OM-8.2.31
In addition to segregation of duties, banks should ensure that other internal practices are in place as appropriate to control operational risk. Examples of these include:
(a) Close monitoring of adherence to assigned risk limits or thresholds;
(b) Maintaining safeguards for access to, and use of, bank assets and records;
(c) Ensuring that staff have appropriate expertise and training;
(d) Identifying business lines or products where returns appear to be out of line with reasonable expectations (e.g., where a supposedly low risk, low margin trading activity generates high returns that could call into question whether such returns have been achieved as a result of an internal control breach); and
(e) Regular verification and reconciliation of transactions and accounts.
Failure to implement such practices has resulted in significant operational losses for some banks in recent years.
Added: April 2008