Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Microfinance
Risk Mapping tool [Version 2]
[China] 版本2
For any questions on the risk mapping tool, please contact PlaNet Finance China
info@mfchina.cn
Nam...
GENERAL INFORMATION Please enable Macros before you start
risk mapping.
Date : mm/dd/year
Date : mm/dd/year
Orga... Startin...
Date : mm/dd/year
Microfinance Institution
NET RISK MAPPING (1-5)
XX/XX/2014
mm/dd/year
0 mm/dd/year
mm/dd/year
Legend
1 An example in this area, well functioning.
2 The risk management controls in this area are sustainably set up and generally function well.
3 The risk management controls in this area are correctly set up, and could reach a good functioning if improvements are made.
4 There are significant issues to be addressed in the set-up and/or functioning of risk management controls in this area.
5 The organization shows deep weaknesses in this area; the risk management controls in this area are unsustainable.
GROSS RISK MAPPING ( L / M / H )
Legend
Low gross risk
Medium gross risk
High gross risk
GOVERNANCE RISK
Governance risk is the risk of loss due to inadequate governance or a poor governance structure.
A MFI should have strong governance in place to ensure the Board and the management are accountable to the organization and shareholders in fulfilling the organization's mission and protecting the
organization's assets. The Board and the management are ultimately responsible for analyzing risks and ensuring the MFI has robust controls, as well as strong audit and reporting mechanisms, to minimize
vulnerabilities. Thus, the Board and the management should have the proper technical skills and personal attributes to set up a sustainable risk management system.
LIKELIHOOD
mm/dd/year
mm/dd/year
XX/XX/2014
ID REF NO.
SEVERITY
CATEGORY RISK INDICATORS CONTROL GAP
o Are there clear and well written by-laws defining the structure, roles,
responsibilities, and procedures of the Board?
o Is there a mechanism in place to ensure sufficient scheduling,
preparation, organization, and recording of Board proceedings?
Risk that the Board activities are
Board o Are there minimum requirements on the frequency and attendance of
1.1 not carried out in a well-defined,
proceedings Board meetings?
clear and organized manner
o Are there specialized committees (e.g. asset and liability, audit, risk
management, remuneration, etc.) set up in line with evolving needs of the
organization?
o Are the internal rules in line with the regulatory minimum requirements?
o Are Board members properly qualified and have the right mix of skills
appropriate for the needs of the organization?
Qualifications, Risk due to lack of proper o Does the Board have a periodic self-assessment mechanism?
1.3 Evaluation and evaluation and training of Board o Is there orientation for new Board directors and education of existing
training members Board directors in line with evolving needs of the organization?
o How have board members handled situations of conflict or the lack of
knowledge?
o Is the topic of creating a good risk culture in the mindset of the Board
members?
Is the Board promoting a good
2.5 Risk Culture oWhat are the aspects of the Risk Culture that the board is actively
and healthy risk culture
promoting?
Management Risk due to the Board's lack of o Does the Board regularly discuss issues related to management
identification, involvement in the management identification and development?
2.6
development, and identification, development, and o Is there a Remuneration Committee at the Board level?
succession succession o Does the Board have a management succession plan in place?
o Does the current management structure match the scale and complexity
Risk of inadequate and/or
of the organization?
3.1 Structure unclear management structure in
o Are roles and responsibilities of the management clearly defined and
the organization
documented?
o Has the management documented a clear strategy and plans for the
Risk of lack of or insufficient
3.4 Strategy and plan business?
strategy and plans
o Are they reviewed, updated and approved by the management regularly?
o Are there clearly documented policies and procedures for the key areas
Policy and Risk of lack of or insufficient
3.5 set up by the management and provided to the relevant staff?
procedures policies and procedures
o Are they reviewed, updated and approved by the management regularly?
Evaluation: Management
enter risk weighting below
4. AUDIT 20%
o Is there an independent internal audit structure set up for key areas of the
business with clear and robust procedures?
o Is internal audit conducted on a frequent enough basis?
Risk due to insufficient internal
4.1 Internal audit o Is there a clear procedure for reporting and follow up of internal audit
audit
findings to the management and the Board?
o Is there sufficient number of qualified internal auditors in line with the
business scale and complexity?
Risk of inaccurate or unreliable o Is information contained in the financial statements accurate and
Financial information on the balance according to commonly accepted financial reporting standards?
5.1
Statements sheet, income statement and o Are financial statements prepared both on an individual entity basis and a
cash flow statement consolidated basis if the organization have various entities?
o Does reporting cover the key areas of the operations, such as operations,
credit, risk management, and treasury?
Risk of inaccurate or unreliable
Operational o Is there a mechanism in place to ensure the accuracy of business related
5.2 reporting on the key areas of the
reporting reports?
operations
o Are operational reports prepared both on an individual entity basis and a
consolidated basis if the organization have various entities?
Recommendations
NET RISK
(1-5)
mm/dd/year
EXTERNAL RISK
External risk is the risk of loss due to developments, changes, or influences from the external environment.
A MFI should be sensitive to its operating environment, including, but not limited to, regulatory, legal, political, and macroeconomic factors, and constantly assesses the external environment it operates in, to
minimize potential vulnerabilities of the organization to these outside forces. Although a MFI may have less control over some external risks, certain external risks can be actively managed.
LIKELIHOOD
mm/dd/year
mm/dd/year
mm/dd/year
XX/XX/2014
ID REF NO.
SEVERITY
CATEGORY RISK INDICATORS CONTROL GAP
o Is the local environment at risk for natural calamities that could negatively
impact the organization (e.g. floods, cyclones, drought, etc.)?
Physical Risk the organization faces from
1.5 o Do these natural calamities pose a risk to income streams of households
environment the environment
and enterprises and/or microfinance delivery?
o Does the organization have a business continuity plan?
o Are there any internal business practices and external factors that may
negatively impact the organization (e.g. operating environment,
External Risk of damage to the external microfinance industry)?
1.7
reputation reputation of the organization o Does the organization have contingency plans for external reputation
damage?
Recommendations
OPERATIONAL RISK
Operational risk is the risk of loss due to inadequate or failed internal processes, people, and systems. Fraud is also considered as an operational risk.
A MFI should design and imbed control mechanisms throughout the operations to mitigate potential vulnerabilities in the control environment. The organization should proactively conduct ex-post review of
transactions and assess the adequacy of control measures and staff resources. Finally, cultivating a culture of integrity and transparency among employees is critical to control operational risk.
LIKELIHOOD
mm/dd/year
mm/dd/year
mm/dd/year
XX/XX/2014
ID REF NO.
SEVERITY
CATEGORY RISK INDICATORS CONTROL GAP
Evaluation: Application
enter risk weighting below
3. LOAN PROCESS - ANALYSIS 15%
o Are there clear and sufficient standards to guide the credit analysis?
o Are staff following procedures in conducting the credit analysis to obtain
Do LOs know about its clients and follow procedures to
Risk of the client analysis not an accurate picture of the client's socio-economic situation?
3.1 Client analysis conduct credit analysis?. Are there any controls in place
being conducted properly o Are controls in place to protect against external or internal fraud?
to protect against external and internal fraud?.
o Is there independent validation on the information collected by loan
officers?
o Are there controls to ensure sufficient investigation of the borrower's real
Loan purpose Risk of insufficient loan purpose loan purpose? Do LOs know the real loan purpose ?. Are they any
l
analysis analysis o If the borrower has previous loans, are there procedures to check the check for the actual usage of their previous loan?
actual usage of his/her previous loans?
o Are staff following procedures in carrying out the analysis and verification
Risk of guarantor and/or
Guarantor and of the guarantor and/or collateral? Checking Guarantor and their collatreal ?. Their collateral
3.3 collateral not being verified and
collateral analysis o Are controls in place to ensure that the guarantor and collateral are not are not used for multiple loans…
analyzed properly
used for multiple loans?
Evaluation: Analysis
enter risk weighting below
4. LOAN PROCESS - APPROVAL 10%
Risk of lending decisions o Are there controls in place to ensure staff responsible for loan approval
4.1 Approval decision charged to staff without sufficient are properly qualified?
risk assessment capability o Are there multiple people involved in the loan approval decision making?
o Are there multiple hand-offs of cash between the organization and the
Cash control at Risk of weak control of cash at borrower?
5.2
disbursement disbursement o If there are both collections and disbursements on the same day, is cash
handled separately or netted?
Evaluation: Disbursement
enter risk weighting below
6. LOAN PROCESS - POST LENDING COLLECTIONS & M 25%
o Are there multiple hand-offs of cash between the organization and the
Cash control at Risk of weak control of cash at borrower?
6.3
collection collection o If there are both collections and disbursements on the same day, is cash
handled separately or netted?
o Is delinquency monitored on a regular basis (daily, monthly, quarterly)?
Delinquency Risk of not detecting or reporting
6.4 o Is there a dedicated function for monitoring delinquency?
monitoring delinquency in a timely manner
o Are late payments occurring within the month included as delinquency?
o Do lending officers have the incentive to stay alert of early warning signs
and disclose problems early?
Early problem Risk of staff not reporting credit
6.5 o Do loan officers flag potential credit concerns (e.g. borrower business
recognition problems in a timely manner
weaknesses, sickness of family members, borrower left home, gambling,
divorce, etc.)?
Risk of inadequate and/or o Does the current staff structure match the scale and complexity of the
7.1 Structure unclear staff structure in the organization?
organization o Are roles and responsibilities of the staff clearly defined and documented?
o Is there a system for evaluation of staff to ensure they have the right
skills and qualifications for their respective roles?
Skills and Risk of staff lacking the proper o Is there continuous training for staff to ensure they have the right skills
7.3
qualifications skills and qualifications and qualifications in line with the evolving needs of the organization?
o Is there a healthy mix between senior and junior staff, mature and new
staff?
Recommendations
CREDIT RISK
Credit risk is the risk of loss due to borrowers' late or non-payment of loan principal and/or interest obligations.
A MFI should have methodologies to assess credit risk exposures at both the individual borrower and portfolio level. Credit risk should be undertaken in a calculated and controlled manner to achieve the
desired business results while keeping credit losses within tolerance limits. Timely identification and prevention of problems, as well as periodic review of credit risk methodologies in light of changes in the
internal and external environment, are critical.
LIKELIHOOD
mm/dd/year
mm/dd/year
mm/dd/year
XX/XX/2014
ID REF NO.
SEVERITY
CATEGORY RISK INDICATORS CONTROL GAP
o Are the products and clients screening criteria deigned to ensure they
Risk due to a mismatch between attract intended target segment and meet loan purpose?
1.1 Target segment the product design and the o Are the products designed to fit a critical mass of local loan demand?
underlying target segment o Are the products designed to ensure the loan size fits the loan demand of
the target segment?
o Is there periodic review to ensure the loan pricing is in line with overall
Risk of distortions due to loan pricing in the market to avoid potential distortions (e.g. sub-market pricing
1.2 Loan pricing
pricing could attract mis-appropriation; excessive pricing could conflict with social
motives or lead to adverse selection)?
Risk of insufficient protections or o Are there safeguards to control loss norms (e.g. frequent test of
Protections or risk
1.3 risk mitigations in the loan repayments, loan maturities, collateral, guarantees, credit insurance,
mitigations
products mandatory risk fund, etc.)?
o Are policies in place to cap exposure to clients over multiple loan
Risk of over-exposure to a single products?
1.4 Loan exposure
client or group of related parties o Are client exposure to guarantees also assessed?
o Are policies in place to cap exposure across related parties?
Risk of credit deterioration due to o Does the review of portfolio take into account the potential hidden risk due
2.2 Portfolio growth
fast expansion to rapid loan growth?
o Is there a clear policy to specify who has the authority for loan approval
Risk that credit decisions are not
differentiated by risk level and loan amount?
3.3 Approval authority controlled at the appropriate
o Is there a clear policy to specify who has authorization to grant approval
level
authorities and on what basis?
Risk of having unclear approval o Are there clear risk acceptance standards to guide credit decision
3.4 Approval criteria
criteria making?
Risk of having unclear o Are there clear policies for monitoring clients after loan disbursement?
3.6 Monitoring monitoring requirements post o Are there requirements of client visits or meetings after disbursement?
disbursement o Are post-lending visits or meetings recorded?
o Does the organization set aside general reserves and specific loan loss
reserves in a prudent manner?
Risk of not making reasonable
o Are there provisioning policies to specify the time for provisioning of
3.7 Provisioning provision against potential credit
overdue loans?
losses
o Are the provisioning policies reviewed on a periodic basis in line with the
specific situation of the organization?
o Are there clearly documented procedures for collection actions, with
Risk of having unclear collection escalating measures depending upon the severity?
3.8 Collections
requirements o Do collection policies specify the reporting of collection activities within the
organization?
Risk due to lack of or inadequate o Is there a robust stress testing framework that evaluates the real quality of
3.9 Stress testing
stress testing framework the loan portfolio?
Recommendations
INFORMATION TECHNOLOGY RISK
Information technology risk is the risk of loss due to inadequate IT systems infrastructure.
A MFI should have robust, responsive and properly scaled IT systems infrastructure in order to identify and monitor current and future risks, while systematizing business processes and controls. The IT
system's ability to generate standardized, timely , and accurate reporting is also a key component in an organization's risk management framework.
LIKELIHOOD
mm/dd/year
mm/dd/year
mm/dd/year
XX/XX/2014
ID REF NO.
SEVERITY
CATEGORY RISK INDICATORS CONTROL GAP
o Does each employee only have access to computers for his/her own
Risk of fraud or loss of data due work?
1.3 System integrity to system failures, breaches or o Are there passwords and levels of administration (e.g. data entry, data
improper usage viewing rights, etc.) in the IT system?
o Does the IT system have backup procedures and audit trails?
Risk due to staff not being o Is there periodic training to help staff utilize the IT systems correctly?
1.5 System Training properly trained on the use of the o Are there manuals, tutorials, and help screens available for staff, in
IT system addition to training?
o Is there a qualified in-house or outsourced team for maintaining and
Risk of not having sufficient IT upgrading the system?
1.6 System Support
systems support o has there been experience with external support? Is it available and and
what price levels?
Evaluation: Systems
enter risk weighting below
2. OTHER RISKS 0%
2.1
2.2
2.3
2.4
2.5
Evaluation: Other
Recommendations
LIQUIDITY & MARKET RISK
Liquidity risk is the risk of loss due to an organization's inability to meet its payment commitments or finance new loan growth.
Market risk is the risk of loss due to re-pricing of assets and liabilities.
A MFI should manage liquidity risk to avoid cash shortages and ensure sufficient funding for new loan demand and savings withdrawals (for deposit-taking lenders). A clear overall funding strategy, as well as
detailed ongoing forecasts of cash inflows and outflows, are several key components to manage liquidity risk. To protect against market risk requires constant monitoring of the interest rate environment, and an
active strategy to ensure assets and liabilities are properly matched within tolerance limits set by the organization. Tools for evaluating the impact of potential liquidity and market shocks are also important for
better understanding of these risks.
LIKELIHOOD
mm/dd/year
mm/dd/year
mm/dd/year
XX/XX/2014
ID REF NO.
SEVERITY
CATEGORY RISK INDICATORS CONTROL GAP
o Is the topic of liquidity and market risk on the organization's radar screen
o Does the organization have a comprehensive well-documented policy to
Risk of not having a
identify, measure, and manage liquidity and market risks?
comprehensive framework for
1.1 Framework o Is the policy periodically reviewed and updated by the management and
liquidity and market risk
approved by the Board?
management
o Is there a dedicated person and/or function for managing liquidity and market
risks?
Assets Risk of not having a clear o Does the organization have a clear definition of which assets are classified
1.3
classification definition of liquid assets as liquid and non-liquid?
Risk that a reliable and o Does the MIS system produce reliable, timely, and accurate cash flow tables
functional MIS system is not in for deterministic cash flow streams?
1.5 Technical Support place to produce the required o Does the MIS system produce reliable, timely, and accurate transaction data
data for liquidity and market risk that can be used as a basis for statistical analysis of client behavior?
reporting
o Does the regulator require interest rate risk monitoring and how
sophisticated is the requirement? Is it sufficient to adress interest risk?
o Does the organization monitor liquidity within and across entities and
business lines?
o Does the organziation produce a cash flow analysis for the next 30 days and
how solid is the calculation?
Risk due to lack of or inadequate
Monitoring liquidity o Does the organization use a professional monitoring tool to manage liquidity
2.2 monitoring of liquidity risk
risk risk?
o How complex is the asset and liability structure?
o Does the organization produce a gap report for maturity buckets? Is the
Risk due to lack of or inadequate
Monitoring foreign sensitivity of the open risk positions calculated?
2.3 monitoring of foreign exchange
exchange risk o Does the organization monitor foreign exchange rate development?
risk
o Does the organization have an early warning monitoring system for foreign
exchange risk?
Risk that the impact of external o Does the organization have an early warning monitoring system (EWS)?
factors such as macroeconomic o Is the EWS looking at reasonable input factors?
Monitoring of the
developments, exchange rates,
2.5 external
trade balance, etc.) are not o Is the EWS looking at forecasting indicators (an EWS looking at spot
environment
properly assessed vis-à-vis exchange rates is projecting risk)?
liquidity and market risk
Collateral Risk of lack of or inadequate o Does the organization actively manage and monitor collateral to mitigate
2.9
management management of collateral liquidity risk?
o Is there a robust stress testing framework that evaluates impacts from the
scenarios on liquidity and market risks?
Risk due to lack of or inadequate
3.1 Stress testing o Do stress testing scenarios take into account the risks and lessons learned
stress testing framework
from the most recent crisis?
o Are stress testing scenarios subject to regular reviews and reappraisals?
Risk of not testing plausible o Does the organization have the ability to build resverse stress testing (i.e.
Reverse stress
3.2 scenarios outside normal stress use potential, negative outcome to model scenarios that could potentially
testing
testing requirements affect the organization in a significant manner)?
Risk due to non compliance with o Are there minimum regulatory requirements for scenario testing?
Regulation &
3.3 prevailing regulations regarding o If so, is the organization's stress testing compliant with the regulatory
scenario setting
stress testing requirements?
Risk that standard reports for
o What is the quality of the existing stress testing models?
stress testing are too complex
Standard
3.4 and/or difficult to understand
Reporting o Do the models produce quality results that are presented clearly to various
concept and easy to read.
stakeholders within the organization?
Evaluation: Stress testing
enter risk weighting below
4. OTHER RISKS 0%
4.1
4.2
4.3
4.4
4.5
Evaluation: Other
Recommendations
Risk XX/XX/2014 mm/dd/year mm/dd/year mm/dd/year
Governance Risk
External Risk
Operational Risk
Information & Technology Risk
Credit Risk
Liquidity & Market Risk 0
100% IT Risk
100% Systems
0% Other Risks
l
na
an
ty
io
l a
n
di
at
rn
er
t
di
ui
r
te
ov
pe
re
q
Ex
IT
Li
G
C
/ / / / / /
/ / / / / /
/ / / / / /
/ / / / / /
/ / / / / /
/ / / / / /
/ / / / / /
/ / / / / /
/ / / / / /
/ / / / / /
/ / / / / /
/ / / / / /
/ / / / / /
/ / / / / /
/ / / / / /
/ / / / / #REF!
/ / / / / /
/ / / / / /
/ / / / / /
/ / / / / /
/ / / / / /
/ / / / / /
/ / / / / /
/ / / / / /
/ / / / / /
/ / / / / /
/ / / / / /
/ / / / / /
/ / / / / /
/ / / / / /
/ / / / / /
/ / / / / /
/ / / / / /
/ / / / / /
/ / / / / /
/ / / / / /
/ / / / / /
/ / / / / /
/ / / / / /
/ / / / / /
/ / / / / /
/ / / / / /
/ / / / / /
/ / / / / /
/ / / / / /
/ / / / / /
/ / / / / /
/ / / / / /
/ / / / / /
/ / / / / /
/ / / / / /
/ / / / / /
/ / / / / /
/ / / / / /
/ / / / / /