Skip to content

Handling Returned Mail & Security Issues

Answered by: 

Question: 
Our auditors recently recommended that we have someone who does not have transaction posting authority handle our returned mail which is mostly statements. We understand the risk, but we're a small institution and feel that this is one step too far in managing it. Some type of management audits would seem to be sufficient. Any thoughts?
Answer: 

Whenever considering adding a control -- whether it's segregation of duties as suggested by your audit report, or augmented audit coverage, management must weigh the risk involved and the costs of controlling those risks.

Audit recommendations are most often just that -- recommendations. Management should carefully consider whether the recommendation has merit, review the risks the recommendation is designed to address, and determine whether the recommendation, or some alternative control, is required to mitigate the risk. Then management should advise the auditor of its decision and continue monitoring the situation to ensure that risks are appropriately addressed.

First published on BankersOnline.com 8/18/03

First published on 08/18/2003

Filed under: 
Filed under security as: 

Search Topics