Internal audit of model risk management program

Start adding items to your reading lists:
or
Save this item to:
This item has been saved to your reading list.

PwC assisted the internal audit group at a large financial institution with the design and execution of audit procedures around the institution’s model risk management practices across the first and second lines of defense.

Client’s challenge

The client’s model risk management practices have been undergoing significant transformation over the recent time period requiring the Internal Audit function to step up the level of sophistication of their audit approach and engage deep subject matter specialists to carry out the testing.

View more

PwC’s solution

PwC brought deep expertise and a number of tools and accelerators to assist with the development of a comprehensive and rigorous audit program around model risk management, as well as execution of the testing program. Our services included:

  • Development of a comprehensive Risk & Controls Matrix (“RCM”) covering model risks across the full model life cycle and first and second lines of defense (“LoD”). For each risk, the matrix included a detailed set of testing steps covering both the design and operating effectiveness testing of MRM controls;
  • Development of a comprehensive audit strategy document describing how IA’s testing addresses all the model risks across different lines of business, functional areas, and different types of audits (dedicated MRM audit, business area audits, and IT audits) over time;
  • Development of tools and templates for different types of testing, including the model-specific documentation and validation testing assessments detailed below;
  • Execution of the design and operating effectiveness testing of the appropriate RCM tasks as part of a comprehensive MRM audit;
  • Subject Matter Specialist (“SMS”) assistance with the testing of model-specific MRM controls for a diverse representative sample of models. The testing included:

First LoD testing: Evaluation of the model development and implementation documentation (including ongoing risk and performance monitoring plans) to help ensure that it is complete and consistent with the Bank’s model documentation standards and industry leading practices for documenting similar models.

Second LoD testing: Testing of operating effectiveness of independent model validation process to ensure that:

- The scope of testing comprehensively addressed all unique model
   risks associated with the model’s development, implementation,
   use, and monitoring;

- The rigor of the testing was consistent with the industry practices
   for a given model type and commensurate with the model’s risk
   tier;

- The validation report included comprehensive and detailed
   information about the validation testing performed;

- The validation report included explicit validation conclusions
   supported by testing evidence;

- Any identified risks were documented together with the
  appropriate longer-term remediation actions and near-term risk
  mitigants agreed with the 1st LoD.

- Assistance with the documentation of audit issues and audit report
  drafting.

View more

Impact on client’s business

At the end of the engagement, the Bank possessed a comprehensive MRM audit program and associated tools and templates. The Bank’s internal IA personnel have been trained on the testing requirements and use of the tools and templates. Additionally, the testing identified a number of areas of the Bank’s MRM program requiring enhancement. Where appropriate, PwC provided detailed recommendations on remediating the identified program weaknesses.

View more

How PwC can help your business

PwC’s model risk management practice offers a full range of Advisory services to assist you in identifying and managing the ​model ​risks associated with ​models used for risk management, valuation, and financial/regulatory reporting purposes.

Contact us

Jason Dulnev

Principal, Risk Analytics, PwC US

Follow us