Treasury Risk Assessment Checklist

Pull the rolling 13-week direct cash forecast from the TMS or workbook. Compare last quarter's forecast against actuals week-by-week and flag any week with variance greater than 10% — recurring under-forecasts on AR collections are the usual culprit.

Tie the bank-reported balances (Kyriba / GTreasury feed or manual statement pull) to the GL cash accounts. Identify trapped cash in foreign subs and quantify what would require dividend, intercompany loan, or cash pool to repatriate.

Calculate undrawn capacity on the revolving credit facility net of letters of credit. Recompute the leverage and fixed-charge coverage covenants on a trailing-twelve-month basis and document headroom; flag any covenant within 15% of trip.

Model a 30-day liquidity stress: top-customer payment delay of 30 days, revolver access frozen, and a 15% AR collection shortfall. Document whether minimum operating cash threshold is breached and on what day.

Identify the funding levers in priority order: revolver draw, commercial paper issuance, AR factoring, term loan upsizing, intercompany sweep. For each, document the lead time and any board or lender consent required.

Aggregate deposits, money-market balances, derivative MTM, and other exposures by bank counterparty and rating (Moody's / S&P / Fitch). Flag any counterparty exceeding the policy concentration limit (commonly 25% of total cash with any single bank below A-).

Move excess balances into MMFs or sweep accounts to bring counterparty exposure under policy. Document the rebalancing in the treasury committee minutes — post-SVB, bank-concentration breaches need an explicit paper trail.

Pull the aging report grouped by customer credit tier. Investigate every 90+ balance over $50K with the collections lead; confirm bad-debt reserve methodology still reflects observed default rates.

For top customers, pull updated D&B / Experian commercial reports and refresh credit limits. Confirm any customer with a deteriorating PAYDEX or recent material UCC filings is moved to prepay or shortened terms.

Confirm the Euler Hermes / Atradius / Coface policy covers the current top-customer roster at the approved limits. New customers added since last quarter often slip through without coverage requests filed.

Calculate the annualized interest expense impact of a +100bps and +200bps SOFR shock on the floating-rate portion of the debt stack. Cross-check against the budgeted interest line and flag the variance to FP&A.

Aggregate transactional and translational FX exposure by currency pair from the AR/AP sub-ledgers and forecasted intercompany flows. Identify exposures over the policy materiality threshold (typically $1M notional per pair) that are unhedged.

Run the regression or dollar-offset effectiveness test on each designated hedge relationship. Document the results in the hedge file — failed effectiveness retroactively de-designates and creates a P&L surprise.

Notify technical accounting, de-designate the failed hedge, and reclassify deferred OCI to earnings. Coordinate with the auditor before period-end so the disclosure language is agreed.

If the business consumes hedgeable commodities (fuel, metals, ag), confirm forward coverage matches the policy band — typically 50-80% of the next 12 months and 25-50% of months 13-24. Procurement and treasury frequently disagree on the latest forecast; reconcile before adjusting positions.

Pull the user entitlement reports from each banking portal and the TMS. Verify wire and ACH approvals require two unique users above the policy threshold (typically $25K) and that no terminated employees retain access — a recurring SOX deficiency finding.

Walk the AP and treasury staff through a simulated business email compromise: a spoofed CFO email requesting an urgent vendor wire change. Confirm callback verification to a known number is followed; document exceptions for follow-up training.

Sample-test the documented SOX 404 key controls: bank rec review, wire approval, intercompany netting, debt-covenant calc review. Coordinate with internal audit so testing is not duplicated; deficiencies feed the management letter response.

For each control deficiency, log a remediation entry: control reference, root cause, owner, target date. Severity gets categorized as control deficiency, significant deficiency, or material weakness — escalation paths differ.

Confirm Kyriba / GTreasury / FIS Quantum user roles match the entitlement matrix and that MFA is enforced. Validate that the documented disaster-recovery runbook (offline bank tokens, backup wire-initiation path) was tested in the past 12 months.

Compare the current portfolio against board-approved investment policy: minimum credit rating, maximum maturity, issuer concentration, asset-class limits. Document any out-of-policy holdings and the remediation plan and timing.

Confirm signatory authority over foreign accounts is captured for FinCEN 114 (FBAR) due April 15 with automatic October extension. Reconcile to the entity org chart — newly acquired subs and recently opened foreign accounts are the typical miss.

Re-screen the active vendor and customer master against the OFAC SDN list and EU/UK consolidated sanctions lists. The list is updated frequently; a screening older than 90 days is the audit-finding standard.

Document material developments since last review — Basel III endgame (for bank-affected positions), SEC short-term-debt disclosure rules, EMIR Refit reporting, CSRD / ISSB sustainability reporting, IFRS 9 hedge accounting interpretations.

Compare current allocation across MMF, Treasury bills, agency paper, commercial paper, and corporate bonds against the policy bands. Document any drift greater than the rebalancing trigger (commonly 5%).

Pull blended portfolio yield and compare to a duration-matched benchmark (typically ICE BofA 0-3 Month or 1-3 Year Treasury index). Persistent underperformance often points to legacy long-dated holdings worth selling at a small loss for reinvestment.

Calculate weighted-average duration and confirm it sits within the policy ceiling (often 1.5 years for operating cash, longer for strategic cash). A +100bps shock converted to mark-to-market loss should be reported alongside the duration figure.

Consolidate findings into the board / audit committee memo: liquidity position, covenant headroom, counterparty exposures, hedge effectiveness, control deficiencies, regulatory updates, portfolio performance. CFO sign-off required before the materials drop.