Pub. 10 2019 Issue 3

Summer 2019 11 West Virginia Banker • Interest Rate, Liquidity, and Price Risk (processing errors related to investment income or repayment assumptions that could lead to unwise investments) We will use interest rate risk (IRR) as an ex- ample. A financial intuition may encounter an issue with the interest rate risk (IRR) if the risk assessments have documented out-of-date assumptions that were used for the interest rate models. The risk assessment may have looked at deposit decay or loan prepayment rates from four years ago, when it should have been updated to a more accurately reflect the current environment, especially given recent changes in interest rates (i.e. inter- est rates go down, borrowers are more likely to refinance a loan or depositors may move their money to something with higher rates). Some other issues with the IRR that have been observed during an in- ternal audit and by regulatory examiners are incomplete IRR policies, inadequate review of data inputs into IRR models by management, not having sufficient doc- umentation/ evidence that IRR is being reviewed properly with the ALCO Com- mittees/Board, etc. The risk assessment process would be the first step in evaluat- ing the entire IRR process and identifying these areas to ensure significant items have been identified, controls assessed and appropriate changes in controls and models considered. As the different type of risk assess- ments are developed, they will allow the financial institution to analyze each potential threat, develop mitigating controls, risk rank each area (risk scoring system), and create an audit cycle. The audit cycle will be developed based on the risk ranking (high, medium, and low). The audit cycle should not be open-ended and should be based on the severity of the risk. An example of an audit cycle follows: 1. Twelve months or less for high-risk areas 2. Twenty-four months or less for medium- risk areas 3. Up to 36 months for low-risk areas. As the different type of risk assessments are developed, they will allow the financial institution to analyze each potential threat, develop mitigating controls, risk rank each area (risk scoring system), and create an audit cycle. Continued on page 12

RkJQdWJsaXNoZXIy OTM0Njg2