FDIC Issues Final Rule FDICIA Threshold For Internal Control Reporting Raised
A final rule issued by FDIC (FR71226-11/28/05) raises the financial institution asset threshold to $1 billion from $500 million for internal control assessments by management and external auditors, and for members of the audit committee to be independent of management.
At the present time the FDIC Improvement Act of 1991, known as FDICIA, requires each bank with $500 million or more in assets to have an annual independent audit of its financial statement; an internal control assessment by both management and external auditors, and an independent audit committee.
Effective since its enactment, Section 112 of the FDIC Improvement Act of 1991 (FDICIA) mandates a number of corporate reporting and governance reforms for insured depository institutions with total assets exceeding $500 million. Included are requirements that management acknowledge responsibility for preparing the bank's financial statements, and that it has evaluated the effectiveness of the internal controls over financial reporting as of year-end. Section 112 also requires that the bank's auditors examine and attest to management's statements regarding the financial institution's internal control structure.
Ten years after FDICIA, Congress passed the Sarbanes-Oxley Act (SOX) which encompasses many of the aspects of FDICIA. Section 404 of SOX imposes new requirements regarding internal controls over financial reporting. As under FDICIA, the auditor must provide an independent evaluation and report regarding management's assertions. The biggest difference between the two, says expert Chris Brockett of Enterprise Financial, is the weight of the examination on the auditor. "Under FDICIA the auditor makes no direct conclusion regarding the effectiveness of the actual internal controls - only management's assertions. Under SOX the auditor must evaluate both management's assessment process and the effectiveness of internal control over financial reporting. Therefore, auditors must expand work around the actual internal controls to include design effectiveness, documentation, and testing."
Terms of the final rule stipulate that privately held banks up to $1 billion are no longer required to have an independent audit committee. Nor is it mandated that an internal control assessment be done by management and external auditors. However, it will still be necessary that banks with assets of $500 million or more to have an annual independent audit of their financial statements and publicly held banks must comply with the Sarbanes-Oxley Act requirements.The new rule will be effective December 28, 2005. Details are on http://www.fdic.gov/news/board/05nov8finalauditreg.pdf
Copyright © 2005 Bankers' Hotline. Originally appeared in Bankers' Hotline, Vol. 15, No. 11, 11/05
First published on 11/01/2005