GENERAL INTRODUCTION:

Unity Co-operative Society (UNICS) was created on the 15th of February 2000 by a resolution of a constituent general meeting, with the goal to create added value to the Cameroonian economy. The creation of UNICS is backed by law No 92/006 of 14 August 1992 relating to the Co-operative Societies and Common Initiative Groups and by its degree of implementation No 92/455/PM of 23rd November 1992.UNICS is accredited to COBAC (D2002/48 OF 27/11/2002).

UNICS has as mission to co-operate and solve future economic problems through present day decisions and actions.

UNICS’s primary objectives include; alleviation of poverty and unemployment through the creation of wealth and financing of micro projects, provide efficient and rapid financial services to society through the medium of her dynamic staff.

After 8 years of hard work and dedication, UNICS now boasts of 9 branches. These include; 1. Yaounde Marche Central, 2. Yaounde BiyemAssi, 3. Douala Deido, 4. Douala Bonaberi, 5. Buea, 6. Bamenda,7. Kribi, 8. Limbe and9. Bafut branches.

UNICS also has correspondent branches abroad in the UK and in the USA

For 8 years (15/01/2000-31/12/2008) UNICS operated as a category I microfinance institution. Under this category her activities were limited to those of a co-operative. She was considered a non profit making entity composed of members. As of 1st January 2009, UNICS becomes a category II microfinance institution and also moves from UNICS to UNICS PLC (UNITY CO-OPERATIVE SOCIETY PUBLIC LIMITED COMPANY). The 28th of March 2009 marked an important step in the growth and development of UNICS. On this UNIC’s status of a category II microfinance institution was approved by the General Assembly which was held in Bamenda.She now has the status of a profit making institution. She is now subjected to greater government scrutiny (She is now liable to value added tax (VAT)).

The micro-finance sector in Cameroon is steadily growing. The sector has about 520,000 customers. (www.allafrica.com). UNICS has a customer portfolio of over 20 000 customers (THE LENDER.1st edition) as at 31st December 2008.This means that UNICS PLC has a microfinance market share of about 4% in Cameroon.

1

PART ONE

PRACTICAL TRAINING EXPERIENCE AT VARIOUS SERVICES

Chapter 1SERVICES AND ACTIVITIES

(a) INTRODUCTIONI was recruited into UNICS PLC on the 2nd of February 2002.I had a probation period of three months. It was carried out in two phases: the Orientation Phase at Head Office/Yaounde Marche Central Branch and Technical Phase at the UNICS Kribi branch (as internal control trainee). During this probation period, I had the opportunity to visit all the services indicated below.It is worth noting that the branch is the microcosm of the general organization of UNICS PLC. It is the commercial center of organization. (b) PRACTICAL EXPERIENCE ACQUIRED THROUGH SERVICES.

(1)SERVICE/ACTIVITIES

OBSERVATIONS RECOMMANDATION

Accounting

Collects, records, analyses and reports financial statements of affairs of UNICS PLC

Inconsistent filling and documentation

Access to documents not restrictedInsufficient filing space

Every personnel must be trained to keep archiveEnsure weekly check on archives. Employees who fail to classify their documents should be sanctioned.

Each service must have a register to record movement of

archives and those responsible

(2)SERVICE/ACTIVITIES

OBSERVATIONS RECOMMANDATION

Internal Control and audit

Provide assurance to management about ;-Effectiveness of operations-Economical and effective use of resources-Reliability of financial reporting-Compliance with policies, procedures, and regulations, -Safeguarding of assets-Integrity, reliability of information, accounts and data- Fraud, irregularity or corruption- risk management

Inadequate trainingLack of a complete internal control audit manual

Internal controllers should be given adequate training and should acquire enough experience in other to be able to do their work effectively.

An efficient an effective standard audit and internal control system should be put in place.(pages 8,12 )

2

(3)SERVICE/ACTIVITIES

OBSERVATIONS RECOMMANDATION

Banking operations, Customer service and tellers

Receive, direct orientate and serve clients at different levels.

Chronos are not filed in a serial order.Not all accounts have pictures and signatures attributed to them.

Ensure rearrangement of chronos in a chronological

order.

The customer service should endeavor to produce a list of all clients who haven’t got their pictures or signature in their accounts. Staff working especially at the front office needs to be given regular training on customer relationship.

(4)SERVICE/ACTIVITIES

OBSERVATIONS RECOMMANDATION

Credit and Recovery,

The entire management and recovery of loans.

Growing delinquency rate.Increase debits in clients accounts.

A clear plan for follow up of the client is very essential to ensure timely repayment.Ensure solid agreements exist between UNICS and her counterparties.Fixed assets are ideal as collaterals. A follow up of the strict implementation of the new credit policy should be put in place.

(5)SERVICE/ACTIVITIES

OBSERVATIONS RECOMMANDATION

Local and International Operations,For local(speedy cash)and international money transfers

Absence of updated account history with the Bank of America, this implies that there is little or no control to approved deposits made in BOA for payout here in Cameroon.

Recent crackdown of fraud of the 1st of April 2009 which included the depositing of fraudulent electronic cheques against the UNICS account of HSBC in London.

International transfer transactions should have a formal procedure.

(6)SERVICE/ OBSERVATIONS RECOMMANDATION

3

ACTIVITIESGeneral

.Shortages reported by tellers may just be another means to obtain a fast overdraft as the final punishment is an obvious debit into their account.

The speedy cash network is very exposed. An employee who has the password to the website can seat at any cyber cafe completely out of the office and effect a transfer or payment.

Inadequate protection of employee and client information.

Collectors may be existing as “ghost banks” bearing UNICS PLC’s name (that is collecting cash from clients and taking custody of the sums). Also it has been noticed that clients hardly sign against amounts deposited with collectors and therefore a risk exist that collectors may alter figures in their registers or clients may claim inflated amounts. Collectors are untrained and can hardly market the products in question. Constant electricity disruption during working hours.

.Electronic banking seems to be the final word. The use of automatic teller machines can effectively solve this problem or,Shortages or overages reported by tellers should be well investigated before sanctions are given to them.

The system should be coded such that it can be opened only on a particular computer in the office as it is done for Western Union.

UNICS should consider the desire for customer privacy and data security (bank secrecy), as well as the legislative and cultural norms. Some customers prefer assurances that their data will not be shared with third parties without their prior consent and that safeguards are in place to prevent illegal access by third parties.

UNICS should ensure all employees are given a copy of the company’s data protection policy.

The risk may be minimized by recruiting only female collectors.

Figures without clients signatures should not be posted into the system and collectors must make sure the clients sign against their deposits

Collectors should be given proper training on the products they market and the risk involved.

.

They (collectors) should also be trained on how to fill figures involving overdrafts in the booklets of client.

Generators be made available to branches

PART TWO

4

EXAMINE THE FUNCTIONING OF A STANDARD AUDIT AND CONTROL SYSTEMS IN A MICROFINANCE INSTITUTION

(Case Study: UNICS PLC)

Chapter 2

OVERVIEW OF SUBJECT MATTER

(a) INTRODUCTION: This study is shaped to help UNICS improve the quality of internal audit and controls and her risk management processes. It focuses on problem prevention (preventive control) and early problem identification (detective control). The study provides guidelines for establishing operational activities that will assist UNICS in identifying vulnerabilities, designing and implementing controls; monitoring the effectiveness of controls. It also highlights problem resolution (corrective control) as a means for risk management.

More generally, objectives, budgets, plans and other expectations are bases for control and audit. By setting objectives, management can then identify the risks involved in achieving these objectives. To address these risks, management may implement specific internal controls. The effectiveness of internal control can then be measured by how well the objectives were achieved and how effectively the risks were managed.

One of the primary objectives of internal auditing in relation to corporate governance is helping the Audit Committee of the Board of Directors (or equivalent) perform its responsibilities effectively. This may include reporting critical internal control problems, informing the Committee privately on the capabilities of key managers, suggesting questions or topics for the Audit Committee's meeting agendas, and coordinating carefully with the external auditor and management to ensure that objective setting is considered a precondition to internal control.

(b) DEFINITIONS

Audit: The general definition of an audit is an evaluation of a person, organization, system, process, project or product. Audits are performed to ascertain the validity and reliability of information; also to provide an assessment of a system's internal control. The goal of an audit is to express an opinion on the person/organization/system (etc) in question, under evaluation based on work done on a test basis. Those who perform audits are called auditors (www.google.com).

Control: A control is any action taken by the Board, Management and other parties to manage risk and increase the likelihood that established objectives and goals will be achieved. Management plans, organizes, and directs the performance of sufficient actions to provide reasonable assurance that objectives and goals will be achieved (www.google.com).

Microfinance institutions: refers to the provision of financial services to poor or low-income clients, including consumers and the self-employed. The term also refers to the practice of sustainably delivering those services (www.google.com).

Internal audit and internal controlAlthough internal control and internal audit are closely related, they are distinct from each other.

5

Internal control is defined as a process affected by an organization's structure, work and authority flows, people and management information systems, designed to help the organization accomplish specific goals or objectives. It is a means by which an organization's resources are directed, monitored, and measured. It plays an important role in preventing and detecting fraud and protecting the organization's resources, both physical (e.g. property) and intangible (e.g., reputation or intellectual property such as trademarks).

Internal audit: An independent appraisal service to management that measures and evaluates the effectiveness and efficiency of internal control system .It uses and investigative/detective approach. However, internal auditors are not responsible for the execution of company activities, they advise management and the Board of Directors (or similar oversight body) regarding how to better execute their responsibilities.

(c) THE ROLE OF EXTERNAL AUDIT.

It should not be a part of the internal control process. It should provide independent external comment on the standard, quality and coverage of

internal audit. It should not duplicate the internal audit work except grounds for concern. Should examine and comment on both internal audit and internal control quality.

6

Chapter 3

INTERNAL CONTROL STRUCTURE

(a) INTRODUCTION

Effective internal controls and standard audits are the foundation of safe and sound banking systems. The purpose of internal controls is not to entrap employees; rather, good internal controls provide a working environment in which good employees are not tempted to do something they would not ordinarily do. The formality of internal control system will depend largely on an institutions size, the complexity of operations and its risk profile.

However fraud and embezzlement schemes are not solely a problem of larger institutions. In fact, the very size of small microfinance institutions creates opportunities for a weak internal control structure and fraud. Therefore the Board and Management of UNICS PLC should work within her scope to develop methods that will safeguard the institutions resources and clients' accounts and reduce the opportunity for fraud.

A proposed internal control flow chart for UNICS PLC is presented below. (Figure 1)

7

Figure 1: Proposed Internal Control Flow Chart for UNICS Plc

Elements of Management Control

System

Control Environment

Risk Assessment

Accounting, Information and Communication

Monitoring

Control Activities

Controllable and Uncontrollable

Approval and Authorization

Segregation of duties

Internal and External

Physical Controls

Information Processing

Obligatory Vacation for Staff

BOD and Management

External auditors and regulators

8

(b) CHARACTERISTICS OF INTERNAL CONTROL/OBSERVATIONS /RECOMMENDATIONS

Control environmentReflects the Board of Directors and Management’s commitment to internal control. This provides discipline and structure to the internal system. Management is accountable to the Board of Directors, which provides governance, guidance and oversight.

The Board of Directors should:1. Periodically discuss the internal control systems effectiveness with management, 2. Review internal control evaluation conducted by management and auditors, 3. Monitor management action on auditor recommendations,4. Review the institutions strategies and risk limits. 5. Ensure that Management properly considers the risks and control issues associated with

emerging technologies and also embrace electronic banking.

The Board may delegate some of these duties and responsibilities to an Audit Committee or a risk committee.

The General Manager of UNICS PLC has overall responsibility for designing and implementing effective internal control. More than any other individual, the General Manager sets the "tone at the top" that affects integrity and ethics and other factors of a positive control environment. Virtually all employees produce information used in the internal control system or take other actions needed to effect control.

Elements of a control environment Organizational structure of the UNICS PLC Management philosophy and operating style (All business strategies should be formal ) The integrity, ethics and competence of personnel should be taken seriously into consideration. External influences that affect the institution’s operations and its risk management for example

independent audits should be taken into account.

The effectiveness of human resource, policies and procedures should be reviewed on regular basis.However, whether UNICS PLC achieves operational and strategic objectives may depend on factors outside the enterprise, such as competition or technological innovation.

Risk assessmentThis involves identification, measurement and analysis of risk (internal and external, controllable and uncontrollable) at individual business levels and for the institution as a whole. The Management of UNICS should assess all risks facing the institution because uncontrollable risk taking can prevent the institution from reaching its objectives or can jeopardize operations.

Control activitiesThese are policies, procedures and practices established to help ensure that bank personnel carry out Board and Management directives at all business levels of the institution. I therefore propose that;

Only approved and authorised transactions and activities should be executed and violators should be given due punishment.

Duties should be segregated and rotated to reduce a person’s opportunity to commit and conceal fraud or errors (for example assets should not be in the custody of the person who procures, authorizes and records it)

9

Physical safeguards for assess to and the use of assets and records should be improved. (For example UNICS should secure facilities and control access to computer programmes and data files.) .The use of cameras to protect property is recommended.

Independent checks should be conducted on whether jobs are getting done and records accurate. Control over information whether automatic or manual should be adequate to ensure the integrity of management information systems, books and records.

UNICS employees should enter pertinent information into the processing systems in a timely manner ,A significant deficiency in a control system is a deficiency in risk management (for example the failure to process transaction in an accurate, thorough and timely manner which is a failure of internal control ,exposes the system to potential loses)

There should exist a requirement that officers and employees in sensitive positions be absent for two consecutive weeks each year. This will eliminate the risk of fraud due to a continues and uninterrupted presence.

Accounting, information and communication systems

This captures and imparts pertinent and timely information in a form that enables the Board, Management and employees to carry out their responsibilities. This includes accounting systems (methods and records that identify, assemble, analyze, classify, records and report an institution’s transactions). Information and communication systems (enable all personnel to understand their roles in the control system, how their roles relate to others and their accountability). These systems of information are very important as they produce reports on operations, finance and compliance that enable Management and Board to run the institution. It also provides information to external parties such as regulators, shareholders and customers. It is important to note that Management Information Systems are distinct from regular information systems in that they are used to analyze other information systems applied in operational activities in the organization.

Self assessment

This will involve UNICS’s own oversight of the control system performance. These are evaluation of departmental or operational controls by persons within the area. All UNICS personnel should share responsibility for self assessment or monitoring. Also, all personnel should be responsible for communicating upward problems in operations, noncompliance with the code of conduct, or other policy violations or illegal actions. Internal control must be consistently applied and well understood by bank staff if board and management policies are to be effectively implemented.

However effective and well designed internal control systems are still subject to execution risk. In other words, most control systems are executed by human beings whom even if well trained and with the best of intentions can still be subjected to distraction, carelessness, tiredness, or confusion

10

Chapter 4

STRUCTURING OF A STANDARD AUDIT

(a) INTRODUCTION

Internal audit is going through a significant period of development and change in UNICS which provides a number of opportunities and challenges. Corporate governance development in general has provided much focus on the rule of internal audit and internal auditors/controllers need to demonstrate the right skills, knowledge and understanding of the organizations system of internal control. An organization's internal control structure is at the heart of its processes and controls. The Audit Committee or its equivalent, with its responsibility of evaluating the efficiency of the organization's internal control service, needs to understand the concepts of internal control in order to be effective and efficient.

Internal audit is vital in assessing, reporting and proposing solutions to management about the effectiveness and efficiency of internal control systems.

(b) INTERNAL AUDIT STRUCTURE

There are two possible structures:- A Centralized System where all auditors are stationed at head office and only go down to the field on regular basis for control and -A decentralized system where controllers are stationed at the branches or subsidiaries, perform audits and report to a central controller.

It is important to emphasise that internal control and internal audit are related but are different from each other.UNICS PLC uses the name internal controller to refer to internal auditors.

My proposal is that the name internal controller should be changed and should be called internal auditor so that the functions of internal control and internal audit can be well understood.

.A proposed internal and decentralized audit organizational structure for UNICS PLC is as indicated below. Figure 2.(also see reporting structure).

11

Figure 2:Proposed Decentralised Internal Audit Structure for UNICS Plc

Board of Directors Internal Audit Committee

Chairman of the Board of Directors

Vice Chairman of the Board of

Directors

National Internal Auditor

Internal Auditor

Internal Auditor Internal Auditor

Board of Directors

Chairman of the Board of Directors

National Internal Auditor

Internal Audit Committee

Vice Chairman of the Board of

Directors

Chairman of the Internal Audit

Committee (Chairman of the Board of

Directors) e

Internal Auditor

Internal Auditor

Internal Auditor

Reporting System

12

A developing best practice will be for the internal auditors who should be at the level of the UNICS PLC branches to report directly to the National Internal Auditor who should be stationed at the Head Office. The National Internal Auditor should report to the Audit Committee through the chairman of this committee who should be the chairman of the Board of Directors. In such cases, the committee should have a means to evaluate the performanc

Internal audits should be designed as an integrated process, independent from other business operations, for evaluating the extent to which internal control achieves its objectives in key areas, including appropriate risk management, efficient and effective business operations, reliable financial reporting and compliance with laws, regulations and internal rules. It should offer advice and remedial recommendations in connection with any problems that may be identified. Through this process, internal audits will assist the Boards of Directors of UNICS PLC to fulfill their managerial duties efficiently and effectively.

The internal Audit Committee should determine all important matters concerning internal audits. The committee should be chaired by the chairman of the board of directors. The internal Audit Committee should be able to monitor and manage internal audits at all UNICS PLC branches through internal audit reports prepared by internal auditors and submitted to the National Internal Auditor. These decisions together with the results of their examination of the internal audit reports are sent to the Board of Directors.

(c) ROLE OF THE AUDIT COMMITTEE.

Since the occurrence of significant frauds can frequently be attributed to an override of internal controls, the Audit Committee plays an important role to ensure that internal controls address the appropriate risk areas and are functioning as designed. If fraud or irregularities are asserted or discovered, the Audit Committee, through the internal auditors, should investigate, and, if necessary, request legal counsel to assert claims on the organization’s behalf. If fraud is discovered, or there is a reasonable basis to believe that fraud may have occurred, the Audit Committee is responsible for ensuring that an investigation is undertaken and necessary measures taken.

With a decentralized internal audit system UNICS will benefit as follows;

1. Fraudulent or erroneous transactions may be prevented before they occur because the internal auditors are present in the field and are monitoring all transactions.

2. Objective assessment of the effectiveness and efficiency of operations is easily accomplished.

3. Internal auditors at various levels of the institution will use their knowledge to spread good practices throughout the organization.

4. Management can easily get advice on whether the institution has sound systems of internal controls and therefore be in an ideal position to protect the organization against loses.

5. May detect mistakes caused by personal distraction, carelessness, fatigue, arrows in judgment, or unclear instructions in addition to fraud or deliberate non compliance with policies.

6. Can help UNICS measure performance, make decisions, evaluate processes and limit risk.

Chapter 5

CATEGORIES OF FRAUD

13

(a)INTRODUCTION

An understanding of fraud is essential for the Audit Committee to carry out its responsibilities. The Audit Committee also needs to be aware of the fact that, fraud affecting the organization often falls within one of three categories:

Management fraud, which involves senior management’s intentional misrepresentation of financial statements, or theft or improper use of company resources.

Employee fraud, which involves nonsenior employee theft or improper use of company resources.

External fraud, which involves theft or improper use of resources by people who are neither management nor employees of the firm.

This categorization of fraud is useful, but not absolute. This is because middle management employees may intentionally misrepresent financial statement transactions, for example, to improve their apparent performance, or outside individuals may collude with company management or employees.

It is proposed that internal audit staff be experienced and trained in fraud prevention and deterrence. With such training internal auditors can serve a vital role in aiding in fraud prevention and deterrence. This will help to provide assurance that

Risks are effectively identified and monitored; Organizational processes are effectively controlled and tested periodically; and Appropriate follow-up action is taken to address control weaknesses. The Audit Committee

needs to ensure that internal auditors are carrying out their responsibilities in connection with potential fraud.

(b) INTERNAL CONTROL AND FRAUD PREVENTION. (WHAT COULD BE DONE TO AVOID FRAUD AND EMBEZZLEMENT IN UNICS)(1)AVENUE POSSIBLE FRAUD RECOMMENDATIONS

Missing documentation

This is one of the most important symptoms of fraud. Inaccurate or incomplete records are often used to hide fraud.

Fictitious loans could be made in the name of former borrowers.

A supervisor may regularly review a sample of all new loans issued and determine whether required documentations are present, and if not, confirm missing information with third parties.

Make sure loan documentation is complete: guarantee titles, insurance, charges deducted. Be aware of counterfeit collateral.

This way UNICS can also identify fraudulent practices by loan officers or non adherence to new policies before they are replicated on a wide scale.

(2)AVENUE POSSIBLE FRAUD RECOMMENDATIONS

Resistance to improve the Management

MIS officers or managers or some employees may be resisting efforts to modify or improve the MIS. There

MIS reports should contain proper information for review by management for internal control purposes.

14

Information System(MIS) by the management or some employees

are“ghosts and skeletons” which they do not want to bring out.

Management should regularly review MIS reports and consider possible modifications or improvements.

(3)AVENUE POSSIBLE FRAUD RECOMMENDATIONS

Existence of transit or suspense accounts

I would say that the second most frequent category of frauds (fictitious loans being first) are done using general ledger suspense accounts or transit accounts.

General ledger suspense accounts generally are used to temporarily "store" a transaction until all necessary information is available, but can also be used to hide an unauthorized transaction.

General ledger suspense accounts or transit accounts should be reconciled and checked weekly by an internal controller.

(4)AVENUE POSSIBLE FRAUD RECOMMENDATIONS

Lack of mandatory vacation policy

Embezzlements usually require the embezzler's ongoing attention.

Policies that require managers and employees to take at least one and preferably two weeks' vacation (not a day here and there) reduce the risk of embezzlements.

(5)AVENUE POSSIBLE FRAUD RECOMMENDATIONS

Lack of segregation of duties. (Combination of duties as a result of inadequate staff).

Combination of duties may allow a manager or supervisor to approve the loans, set them up on the system, issue the checks, and then cash them through a teller drawer.

Microfinance institutions with limited staff are often at risk of errors, fraud and embezzlement because the critical work is done by few people.

Therefore total Segregation of duties is highly recommended to be fully applied or improved in UNICS. No one should have full control of a whole process or activity.

Make sure that managers and supervisors don’t know the tellers’ passwords and make sure the tellers change their passwords regularly.

(6)AVENUE POSSIBLE FRAUD RECOMMENDATIONS

Weak

Weak software can be used to hide fraud. May be the programmers who did conceive the software

A review and evaluation of the MIS by outside experts can reveal flaws in risk management and internal control.

15

software received no directions from experts in internal control as to what internal control principles or procedures to integrate into the software (for example, segregation of duties).

For example a good application should log and report the user name and event date/time of all entry and deletion of transactions and also for creating, editing, and deleting clients, loans, and schedules of installments.

(7)AVENUE RECOMMENDATIONS

Inadequate audit trails

Adequate audit trails should be maintained. Audit trails will enable the tracing of any given item through the UNICS books.

The internal controller or auditor should pull all loan files him/herself. He/she should keep in mind that any person he/she is asking to assist could be a thief. The controller should verify every explanation that an employee offers. In some cases, the auditor should contact the loan recipient.

Software should also have a thorough audit trail built in.

(8)AVENUE RECOMMENDATIONS

Absence of technical assistance

UNICS can benefit from outside experts to help her set up and make improvements to their internal control systems. It is often easier for an impartial third party to identify shortcomings in the internal control system than for operational staff to objectively evaluate its effectiveness.

(9)AVENUE RECOMMENDATIONS

Absence of donor rule

UNICS may encourage donor participation given that ;

Donors can facilitate the development of internal control mechanisms by providing funds for the initial risk assessment and implementation of internal controls.

They may require UNICS to have some type of internal control mechanism, appropriate to the UNICS’s level of development

They may encourage UNICS to develop an operations manual and to conduct client visits as part of its regular operations.

In addition, donors can support microfinance in their efforts to test new ways to mitigate old risks through new products, such as micro insurance, or operational control tools, such as internal audit software

Chapter 6

IDENTIFYING AND MANAGING RISK

16

(a) INTRODUCTION

Surprises may be fatal to UNICS. Risk is inevitable, avoiding risk impossible. Risk management is the key. The more you know about what you are doing, the less risk you run. If you can define risks, you can limit them. If business was good yesterday, good today, it is not a guarantee that it will be good tomorrow. The recent case of bankruptcy by the Lehman brothers on September 15 2008 can clearly explain this.

Management performs risk assessment activities as part of the ordinary course of business in each of these categories: strategic planning, marketing planning, capital planning, budgeting, hedging, incentive payout structure, and internal auditors are typically part of the project team in an advisory role.

(b) VARIOUS RISKS FACED BY UNICS PLC/RECOMMENDATIONS

Credit risk: This is the risk that the borrower will be unable or unwilling to pay back the loan.

-Solid agreements should exist between UNICS PLC and her borrowers.

Counterparty risk: The risk that a party to a contract will be unable or unwilling to uphold their obligations (co-maker or co-signer).

-Solid agreements should exist between UNICS and her counterparties.

Asset price risk: The risk that assets will depreciate in value, resulting in financial losses, for example those held as securities of collaterals for loans.

-The long term effect on assets held as collaterals should be well evaluated.

Capital risk: A common concern with any investment is that you may lose the money you invest (your capital).

-UNICS should implement a system of effective planning and objective setting in order to minimise loses.

Financial risk: UNICS shareholders bear an additional risk when UNICS uses debt in addition to equity financing. Companies that issue more debt instruments would have higher financial risk than companies financed mostly or entirely by equity.

-Little or no dependency on debt financing will eliminate the risk.

Operational risk: The risk arising from execution of all UNICS's business functions. These

involve;

1. Fraud (internal or external).

2. Clients, products, and business practice -market manipulation, antitrust and improper trade.

3. Damage to physical assets - natural disasters, terrorism and vandalism.4. Business disruption and systems failures - utility disruptions, software and/or hardware

failures.5. Execution, delivery, and process management - data entry errors, accounting errors,

failed mandatory reporting and negligence.

17

To reduce operational risk adequate and flexible systems must be put in place; -Only valid or authorized transactions are processed. -Transactions occurred during the correct period or were processed timely. -All transactions are completely processed with no omissions. -Transactions are calculated using an appropriate methodology or are compute accurately. -Assets represent the rights of the company, and liabilities its obligations, as of a given date. Components of financial statements (or other reporting) are properly classified (by type or account) and described.

Currency risk. Given that UNICS holds foreign currencies and also performs international transfers which involves exchange between currencies (the US dollar and the British pound), she runs the risk that currency movements alone may affect the value of the currencies she holds.

-UNICS should limit the amount of foreign currencies she holds at a given time period.

Legal risk: (Data protection) UNICS runs the risk that the information she holds may not comply with the laws and regulations in force. This refers to the personal or client information UNICS holds and how it processes it.

For example UNICS uses the internet for communication. The passwords to the email address boxes are not restricted to particular employees or are changed on a regular basis. This means that an employee who has resigned or is dismissed can still have access to the entire UNICS information being carried over the internet at anytime anywhere provided there is internet connection. Confidential information may easily reach unauthorized third parties.

The therefore propose that passwords to UNICS email address boxes should be restricted to particular employees and should be changed on a monthly basis.

UNICS should also review the security of her IT systems and premises regularly.

Legal risk: (Health and safety).Threat of accidents and casualties. For example the cashiers risk falling sick as a result of the continues touching of cash and the inhaling of its smell.

-The Board must now, therefore, more than ever, embrace their overall responsibilities towards employee health.

Technology risk. UNICS runs the risk that key processes that she uses to develop, deliver, and manage its products, services, support operations, entry, transfer and storage of data may be lost .The importance of looking at technology risks in the context of UNICS business strategy is underscored by recent lessons learned from the tragedies of September 11th (While the vast majority of information systems recovered well and demonstrated the effectiveness of disaster planning measures, significant gaps in the continuity of key business process were experienced). By understanding the role that technology plays in supporting various business functions, UNICS management is in a better position to determine the relative importance of these functions and prioritize the systems, applications, and data involved.

-An information classification program can be instrumental in prioritizing data, and the systems and applications through which it flows. Information classification involves distinguishing classes of data, or systems, and assigning relative priorities. A basic classification system might incorporate three or four categories ranging from” highly confidential" to "public" with various degrees in between. Once

18

categorized, each class of data would be accorded certain treatment. Knowing the classifications allows bank management to trace the flows of information with an eye to ensuring proper protection throughout the system. Obviously, one would not want to see "highly confidential" and "public" information following the same transmission path or stored on the same computer server with only rudimentary controls. The information classification process will assist UNICS PLC Management in focusing attention on priority areas first and pinpointing key areas of vulnerability.

Political risk UNICS PLC faces complications as a result of what are commonly referred to as political decisions or any political change that alters the expected outcome and value of a given economic action by changing the probability of achieving business objectives. For example the recent government circular restricting banks from collecting account holding charges for deposit accounts.

-UNICS may have a Chief Risk Officer who is charged with managing political risk or, in many cases, this is the obligation of the Chief Financial Officer.

(c)RISK MANAGEMENT AND BUSINESS CONTINUITY.

Risk management is simply a practice of systematically selecting cost effective approaches for minimising the effect of unforeseen circumstances to the organization. All risks can never be fully avoided or mitigated simply because of financial and practical limitations. Therefore all organizations have to accept some level of residual risks.

The strategies involved in Risk Management include:

1. Transferring the risk to another party, 2. Avoiding the risk,

3. Reducing the negative effect of the risk and,

4. Accepting some or all of the consequences of a particular risk.

Risk avoidance: Includes not performing an activity that could carry risk. An example would be not buying a property or business in order not to take on the liability that comes with it.

Risk reduction: Involves methods that reduce the severity of the loss or the likelihood of the loss from occurring.

Risk retention: Involves accepting the loss when it occurs. True self insurance falls in this category. All risks that are not avoided or transferred are retained by default. War is an example since most property and risks are not insured against war, so the loss attributed by war is retained.

Risk transfer: In the terminology of practitioners and scholars alike, the purchase of an insurance contract is often described as a "transfer of risk."

However if risks are improperly assessed and prioritized, time can be wasted in dealing with risk of losses that are not likely to occur. Spending too much time assessing and managing unlikely risks can divert resources that could be used more profitably.

19

GENERAL CONCLUSION.

The lack of effective internal controls is one of the remaining impediments to the development of a sustainable microfinance industry; microfinance institutions (MFIs), technical assistance providers, donors, practitioner networks and regulators all have a role in overcoming this obstacle.

The officials of UNICS PLC can study these internal control weaknesses that are common elements of fraud or embezzlement and make necessary revisions to the UNICS internal controls. The ultimate tests of the effectiveness of UNICS internal control systems will be time and investor interest.

Unfortunately, UNICS may suffer serious unforeseeable financial loss before discovering the weaknesses inherent in her internal audit and control systems if she becomes complacent, assuming that what works well today will work well tomorrow.

Microfinance institutions that proactively apply the principles of risk management and implement an effective feedback programme will be able to uncover and address risk exposures and succeed the test of time. MFIs that prove their ability to manage and mitigate risk will be more likely to demonstrate consistent profits, the primary objective of private investors.

In addition, MFIs that implement effective internal control systems that aid in the risk management process will be most effective in fulfilling the social mission to provide financial services to low income sectors over the long-term.

However if internal control system is implemented only to prevent fraud and comply with laws and regulations, then an important opportunity is missed. The same internal controls can also be used to systematically improve businesses, particularly in regard to effectiveness and efficiency.

20