Operations, Internal Controls & Auditing Ratings

Operations, Internal Controls & Auditing This rating reflects the adequacy of the institution's fiduciary operating systems and internal controls in relation to the volume and character of business conducted. Audit coverage must assure the integrity of the financial records, the sufficiency of internal controls, and the adequacy of the compliance process. The institution's fiduciary operating systems, internal controls, and audit function subject it primarily to transaction and compliance risk. Other risks including reputation, strategic, and financial risk may also be present. The ability of management to identify, measure, monitor and control these risks is reflected in this rating. The operations, internal controls and auditing rating is based upon, but not limited to, an assessment of the following evaluation factors: Operations and Internal Controls, including the adequacy of:  Staff, facilities and operating systems;  Records, accounting and data processing systems (including controls over systems access and such accounting procedures as aging, investigation and disposition of items in suspense accounts);  Trading functions and securities lending activities;  Vault controls and securities movement;  Segregation of duties;  Controls over disbursements (checks or electronic) and unissued securities;  Controls over income processing activities;  Reconciliation processes (depository, cash, vault, sub-custodians, suspense accounts, etc.);  Disaster and/or business recovery programs;  Hold-mail procedures and controls over returned mail; and,  Investigation and proper escheatment of funds in dormant accounts. Auditing, including:  The independence, frequency, quality and scope of the internal and external fiduciary audit function relative to the volume, character and risk profile of the institution's fiduciary activities;  The volume and/or severity of internal control and audit exceptions and the extent to which these issues are tracked and resolved; and  The experience and competence of the audit staff. Ratings A rating of 1 indicates that operations, internal controls, and auditing are strong in relation to the volume and character of the institution's fiduciary activities. All significant risks are consistently and effectively identified, measured, monitored, and controlled. A rating of 2 indicates that operations, internal controls and auditing are satisfactory in relation to the volume and character of the institution's fiduciary activities. Moderate weaknesses may exist, but are not material. Significant risks, in general, are effectively identified, measured, monitored, and controlled. A rating of 3 indicates that operations, internal controls or auditing need improvement in relation to the volume and character of the institution's fiduciary activities. One or more of these areas are less than satisfactory. Problems and significant risks may be inadequately identified, measured, monitored, or controlled. A rating of 4 indicates deficient operations, internal controls or audits. One or more of these areas are inadequate or the level of problems and risk exposure is excessive in relation to the volume and character of the institution's fiduciary activities. Problems and significant risks are inadequately identified, measured, monitored, or controlled and require immediate action. Institutions with this level of deficiencies may make little provision for audits, or may evidence weak or potentially dangerous operating practices in combination with infrequent or inadequate audits.

A rating of 5 indicates critically deficient operations, internal controls or audits. Operating practices, with or without audits, pose a serious threat to the safety of assets of fiduciary accounts. Problems and significant risks are inadequately identified, measured, monitored, or controlled and now threaten the ability of the institution to continue engaging in fiduciary activities.