Click to return to BOL home page
Banker Store eCard Exchange Vendor Connect Career Connect Learning Connect Bankers Information Network
Home Compliance Lending Operations Security Marketing Technology/eBanking
Top Stories Bankers' Threads BOL Conferences CrimeDex Risk Management FREE Briefings Record Retention

   

















    Site Map

    Our Sponsors

    Home



Print Friendly! Email This Article! Discuss NOW!




Are your Internal Controls like Swiss Cheese?
Part 13
by Gene Bucciarelli, MBA CPA

"The Key is control of the key!"


Branch or Department Keys

With all the emphasis on technology and access to our customer data from the internet it is important to be reminded of some of the basics of old fashion and old economy physical security. Our branches, departments, and files have to be protected from unauthorized entry by good key control and adequate after hours premise alarm systems. Inadequate control can lead to mysterious disappearances of cash and files, destruction of property, theft of physical assets, and improper access to customer information.

Key control is an important if not a major control and security issue. Your Information Security Risk Assessment required under GLB should address this concern. Important keys such as the front door key, dual custody cabinet keys, and vault keys should be under strict control. A periodic audit is necessary. The basic elements of good key control include the following key records:

  • Master Key List
    Create a master list of all important keys. This list should include the total keys by key type or number, the total assigned to employees and the total in dual custody. Keys assigned and those in dual should agree to the total keys
  • Employee Key List
    Each employee should have a key sign out sheet that tracks that employee's keys. This enables the department to recover all keys from terminating employees.
  • Dual Custody Key List
    Keys in dual custody should be documented by key type and agree to the Master Key list.
You will notice that I speak about tracking important keys. It is not necessary in my opinion to track every key in the Bank. Many are inconsequential. Determine which are the most critical keys and track those with a vengeance.

The next important issue with keys deals with the individual control of keys. A branch manager who had the key portion of the vault key/combination entry had a habit of leaving his keys in his unlocked desk. One day when he was out on a customer call an employee with the combination half accessed his keys and stole a number of negotiable instruments. Instruct your employees to keep positive control of their keys during new hire briefings and during security training.

Once an important key is lost or missing you should immediately change that key and lock. This is especially true if your department or branch does not have an after hours premise alarm system, which many branches do not. After hours access to a branch without an alarm cannot lead to a cash loss, but there is the possibility of theft of property, malicious destruction of the premises, and access to or destruction of the network server.

A key to success in physical control is to have positive control over your keys. -----------------------------------------

Gene Bucciarelli, MBA CPA is the principal of Internal Control Systems, a community bank auditing and consulting firm. He can be reached at genebucc@aol.com and 925.828.7360.

Access the previous articles in the Swiss Cheese series

First published on BankersOnline.com 11/22/04


Home | Compliance | Lending | Operations | Security | Marketing | Technology | eBanking
BOL Archives    Privacy Policy    Important Disclaimer   Recommend This Site !   Contact Us


BankersOnline is a free service made possible by the generous support of our advertisers and sponsors. Advertisers and sponsors are not responsible for site content. Please help us keep BankersOnline FREE to all banking professionals. Support our advertisers and sponsors by clicking through to learn more about their products and services.