I'm going to have my first meeting with our audit committee soon. My question is, should I present the same report to the audit committee that I presented to management or should the audit committee report be just a summary? If it should be just a summary, is anyone willing to share the format they use? Would you include findings and recommendations in the summary or just findings? I'll be presenting branch audit findings at the first meeting. Since I reviewed several different items at the branch (cash controls, safe deposit, new accounts, etc.) I'm having a difficult time trying to figure out how to summarize the results.

Our audit committee gets copies of the audit reports prior to the meeting to review. They bring the reports with them and we discuss in summary form. In the meeting I highlight the basics of what I looked at (ex-reviewed all Reg CC hold notices for the reiew period of Sept to Dec, etc). Then I go over the significant findings that are likely systemic issues or possible areas for criticism in our next exam. I don't typically elaborate on findings deemed as isolated errors. Then I go over the recommendations in detail. Most times discussion follows depending on the results of the audit and the recommendations made.

Where I currently work - the audit/risk committee of the board gets an "audit pkg" the week before the meeting. It include a variety of reports from Audit, Compliance/Risk Mgmt and Loan Review. The audit reports in the package are those with a Needs Improvement or Unsatisfactory rating. A summary recap page is included on audits with a Satisfactory or Above Standards rating.
Where I worked before - the audit committee only recevied the executive summary page of all audit reports issued.

Our Audit Committee Chairman receives a copy of the full IA report. In our advance Audit package, the Audit Committee members receive summary memos detailing the overall risk rating for the audit area and the high-risk rated findings and related recommendations. The very last paragraph summarizes the other findings (moderate down to best practices). This way the Audit Committee Chair is fully aware of the details behind the other rated items and can bring them up during the meeting if he so chooses.

I have done it different ways at different banks. One thing to keep in mind, it is your responsibility to ensure the Audit Committee is getting what they need and issues are documented in your meeting minutes. Your examiners will review what you provide and the meeting minutes.

Currently, I provide the Audit Committee Chairperson the entire finding reports that are provided to Management for each audit. This report must be provided within 10 days of my audit.

I then provide the Audit Committee a Quarterly Report that provides highlights (type of audit, overall finding rating, overall risk rating, summary of findings/recommendations, and if a Management response was required) from each finding report.

I also provide the Audit Committee a one page Summary Report that lists all the audits for the quarter, risk rating, Mananagement response received, etc. This report provides them a very quick overview.

PS I also use colors so they can zero in on things. Green is low, yellow is moderate, red is high.

Hope this helps.........

Our audit committee receives the complete report and our response. Quarterly they are provided an audit tracking spreadsheet, one page for outstanding items and one page for cleared items. This report lists the audit, finding or recommendation, whether we agree or disagree along with any corrective actions to be taken, responsible party and the target date. It stays on outstanding until cleared. Once cleared it is moved to the cleared page prior to being removed from the report. Prior to being removed, we re-verify with the responsible party that the corrective actions were completed and remain in place. Might sound complicated but is relatively simple and extremely helpful. Examiners seem to like our method and it serves to keep the audit committee informed, as well as keeps items from falling through the cracks.

We also use an audit tracking report. It is presented to the Board on a monthly basis and reviewed by the Audit Committee on a quarterly basis. The tracking report includes regulatory, external, and internal audit findings. The internal audits include Compliance, S&S, and Sox. Only Moderate or High level findings are included. The report includes a monthly progress update by Management and anticipated completion dates. Items remain under the outstanding tab until completed then are moved to the completed tab. I use excell with the various tabs. I agree with complylady, examiners like this method for tracking items identified within the findings reports.

One more thought, I try to ensure all documentation relates to each other (risk assessments, Sox Key Controls, audit schedule, findings reports, summaries, tracking report, etc). That is why I use the colors green, yellow, red. You want to define your risk ratings, finding ratings, etc. so everyone is speaking the same language and you are consistent. This also helps examiners understand your thought process.

Sometimes I think you have to play with it to see what works for you. It can seem overwhelming at first until you get your own process going.

Also there are additional requirements if you are a Sox bank.

I believe God will give you the tools you need to do a good job for your bank.

Thank you all for your suggestions!