ATM Risk Management and Controls - EuroJournals
ATM Risk Management and Controls - EuroJournals
ATM Risk Management and Controls - EuroJournals
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
166 European Journal of Economics, Finance <strong>and</strong> Administrative Sciences - Issue 21 (2010)<br />
<strong>ATM</strong> <strong>Risk</strong> <strong>Management</strong><br />
<strong>ATM</strong> risk management is a ongoing process of identifying, monitoring <strong>and</strong> managing potential risk<br />
exposure considering as <strong>ATM</strong>s relates to payment systems. The following should be considered:-<br />
• General Supervision<br />
• Transaction Processing<br />
• System administration<br />
Identifying the Various Areas<br />
The management can identify the major area of risks by doing an analysis or statistical sampling of the<br />
information given below. They should be able to form an opinion from this information below:-<br />
a) Total number of <strong>ATM</strong>’s <strong>and</strong> their usage.<br />
b) Time logged on/Settlement time.<br />
c) Number of Cardholders.<br />
d) Number of Transactions, e.g. Withdrawals <strong>and</strong> transfers etc.<br />
e) Total amount withdrawn of transferred etc.<br />
f) Number of <strong>ATM</strong> reports generated etc. <strong>and</strong> may more areas.<br />
g) Overall review of <strong>ATM</strong> management resources etc.<br />
Only after management have identified these areas can the controls be increased, changed or<br />
modified. It is important to determine a reasonable estimate of the overall value of the <strong>ATM</strong><br />
installation. Care should also be taken in determining the value of the installed software.<br />
Estimating the <strong>ATM</strong> Loss<br />
Estimating losses can be difficult, Dr Catherine P Smith (1987) indicated “that normally the loss could<br />
be due to human error, technical error or deliberate action such as fraud, misuse or unauthorised use of<br />
the <strong>ATM</strong> card etc.” Most financial institutions treat <strong>ATM</strong> losses unless it is major as a small loss<br />
unless it is a major fraud. Normally the loss is only a very small percentage when compared to the<br />
overall volume <strong>and</strong> amount transacted within the bank. Alvin A, Arens <strong>and</strong> James K Loebbecke (<br />
1988) indicated “that it is not possible to establish my dollar- value guidelines as it depends on a<br />
number of factors which the management analyses <strong>and</strong> forms a decision”.<br />
Upon management identifying the risks, audit techniques can be used to evaluate the<br />
consequences of fraud or misuse at the <strong>ATM</strong> prior to recommending improved controls.<br />
There are several exposures to losses inherent in an <strong>ATM</strong> installation, e.g. exposure occurs<br />
when a customer transfers funds over communication links; customer’s financial data are subjected to<br />
fraudulent interception at many points.<br />
What should be done is to find a way to reduce risks <strong>and</strong> threats to an acceptable level <strong>and</strong> to<br />
provide a method of recovery of <strong>ATM</strong> losses.<br />
<strong>ATM</strong> Security Measures<br />
Normally security measures are divided into 2 groups. Firstly to reduce the losses at the <strong>ATM</strong> <strong>and</strong><br />
secondly to find a way to fund or recover these losses.