Effective internal control in credit unions – a key to success

• Reliable financial and management reporting is produced.

• Legal and regulatory requirements are complied with.

• Internal policies and procedures are complied with.

• The risk of unexpected loss is decreased.

The board of directors is responsible for the internal control framework of the credit union.

The board delegates responsibility to the management of the credit union to implement board policy on internal control. Management in turn delegates the relevant responsibilities to staff for internal control as appropriate to their functional roles.

Key Concepts of Effective Internal Controls The following key concepts are important to consider in relation to internal control:

• Internal control is a process. It is a means to an end, not an end in itself.

• Internal control is shaped by people. It’s not merely policy manuals and forms, but people at every level of the credit union.

• Internal control can be expected to provide only reasonable assurance, not absolute assurance, to the credit union’s management and board.

• Internal control is geared to the achievement of objectives in one or more separate but overlapping categories.

At a high level controls are expected to prevent or detect errors and frauds. Therefore key control objectives are to ensure

: • Completeness

• Accuracy

• Validity

• Restricted Access Examples of prevent controls are proper authorisation, proper documentation and physical control over assets.

Examples of detect controls are review of exception reports, variance analysis and reconciliations

Control Activities The control activities typically found in a credit union can be classified as follows:

• Segregation of Duties

• Approvals

• Reconciliations

• Reviews

• Asset Security

• Information System Security These control activities are considered in further detail below.

Segregation of Duties (preventative and detective) include:

• No one officer should have responsibility for all of the following transaction components - initiation, approval, recording and reconciliation.

• Roles and responsibilities should be documented as far as is possible

Approvals (preventative) include:

• Written Policy and procedures.

• Approval Authority Limits.

• Supporting documentation for a transaction/decision.

• Review and explanation of unusual items.

Reconciliations (detective) • Reconciling data from different sources.

• Identifying and investigating differences.

• Taking corrective action where required.

Information Systems Security (preventative and detective) • Access security, programme and data security, physical security.

• Software development and change control.

• Disaster Recovery.

• Input Control (Authorisation, Validation, Error notification and correction).

• Complete and accurate processing of authorised transactions (Audit Trail, Control totals, Control Files).

Effectiveness of Control In deciding whether the control activity in place is effective, the following questions should be considered;

1. Does this control, as described, actually mitigate the risk identified?

2. What is the control objective and does this control, as described, ensure that the objective is met?

3. In answering these questions, consider the following:

• Preventative versus detective.

• Automated versus manual.

• Complexity.

• Interdependence.

• Distance and time from the event.

• Accountability for the control.

4. Can the control, if operating properly, effectively prevent or detect errors, issues, breaches and frauds that could result in a material impact on the Credit Union? If the answer to these questions is “Yes”, then the control is designed effectively.

One key point to be remembered is that there must be evidence that the control was performed. Therefore, it is critical that you can prove that a control activity has taken place ie, if it is not written down it was not done.

As the umbrella body for credit unions in the country, the League takes a leading and proactive role in designing the relevant workshops to assist credit unions and to lead them along a successful path.

Each year over 500 persons are trained in various professional certificate workshops which include corporate governance and leadership, internal control procedures, risk assessment, among others.

Continuous training and development cannot be overemphasised and training and retraining are encouraged. This has been bearing much fruit in that credit unions continue to compete successfully in the financial marketplace despite the global economic down-turn.

We consider this an important era for the Credit Union Movement and credit union leaders are encouraged to heighten their focus on developmental initiatives for all categories of staff and officers so as to allow our unique member-owned organizations to continue to survive and excel with admiration.

creditunionleague@gmail.com