Audit Process - Homepage | ACUIA.org
Download
Report
Transcript Audit Process - Homepage | ACUIA.org
Internal Audit Process
Credit Union Internal Auditing
from the Ground Up
John Gallagher,
SEFCU (New York)
Barry Lucas, Internal Auditor
Desco FCU (Ohio)
Director Internal Audit
Pat Richey,
Director Internal Audit
Finance Center FCU (Indiana)
ACUIA Conference 6/14/2011
1
Serving Many Masters
Internal Audit Definition
Internal auditing is an independent, objective
assurance and consulting activity designed to
add value and improve an organization's
operations. It helps an organization accomplish
its objectives by bringing a systematic,
disciplined approach to evaluate and improve
the effectiveness of risk management, control,
and governance processes.
ACUIA Conference 6/14/2011
2
Serving Many Masters
Role
Independence and Objectivity
Assurance and Consulting
Add Value and Improve Services
Systematic and Disciplined
Reporting Structure
ACUIA Conference 6/14/2011
3
SEFCU Organizational Chart
Members
Board Committees
(ALCO, Governance, CEO Compensation)
Board of Directors
(13 members)
CUSOs
Chief
Administrative
Officer
Chief Financial
Officer
Supervisory Committee
(4 Members)
President/CEO
Chief Banking
Officer
Internal Audit
Chief
Marketing
Officer
President
Commercial
Services
Chief Technology
Officer
ORM
Accounting
Finance
Branch Network
Marketing
Commercial
Lending
IT
HR
Collections
Call Center
e-Services
Business Accounts
Facilities
Ops Support
Lending
CRM
Barb Hess
Chief Administrative Officer
John Anderson
EVP, Organizational Risk Management
John Gallagher
Director of Internal Audit
Donna Chardeen
Director of Regulatory Compliance and Fraud Mitigation
Dennis Whiteford
Internal Auditor
Suzanne Alderman
Fraud/Loss Mitigation
Rachael Martin
Internal Auditor
Christine Wheeler
Compliance Analyst
Chrisopher Duwe
Director of Business Continuity, Safety, and Security
Kirsten LeBlanc
Contracts Administrator
Jeffrey Bregenzer
Commercial Loan Review Officer
ACUIA Conference 6/14/2011
5
ACUIA Conference 6/14/2011
6
Serving Many Masters
Responsibilities
o Internal Audit Charter
o Supervisory/Audit Committee Charter
o Job Descriptions
o Audit Staff Structure
ACUIA Conference 6/14/2011
7
Serving Many Masters
Relationships and Politics
Management
Employees
ACUIA Conference 6/14/2011
8
Serving Many Masters
Relationships
Supervisory & Audit Committees
Board of Directors
ACUIA Conference 6/14/2011
9
Serving Many Masters
Relationships
External Auditors
Regulators
ACUIA Conference 6/14/2011
10
Serving Many Masters
QUESTIONS ?
ACUIA Conference 6/14/2011
11
Performing Audit Work
Where Do I Start?
Risk Assessment
Audit Universe
Models
Risk Priority
ACUIA Conference 6/14/2011
12
Performing Audit Work
Where Do I Start?
• Business/Audit Plan
ACUIA Conference 6/14/2011
13
Performing Audit Work
Where Do I Start?
• Audit Scheduling
• Distractions
–
–
–
–
Fraud Investigation
New Products / Services
Training / Vacations
Turn over
ACUIA Conference 6/14/2011
14
Performing Audit Work
Objectives
- broad statements
- risks
Scope
- who
- what
- when
- where
ACUIA Conference 6/14/2011
15
Performing Audit Work
Audit Program
- written procedures
- interview questions
- collecting information
- testing, sampling
- analyzing
- evaluation
ACUIA Conference 6/14/2011
16
Performing Audit Work
Workpapers
- support findings
- restricted access
- retention
- testing, sampling
- analyzing
- evaluation
ACUIA Conference 6/14/2011
17
Performing Audit Work
QUESTIONS ?
ACUIA Conference 6/14/2011
18
Communications and Follow Up
Audit Reports
Management & Internal Audit need to agree up front
• Findings
• Recommendations
• Report Structure
• Who gets them?
ACUIA Conference 6/14/2011
19
Communications and Follow-Up
Follow-Up
• Follow-up Audits
• Monitoring results
• Implementation of recommendations
If you do not do this – Nothing happens!
ACUIA Conference 6/14/2011
20
Communications and Follow-Up
Supervisory / Audit Committee Meetings
• Frequency
• Structure
• Agenda
ACUIA Conference 6/14/2011
21
Communications and Follow-Up
QUESTIONS ?
ACUIA Conference 6/14/2011
22
Tools and Resources
Technology
Paperless auditing
Internet tools
Analytical review using audit
software
ACUIA Conference 6/14/2011
23
Tools and Resources
Basic Internal Controls - COSO
Credit Union Objectives
- Operations
- Financial Reporting
- Compliance
Internal Control Components
- Control Environment
- Risk Assessment
- Control Activities
- Information and Communication
- Monitoring
ACUIA Conference 6/14/2011
24
Tools and Resources
Enterprise Risk Mgmt - COSO
Credit Union Objectives
- Operations
- Financial Reporting
- Compliance
- Strategic
ERM Components
- Internal Environment
- Objective Setting
- Event Identification
- Risk Assessment
- Risk Response
- Control Activities
- Information and Communication
- Monitoring
ACUIA Conference 6/14/2011
25
Tools and Resources
International Standards for
the Professional Practice of
Internal Auditing
- Attribute Standards
- Performance Standards
- Quality Assurance Review
ACUIA Conference 6/14/2011
26
Tools and Resources
Control Self-Assessment
Management Buy In
Business Objectives
Identify Risks
Gather Best Practices
Provide Documents
ACUIA Conference 6/14/2011
27
Tools and Resources
Resources
Professional Journals
- IIA, ACFE, ISACA
Professional Standards
- COBIT
- GTAGs
Current Issues of Internal Auditing – Governance
Websites
- Credit union industry, regulatory, professional
ACUIA Conference 6/14/2011
28
Audit Professionalism
Certification
- CIA – Common Body of Knowledge
- CFE
- CUCE, NCCO
- CISA
- CPA
- CFSA
ACUIA Conference 6/14/2011
29
Audit Professionalism
Training
- Conferences / Seminars
- Local Chapters
- Webinars / Teleseminars
- Compliance Schools
ACUIA Conference 6/14/2011
30
Audit Professionalism
ACUIA
Website
Message Forum
Membership Directory
Audit Guide
The Audit Report magazine
Lending Library
Conferences, seminars
ACUIA Conference 6/14/2011
31
Tools and Resources
QUESTIONS ?
ACUIA Conference 6/14/2011
32