Managing Operational Risk In Financial Institution Finance Essay - Free Essay Example

Sample details Pages: 7 Words: 2063 Downloads: 2 Date added: 2017/06/26 Category Finance Essay Type Research paper Did you like this example? Q1. Explain the internal control failures that allowed this fraud to occur and recommend what steps you would take to improve the risk framework at Caforilus to prevent similar loss events occurring? The fraud that occurred at caforilus was not due to one single factor but there were multiple factors which encouraged the fraud to occur. All three lines of defence failed to overcome the fraud the first line of defence, the business line failed to establish and maintain stronger risk controls, risk culture, risk appetite, on day to day responsibilities of business line second line of defence the oversight, which failed to monitor the risk guidance in the firm this involve compliance, legal and finance, IT security, HR functions and risk management functions, the third line of defence is the risk assurance where the internal Audit committee failed to provide independent assurance. Don’t waste time! Our writers will create an original "Managing Operational Risk In Financial Institution Finance Essay" essay for you Create order All three levels reports through to the board and are all responsible to it, so the fourth line of defence in a sense is the board but in caforilus it is the Board the Director of marketing and sales was corrupt and made a fraud so knowingly or unknowingly all three lines of defence failed to report the fraud. Firstly we will look at the Cause, Event and Effect. The Cause to the fraud was poor process, system, people, Technology. Event was internal fraud and Effect was scam of  £8 million, Jail to the sales and marketing Director, loss of reputation, effect on staff moral, possible fine by FSA, loss of shareholder wealth. There were plenty of indicators to the fraud at caforilus but everyone turned a blind eye. There were plenty of internal control failures which allowed the fraud to occur. People:- The internal fraud was created by the director of the sales and marketing mark Hughes, who created a miscellaneous account and solely authorised all the transactions. Helen Northcroft realised the fraud but due to the lack of training or knowledge wasnt sure of what action to take or who she should report to. HR department as the report doesnt say if there were any checks made on Mark Hughes before employing. Chief Internal Auditor Keith Garret, didnt took any action and just ignored to Helens suspicions. Kelly Feingold who worked in operational risk department wasnt sure about what action to take and thought Steve (Operational Risk Director) is a good friend of Mark so wouldnt take action so she did not reported but got James Bellamy from the fraud Department to look into. Finally James Bellamy got control of the situation and exposed Marks fraud. Process:- There were no internal audit checks carried out, even if there was audit then the audit team failed to pick up the fraud which was occurring. There was no oversight of invoices, all invoices were approved by the director of the sales and marketing, and were not back checked by the finance department. Top management had concentration of power, so for decision making no other department managers were consulted. Few invoice were raised for same amount under different company names for same date but yet not been noticed by the finance department. Daily transaction reports were not been produced in organisation, so no past records could be checked. Authorisation of payment was only by one person i.e. the marketing and sales director. Technology Caforilus did not had proper technology to prevent fraud, eg. Same amounts, same date, same services, invoices were paid, if caforilus had proper technology then the fraud would have detected at the very first. Environment Poor risk control culture as no one, apart from Helen or James took initiative to investigate the fraud. The culture was developed that everyone turned on blind eye, it could be said that directly or indirectly many other people were involved but all turned on blind eye to marks seniority. A culture was developed that director was a problem solver, a good guy, giving out freebies, get things done, so no one was ready to believe that such a person could create fraud. Staff member felt pressure and felt threatened to be fired if challenged somebody. There are plenty of loopholes into the system of caforilus which led fraud to occur, some recommendation that could be given to prevent the fraud to occur in future are. Training and Development:- It is very important in a firm that relevant training is given to each member to do their work efficiently. In caforilus we could say company lacked of training and development as the head of marketing and sales wasnt sure of who to report to about the fraud, when she came to know about the fraud she would have taken the step and could have had directly contacted the external company to check the invoice and the fraud could have had caught so more training is required to senior managers to detect fraud and how to solve it. Head of finance department to check the accounts at least once a month so if any fraud occurring could be noticed immediately. No authorisation/signage of cheque by one person two signatures required on any payment and that too both authorised person need to be from different department. So in case of caforius one sign from director of sales marketing then other sign from the head of finance department. Regular Internal Audit to be taken. Audit staff to take independent audit and not to make any judgements on person nature. Audit committee to be independent and any relationships that unduly influence the professional judgement should be avoided. Create a climate of discipline and control which would help to reduce the opportunity of fraud. Oversight of any payment no matter even if authorised by director. Stronger corporate governance structure. No one person decision but should be group involvement. Director to conduct meeting with the head of the department before any contracts been given out, and to update to staff of any decisions taken solely, Director to report to NED. Q2. Discuss why financial institutions are vulnerable to people risks and recommend how Caforilus could reduce its exposure to these risks? Managing people risk plays a very important role in any company. (Blunden T, and Thirwell J, 2010) says, Most operational risks are ultimately the result of people failure whether at strategic, managerial, or operational level. Financial institutions specifically are very vulnerable to people risk we could see this form the events that have occurred in past and which have led many financial institution to collapse for eg. Incident at Barings due to one person Nick Leeson a rouge trader who concealed unauthorised trading activities and made a fraud of $1 billion and led Barings to Bankrupt. (www.erisk.com) Similar fraud have occurred with Daiwa Bank, Natwest, Allied Irish Banks, which have faced huge losses due to people, so for any event and losses or failure ultimately people are going to be the cause unless its any natural cause of god, (Martin. P, 2009) says, there are two causes to operational risk event, one is an act of God and other is the people. People design and maintain processes and system and cause operational risk events by either doing something they should not be doing or not doing something they should be doing. T. Blunden, (2010) says People are essentially honest they do not come to work to defraud or to cause disruption. It is often true but the system which has some loopholes or process that are ineffective, motivate people to do fraud, or even due to lack of training, competence, experience, stress, bereavement, unemployment, health problems etc, many lead to errors and losses. So to overcome from these people risks there are some key controls such as, Training and development, Appraisal and rewards, effective management, openness and transparency, selection, rewards, staff retention, system update, etc, are some controls which could help and reduced people risks. In Caforlius the loss of  £8 million was encountered of people risk. There was one person who created the fraud but there was involvement of many other, who either turned a blind eye or just didnt bother to challenge the director for his fraud. Some recommendations could be given to reduce such a risk in future. There was no culture of openness and transparency in Cafarilus, many knew about the fraud but didnt report due to Marks seniority. So a culture needs to be developed to challenge the fraud and report it either a system to be developed where losses/events could be reported anonymously. Need of effective management structure, an effective system where communication could run freely from up and down, clearity of the roles and responsibilities to individually. Getting friendly with the staff, knowing them, rewarding them, are good sign of motivation but when it obstructs individual from taking professional duties then it could be a risk for the company, so from Caforilus the chief internal auditor director, operation manager, missed to take their professional duties and so such a pattern of bribe should be avoided. Financial companies are vulnerable to risk so training and development plays a key role to avoid risks. In Caforilus we see lack of training and development, head of department to be made aware of what fraud could occur and what action to take to overcome them. Staff appraisal to be conducted quarterly, which would help to know the employees better, openly taking suggestions from the staff, help to know what training could be required to developed and perform the duty better. Q3. Explain the importance of risk culture, critically analyse the risk culture at Caforilus and recommend how this could be improved? Risk culture plays a very important role in any organisation. A favourable culture is essential for the effective management of operational risk. The institute of operational risk, (2010) says a firms organisational culture it values and valued behaviours will under pin the risk culture, the openness, trust, honesty and integrity from a strong risk culture of an organisation. The openness and transparency encourage people to risk reporting, encourage challenging debate at all levels, increases the risk awareness helps to understand the duties motivates people to better do their job. But this culture must come from CEO, senior manager who must motivate and form a relevant culture in organisation, it could be said that culture is strongly influenced by its leadership. Developing and maintaining the right risk culture is highly influential in the effectiveness of the risk management. A favourable culture is essential for the effective management of operational risk. The favourable cul ture develops. High degree of personal responsibility and empowerment to take appropriate risk. It motivates employees to better do their jobs and enhances the organisation performance. It helps to built up staff morale. It develops high level of staff integrity. It develops positive environment where no staff are intimidated on their mistakes. It makes a continuous improvement of organisation where people take challenge and responsibility for being more effective and efficient. It makes aware about the risk. It brings stronger communication throughout the organisation. It brings expertise into organisation. However for a culture to be effective it is important a strong risk culture is embodied by the Boards and senior managers. In caforilus we see a poor culture through the organisation. There was loss of staff morale, weak communication between the departments; duties were not fulfilled by Audit committee or the operational risk department, finance de partment not overseeing the pay outs. Which all lead to a scam of  £8million so its very important that the Boards and senior managers play a positive role and develop a strong risk culture. Some recommendations that could be given are: Making people aware about the risk, educating them about the risk and risk controls. Making people understand about the importance of their duties and how it relates to risk if not fulfilled. Developing stronger controls throughout the organisation and letting people know of what is expected of them. Creating openness and transparency to the organisation which will develops a stronger culture. Provide better understanding of the organisation risk appetite. Segregation of duties and periodically rotation of senior staff so that would give a better understanding throughout the organisational functions to seniors, and even as in case of caforilus it would avoid developing internal contacts for personal benefits. So could be conclu ded that the risk culture at cafotilus wasnt strong so it increased the vulnevability of organisation.