Is it possible for a process to have appropriate controls and accurate results while being efficient at the same time? Absolutely! Not only is it possible, it is likely that an efficient process with appropriate controls will generate more accurate results.
Financial institutions have a fundamental responsibility to protect the integrity of information collected, analyzed and reported. From the data used to make lending decisions to deposits made to customer accounts to the preparation of financial statements, the accuracy of data is key to nearly every banking activity.
Internal controls are the systems, policies, procedures
, and processes that are the foundation for banks to operate in a safe and sound manner. According to the Comptroller of the Currency, Internal Control, Controller’s Handbook, dated January 2001, the objective of internal controls is to provide reasonable assurance that:
- Bank operations are efficient and effective.
- Recorded transactions are accurate.
- Financial reporting is reliable.
- Risk management systems are effective.
- The bank complies with banking laws and regulations, internal policies, and internal procedures.
It is important to notice that while efficiency and effectiveness are not specifically included in internal audits or regulatory exams, they are the first item noted as a key objective because a well-thought-out and efficient control framework will operate more effectively.
In many cases, the financial industry tends to focus on the steps needed to complete a task, such as processing a new loan or opening a new deposit account. Checks and approvals are built in to ensure the process is operating safely and in compliance with regulations. Occasionally, additional verifications are added to resolve audit or exam findings, but the entire process is rarely reviewed to identify and remove outdated or unnecessary steps. While the processes evolve with the intention of ensuring tasks are completed accurately, safely and compliantly, a considerable amount of waste is created, and even more concerning, the importance of the customer’s experience may get lost along the way.
When we look at a process from a lean perspective, an efficient process creates a system with stronger controls. The primary objectives of lean Six Sigma are to eliminate errors and reduce variations. The primary objectives of a safety and soundness control framework are really to do the same. We use the terms accurate reporting and compliance, but we ultimately need to work constantly within regulatory and internal guidelines and as error-free as possible.
To create an efficient and effective process that incorporates the appropriate controls using the lean method, a financial institution needs to gain a clear understanding of the current process. We recommend creating a team of individuals who contribute to each part of the process. The team should take time to “walk through” the process and use this information to create a value stream map or a flow chart that illustrates the process from start to finish. Once the current process is documented, the team should take a step back to get a bird’s eye view and ask the following questions:
- Does the basic structure of the process make sense to achieve the objective, or would it be more beneficial to reengineer the process?
- If the current process is fundamentally sound, are there parts that are creating errors or waste? Pay attention to parts of the process where the following tends to occur:
- Manual entry of data
- Physical movement of documents
- Back and forth movement of the process instead of advancing forward
- Points where the same data is reentered
- Unclear guidelines
- Processes are different for individuals performing the same function
- Activities that can be done on the front end of the process that can save time or resources on the back end
- Data requested/obtained/shared is more than what is needed
Once the waste is identified, the team can brainstorm strategies to create a streamlined process and create a new, desired future state. This process will typically yield some “quick fix” solutions that will improve the process. More commonly, the waste and inefficiencies are the source of errors and deviations from policies or regulatory guidelines. When that is the case, we recommend looking deeper to find the root cause. Control deficiencies and ineffective processes can often be traced back to the following systemic sources:
- Outdated or missing policies and procedures
- Insufficient training
- Underutilized technology
- Culture of apathy
- Lack of accountability
Resolving these items will require buy-in throughout the institution and an investment in time and resources. The result will be processes that are effective and efficient and support a strong control framework. The investment in this process can be significant, but the question becomes, can the institution afford not to make the investment?