Risk Management Fundamentals
Risk Management Fundamentals & Definitions
The risk management fundamentals represent the basic conditions which are pivotal for effective risk management. They constitute the basic structure that an MFI should have in place in order to effectively engage in formal risk management.
The relevant risk management fundamentals are defined as follows:
• Institutional Culture – an MFI’s commitment to analyze information in a self-critical manner and “face the facts” to manage and prevent risks, irrespective of its size or complexity.
• Risk Management Governance – risk management governance clearly identifies who is responsible for risk management.
• Internal Control Structure – an effective internal control structure includes well-defined goals and objectives, separation of duties, formalization and dissemination of policies, and ex-post controls.
• Management Information Systems – an effective management information system allows for the generation of accurate and timely information for strategic decision-making.
–
Institutional Culture
Tier 3 Guidelines |
Tier 2 Guidelines |
Tier 1 Guidelines |
Internal transparency: commitment to analyze information in a self-critical manner and “face the facts” | Internal transparency: commitment to analyze information in a self-critical manner and “face the facts” | Internal transparency: commitment to analyze information in a self-critical manner and “face the facts” |
External transparency: commitment not to hide information | External transparency: commitment not to hide information | External transparency: commitment not to hide information, and to publish information |
Management Information System
Tier 3 Guidelines |
Tier 2 Guidelines |
Tier 1 Guidelines |
Management information system capable of generating the information and reports mentioned in the risk categories in an accurate and timely manner | Management information system capable of generating the information and reports mentioned in the risk categories in an accurate and timely manner | Management information system capable of generating the information and reports mentioned in the risk categories in an accurate and timely manner |
Internal Control Structure
Tier 3 Guidelines |
Tier 2 Guidelines |
Tier 1 Guidelines |
Separation of functions: Existence of at least a CEO, a person in charge of finance, a person in charge of credit/business, and a part-time internal audit function. | Separation of functions: Existence of at least a CEO, finance department, credit/business department and internal audit. Clear definition of functions and responsibilities. | Separation of functions: Existence of at least a CEO, finance department, credit/business department, internal audit department and risk management department. Clear definition of functions and responsibilities. |
Formalization and dissemination of policies: Existence of up-to-date credit manuals, financial management manuals and functions manual. | Formalization and dissemination of policies: Existence of up-to-date credit manuals, financial management manuals, functions manual as well as manuals covering other main processes. Manuals disseminated at all levels. | Formalization and dissemination of policies: Existence of up-to-date credit manuals, financial management manuals, functions manual, internal control manuals as well as manuals covering all other processes. Manuals disseminated at all levels. |
Goals and objectives: Business Plan and Operational Plan. Individual goals and objectives for field personnel. Periodic monitoring of fulfillment of institutional and individual goals and objectives. | Goals and objectives: Business Plan and Operational Plan. Individual goals and objectives for field personnel. Systematic monitoring of fulfillment of institutional and individual goals and objectives. | Goals and objectives: Business Plan and Operational Plan by department as well as consolidated. Individual goals and objectives for all personnel. Systematic monitoring of fulfillment of institutional and individual goals and objectives. |
Ex-post controls: Internal audit controls based on annual work plan. Surprise visits to clients and visits to clients. | Ex-post controls: Internal audit controls based on annual work plan. Surprise visits to clients and visits to clients. | Ex-post controls: Internal audit controls based on annual work plan. Surprise visits to clients and visits to clients. |
Risk Management Governance
Tier 3 Guidelines |
Tier 2 Guidelines |
Tier 1 Guidelines |
At least one person in charge (even part time) of risk management | Risk management department | |
Quarterly risk management committee with participation of members of the Board of Directors | Monthly risk management committee with participation of members of the Board of Directors | |
Training of senior management and members of the Board of Directors on risk management | Training plan and dedicated budget for training of senior management and members of the Board of Directors on risk management |
Evaluate
–
–