Thread Options
|
#1193441 - 05/31/09 09:47 PM
Establishing an Internal Audit Program
|
New Poster
Joined: May 2009
Posts: 15
|
Our total assets are $195 million and we have seven branches.
We currently have an internal auditor who also oversees compliance. We have a somewhat decentralized compliance function with the senior lending officer responsible for loan compliance, the cashier responsible for deposit compliance, etc.
The auditor has a MPA (masters in accounting) with approximately 15 years experience. Ten at the OCC and 5 at our bank.
We have an active Audit Committee comprised of all outside directors, including an individual who has a Phd in accounting.
Questions:
In general who should be responsible for
Developing the Internal Audit Program Reviewing the Internal Audit Program for completeness, proper coverage, addressing risk areas, coverage of operational areas, etc. Monitoring progress of completion of the program.
Should Executive Operating Officers (CEO, CFO, etc.) Due to the size of the institution Executive Officers serve as Information Security Officers and Risk Officers.
provide any input in the above areas?
|
Return to Top
|
|
|
|
#1194118 - 06/02/09 12:30 AM
Re: Establishing an Internal Audit Program
Fallgirl
|
New Poster
Joined: May 2009
Posts: 15
|
Thanks for the follow up. Does anyone else have any comments.
|
Return to Top
|
|
|
|
#1195063 - 06/03/09 02:36 PM
Re: Establishing an Internal Audit Program
Gomez
|
Gold Star
Joined: Sep 2006
Posts: 388
In a pineapple under the sea
|
Our assets are just over $110 million with 8 branches. I am the sole internal auditor here, compliance (along with BSA) is with the deposit ops manager.
I am responsible for developing the internal audit program in addition to review. The internal audit program once developed alont with my annual audit plan is presented to the audit committee (also comprised of outside directors including CPA)for approval. Througout the year I report to the audit committee on the status of my audit plan and to obtain approval for any necessary schedule changes.
Our EO's have been assigned the reponsibilities of Risk Officer (CFO) and Info Security (SVP, Market Manager). Our regulator (OTS)recommended these functions be separate from IA and approves of the current structure.
Hope this helps you.
_________________________
Just smile and wave y'all, smile and wave...
|
Return to Top
|
|
|
|
#1195222 - 06/03/09 05:02 PM
Re: Establishing an Internal Audit Program
Life of Riley
|
Platinum Poster
Joined: Jul 2002
Posts: 645
Pandora
|
I am at a $75MM bank with 3 branches. We have one IA who sets the audit schedule, does the risk assessments for each area/department, decides on the frequency, etc. We use an audit program provided by our CPA firm, but add/change procedures and audits as necessary.
The Audit Committee (all outside directors) is responsible for reviewing and approving the audit schedule, areas audited, and monitoring completeness of the program. We have quarterly meetings.
We have separate Audit and Compliance Officers.
No one should have input on your audit program or schedules except for the Audit Committee, examiners, etc. You can ask for advice and the dept. heads or officers can give input all they want, but you and the Audit Committee have the final say-so as to what is done and when. If you get too involved in a department, or if an exec officer gets too involved in your audit program or schedule, you have pretty much lost your independence.
Last edited by Donna Banker; 06/03/09 05:03 PM.
|
Return to Top
|
|
|
|
#1196306 - 06/04/09 09:18 PM
Re: Establishing an Internal Audit Program
Neytiri
|
Diamond Poster
Joined: Mar 2003
Posts: 1,035
OK
|
We are $440 mm and have 9 branches. I am the IA & Compliance Officer. We have an audit committee that meets quarter which half of the members are Board of Directors. I create an annual risk assessment (with input from the various dept. heads) and the audit committee and I decide from that what we want to audit for the year. I also manage the program, do reports, track exceptions, and report all this to the audit committee each quarter. As far as compliance, I also have a compliance committee that I meet with monthly just to go over exceptions and give updates. I present that report directly to the Board of Directors each month in their meeting.
|
Return to Top
|
|
|
|
#1196373 - 06/05/09 12:45 AM
Re: Establishing an Internal Audit Program
COMPLIcated
|
10K Club
Joined: Jul 2001
Posts: 84,368
Galveston, TX
|
"We have an audit committee that meets quarter which half of the members are Board of Directors. "
That is not going to cut it for much longer.
_________________________
The opinions expressed here should not be construed to be those of my employer: PPDocs.com
|
Return to Top
|
|
|
|
#1196725 - 06/05/09 04:51 PM
Re: Establishing an Internal Audit Program
rlcarey
|
Diamond Poster
Joined: Mar 2003
Posts: 1,035
OK
|
Yes, we've already been visiting with our regulator about changes when we hit $500mm
|
Return to Top
|
|
|
|
#1198363 - 06/09/09 09:41 PM
Re: Establishing an Internal Audit Program
rlcarey
|
100 Club
Joined: Apr 2008
Posts: 240
|
"We have an audit committee that meets quarter which half of the members are Board of Directors. "
That is not going to cut it for much longer. rlclarey - do you care to elaborate?
|
Return to Top
|
|
|
|
#1198384 - 06/09/09 10:06 PM
Re: Establishing an Internal Audit Program
agent99
|
10K Club
Joined: Jul 2001
Posts: 84,368
Galveston, TX
|
For non-publicly traded institutions at $1 billion in assets:
Appendix A to FDICIA indicates that audit committee independence is compromised when its membership consists of current and former officers and employees, relatives of current and former officers and employees, principal shareholders, consultants, advisors, attorneys, and customers with large relationships.
Additionally, the board of directors must review the independence of audit committee members annually. Audit committee members also are required to have banking or financial management expertise.
If you are publicly traded it is at any asset size.
_________________________
The opinions expressed here should not be construed to be those of my employer: PPDocs.com
|
Return to Top
|
|
|
|
#1198541 - 06/10/09 01:36 PM
Re: Establishing an Internal Audit Program
rlcarey
|
100 Club
Joined: Apr 2008
Posts: 240
|
oh - I thought I was really missing something. We are light years away from $1 billion.
|
Return to Top
|
|
|
|
#1200440 - 06/12/09 04:11 PM
Re: Establishing an Internal Audit Program
rlcarey
|
Diamond Poster
Joined: Aug 2005
Posts: 2,313
Living in the land of Oz
|
All of our Audit Committee members are outside direstors but our CEO and CFO also attend the meetings. Is that comprmising the committee's independence? I feel it does, but the chairman does not.
|
Return to Top
|
|
|
|
#1200896 - 06/12/09 09:11 PM
Re: Establishing an Internal Audit Program
Ready to Retire
|
Member
Joined: Jun 2003
Posts: 54
|
From the OCC Handbook on Internal Audit: 12 CFR 363 requires national banks with more than $500 million in assets to have an audit committee consisting entirely of outside directors that are independent of bank management. The OCC encourages all other national banks to have a similarly structured audit committee. In small banks where this may not be practical, outside directors should be at least a majority of the audit committee.
|
Return to Top
|
|
|
|
#1200925 - 06/12/09 09:47 PM
Re: Establishing an Internal Audit Program
Ready to Retire
|
100 Club
Joined: Mar 2004
Posts: 114
Iowa/Illinois
|
All of our Audit Committee members are outside direstors but our CEO and CFO also attend the meetings. Is that comprmising the committee's independence? I feel it does, but the chairman does not. Our CEO, CFO, and Controller all attend the Audit Committee meetings. However, the 4 outside Audit Committee directors have a private session with just the Director of Internal Audit. They also have a private session with only the external auditors. It works for us.
|
Return to Top
|
|
|
|
#1200999 - 06/13/09 09:14 PM
Re: Establishing an Internal Audit Program
hawksfan
|
New Poster
Joined: May 2009
Posts: 15
|
It appears that several are addressing who attends the meetings.
However, I am curious as to who establishes the internal audit program and related areas of risk, reviews the program for appropriateness and assures it is completed as planned.
Does this responsibility fall on the Audit Committee and Auditor?
Executive management may only attend the meeting as management. That is to discuss internal audit findings (follow up, clarifications of written responses to findings, discuss concerns related to fingings, etc.)
|
Return to Top
|
|
|
|
#1201024 - 06/14/09 05:39 PM
Re: Establishing an Internal Audit Program
Gomez
|
10K Club
Joined: Jul 2001
Posts: 84,368
Galveston, TX
|
The ultimate responsibility falls to the Audit Committee.
_________________________
The opinions expressed here should not be construed to be those of my employer: PPDocs.com
|
Return to Top
|
|
|
|
#1202001 - 06/16/09 06:28 PM
Re: Establishing an Internal Audit Program
rlcarey
|
New Poster
Joined: Jan 2005
Posts: 11
West Virginia
|
I have a question for Fallgirl and Donna Banker (and any others who care to reply =]) Do you have a staff, or is it just you filling the role of internal audit & compliance?
|
Return to Top
|
|
|
|
#1202030 - 06/16/09 07:02 PM
Re: Establishing an Internal Audit Program
WV Banker
|
New Poster
Joined: Jun 2009
Posts: 12
|
I am the internal auditor at our bank and we are $90 million with three branches. I report to our compliance officer who reports to the CEO/President administratively, but ultimately to the Audit committee. I am responsible for auditing the Lending side of compliance, like Reg. Z etc, however the compliance officer (my boss) is the one responding to my audits on the compliance side. Anyone care to comment on that?
|
Return to Top
|
|
|
|
#1202036 - 06/16/09 07:05 PM
Re: Establishing an Internal Audit Program
ramelton35
|
10K Club
Joined: Jul 2001
Posts: 84,368
Galveston, TX
|
"Anyone care to comment on that?" A lot of banks have really screwed up organizational structures
_________________________
The opinions expressed here should not be construed to be those of my employer: PPDocs.com
|
Return to Top
|
|
|
|
#1205631 - 06/22/09 10:51 PM
Re: Establishing an Internal Audit Program
Auditjg
|
Member
Joined: Mar 2008
Posts: 91
USA
|
Ideally, the director of internal audit should report directly to the Audit Commmittee and administratively (to approve expense reports and time sheets) to an executive.
The director of audit performs the audit risk assessment annually and develops the audit plan. Based on risk assessments, the director should develop a 3 year rotation audit plan (high risk areas audited annually, moderate risk areas audited every two years and low risk areas audited every 3 years). The director of audit develops a time budget by audit and a departmental $ budget. The risk assessments, audit plan and rotation, and budgets are reviewed and approved by the Audit Committee.
The Audit Committee ideally is composed of non-management directors (required for certain banks). Ideally (and required for certain banks), at least one is a "financial expert" who can understand financial statements, management estimates, the allowance, etc. Management may attend the Audit Committee meetings, but only to discuss/respond to findings, etc. - not to set objectives, scope, timing, or audit assignments.
Ideally (again required for certain banks), the Committee should meet with the Director of Audit and the external auditors in executive session without management present to discuss whatever topics they want openly.
|
Return to Top
|
|
|
|
|
|