Risk Control and Reporting

Examiners assess the adequacy of the credit union’s risk control and reporting processes.

Prerequisites

• Determine the risk governance framework

• Assess the risk management, assessment, and measurement processes

People to Interview

• Leadership involved in policymaking

• Head(s) of Risk Management and/or Internal Audit Departments, if applicable

• Audit Committee Chairperson, if applicable

• Supervisory Committee Chairperson, if applicable

• Board of Directors, if warranted

Documents to Review

• Risk management policies and procedures

• Relevant training records

• Risk governance reporting

• Tracking documents for exceptions and outliers

Questions to Consider

• Does the credit union have a process to identify and track forward-looking key-risk indicators as opposed to reliance on historical performance?

• Has the credit union established risk control processes and strategies in each significant risk area? Are controls documented in the form of policies, procedures, standards, and/or guidelines?

• Is each department or business unit manager trained in risk management?

• Has the board of directors established reporting requirements for the risk management functions and/or department? Is risk reporting made to the CEO and board of directors independent of the business unit performance reports?

• Has the board of directors established ongoing monitoring of the credit union’s material risks for the risk management function and/or department to manage?

• For exception or outliers, what follow-up action does the credit union take to investigate and to correct the situation? What process is used for ongoing enhanced monitoring or due diligence for high-risk departments or activities? Does this process demonstrate that the risk management function maintains similar stature on the leadership team, and with the board of directors, to the other business unit functions?

Last updated on August 23, 2022.