Policies and Procedures

Financial Auditing Policy and Procedures for Banks
This policy is designed for banks with assets of less than $1 billion. If your institution is a thrift, please
refer to the Financial Auditing Policy and Procedures for Thrifts.
Section 39 of the Federal Deposit Insurance Corporation Improvement Act (FDICIA) requires insured
depository institutions with assets over $500 million to have an external financial audit. Section 39 of
FDICIA is implemented by the FDIC rule at 12 CFR 363. However, you may choose to engage an
external auditor, if you have assets of less than $500 million.
Small Bank Option
[Insert the name of your bank] does not have $500 million in assets and, therefore, is not subject to the
auditing standards under FDICIA. Nevertheless, the board of directors has determined that certain of the
measures required of larger institutions under that act are appropriate for our bank.
Large Bank Option
[Insert the name of your bank] has $500 million in assets and, therefore, is subject to the auditing
standards under FDICIA. With this in mind, the board of directors has determined that the measures
required by FDICIA are appropriate for our bank.
External Auditor
The board directs management to engage an independent public accounting firm to conduct an audit of
the bank’s annual financial statements, specifically, its balance sheets, statements of income, changes in
equity capital and cash flow, with accompanying footnote disclosures. The final selection of the outside
auditor is subject to approval by the board of directors.
The bank’s external audit work will be performed in compliance with 12 CFR 363 of the FDIC
regulations. Specifically, the external auditor will be an independent public accountant who is registered
or licensed to practice in the state where the bank is located. The accountant will be in full compliance
with the Code of Professional Conduct of the American Institute of Certified Public Accountants, and will
meet the independence requirements and interpretations of the United States Securities and Exchange
Commission and its staff. The accountant will have received, or be enrolled in, a peer review that:
Is conducted by an organization independent of the accountant
Is conducted as frequently as is consistent with professional accounting practices
Is generally consistent with AICPA Standards for Performing Peer Reviews or equivalent AICPA
Includes, if available, at least one audit of an insured depository institution or a consolidated
financial holding company
The accountant will file two copies of the peer review report with the FDIC as required by 12 CFR 363,
Appendix A to Part 363.
Scope and Procedures
The bank will engage the accountant to audit and report upon the bank’s annual financial statements in
accordance with generally accepted auditing standards and with section 37 of the Federal Deposit
Insurance Act (12 USC 1831n). The audit will be of sufficient scope to permit the accountant to
determine and report whether the bank’s financial statements are presented fairly and in accordance with
generally accepted accounting principles. The accountant will agree to provide work papers, policies, and
procedures relating to the services performed upon request by the bank’s federal regulator and/or the
The accountant will agree in writing that if he, she, or it ceases to be the bank’s accountant, he, she, or it
will notify the FDIC in writing within 15 days after such event. Such notice will set forth in reasonable
detail the reasons for such event.
Distribution of Reports
The bank will send the reports required by 12 CFR 363.4 to the FDIC within 90 days after the end of its
fiscal year. The annual report will be available for public inspection at our main and branch offices no
later than 15 days after it is filed with the FDIC. Alternatively, we may elect to mail one copy of the Part
363 Annual Report to any person who requests it. The annual report will remain available until the next
year's report is available. We may use this report to meet our annual disclosure statement responsibilities
if we satisfy all other requirements of 12 CFR 350.
Content of the Management Report
We will prepare the report in compliance with 12 CFR 363.2. The report must contain:
A statement of management's responsibilities for preparing the institution's annual financial
statements, for establishing and maintaining an adequate internal control structure and procedures
for financial reporting, and for complying with laws and regulations relating to safety and
soundness that are designated by the FDIC and the appropriate federal banking agency.
An assessment by management of the insured depository institution's compliance with such laws
and regulations during such fiscal year. The assessment must state management's conclusion as to
whether the insured depository institution has complied with the designated safety and soundness
laws and regulations during the fiscal year and disclose any noncompliance with these laws and
The report will be signed by the chief executive officer and the chief accounting officer or chief financial
officer of the insured depository institution, or if our report is prepared at the holding company level then
by the chief executive officer and the chief accounting officer or chief financial officer of the holding
company; and if parts of the report are prepared by the bank and the holding company, then the officers
described for each much sign the report. We will clearly indicate the level (institution or holding
company) at which each of its components is being satisfied.
Audit Committee
The board hereby establishes an audit committee, which will, to the extent possible, be composed of
directors who are independent of management of the bank. "Independent of management," as outlined in
12 CFR 363.5(a) and the associated guidance, for this purpose will mean factually independent,
considering all relevant circumstances in each case, including, but not limited to whether the director in
Has been an officer or employee of the bank or any of its affiliates
Serves, or has served, as a consultant, advisor, promoter, underwriter, legal counsel, or trustee of
the bank or any of its affiliates
Is a relative, by blood, marriage, or adoption, or any officer or other employee of the bank or any
of its affiliates
Holds or controls, or has held or controlled, a direct or indirect financial interest in the bank or
any of its affiliates
Has outstanding extensions of credit from the bank or any of its affiliates
The audit committee will have direct supervision over, and will receive all reports from, the bank’s
internal audit staff and external auditor, and will report significant findings and events to the board of
directors. The audit committee will also:
Review significant accounting policies, audit conclusions regarding significant accounting
estimates, and the services (and the scope thereof) required by the annual audit in conjunction
with the bank’s management, internal auditor, and independent public accountant
Review and resolve any identifiable material weaknesses in the bank’s system of internal controls
Discuss with management any issues regarding the selection or termination of the bank’s
independent public accountant and any significant disagreements between management and that
At least annually, the board will determine whether each existing or potential audit committee member is
an outside director. The board will determine whether the majority of all existing and potential audit
committee members are "independent of management of the institution."
The minutes of the board of directors will contain the results of and the basis for its determinations with
respect to each existing and potential audit committee member.
The audit committee will keep minutes and other relevant records of all of its meetings.
The board of directors approved and adopted this policy on ______________________.
Related documents