Annual Audits Required?

Posted By: complygirl

Annual Audits Required? - 09/14/11 04:26 PM

We are a national bank. What areas require an annual audit?

I believe banks are expected to take a risk based approach to this and base their audit schedule on their overall compliance risk assessment. However I was wondering if there are specific areas that are required to be reviewed at least annually?
Posted By: DerrickAuditor

Re: Annual Audits Required? - 09/14/11 06:19 PM

As mentioned, your internal audit plan should be based on risk assessments. For us, high risk areas are audited annually, moderate risk areas are audited every 2 years and low risk areas are audited every 3 years.

However, there are certain areas that examiners, external auditors, or your Board/Audit Committee may expect to be performed annually, regardless of your risk assessments.

Areas we audit annually regardless or risk assessment to make our examiners (FDIC) happy include: ACH (for NACHA compliance), BSA, Flood, Reg O, Fair Lending, SAFE Act, GLBA & Reg P, Trust.

To keep our external auditors happy (different external auditors have different expectations): 401(k), key accounting areas, investments, loan & deposit confirmations.

To keep my audit committee happy (varies by bank): Allowance for loan losses, employee accounts, expense reports, payroll & benefits.

To my knowledge, the only areas that MUST be audited annually is ACH (by December 1st) and SAFE Act.
Posted By: Blessed

Re: Annual Audits Required? - 09/15/11 01:48 PM

BSA must be audited every 12-18 months (depending on you Bank's Risk Assessment & prior Audit and Exam findings).