Primary Risks

A credit union's board of directors and senior management design and implement internal controls to mitigate risk. Insufficient internal controls may increase a credit union’s exposure in all seven risk areas.

Internal controls over operations can mitigate risk exposure. The following table outlines activities, representative internal controls, and the risk areas those controls mitigate.

Activities

Internal Control Examples

(not all-inclusive)

 Mitigated Risk Exposure
Accounting/general ledger Reconciliations, annual audit, segregation of duties

  • Transaction

  • Compliance

  • Strategic

  • Reputation

ACH transactions Access restrictions, dual controls, reconciliations, proper authorizations, segregation of duties for sending, receiving, and approving files, review of ACH reports for anomalies

  • Transaction

  • Compliance

  • Strategic

  • Reputation

Cash Count of drawers and vault, reconciliations, dual control

  • Transaction

  • Strategic

  • Reputation

  • Liquidity

Cash-like instruments Reconciliations, inventory management, restriction of access, dual controls

  • Transaction

  • Compliance

  • Reputation

  • Strategic

Corporate credit cards Policy mandated authorizations, review of activity

  • Transaction

  • Reputation

  • Compliance

  • Strategic

Do not mail accounts Obtain member authorization

  • Transaction

  • Reputation

Dormant accounts Send letters to members, review of recent activity, supervisory override to re-activate account

  • Transaction

  • Compliance

  • Reputation

  • Strategic

File maintenance Review of reports by supervisory committee or other internal or external independent party

  • Transaction

  • Credit

  • Reputation

  • Strategic

Insider accounts Review of account activities by supervisory committee, IT controls preventing employees from making transactions on their accounts

  • Reputation

  • Transaction

  • Compliance

  • Credit

  • Strategic

Investments Segregation of duties preventing a single person from performing the entire transaction, proper authorizations, monitoring by supervisory committee, board of directors, or employee not involved with investment purchase process

  • Strategic

  • Interest Rate

  • Liquidity

  • Compliance

  • Transaction

  • Credit

  • Reputation

Loans Proper authorizations, review by supervisory committee, segregation of duties preventing a single person from approving and disbursing a loan

  • Credit

  • Strategic

  • Compliance

  • Transaction

  • Reputation

  • Interest Rate

  • Liquidity

Negative shares Review of reports by supervisory committee or other internal or external independent party

  • Transaction

  • Credit

  • Compliance

  • Strategic

  • Reputation

Wire transfers Access restrictions, dual controls, reconciliations, proper authorizations, segregation of duties preventing a single person from performing the entire transaction

  • Transaction

  • Compliance

  • Strategic

  • Reputation

An insufficient or ineffective internal control environment can negatively impact a credit union’s net worth, earnings, and liquidity. Depending on the materiality, such losses could potentially weaken the financial condition and reputation of the credit union.

Insufficient internal controls could lead to losses stemming from poor recordkeeping, increased expenses (audit expenses), and fraud. If management does not strengthen weak internal controls, the credit union’s future earnings, capital, and long-term viability are at risk.

Last Updated on October 14, 2021