On compliance audit reports that go to the board, do you all include a short bio of whatever reg or topic you are auditing? I don't want to go overboard on the info given (because I love to read this stuff, but obviously the board may not-this is assuming they read it at all) but I do want to give some background for why we are doing the audit, other than "because, we have to". I have seen some examples of audit reports that simply jump into what was looked at and what the findings may have been. Thanks for any input.

I include a short description of the regulation and put it in terms that anyone could understand. I don't go into great detail.

I provide a list of regs and purposes once in awhile. When I introduce an audit, I may provide a sentence or two reminder or update, i.e. fair lending now includes looking for predatory lending practices.

This isn't where I got mine, but this serves the same purpose and is a good description of the regs. Succinct and accurate.

I feel that the more understanding the Board has the happier everyone will be. It's just a matter of how you present the information.

I list objectives of the audit. These objectives cover the major requirements of whatever regulations are included. Example for Reg DD:
To verify that the institution has procedures in place to assure compliance with all provisions of Regulation DD; all required deposit account disclosures are given to consumers on a timely basis, are accurate, and reflect the terms of the legal obligation between the consumer and the institution; the institution complies with subsequent disclosure requirements of the regulation including change in term and maturity notices; periodic statements accurately disclose all required information; the method used by the bank to pay interest is permissible; calculation of the annual percentage yield (APY) is accurate; and that the institution's advertisements are not misleading or inaccurate and include all required information.

I agree with ahou's post. I use that type of descriptive to open the audit as the scope of the audit. As I write the audit, I break the audit up into categories and then write in a bit more detail what the regulatory requirements are of the part I am reviewing. For example, my recent BSA audit:
"Currency Transaction Review"
"Copies of all Currency Transaction Reports (CTRs) filed during the second quarter of 2002 were reviewed to ensure the forms were completed in accordance with IRS instructions and that each CTR was filed within 15 days from the date it was completed. ...." Then I cite my findings.

I did a "posting" the other day on here stating management felt I included too much detail in my audit write-ups, although the audit committee wanted it and I was looking for some suggestions from here as to improve and satisfy both. I had individuals provide me with feedback as to what they included and how they included.

I decided after reviewing responses to my question that I am going to continue including procedures in detail (which is what you are speaking of) in my write-ups, but I am going to include them as attachments. Others that responded to me completed their write-ups using this method. This way I will still be providing the regulation information to individuals (such as audit committee or examiners) that may wish to review it, but others can get right to the meat & potatoes (findings & recommendations) if they want. This way I hope I am fulfilling all of my write-up requirements until I find a better way.

Opinions are mine not my employer

In general, I think a brief but concise explanation of the regulation in non-technical, easy-to-understand language is a good idea. However, the amount of bio provided should be based,in part, on board member background on the regulations, and on the gravity of any non-compliance issues. In general, board members don't need (nor do they necessarily benefit from) extensive background information on a regulation. It may even confuse them.