Pacific Bank provides loans to businesses in the community through its Commercial Lending Department. Small loans (less than $100,000) may be approved by an individual loan officer, while larger loans (greater than $100,000) must be approved by a board of loan officers. Once a loan is approved, the funds are made available to the loan applicant under agreed-upon terms. Pacific Bank has instituted a policy whereby its president has the individual authority to approve loans up to $5,000,000. The president believes that this policy will allow flexibility to approve loans to valued clients much quicker than under the previous policy.
As an internal auditor of Pacific Bank, how would you respond to this change in policy?
Answer:
As an internal auditor, you would probably disagree with the change in policy. Pacific Bank has some normal business risk associated with default on bank
loans. One way to help minimize this is to carefully evaluate loan applications. Large loans present greater risk in the event of default than do smaller loans. Thus, it is reasonable to have more than one person involved in making the decision to grant a large loan. In addition, loans should be granted on their merits, not on the basis of favoritism or mere association with the bank president. Allowing the bank president to have sole authority to grant large loans can lead to the president granting loans to friends and business associates, without the required due diligence. This can result in a bank becoming exposed to very poor credit risks. Indeed, this scenario is one of the causes of the savings and loan failures of the past.
One of the largest losses in history from unauthorized securities trading involved a securities trader for the French bank, Societe Generale. The trader was able to circumvent
internal controls and create over $7 billion in trading losses in six months. The trader apparently escaped detection by using knowledge of the bank’s internal control systems
learned from a previous back-office monitoring job. Much of this monitoring involved the use of software to monitor trades. In addition, traders were usually kept to tight trading limits. Apparently, these controls failed in this case.
What general weaknesses in Societe Generale’s internal controls contributed to the occurrence and size of the losses?
Answer:
The Societe Generale trading losses show how small lapses in internal control can have large consequences. When the losses became so large that they could no longer be hidden, it was too late. The loss could have been avoided with a number of internal controls. First, the separation of duties control was overcome by the trader’s intimate knowledge of the monitoring software. This knowledge of the monitoring system allowed the trader to effectively hide trades. The design of the monitoring software would need to be improved, and access prohibited by traders. If traders have access to the monitoring software, then the separation of duties control is violated. Second, the trader should be under managerial oversight. For example, trades that exceed a certain amount of exposure should require management approval. In this way, a trader would be forced to slow down or stop once trades have reached a certain limit. This would avoid the trader’s tendency to try to “make up” losses with even larger bets. Lastly, required vacation time may have alerted managers to the hidden losses once the trader was unable to attend to the trading positions
No comments:
Post a Comment