1. GENERAL INTRODUCTION:
Unity Co-operative Society (UNICS) was created on the 15th of February 2000 by a resolution of a
constituent general meeting, with the goal to create added value to the Cameroonian economy. The
creation of UNICS is backed by law No 92/006 of 14 August 1992 relating to the Co-operative Societies
and Common Initiative Groups and by its degree of implementation No 92/455/PM of 23rd November
1992.UNICS is accredited to COBAC (D2002/48 OF 27/11/2002).
UNICS has as mission to co-operate and solve future economic problems through present day
decisions and actions.
UNICS’s primary objectives include; alleviation of poverty and unemployment through the creation of
wealth and financing of micro projects, provide efficient and rapid financial services to society through
the medium of her dynamic staff.
After 8 years of hard work and dedication, UNICS now boasts of 9 branches. These include;
1. Yaounde Marche Central,
2. Yaounde BiyemAssi,
3. Douala Deido,
4. Douala Bonaberi,
5. Buea,
6. Bamenda,
7. Kribi,
8. Limbe and
9. Bafut branches.
UNICS also has correspondent branches abroad in the UK and in the USA
For 8 years (15/01/2000-31/12/2008) UNICS operated as a category I microfinance institution. Under
this category her activities were limited to those of a co-operative. She was considered a non profit
making entity composed of members.
As of 1st January 2009, UNICS becomes a category II microfinance institution and also moves from
UNICS to UNICS PLC (UNITY CO-OPERATIVE SOCIETY PUBLIC LIMITED COMPANY).
The 28th of March 2009 marked an important step in the growth and development of UNICS. On this
UNIC’s status of a category II microfinance institution was approved by the General Assembly which
was held in Bamenda.She now has the status of a profit making institution. She is now subjected to
greater government scrutiny (She is now liable to value added tax (VAT)).
The micro-finance sector in Cameroon is steadily growing. The sector has about 520,000 customers.
(www.allafrica.com). UNICS has a customer portfolio of over 20 000 customers (THE LENDER.1st
edition) as at 31st December 2008.This means that UNICS PLC has a microfinance market share of
about 4% in Cameroon.
1
2. PART ONE
PRACTICAL TRAINING EXPERIENCE AT VARIOUS SERVICES
Chapter 1
SERVICES AND ACTIVITIES
(a) INTRODUCTION
I was recruited into UNICS PLC on the 2nd of February 2002.I had a probation period of three months. It
was carried out in two phases: the Orientation Phase at Head Office/Yaounde Marche Central Branch
and Technical Phase at the UNICS Kribi branch (as internal control trainee). During this probation
period, I had the opportunity to visit all the services indicated below.It is worth noting that the branch is
the microcosm of the general organization of UNICS PLC. It is the commercial center of organization.
(b) PRACTICAL EXPERIENCE ACQUIRED THROUGH SERVICES.
(1)
SERVICE/ OBSERVATIONS RECOMMANDATION
ACTIVITIES
Accounting
Inconsistent filling Every personnel must be trained to keep archive
Collects, records, and Ensure weekly check on archives.
analyses and documentation Employees who fail to classify their documents should be
reports financial sanctioned.
statements of Access to
affairs of UNICS documents not Each service must have a register to record movement of
PLC restricted
Insufficient filing archives and those responsible
space
(2)
SERVICE/ OBSERVATIONS RECOMMANDATION
ACTIVITIES
Internal Control and audit
Provide assurance to management about ; Inadequate Internal controllers should be given
-Effectiveness of operations training adequate training and should
-Economical and effective use of resources acquire enough experience in other
-Reliability of financial reporting Lack of a to be able to do their work
-Compliance with policies, procedures, and complete internal effectively.
regulations, control audit
-Safeguarding of assets manual An efficient an effective standard
-Integrity, reliability of information, accounts audit and internal control system
and data should be put in place.(pages 8,12 )
- Fraud, irregularity or corruption
- risk management
2
3. (3)
SERVICE/ OBSERVATIONS RECOMMANDATION
ACTIVITIES
Banking operations,
Customer service
and tellers
Chronos are not filed Ensure rearrangement of chronos in a chronological
Receive, direct in a serial order.
order.
orientate and serve
clients at different Not all accounts have The customer service should endeavor to produce a
levels. pictures and list of all clients who haven’t got their pictures or
signatures attributed signature in their accounts.
to them. Staff working especially at the front office needs to be
given regular training on customer relationship.
(4)
SERVICE/ OBSERVATIONS RECOMMANDATION
ACTIVITIES
Credit and
Recovery,
The entire Growing A clear plan for follow up of the client is very essential to ensure
management delinquency rate. timely repayment.
and recovery
of loans. Increase debits in Ensure solid agreements exist between UNICS and her
clients accounts. counterparties.Fixed assets are ideal as collaterals.
A follow up of the strict implementation of the new credit policy
should be put in place.
(5)
SERVICE/ OBSERVATIONS RECOMMANDATION
ACTIVITIES
Local and International
Operations
, Absence of updated account history with International transfer
For local(speedy the Bank of America, this implies that there transactions should have a
cash)and international is little or no control to approved deposits formal procedure.
money transfers made in BOA for payout here in Cameroon.
Recent crackdown of fraud of the 1st of
April 2009 which included the depositing of
fraudulent electronic cheques against the
UNICS account of HSBC in London.
3
4. (6)
SERVICE/ OBSERVATIONS RECOMMANDATION
ACTIVITIES
General
. .
Shortages reported by tellers Electronic banking seems to be the final word. The
may just be another means to use of automatic teller machines can effectively solve
obtain a fast overdraft as the this problem or,
final punishment is an Shortages or overages reported by tellers should be
well investigated before sanctions are given to them.
obvious debit into their
account.
The speedy cash network is very
The system should be coded such that it can be
exposed. An employee who has
opened only on a particular computer in the office as
the password to the website can
it is done for Western Union.
seat at any cyber cafe
completely out of the office and
effect a transfer or payment.
Inadequate protection of UNICS should consider the desire for customer
employee and client information. privacy and data security (bank secrecy), as well as
the legislative and cultural norms. Some customers
prefer assurances that their data will not be shared
with third parties without their prior consent and that
safeguards are in place to prevent illegal access by
third parties.
UNICS should ensure all employees are given a
copy of the company’s data protection policy.
Collectors may be existing as The risk may be minimized by recruiting only female
“ghost banks” bearing UNICS collectors.
PLC’s name (that is collecting
cash from clients and taking Figures without clients signatures should not be
custody of the sums). posted into the system and collectors must make
Also it has been noticed that sure the clients sign against their deposits
clients hardly sign against
amounts deposited with Collectors should be given proper training on the
collectors and therefore a risk products they market and the risk involved.
exist that collectors may alter
figures in their registers or
.
clients may claim inflated
amounts.
Collectors are untrained and can They (collectors) should also be trained on how to fill
hardly market the products in figures involving overdrafts in the booklets of client.
question.
Constant electricity disruption Generators be made available to branches
during working hours.
4
5. PART TWO
EXAMINE THE FUNCTIONING OF A STANDARD AUDIT AND CONTROL
SYSTEMS IN A MICROFINANCE INSTITUTION
(Case Study: UNICS PLC)
Chapter 2
OVERVIEW OF SUBJECT MATTER
(a) INTRODUCTION:
This study is shaped to help UNICS improve the quality of internal audit and controls and her risk
management processes. It focuses on problem prevention (preventive control) and early problem
identification (detective control). The study provides guidelines for establishing operational activities
that will assist UNICS in identifying vulnerabilities, designing and implementing controls; monitoring the
effectiveness of controls. It also highlights problem resolution (corrective control) as a means for risk
management.
More generally, objectives, budgets, plans and other expectations are bases for control and audit. By
setting objectives, management can then identify the risks involved in achieving these objectives. To
address these risks, management may implement specific internal controls. The effectiveness of
internal control can then be measured by how well the objectives were achieved and how effectively the
risks were managed.
One of the primary objectives of internal auditing in relation to corporate governance is helping the
Audit Committee of the Board of Directors (or equivalent) perform its responsibilities effectively. This
may include reporting critical internal control problems, informing the Committee privately on the
capabilities of key managers, suggesting questions or topics for the Audit Committee's meeting
agendas, and coordinating carefully with the external auditor and management to ensure that objective
setting is considered a precondition to internal control.
(b) DEFINITIONS
Audit: The general definition of an audit is an evaluation of a person, organization, system, process,
project or product. Audits are performed to ascertain the validity and reliability of information; also to
provide an assessment of a system's internal control. The goal of an audit is to express an opinion on
the person/organization/system (etc) in question, under evaluation based on work done on a test basis.
Those who perform audits are called auditors (www.google.com).
Control: A control is any action taken by the Board, Management and other parties to manage risk and
increase the likelihood that established objectives and goals will be achieved. Management plans,
organizes, and directs the performance of sufficient actions to provide reasonable assurance that
objectives and goals will be achieved (www.google.com).
Microfinance institutions: refers to the provision of financial services to poor or low-income clients,
including consumers and the self-employed. The term also refers to the practice of sustainably
delivering those services (www.google.com).
5
6. Internal audit and internal control
Although internal control and internal audit are closely related, they are distinct from each other.
Internal control is defined as a process affected by an organization's structure, work and authority
flows, people and management information systems, designed to help the organization accomplish
specific goals or objectives. It is a means by which an organization's resources are directed, monitored,
and measured. It plays an important role in preventing and detecting fraud and protecting the
organization's resources, both physical (e.g. property) and intangible (e.g., reputation or intellectual
property such as trademarks).
Internal audit: An independent appraisal service to management that measures and evaluates the
effectiveness and efficiency of internal control system .It uses and investigative/detective approach.
However, internal auditors are not responsible for the execution of company activities, they advise
management and the Board of Directors (or similar oversight body) regarding how to better execute
their responsibilities.
(c) THE ROLE OF EXTERNAL AUDIT.
• It should not be a part of the internal control process.
• It should provide independent external comment on the standard, quality and coverage of
internal audit.
• It should not duplicate the internal audit work except grounds for concern.
• Should examine and comment on both internal audit and internal control quality.
6
7. Chapter 3
INTERNAL CONTROL STRUCTURE
(a) INTRODUCTION
Effective internal controls and standard audits are the foundation of safe and sound banking systems.
The purpose of internal controls is not to entrap employees; rather, good internal controls provide a
working environment in which good employees are not tempted to do something they would not
ordinarily do. The formality of internal control system will depend largely on an institutions size, the
complexity of operations and its risk profile.
However fraud and embezzlement schemes are not solely a problem of larger institutions. In fact, the
very size of small microfinance institutions creates opportunities for a weak internal control structure
and fraud. Therefore the Board and Management of UNICS PLC should work within her scope to
develop methods that will safeguard the institutions resources and clients' accounts and reduce the
opportunity for fraud.
A proposed internal control flow chart for UNICS PLC is presented below. (Figure 1)
7
8. Figure 1: Proposed Internal Control Flow Chart for UNICS Plc
Elements of
Management Control
System
BOD and Management
Control
Environment External auditors and
regulators
Internal and External
Risk
Assessment
Controllable and Uncontrollable
Control
Activities
Approval and Authorization
Segregation of duties
Physical Controls
Information Processing
Obligatory Vacation for Staff
Accounting, Information
and Communication
Monitoring
8
9. (b) CHARACTERISTICS OF INTERNAL CONTROL/OBSERVATIONS /RECOMMENDATIONS
Control environment
Reflects the Board of Directors and Management’s commitment to internal control. This provides
discipline and structure to the internal system. Management is accountable to the Board of Directors,
which provides governance, guidance and oversight.
The Board of Directors should:
1. Periodically discuss the internal control systems effectiveness with management,
2. Review internal control evaluation conducted by management and auditors,
3. Monitor management action on auditor recommendations,
4. Review the institutions strategies and risk limits.
5. Ensure that Management properly considers the risks and control issues associated with
emerging technologies and also embrace electronic banking.
The Board may delegate some of these duties and responsibilities to an Audit Committee or a risk
committee.
The General Manager of UNICS PLC has overall responsibility for designing and implementing
effective internal control. More than any other individual, the General Manager sets the "tone at the top"
that affects integrity and ethics and other factors of a positive control environment. Virtually all
employees produce information used in the internal control system or take other actions needed to
effect control.
Elements of a control environment
• Organizational structure of the UNICS PLC
• Management philosophy and operating style (All business strategies should be formal )
• The integrity, ethics and competence of personnel should be taken seriously into consideration.
• External influences that affect the institution’s operations and its risk management for example
independent audits should be taken into account.
The effectiveness of human resource, policies and procedures should be reviewed on regular basis.
However, whether UNICS PLC achieves operational and strategic objectives may depend on factors
outside the enterprise, such as competition or technological innovation.
Risk assessment
This involves identification, measurement and analysis of risk (internal and external, controllable and
uncontrollable) at individual business levels and for the institution as a whole. The Management of
UNICS should assess all risks facing the institution because uncontrollable risk taking can prevent the
institution from reaching its objectives or can jeopardize operations.
Control activities
These are policies, procedures and practices established to help ensure that bank personnel carry out
Board and Management directives at all business levels of the institution.
I therefore propose that;
• Only approved and authorised transactions and activities should be executed and violators
should be given due punishment.
• Duties should be segregated and rotated to reduce a person’s opportunity to commit and
conceal fraud or errors (for example assets should not be in the custody of the person who
procures, authorizes and records it)
9
10. • Physical safeguards for assess to and the use of assets and records should be improved. (For
example UNICS should secure facilities and control access to computer programmes and data
files.) .The use of cameras to protect property is recommended.
• Independent checks should be conducted on whether jobs are getting done and records
accurate. Control over information whether automatic or manual should be adequate to ensure
the integrity of management information systems, books and records.
• UNICS employees should enter pertinent information into the processing systems in a timely
manner ,A significant deficiency in a control system is a deficiency in risk management (for
example the failure to process transaction in an accurate, thorough and timely manner which is
a failure of internal control ,exposes the system to potential loses)
• There should exist a requirement that officers and employees in sensitive positions be absent
for two consecutive weeks each year. This will eliminate the risk of fraud due to a continues and
uninterrupted presence.
Accounting, information and communication systems
This captures and imparts pertinent and timely information in a form that enables the Board,
Management and employees to carry out their responsibilities. This includes accounting systems
(methods and records that identify, assemble, analyze, classify, records and report an institution’s
transactions). Information and communication systems (enable all personnel to understand their roles
in the control system, how their roles relate to others and their accountability). These systems of
information are very important as they produce reports on operations, finance and compliance that
enable Management and Board to run the institution. It also provides information to external parties
such as regulators, shareholders and customers. It is important to note that Management Information
Systems are distinct from regular information systems in that they are used to analyze other information
systems applied in operational activities in the organization.
Self assessment
This will involve UNICS’s own oversight of the control system performance. These are evaluation of
departmental or operational controls by persons within the area. All UNICS personnel should share
responsibility for self assessment or monitoring. Also, all personnel should be responsible for
communicating upward problems in operations, noncompliance with the code of conduct, or other
policy violations or illegal actions. Internal control must be consistently applied and well understood by
bank staff if board and management policies are to be effectively implemented.
However effective and well designed internal control systems are still subject to execution risk. In other
words, most control systems are executed by human beings whom even if well trained and with the
best of intentions can still be subjected to distraction, carelessness, tiredness, or confusion
10
11. Chapter 4
STRUCTURING OF A STANDARD AUDIT
(a) INTRODUCTION
Internal audit is going through a significant period of development and change in UNICS which provides
a number of opportunities and challenges. Corporate governance development in general has provided
much focus on the rule of internal audit and internal auditors/controllers need to demonstrate the right
skills, knowledge and understanding of the organizations system of internal control. An organization's
internal control structure is at the heart of its processes and controls. The Audit Committee or its
equivalent, with its responsibility of evaluating the efficiency of the organization's internal control
service, needs to understand the concepts of internal control in order to be effective and efficient.
Internal audit is vital in assessing, reporting and proposing solutions to management about the
effectiveness and efficiency of internal control systems.
(b) INTERNAL AUDIT STRUCTURE
There are two possible structures:
- A Centralized System where all auditors are stationed at head office and only go down to the field on
regular basis for control and
-A decentralized system where controllers are stationed at the branches or subsidiaries, perform audits
and report to a central controller.
It is important to emphasise that internal control and internal audit are related but are different from
each other.UNICS PLC uses the name internal controller to refer to internal auditors.
My proposal is that the name internal controller should be changed and should be called internal
auditor so that the functions of internal control and internal audit can be well understood.
.A proposed internal and decentralized audit organizational structure for UNICS PLC is as indicated
below. Figure 2.(also see reporting structure).
11
12. Figure 2:Proposed Decentralised Internal Audit Structure for UNICS Plc
Board of Directors Internal Audit
Committee
Chairman of the
Board of Directors
Vice Chairman of
the Board of
Directors
National Internal
Auditor
Internal Auditor Internal Auditor Internal Auditor
Reporting System
Board of Directors Internal Audit
Committee
Chairman of the Chairman of the
Board of Directors Internal Audit
Committee (Chairman
Vice Chairman of of the Board of
the Board of Directors)
Directors e
National Internal
Auditor
Internal Auditor Internal Auditor Internal Auditor
12
13. A developing best practice will be for the internal auditors who should be at the level of the UNICS PLC
branches to report directly to the National Internal Auditor who should be stationed at the Hea
Office. The National Internal Auditor should report to the Audit Committee through the chairman of
this committee who should be the chairman of the Board of Directors. In such cases, the comm
ttee should have a means to evaluate the performanc
Internal audits should be designed as an integrated process, independent from other business
operations, for evaluating the extent to which internal control achieves its objectives in key areas,
including appropriate risk management, efficient and effective business operations, reliable financial
reporting and compliance with laws, regulations and internal rules. It should offer advice and remedial
recommendations in connection with any problems that may be identified. Through this process,
internal audits will assist the Boards of Directors of UNICS PLC to fulfill their managerial duties
efficiently and effectively.
The internal Audit Committee should determine all important matters concerning internal audits. The
committee should be chaired by the chairman of the board of directors. The internal Audit Committee
should be able to monitor and manage internal audits at all UNICS PLC branches through internal audit
reports prepared by internal auditors and submitted to the National Internal Auditor. These decisions
together with the results of their examination of the internal audit reports are sent to the Board of
Directors.
(c) ROLE OF THE AUDIT COMMITTEE.
Since the occurrence of significant frauds can frequently be attributed to an override of internal controls,
the Audit Committee plays an important role to ensure that internal controls address the appropriate
risk areas and are functioning as designed. If fraud or irregularities are asserted or discovered, the
Audit Committee, through the internal auditors, should investigate, and, if necessary, request legal
counsel to assert claims on the organization’s behalf. If fraud is discovered, or there is a reasonable
basis to believe that fraud may have occurred, the Audit Committee is responsible for ensuring that an
investigation is undertaken and necessary measures taken.
With a decentralized internal audit system UNICS will benefit as follows;
1. Fraudulent or erroneous transactions may be prevented before they occur because the
internal auditors are present in the field and are monitoring all transactions.
2. Objective assessment of the effectiveness and efficiency of operations is easily
accomplished.
3. Internal auditors at various levels of the institution will use their knowledge to spread good
practices throughout the organization.
4. Management can easily get advice on whether the institution has sound systems of internal
controls and therefore be in an ideal position to protect the organization against loses.
5. May detect mistakes caused by personal distraction, carelessness, fatigue, arrows in
judgment, or unclear instructions in addition to fraud or deliberate non compliance with
policies.
6. Can help UNICS measure performance, make decisions, evaluate processes and limit risk.
13
14. Chapter 5
CATEGORIES OF FRAUD
(a)INTRODUCTION
An understanding of fraud is essential for the Audit Committee to carry out its responsibilities. The Audit
Committee also needs to be aware of the fact that, fraud affecting the organization often falls within one
of three categories:
• Management fraud, which involves senior management’s intentional misrepresentation of
financial statements, or theft or improper use of company resources.
• Employee fraud, which involves nonsenior employee theft or improper use of company
resources.
• External fraud, which involves theft or improper use of resources by people who are neither
management nor employees of the firm.
This categorization of fraud is useful, but not absolute. This is because middle management employees
may intentionally misrepresent financial statement transactions, for example, to improve their apparent
performance, or outside individuals may collude with company management or employees.
It is proposed that internal audit staff be experienced and trained in fraud prevention and deterrence.
With such training internal auditors can serve a vital role in aiding in fraud prevention and deterrence.
This will help to provide assurance that
• Risks are effectively identified and monitored;
• Organizational processes are effectively controlled and tested periodically; and
• Appropriate follow-up action is taken to address control weaknesses. The Audit Committee
needs to ensure that internal auditors are carrying out their responsibilities in connection with
potential fraud.
(b) INTERNAL CONTROL AND FRAUD PREVENTION. (WHAT COULD BE DONE TO AVOID FRAUD AND
EMBEZZLEMENT IN UNICS)
(1)
AVENUE POSSIBLE FRAUD RECOMMENDATIONS
This is one of the most A supervisor may regularly review a sample of all new
important symptoms of loans issued and determine whether required
fraud. Inaccurate or documentations are present, and if not, confirm missing
incomplete records are information with third parties.
Missing often used to hide fraud.
documentatio Make sure loan documentation is complete: guarantee
n Fictitious loans could be titles, insurance, charges deducted. Be aware of
made in the name of counterfeit collateral.
former borrowers.
This way UNICS can also identify fraudulent practices by
loan officers or non adherence to new policies before
they are replicated on a wide scale.
14
15. (2)
AVENUE POSSIBLE FRAUD RECOMMENDATIONS
MIS officers or managers or MIS reports should contain proper
Resistance to some employees may be information for review by management for
improve the resisting efforts to modify or internal control purposes.
Management improve the MIS. There
Information are“ghosts and skeletons” Management should regularly review MIS
System(MIS) by the which they do not want to reports and consider possible modifications
management or bring out. or improvements.
some employees
(3)
AVENUE POSSIBLE FRAUD RECOMMENDATIONS
I would say that the second most General ledger suspense accounts or
frequent category of frauds (fictitious transit accounts should be reconciled
Existence of loans being first) are done using general and checked weekly by an internal
transit or ledger suspense accounts or transit controller.
suspense accounts.
accounts
General ledger suspense accounts
generally are used to temporarily "store"
a transaction until all necessary
information is available, but can also be
used to hide an unauthorized transaction.
(4)
Embezzlements usually require the Policies that require managers and
AVENUE POSSIBLE FRAUD RECOMMENDATIONS
Lack of embezzler's ongoing attention. employees to take at least one and
mandatory preferably two weeks' vacation (not a day
vacation policy here and there) reduce the risk of
embezzlements.
(5)
AVENUE POSSIBLE FRAUD RECOMMENDATIONS
Combination of duties may allow a Therefore total Segregation of duties is highly
manager or supervisor to approve recommended to be fully applied or improved in
the loans, set them up on the UNICS. No one should have full control of a
Lack of system, issue the checks, and whole process or activity.
segregation then cash them through a teller
of duties. drawer. Make sure that managers and supervisors don’t
(Combination know the tellers’ passwords and make sure the
of duties as a Microfinance institutions with tellers change their passwords regularly.
result of limited staff are often at risk of
inadequate errors, fraud and embezzlement
staff). because the critical work is done
by few people.
(6)
15
16. AVENUE POSSIBLE FRAUD RECOMMENDATIONS
Weak software can be used to A review and evaluation of the MIS by outside
hide fraud. experts can reveal flaws in risk management and
May be the programmers who internal control.
Weak did conceive the software
software received no directions from For example a good application should log and
experts in internal control as to report the user name and event date/time of all
what internal control principles entry and deletion of transactions and also for
or procedures to integrate into creating, editing, and deleting clients, loans, and
the software (for example, schedules of installments.
segregation of duties).
(7)
AVENUE RECOMMENDATIONS
Adequate audit trails should be maintained. Audit trails will enable the tracing of
any given item through the UNICS books.
The internal controller or auditor should pull all loan files him/herself. He/she
Inadequate audit should keep in mind that any person he/she is asking to assist could be a thief.
trails The controller should verify every explanation that an employee offers. In some
cases, the auditor should contact the loan recipient.
Software should also have a thorough audit trail built in.
(8)
AVENUE RECOMMENDATIONS
UNICS can benefit from outside experts to help her set up and make
Absence of improvements to their internal control systems. It is often easier for an impartial
technical third party to identify shortcomings in the internal control system than for
assistance operational staff to objectively evaluate its effectiveness.
(9)
AVENUE RECOMMENDATIONS
UNICS may encourage donor participation given that ;
Donors can facilitate the development of internal control mechanisms by providing funds
for the initial risk assessment and implementation of internal controls.
Absence They may require UNICS to have some type of internal control mechanism, appropriate
of donor to the UNICS’s level of development
rule
They may encourage UNICS to develop an operations manual and to conduct client visits
as part of its regular operations.
In addition, donors can support microfinance in their efforts to test new ways to mitigate
old risks through new products, such as micro insurance, or operational control tools,
such as internal audit software
16
17. Chapter 6
IDENTIFYING AND MANAGING RISK
(a) INTRODUCTION
Surprises may be fatal to UNICS. Risk is inevitable, avoiding risk impossible. Risk management is the
key. The more you know about what you are doing, the less risk you run. If you can define risks, you
can limit them. If business was good yesterday, good today, it is not a guarantee that it will be good
tomorrow. The recent case of bankruptcy by the Lehman brothers on September 15 2008 can clearly
explain this.
Management performs risk assessment activities as part of the ordinary course of business in each of
these categories: strategic planning, marketing planning, capital planning, budgeting, hedging, incentive
payout structure, and internal auditors are typically part of the project team in an advisory role.
(b) VARIOUS RISKS FACED BY UNICS PLC/RECOMMENDATIONS
• Credit risk: This is the risk that the borrower will be unable or unwilling to pay back the loan.
-Solid agreements should exist between UNICS PLC and her borrowers.
• Counterparty risk: The risk that a party to a contract will be unable or unwilling to uphold their
obligations (co-maker or co-signer).
-Solid agreements should exist between UNICS and her counterparties.
• Asset price risk: The risk that assets will depreciate in value, resulting in financial losses, for
example those held as securities of collaterals for loans.
-The long term effect on assets held as collaterals should be well evaluated.
• Capital risk: A common concern with any investment is that you may lose the money you
invest (your capital).
-UNICS should implement a system of effective planning and objective setting in order to minimise
loses.
• Financial risk: UNICS shareholders bear an additional risk when UNICS uses debt in addition
to equity financing. Companies that issue more debt instruments would have higher financial
risk than companies financed mostly or entirely by equity.
-Little or no dependency on debt financing will eliminate the risk.
• Operational risk: The risk arising from execution of all UNICS's business functions. These
involve;
1. Fraud (internal or external).
2. Clients, products, and business practice -market manipulation, antitrust and improper
trade.
17
18. 3. Damage to physical assets - natural disasters, terrorism and vandalism.
4. Business disruption and systems failures - utility disruptions, software and/or hardware
failures.
5. Execution, delivery, and process management - data entry errors, accounting errors,
failed mandatory reporting and negligence.
To reduce operational risk adequate and flexible systems must be put in place;
-Only valid or authorized transactions are processed.
-Transactions occurred during the correct period or were processed timely.
-All transactions are completely processed with no omissions.
-Transactions are calculated using an appropriate methodology or are compute accurately.
-Assets represent the rights of the company, and liabilities its obligations, as of a given date.
Components of financial statements (or other reporting) are properly classified (by type or account) and
described.
• Currency risk. Given that UNICS holds foreign currencies and also performs international
transfers which involves exchange between currencies (the US dollar and the British pound),
she runs the risk that currency movements alone may affect the value of the currencies she
holds.
-UNICS should limit the amount of foreign currencies she holds at a given time period.
• Legal risk: (Data protection) UNICS runs the risk that the information she holds may not
comply with the laws and regulations in force. This refers to the personal or client information
UNICS holds and how it processes it.
For example UNICS uses the internet for communication. The passwords to the email address
boxes are not restricted to particular employees or are changed on a regular basis. This means that
an employee who has resigned or is dismissed can still have access to the entire UNICS
information being carried over the internet at anytime anywhere provided there is internet
connection. Confidential information may easily reach unauthorized third parties.
The therefore propose that passwords to UNICS email address boxes should be restricted to
particular employees and should be changed on a monthly basis.
UNICS should also review the security of her IT systems and premises regularly.
• Legal risk: (Health and safety).Threat of accidents and casualties. For example the
cashiers risk falling sick as a result of the continues touching of cash and the inhaling of its
smell.
-The Board must now, therefore, more than ever, embrace their overall responsibilities towards
employee health.
• Technology risk. UNICS runs the risk that key processes that she uses to develop, deliver,
and manage its products, services, support operations, entry, transfer and storage of data may
be lost .The importance of looking at technology risks in the context of UNICS business strategy
is underscored by recent lessons learned from the tragedies of September 11th (While the vast
majority of information systems recovered well and demonstrated the effectiveness of disaster
planning measures, significant gaps in the continuity of key business process were
experienced). By understanding the role that technology plays in supporting various business
18
19. functions, UNICS management is in a better position to determine the relative importance of
these functions and prioritize the systems, applications, and data involved.
-An information classification program can be instrumental in prioritizing data, and the systems and
applications through which it flows. Information classification involves distinguishing classes of data,
or systems, and assigning relative priorities. A basic classification system might incorporate three or
four categories ranging from” highly confidential" to "public" with various degrees in between. Once
categorized, each class of data would be accorded certain treatment. Knowing the classifications
allows bank management to trace the flows of information with an eye to ensuring proper protection
throughout the system. Obviously, one would not want to see "highly confidential" and "public"
information following the same transmission path or stored on the same computer server with only
rudimentary controls. The information classification process will assist UNICS PLC Management in
focusing attention on priority areas first and pinpointing key areas of vulnerability.
• Political risk UNICS PLC faces complications as a result of what are commonly referred to
as political decisions or any political change that alters the expected outcome and value of a
given economic action by changing the probability of achieving business objectives. For
example the recent government circular restricting banks from collecting account holding
charges for deposit accounts.
-UNICS may have a Chief Risk Officer who is charged with managing political risk or, in many
cases, this is the obligation of the Chief Financial Officer.
(c)RISK MANAGEMENT AND BUSINESS CONTINUITY.
Risk management is simply a practice of systematically selecting cost effective approaches for
minimising the effect of unforeseen circumstances to the organization. All risks can never be fully
avoided or mitigated simply because of financial and practical limitations. Therefore all organizations
have to accept some level of residual risks.
The strategies involved in Risk Management include:
1. Transferring the risk to another party,
2. Avoiding the risk,
3. Reducing the negative effect of the risk and,
4. Accepting some or all of the consequences of a particular risk.
• Risk avoidance: Includes not performing an activity that could carry risk. An example would be
not buying a property or business in order not to take on the liability that comes with it.
• Risk reduction: Involves methods that reduce the severity of the loss or the likelihood of the loss
from occurring.
• Risk retention: Involves accepting the loss when it occurs. True self insurance falls in this
category. All risks that are not avoided or transferred are retained by default. War is an example
since most property and risks are not insured against war, so the loss attributed by war is
retained.
• Risk transfer: In the terminology of practitioners and scholars alike, the purchase of an
insurance contract is often described as a "transfer of risk."
19
20. However if risks are improperly assessed and prioritized, time can be wasted in dealing with risk of losses that
are not likely to occur. Spending too much time assessing and managing unlikely risks can divert resources
that could be used more profitably.
GENERAL CONCLUSION.
The lack of effective internal controls is one of the remaining impediments to the development of a
sustainable microfinance industry; microfinance institutions (MFIs), technical assistance providers,
donors, practitioner networks and regulators all have a role in overcoming this obstacle.
The officials of UNICS PLC can study these internal control weaknesses that are common elements of
fraud or embezzlement and make necessary revisions to the UNICS internal controls. The ultimate
tests of the effectiveness of UNICS internal control systems will be time and investor interest.
Unfortunately, UNICS may suffer serious unforeseeable financial loss before discovering the
weaknesses inherent in her internal audit and control systems if she becomes complacent, assuming
that what works well today will work well tomorrow.
Microfinance institutions that proactively apply the principles of risk management and implement an
effective feedback programme will be able to uncover and address risk exposures and succeed the test
of time. MFIs that prove their ability to manage and mitigate risk will be more likely to demonstrate
consistent profits, the primary objective of private investors.
In addition, MFIs that implement effective internal control systems that aid in the risk management
process will be most effective in fulfilling the social mission to provide financial services to low income
sectors over the long-term.
However if internal control system is implemented only to prevent fraud and comply with laws and
regulations, then an important opportunity is missed. The same internal controls can also be used to
systematically improve businesses, particularly in regard to effectiveness and efficiency.
20