CMS Case Study

C loyd Bank and Trust Risk Assessment Summary 2020-2021

Audit Area

Branch Operations

Definition (score range)

Risk Factor

Score

High (21-30)

Moderate (11-20)

Low (0-10)

Rationale

Regulatory requirements are limited to low-profile regulations and law issues that warrant action but have significantly lower levels of risk.

Significant regulatory requirements are evident; however, regulatory expectations are clear, seasoned, and considered routine. Violations if any will be technical in nature.

Potential violations of high profile regulations with potential fines, legal liability or costly corrective action are possible.

Branches represent the initiation point of most transactions, which are ultimately governed by regulations and the risk of noncompliance is present. For example, the branch is the first to ensure compliance with regulatory matters including the Bank Secrecy Act, the FACT Act, and the USA PATRIOT Act ("Know Your Customer"). The risk is increased by the effect that some branch employees are new to the Bank, and many "front-end" employees (i.e. tellers) may lack a broad range of experience in the banking industry and may be unfamiliar with some areas of compliance. The Compliance Officer has increased training with branch staff by conducting monthly CSR training and quarterly Head Teller training. Those who attend the training are responsible for communicating what they learned at training with their branch staff.

Compliance

16

Because branches represent the point of initiation for most transactions, the risk for a potential material effect on the financial statements is present. Insurance coverage helps to minimize the potential impact of a material loss event.

Impact on accurate timely financial reporting is minimal. Likelihood of material financial reporting effect is negligible.

Material financial effect is possible; however, activity is routine and noncomplex and errors would be readily evident in normal operations.

Material financial misstatement is possible due to incorrect handling of infrequent, complex transactions or estimates. Critical management decisions may be based on these financial areas. Complex manual or automated systems are new, critical to management

Nature of Transactions

13

Noncomplex systems and operations are seasoned, with well established back up routines.

As noted above, the risk for a potential material effect on the financial statements is present. The risk of loss inherent with daily branch operations includes: theft and fraud (both internal and external), increased new account volume and the possibility that employees' lack appropriate knowledge and experience. The Compliance Officer conducts an annual branch audit at each branch that includes a surprise cash count. Most branch audits were completed in 2020 but a few were postponed due to the pandemic. Risks are mitigated by the Bank's branch level internal controls, including a CSR Manual and Teller Procedures Manual. Monitoring of branch activities continues at an increased level, the Bank has a Chief Operations Officer who is responsible for this oversight.

Seasoned and complex manual or automated systems are important to management decision making or product delivery; however, collaborating or alternative back-up systems exist.

Nature of Operations

decision making, or important to product delivery.

15

Controls are nonexistent or known to be weak.

There is no basis for control assessment, or they are thought to be weak. Minor changes since last audit are anticipated this year.

Controls are strong or adequate.

A formal internal control structure has been implemented among the branches and is overseen by the Chief Operations Officer. The most recent internal audit of branches resulted in five findings.

Internal Controls

14

Changes to systems, processes, or procedures

No changes since last audit are planned this year.

The Bank plans to begin construction of a new branch in 2021. Once complete, the existing branch will relocate to the new location. The Bank plans to follow branch closing procedures prior to the move.

Major changes since last audit are anticipated this year or not recently reviewed. Management lacks experience or places low priority on internal controls.

13

Management has average experience.

Management is experienced and has high priority on controls.

Members of management have achieved their positions within the Bank because of their level of knowledge, demonstrated skills, and experience within the banking industry. A strong emphasis is placed on maintaining a sound control environment.

Management

10

81

Risk Score

- 8 -