skip to main navigation skip to secondary navigation skip to content
Board of Governors of the Federal Reserve System
skip to content
Board of Governors of the Federal Reserve System

Supervisory Policy and Guidance Topics

Management and Internal Controls Evaluation

Internal control is a process designed to provide reasonable assurance that the institution will achieve the following objectives:  efficient and effective operations, including safeguarding of assets; reliable financial reporting; and compliance with applicable laws and regulations. Internal control consists of five components that are a part of the management process:  control environment, risk assessment, control activities, information and communication, and monitoring activities. The effective functioning of these components, which is brought about by an institutionís board of directors, management, and other personnel, is essential to achieving the internal control objectives.

Directors are placed in a position of trust by the bankís shareholders, and both statutes and common law place responsibility for the affairs of a bank firmly and squarely on the board of directors. The board of directors of a bank should delegate the day-to-day routine of conducting the bankís business to its officers and employees, but the board cannot delegate its responsibility for the consequences of unsound or imprudent policies and practices. (COSO, in the CBEM Manual)
Sections on this page:  

Policy Letters

Audit (Internal and External)

SR 16-11
Supervisory Guidance for Assessing Risk Management at Supervised Institutions with Total Consolidated Assets Less than $50 Billion
SR 16-2
Interagency Advisory on External Audits of Internationally Active U.S. Financial Institutions
SR 13-11
Filing Procedures for Annual Independent Audits and Reports Required Under Federal Deposit Insurance Corporation (FDIC) Rules
SR 13-1 / CA 13-1
Supplemental Policy Statement on the Internal Audit Function and Its Outsourcing
SR 06-4
Interagency Advisory on the Unsafe and Unsound Use of Limitation of Liability Provisions in External Audit Engagement Letters
SR 03-5
Amended Interagency Guidance on the Internal Audit Function and its Outsourcing
SR 01-25 (GEN)
Guidelines for Using External Experts on Examinations, Inspections, and Other Bank Supervision Matters
SR 99-33 (SUP)
Interagency Policy Statement on External Audits of Banks With Less Than $500 Million in Total Assets
SR 96-37 (SUP)
Supervisory Guidance on Required Absences from Sensitive Positions
SR 96-27 (SUP)
Guidance on Addressing Internal Control Weaknesses in U.S. Branches and Agencies of Foreign Banking Organizations through Special Audit Procedures
SR 95-51 (SUP)
Rating the Adequacy of Risk Management Processes and Internal Controls at State Member Banks and Bank Holding Companies
SR 95-34 (SUP)
Sharing of Facilities and Staff by Banking Organizations
SR 94-3
Supervisory Guidance on the Implementation of Section 112 of the FDIC Improvement Act
SR 93-69 (FIS)
Examining Risk Management and Internal Controls for Trading Activities of Banking Organizations
SR 92-28
Interagency Guidance on Coordination and Communication Between External Auditors and Examiners

Corporate Governance and Internal Controls

SR 14-8
Consolidated Recovery Planning for Certain Large Domestic Bank Holding Companies
SR 14-1
Heightened Supervisory Expectations for Recovery and Resolution Preparedness for Certain Large Bank Holding Companies - Supplemental Guidance on Consolidated Supervision Framework for Large Financial Institutions (SR letter 12-17/CA letter 12-14)
SR 13-19 / CA 13-21
Guidance on Managing Outsourcing Risk
SR 11-7
Guidance on Model Risk Management
SR 07-5
Interagency Statement on Sound Practices Concerning Elevated Risk Complex Structured Finance Activities
SR 00-17 (SPE)
Guidance on the Risk Management of Outsourced Technology Services
SR 93-12 (FIS)
Elements of a Sound Conflict of Interest Program

Additional Resources


Manual References

  • Bank Holding Company Supervision Manual
    • Section 4070.1, "Rating the Adequacy of Risk Management Processes and Internal Controls of Bank Holding Companies"
  • Commercial Bank Examination Manual
    • Section 1010.1, "Internal Control and Audit Function, Oversight, and Outsourcing"
    • Section A.1010.1, "Internal Control: Supplement on Internal Auditing"
    • Section 5000.1, "Duties and Responsibilities of Directors"
    • Section 5010.1, "Management Assessment"
    • Section 5017.1, "Internal Control-Procedures, Processes and Systems (Required Absences)"
Last update: June 9, 2016