Have you ever gotten the feeling you forgot something? Well, I have had that feeling for a few weeks now, and it finally hit me…I never scheduled my son’s annual checkup. I know the importance of my son’s annual checkup and the value it brings to his health now and in the future, not to mention the role annual checkups play in early detection of any health problems. But it is still hard to fit this important task into our hectic schedule.
I imagine many financial institutions experience some of my scheduling pain when it comes to an internal control risk assessment. Much like my son’s annual checkup, which is important for the value it brings to his current and future health, a financial institution’s internal control risk assessment is important in evaluating the institution’s risk environment. In addition, the assessment of those risks brings value to the financial institution’s overall growth now and in the future.
An internal control risk assessment aids in identifying the financial institution’s risks so that resources can be distributed as needed. This helps your institution spend dollars where they are needed. I know the thought of an initial risk assessment may be overwhelming at first. Telling my sons about their scheduled annual checkup, which may include a vaccination or two, is no walk in the park either, but I have learned to prepare for these inevitable tasks. I do what any good mother would do; I stuff candy in my purse for my six-year-old, and I promise dinner at his favorite pizza place to my eight-year-old.
When tackling an internal control risk assessment, you can also prepare yourself for your inevitable task. You can start by involving department heads from each area so they can help evaluate factors within their line of expertise. Inform the individuals involved that when assessing the risk of each area, honesty is the best policy. If individuals hold back on where they think the risks are, it makes it difficult to truly assess your risk in each area. Lastly, have a summary of past internal audits completed to determine the length of time since the area has been reviewed and the severity of any findings. These play a role in when and how often the area should be reviewed next. Once you are prepared, completing the risk assessment will be a smooth process. It’s the first quarter of 2017. Have you scheduled your financial institution’s internal control risk assessment?