Bank Information Security Policy - Excel by csq66933

VIEWS: 61 PAGES: 8

More Info
									                                                            Internal Audit Procedures
                                                                 Facility Security

                                  Contributed November 9, 2001 by Gary Pelcak <GaryP@CENTRALNATIONAL.com>

        Date                                                                                        Performed by:
     Completed                                                                                      Reviewed by:
                                                                                                    W/P Reference:

12 CFR 21.2 Designation of Security Officer
                    The Bank's Board of Directors shall designate a security officer who shall
                    have the authority, subject to the approval of the board of directors, for
                    immediately developing and administering a written security program to
                    protect each banking office from robberies, burglaries, and larcenies.

12 CFR 21.3 Security Program

A. The contents of a Security Program shall:
                     1. Establish procedures for opening and closing for business and for the
                     safekeeping of all currency, negotiable securities, and similar valuables at
                     all times
                     2. Establish procedures that will assist in identifying persons committing
                     crimes against the institution and that will preserve evidence that may aid
                     in their identification or conviction; such procedures may include, but are
                     not limited to:
                     a. Using identification devices such as prerecorded serial-numbered bills,
                     or chemical and electronic devices;
                     b. Maintaining a camera that records activity in the banking office
                     c. Retaining a record of any robbery, burglary or larceny committed or
                     attempted against a banking office
                     3. Provide for the initial and periodic training of employees in their
                     responsibilities under the security program and in proper employee
                     conduct during and after a robbery
                     4. Provide for the selecting, testing, operating and maintaining
                     appropriate security devices, as specified below:
B. Security Devicies Each national bank shall have at a minimum
                     1. A means of protecting cash or other liquid assets, such as a vault,
                     safe, or other secure space.
                     2. A lighting system for illuminating, during the hours of darkness, the
                     area around the vault, if the vault is visible from outside the banking
                     office.


1b0a888c-d92e-4ff7-a653-e00de124f76e.xls                                                                             Page 1 of 8
                                                            Internal Audit Procedures
                                                                 Facility Security

                     3. Tamper-resistant locks on exterior windows designed to be opened;

                     4. An alarm system or other appropriate device for promptly notifying the
                     nearest responsible law enforcement officers of an attempted or
                     perpetrated robbery, burglary or larceny
                     5. Such other devices as the security officer determines to be
                     appropriate taking into consideration:
                     a. The incidence of crimes against financial institutions in the area
                     b. The amount of currency or other valuables exposed to robbery,
                     burglary, or larceny
                     c. The distance of the banking office from the nearest responsible law
                     enforcement officers and the time required for such law enforcement
                     officers ordinarily to arrive at the banking office.
                     d. The cost of security devices
                     e Other security measures in effect at the banking office
                     f. The physical characteristics of the banking office structure and its
                     surroundings.
12 CFR 21.4 Report
                     The security officer for a national bank shall report at least annually to the
                     bank's board of directors on the effectiveness of the security program.
                     The substance of the report shall be reflected in the minutes of the Board
                     meting in which it is given.




1b0a888c-d92e-4ff7-a653-e00de124f76e.xls                                                              Page 2 of 8
                                                            Internal Audit Procedures
                                                                 Facility Security

        Date                                                                                        Performed by:
     Completed                                                                                      Reviewed by:
                                                                                                    W/P Reference:

Security Devices
A. Physically inspect for the following devices in each area handing cash or equivalent documents

                      1. Surveillance cameras placed to monitor individuals on bank premises

                      2. Alarm system(s) tied into police departments.
                      3. Night vault alarms on all vaults including:
                      a. Main vault
                      b. Night depositories
                      4. Lights constantly illuminating outside of vault area
                      5. Height Markers
                      6. Serviceability of interior doors and gates
                      7. Exterior Windows and doors have tamper proof locks
                      8. Security of teller cash drawer and keys.

B. Verify that alarms, combinations, and cameras are under standard maintenance contracts
                      1. Verify that timely inspections on devices have been performed
                      2. Examine for the existence of the security device maintenance record
                      detailing dates of repair work and / or maintenance work performed

                      3. Verify that the records are completed, signed and dated
                      4. Verify date of last alarm test.

C. Vault Procedures
                      1. Review vault openings and closings, discuss access procedures with
                      the facility manager or security officer or personnel who require access to
                      the vault.
                      2. Verify existence of the following control items
                      a. Vault Register
                      b. Vault Access Log
                      c. Vault and /or teller blotter for cash counts
                      d. Does the facility maintain a copy of CNB Bank Cash Control
                      Procedures



1b0a888c-d92e-4ff7-a653-e00de124f76e.xls                                                                             Page 3 of 8
                                                            Internal Audit Procedures
                                                                 Facility Security

                      3. Observe whether reserve coin and currency supplies, negotiable
                      securities, and other valuables are stored in locked vaults during non-
                      banking hours

D. Currency Level Limits
                    1. Discuss with facility personnel their understanding of the currency limit
                    portion of the bank security policy and related procedures.
                    2. Determine whether tellers understand:
                    a. The maximum levels of cash they are to maintain in their working cash
                    draw.
                    b. The maximum levels of cash they are to maintain protected under
                    separate lock in excess of their working cash fund.
                    c. The procedures for selling excess cash to the vault teller and the
                    immediacy with which they must sell excess cash.

E. Bait Money Procedures
                    1. Discuss with manager's, security officer, and tellers' their
                    understanding of bait money procedures.
                    2. Discuss the procedures for rotating the bait money on a timely basis

                      3. Inspect for the presence of bait money on tellers' drawers and vaults

                      4. Inspect for the presence of a bait money listing
                      5. Review the records kept on the bait money to determine that the
                      following information has been included:
                      a. serial numbers
                      b. denominations
                      c. year of issue
                      d. branch location, date list was prepared, and applicable signatures

F. Access Procedures
                   1. Opening Procedures
                   a. Discuss with facility personnel their understanding of opening
                   procedures.
                   b. Verify that employees look for suspicious vehicles or persons prior to
                   opening the bank
                   c. Verify that employees look for unauthorized entry prior to opening the
                   bank



1b0a888c-d92e-4ff7-a653-e00de124f76e.xls                                                           Page 4 of 8
                                                            Internal Audit Procedures
                                                                 Facility Security

                      2. Closing Procedures
                      a. Discuss with facility personnel their understanding of closing
                      procedures.
                      b. Verify that employees look for suspicious vehicles or persons prior to
                      closing the bank
                      c. Verify that employees scan teller and desk area prior to closing and
                      locking the vault.

G. Robbery Procedures
                   1. Verify the facility maintains the current version of the CNB Employee
                   Security Program and Training Manual
                   2. Discuss proper and safe conduct before, during and after a robbery.


H. Training
                      1. Inspect for documentation indicating that security training takes place
                      on an annual basis.
                      2. Review procedures for:
                      a. fire
                      b. bomb threats
                      c severe weather
                      d. civic disturbances
                      e. kidnapping
                      f. evacuation routes




1b0a888c-d92e-4ff7-a653-e00de124f76e.xls                                                           Page 5 of 8
                                                            Internal Audit Procedures
                                                                 Facility Security

        Date                                                                                      Performed by:
     Completed                                                                                    Reviewed by:
   March 9, 2001                                                                                  W/P Reference:

Security Devices
A. Physically inspect for the following devices in each area handing cash or equivalent documents

                      1. Surveillance cameras placed to monitor individuals on bank premises

                      2. Alarm system(s) tied into police departments.
                      3. Night vault alarms on all vaults including:                              ---
                      a. Main vault
                      b. Night depositories
                      4. Lights constantly illuminating outside of vault area
                      5. Height Markers
                      6. Serviceability of interior doors and gates
                      7. Exterior Windows and doors have tamper proof locks
                      8. Security of teller cash drawer and keys.

B. Verify that alarms, combinations, and cameras are under standard maintenance contracts
                      1. Verify that timely inspections on devices have been performed
                      2. Examine for the existence of the security device maintenance record
                      detailing dates of repair work and / or maintenance work performed

                      3. Verify that the records are completed, signed and dated                  ---
                      4. Verify date of last alarm test.

C. Vault Procedures
                      1. Review vault openings and closings, discuss access procedures with
                      the facility manager or security officer or personnel who require access to
                      the vault.
                      2. Verify existence of the following control items                          ---
                      a. Vault Register
                      b. Vault Access Log
                      c. Vault and /or teller blotter for cash counts
                      d. Does the facility maintain a copy of CNB Bank Cash Control
                      Procedures


1b0a888c-d92e-4ff7-a653-e00de124f76e.xls                                                                           Page 6 of 8
                                                            Internal Audit Procedures
                                                                 Facility Security

                      3. Observe whether reserve coin and currency supplies, negotiable
                      securities, and other valuables are stored in locked vaults during non-
                      banking hours

D. Currency Level Limits
                    1. Discuss with facility personnel their understanding of the currency limit
                    portion of the bank security policy and related procedures.
                    2. Determine whether tellers understand:                                       ---
                    a. The maximum levels of cash they are to maintain in their working cash
                    draw.
                    b. The maximum levels of cash they are to maintain protected under
                    separate lock in excess of their working cash fund.
                    c. The procedures for selling excess cash to the vault teller and the
                    immediacy with which they must sell excess cash.

E. Bait Money Procedures
                    1. Discuss with manager's, security officer, and tellers' their
                    understanding of bait money procedures.
                    2. Discuss the procedures for rotating the bait money on a timely basis

                      3. Inspect for the presence of bait money on tellers' drawers and vaults

                      4. Inspect for the presence of a bait money listing
                      5. Review the records kept on the bait money to determine that the
                      following information has been included:
                      a. serial numbers
                      b. denominations
                      c. year of issue
                      d. branch location, date list was prepared, and applicable signatures

F. Access Procedures
                   1. Opening Procedures
                   a. Discuss with facility personnel their understanding of opening
                   procedures.
                   b. Verify that employees look for suspicious vehicles or persons prior to
                   opening the bank
                   c. Verify that employees look for unauthorized entry prior to opening the
                   bank



1b0a888c-d92e-4ff7-a653-e00de124f76e.xls                                                                 Page 7 of 8
                                                            Internal Audit Procedures
                                                                 Facility Security

                      2. Closing Procedures                                                        ---
                      a. Discuss with facility personnel their understanding of closing
                      procedures.
                      b. Verify that employees look for suspicious vehicles or persons prior to
                      closing the bank
                      c. Verify that employees scan teller and desk area prior to closing and
                      locking the vault.

G. Robbery Procedures
                   1. Verify the facility maintains the current version of the CNB Employee
                   Security Program and Training Manual
                   2. Discuss proper and safe conduct before, during and after a robbery.


H. Training
                      1. Inspect for documentation indicating that security training takes place
                      on an annual basis.
                      2. Review procedures for:
                      a. fire
                      b. bomb threats
                      c severe weather
                      d. civic disturbances
                      e. kidnapping
                      f. evacuation routes


     Comments




1b0a888c-d92e-4ff7-a653-e00de124f76e.xls                                                                 Page 8 of 8

								
To top