skip to main navigation skip to secondary navigation skip to content
Board of Governors of the Federal Reserve System
skip to content
Board of Governors of the Federal Reserve System

Supervisory Policy and Guidance Topics

Management and Internal Controls Evaluation

Internal control is a process designed to provide reasonable assurance that the institution will achieve the following objectives:  efficient and effective operations, including safeguarding of assets; reliable financial reporting; and compliance with applicable laws and regulations. Internal control consists of five components that are a part of the management process:  control environment, risk assessment, control activities, information and communication, and monitoring activities. The effective functioning of these components, which is brought about by an institution’s board of directors, management, and other personnel, is essential to achieving the internal control objectives.

Directors are placed in a position of trust by the bank’s shareholders, and both statutes and common law place responsibility for the affairs of a bank firmly and squarely on the board of directors. The board of directors of a bank should delegate the day-to-day routine of conducting the bank’s business to its officers and employees, but the board cannot delegate its responsibility for the consequences of unsound or imprudent policies and practices. (COSO, in the CBEM Manual)
Sections on this page:
 

Policy Letters

Audit (Internal and External)

SR 13-11
Filing Procedures for Annual Independent Audits and Reports Required Under Federal Deposit Insurance Corporation (FDIC) Rules
SR 13-1 / CA 13-1
Supplemental Policy Statement on the Internal Audit Function and Its Outsourcing
SR 06-4
Interagency Advisory on the Unsafe and Unsound Use of Limitation of Liability Provisions in External Audit Engagement Letters
SR 03-5
Amended Interagency Guidance on the Internal Audit Function and its Outsourcing
SR 01-25 (GEN)
Guidelines for Using External Experts on Examinations, Inspections, and Other Bank Supervision Matters
SR 99-33 (SUP)
Interagency Policy Statement on External Audits of Banks With Less Than $500 Million in Total Assets
SR 96-37 (SUP)
Supervisory Guidance on Required Absences from Sensitive Positions
SR 96-27 (SUP)
Guidance on Addressing Internal Control Weaknesses in U.S. Branches and Agencies of Foreign Banking Organizations through Special Audit Procedures
SR 96-21 (SUP)
FDIC Final Rule Regarding "Golden Parachutes" and Indemnification Payments
SR 96-4 (SUP)
FDIC Amendment to Annual Audit and Reporting Requirements (Part 363)
SR 95-51 (SUP)
Rating the Adequacy of Risk Management Processes and Internal Controls at State Member Banks and Bank Holding Companies
SR 95-34 (SUP)
Sharing of Facilities and Staff by Banking Organizations
SR 94-3
Supervisory Guidance on the Implementation of Section 112 of the FDIC Improvement Act
SR 93-69 (FIS)
Examining Risk Management and Internal Controls for Trading Activities of Banking Organizations
SR 92-28
Interagency Guidance on Coordination and Communication Between External Auditors and Examiners

Corporate Governance and Internal Controls

SR 11-7
Guidance on Model Risk Management
SR 07-5
Interagency Statement on Sound Practices Concerning Elevated Risk Complex Structured Finance Activities
SR 02-20
The Sarbanes-Oxley Act of 2002
SR 00-17 (SPE)
Guidance on the Risk Management of Outsourced Technology Services
SR 93-12 (FIS)
Elements of a Sound Conflict of Interest Program
 

Additional Resources

 

Manual References

  • Bank Holding Company Supervision Manual
    • Section 4070.1, "Rating the Adequacy of Risk Management Processes and Internal Controls of Bank Holding Companies"
  • Commercial Bank Examination Manual
    • Section 1010.1, "Internal Control and Audit Function, Oversight, and Outsourcing"
    • Section A.1010.1, "Internal Control: Supplement on Internal Auditing"
    • Section 5000.1, "Duties and Responsibilities of Directors"
    • Section 5010.1, "Management Assessment"
    • Section 5017.1, "Internal Control-Procedures, Processes and Systems (Required Absences)"
Last update: May 20, 2013