Audit Manager - Small Bank

Anyone ran into a situation where examiners are requiring an independent audit manager for a small community, non-complex bank (about $225MM in assets with 3 locations and 35 employees)?

We outsource our IA function to large independent accounting firm and have all the risk assessments, engagement letters, scoping, audit schedule and findings (both preliminary and final) go directly to the audit committee. The bank's CFO does coordinate this process (more of a liaison role) by gathering PBC requests and helping make sure the audit is ran smoothly. However, any findings are not discussed with the CFO or management until they are presented to the audit committee. Further, the audit firm is aware that they can communicate with the audit chair (an outside director) at any time.

The bank's examiners are saying that this is not acceptable as the CFO is involved in the daily operations of the Bank. In the inter-agency guidance, it states "Small institutions that do not employ a full-time audit manager should appoint a competent employee who ideally has no managerial responsibility for the areas being audited to oversee the outsourcing vendor's performance under the contract. This person should report directly to the audit committee for purposes of communicating internal audit." To me, the key word in this sentence is "ideally".

Any thoughts or suggestions would be helpful!

Agree or disagree, it is going to be a battle. I would have your chairman of the board sit down with the examiner and have a frank discussion as to who they would recommend.

I've seen this happen in the past at other small institutions. The trick is to pick an audit liaison with enough seniority to be acceptable to the examiners without having too much involvement in the auditable universe.

It may depend on your regulator. Last bank (OCC) $450MM, I was BSA, CRA, Compliance, Fair Lending Officers, Audit and Regulator Liaison, and in charge of snacks for the lunchroom. Reported to the CFO administratively and Audit Committee strategically. No regulatory comments or challenges.

This is definitely true, but also suspect that the CFO title would be more likely to draw criticism as Audit Liaison than some others.

We
I think you work for my Bank.
FDIC ~$250MM (depending on PPP Balances)

We got hammered on our Audits and Internal Controls last exam. Admittedly, we had areas that we could shore up, but they essentially told us without telling us that we had to, to get an Internal Auditor in the institution.