Traditional Culture Encyclopedia - Traditional culture - Bank risk management audit
Bank risk management audit
Bank risk management Audit risk management originated in 1960s and 1970s, and developed in large enterprises in finance, insurance, manufacturing and other industries in 1980s. From the normative point of view of risk management content, it belongs to banks and insurance. Risk management audit appeared at the end of 20th century and the beginning of 20th century. With the arrival of the era of risk-oriented internal control, risk management has become the focus of internal audit. It not only pays attention to traditional internal control, but also pays attention to effective risk management mechanism. Internal auditors ensure that their audit plans are consistent with their business plans by analyzing current risks. Risk management has become a key process in an organization, which urges internal audit not only to pay attention to evaluation and control, but also to identify risks and test methods to manage risks. Risk management audit is a new stage of internal audit development.
I. Definition and types of bank risks
1. Definition of bank risk
There are two views on bank risk. First of all, it refers to the possibility of commercial banks suffering economic losses due to various uncertain factors in their operations. Second, in monetary management and credit activities, due to the influence of various unpredictable and uncertain factors in advance, the actual income of banks deviates from the expected income, and there are double opportunities and possibilities to suffer economic losses or gain additional income. I agree with the second point.
Bank risk exists in every link of the bank value chain. It can be said that since its establishment, the bank has been seeking benefits in the process of risk management. A correct understanding of bank risks should pay attention to the following points:
(1) Bank risk is not equal to bank loss. Risk refers to the possibility of unfavorable or favorable events; The loss is what is consumed or lost, and it is the fact that the original uncertain events are formed. The focus of the two is different, with risks focusing on the future and losses focusing on the present and the past.
(2) Risk is both a challenge and an opportunity, and it is dual.
(3) It contains multi-level risk content and has a dynamic category. Multi-level risks include legal risks, policy risks, decision-making risks and operational risks.
(4) The risks of commercial banks are more a reflection of risks in economic operation, which are related to the behavioral objectives, decision-making methods and economic environment of economic subjects, and are not simply the problems of banks themselves.
2. Types of bank risks
The Trial Measures for Internal Control Evaluation of Commercial Banks, which was formulated by China Banking Regulatory Commission and implemented on February 6, 2005, points out that the main risks of commercial banks include credit risk, market risk (including interest rate risk), operational risk, liquidity risk, legal risk and reputation risk.
From a practical point of view, there are four main risks that have great influence on banks: credit risk, operational risk, market risk and liquidity risk.
Second, the position, responsibility and role of internal audit in risk management
Internal audit is an independent and objective confirmation and consultation activity, which evaluates and improves the effect of risk, control and governance processes by applying systematic and standardized methods to help organizations achieve their goals. Because of its own characteristics, internal audit has certain advantages in participating in risk management. Internal audit departments and personnel are familiar with the situation of the unit and have a good understanding of the risks faced by the unit; Internal audit departments and personnel are internal members of the organization, their interests are closely related to the development and rise and fall of the organization, and they have a stronger sense of responsibility for preventing various risks and achieving business objectives; Different from other departments, the internal audit department does not engage in specific business, and its functions are independent of the business management department. Can jump out of all aspects of the business circle, proceed from the overall situation, comprehensively and objectively identify and evaluate risks, and take effective risk control measures.
1. Positioning of internal audit in risk management
Now what we call risk management tends to be a broad concept. Corporate governance and internal control actually belong to the category of risk management, but the levels involved in risk management are different, and internal audit has always played an important role. The Sarbanes-Ox Act passed by the US Congress in 2002 pointed out that the board of directors, top managers, external auditors and internal auditors, as the cornerstones of effective corporate governance, have become an important part of the necessary responsibilities of corporate governance and internal control. Therefore, the role of internal audit in risk management is very important for the overall risk control of the organization. At present, the positioning of internal audit in the process of risk management should be participants, collaborators and supervisors.
2. The responsibility of internal audit in risk management
Risk management is a main line of internal audit. Therefore, internal audit should and must participate in risk management. With the arrival of the era of risk management-oriented internal control, the focus of internal audit has also changed. Modern internal audit pays more attention to effective risk management mechanism and sound corporate governance structure besides traditional internal control. But internal audit is not the same as risk management. IIA pointed out that the positive role of internal auditors in establishing and managing risks is different from that of? Risk owner? The role of. To avoid it? Risk owner? The role of internal auditors should require management to confirm that they are identifying, preventing and monitoring risks? Owner? The responsibility of. In September, 2004, IIA issued a job description entitled "The Role of Internal Audit in Total Risk Management" in response to the new framework of total risk management issued by COSO Committee, pointing out that the core functions of internal audit include five aspects: providing assurance for risk management process, ensuring that risks are correctly evaluated, evaluating risk management process, reporting system for evaluating key risks and auditing key risk management activities. Secondly, the job description also describes in detail the responsibilities of internal audit in risk prevention: assisting in identifying and evaluating risks, training management teams on how to deal with risks, coordinating comprehensive risk management activities, improving risk reporting system, maintaining and developing comprehensive risk management framework, supporting the establishment of comprehensive risk management and formulating risk management strategies for decision makers. Finally, it is also clear that internal audit should not bear the following responsibilities:
(1) Set the risk limit;
(2) Implementing the risk management process;
(3) Providing risk guarantee for the management; (4) Make risk response decisions; (5) Implementing the risk response plan in the name of the manager; (6) The fiduciary responsibility of risk management.
3. The role of internal audit in risk management
Domestic and foreign enterprises, especially world-renowned enterprises, such as DuPont and Microsoft, have relatively perfect risk management systems, and internal audit has played an important role in the enterprise risk management system. Risk management is an important management responsibility. In order to achieve its business objectives, the management should ensure that it has a sound risk management process and can play a role. The Board of Directors and the Audit Committee should play a supervisory role to determine whether the organization has established appropriate risk management processes and whether these processes are operating normally and effectively. The internal auditor shall assist the management and the audit committee by inspecting, evaluating and reporting the appropriateness and effectiveness of the risk management process and making suggestions for improvement. It should also be pointed out that the role of the internal audit department in the process of organizational risk management can change with the passage of time, and may have different roles: from no role, to auditing the risk management process as part of the internal audit work plan, to actively and continuously supporting and participating in the risk management process, to managing and coordinating the risk management process.
Generally speaking, the role of internal audit in risk management can be summarized as the following four aspects: first, inspection and evaluation, the internal audit department uses audit means to evaluate the adequacy and effectiveness of the bank risk management system; Second, management and coordination. Internal audit takes advantage of its own advantages to actively participate in the construction of bank risk management system, identify, analyze, coordinate and manage various risk elements, and put forward effective suggestions to control risks; Third, consultant and consultation. As a consultant, internal auditors help enterprises determine the methods and control measures of risk management and evaluate their rationality and effectiveness. Fourth, reporting and prevention. The internal audit department can effectively control and prevent various risk factors by timely transmitting and urging the implementation of risk audit results.
Three. Problems existing in bank risk management audit
China Industrial and Commercial Bank, China Construction Bank, etc. Organized targeted risk management and audit research. However, there are still the following problems in the internal audit risk management of banks:
1. The concept of internal audit is backward.
Compared with ordinary industrial and commercial enterprises, bank risk management occupies an important position in its value chain and has been concerned since the establishment of banks. Therefore, its risk management is relatively good, which makes some people inside and outside the industry think that the risk management of banks is perfect, which also causes the internal audit to have insufficient understanding of risk management, and the internal auditors can not actively pay attention to risks, which restricts the role of internal audit.
2. Internal audit methods can not meet the needs of bank risk management.
The internal audit of banks in China is still in the stage of finding mistakes, preventing fraud and carrying out compliance audit, which is limited to the after-the-fact audit of the implementation of various rules and regulations by business departments and institutions. Mainly on-site audit, off-site audit is not carried out enough. The bank risk management system requires systematic and comprehensive risk management, including not only pre-prevention, in-process control and post-event management, but also information processing and off-site audit.
3. The role and position of internal audit in risk management is not clear.
The risk management of commercial banks is divided into risk management department and internal audit department. The Risk Management Department is responsible for overall risk management, and the Internal Audit Department conducts internal audit according to the risk assessment results of the Risk Management Department. In fact, the relationship between the risk management department and the internal audit department is not clear.
4. Risk audit is not carried out vigorously enough.
The internal audit department has the responsibility to summarize, sort out and analyze the external and internal risks faced by the competent business department, and submit a risk analysis report to the senior management to provide reference for the senior management's business decision. However, the current audit work is basically carried out in accordance with the work arrangements of the head office and provincial banks, and the independent audit work is not sufficient, and the effect of avoiding risks is not good.
Four, the advantages of bank risk management audit
Bank risk management audit is an internal audit technical method based on comprehensive risk management. As an important part of successful overall risk management planning, this method pays more attention to business objectives, risk tolerance of management and key risk measurement indicators. At present, bank risk management audit also has the following advantages:
1. Evaluating risk management from a global perspective is beneficial to internal audit.
Because the bank is a special financial enterprise dealing in money, it determines that there are risk factors in any link of the banking business process, and because the risks are contagious, contagious and asymmetric, the risks caused by one subject in the chain or the consequences brought by neglecting risk management are sometimes not directly borne by it, but will be passed on to other subjects through certain connections, which will eventually lead to the bank's predicament. Internal audit can consider the risk factors from each link and surrounding environment, which is conducive to comprehensively evaluating bank risk management from a strategic perspective.
2. It is conducive to strengthening bank risk management.
As an integral part of risk management, risk management audit aims to achieve the strategic objectives of the organization and increase the value of banks. However, their responsibilities are different. Risk management needs to design and implement risk management measures and methods, and risk management audit is responsible for testing and evaluating the design and implementation of risk management, and providing appropriate confirmation of relevant risk management information to management. Therefore, to some extent, it can be said that risk management is a higher level of risk management. What can be learned from the risk management audit? An outsider? From the perspective of risk management, systematically and objectively evaluating the risk management process in the process of value realization is helpful for banks to strengthen risk management.
3. It is more beneficial to realize the value of audit.
The purpose of risk management and risk management audit is to achieve strategic objectives and increase the value of banks. Risk management audit focuses on the evaluation of risk management process, which can reduce the increase of operating costs caused by risks. As an internal audit, risk management audit is not limited to risk management audit. Therefore, the analysis of business process and surrounding environment can not only provide some suggestions for enterprise management, but also help to realize the value of internal audit.
4. It is conducive to information communication and the establishment of bank risk management culture.
In order to effectively and timely solve the risk problems faced by banks, it is necessary to communicate with each department in the bank in time. However, sometimes departments can't do this. The independent status of internal audit makes it necessary for internal audit to know the information of all departments, and comprehensively grasp the bank information through auditing techniques such as inquiry, observation and questionnaire survey, and transmit and communicate the information in different departments, so as to deepen mutual understanding among departments, help all departments to consider risk issues from a global perspective and establish a good risk management culture.
- Previous article:Brand e-commerce where to go from here: Ma Yun Liu Qiangdong each argument
- Next article:What snacks are there in Pingyang, Wenzhou?
- Related articles
- Ten must-see attractions in Chengdu
- How many kilometers is it from Baoji to Fufeng?
- What is the weight of standard badminton?
- Handwritten newspapers talk about humility as a virtue, while handwritten newspapers talk about morality.
- Famous sayings about persistence and flexibility
- How to write the lovely Anhui handwritten newspaper?
- How to adjust the brightness of nec900 projector bulb
- Is the beauty instrument really useful?
- Victory honor of Shengli Oilfield
- What are the three meanings of chopsticks?