Risk Self Assessment Template

Definitions & Instructions

To be used in conjunction with the Opportunity Self-Assessment Manual
Refer to ## Risk Assessment ## to complete this self-assessment template
Definition/Instruction

Describes one of 13 OI risks (plus

Management and External). Operational risks
1. Risk area
apply to each process area in the department,
these are denoted by 'Operational - xxx'.

Describes a certain control objective linked

2. Control Objectives
to each risk in the department/operation.

Provides an explanation for why the Control

3. Explanatory Notes
objective has been identified.

In the likelihood column, mark the

PROBABILITY of that particular control
objective FAILING in your business area in
the “normal” course of events (i.e. still
4.a Inherent Risk Likelihood
considering “common sense”), on a scale of
1-5, prior to any controls that may be
implemented (1=rare, 5=almost certain to
occur).

In the impact column, mark the SEVERITY of

4.b Inherent Risk Impact
that particular risk if it were to occur in
your business area, on a scale of 1-5
(1=insignificant impact, 5=severe impact).
When assessing impact it will be the norm to
consider the impact that that occurrence will
have on the whole business balance sheet.

This is the risk that existed before any

mitigation, whether by way of control or other
means. This comes as a result of the likelihood
4.c Inherent risk
and impact of the particular risk occurring in
your business, and is calculated from the
"Rubric" sheet.
 List the controls in place to mitigate the
noted risk. The controls recorded include those
that are actually now in place and those which
are intended, and may include processes. You
5. Mitigant/Control Activity
may note any shortcomings identified (i.e.
implementation plans for controls not yet
present) as part of the action plan portion of the
SAT (step 4).

Note the remaining likelihood that the risk would

6.a Post Mitigant Likelihood occur if all the controls you listed work
100% of the time.

Note the impact that the risk would have on your

6.b Post Mitigant Impact business if all the controls you listed work
100% of the time.

This is the risk that existed after the listed

mitigations, whether by way of control or other
means. This comes as a result of the post-
6.c Residual Risk
mitigant likelihood and impact of the particular
risk occurring in your business, and is calculated
from the "Rubric" sheet.

Note any shortcomings identified as part of the

Mitigant/Control Activity portion of the SAT.
7. S.M.A.R.T. Action plan
(Specific, Measurable, Actionable, Realistic, Time
bound)

8. Target Date for The agreed date by which the Action plan will be
Completion executed.

Note the risk level you would like to see as a

result of executing the controls listed in step 3.
This is your target destination risk, and is
9. Destination Risk
hypothetical upon successful implementation of
the action plan as well as further potential
controls to be developed.
sment Manual

How to fill in/when/by whom

Some risks may not apply to your business. If so,

you may mark "N/A" against the risk and move to
the next risk. If you have additional risk areas
under Operational you may add them with
consecutive numbering.

Feel free to add additional risks areas to this SAT if

you feel it is lacking. Ensure formulae under
columns G,K,Q and R are copied to new rows.

This is an aid in training and in sharing the

responsibility between department heads and their
second-in-command.

Filled in by risk owner and team. Likelihood of

occurrence is PRIOR to any mitigation. See "rubric"
tab for more details.

Filled in by risk owner and team. Likelihood of

occurrence is PRIOR to any mitigation. See "rubric"
tab for more details.

Calculated automatically based on likelihood and

impact input. See "rubric" tab for more details.
Filled in by risk owner and team.

Filled in by risk owner and team. Likelihood of

occurrence is AFTER listed mitigations. See "rubric"
tab for more details.

Filled in by risk owner. Likelihood of occurrence is

AFTER listed mitigations. See "rubric" tab for more
details.

Calculated automatically based on likelihood and

impact input. See "rubric" tab for more details.

Filled in by risk owner and team. Note any new

controls to be implemented, timeline, and
responsible parties for implementation in order to
reduce residual risk further.

You may wish to enter the final date for completion

of all Actions for this Control OR, for tracking
purposes, you may find it more effective to put in
the NEXT target date and once that action
completed, enter the consequent target date for the
next Action.

Filled in by risk owner and team.

 Self Assessment Template

Almost certain 5 5 6 7 8 9
Probable LIKELIHOOD 4 4 5 6 7 8
Possible 3 3 4 5 7 7
Unlikely 2 2 2 4 6 7
Rare 1 1 2 4 5 6
1 2 3 4 5
IMPACT
Insignificant Minor Moderate Major Critical

Likelihood
1.Remote/Rare - exceptional circumstances; 2. Unlikely - could occur; 3. Possible -
should occur; 4. Probable - likely to occur; 5. Almost certain – expected.

Impact Objectives
1.Insignificant - minimal; 2. Minor - some objectives missed; 3. Moderate - multiple
objects missed; 4. Major - plan revision; 5. Critical or Extreme - major plan revision

Financial Impact
1.Insignificant - low costs; 2. Minor - adjusted budget; 3. Moderate - losses and adj.
business; 4. Major - capital erosion; 5.Critical or Extreme - severe capital erosion

Reputational Impact
1.Insignificant - no reputation impact; 2. Minor - internally managed; 3. Moderate -
local publicity; 4. Major - public criticism; 5.Critical or Extreme-severe public
criticism
Health & Safety
1.Insignificant - no harm; 2. Minor – First Aid required; 3. Moderate – fracture or
visit to hospital; 4. Major – loss of limb or eye; 5.Critical or Extreme- Fatality.

1 1 1
1 2 Likelihood Impact Code Risk
1 3 5 1 51 5
1 4 4 1 41 4
1 5 3 1 31 3
2 1 2 1 21 2
2 2 1 1 11 1
2 3 5 2 52 6
2 4 4 2 42 5
2 5 3 2 32 4
3 1 2 2 22 2
3 2 1 2 12 2
3 3 5 3 53 7
3 4 4 3 43 6
3 5 3 3 33 5
4 1 2 3 23 4
4 2 1 3 13 4
4 3 5 4 54 8
4 4 4 4 44 7
4 5 3 4 34 7
5 1 2 4 24 6
5 2 1 4 14 5
5 3 5 5 55 9
5 4 4 5 45 8
5 5 9 3 5 35 7
2 5 25 7
1 5 15 6
Risk Self Assessment Template - Branch Operations Branch Loan Portfolio Balance at SAT completion Date:
Institution Loan Portfolio Balance at SAT completion Date:
Branch Name: ADA Branch Deposit Balance at SAT completion Date:
Date: 2014 MARCH Institution Deposit Balance at SAT completion Date:

Post
Audit Post Post Business Increase Workpaper Finding
Post Post Audit Audit Residual in No Number
Likelihood Impact Inherent Mitigant Mitigant S.M.A.R.T. Action Plan
Residual (provide target date Target Date for Mitigant
for completion of all tasks in the next Completion (mmm - Destinatio
No. Risk Area Control Objective Explanatory Notes (1-5) (1-5) Risk Mitigant/Control Activity Likelihood Impact Risk column.) yy) n Risk likelihood Mitigant Residual Risk residual
(1-5) (1-5) impact Risk Risk
(1-5)
(1-5)
1 GOVERNANCE N/A
2 REGULATORY
Know Your Customer procedures are not Breach of KYC procedures can lead to staf incurring personal liability 1.Accounts are only opened after positive identification and authorised only when compliant
understood and complied with by all and from a reputational and regulatory point of view this is an area with kyc proceedures. 2.CSO
2.1 Regulatory account opening staf that all staf must comply with. 3 3 5 and Teller has been taken through training during branch meetings to ensure KYC procedures 2 1 2 2 1 2 2 0 1

Anti Money Laundering Procedures are Breach of AML procedures and/or failure to report suspicious
not understood or complied with by all transactions can lead to staf incurring personal liability and from a 1. Trainings are periodically held for stafs on anti money laundering. 2.
staf reputational and regulatory point of view this is an area that all staf stafs to report any suspicious transactions by clients 3.
2.2 Regulatory must comply with 3 2 4 Tellers and CSOs constantly reminded that to check AML, there is the need to monitor 1 2 2 2 1 2 2 0 2
Multiple deposits and report any unusually bulk one of deposit for branch managment to
investigate.

Branch fails to display information Many regulators will require certain upto date information to be 1. All information required by regulators are always conspiciously displayed at the banking
required by the local regulators e.g. displayed prominently in the bank. This could be audited accounts, hall.
2.3 Regulatory Banking licence, audited accounts etc trading licences, banking licences, codes of conduct etc 2 3 4 2. Any updates are done promptly when due and displayed at the Banking hall without 1 1 1 1 1 1 1 0 3
fail.

Regulatory Requirements are complied 1.We have put notices at the Banking Hall to inform clients that they will be charged 10% of
2.4 Regulatory with regards to the issuance of dud 3 4 the face value of the cheque if they issue dud cheque. 2 1 2 2 1 2 2 0 4
7
cheques
3 MANAGEMENT
Branch is not operating with an up-to-date Staf should acknowledge that they have received and understood the
3.1 Management set of operating procedures or staf do not latest operating procedures. 3 2 4 Training and support is done whenever there is a change in procedures and policies. This is 1 1 1 1 1 1 1 0 5
understand them. done during our branch meetings.

An efective Business Continuity Plan is not All branches should have a BCP which details the actions to be taken in
in place for the branch in the event of the event of a major incident afecting the branch. The BCP should be
inability to operate from the existing subjected to regular testing. branch has business continuity plan in place. BCP reviewed by Branch Management every
3.2 Management 1 3 4 quarter and made available to all staf in common or shared folder 1 1 1 1 1 1 1 0 6
location

Premises are vulnerable to external Security guards, alarm systems etc.

threats. Back of the premises is not
accessibile for security inspection after
6pm when the market is closed until 1. A 24 hour security system is in place to guard the building
5.30am 2. External security and night police guard stay close to the back of the building as much as
possible to be able to detect and foil any robbery attempt from the back of the building at
night. 3.
3.3 Management 1 3 4 management ensuresthat electronic security installations are always functioning efectively. 1 2 2 1 2 2 2 0 7
4. The motion detectors automatically arms or activates after 10.30pm 5.Police
attendance book is in place to monitor their attendace in and out times of policy guards.
6.Security
Activity book is also inplace to monitor activities in and arround the building

Assets are vulnerable to external threats. All assets should have a fixed asset number and a notice 'Property of 1.There is a contracted security presence in the branch complemented with police presence
Opportunity International Savings and Loans Ltd. policies about to protect assets and personnel from external threats of theft, burglary and assault on staf
carrying laptops or other assets of the premises should be adhered to. and property 2. All
fixed assets of the branch have been labled 3.
Assets removal form is in place to record any asset moved out of the branch. 4.
External security to also be in the known and record in thier occurrence register before taken
away. 5.
Smoke detectors are in place and in good order to detect smoke for immediate action.
3.4 Management 3 2 4 2 1 2 2 1 2 2 0 8
6. Fire extinguishers are working and periodically serviced to fight fire when necessary.

Internal controls are not being adhered to Branch Manager is responsible for the internal controls within the
branch and must use tools like the SATs, control checklists, snapchecks
etc to ensure a high level of control is maintained. 1. Staf training is adequate and efective.
2. Quality control system is efective with meaningful action plans.
3. Audit Risk and compliance recommendations are swiftly acted
upon. 4. SAT is prepared with the invlovement of key management staf
every quarter. 5. Controls and action plans in SAT are
3.5 Management 3 2 4 adequately communicated to all staf and monitored to ensure compliance. 1 1 1 1 1 1 1 0 9
6. Compliance managers to mornitor controls
and report non adherence for action. 7. Snap checks are
conducted by Branch Manager periodically (daily, weekly or monthly depending on the type
of control)

Customer service does not meet OI's core Feedback from clients, monitoring complaints
values of Respect, Integrity or
Stewardship.
1. suggestion box is provided at the banking hall to collect feedback/complaints from clients.
2. complaints register is also made available at CSOs desk to capture feed back of
those who cannot write.
3.6 Transformation 2 3 4 3. CSOs draw management attention to the complaints immediatly. 1 2 2 1 2 2 2 0 10
4. complaints are acted on immediately and where possible resolved within 24hours.
5. Transformation Officer also
handles field compaints and report to managment on any feedback.
 OPERATIONS -
4 Suspense
Suspense accounts, P&L accounts and Example controls: Suspense accounts are reconciled and reviewed for
petty cash are not reconciled on a timely out of character transactions. Items to P&L accounts are properly
basis. authorised. 1. All suspense accounts are agreed and reviewed by an independent official at
least monthly.
2. Outstanding entries are followed up.
Operations - Suspense 3. Management satisfy themselves on the integrity of long outstanding entries.
4.1 Reconciliations and 2 3 4 1 1 1 1 1 1 1 0 11
Petty Cash
4. Segregation of duties enforced.
5. monthly reconciliations are done verified by BOM, signed of by BM before
submission to head office.

Clearing Accounts are not reviewed daily. This can lead to a risk of non-reconciled items and ultimately fraud or
errors. The accounts should be reviewed and reconciled every day.
1.cheque deposits are processed promptly and paid in at our clearing accounts same day
without delay.
Operations - Suspense 2.Items not settled are reversed promptly to avoid creating uncleared efects overdraft.
4.2 Reconciliations and 3 2 4 3.Account officer/Bom to ensure that Teller cheque deposits accounts and cheques sent for 1 1 1 1 1 1 1 0 12
clearing accounts have no outstanding item before COB everyday
Petty Cash 4. Any debit to petty cash account must have a voucher with appropriate approvals. Snap
checks on petty cash balance against physical cash done regularly. Monthly petty cash reports
are generated, crosschecked and copy sent to Head office.

General Ledger, P&L and Suspense These should only be opened with the approval of Head Office Finance All General Ledger accounts are opened as a matter of policy with Finance instructions and
Operations - Suspense accounts are opened or closed without and the system should alert any unauthorised activity in this respect. approval.
4.3 Reconciliations and proper authority. 3 2 4 1 1 1 1 1 1 1 0 13
Petty Cash

OPERATIONS - Petty
5 Cash
Petty cash used without proper authority Petty cash should be kept under dual control by authorised officials and Every Petty cash transaction is approved by the BM before payment is made. Petty cash are
5.1 Operations - Petty cash reconciled on a daily basis. 3 2 4 reviewed and authorised before re-embursment. 1 1 1 1 1 1 1 0 14

OPERATIONS -
6 Procurement
Local purchases are not within authorised Branches must operate within the limits laid down by Head Office. 1 procurement policy exist now and is being operationalised.Purchases are conducted and in
Operations - limits. accordance to levels set in the procurement policy.
6.1 Procurement 3 2 4 2.All procurements are made by Admin department upon request by the branch. 1 1 1 1 1 1 1 0 15

Inappropriate use of third party suppliers Any third party suppliers e.g. Cleaners, security guards etc should be
6.2 Operations- Third party approved by Head Office before using them. 3 2 4 1.Engaged by Admin. Department who also determines the number of these thirdparty 1 1 1 1 1 1 1 0 16
suppliers suppliiers for branches.
Branch holds excessive stationery. Stationery should be stored in a secure area and its usage monitored to 1.Stock template are developed ,regularly updated and monitored to avoid over stocking and
ensure no wastage or pilferage. abuse. 2.
Stocks are always kept under lock and keys and away from unathorised persons
3. periodic stock taking to be done to reconcile physical stock balance
with recorded balances.
6.3 Operations - Stationery 3 2 4 4. Stationary is reviewed and authority obtained for disposal of 1 1 1 1 1 1 1 0 17
redundant stock or transfer of surplus stock .
5. Stationary budget is subject to monthly review

OPERATIONS - Cash
7 Handling
Cash in tills is vulnerable to theft. Cash limits must be adhered to and the Branch Manager should carry 1. Interday till limit monitored.
out regular, but random snap checks 2. Keys are assigned and subject to snap check.
Operations - Cash 3. Tills are balanced end of day with diferences passed.
7.1 Handling 3 2 4 4. Monthly surprise till checks by BM. 1 1 1 1 1 1 1 0 18

Cash in vaults is vulnerable to theft. Vault cash limits should be adhered to. Surplus cash should be 1. Overnight cash is maintained in fire proof vaults under dual control with a time delay.
deposited into the bank. Access to the vault should be under dual
control. 2. Cash transferred to the Reserve is counted under dual control.
3. Vault cash is covered by insurance, adherance to the terms is
monitored. 4. current vault limit
of GHC10,000 is strictly adhered to
Operations - Cash 5.seperate access codes given to only custodians to deactivate security monitoring device
7.2 Handling 3 3 5 before entering the vault. 1 1 1 3 2 4 1 3 19 2
6. Key holding register is kept as evidence of those authorised to hold keys to the vault.
7. BM to ensure that no one person is exposed to or has access to both keys at any time.

Operations - Cash Cash collected or distributed by staf is Staf should not be collecting or distributing cash.
7.3 Handling vulnerable to theft. Distribution of cash is always done through clients accounts

Cash in transit is vulnerable to theft. Cash should be insured and only moved by approved Cash in Transit This duty has been outsourced to a private security company to do the transportation of cash
security companies. to and from our banking premises nationwide.It is always done with the police escort.
Operations - Cash
7.4 Handling 3 2 4 1 2 2 1 2 2 2 0 20

OPERATIONS - Fixed
8 deposit

OPERATIONS - Fixed deposits are not broken so 1.Terms and conditions make it clear fixed deposits can
Liquidation of Fixed A system is in place to ensure that is done in emerge. Random selection of statements of
8.1 as to effect liquidity or interest not be broken unless a fee is paid that covers the cost in 2 2 4 clients with FD contracts liquidated are checked to confirm. 1 1 1 1 1 1 1 0
deposit mismatch real terms of replacement money.

8.2 OPERATIONS - Fixed Fixed deposits accounts are not Fixed deposits accounts are reconclied monthly and 3 2 4 Fixed deposit reconciliations is done monthly by Account officer and checked by BOM/BM 2 1 1 1 1 1 1 0
deposit Reconciliation reconciled checked by a superior
 1. Tellers must ensure that all fixed deposit requests are
OPERATIONS - Fixed properly approved by BM or BOM before capturing 2.
8.3 deposit Contract Fixed deposit contracts are not 3 2 4 Fixed deposits files and vouchers are reviewed daily by BOM/BM 1 1 1
Emerge authourisers must ensure that duly approved
creation approved and authorised
before authorising in emerge. 3. Account officer to
ensure that, contracts documents are properly filed

OPERATIONS - Data
9 Input and Integrity
Transactions are not processed accurately The Branch must ensure that transactions are processed in an accurate 1. All data capture done in the course of the day are called over. 2.
and/or in a timely fashion. and timely manner Entries wrongly captured are corrected immediately they are identified
Operations - Data Input 3.Evidence of calling over to be filed at the branch and certificate of calling over sent to
9.1 and Integrity 3 3 5 1 1 1 3 2 4 1 3 21 2
Operations head.

Amendments to customer details on the Changes to customers' standing details such as address or name should 1.All Amendments to Customer details are done only with prior approval by Branch Manager
system are made without proper require diferent levels of proof and authorisation. For example, a and authorised by either, the BM/BOM.The authorizer is required to sight the original
authorisation. change of address would require some form of utility bills or other document and make sure they have been well captured before authorizing.
appropriate documentation. For change of name, this would require
9.2 Operations - Data Input higher levels of diligence and investigation. Appropriate levels of 2 3 4 1 2 2 1 2 2 2 0 22
and Integrity authorisation, including dual control should be considered.

Documents are not stored securely or for Reference to documents for account openings or other regulatory Documents with respect to account opening are sorted registered and batched according to
9.3 Operations - Data Input easy access. purpose in the branch (loan documents are under Credit section).
2 3 4
dates and stored in packs at branches for easy reference.Files are only retreived by authorised
1 2 2 1 2 2 2 0 23
and Integrity persons.

Unauthorised or inappropriate access to The Branch Manager must ensure that only authorised staf access the
systems is granted system and that passwords are properly used. Branches should ensure
9.4 Operations - Data Input that IT have installed latest anti virus software on all PCs 3 2 4 Initial access for system usage is approved by only the BM and forwarded to the MIS for 2 1 2 2 1 2 2 0 24
and Integrity access to be granted.

OPERATIONS - Account
10 Opening
Accounts are opened for fraudsters and Accounts are only opened after positive identification. Corporate
ghost or non-existent clients. Accounts are only opened after confirmation from a bankers reference
and company registry search. The CSO checks customer information to ensure compliance with KYC regulations. Positive
Operations - Account identification is required. BM/BOM before
10.1 Opening 1 3 4 authorization of account opened by the CSO. BM/BOM must confirm the captured image and 1 2 2 1 2 2 2 0 25
signature with the completed forms before authorisation.

Accounts are not opened in line with KYC Accounts must be opened with all the requirements of the Bank's KYC 1. The BOM before authorisation of account opening by the CSO checks for KYC compliance
Operations - Account procedures guidlnes being complied with and adequacy of personal data on the completd account opening forms. 2.The BOM or BM
10.2 Opening 3 3 5 must confirm the captured image and signature. 1 1 1 3 1 3 1 2 26 3

OPERATIONS -
11 Dormant Accounts
Dormant loan accounts are cleared The Branch dormant accounts should be reviewed on a regular basis to 1.Dormant accounts can be activated only after its been authorised by the BOM or the BM.
Operations - Dormant regularly. reactivate or refer to Head Office to clear them Access to such accounts
11.1 Accounts should only be under dual control 3 2 4 2. All transaction debit- credit are referred to senior official for verification 1 2 2 1 2 2 2 0 27

OPERATIONS - Fraud
12 and Embezzlement
Fraudulent cheques or cash are collected Cheques should only be accepted from reputable customers and 1.Cheques deposits are properly scrutinized by Tellers and Accounts officers before
and banked. proceeds not released until they have been cleared. acceptance.
2. Accurate clearing days are selected.
Operations - Fraud and 3. suspiscious cheques are referred to BOM/BM.
12.1 Embezzlement 3 2 4 1 1 1 1 1 1 1 0 28
4. Immediate clearing done sparingly and only when absolutely
necessary upon prior authorisation.

Branch or teller stamps are misused. Branch and teller stamps should always be under the control of Teller stamps are locked in teller tills which are also kept in vault.
12.2 Operations - Fraud and authorised personnel and carefully managed. When till or branch is 3 2 4 1 1 1 1 1 1 1 0 29
Embezzlement closed stamps should be held securely, e.g. in vault.

Staf are engaged in unauthorised or Consider areas like rotation of staf, ensuring leave is taken, 1. Snap checks are also done to both Tellers and CSOs periodically. 2.
fradulent activities enforcement of dual control where appropriate, snap checks especially Leave roster is prepared anually and staf are allowed to take their leave when it falls due.
on cash holdings and reconciliations
Operations - Fraud and 3. strict enforcement of dual control proceedures.
12.3 Embezzlement 3 2 4 1 2 2 1 2 2 2 0 30

13
OPERATIONS - Card If Applicable
Issue
Input is not accurate on registration. Input data should be verified by a second official. The E- zwich cards registration are done with BIDS and they are issued with clients being
13.1 Operations - Card Issue 3 2 4 physically present. 1 1 1 1 1 1 1 0 31

Cards are linked to the wrong account. Card process should be under dual control and a second official should Cards are linked to the right accounts using the. Biometric Identification System which
check that the cardholder details match the account holder details. requires the physical presence of the client for the linkage and registration. All editing are only
13.2 Operations - Card Issue 2 3 4 done by supervisors 1 1 1 1 1 1 1 0 32

Fake cards are produced. Head of Operations should verify the number of cards produced with Official cards lablled OI are sent from head office with serial numbers. Report are spoolled
13.3 Operations - Card Issue the number shown on the card production report. 2 3 4 from the system with cards serial numbers. 1 2 2 1 2 2 2 0 33

Cards are not protected. Cards should be held under dual control and the client should sign to E- zwich cards are kept in the vault under lock and key
13.4 Operations - Card Issue acknowledge receipt. 2 3 4 1 2 2 1 2 2 2 0 34
PIN numbers are not protected. PIN numbers should be kept separate from the cards and issued by a N/A
13.5 Operations - Card Issue diferent official to the clients upon receipt of identification. 1 1 1 1 0 35
OPERATIONS -
Remittances Western If Applicable
14 Union transfer, MTN
mobile money,
Moneygram etc.)
 Remittances received in bank are paid out Payouts would be subject to the identification rules agreed with the N/A
Operations - to unauthorised persons. Money transfer service provider e.g. identification, use of passwords
Remittances Western etc.
14.1 Union transfer, MTN 1 2 2 2 0 36
mobile money,
Moneygram etc.)
Failure to reconcile accounts for inward/outward payments could lead N/A
Operations - to errors and fraudulent activity.
Remittances Western Accounts with 3rd Party Money Transfer
14.2 Union transfer, MTN 1 2 2 2 0 37
mobile money, provider are not reconciled.
Moneygram etc.)
Only authorised and trained staf should have access to the system N/A
Operations - which should be secure and password protected. Records of all
Remittances Western transactions should be reviewed and reconciled on a daily basis.
14.3 Union transfer, MTN Money Transfer systems are insecure. 2 2 2 2 0 38
mobile money,
Moneygram etc.)
Operations - Non receipt of payment, delays and other client complaints must be N/A
Remittances Western Remittances sent through bank are not followed up and investigated in a timely fashion.
14.4 Union transfer, MTN received by beneficiaries. 1 2 2 2 0 39
mobile money,
Moneygram etc.)
Operations - Failure to reconcile accounts for inward/outward payments could lead N/A
Remittances Western to errors and fraudulent activity.
14.5 Union transfer, MTN Accounts with 3rd Party Money Transfer 1 2 2 2 0
mobile money, provider are not reconciled.
Moneygram etc.)
15 OPERATIONS - ATMs If Applicable
Cards captured in the ATM are not Captured cards should be recorded under dual control and customers N/A
secured. should produce ID and sign to acknowledge receipt when reclaiming
15.1 Operations - ATMs them. 1 2 2 2 0 40

ATMs are not replenished under secure ATM replenishment should always be under dual control and with N/A
15.2 Operations - ATMs conditions. adequate security in place. 1 2 2 2 0 41

ATM accounts are not reconciled. ATM accounts with other Banks must be reconciled on a daily basis. N/A
Cash in ATMs must also be reconciled with the ATM GL account and
15.3 Operations - ATMs ATMs should be subject to snap checks by Internal Compliance to verify 1 2 2 2 0 42
the cash positions.

System down time not recorded 1.i.System downtime is monitored. Ii. System downtime is promptly
and acurately recorded. iii. Capacity is reviewed in line with expansion
programme. Iv Weekly reports of system down time are sent to HBO Bm to ensure that, the weekly reports of system down time are sent to HBO for redress
15.4 System availability 2 2 2 without fail. 1 1 1 22 11

157 53 76 68 8
15% 5%
Sign of
Prepared by Branch Manager Reviewed by Risk/Internal Compliance Approved by Chief Operating Officer
NAME ROBERT EBO AGGREY NAME : NAME
Signature___________________________________ Signature_______________________________ Signature_______________________________
Document History

Date Version Contributor

25-Oct-07 1.0 Diana Cazacu
Nov-07 1.0.1 Ken Pearman
26-Nov-07 1.0.2 Diana Cazacu
25-May-10 1.0.3 Eric Meyer

22-Jan-11 1.0.4 Sarah Nolan

 Summary of Changes
Document Creation
Changes in Rubric and Risk assessment
Inserted How to use spreadsheet
Changes to risk areas and How to Use.

Introduction of Explanatory Notes, Target date for Action plan, sort function
for headers. Review of SATs to reduce replication across all SATs, reword
control objectives to negatives and expand to 13 risk categories from 8 with
additional 2 risk areas (management and external) - plan to merge these into
other 13 by Q4 2011. Formatting changed - colours, fonts.
1. MTN MM Transaction is initially captured in the MTN MM Transaction sheet kept in the cubicle by Teller. 2.
Transactions are then captured in the MTN Cash Account in the emerge. 3.
Periodically, Accounts Officer/ BOM generates(code provided by Business Application Manager) MTN 4. Cash
Statement and reconcile with the MTN MM Cash Account in the emerge. 5.
Any diferences identified in reconciliation is investigated.