Step Four of Seven Steps to CECL Compliance
Part four of a seven series blog
Step 4. Documenting processes
In the first three of our blogs addressing the Seven Steps of CECL preparation, we have discussed automating the process, modeling and developing reports. Preparing for CECL will also involve rewriting and documenting policies, including how CECL and the models or methodologies you use work.
Risk managers today are focused on controls: Who is responsible? What departments are involved? Everything needs to be very well documented. The institution must have a defined policy on internal controls and whoever touches the allowance must do so according to that policy.
While Excel “. . . is reasonably robust, the spreadsheets that people create with Excel are incredibly fragile. There is no way to trace where your data come from, there’s no audit trail (so you can overtype numbers and not know it), and there’s no easy way to test spreadsheets,” writes author James Kwak, co-founder of the economics blog The Baseline Scenario. “While all software breaks occasionally, Excel spreadsheets break all the time. But they don’t tell you when they break; they just give you the wrong number.” Read more about James Kwak’s research.
And when Excel gives you the wrong number it may not surface until an audit or regulatory exam.
“Forward-looking information required by CECL is going to impact lifetime expected credit losses,” Grant Thornton’s Graham Dyer pointed out. “That will involve information that comes from outside the accounting function, perhaps from the credit function or chief risk officer, areas not necessarily used to documenting all views in a manner that would withstand Sarbanes-Oxley level scrutiny.”
Under CECL, best estimates will exist as a key element in a crucial accounting document. The bank must document that it has considered all the right data to form its estimate. Even the best modeling process will raise auditor eyebrows if the internal controls are not clearly documented.