then the branch manager reports to senior management. Alternatively, the branch functions, such as
               lending, might have a direct reporting line to the vice president of loans rather than the branch
               manager.

               Entities are often structured along various dimensions and typically have a variety of relationships
               with outsourced service providers to support the achievement of objectives, thus creating additional
               structures and reporting lines.

               For example, many community banks outsource various functions of online banking (online bill
               payment or customer remote deposit capture of checks on a mobile device) to different service
               providers. Community banks typically establish balancing controls for these types of transactions
               provided by outsourced service providers to provide assurance of each system’s integrity (online bill
               payment or remote deposit capture, for example). Any balancing discrepancies would be reported to
               appropriate personnel within the community bank and the outsourced service providers.

               The framework notes that regardless of the organizational structure, definitions, and assignments of
               authority and responsibility, reporting lines and communication channels must be clear to enable
               accountability over operating units and functional areas.

              Point of focus — Establishes reporting lines

               Management designs and evaluates lines of reporting for each entity structure to enable execution of
               authorities and responsibilities and flow of information to manage the activities of the entity.

               An example of reporting lines in a community bank was provided in the immediately preceding point
               of focus section.
              Point of focus — Defines, assigns, and limits authorities and responsibilities

               Management and the board of directors delegate authority, define responsibilities, and use
               appropriate processes and technology to assign responsibility and segregate duties as necessary at
               the various levels of the organization.

               The framework provides the following considerations (with relevant examples added for illustrative
               purposes):
               –  Board of directors (those charged with governance) — Retains authority over significant decisions
                   and reviews management’s assignments and limitations of authorities and responsibilities.

                   For example, capital acquisitions over a certain dollar amount require board of director (those
                   charged with governance) approval.

               –  Senior management — Establishes directives, guidance, and control to enable management and
                   other personnel to understand and carry out their internal control responsibilities.
                   For example, an entity that is a local school district has a senior management directive that
                   forbids the acceptance by any school administrator of any gift or other consideration of any dollar
                   value because this might be perceived as a conflict of interest.

               –  Management — Guides and facilitates the execution of senior management directives within the
                   entity and its subunits.





            © 2020 Association of International Certified Professional Accountants. All rights reserved.    3-8