Employees/Volunteer Accounts Audit Program
5/31/11
Audit Procedure
By:
Reference/Comments
AUDIT OBJECTIVES
1. To determine the adequacy of internal controls
over employee & volunteer actions.
2. To ensure that employee & volunteer loans are
appropriate and properly approved.
3. To review employee & volunteer deposit
accounts for appropriateness.
4. To determine the appropriateness of employee
& volunteer expenses.
5. To determine the appropriateness of employee
incentive pay.
AUDIT PROCEDURES
Preliminary
1. Review and update PAF as necessary.
2. Follow up on prior audit findings (from IAD,
external and regulatory exams) for proper
management resolution.
3. Read and become familiar with any reference
materials in the PAF.
Internal Controls
1. Obtain any written policies & procedures,
Employee Handbooks, etc., pertaining to employee
prohibitions.
2. From management, obtain and document other
controls in place.
3. Document how employee & volunteer accounts
are flagged; note whether joint ownership accounts
flagged as “employee.”
4. Document what type of employee “hot line” is
in place to report irregularities.
5. Note whether or not “hot line” is anonymous.
Loans
1. From I/S, request a trial balance of accounts
with the following characteristics:
2/16/2016
Page 1 of 8
Employees/Volunteer Accounts Audit Program
5/31/11
Audit Procedure

PO Box for address;

Current balance is the same as the original
balance;

Due date is more than 60 days in the future;

Inadequate amortization;

No payment for more than 90 days;

Frequent refinances; and

Frequent extensions.
By:
Reference/Comments
a. Follow up as necessary.
2. Select a sample of 35 employee and volunteer
loans and ensure that:
a. The corresponding loan file contains all
required documentation;
b. The file information agrees to that on
the loan system;
c. The loan went through the proper
approval process;
d. The loan is being repaid as written; and
e. If the loan is delinquent, that it is being
reported as such.
Deposit Accounts
1. In conjunction with the MIA, Select a sample of
35 employees and volunteers.
2. Review corresponding statement history for at
least a 4-month period, looking for any
irregularities.
3. Follow up on any unusual credits.
4. If there are any multiple NSFs or Neg Balance
fees, determine if there has been any counseling or
other action taken with the employee.
5. Look of evidence of kiting, such as:

Large, round dollar deposits;

Matching withdrawals;

Large number of deposits;
2/16/2016
Page 2 of 8
Employees/Volunteer Accounts Audit Program
5/31/11
Audit Procedure

Large share draft volume;

Illogical total credits vs. employee salary,

High activity/low ending balance; and

Frequent NSFs.
By:
Reference/Comments
6. Ensure that holds are properly placed on checks.
7. Trace any incoming, non-payroll transfers.
Employee/Volunteer Expenses
1. For the individuals chosen above, pull their
expense documentation for the past year.
2. Ensure that expense forms were completed in
accordance with CU Policy, including approval by
authorized personnel.
a. Note how management ensures that
approval is by authorized personnel.
3. Look for evidence of “double dipping”
(employees/volunteers being reimbursed for
expenses already incurred on a corporate credit
card.)
4. For expenses paid with expense checks, look for
personal items being paid, alteration of checks,
bogus vendors, etc.
5. Look for expense theft red flags, such as:

Missing receipts;

Inconsistent amounts;

Duplicated items;

No legitimate CU purpose;

Excessive amounts and frequencies; and

“Ship to” address other than CU’s address.
6. Ensure that corporate card usage is within CU
guidelines/Policy, i.e. timely payments and proper
purpose and documentation. Note specifically
what was tested, and for what thresholds.
2/16/2016
Page 3 of 8
Employees/Volunteer Accounts Audit Program
5/31/11
Audit Procedure
By:
Reference/Comments
7. For volunteers, ensure that subsequent to any
conferences attended, they provided summaries to
their respective Committee and/or Board.
Incentive Pay
1. Document controls over personnel earning
incentive pay, including those for loan and share
“steals.”
2. Determine how management monitors this.1
3. For employees selected in above testing, review
incentive pay for prior 4 months.
a. Review for propriety.
b. Ensure that steals were for accounts
actually opened.
4. Determine that steals were done in the best
interests of the member.
Family Members
1. Determine the existence of family members for
the employees selected above.
2. Note how CU determines and monitors activity
of family members, and any related businesses
controlled by them.
3 Review transactions of these family members for
instances of employees performing transactions for
these relatives.
4. Via review of applicable evidence (ie invoices)
to determine any improper or unethical business
being steered towards companies in which
employees, or their relatives are employed.
Code of Ethics
1. Verify that the CU has a formal code of ethics
policy for employees and volunteers.
2. Determine that the policy covers the following
information in accordance with the Bank Bribery
Act:
1
NCUA Part 721.7 (b)(3) allows incentive payments to an employee, other than a senior
management employee, provided that the Board, “establishes written policies and internal controls for the
incentive program and monitors compliance with such policies and controls at least annually.”
2/16/2016
Page 4 of 8
Employees/Volunteer Accounts Audit Program
5/31/11
Audit Procedure
By:
Reference/Comments
a. Acceptance of gifts, gratuities, amenities,
or favors from anyone in return for
business, service, or confidential
information except for certain
circumstances;
b. Acceptance of meals, refreshments,
entertainment, accommodations, or travel
arrangements from anyone in return for
business, service, or confidential
information except for certain
circumstances;
c. Guidelines for employees’ and officers’
acceptance of loans from other credit
unions or financial institutions except in
accordance with state and federal law;
d. Acceptance of advertising or
promotional material of reasonable value;
e. Acceptance of discounts or rebates
available to the general public; and
f. Acceptance of civic, charitable,
educational, or religious organization
awards for recognition of service and
accomplishment.
3. Ascertain that the CU has established limits or
dollar amounts for exceptions to the acceptance of
gifts and other items listed in 2 above. Describe
how this is monitored.
a. During test work throughout the audit,
determine adherence to this policy.
4. Certify that upon employment, each new
employee receives a copy of the code of ethics.
5. Confirm that each new employee signs a
statement certifying that:
a. He or she has read and understands the
policy;
2/16/2016
Page 5 of 8
Employees/Volunteer Accounts Audit Program
5/31/11
Audit Procedure
By:
Reference/Comments
b. He or she has or will comply with its
requirements; and
c. He or she is not aware of any violation of
policy on their part that has not been
properly disclosed.
6. Confirm that each employee signs an annual
statement certifying to the points noted in 5 above.
7. Establish that the CU has a conflict of interest
disclosure statement for appropriate officers and
employees.
8. Ascertain that upon employment, new
employees complete and sign a conflict of interest
disclosure statement about themselves and family
members.
9. Document that the conflict of interest disclosure
contains the following information:
a. Financial interest information;
b. Outside organization affiliations or
employment; and
c. Creditors.
10. Confirm that each employee annually submits
a conflict of interest disclosure regarding the
information outlined in 9 above.
11. Substantiate that there are procedures in place
for employees to report to an immediate supervisor
potential conflicts of interest or improper gifts.
12. Verify that employees who plan to accept a
directorship of another organization, unless it is a
charitable or nonprofit organization, obtain the
pre-approval of the president and board.
13. Examine how the CU procedures outlining
violations to the credit union’s conflict of
interest/code of ethics policy will be handled.
2/16/2016
Page 6 of 8
Employees/Volunteer Accounts Audit Program
5/31/11
Audit Procedure
By:
Reference/Comments
14. Verify that all violations of the policy are
reported to the board of directors directly or
through the supervisory committee.
15. Determine that the policy contains a provision
for fair and accurate accounting standards.
16. Verify that the policy contains a provision for
employees to report irregular accounting practices
to the board without fear of reprisal.
17. Perform test work to determine any violations
of the Code of Ethics.
18. Perform similar test work for volunteers.
Ensure that Policy is in compliance with NCUA
Rules and Regulations.
GUI Spectrum
1. Document and ensure adequacy of procedures
authorizing employees “zz” authority; note who is
authorized and if anyone is restricted
2. Determine if there are formal procedures for
allowing access to restricted accounts.
Enforced Leave
1. Determine if all staff took their required 5 day
enforced leave during the most recently ended
calendar year.
2. Document controls in place to limit access to
systems while on leave.
3. Review system records to determine if there has
been any system access (remote or otherwise) by
employees while on leave (use the same sample of
35 as above.)
4. Review payroll records to determine if the
employee actually took the enforced leave dates
off as stated on their staff leave request sheets (use
the same sample of 35 as above.)
5. Determine if employees used their proximity
pass during their enforced leave (use the same
sample of 35 as above.)
6. Determine if there has been any telephone
contact with staff during leave.
2/16/2016
Page 7 of 8
Employees/Volunteer Accounts Audit Program
5/31/11
Audit Procedure
By:
Reference/Comments
7. Look for existence of any other actions taken
during enforced leave that is either inappropriate or
in violation of Policy and/or the Employee
Handbook.
2/16/2016
Page 8 of 8