"The weakest link in many Internal Control Programs? Poorly planned and implemented certifications."
The certification program is a bank's major operational internal control process. This process should cover every department and branch in the bank including the holding company. Unfortunately many banks say they have a certification program but too many of them are missing enough of the elements listed below to make it effective and comprehensive. It is my personal experience that many senior and middle managers without operations backgrounds or only limited operations experience do not fully comprehend the necessity and intricacies of this process.
To establish an effective program consider the following:
Review the General Ledger, account by account, and select which accounts should be certified on a monthly or quarterly basis. GL account certification means comparing the detail support to the GL total. This account by account review should be done on a bank wide basis at least annually. This is because many GL accounts are added as time passes and the certifications are not updated. When was the last time any one at your institution did this type of account by account update?
Review significant non GL activities and decide which of these should be included in the periodic certifications. Some examples are stop payments, alarm tests, keys, and fee waivers. Non GL certification usually means ensuring that detail records are updated, certain tasks are being done, or that two different files or a file and a report agree. For example ensuring that you have all the signature cards for the safe deposit customers on your safe deposit report.
Create a certification checklist and cover sheet organized by time period in order to establish the frequency the item will be certified. (Monthly, Quarterly Semi Annually or Annually). In addition to the time frame you should determine which accounts should be done at month end, which can be done at a different time and which can be done randomly during the month. Too many institutions certify everything at month end. Better control is obtained by having a random date selected each month for all certifications. This randomness makes it more difficult for certain types of employee fraud to go undetected.
4. Organize your checklist as follows:
Acct # Name Control Total GL Total Difference Date cleared
5. Create a standard format or brief instruction as to how to certify each item. The purpose of this is to ensure that each item is certified the same way each time. I've noted that as there is turnover, how an item is certified tends to change unless the instructions or format are there and enforced. Without this feature major weakness can develop.
6. Include in your instructions or format at least the following elements:
Account name and number
Certify date
GL total
Control total
Supporting details with dates of transactions
Out of balance difference
Prepared by
Approved by
7. Ensure that personnel performing the work do not certify their own account. This would come under segregation of duties.
8. Follow up on all differences in a timely manner.
9. Send the certification package to the department manager for review and signature each month.
10. Send all certification packages to a senior level manager for review.
Can your certification program stand up to these standards? Can you afford to take the risk of not improving your certification process?
Gene Bucciarelli, CPA is the principal of Internal Control Systems, a community bank internal audit and internal control consulting firm. He is an expert witness for employee frauds. He can be reached at 925.828.7360 or via email at genebu@home.com.
BankersOnline is a free service made possible by the generous support of our
advertisers and sponsors. Advertisers and sponsors are not responsible for site content. Please help us keep BankersOnline FREE to all
banking professionals. Support our advertisers and sponsors by clicking
through to learn more about their products and services.
Print Friendly!
Email This Article!
Discuss NOW!
