supervisory Board” section.

Audit committee

Control over the financial and economic activities of VTB Bank is carried out by the Audit Commission. The Audit Commission checks the Bank’s compliance with legislative and other acts regulating its activities, the establishment of internal bank control, the legality of transactions performed by the Bank (complete or spot check). The Audit Commission is elected at the annual General meeting shareholders of the Bank, which determines its number and composition for the period until the next annual General Meeting of Shareholders.

In accordance with the decision of the annual General Meeting of Shareholders of the Bank, held on June 19, 2014, for the first time the Audit Commission included a representative of VTB minority shareholders. The shareholders elected the following composition of the Audit Commission:

  • Platonov Sergey Revazovich – Chairman of the Audit Commission, Deputy Director of the Department financial policy Ministry of Finance Russian Federation;
  • Volkov Leonid Valerievich – authorized representative Chuvash Republic under the President of the Russian Federation, member of the Advisory Council of Shareholders of the Bank (representative of minority shareholders of the Bank);
  • Gontmakher Evgeniy Shlemovich – Deputy Director of the Institute of World Economy and international relations Russian Academy of Sciences, Deputy Director of the Kudrin Foundation for Support of Civil Initiatives, Member of the Board of the Institute modern development;
  • Kant Mandal Denis Rishievich – Head of the Department for Privatization of Organizations of Regulated Industries of the Department of Property Relations and Privatization largest organizations Federal agency on management state property;
  • Krasnov Mikhail Petrovich – Director of the Company “VERISEL S.A.” (Switzerland), member of the Board of Directors of JSC Russian Aircraft Corporation MiG;
  • Sabantsev Zakhar Borisovich – head of the monitoring department banking sector, summary and analytical work of the Department of Financial Policy of the Ministry of Finance of the Russian Federation.

In connection with the election of a new composition of the Audit Commission by the annual General Meeting of Shareholders, the following resigned from the Audit Commission in June 2014:

  • Marina Aleksandrovna Kostina – Deputy Head of the Department of Industry Organizations and Foreign Property of the Federal Agency for State Property Management;
  • Alexey Borisovich Mironov – member of the Board of Directors of OJSC Roskhimzashchita Corporation, CEO LLC "YB";
  • Tikhonov Nikita Vadimovich – head of the department of the Financial Policy Department of the Ministry of Finance of the Russian Federation;
  • Turukhina Maria Aleksandrovna – head of the department of financial and credit organizations, oil, gas, fuel and energy, coal industry and natural resources Directorate of Industry Organizations and Foreign Property of the Federal Agency for State Property Management;
  • Filippova Olga Yurievna – member of the Audit Commission.

In 2014, no remuneration was paid to members of the Bank's Audit Commission.

Information about the Bank's Audit Commission can be found in more detail on the VTB Bank website at: http://www.vtb.ru/ir/governance/control/revission_commition/.

Internal Audit Department

To assist management bodies in ensuring the effective operation of the VTB Group, the Bank has an Internal Audit Department (IAD). VAD monitors the internal control system, audits, and also provides independent recommendations for improvement banking and control procedures.

VAD is an independent structural division of VTB Bank and is directly accountable to the Supervisory Board. The Supervisory Board approves the VAD work plans, monitors their implementation, reviews the VAD reports on the results of audits and monitoring of the internal control system, as well as on the implementation of the VAD recommendations to eliminate identified deficiencies.

The structure of the VAD includes divisions responsible for ongoing monitoring, coordination of internal control systems in the Group, and audits. In order to increase the efficiency of monitoring the internal control system in the Bank's regional network, some of the VTB employees work on a permanent basis in VTB's territorial divisions.

The competence of the Internal Audit Department includes:

  • checking and assessing the effectiveness of the internal control system;
  • checking the effectiveness of the banking risk management system;
  • checking the accuracy, completeness, objectivity and timeliness of accounting and management reporting;
  • checking compliance with the requirements of the legislation of the Russian Federation, regulatory acts and supervisory authorities;
  • checking the adequacy and reliability of the internal control system over the use of automated information systems;
  • ensuring uniformity of approaches to organizing internal control in the VTB Group.

The Department of Internal Affairs interacts with the Audit Committee and the external auditors of the Bank in terms of providing information about the internal control system, as well as the main deficiencies identified by the Department during the period audited by the auditors.

Compliance control

The main goals of the VTB Group compliance control system are:

  • compliance of the activities of the Group companies with the legislation of the country of registration, internal documents of the companies, standards self-regulatory organizations, customs of business activity;
  • efficiency of regulatory (compliance) risk management;
  • creating and maintaining an effective management information and reporting system;
  • excluding the involvement of VTB Group and the participation of its employees in illegal activities, including manifestations of corruption, misuse insider information and market manipulation;
  • maintaining the high reputation of VTB Group and increasing it investment attractiveness on financial market.

The functional coordinator for compliance for VTB Group companies is the Compliance Control Department of VTB Bank.

Under the Management Committee of the VTB Group, a Coordination Commission for Compliance and Internal Control has been created and is functioning in order to combat money laundering and the financing of terrorism, at the meetings of which issues also fall within the competence of the compliance companies of the Group.

In 2014, the Coordination Commission held two in-person and five absentee meetings on compliance and internal control to combat money laundering and the financing of terrorism, as well as two internships and three round tables with the participation of representatives of VTB Group companies.

The basic requirements for organizing the compliance system, standards and principles of its functioning in the VTB Group, distribution of powers and areas of responsibility are enshrined in the Group’s internal documents. In 2014, in order to reflect the new Bank of Russia requirements for internal (compliance) control, the VTB Group updated the following compliance documents:

  • The concept of consolidated management of the compliance function of VTB Group;
  • Regulations for interaction between VTB Group companies in the functional area of ​​compliance.

External auditor

To conduct an audit and confirm the reliability of the annual financial statements, VTB Bank engages an independent professional auditing organization - an external auditor.

In accordance with current legislation The auditor is selected on the basis of an open competition. The procedure for holding the competition is regulated Federal law dated 04/05/2013 No. 44-FZ “On the contract system in the field of procurement of goods, works, services to meet state and municipal needs.”

As part of the preparation for the competition, VTB Bank is developing competition documentation. Review of the tender documentation and the initial price of the contract for the provision of audit services is carried out by the Audit Committee of the Supervisory Board. An open competition for the selection of an auditor is held by the Bank's Tender Committee.

During the competition, members of the commission review applications received from competition participants. Based on the criteria specified in the tender documentation, applications are compared and the participant who offers the best financial and technical specifications. The audit organization selected based on the results of the competition is recommended by the Supervisory Board for approval by the annual General Meeting of Shareholders.

Based on the results of the audit of the financial and economic activities of VTB Bank, the external auditor prepares a conclusion, which is submitted to the Audit Committee for a preliminary assessment. The prepared audit report is sent to the Supervisory Board and is also presented at the annual General Meeting of Shareholders of the Bank.

In 2014, Ernst & Young LLC, a Russian company, was approved as the external auditor of VTB Bank. subsidiary one of the world's leading audit firms, EY company.

EY's Russian subsidiaries have been the auditor of VTB Bank since 2003. The company has no other property interests in VTB Bank, except for payment for audit services, and has no affiliation relations with the Bank, members of its management bodies and VTB subsidiaries.

Anti-money laundering

VTB Group attaches great importance to activities to combat money laundering and the financing of terrorism.

As part of coordinating the activities of the Group's companies in this area, VTB Bank develops uniform group-wide financial monitoring standards and ensures their compliance by subsidiaries. Constant communication and exchange of information between the relevant divisions of the Group companies allows us to effectively manage the risks of money laundering and terrorist financing on a systematic basis.

Paying great attention to the quality of the client base, VTB Bank and its subsidiaries implement all the necessary procedures as part of the program for identifying and studying clients, and also carry out systematic work with correspondent banks.

Drafts of all internal regulatory documents defining the procedure for the provision of banking products and services undergo mandatory examination to determine the possibility of using the relevant product (service) for carrying out operations for laundering criminal proceeds. If necessary, measures are taken to minimize potential risks.

IN reporting period VTB Group provided effective management risks of involvement in the process of money laundering and terrorist financing.

Head of the Internal Audit Service of Samruk-Energy JSC

He has been heading the Service since 2012. Member of the international Institute of Internal Auditors (IIA). Holds an international certificate internal auditor CIA, Diploma of the International Institute of Audit and Management IFA (DipIFA), international certificate CAP ESSBA.

In modern conditions economic situation, when both the external and internal environment of the Company are faced with risks of the widest range, we recognize the importance of the role of internal audit in achieving the strategic goals of the Company. Today, the Company's internal audit is an effective tool designed to identify opportunities to improve the efficiency of the Company's activities.

Our Internal Audit Team consists of qualified, experienced professionals.

The activities of the Internal Audit Service are built on the International Foundations of Professional Practice of Internal Auditing and are recognized as complying with the International professional standards internal audit.

Using our skills and knowledge, we bring value to the Company by providing independent and objective assurance and advice aimed at improving risk management, internal control and corporate governance in the Company and its subsidiaries and affiliates.

The service is functionally accountable to the Board of Directors of the Company, administratively – to the Management Board of the Company. The activities of the Service are supervised by the Audit Committee. The head and employees of the Service are appointed by the Board of Directors.

In 2016, the number of the Service was 7 people.

Internal auditors carry out continuous Professional Development. Thus, employees of the Service have an international certificate of internal auditor CIA, diplomas from the International Institute of Audit and Management IFA (DipIFA), an international certificate CAP ECCBA, diplomas from the Institute of Financial Managers of Great Britain (DipPIA and DiPCPIA).

The main functions of the Internal Audit Service are:

  • Assessment of risks, adequacy and effectiveness of internal control over risks in the field of corporate governance, operational (production and financial) activities of the Company and its subsidiaries and affiliates, as well as their information systems;
  • Carrying out, in the prescribed manner, an assessment (diagnosis) of the corporate governance system in the Company and its subsidiaries and affiliates, including assessment of the implementation and compliance with the accepted principles of corporate governance, relevant ethical standards and values ​​in the Company and its subsidiaries and affiliates;
  • Verification of compliance with the requirements of the legislation of the Republic of Kazakhstan, international agreements, internal documents of the Company and its subsidiaries and affiliates, as well as compliance with the instructions of authorized and supervisory authorities, decisions of the bodies of the Company and its subsidiaries and affiliates, as well as assessment of systems created in order to comply with these requirements;
  • Assessing the adequacy of the measures taken by the divisions of the Company and its subsidiaries and affiliates to ensure the achievement of the goals set for them within the framework of the strategic goals of the Company and its subsidiaries and affiliates.

Annual risk-based audit plans are reviewed and approved by the Company's Board of Directors.

All planned audit assignments were completed in full.

In carrying out its functions, the Service confirmed to the Board of Directors its independence from the influence of any persons.

The KPIs of the Service and its head are established taking into account the strategic goals of the Company. The Board of Directors of the Company assessed the activity of the Service as “effective”.

Working with the Company's trust mail

The service is authorized body for consideration, monitoring and control over the consideration of requests received at the Company's trust mail. In 2016, 45 applications were received and considered.

Internal control is a process carried out by the bank (bank management bodies, structural divisions and employees) in order to ensure safe and liquid banking in accordance with the requirements of the legislation of the Republic of Belarus and local regulatory legal acts of the bank (local acts of the bank);

Internal control system is a set of organizational structure, procedures and methods adopted by the bank as a means for the orderly and efficient conduct of banking activities, risk reduction, cost minimization and asset safety.

The purpose of the internal control system is to ensure:

efficiency and effectiveness of financial and economic activities when performing banking operations and other transactions, the effectiveness of managing banking risks, assets and liabilities, including ensuring the safety of assets;

reliability, completeness, objectivity and timeliness of preparation and presentation of financial, accounting, statistical and other reporting (for external and internal users), as well as information security;

compliance with the requirements of regulatory legal acts of the Republic of Belarus, local acts of the bank;

excluding the bank's involvement in financial operations of an illegal nature, including preventing and suppressing acts related to the laundering of illegally obtained income.

Internal audit is part of an integral internal control system aimed at improving the bank’s activities.

Internal audit refers to independent control and assessment of the bank’s activities, carried out by the internal control department conducting regular inspections of the bank’s structural divisions.

The purpose of the internal audit is to assess the adequacy of the functioning internal control system in the bank to the operations carried out and the risks assumed.

The Internal Audit Service monitors, verifies, and evaluates the effectiveness of the bank’s internal control system, makes its proposals for improving its effectiveness and controls their implementation.

In the course of their activities, auditors must be guided by the current legislation of the Republic of Belarus and local acts of the bank, as well as adhere to generally accepted moral rules, ethical standards and observe the following principles:

independence;

professionalism;

ethics of behavior.

The main structure of the internal audit workflow includes the following steps: planning the audit, conducting the audit, and implementing audit recommendations.

Planning the activities of the internal audit service should determine the most important areas of control based on the risk approach and contribute to the most effective distribution of responsibilities among auditors.

Planning should be carried out in accordance with the following principles:

Complexity, which involves ensuring interconnectedness and consistency of all stages of planning;

    continuity, which is expressed in the interconnection of planning stages by time frame and by structural units subject to inspection;

    optimality, which lies in the fact that in the planning process the auditor should be able to select the optimal version of the audit procedure for its timely and high-quality implementation.

Planning of the activities of the internal audit service is carried out taking into account the requirements of the current legislation of the Republic of Belarus and the strategic objectives of the bank.

When planning, increased attention is paid to structural divisions and banking products that have the greatest risk. For this purpose, auditors conduct preliminary monitoring and analysis of information on activities structural divisions. Monitoring is aimed at studying key risks and the likelihood of their occurrence in a particular structural unit of the bank or banking product.

Every year, 10 days before the start of the planned period, the head of the internal audit service submits annual plans of work and inspections for approval to the Chairman of the Board of the bank or the curator of the internal audit service.

The Internal Audit Service plans its work in such a way as to ensure a certain (at least once every three years) frequency of inspections of structural units. The audit cycle is determined based on the analysis and risk assessment of the audited object.

The process of conducting an internal audit includes: preparing an audit, conducting an audit in a structural unit, agreeing on deficiencies and a draft report with those being audited, drawing up working documentation and a final report based on the results of the audit.

The Internal Audit Service carries out the following checks:

inspection of financial and economic activities (bank branches, banking business areas or divisions of the bank’s Central Office);

checking certain issues of financial and economic activities of structural divisions;

thematic inspections of structural units;

checking the implementation of measures based on the results of previous audits;

unscheduled inspections on instructions from bank management.

An audit of financial and economic activities involves full-scale control over all areas of banking activity of the inspected entity in order to identify banking operations that are at greatest risk, ineffective banking, violations of banking legislation, establishing facts of theft and embezzlement, etc.

Checking certain issues of financial and economic activity involves exercising control in several areas of banking activity.

Thematic testing is carried out on one specific issue. When conducting a thematic audit, a specific issue of the financial and economic activities of the bank’s structural unit is analyzed and verified, banking product or compliance with bank policies in a particular area of ​​banking.

Verification of the implementation of measures based on the results of previous inspections is carried out in order to assess the completeness and effectiveness of the measures taken by the management of the structural unit to eliminate and prevent in the future the deficiencies and violations identified by inspections.

Unscheduled inspections may be initiated by the Chairman or Member of the Bank's Management Board, or by the bank's collegial management body.

Inspections of the bank's subsidiaries are carried out on the basis of decisions of the bank's collegial management bodies or the Chairman of the Bank's Management Board.

The audit preparation process consists of the following stages:

determining the goals and methods of the audit, taking into account risk areas in the activities of the audited structural unit;

familiarization with information about the object subject to inspection available to the internal audit service and its analysis;

determination of the period covered by the inspection and the preliminary timing of the inspection;

determining the scope of the audit;

determining the required composition of the group of auditors to perform the audit;

development and approval of an inspection program.

Familiarization with information about the object subject to inspection is carried out on the basis of:

    materials of previous inspections conducted both by specialists of the internal control department and other divisions of the bank;

    materials of inspections carried out by external regulatory authorities;

Measures to eliminate violations identified by inspections and information on the progress of their implementation;

Information about the activities of the object of inspection received from the structural divisions of the Central Office of the bank;

    information about the activities of the object of inspection, obtained through software products used in the bank;

    decisions of the collegial bodies of the bank regulating the activities of the object of inspection;

    accounting and statistical reports (balance sheets, accounts receivable and accounts payable etc.), information about changes in the organizational structure and other materials related to the activities of the audited entity.

To fulfill their duties within the approved assignment, auditors have the right of free access to review and verify all documents relating to the bank’s activities (books, accounts, reporting, business correspondence, application software operating in the bank’s system). Department employees can make copies of received documents, records with transcripts stored in local computer networks and autonomous computer systems in accordance with the procedure established by the bank. Auditors determine the compliance of actions and operations carried out by bank employees with the requirements of current legislation and regulations National Bank RB, local acts of the bank.

The timing of inspections is determined by the head of the internal audit service, depending on the scope of the planned inspection and the composition of the working group.

The period for conducting an audit of the financial and economic activities of a structural unit should not exceed 30 calendar days. Extension of the inspection period is carried out by the Chairman of the Bank's Board on the basis of a request from the head of the inspection.

The period for conducting inspections of individual issues of banking activities, implementation of activities, thematic and unscheduled inspections is set individually in each individual case, depending on the volume and complexity of the issues being inspected, but not more than the period established for conducting an inspection of financial and economic activities.

The composition of the working group for conducting the audit is determined based on its nature, complexity, expected amount of working time, level of professionalism of auditors and their specialization. It is possible to involve specialists from the bank’s structural divisions in the working group to carry out the audit based on the decision of the Chairman of the Board or Member of the Board of the bank.

To conduct an audit of financial and economic activities, a working group of at least 3 specialists is appointed. The head of the working group, as a rule, is the chief auditor of the internal control department. In some cases, another specialist from the staff of the internal control department may be appointed as the head of the working group. During the inspection period, all members of the working group are subordinated directly to the head of the working group, regardless of their performance of their direct official duties.

To determine the main issues to be checked, the head of the audit, in agreement with the head of the internal audit service, develops and submits for approval to the Chairman of the Board of the bank or the curator of the internal audit service an audit program. Changes made to the verification program must be agreed upon with the person who approved it.

When conducting inspections of the implementation of measures based on the results of previous inspections, thematic and unscheduled inspections (except for complex ones), drawing up an inspection program is not required.

Conducting inspections and ensuring audits. The basis for an inspection carried out by the internal audit service is an order or instruction (written or oral) from the Chairman of the Bank's Management Board to conduct it.

The verification consists of two stages:

    preliminary assessment of the activities of the bank’s structural unit for the planned period;

    comparative assessment of preliminary data with the actual state of affairs in the structural unit.

At the first stage, members of the working group preliminary collect and analyze information in order to determine the most risky areas in the activities of the structural unit identified for inspection. Based on the order (instruction) to conduct an inspection of a structural unit, the Department of Automation and Information Technology, for the period of the inspection, provides members of the working group with access to automated resources used by the unit being inspected. Based on data obtained from automated banking systems, based on the results of interviews and other sources, a preliminary analysis of the activities of the audited unit is carried out, and the most risky areas are determined.

From the collected information and analysis, preliminary conclusions and proposals are made for more detailed monitoring and preparation of recommendations at the second stage.

Analysis of the activities of the bank's structural divisions should be carried out on an ongoing basis.

At the second stage, an assessment of previously obtained information with the actual state of affairs in the structural unit is carried out directly with access to its location.

The head of the facility subject to inspection is informed of its conduct the day before and must be familiarized with the inspection program on the day the inspection begins. Unannounced inspections on the instructions of the bank's management are carried out without prior notification to the management of the structural unit of the bank being inspected.

When conducting an inspection, the head of the inspected structural unit is obliged to:

    ensure the creation of auditors working conditions, satisfying the effective conduct of the inspection and prompt submission of all necessary documentation and information, as well as provide, upon their oral or written request, clarifications and explanations in oral or written form on the facts of violations identified by the inspection;

    facilitate the inspection, that is, not allow any actions aimed at limiting the range of issues to be clarified during the inspection;

    not to influence auditors in order to change their conclusions based on the results of the audit.

When conducting an audit of a structural unit of a bank located outside the central office of the bank, the head of the unit being inspected must provide auditors with workplaces, if possible, in an office space isolated from unauthorized persons. The work group should also be provided with computers with software, allowing you to view transactions and reporting on financial and economic activities. When conducting inspections outside the mountains. In Minsk, the head of the working group is provided with mobile communications.

Documents and other materials requested by the auditors are transferred to the workplaces of the members of the working group in the manner and within the time limits established by them. Documents not submitted before completion of the inspection will not be taken into account.

The head of the audited facility is responsible for the accuracy of the information provided in respect of which the audit is being conducted.

Scope of work. When conducting an audit, the auditor must know the specific objectives of the audit and independently determine the audit methods by which these objectives can be best achieved. The use of verification methods depends on the nature and volume of operations performed by the unit being audited, the level of the internal control system, the volume and results of previous audits.

The inspection can be carried out using a random or continuous method.

The professional level of the auditor does not require detailed control of all transactions (operations), but allows for inspections to be carried out within the required limits. When conducting a random audit, auditors cannot give absolute guarantees that there are no violations or compliance with established standards.

Sampling is a method of conducting an audit in which the auditor checks the activities of a bank’s structural unit not in a continuous manner, but selectively. The most important requirement that must be met when sampling is to ensure its representativeness. Representativeness of a sample is a property of a sample that allows the auditor to draw correct conclusions about the entire population being audited. The representativeness requirement assumes that all elements of the population being checked (the totality of all elements of documentation of a bank’s structural unit being checked in a given area) must have an equal probability of being selected for the sample.

The size of the sample and the need to reflect it in the audit materials are determined by the auditor or the head of the audit. In determining the sample size, the auditor must consider the margin of error and sampling risk, which is the possibility that the audit conclusions and suggestions based on the sample may differ from the conclusion that would have been reached if the auditor had tested the entire set of data, using the same analytical procedures.

If, during a random check, facts of theft, embezzlement, or abuse are established, all documents related to the issue on which these facts were identified must be thoroughly checked. Documents for writing off losses and damages are subject to complete verification.

Internal audit reports and documentation. In the audit materials, the auditor must reflect everything known to him and confirmed by the relevant documents facts resulting in violation of the requirements of current legislation, local bank regulations, distortion of reporting, other information or concealment of illegal actions.

If violations are established, the auditor is obliged to find out their essence, namely: what was violated, in what period and how.

When identifying shortcomings and violations, it is also necessary to establish the causes of the violation, their consequences and those responsible.

When conducting audits, auditors must assess the sufficiency and effectiveness of the internal control system of the audited unit.

Based on the results of the audit, auditors must give appropriate recommendations to eliminate identified violations and strengthen internal control.

The head of the working group is personally responsible for the entire progress of the audit. Members of the working group bear personal responsibility for the timely and high-quality inspection within the limits of the duties assigned to them and the rights granted.

The results of the inspection of a structural unit are documented in a report on the inspection results. The report on the results of the audit provides generalized final data and facts, as well as recommendations for eliminating identified deficiencies in future work.

Comments from the internal audit service on the activities of the unit being audited and recommendations for improving its performance are also included in the audit materials. If the auditor has a special opinion on the results of his audit when drawing up a report, he has the right to make a reservation about this. The head of the audit has no right to insist that the auditor change his conclusions or assessment based on the results of the audit.

The structure of the audit report includes a title page, an overview, a table of results and a report in detail.

The title page contains general information about the audit object and the officials to whom the report is sent; the general view includes all the main results of the audit and contains a generalized audit opinion about the state of affairs in the audited structural unit, the main shortcomings and risks; the results table contains recommendations based on the audit results; the report contains a detailed description of the shortcomings and violations and recommendations for eliminating them and preventing them from happening in future work, the timing of the inspection and approval, the period under review and the composition of the working group.

Based on the results of the check (audit) of cash registers, exchange offices an act is drawn up in the form established by the relevant regulatory legal acts of the National Bank, which are attached to the report.

Materials from unscheduled inspections on the instructions of bank management may be prepared with deviations from the established procedure and standard report form.

All materials supporting audit findings should be documented as part of the audit workpapers, including the use of worksheets. IN necessary cases The report may be accompanied by copies of documents or extracts from various accounting registers, as well as certificates and calculations drawn up on the basis of verified documents, certified in the prescribed manner.

The worksheet attached to the report documents the violations and indicates all the necessary data for each fact: the period during which the violations were committed and their nature, dates and document numbers, perpetrators and other necessary information. Worksheets are prepared in duplicate. One copy of the worksheet remains in the structural unit until the final version of the audit report is signed.

Coordination of the worksheet with the heads of the inspected departments (responsible executors) must be carried out no later than one working day before the completion of the inspection.

On the day the inspection is completed, the inspection manager systematizes the materials based on its results and generates a preliminary version of the report. The management of the audited unit is informed about recommendations for eliminating operational deficiencies that will be given by the internal audit service.

One copy of the preliminary report remains with the audited unit for approval of recommendations. Within 3 working days after completion of the audit, the materials must be agreed upon with the head of the internal audit service, its supervisor, and, if necessary, with the heads of interested departments of the bank's Central Office. After the specified period, the final version of the agreed report in two copies is signed by the head of the inspection, registered by the Secretariat in accordance with the local regulations of the bank and sent to the structural unit subject to the inspection for review.

The head and chief accountant of the audited unit are required to familiarize themselves with the audit materials within one working day, about which the corresponding signatures are made in the final part of the report, and send the first copy of the final version of the report along with worksheet to the internal control department for storage.

Within the time limits indicated in the table of results, the management of the audited structural unit must inform the internal audit service about the implementation of recommendations based on the results of the audit. Control over the implementation of recommendations is assigned to the head of the inspection.

Responsibility for eliminating deficiencies and violations identified by inspections and implementing audit recommendations lies with the heads of the audited departments.

After the implementation of the audit materials, preliminary versions of the report must be destroyed.

Based on the results of the audit, the structural unit may be offered specific recommendations to eliminate the deficiencies reflected in the audit materials. These include:

    organizational measures aimed at increasing the efficiency of interaction between structural divisions in order to reduce costs, as well as improving the control system at all stages of operations;

    activities aimed at developing specific actions to eliminate identified violations and shortcomings, as well as review or improve the functional control system.

In addition, based on the results of inspections, the internal audit service can provide heads of departments of the Central Office with recommendations on changing the bank’s local regulations, refining or developing software, revising procedures governing banking operations, or other recommendations. Recommendations are recorded in the report based on the results of the audit and are drawn up in a memo addressed to the head of the structural unit signed by the head of the internal audit service or its supervisor.

Sales of materials. The inspection materials are reviewed by the curator after receiving the final report. The Chairman of the Board and the chief accountant of the bank must be informed about the results of the audit. Information on the results of inspections may also be sent to Members of the Bank's Management Board. After reviewing the materials, together with the head of the internal audit service, the method of their implementation is determined. Depending on the volume and significance of the identified violations, one of the following forms of implementation will be used:

    review of materials by the Chairman of the Board of the bank;

    consideration at meetings of the bank’s collegial bodies;

    review of the inspection results at a working meeting with the supervisor;

    information letter (memorandum) addressed to the management of the inspected object.

Sales of materials are carried out no later than 30 days from the date of signing the report on the results of the inspection. Review of materials can be carried out both with the participation of the management of the structural unit being inspected, and without its participation. The heads of interested structural divisions can also take part in the review of materials, who first familiarize themselves with the inspection materials.

After 6 months from the end of the audit, the internal audit service checks the implementation of measures to eliminate the deficiencies recorded in the report based on the results of the audit of financial and economic activities. This inspection is carried out in accordance with the approved procedure. The inspection should reflect the completeness and effectiveness of the measures taken by the structural unit to eliminate and prevent in the future the shortcomings and violations identified by the previous inspection. In addition, the progress and degree of implementation of recommendations and the presence of violations similar to those previously identified are recorded. Inspections of the implementation of activities based on the results of thematic inspections, inspections of individual issues and unscheduled inspections on the instructions of the bank’s management can be carried out either directly to the bank’s structural unit or through correspondence.

Inspection materials are documents for official use and are registered under special records management.

Any unauthorized reproduction and distribution of inspection materials is prohibited. Responsibility for unauthorized duplication and distribution of inspection materials during the period of inspection is borne by the head of the inspection, while they are in the inspected unit - by the head of this unit, and after receipt by the department of internal control and registration - by the person responsible for conducting special office work.

Familiarization with the materials of inspections of heads of structural divisions of the bank is carried out only with the permission of the head of the internal audit service. Submission of materials to third parties is carried out in agreement with the Chairman of the Bank's Management Board or curator.

The Internal Audit Service studies, summarizes and systematizes shortcomings and violations identified based on the results of inspections of the bank's structural divisions carried out by the department. By agreement with the Chairman of the Board or the curator, generalized inspection materials are communicated to the bank’s structural divisions.

Coordination of actions. The Internal Audit Service organizes and coordinates work in the field of control and audit with the National Bank of the Republic of Belarus, external regulatory authorities, and the external audit of the bank. The head of the internal audit service is the official representative of the bank in working with members of the bank's audit commission, external audit and contributes to the implementation of their plans and actions.

The Internal Audit Service has the right to request all bank documents and information necessary for inspections by the National Bank of the Republic of Belarus, external regulatory authorities and external audit. Requests for information and documents are sent to departments signed by the supervisor or head of the internal audit service.

The bank's structural divisions are required to fulfill these requests within the time limits established by the internal audit service. Bank branches send information (documents) regarding their affiliation to the divisions of the Central Office that supervise these areas of banking activity. The information received from the branches is analyzed and checked by responsible executives of the relevant divisions of the Central Office for its compliance with balance sheet data, reporting (and other requirements) and deadlines submitted to the internal audit service. The bank's structural divisions provide the requested information to in electronic format, and if necessary - with subsequent confirmation of it on on paper signed by the head or his deputy.

Verified and properly compiled information received from the bank's structural divisions is presented by the internal audit service to applicants in accordance with their requests. Heads of the bank's structural divisions are responsible for the accuracy, completeness and timeliness of providing information.

All structural divisions of the bank must coordinate plans for conducting inspections with the internal audit service and submit materials of the conducted inspections of the bank’s structural divisions (except for materials of subsequent control inspections) no later than 5 days from the date of their execution.

If there are deficiencies and violations in the materials of inspections conducted by external regulatory bodies, copies of these materials are sent to the internal audit service. The curator and the head of the internal audit service must be notified immediately of the facts of application of financial sanctions to the bank by external regulatory bodies.

In preparation for approval by the bank's management bodies, all local regulatory legal acts of the bank undergo an approval procedure with the internal audit service. In accordance with the principles of independence, the internal audit service does not participate in the development of local acts of the bank (except for those regulating the process of organizing internal audit).

After approval by the bank’s collegial body, a copy of the bank’s local regulatory legal act must be submitted to the bank’s internal audit service.

Employees of all divisions of the bank must provide assistance to the specialists of the internal audit service in the implementation of their direct official duties.

The internal control system in the bank performs a protective function. Its task is to minimize external and internal risks and ensure such a procedure for conducting banking operations and transactions that contributes to the achievement of set goals while complying with the requirements of legislation, regulations of the Bank of Russia, as well as internal procedures, standards and rules.

The legal field of the internal control service is determined by the regulation of the Bank of Russia “On the organization of internal control in banks” dated August 28, 1997 No. 509. Direct actions aimed at minimizing the bank’s risks are determined by a number of instructive acts, such as, for example, the Bank of Russia Directive dated July 7 . 1999 No. 603-U “On the procedure for implementing internal control over the compliance of activities in financial markets in credit organizations", Resolution of the Federal Commission for the Securities Market dated July 19, 2001. No. 16 “On approval of the Regulations on internal control professional participant securities market", rule (standards) of auditing activities "Study and assessment of accounting and internal control systems during the audit" (approved by the commission on auditing activities under the President of the Russian Federation dated December 25, 1996, protocol No. 6) and a number of other acts .

IN organizational basis The internal control system contains principles that ensure the continuous operation of control mechanisms and functions in all areas of banking activities and decision-making levels. These include, in particular, the principles:

  • separation of duties;
  • continuity;
  • objectivity and specificity;
  • objectivity;
  • inclusiveness and diversity;
  • information sufficiency for decision-making and restriction of access to information not related to the conduct of a specific operation and/or
    exceeding the limit of functional necessity within the scope of job duties;
  • use various types control depending on the functional affiliation of the objects of control, the current need and the complexity of the tasks.

The efforts of the internal control service (based on the general situation and the creation of a high-tech bank in the future) are aimed mainly at controlling:

  • for the creation of a single technological structure conducting all operations and customer service;
  • for creating compliance of the technological structure, formalized in the form of regulations, orders, instructions, methods, procedures, with the actual practice of the bank;
  • for adequate bank accounting, as well as the creation and effective functioning, within the framework of a single technological structure, of mechanisms for subsequent control over banking operations;
  • for compliance of internal regulations, orders, instructions, methods, procedures with external legislation.

To build a unified technological structure in a bank, a number of problems must be solved.

  1. Develop (together with other divisions of the bank) unified and standardized rules and algorithms for the creation (formalization) of internal regulations, orders, instructions, methods, procedures, as well as their implementation, application, change (correction) and cancellation.
  2. Monitor the unification and standardization of internal regulations and methodological acts.
  3. Monitor the adaptability of internal regulations to a rapidly changing external environment.
  4. Formalize all processes of the bank's activities.
  5. Monitor the continuity of technological chains of the bank’s activities.

When talking about control, you should clearly understand its types. As a rule, this is administrative and financial control. Administrative control consists of checking the compliance of operations and transactions with the authorities officials, defined by bank regulations and procedures for making and implementing decisions. As a result of financial control, the compliance of ongoing operations and transactions with the bank’s policies set out in regulations, their adequate accounting and reporting is verified. It is important that both administrative and financial control determine the effectiveness of the bank’s risk management system and the measures taken to identify and minimize risks.

So, the goals and functions of the internal control service are clear. However, the question arises: what is the functional difference between the internal control function and the units involved in internal audit? After all, functionally, such divisions also exercise internal control over the bank’s activities.
To answer this, it is necessary to clearly distinguish between the concepts of “internal control system” and “internal control service”. The first covers all types of operations and all hierarchical levels of the bank's work, and the second controls the work of the first.

Considering the bank as a kind of production (which also includes divisions that perform control functions, is their production), we can say that internal audit is a unit that performs production functions. At the same time, the internal control service performs both production and organizational functions (creating control mechanisms).

The structural organization of the internal control service can be carried out in two ways.

First. The internal control service includes an internal control unit, internal audit, a risk management unit, as well as a number of other analytical and control units of the bank. In fact, we are talking about a multifunctional department that should cover various aspects of the bank's activities.

Second. The internal control service is created as a separate structural unit of the bank, interacting with other control units. With this option, the internal control service must be endowed with appropriate powers and rights.
The choice of a structural organization primarily depends on the characteristics of the bank, the availability of appropriate resources, and established business practices.

Internal control in the bank.

A number of problems may arise in the activities of the internal control service in connection with the established regulatory framework of the Bank of Russia. For example, international practice exercise of control presupposes the presence of compliance control in all areas of the bank’s activities. In principle, compliance controllers conduct inspections in all areas of banking activities. However, in Russian banking system regulatory compliance control (the activities of the compliance controller) is regulated only in the bank’s work in the financial market (Instruction of the Bank of Russia dated July 7, 1999 No. 603-U). It seems that it would be more logical to cancel this Directive, but to supplement Regulation No. 509, expanding the functions of the internal control service by implementing compliance control over the entire set of bank operations.

A few words on the draft Code of Corporate Conduct developed by the Federal Securities Commission and issues of internal control.

Assessing the state of corporate governance requires a special multidimensional system for assessing the activities of the subject of management. In this regard important occupied by the system of internal control over the financial and economic activities of the entity. The draft Code provides for the creation of a special body - the control and audit service - responsible for conducting daily internal control. However, its main task, according to the project, is audit support of the subject. In our opinion, this body must first of all create an internal control mechanism that can most effectively ensure the reliability of the activities of the subject of management. And within the framework of this mechanism, the internal audit system should function as an integral, but not the only part of the internal control system.

The draft Code very superficially describes the functions of the control and audit service, the principles of interaction of this body with other divisions of the entity, as well as with external auditors. The functions of the audit commission are not sufficiently developed in new edition Law "On joint stock companies", which came into force on January 1, 2002. Therefore, the regulation of the Bank of Russia "On the organization of internal control in banks" No. 509, in our opinion, more fully reveals the tasks and functions of the service organizing internal control, compared to Chapter. 8 “Control over the financial and economic activities of the company” of the draft Code. This concerns, in particular, the absence of such functions of the control and audit service as monitoring the compliance of the subject’s activities with the legislation of the Russian Federation, the creation of technology for controlling business processes, increasing its efficiency, the possibility of laundering proceeds from crime, as well as functions within preliminary, current and subsequent control. The developers of the draft Code did not take into account Bank of Russia Regulation No. 509, which is based on international principles for organizing internal control and recommendations of the Basel Committee. As a suggestion, we can recommend that the authors of the draft adapt some aspects of Regulation No. 509 for Ch. 8 of the draft Code.

Internal control over the bank's branch network.

Operations of branches are carried out within the limits and restrictions established by the parent organization. In particular, the activities of the branch are limited by the regulations on branches and the general power of attorney of the manager to carry out active operations(by type of activity and counterparties), as well as the cost of funds raised and the volume of transactions performed (limits). Limits on transactions of branches of various types financial instruments are established by the collegial body of the parent organization. At the same stage, business planning of the branches' activities is carried out. In the future, monitoring of the progress of the branches’ implementation of business plans should be carried out on an ongoing basis. In addition, the preliminary control stage involves mandatory coordination with the interested divisions of the bank of all developed regulations that directly affect the activities of branches.

Current control over the operations of branches by the parent organization is not implemented in real time. As a result, the parent organization cannot quickly (during the operation) monitor such violations as exceeding limits on individual species operations and the conduct by branches of transactions and operations not permitted by the parent organization.

Most violations are usually detected during follow-up monitoring. This is control of accounting and operational work, including cash register. It is carried out by the employees of the branch divisions themselves on the basis of Part 3 of the Accounting Rules No. 61 in two directions: complete control over the correctness of the reflection of all transactions made during trading day transactions in accounting registers and checking the work of employees based on quarterly plans. At the same time, based on the results of inspections, branches send certificates to the internal control service. These are audits of the activities of branches, which are carried out by the internal audit unit, including verification of the elimination of deficiencies identified by previous audits. One time in reporting year Internal audit units must conduct comprehensive audits of branches.

In addition, during subsequent control, all acts of inspections of the activities of branches by authorities are taken into account state control(territorial branches of the Bank of Russia, State Tax Service, funds), copies of which branches are required to send to the internal control service.

In addition to the above, it is desirable to have in the branches of the internal control group subsidiaries of the internal control service, whose task includes regular thematic inspections of the branches’ activities, as well as, at the stage of preliminary control, participation in the coordination of internal regulations of the branches. The reports of these groups are sent to the internal control service of the parent organization.

If a branch operates on a self-supporting basis, then control over its activities by the parent organization should be more strict. It should cover the execution by branches of limits on transactions, counterparties and financial instruments, balance sheet accounting (its compliance with actually completed transactions and payments, i.e. compliance with synthetic and analytical accounting data, as well as accounting (compliance with the requirements of the Central Bank of the Russian Federation and other regulatory government organs).

In order to minimize risks, limits are established on all unsecured transactions of a bank branch with counterparties: on unsecured transactions in the financial market, when lending corporate clients, for conducting transactions with financial instruments (bills, bonds, etc.), for issuing guarantees, sureties and trust servicing of client funds, as well as individual limits for authorized persons of branches. Branch internal control services must carry out subsequent supervision over the implementation of limit discipline, and
also for the correct and effective action current control mechanisms in this area.

The internal control service of the bank’s parent organization must organize interaction with territorial internal control units and develop internal regulations regulating the order of such interaction. It is necessary that territorial internal control groups be independent of the branch management. This will eliminate the possibility of influence of the branch management on their activities; however, the above also applies to the internal control service of the parent organization. It is desirable that she have the opportunity to “access” the bank’s Supervisory Board.

A separate problem is the organization of control over separate structural divisions of bank branches (additional offices and operational cash desks outside the cash desk). This is the prerogative of branch managers. At the same time, managers are guided by the provisions of regulations governing the procedure for carrying out operations in various areas of banking activities and organizing control over their implementation, as well as internal documents, taking into account the specifics of a particular branch in relation to the activities of separate structural divisions. All procedures described in these documents must meet the requirements of Part 3 of the Accounting Rules for Credit Institutions located on the territory of the Russian Federation, No. 61 dated June 18, 1997.

Control over the activities of separate structural divisions of branches should be carried out both by employees of these divisions. and on the part of the branch by employees of territorial divisions of the internal control service.

In separate structural divisions of branches, subsequent control of accounting and operational work, including cash, should also be carried out, providing for regular checks by employees of accounting and operational departments of the activities of other employees. It is carried out by employees of the divisions of the internal control service of branches, and in the absence of such in branches - by employees of branches - in the areas of their activity.

In the latter case, certain difficulties arise due to the likelihood, on the one hand, of a biased assessment, and on the other - possible errors due to increased employee employment.

Current control is carried out by the heads of separate structural divisions, as well as the heads of specialized departments during banking operations. At the same time, the main problem of organizing effective control is the unclear division of functions and the inability to minimize the risk of a conflict of interest due to a shortage of personnel in a separate structural unit.

Internal control at the stage strategic planning and forecasting.

Strategic planning and forecasting are also the field of activity of the internal control service.
The main object of the internal control system at this stage is the state of internal bank analytical work: taking into account the impact on the effectiveness of the current and promising development a bank of possible changes in the macroenvironment, external risks (political, country, regional, industry, etc.).

At the stage of preliminary control, supervision is carried out over the completeness, composition and timeliness of updating the source databases, on the basis of which the analytical and functional divisions of the bank carry out a prospective assessment and forecast of the situation. The subject of preliminary control is also the existing procedure for promptly and systematically informing the bank’s governing bodies about the conclusions and proposals of analytical services on the current situation, about forecasts for the development of the situation in the relevant market segments and in the economy as a whole, in the field of regulatory support for banking activities.

To this end, comprehensive and thematic inspections of these units are carried out to ensure the availability of the necessary tools, procedures and technical means to conduct an adequate analysis and bring it to the attention of responsible persons involved in the preparation and adoption of relevant decisions.

Current control requires periodic checks of the fulfillment of tasks of analysis and forecasting of the situation and timely notification of the bank's governing bodies.

In the process of current control, the system for monitoring the competitiveness of the quality and cost of products offered by the bank is checked in the functional divisions of the bank. In addition, the timeliness of the response of these divisions to the actions of competitors, as well as to changes in economic conditions in the non-financial sector, is assessed.

Subsequent control comes down to comparative analysis conclusions and recommendations of analytical units and real development situation, resulting in an appropriate assessment.

A separate function of the internal control service is participation in the coordination of internal bank regulations and procedures with interested divisions of the bank. this work precedes preliminary control, since it determines the algorithm of employee actions and control mechanisms designed to prevent violations in these actions.

At the same time, the internal control service should pay attention to the sufficiency of such control mechanisms. It is clear that all internal bank regulations must be checked for compliance with the regulations of the legislation of Russia, the Central Bank and international acts and documents.

In conclusion, I would like to note that the result of the functioning of the bank’s internal control system should be the organization of continuous and constant control over banking and administrative and economic activities. The list of the above problems that arise during such an organization is far from complete. For example, the problems of corporate governance and the control carried out within its framework are currently not resolved for a number of reasons (lack of appropriate state legislation and experience of corporate governance in Russia, poor transparency of accounting (due to the fact that the transition to IFRS standards will take place only in 2004 d) and traditions of widespread provision of it to third parties, etc.).

A.A. ARSLANBEKOV-FEDOROV,
expert of the Internal Control Service of Vneshtorgbank, candidate economic sciences, Master of Business Administration.


Taxi Airplane Calling a taxi? Today this is not a problem! Thanks to the well-established service of the Airplane Taxi company, you can call a taxi in Lyubertsy, microdistrict. Krasnaya Gorka, Lyubertsy 2015-2016, Tomilino, Lytkarino, Nekrasovka, Kozhukhovo, Zhulebino and other surrounding areas at any time of the day - simply and quickly.

Share