Supervisory Policy and Guidance Topics
Management and Internal Controls Evaluation
Internal control is a process designed to provide reasonable assurance that the institution will achieve the following objectives: efficient and effective operations, including safeguarding of assets; reliable financial reporting; and compliance with applicable laws and regulations. Internal control consists of five components that are a part of the management process: control environment, risk assessment, control activities, information and communication, and monitoring activities. The effective functioning of these components, which is brought about by an institution’s board of directors, management, and other personnel, is essential to achieving the internal control objectives.
Directors are placed in a position of trust by the bank’s shareholders, and both statutes and common law place responsibility for the affairs of a bank firmly and squarely on the board of directors. The board of directors of a bank should delegate the day-to-day routine of conducting the bank’s business to its officers and employees, but the board cannot delegate its responsibility for the consequences of unsound or imprudent policies and practices. (COSO, in the CBEM Manual)
Policy LettersAudit (Internal and External)
Supervisory Guidance for Assessing Risk Management at Supervised Institutions with Total Consolidated Assets Less than $50 Billion
Interagency Advisory on External Audits of Internationally Active U.S. Financial Institutions
Filing Procedures for Annual Independent Audits and Reports Required Under Federal Deposit Insurance Corporation (FDIC) Rules
Supplemental Policy Statement on the Internal Audit Function and Its Outsourcing
Interagency Advisory on the Unsafe and Unsound Use of Limitation of Liability Provisions in External Audit Engagement Letters
Amended Interagency Guidance on the Internal Audit Function and its Outsourcing
Guidelines for Using External Experts on Examinations, Inspections, and Other Bank Supervision Matters
Interagency Policy Statement on External Audits of Banks With Less Than $500 Million in Total Assets
Supervisory Guidance on Required Absences from Sensitive Positions
Guidance on Addressing Internal Control Weaknesses in U.S. Branches and Agencies of Foreign Banking Organizations through Special Audit Procedures
Rating the Adequacy of Risk Management Processes and Internal Controls at State Member Banks and Bank Holding Companies
Sharing of Facilities and Staff by Banking Organizations
Supervisory Guidance on the Implementation of Section 112 of the FDIC Improvement Act
Examining Risk Management and Internal Controls for Trading Activities of Banking Organizations
Interagency Guidance on Coordination and Communication Between External Auditors and Examiners
Consolidated Recovery Planning for Certain Large Domestic Bank Holding Companies
Heightened Supervisory Expectations for Recovery and Resolution Preparedness for Certain Large Bank Holding Companies - Supplemental Guidance on Consolidated Supervision Framework for Large Financial Institutions (SR letter 12-17/CA letter 12-14)
Guidance on Managing Outsourcing Risk
Guidance on Model Risk Management
Interagency Statement on Sound Practices Concerning Elevated Risk Complex Structured Finance Activities
Guidance on the Risk Management of Outsourced Technology Services
Elements of a Sound Conflict of Interest Program
- FRB Press Release: Federal Reserve Issues Final Guidance on Incentive Compensation
June 21, 2010
- Interagency Rules on Disciplinary Actions Against Accountants and Accounting Firms
- Bank Holding Company Supervision Manual
- Section 4070.1, "Rating the Adequacy of Risk Management Processes and Internal Controls of Bank Holding Companies"
- Commercial Bank Examination Manual
- Section 1010.1, "Internal Control and Audit Function, Oversight, and Outsourcing"
- Section A.1010.1, "Internal Control: Supplement on Internal Auditing"
- Section 5000.1, "Duties and Responsibilities of Directors"
- Section 5010.1, "Management Assessment"
- Section 5017.1, "Internal Control-Procedures, Processes and Systems (Required Absences)"