CMS Case Study

2020-2021 Risk Assessment Summary Citizens Bank and Trust

Audit Area:

Investments

Definition (score range)

Risk Factor

Score

High (21-30)

Moderate (11-20)

Low (0-10)

Rationale

Compliance

Potential violations of high profile regulations with potential fines, legal liability or costly corrective action are possible. Material financial misstatement is possible due to incorrect handling of infrequent, complex transactions or estimates. Critical management decisions may be based on these financial areas. Complex manual or automated systems are new, critical to management

Significant regulatory requirements are evident; however, regulatory expectations are clear, seasoned, and considered routine. Violations if any will be technical in nature. Material financial effect is possible; however, activity is routine and noncomplex and errors would be readily evident in normal operations. Seasoned and complex manual or automated systems are important to management decision making or product delivery; however, collaborating or alternative back-up systems exist. There is no basis for control assessment, or they are thought to be weak. Minor changes since last audit are anticipated this year.

Regulatory requirements are limited to low-profile regulations and law issues that warrant action but have significantly lower levels of risk. Impact on accurate timely financial reporting is minimal. Likelihood of material financial reporting effect is negligible.

Investments are generally subject to a lower level of regulatory requirements as compared to other banking functions.

10

Nature of Transactions

Investments are limited to those permitted by banking regulations and documented in the Bank's Investment Policy. Investment activity is relatively routine, and the Bank's portfolio is considered to be conservative, overall.

13

Nature of Operations

Noncomplex systems and operations are seasoned, with well established back up routines.

Investment activity is performed by and overseen by members of management with experience in this area (Chief Financial Officer and Chairman of the Board). Processes are both automated and manual, and they are performed on a routine basis.

14

decision making, or important to product delivery.

Internal Controls

Controls are nonexistent or known to be weak.

Controls are strong or adequate.

Control activities and monitoring levels within the investment function are well established, and an Investment Policy is in place. The Bank has an Asset and Liability Committee (ALCO) that provides oversight.

10

Changes to systems, processes, or procedures

Major changes since last audit are anticipated this year or not recently reviewed. Management lacks experience or places low priority on internal controls.

No changes since last audit are planned this year.

CRI noted that the Bank was using Mass Mutual for investment, however, in January 2021 Mass Mutual was purchased by Empower. Great Western operates as Empower. No significant changes have been made to the Bank's investment function since the prior year, nor are there any significant changes that are scheduled to be made in the current year. Members of management have achieved their positions within the Bank because of their level of knowledge, demonstrated skills, and experience within the banking industry as well as with investment activities. A strong emphasis is placed on maintaining a sound control environment.

8

Management

Management has average experience.

Management is experienced and has high priority on controls.

10

65

Risk Score

- 22 -