Financial Auditing Policy and Procedures for Banks INTRODUCTION This policy is designed for banks with assets of less than $1 billion. If your institution is a thrift, please refer to the Financial Auditing Policy and Procedures for Thrifts. Section 39 of the Federal Deposit Insurance Corporation Improvement Act (FDICIA) requires insured depository institutions with assets over $500 million to have an external financial audit. Section 39 of FDICIA is implemented by the FDIC rule at 12 CFR 363. However, you may choose to engage an external auditor, if you have assets of less than $500 million. POLICY STATEMENT Small Bank Option [Insert the name of your bank] does not have $500 million in assets and, therefore, is not subject to the auditing standards under FDICIA. Nevertheless, the board of directors has determined that certain of the measures required of larger institutions under that act are appropriate for our bank. Large Bank Option [Insert the name of your bank] has $500 million in assets and, therefore, is subject to the auditing standards under FDICIA. With this in mind, the board of directors has determined that the measures required by FDICIA are appropriate for our bank. External Auditor The board directs management to engage an independent public accounting firm to conduct an audit of the bank’s annual financial statements, specifically, its balance sheets, statements of income, changes in equity capital and cash flow, with accompanying footnote disclosures. The final selection of the outside auditor is subject to approval by the board of directors. The bank’s external audit work will be performed in compliance with 12 CFR 363 of the FDIC regulations. Specifically, the external auditor will be an independent public accountant who is registered or licensed to practice in the state where the bank is located. The accountant will be in full compliance with the Code of Professional Conduct of the American Institute of Certified Public Accountants, and will meet the independence requirements and interpretations of the United States Securities and Exchange Commission and its staff. The accountant will have received, or be enrolled in, a peer review that: • Is conducted by an organization independent of the accountant • Is conducted as frequently as is consistent with professional accounting practices • Is generally consistent with AICPA Standards for Performing Peer Reviews or equivalent AICPA standards • Includes, if available, at least one audit of an insured depository institution or a consolidated financial holding company The accountant will file two copies of the peer review report with the FDIC as required by 12 CFR 363, Appendix A to Part 363. Scope and Procedures The bank will engage the accountant to audit and report upon the bank’s annual financial statements in accordance with generally accepted auditing standards and with section 37 of the Federal Deposit Insurance Act (12 USC 1831n). The audit will be of sufficient scope to permit the accountant to determine and report whether the bank’s financial statements are presented fairly and in accordance with generally accepted accounting principles. The accountant will agree to provide work papers, policies, and procedures relating to the services performed upon request by the bank’s federal regulator and/or the FDIC. The accountant will agree in writing that if he, she, or it ceases to be the bank’s accountant, he, she, or it will notify the FDIC in writing within 15 days after such event. Such notice will set forth in reasonable detail the reasons for such event. Distribution of Reports The bank will send the reports required by 12 CFR 363.4 to the FDIC within 90 days after the end of its fiscal year. The annual report will be available for public inspection at our main and branch offices no later than 15 days after it is filed with the FDIC. Alternatively, we may elect to mail one copy of the Part 363 Annual Report to any person who requests it. The annual report will remain available until the next year's report is available. We may use this report to meet our annual disclosure statement responsibilities if we satisfy all other requirements of 12 CFR 350. Content of the Management Report We will prepare the report in compliance with 12 CFR 363.2. The report must contain: • A statement of management's responsibilities for preparing the institution's annual financial statements, for establishing and maintaining an adequate internal control structure and procedures for financial reporting, and for complying with laws and regulations relating to safety and soundness that are designated by the FDIC and the appropriate federal banking agency. • An assessment by management of the insured depository institution's compliance with such laws and regulations during such fiscal year. The assessment must state management's conclusion as to whether the insured depository institution has complied with the designated safety and soundness laws and regulations during the fiscal year and disclose any noncompliance with these laws and regulations. The report will be signed by the chief executive officer and the chief accounting officer or chief financial officer of the insured depository institution, or if our report is prepared at the holding company level then by the chief executive officer and the chief accounting officer or chief financial officer of the holding company; and if parts of the report are prepared by the bank and the holding company, then the officers described for each much sign the report. We will clearly indicate the level (institution or holding company) at which each of its components is being satisfied. Audit Committee The board hereby establishes an audit committee, which will, to the extent possible, be composed of directors who are independent of management of the bank. "Independent of management," as outlined in 12 CFR 363.5(a) and the associated guidance, for this purpose will mean factually independent, considering all relevant circumstances in each case, including, but not limited to whether the director in question: • Has been an officer or employee of the bank or any of its affiliates • Serves, or has served, as a consultant, advisor, promoter, underwriter, legal counsel, or trustee of the bank or any of its affiliates • Is a relative, by blood, marriage, or adoption, or any officer or other employee of the bank or any of its affiliates • Holds or controls, or has held or controlled, a direct or indirect financial interest in the bank or any of its affiliates • Has outstanding extensions of credit from the bank or any of its affiliates The audit committee will have direct supervision over, and will receive all reports from, the bank’s internal audit staff and external auditor, and will report significant findings and events to the board of directors. The audit committee will also: • Review significant accounting policies, audit conclusions regarding significant accounting estimates, and the services (and the scope thereof) required by the annual audit in conjunction with the bank’s management, internal auditor, and independent public accountant • Review and resolve any identifiable material weaknesses in the bank’s system of internal controls • Discuss with management any issues regarding the selection or termination of the bank’s independent public accountant and any significant disagreements between management and that accountant At least annually, the board will determine whether each existing or potential audit committee member is an outside director. The board will determine whether the majority of all existing and potential audit committee members are "independent of management of the institution." The minutes of the board of directors will contain the results of and the basis for its determinations with respect to each existing and potential audit committee member. The audit committee will keep minutes and other relevant records of all of its meetings. The board of directors approved and adopted this policy on ______________________.