Embed Size (px)
DESCRIPTION
Slides for CGAP's training on Operational Risk Management.
Citation preview
Risk Management in MFIsRisk Management in MFIsRisk Management in MFIsRisk Management in MFIs
GoalGoalGoalGoalImprove the quality of risk management in microfinance institutions (MFIs) by:
understanding the importance of an institutional culture of support for strong control systems
assessing and measuring the vulnerability of your own institutions to areas of risk
applying techniques for identifying and mitigating risks
monitoring effectiveness of risk management strategies
RM1-O1
Risk Management Risk Management ObjectivesObjectives
Risk Management Risk Management ObjectivesObjectives Define risk management as it applies specifically to microfinance
Identify risk areas (areas of vulnerability) for MFIs
Educate stakeholders on the importance of risk management strategy to an MFI
Ensure that client protection plays a critical role in prevention and social/operational risk management
Develop internal controls for your MFI in conjunction with stakeholders
Install internal audit in the internal control system for effective monitoring
Ensure that information systems play a critical role in the risk management system
Commission and use external audits effectively
RM1-O2
Categories of Microfinance Categories of Microfinance RisksRisks
Categories of Microfinance Categories of Microfinance RisksRisks
RM2-O1
Social risks
Mission driftNegative impact on clients
Vulnerability of clientsInternal conflicts
Operational risks
CreditFraud
Securityinefficiency
Financial risks
Related to financial sustainability
Asset-liability managementSavings management
Information qualityDependence
External risks
RegulationCompetition
Natural environmentMacroeconomics
Reputational Risk
Reputational Risk
Risk ManagementRisk ManagementA Systematic ApproachA Systematic Approach
Risk ManagementRisk ManagementA Systematic ApproachA Systematic Approach
Identifying,
Measuring,
and
Mitigating
Risks in an MFI
RM2-O2
Control EnvironmentControl EnvironmentControl EnvironmentControl Environment
RM2-O3
External Audit
Risk Management
Internal Control
Internal Audit
Risk Management Process Risk Management Process Feedback LoopFeedback Loop
Risk Management Process Risk Management Process Feedback LoopFeedback Loop
RM2-O4
Adapted from Campion, Anita. 2000. Improving Internal Control: A Practical Guide for Microfinance Institutions. Technical Guide No. 1, MFN/GTZ International. http://www.microfinancegateway.org/content/article/detail/2587.
3. Design policies andprocedures to mitigaterisks
6. Revise policiesand procedures
2. Develop strategiesto measure risk
1. Identify, assess, and prioritize risks
4. Implement and assign responsibility
5. Test effectivenessand evaluate results
Internal ControlsInternal ControlsInternal ControlsInternal Controls
RM2-O5
Preventive
Detective
Corrective
RM3-O1
EVERYONEHas a Role
in
Risk Management
A Mission Statement A Mission Statement A Mission Statement A Mission Statement
RM3-O2
Describes the purpose of the MFI or its reason for existing.
Provides the strategic orientation for the MFI.
Communicates to stakeholders where the MFI is going.
It tells us the MFI’s contribution and commitment to its stakeholders.
WHY? BecauseWHY? BecauseWHY? BecauseWHY? Because
Values
Affect
Operations
RM3-O3
Keys to Effective Risk Keys to Effective Risk Management Management
Keys to Effective Risk Keys to Effective Risk Management Management
Stated mission and core values
Motivated and confident people
Conducive environment
Well defined policies and procedures
Sound methodology
Accountability and transparency
Security
RM3-O4
The MFIThe MFIThe MFIThe MFI
RM4-O1
PEOPLE
Organizational Structure
Mission and Values
Technology Systems, Policies, and Procedures
My MFIMy MFIMy MFIMy MFI
RM4-O2
Board of Directors
General Manager
Human Resource Manager
Operations Manager
Branch Auditor Savings Officer Accountant
Cashiers
Internal AuditorBranch Manager Branch Manager
Bookkeepers
IS Manager
Credit Officer
Finance Manager
Branch Cashier
RM4-O3
Policies – indicate direction
Procedures – tell how to implement andfollow the policies
Effective policies and procedures are
Written
Simple and clear
Available
Understood
Relevant and up-to-date
Implemented
RM4-O4
Ask if the information Ask if the information isis
Ask if the information Ask if the information isis
Relevant
Timely
Accurate
Distributed to the correct people
Accessed by the correct people
Well formatted
Retrievable
Traceable (able to be audited)
RM4-O5
RM4-O6
Business Cycles of an MFIBusiness Cycles of an MFIBusiness Cycles of an MFIBusiness Cycles of an MFI
MFI Credit and Savings Operations Cycle
Procurement Cycle
Treasury and Financing Cycle
RM5-O1
Pillars and Cycles Pillars and Cycles Pillars and Cycles Pillars and Cycles
RM5-O2
Creditand
Savings
Procurement
Treasury
HumanResources
Policiesand
Procedures
Toolsand
Technology
Steps to Identifying Risks and Steps to Identifying Risks and Internal Controls Using the Internal Controls Using the
Cycle ApproachCycle Approach
Steps to Identifying Risks and Steps to Identifying Risks and Internal Controls Using the Internal Controls Using the
Cycle ApproachCycle ApproachClassify transactions, activities, and process by cycle
Identify who is involved in the activities
Identify risk points
Prioritize risks
Establish and implement policies to mitigate risk (internal controls)
RM5-O3
RM5-O4
FRAUDThe risk of loss of earnings or capital
as a result of intentional deceptionby an employee or client*
MFIs most vulnerable to fraud
Weak information and accounting systems Changing systems Late completion of reports Weak internal control system High employee turnover Nonstandardized products and operations Loan officers handling cash High rate of growth
*Adapted from Campion, Anita. 2000. Improving Internal Control: A Practical Guide for Microfinance Institutions. Technical Guide No. 1, MFN/GTZ International. http://www.microfinancegateway.org/content/article/detail/2587.
RM5-O5
Cost versus benefitsAbnormalitiesHuman error
Staff turnoverWorkload volume
Staff irresponsibilityJudgment
Management overrideStaff resistance
CollusionBreakdowns
Obsolete systems
External Audit
RM6-O1
Control EnvironmentControl EnvironmentControl EnvironmentControl Environment
Risk Management
Internal Control
Internal Audit
Internal Audit Internal Audit Internal Audit Internal Audit
An internal audit is a systematic, objective appraisal of the diverse operations and controls within an organization to determine whether
Financial and operating information is accurate and reliable
Risks to the enterprise are identified and minimized
External regulations and acceptable internal policies are followed
Satisfactory operating criteria are met
Resources are used efficiently and economically
Clients are informed of the terms and conditions for the proposed services, and the services are of good quality, offered within the expected time limits and disbursed according to established procedures (specifically in terms of assessment of repayment ability)
The MFI’s goals are actually achieved; in particular, the client profiles are in line with the established goals.
RM6-O2
RM6-O3
Internal AuditInternal Audit External AuditExternal Audit
Conducted by an employee of MFI
Done by an independent contractor
Serves the needs of the MFI Also serves third parties
Focuses on past and future events by evaluating controls to ensure achievement of goals
Focuses on whether statements reflect historical events clearly and accurately
Is directly concerned with preventing fraud
Is incidentally concerned with fraud controls
Source: CGAP Audit Manual, p. 12.
Comparison of Internal Comparison of Internal and External Audits and External Audits
Comparison of Internal Comparison of Internal and External Audits and External Audits
Function of the Internal Function of the Internal AuditorAuditor
Function of the Internal Function of the Internal AuditorAuditor
Acts independently
Reviews transactions in the field
Compares actual procedures withthose documented events
Frequently reports to the board throughwritten reports and presentations
Reports on open items from previousaudits
RM6-O4
Major Areas of Focus of Major Areas of Focus of Internal Audit Internal Audit
Major Areas of Focus of Major Areas of Focus of Internal Audit Internal Audit
Cash
Loan operations
Write-offs
Savings operations
Procurement
Tools and technology
Client protection, social performance
Are policies and proceduresbeing followed?
RM6-O5
Internal Audit Output Internal Audit Output ExampleExample
Internal Audit Output Internal Audit Output ExampleExample
Audit Finding Sheet
RM6-O6
Condition Criteria Cause Impact Recommendation
Interest calculation for loan #101 was short $2/per month.
Interest on this loan should be $10/per month.
The loan officer used an outdated interest rate to make the calculation.
The MFI lost $2 per month over the past three months, for a total loss of $6.
Designated person reminds loan officers that interest rates are updated at the beginning of each month.
Source: Campion, Anita. 2000. Improving Internal Control: A Practical Guide for Microfinance Institutions. Technical Guide No. 1, MFN/GTZ International. http://www.microfinancegateway.org/content/article/ detail/2587.
InternalInternal AuditAudit OutputOutput ExampleExample
Situation Criterion Cause Impact Recommendation
Client complaints about unacceptable loan officer conduct
Reported during client interviews
Lack of ethics code, policies and procedures to define what is acceptable or unacceptable
Client drop out
Bad MFI reputation
Clients under pressure
Management should meet with employees to review MFI core values and rules
A code of conduct should be set up
Procedures should specify progressive collection measures
Employees should receive training on MFI core values, code of conduct, and collection procedures
RM6-O7
Internal Audit Output ExampleInternal Audit Output Example (continued)(continued)Internal Audit Output ExampleInternal Audit Output Example (continued)(continued) Summary Audit Report
RM6-O8
No. Item Recommendation
1 No more than $10,000 cash should be kept at branch, but $16,000 found. Excess funds should be transferred to headquarters.
Branch manager should oversee cash better and excess cash should be deposited immediately.
2 In a visit to the business of loan client #243, it was found that his shop had been closed for two months.
Supervision measures should be Implemented to verify that businesses are still operating at the time a new loan is granted.
Source: Campion, Anita. 2000. Improving Internal Control: A Practical Guide for Microfinance Institutions. Technical Guide No. 1, MFN/GTZ International. http://www.microfinancegateway.org/content/article/ detail/2587.
Summary Audit Report
Item Recommendation
3The MFI requires physical collateral that exceeds the value of the loan by far and is unrealistic for the target population according to its mission statement and operational context.
It should develop voluntary savings accounts that could serve as collateral, rely more on client repayment ability, develop forms of leasing (collateral based on the equipment bought with the loan).
4The procedures manuals stress the importance of clearly explaining the terms and conditions when the loan is granted, but we observed very little communication between loan officers and clients during our audits.
Introductory letters written in the local language should be drafted, which loan officers can read aloud and give to the client.
RM6-O9
External Audit External Audit External Audit External Audit
Benefits
Lends credibility to financial statements and other management reports Ensures accountability of investors’ funds Identifies weaknesses in internal controls and systems
The scope of audits may differ significantly and cannot be limited, and objectives can be added to each audit.
RM7-O1
A formal, independent review of an entity’s financial statements, records, transactions, and operations that is performed to
express an opinion of an MFI’s financial statements
Why have MFI external Why have MFI external audits not delivered audits not delivered
desired results in the past? desired results in the past?
Why have MFI external Why have MFI external audits not delivered audits not delivered
desired results in the past? desired results in the past? Poorly understood audit purpose
Weak information system and internal controls
Minimal compliance with normal standards
Poor credibility of auditors
Management techniques not matched to MFI portfolio risks
Costs
Auditors lack sufficient microfinance experience
BUT external audits can and do deliver!!
RM7-O2
External Audit External Audit PlanPlanning ning External Audit External Audit PlanPlanning ning
1. Appoint a contact person to oversee the audit.
2. Determine the scope of work and type of audit.
3. Prepare Terms of Reference for the audit.
4. Call for proposals.
5. Negotiate fees, schedule, and work plan.
6. Choose an auditor.
RM7-O3
Source: CGAP Audit Manual, pp. 20–23.
Resources and information sources for a social audit
Depth of analysis Links
SPI social audit by Cerise and ProsperA AuditDepends on the method used (internal audit only, internal audit backed up by an external resource, external audit)Focuses on 4 social performance dimensions: Targeting clientsQuality of servicesBenefits to clientsSocial responsibility to employees, clients, the environment
http://www.cerise-microfinance.org
QAT Social Audit by Imp-Act and MFC Audit Audit backed up by external resourceFocuses on the mission, the systems and procedures set up by the MFI
http://www.mfc.org.pl/
The Smart Campaign’s client protection assessment
AuditAssessment and audit on the application of client protection measures in an MFI’s processes, procedures and activities
http://www.smartcampaign.org/page-daccueil
Social rating RatingIf an MFI has no internal auditor, it can request a social rating, which is even more external than an audit. Each rating agency has its own standardized methodology
http://www.ratinginitiative.org
MIX Market social performance reporting
ReportingThis is a framework for reporting, but an MFI can use it as a guide to identify certain standard aspects assessed internationally to measure the social performance of an MFI and to review the core components of a social audit
http://www.themix.org/social-performance/Indicators
SocialSocial AuditAudit ResourcesResources
RM7-O4
Terms of Reference Terms of Reference includes includes
Terms of Reference Terms of Reference includes includes
Objective of the audit
Scope of the audit
Audit report and financial statements
Management letter
Agreed-upon procedures
General issues
Timing of the audit
Cost proposal
Submission of proposals
Oral presentation
RM7-O5
Desired Audit Output Desired Audit Output Desired Audit Output Desired Audit Output
Financial statements
Notes to financial statements
Unqualified opinions
Management letter
Other output as agreed upon
Social audit report, if included
RM7-O6
