KUWAIT INVESTMENT COMPANY

Risk Control Matrix - Corporate Finance Department (CFD)

Control
S.No Key Risk Existing Controls Control Attributes Control Gap Recommendation
No.
Detective
Automat Control
Control /
ed / Frequen
Owner Preventiv
Manual cy
e
Sub Process A: Policy Framework
Policy and procedure manual
exist and is approved by the
Documented, Executive Committee and
up to date and endorsed by Board of
Head - Preventiv Event
A.1 approved A.1.1 Directors(BODs). Any changes Manual -- --
CFD e Based
policy and to the policy and procedure
procedures manual is approved by
Chairman & CEO (CCEO) and
endorsed by the BODs.
The credit policy defines that
Consistency of all the instructions issued by
Credit Policy the regulatory authorities
with including CBK must be
Head - Preventiv Event
A.2 requirements A.2.1 ensured by CFD. Any update / Manual -- --
CFD e Based
of regulatory amednments to the policy
authorities due to CBK guidelines is
including CBK approved by CCEO and
endorsed by BOD's.

Financail Controller annualy

prepares the business plan
for the entire company
Department's identifying the CFD's plan and Financial
Preventiv
A.3 business plan / A.3.1 strategy for the year Controlle Manual Annualy
e
strategy including financial projections r
for the department. The same
is alligned with the corporate
objectives.

1
 Control
S.No Key Risk Existing Controls Control Attributes Control Gap Recommendation
No.
Detective
Automat Control
Control /
ed / Frequen
Owner Preventiv
Manual cy
e
Sub Process B: Due Diligence / Credit Appraisal

The officer in
There are no charge should
controls in review the
Consistency of place to ensure Due Diligence
due diligence the due Checklist upon
Credit Preventiv
B.1 across B.1.1 -- Manual Ongoing diligence is completion of
Officer e
counterparties consistent its analysis to
or across time. across verify that it is
counterparties complete,
or across time. consistent and
accurate.

There is process whereby the

department evaluates each
facility.Credit Policy requires
Effectiveness the CFD to conduct risk
of due analysis on the paramters as Preventiv
B.2 B.2.1 SM - CFD Manual Ongoing -- --
diligence / defined and which must be e
credit appraisal made part of the
memorandum to be
submitted to the executive
committee.

The risk analysis conducted is

independently examined to
ensure compliance with
B.2.2 policy requirements by the CRO Manual Detective Ongoing -- --
risk management office
before the same is sent to
executive committee.

2
 Control
S.No Key Risk Existing Controls Control Attributes Control Gap Recommendation
No.
Detective
Automat Control
Control /
ed / Frequen
Owner Preventiv
Manual cy
e
Sub Process C: Approval Process

Due Diligence report is

examined by the managers of
CFD's review of the department and after
C.1 risk analysis / C.1.1 amendment (if necessary), it SM - CFD Manual Detective Ongoing -- --
due diligence is submitted to the
Department Head and / or
AGM of the sector.

Detailed proposal is
Compliance
independently examined by
with risk
the risk management office to
parameters
ensure compliance with
C.2 and procedures C.2.1 CRO Manual Detective Ongoing -- --
policy requirements, before
as laid down in
the final memorandum is sent
the credit
to CCEO and the Executive
policy.
Committee for approval.

Only loans which are

approved by the executive
committee or CCEO (upto Head -
Authorization KWD 1 million) can be CFD
of loans / processed for disbursement. Head - Preventiv
C.3 C.3.1 Manual Ongoing -- --
granting credit Copies of approal are Settleme e
facility forwarded to the legal, nt Head -
treasury, settlements, Treasury
internal audit and accounts
department.

3
 Control
S.No Key Risk Exisitng Controls Control Attributes Control Gap Recommendation
No.
Detective
Automat Control
Control /
ed / Frequen
Owner Preventiv
Manual cy
e
Sub Process D: Credit Exposure Monitoring

Credit Limits are defined in Head - Preventiv

D.1 Credit Limits D.1.1 Manual Ongoing -- --
the credit policy. CF e

Risk Management Office

prepare monthly reports
highlighting the current
D.1.2 expsoures and limit breaches CRO Manual Detective Monthly -- --
(if any) and coordinates with
the CFD in case of fall below
the required minimum.

Defined
Collateral coverage and types
collateral types
of collateral are defined in the
and the Head - Preventiv
D.2 D.2.1 credit policy. Credit is Manual Ongoing -- --
required CF e
granted as per the coverage
collateral
required.
coverage %.

Collateral
Collateral deficiencies are
coverage Head -
D.3 D.3.1 identified and followed up for Manual Detective Ongoing -- --
follow-up /top CF
required top-ups by the CFD.
ups

4
 Control
S.No Key Risk Exisiting Controls Control Attributes Control Gap Recommendation
No.
Detective
Automat Control
Control /
ed / Frequen
Owner Preventiv
Manual cy
e
Risk Management Office
prepare monthly reports
highlighting the collateral
D.3.2 CRO Manual Detective Monthly -- --
coverage and coordinates
with the CFD in case of fall
below the required minimum.
Sub Process E: Operations

Documentation
All documents of credit Head -
for each facility
facility is submitted to Legal CFD Preventiv
E.1 in accordance E.1.1 Manual Ongoing -- --
Department for review and Head - e
with all legal
approval. Legal
requirements.

Authorization
Approved authority matrix for
of payment
payment requests for
requests for
departmental expenses and SM -
departmental Preventiv
E.2 E.2.1 expenses related to KIC Operatio Manual Ongoing -- --
expenses and e
money. The same is made ns
expenses
part of the Financial Authority
related to KIC
document.
money

5
 Control
S.No Key Risk Exisitng Controls Control Attributes Control Gap Recommendation
No.
Detective
Automat Control
Control /
ed / Frequen
Owner Preventiv
Manual cy
e
Authorization Approved authority matrix for
of payment payment requests for
SM -
requests for expenses related to client Preventiv
E.3 E.3.1 Operatio Manual Ongoing -- --
expenses money. The same is made e
ns
related to part of the Financial Authority
client money document.

Defined AML procedures for

Risk of 'money Corporate Finance
Credit Preventiv
E.4 laundering by E.4.1 Department. Also, due Manual Ongoing -- --
Officer e
association' diligence checklist in place
and is being followed.

Monitoring and
A quarterly status report is
supervision
prepared by the CFD and
over credit Head - Quarterl
E.5 E.5.1 submitted to CCEO, General Manual Detective -- --
function by CF y
Manager, Internal Audit and
senior
Risk Management.
management

6
 Risk Management Office
prepares monthly credit risk
E.5.2 report and is circulated to all CRO Manual Detective Monthly -- --
risk management committee
members including BOD's
Control
S.No Key Risk Exisitng Controls Control Attributes Control Gap Recommendation
No.
Detective
Automat Control
Control /
ed / Frequen
Owner Preventiv
Manual cy
e
Sub Process F: Filing & Achiving

Checklist is used for

Recordkeeping
collecting the information Credit Preventiv
F.1 & filing F.1.1 Manual Ongoing -- --
from client. Separate files are Officer e
mechanism
maintained for each facility.

Credit files, records and

Safe keeping of
original contracts are kept
credit files,
under safe keeping with Credit Preventiv
F.2 records, and F.2.1 Manual Ongoing -- --
central filing. Only duplicate Officer e
original
copies are kept with the
contract
department.

Sub Process G: Loan Servicing

7
 Follow-ups with
the client for
collection of
required
financial
statements, There is process and is
collateral documented in the credit Head -
G.1 G.1.1 Manual Detective Ongoing -- --
reports and policy whereby the clients are CFD
other followed up with.
information
which may lead
to client
defaults/bad
debts
Control
S.No Key Risk Exisitng Controls Control Attributes Control Gap Recommendation
No.
Detective
Automat Control
Control /
ed / Frequen
Owner Preventiv
Manual cy
e
For any credit facilty to be
rescheduled or renewed, CFD
Aythorization
has to take the approval of
for
executive committee or CCEO Head - Preventiv
G.2 rescheduling / G.2.1 Manual Ongoing -- --
(upto his powers) by virute of CFD e
renewal of
a new endorsement
credit facility
memorandum and thereafter
a new contract.
Credit policy details the
process for classification of
Classification of
credit facilties in accordance
credit facilities
with the circular of CBK. Any Head - Preventiv
G.3 in accordance G.3.1 Manual Ongoing -- --
update / amednments to the CFD e
with CBK
policy due to CBK guidelines
requirements
is approved by CCEO and
endorsed by BOD's.

8
 Credit policy details the
process for calculating the
required provisions. CFD is
Calculating &
required to submit a quarterly
reporting Head - Preventiv Quarterl
G.4 G.4.1 report to CBK with detailed Manual -- --
provisions on CFD e y
information on classifcation of
loans
credit facilties, the provisions
required thereto and pending
interests.

9
mmendation

10
mmendation

11
mmendation

12
mmendation

13
mmendation

14
mmendation

15
mmendation

16
mmendation

17
18
 RCM - Slaes and Receivables

Risk Control Matrix - Administrative Expenses

Contro Contro
S.No. Key Risks Desired Controls
l No. l Type

1 2
COMMON FOR ALL TYPES OF EXPENSES
Sub-Process A - Policy Framework
A.1 A well defined policy does not exist.
Sub-Process B - Vendor Selection
Appointed agencies may not be
competent to handle the assigned
job.
B.1
6 7 8
Clearly defined guidelines or Authority Manual
are in place to ensure Segregation of duties
A.1.1
and Delegation of authority which should be
strictly followed.
Such policies or guidelines or manuals are
A.1.2 D
strictly followed.
There is a documented process for
appointment of agencies by <Appropriate
Authority> clearly defining the parameters for
B.1.1
attributes like quality, rate, efficiency,
timeliness etc and justification for
appointment.
The selection and appointment process is
B.1.2 documented clearly stating the justification for D
appointment.
The appointment is approved by <Appropriate
B.1.3 D
Authority>.

Sub-Process C - Vendor Performance Evaluation

There is a well documented procedure clearly
Appointed agencies may render sub-
C.1.1 defining the parameters and periodicity of the
C.1 standard services.
performance evaluation of an agencies.
The periodicity of performance should be
C.1.2 D
defined.
Action should be taken on the basis of the
Price Quality equations may not be
C.2 C.2.1 Performance evaluation either in monitory
maintained.
terms or in non monitory terms.

Sub-Process D – Rate Negotiations and Contracts

Manajan Aibara 24
 RCM - Slaes and Receivables

Risk Control Matrix - Administrative Expenses

Contro Contro
S.No. Key Risks Desired Controls
l No. l Type

1 2 6 7 8
Competitive Quotations are invited and
The agreed terms and price may not documented to ensure the availability of the
be negotiated with the service D.1.1 service at the best negotiated rate and
provider. justification for selection of agency with higher
D.1 rates should be given.
D.1.2 Documents for rate negotiations are available. D
Documents justifying selection of agency with
D.1.3 D
higher rate are available.
There prevails a scope for price Rate Contracts are entered into with such
D.2 D.2.1
fluctuation. agencies, wherever possible.

Sub-Process E – Budgetary Control and Monitoring

Annual Budget for each types of expenses
approved by <Appropriate Authority> is
The process of preparing Annual
E.1.1 prepared before the start of the period and
budget is non existant.
any increase in budget compared to previous
E.1 period is justified and documented.
Increase in budget compared to previous
E.1.2 D
period is justified and documented.
Such Budget is approved by <Appropriate
E.1.3 D
Authority>.
System of monthly monitoring of budget and
Huge Deviation in actual and
E.2.1 actual expenses is in place and variances if
budgeted expenses.
any are justified and documented.
E.2
E.2.2 Reasons for the variances are documented. D
Interim review of budget and revision of the
E.2.3
same, if required, is held.

Sub-Process F – Advance Payment (If any) / Deposits

Payment terms should be properly defined
Advance payment is paid even when
F.1.1 and agreed and advance payment is approved
is not required.
F.1 by <Appropriate Authority>.

Manajan Aibara 24
 RCM - Slaes and Receivables

Risk Control Matrix - Administrative Expenses

Contro Contro
S.No. Key Risks Desired Controls
l No. l Type

1
F.1 2 6 7 8
Advance payment is approved by
F.1.2 D
<Appropriate Authority>.
Not only periodic review of advance payment
Advance payment are lying is done and track of such payment is kept but
F.2.1
unadjusted. also proper recoupement of expenses from
F.2 such advance payment is done.
Proper recoupement of expenses from such
F.2.2 D
advance payment is done.

Sub-Process G – Bill passing

Only original bills with requisite supportings
Adequate bill passing process may are passed and incase of duplicate bills, it is
not be defined which may result in
G.1.1 clearly mentioned on the face of the bill.
G.1 passing of false bills or passing of bill Moreover, authority level in bill passing is
more than one time. defined and
Authority followed.
level in bill passing is defined and
followed.
G.1.2 Only original bills are accepted. Incase of D
duplicate bills, it is clearly mentioned on the
G.1.3 D
face of the bill.
Delay in bill passing and hence System is in place to reconcile the bills with
G.3.1 D
penalty or interest is attracted. other records
Proper flow of or supportings.
papers within the organisations
G.3 alongwith an efficient system for reconciliation
G.3.2 of bills with supportings ensures timely
passing of bills.

Sub-Process H – Recording of expenses

Timely bill passing will ensure timely booking
H.1 Delay in expense booking. H.1.1
of expenses.
There is a process of reconciliation of
Wrong booking of expenses. H.2.1 expenses at different level with supportings
vis-a-vis actual booking which is regularly
H.2
reported to the management.

Manajan Aibara 24
 RCM - Slaes and Receivables

Risk Control Matrix - Administrative Expenses

Contro Contro
S.No. Key Risks Desired Controls
l No. l Type

H.2
1 2 6 7 8
Regular reporting of all the expense to the
H.2.2 D
management.

EXPENSE SPECIFIC
1. For Courier Charges

False dispatch is charged to the Dispatch register is maintained by the

1.1 1.1.1 organisation and the bills are reconciled along
company.
with the register and proof of deliveries.
Non Receipt of Courier by the Proof of delivery is obtained from the
1.2 1.2.1
receiving parties. agencies. of agency and rate negotiation is
Selection
Different departments may pay Centralised process and One-Point dispatch
1.3.1
1.3 different charges. system is
System of introduced.
One point dispatch should be
1.3.2 brought in. D

2. For Telephone Charges

There may be misuse of Long
distance call facility / Personal calls.
2.1
All the benefits of the selected
2.2
scheme / tariff may not be enjoyed.
Detailed register of the long distance calls are
2.1.1 D
maintained.
2.1.2 Charges of such personal calls are recovered.
STD Lock facility is used and usage of the
2.1.3 same is through proper authority and a
detailed register is maintained.
Analysis of call usage is done and suitable
2.2.1
tariff is selected.

3. For Electricity Charges

3.1

4. For Insurance Charges

Asset might get skipped from being Insurance policy is taken out on all the assets
4.1 4.1.1
insured. appearing in the Asset Register.

Manajan Aibara 24
 RCM - Slaes and Receivables

Risk Control Matrix - Administrative Expenses

Contro Contro
S.No. Key Risks Desired Controls
l No. l Type

1 2 6 7 8
Non renewal of insurance policy and Insurance policy Database is maintained and
4.2 4.2.1
hence loss of claim, if any. reviewed regularly.

Wrong / inadequate valuation of the All the incidental expenses incurred even for
4.3 4.3.1 the installation are also included in the
asset for the insurance policy.
valuation of the asset.

5. For Rent / Lease Rent / Business Service Charges

5.1

6. For Stationery Charges

Adequacy in stock recording may not Detailed stock register is maintained which is
6.1.1
be achieved. periodically
There existsreconciled
a system of with the actual
periodic stockstock.
taking
6.1
and reconciliation thereof with the stock
6.1.2 D
register.
Very high consumption / high Availability of stationary items are at one
amount of wastage found in the 6.2.1 department only which records usage and
6.2 organisation. regularly reviews high consumption.
Record of usage
6.2.2 Department is kept
regularly by thethe
reviews department.
high D
6.2.3 consumption. D

7. For Xerox Charges

There is a control to minimise the xerox done
7.1 Inadequate usage of Xerox machine. 7.1.1
fromusage
The outside.
of the machine is examined and
Frequent overhauling / servicing of the option of purchasing another is
7.2 7.2.1
the Xerox machine. considered.

8. For Motor Car expenses

Reimbursement of the petrol The limit of the reimbursement is defined in

8.1.1 the policy which is followed, reviewed and
expenses without any limit.
8.1 updated if required.

Manajan Aibara 24
 RCM - Slaes and Receivables

Risk Control Matrix - Administrative Expenses

Contro Contro
S.No. Key Risks Desired Controls
l No. l Type

1
8.1 2 6 7 8
There is a process of regular review and the
8.1.2 D
updation, if required, of the policy.

Notes
1. Risk Category: (A particular risk can have any of the following categories or combination there off)
1.1 Strategic
1.2 Operational
1.3 Reporting
1.4 Compliance

2. Likelihood of Risk (This will depend on overall assessment of risk and effectiveness of related contrls)
2.1 High
2.1 Medium
2.1 Low

3. Impact of Risk (Impact of a risk will always be a constant)

3.1 High
3.2 Medium
3.3 Low

4. Control Type (Will depend on the nature of control and will be a constant)
4.1 Preventive
4.2 Detective

5. Existing Control Scenario (To be populated after interactions with the process owner(s) and studying the system carefully

6. Control gaps will emerge as a result of the comparison of desired controls and existing controls.

Manajan Aibara 24