Thread Options
#63300 - 02/24/03 08:53 PM Auditable Areas
mojoe472 Offline
New Poster
Joined: Feb 2003
Posts: 14
I work for an FDIC regulated bank. Is there an FDIC or other regulation/law/act whereby every area of the bank (even a low risk function like the mailroom) is required to be reviewed by the internal audit department on a periodic basis?

something i heard but could not find anything on this.

Thanks.

Return to Top
Audit
#63301 - 02/24/03 09:23 PM Re: Auditable Areas
DawgFan Offline
Diamond Poster
DawgFan
Joined: Jul 2002
Posts: 1,678
United States
You do have areas, like BSA and Information Security, where they will expect to have seen those areas audited (because the regs call for testing of controls), but I am not aware of a particular reg like that.
_________________________
Opinions expressed are solely my own.

Return to Top
#63302 - 02/24/03 09:44 PM Re: Auditable Areas
1111 Offline
Platinum Poster
1111
Joined: Jan 2003
Posts: 580
The FDIC has very little direct interest in specific areas of internal audit, except for those areas that are impacted by a law or regulation. That's why consultants offer regulatory audits or internal audits - two separate "products." In the old days, regulators had a lot of interest in internal audit tasks, but that has changed, big time. The FDIC simply wants to know that your bank has a program but it would be very unusual for a regulator to tell you to, for example, audit the mailroom.

On the other hand, the auditing of the mailroom may be on an internal audit list, depending on risk factors.

Return to Top
#63303 - 02/25/03 07:58 PM Re: Auditable Areas
MackenzieS Offline
Diamond Poster
MackenzieS
Joined: Jul 2002
Posts: 1,722
Oklahoma
We are also an FDIC regulated bank. I am not sure about the state in which you live, but in Oklahoma the FDIC trades off with the Oklahoma State Banking department to conduct Safety and Soundness audits every other exam. Therefore I know that they do care about internal audits. What they tend to review during their exam is the requirements imposed by your state banking rules. In my experience I have downright argued with them moreso over internal controls than over compliance issues simply because internal controls can be a gray area where regulations tend to be more black and white.

On top of that you may have an examiner that has a real beef about a particular control and want to write you up for it when they can't point to a state banking code that says you have to do it that way, but that they feel it would be "in our best interest" to do it their way.

As far as the mail room, you could say that there is a risk associated with deposits or loan payments coming in through the mail. Are these being opened under dual control? How are they being logged? It is a risk, it is how you forsee that risk being detrimental to your bank that tells you whether or not you should audit that type of an operation.

Here is a link to the FDIC's Safety & Soundness examination manual. This should guide you to what they would review during their examination so maybe you could gear an audit program to that.

http://www.fdic.gov/regulations/safety/manual/index.html

Return to Top
#63304 - 02/25/03 08:27 PM Re: Auditable Areas
Pale Rider Offline
10K Club
Pale Rider
Joined: Aug 2002
Posts: 34,318
under the Lone Star
Internal audits should be based upon risk assessments. Therefore, some areas of the bank may go a long time without review while others more often. Follow your risk assessment and the FDIC will be pleased.
_________________________
Societies that do not find work in and of itself "pleasing to God and requisite to Man," tend to be highly corrupt.


Return to Top
#63305 - 02/25/03 09:39 PM Re: Auditable Areas
1111 Offline
Platinum Poster
1111
Joined: Jan 2003
Posts: 580
Things are different in Oklahoma, apparently, as in my state the FDIC simply looks over the program of internal audit tasks with no interest beyond that. They conduct a "compliance exam," not an internal audit exam - they are two different animals.

Return to Top

Moderator:  Andy_Z