and Capital-Markets Activities Manual > This page
Capital-Markets Activities Manual
Activities: Operations and System Risk (Back-Office Operations)
Source: Federal Reserve System
(The complete Activities
Manual (pdf format) can be downloaded from the Federal Reserve's web
Operational risks managed outside of the
dealing room are potentially more costly than those managed inside the
dealing room. While the function of dealers in the front office is primarily
to transact and manage positions, the processing of transactions, recording
of contracts in the accounting system, and reconciliations and procedures
required to avoid errors are functions that must take place outside the
dealing room. In conducting these functions, the back office provides
the necessary checks to prevent unauthorized trading.
Back office, for the purposes of this manual, may represent a single department
or multiple units (such as financial control, risk management, accounting,
or securities custody), depending on the organizational structure of the
financial institution. Some institutions have combined some of the responsibilities
usually found in the back office into a middle-office function, which
is also independent of dealing activities.
Close cooperation must exist between the dealing room and the back office
to prevent costly mistakes. An understanding of each role and function
is important. While their priorities are different, both functions work
toward the same goal of proper processing, control, and recording of contracts,
which is essential to the success of a trading department.
The back office serves several vital functions. It records and confirms
trades transacted by the front office and provides the internal control
mechanism of segregation of duties. The checks and balances provided by
the back-office function help management supervise the trading activities
conducted by the front office. A properly functioning back office will
help ensure the integrity of the financial institution and minimize operations,
settlement, and legal risks.
Segregation of front- and back-office duties minimizes legal violations,
such as fraud or embezzlement, or violation of regulations. Operational
integrity is maintained through the independent processing of trades,
trade confirmations, and settlements. The goal is to avoid potentially
costly mistakes such as incorrectly recorded or unrecorded contracts.
The back office also is responsible for the reconcilement of positions
and broker statements and may monitor broker relationships with the financial
institution. The back-office staff provides an independent assessment
of price quotes used for the revaluation process that leads to the maintenance
of the subsidiary ledgers and the general ledger. Another crucial function
of the back office is accepting or releasing securities, commodities,
and payments on trades, as well as identifying possible mistakes. Clearly,
trading personnel need to be separate from control of receipts, disbursements,
and custody functions to minimize the potential for manipulation. Regulatory
reports and management accounting may also be the responsibility of the
Management responsibilities performed by the back office vary by institution.
The evaluation of transaction exposure against established market, liquidity,
or credit limits may be performed by back-office staff or by a separate
risk-management function, independent of front office traders and marketers.
Risk-management reporting may also be performed by back-office staff.
Legal documentation, while initiated by internal or external counsel,
may be followed up (chased) by back-office staff.
The links between front- and back-office operations may range from totally
manual to fully computerized systems in which the functions are directly
linked. The complexity of linking systems should be related to the volume
and complexity of capital-markets and trading activities undertaken. Manual
operations are subject to error. However, management should not have a
false sense of security with automated systems. Changes in programming
codes installed through the maintenance process, new financial structures,
and improper use of software may lead to computational and processing
errors. Regardless of the operational process in place, the back-office
functions should be subject to comprehensive audit.
Operational risk is the risk that deficiencies in information systems
or internal controls will result in unexpected loss. Although operational
risk is difficult to quantify, it can be evaluated by examining a series
of plausible worst-case or what-if scenarios, such as a power loss, doubling
of transaction volume, or a mistake found in the pricing software. It
can also be assessed through periodic reviews of procedures, data processing
systems, contingency plans, and other operating practices. These reviews
may help reduce the likelihood of errors and breakdown in controls, improve
the control of risk and the effectiveness of the limit system, and prevent
unsound marketing practices and premature adoption of new products or
lines of business. Considering the extent that capital-markets activities
rely on computerized systems, financial institutions should have plans
that take into account potential problems with their normal processing
Financial institutions should also ensure that trades that are consummated
orally are con-firmed as soon as possible. Oral transactions conducted
via telephone should be recorded and subsequently supported by written
or printed documents. Examiners should ensure that the institution monitors
the consistency between the terms of transactions as they were orally
agreed on and as they were subsequently confirmed.
Examiners should also consider the extent to which financial institutions
evaluate and control operating risks through the use of internal audits,
stress testing, contingency planning, and other managerial and analytical
techniques. Financial institutions should have approved policies that
specify documentation requirements for capital-markets activities as well
as formal procedures for saving and safeguarding important documents.
All policies and procedures should be consistent with legal requirements
and internal policies.
Management is responsible for minimizing
the risks inherent in executing financial contracts. Policies and procedures
should be established covering organizational structure, segregation of
duties, operating and accounting system controls, and comprehensive management
reporting. Formal written procedures should be in place for purchases
and sales, processing, accounting, clearance, and safekeeping activities
relating to financial contracts transactions. In general, these procedures
should be designed to ensure that all financial contracts are properly
recorded and that senior management is aware of the exposure and gains
or losses resulting from these activities. Desirable controls include-
• written documentation indicating the range of permissible products,
trading authorities, and permissible counterparties;
• written position limits for each type of contract or risk type
established by the board of directors;
• a market-risk-management system to monitor the organization's
exposure to market risk, and written procedures for authorizing trades
and excesses of those limits;
• a credit-risk-management system to monitor the organization's
exposure with customers and broker-dealers;
• separation of duties and supervision to ensure that persons executing
transactions are not involved in approving the accounting methodology
or entries (Persons executing transactions should not have authority to
sign incoming or outgoing confirmations or contracts, reconcile records,
clear transactions, or control the disbursement of margin payments.);
• a clearly defined flow of order tickets and confirmations (The
flow of order tickets and confirmations should be designed to verify accuracy
and enable reconciliations throughout the system and to enable the reconcilement
of traders' position reports to those positions maintained by an operating
• procedures for promptly resolving failures to receive or deliver
securities on the date securities are settled;
• procedures for someone other than the person who executed the
contract to resolve customer complaints;
• procedures for verifying brokers' reports of margin deposits
and contract positions and for reconciling such reports to records; and
• guidelines for the appropriate behavior of dealing and control
staff and for the selection and training of competent personnel to follow
written policies and guidelines.
Once a transaction has been initiated by
the front office, the primary responsibility for processing trades rests
with various back-office personnel. Back-office staff process all payments
and delivery or receipt of securities, commodities, and written contracts.
Additionally, the back office is responsible for verifying the amounts
and direction of payments which are made under a range of netting agreements.
After sending the trade tickets to the back office, the traders are removed
from the rest of the processing, except to check their daily positions
against the records developed separately by the back office and to verify
any periodic reports it prepared. After receipt of the trade ticket from
the front office, back-office personnel verify the accuracy of the trade
ticket, and any missing information is obtained and recorded. A confirming
communication will be sent to the counterparty, who, in turn, will respond
with an acceptance communication. The acceptance communication will either
confirm the trade or identify discrepancies for resolution. The trade
is then ready to be processed.
Trade processing involves entering the trade agreement on the correct
form or into an automated system. When the front office has already performed
this function, verification of transaction data should be performed. The
copy of the trade agreement to be sent to the counterparty is once more
checked against the original ticket, and the trade agreement is transmitted.
Other copies of the trade agreement will be used for all bookkeeping entries
and settlement during the life of the agreement. For instance, all contingent
liability, general ledger, and sub-ledger entries will be supported by
copies of the trade agreement, with the relevant entry highlighted on
the copy. Likewise, at maturity of an agreement, payment or receipt orders
will be initiated by the relevant trade-agreement copies.
After the trades are recorded on the institution's books, they will be
periodically re-valued. Over time, trades will mature or be sold, unwound,
exercised, or expire as worthless, depending on circumstances and instruments.
Subsequently, these transactions will be removed from the books of the
institution, and related deferred accounts will pass through the accounting
Financial institutions active in global markets may permit some traders
to transact business after normal business hours. This activity should
be well defined in the institution's policies and procedures manual, in
which trading instruments should be listed and possible counterparties
defined. Supervisory responsibility of after hours and off-premises trading
and the authorities for traders should be delineated.
A policy should be in place for off-market transactions, and the organization
should review trading activity to determine if off-market rates are used.
Justification for off-market transactions should be registered in a log
by the back office. Frequent use of off-market rates may reflect the extension
of credit to a counterparty and should be the subject of further examiner
Examiners should determine whether systems and processes enable audit
and control staff to adequately monitor dealing activity. Time stamping
transactions at the time of execution will enable an institution to validate
intraday dealing prices and reconstruct trading activity. Moreover, time-stamp
sequences of the trade tickets should closely, if not exactly, match the
serial order for a particular trader or dealer.
It is appropriate to evaluate whether an institution's automated systems
provide adequate support for its dealing and processing functions. Systems
that have increased dealing volumes should be examined for downtime, capacity
constraints, and error rates for transaction throughput. Further, institutions
that deal in complex derivative products should have automated systems
commensurate with the analytical and processing tasks required.
Whenever trading transactions are agreed upon, a confirmation is
sent to the counterparty to the agreement. A confirmation is the record
of the terms of a transaction sent out by each party, before the actual
settlement of the transaction itself. The confirmation contains the exact
details of the transaction and thus serves legal, practical, and antifraud
purposes. The confirmation can be generated manually or automatically
by an on-line computer trading system.
The back office should initiate, follow up, and control counterparty confirmations.
Usually, an incoming confirmation from the counterparty can be compared
with a copy of the outgoing confirmation. If an incoming confirmation
is not expected or if the transaction is carried out with commercial customers
and individuals, it is wise to send confirmations in duplicate and request
a return copy signed or authenticated by the other party.
When a financial institution deals in faster paced markets, such as foreign
exchange, or in instruments which have very short settlement periods,
trade validation may be performed through taped telephone conversations
before the exchange, with corroboration of a written or electronically
dispatched confirmation. The use of taped phone conversations can help
reduce the number and size of discrepancies and is a useful complement
to (as opposed to a substitute for) the process of sending out and verifying
confirmations. At a minimum, institutions should retain the past 90 days
of taped phone conversations, but this time frame may need to be expanded
depending on the volume and term of instruments traded. It is poor practice
to rely solely on telephone verifications because of their ineffectiveness
in litigation in some jurisdictions. Additionally, certain jurisdictions
only recognize physical confirmations.
An institution dealing in global markets should ensure the adequacy of
its confirmations through legal study of the regulations specific to the
foreign locales of its counterparties. In all trading markets, the confirmation
should provide a final safeguard against dealing errors or fraud.
All confirmations should be sent to the attention of a department at the
counterparty institution which is independent of the trading room. Incoming
information should be compared in detail with the outgoing confirmation,
and any discrepancies should be carefully appraised. If the discrepancy
is significant, it should be investigated independently. If the discrepancy
is small, a copy of the confirmation may be given to the trader for clarification
with the counterparty, since the trader will probably have daily contact
with the other party. Most importantly, the department should follow up
on all these discrepancies and ensure that new confirmations are obtained
for any agreed-on changes in terms.
A strictly controlled confirmation process helps to prevent fraudulent
trades. For example, in a fraudulent deal, a trader could enter into a
contract, mail out the original of a confirmation, and then destroy all
copies. This technique would enable a trader to build up positions without
the knowledge of the financial institution's management. If the incoming
confirmation is directed to the trader, it could be destroyed as well,
and nobody would ever know about the position. The trader, when closing
this position, would make up a ticket for the originally destroyed contract
and pass it on together with the offsetting contract so that the position
is square again. Receipt and verification of the incoming confirmation
by an independent department would immediately uncover this type of fraudulent
activity. An additional protection is the use of serially numbered manifold
forms for confirmations, with an exact accounting of and comprehensive
explanation for any forms not used.
After an outright or contingent purchase or sale has been made, the transaction
must be cleared and settled through back-office interaction with the clearing
agent. On the date of settlement (value date), payments or instruments
are exchanged and general-ledger entries are updated. Depending on the
nature of the deal, currency instruments will be received, paid, or both.
The process of paying and receiving must be handled carefully because
errors can be extremely costly. When all the proper information is recorded,
contracts are placed in ''dead files.''
Settlement is completed when the buyer (or the buyer's agent) has received
the securities or products, and the seller has been paid. Brokers may
assign these tasks to a separate organization, such as a clearinghouse,
but remain responsible to their customers for ensuring that the transactions
are handled properly. They are also responsible for maintaining accurate
Examiners should review the various methods of settlement for the range
of products covered and note any exceptions to commonly accepted practices.
Unsettled items should be monitored closely by the institution. The handling
of problems is always a delicate matter, especially when the cost is considerable.
Anything more than a routine situation should be brought to the attention
of the chief dealer and a senior officer in the back office. Further action
should be handled by management.
Losses may be incurred if a counterparty fails to make delivery. In some
cases, the clearinghouse and broker may be liable for any problems that
occur in completing the transaction. Settlement risk should be controlled
through the continuous monitoring of movement of the institution's money
and securities and by the establishment of counterparty limits by the
credit department. A maximum settlement-risk limit should be established
for each counterparty.
Two control steps are involved when making foreign payments. The first
step is internal; each payment should be carefully checked with the corresponding
contract to ensure the accuracy of the amount, date, and delivery instructions.
The second is checking with the dealer responsible for the currency involved
to ensure that cash-flow figures for the delivery date, excluding nostro
balances, agree with the net of all contracts maEagle Tradersg on that
If the financial institution uses more than one financial institution
abroad for the payment or receipt of a currency, the back office must
ensure that the flow of funds does not leave one account in overdraft
while another account has excessive balances; this check will avoid unnecessary
overdraft charges. The final check of flows of foreign funds is made through
the reconciliation of the foreign account. This is always a retrospective
reconciliation because of the delays in receiving the statement of account.
Some extra actions that can help prevent problems abroad or resolve them
more quickly are (1) sending details of expected receipts to the counterparty
or correspondent with a request to advise if funds are not received, (2)
asking the correspondent financial institution to advise immediately if
the account is in overdraft or if balances are above a certain level,
and (3) establishing a contact person in the correspondent bank to be
notified if problems arise.
Delivery versus payment. Many foreign securities and U.S. Treasury securities
are settled on a delivery-versus-payment basis, under which counterparties
are assured that delivery of a security from the seller to the buyer will
be completed if, and only if, the buyer pays the seller.
The back office should perform timely reconciliations in conformity with
the policies and procedures of the institution. The minimum appropriate
frequency for reconciliation will be linked to the volume and complexity
of the transactions at the financial institution. The individual responsible
for performing the reconcilement of accounts should be independent of
the person responsible for the input of transaction data.
Reconciliations should determine positions held by the front office, as
well as provide an audit trail detailing reclassified accounts for regulatory
reporting. Typical reports to be reconciled include trader position sheets
to the general ledger, general ledger to regulatory reports, broker statements
to the general ledger, and the income statement.
DISCREPANCIES AND DISPUTED TRADES
Any discrepancy in trading transactions
must be brought immediately to the attention of the appropriate operations
manager. All discrepancies should be entered into a log, which should
be reviewed regularly by a senior operations officer. The log should contain
the key financial terms of the transaction, indicate the disputed items,
and summarize the resolution. The counterparty should receive notice of
the final disposition of the trade, and an adequate audit trail of that
notice should be on file in the back office. The institution should have
clear and documented policies and procedures regarding the resolution
of disputed trades with counterparties.
Brokers' Commissions and Fees
Brokers charge a commission or fee for each transaction they perform.
The commission should not be included in the price of the transaction,
and it should be billed separately by the brokers. Checking the commissions,
initiating the payments, and reviewing brokers' statements are other functions
of the back office. To ensure the integrity of fees and commissions, brokers'
points arrangements and other trader-negotiated solutions to trade disputes
should be avoided.
Revaluation is the process by which financial
institutions update or ''mark to market'' the value of their trading-product
portfolios. Guidelines for the formal revaluation should be delineated
in written policies and procedures. Weak policies and procedures increase
the potential for fraud and raise doubt about the integrity of trading
profits and a firm's ability to evaluate risk. A common deficiency of
revaluation procedures is the improper segregation of duties between traders
and control personnel, including a disproportionate dependence on trader
input and the lack of independent verification of pricing parameters.
In addition, the use of inconsistent pricing assumptions and methodologies
between the trading desk and back office can lead to incorrect financial
reporting and evaluations of market risk.
The determination of current market value is both an intraday activity
performed by traders to monitor their position as well as a daily activity
performed by control staff to determine the impact on earnings. Discrepancies
between trader input and independent market rates should be resolved and
documented. Procedures should be established for maintaining a discrepancy
log containing the reason for the discrepancy and the profit-and-loss
impact. Significant discrepancies should be reported to senior management.
Sufficient information regarding the periodic revaluation and resolution
of discrepancies should be documented and maintained. In addition, any
adjustments to the general ledger due to changes in revaluation estimates
should be clearly recorded and reported to management.
The revaluation process is transparent for securities, futures, and other
instruments that are traded on organized exchanges. Published prices from
exchanges provide an objective check against the price provided by traders,
although liquidity considerations make evaluating quoted prices more complex.
A secondary comfort level for exchange-traded products is the margin call
in which a position is evaluated at the posted end-of-day price. Prices
of actively traded over-the-counter (OTC) products available from electronic
wire services provide a similar check against trader prices for these
However, with less actively traded products, especially exotic OTC-traded
derivatives and options, the revaluation process is more complex. The
pricing of illiquid instruments has a greater potential for error or abuse
because valuation is more subjective. For example, options that are tailored
for customer requirements may have no two-way market, yet still must be
evaluated at current market value. While various pricing models exist,
all depend on critical assumptions and estimates used to calculate the
probable price. Errors can arise from incorrect estimates or manipulation
of variables and assumptions. One particular vulnerability concerns the
observed volatility of options. See section 2010.1, ''Market Risk,'' for
a discussion of problems that can arise with measuring volatilities.
The mark-to-market methodology for risk management may be calculated on
the same basis as the controller's income-recognition method. Some financial
institutions use equivalency formulas that convert gross exposures to
standard measures based on the price sensitivity of benchmark securities.
In this regard, the revaluation process serves as a starting point for
risk assessment of capital-markets products. The assessment of exposures
by risk management, however, should never be less conservative than assessment
by actual market levels.
The recording of outstanding transactions
allows verification of dealer positions, risk control, and recording of
profit and loss. Each institution should follow guidelines established
by industry practice or the applicable governing bodies, including-
• generally accepted accounting principles (GAAP)
• regulatory accepted principles (RAP)
• Federal Reserve Board policy statements
• Federal Financial Institutions Examination Council statements
For further discussion, see sections 2120.1, ''Accounting,'' and 2130.1,
MANAGEMENT INFORMATION REPORTS
Management information reports are prepared
by the back office and trader-support areas to enable management and trading
personnel to assess the trading position, risk positions, profit and loss,
operational efficiency, settlement costs, and volume monitoring of the
institution. For further discussion, see section 2040.1, ''Management
DOCUMENTATION AND RECORDKEEPING
Accurate recording of transactions by back
office personnel is crucial to minimizing the risk of loss from contractual
disputes. Poor documentation can lead to unenforceable transactions. Similarly,
poor recordkeeping can render audit trails ineffective, and can result
in a qualified or adverse opinion by the public accountant, a violation
of Federal Reserve Board policy, or loss due to fraud.
An institution should keep confirmations summarizing the specific terms
of each trade. Additionally, master agreements should be kept on premises
or a copy should be available locally for examiner reference. For further
discussion on master agreements, see section 2070.1, ''Legal Risk.''
The scope and frequency of an institution's
audit program should be designed to review its internal control procedures
and verify that controls are, in fact, being followed. Any weaknesses
in internal control procedures should be reported to management, along
with recommendations for corrective action.
Audits of capital-markets and trading products provide an indication of
the internal control weaknesses of the financial institution. The audit
function should have a risk-assessment map of the capital-markets and
trading function that identifies important risk points for the institution.
For back-office operations, the risk assessment may highlight manual processes,
complex automated computations, independent revaluation, key reconciliations,
approval processes, and required investigations or staff inquiries. Examiners
should review a sample of internal auditors' work papers and findings
to determine their adequacy. The institution's management should review
responses to internal audit findings. Appropriate follow-up by auditors
should be in evidence to ensure that deficiencies are, in fact, remedied.
Assuming that examiners are comfortable with the quality of an internal
audit, they should use audit findings from internal and external auditors
as a starting point to evaluate the internal controls of the institution.
SOUND PRACTICES FOR BACK-OFFICE OPERATIONS
Capital-markets and trading operations vary
significantly among financial institutions, depending on the size of the
trading operation, trading and management expertise, organizational structure,
sophistication of computer systems, institution's focus and strategy,
historical and expected income, past problems and losses, risks, and types
and sophistication of the trading products and activities. As a result,
practices, policies, and procedures expected in one institution may not
be necessary in another. The adequacy of internal controls requires sound
judgment on the part of the examiner. The following is a list of sound
back-office operations to check for.
• Every organization should have comprehensive policies and procedures
in place that describe the full range of capital-markets and trading activities
performed. These documents, typically organized into manuals, should at
a minimum include front- and backoffice operations; reconciliation guidelines
and frequency; revaluation guidelines; accounting guidelines; descriptions
of accounts; broker policies; a code of ethics; and the risk-measurement
and risk-management methods, including the limit structure.
• For every institution, existing policies and procedures should
ensure the segregation of duties between trading, control, and payment
• The revaluation of positions may be conducted by traders to monitor
positions, by controllers to record periodic profit and loss, and by risk
managers who seek to estimate risk under various market conditions. The
frequency of revaluation should be driven by the level of an institution's
trading activity. Trading operations with high levels of activity should
perform daily revaluation. Every institution should conduct revaluation
for profit and loss at least monthly; the accounting revaluation should
apply rates and prices from sources independent of trader input.
• The organization should have an efficient confirmation-matching
process that is fully independent from the dealing function. Documentation
should be completed and exchanged as close to completion of a transaction
• Computer hardware and software applications must have the capacity
to accommodate the current and projected level of trading activity. Appropriate
disaster-recovery plans should be tested regularly.
• Auditors should review trade integrity and monitoring on a schedule
that conforms with the institution's appropriate operational-risk designation.
• Every institution should have a methodology to identify and justify
any off-market transactions.
• A clear institutional policy should exist concerning personal
trading. If permitted at all, procedures should be established to avoid
even the appearance of conflicts of interest.
• Every institution should ensure that the management of after-hours
and off-premises trading, if permitted at all, is well documented so that
transactions are not omitted from the automated blotter or the bank's
• Every institution should ensure that staff is both aware of and
complies with internal policies governing the trader-broker relationship.
• Every institution that uses brokers should monitor the patterns
of broker usage, be alert to possible undue concentrations of business,
and review the short list of approved brokers at least annually.
• Every institution that uses brokers should establish a firm policy
to minimize name substitutions of brokered transactions. All transactions
should be clearly designated as switches, and relevant credit authorities
should be involved.
• Every institution that uses brokers for foreign exchange transactions
should establish a clear statement forbidding lending or borrowing broker's
points as a method to resolve discrepancies.
• Every organization should have explicit compensation policies
to resolve disputed trades for all traded products. Under no circumstances
should soft-dollar or off-the-books compensation be permitted for dispute
• Every institution should have ''know-your-customer'' policies,
which should be understood and acknowledged by trading and sales staff.
• In organizations that have customers who trade on margin, procedures
for collateral valuation and segregated custody accounts should be established.
• The designated compliance officer should perform a review of
trading practices annually. In institutions with a high level of activity,
interim reviews may be warranted.
Operations and Systems Risk
1. To determine whether the policies, procedures, practices, and internal
systems and controls for back-office operations are adequate and effective
for the range of capital-markets products used by the financial institution.
2. To determine whether trade-processing personnel are operating in conformance
with established policies and procedures.
3. To determine whether the financial institution adequately segregates
the duties of personnel engaged in the front office from those involved
in the back-office control function (operations, revaluation, accounting,
risk management, and financial reporting).
4. To evaluate the adequacy of supervision of the trade-processing operation.
5. To evaluate the sophistication and capability of computer systems and
software for the operation and control function.
6. To assess the adequacy of confirmation procedures.
7. To assess the adequacy of settlement procedures.
8. To evaluate the adequacy and timeliness of the reconciliation procedures
of outstanding trades, positions, and earnings with the front office and
the general ledger.
9. To evaluate the process for resolving discrepancies.
10. To evaluate the process for resolving disputed trades with customers
11. To determine the reasonableness of brokers' fees and commissions.
12. To evaluate the effectiveness of and controls on the revaluation process.
13. To review the accounting treatment, reporting, and control of deals
for adherence to generally accepted accounting principles and the institution's
internal chart of accounts and procedures.
14. To review adherence to regulatory reporting instructions.
15. To evaluate the adequacy of management information reporting systems
on trading activities.
16. To evaluate the adequacy of documentation and other requirements necessary
to accurately record trading activity, such as signed agreements, dealer
tickets, and confirmations.
17. To evaluate the adequacy of audits of capital-markets and trading
18. To recommend corrective action when
policies, procedures, practices, internal controls, or management information
systems are found to be deficient, or when violations of laws, rulings,
or regulations have been noted.
Operations and Systems Risk
These procedures represent a list of processes and activities that may
be reviewed during a full-scope examination. The examiner-in-charge will
establish the general scope of examination and work with the examination
staff to tailor specific areas for review as circumstances warrant. As
part of this process, the examiner reviewing a function or product will
analyze and evaluate internal-audit comments and previous examination
work-papers to assist in designing the scope of examination. In addition,
after a general review of a particular area to be examined, the examiner
should use these procedures, to the extent they are applicable, for further
guidance. Ultimately, it is the seasoned judgment of the examiner and
the examiner-in-charge as to which procedures are warranted in examining
any particular activity.
Continue to GENERAL
Back to Activities