Chapter 17 Administrative Services Audit Overview Before you
advertisement
CHAPT ER 17 Administrative Services Audit OVERVIEW Before you embark on an internal audit of your credit union’s administrative services, you should consider a few salient points. Does your credit union track administrative costs on a periodic (usually monthly) basis and from year to year? These records are important to consider when conducting the audit because they compare current expenses with past expenses. If a previous audit made suggestions on how to reduce costs and increase efficiency in telephone operations, for example, then looking at associated expenses since implementation might show if the suggestions achieved the desired results. Does your credit union continually look for ways to improve administration? While conducting a preliminary audit of this function, you should ask managers if they have implemented any new policies or procedures, systems, or equipment since the last audit. You should also ask them if they have any suggestions to help improve operations. Does your credit union adjust administrative services to accommodate credit union growth, especially when adding staff? As part of your audit, you should try to gauge if administrative services are sufficient to meet current and projected future credit union needs. The audits presented in this chapter will help you to evaluate administrative services in your credit union. The goals for the audits in this chapter are to: Provide your credit union with procedures to monitor administrative services. Determine if your credit union has any unnecessary administrative expenses. Internal Control Review Performed by: Reviewed by: W/P Reference: AUDIT OBJECTIVES To evaluate the implementation and effectiveness of controls over purchase of office supplies. To test the appropriateness of selected transactions. To investigate the possibility of unauthorized activity, such as unwarranted favors, bribes, or other fraud, in the areas of both business and personal expenses. To ascertain the adequacy and propriety of bidding procedures for applicable jobs or services. To test the sufficiency and accuracy of supporting documentation for inventory and applicable expenditures, and to review physical controls of inventory. AUDIT PROCEDURES Date Completed Prepare an organizational chart of the appropriate department or branch. Prepare a list of employees assigned to each operation; obtain a specimen signature list and a brief description of duties. When appropriate, prepare flow charts of specific operations. Record any unusual situation that exists or recently occurred in the applicable department or branch, such as large staff turnover, realignment of responsibilities, etc. Ascertain who has authority to sign for purchases, then and after the reorganization or turnover. Compare volume of purchases then and now. Date Completed Review the expense reports for all supervisory personnel involved in the administrative services operations. Examine the reports for reasonableness and proper approval, but also for expenses involving vendors or other activity that could cause a conflict of interest violation. Review that supplies are adequate, well maintained, and readily available. Determine that accepted credit union policies and procedures are employed. (Look for unauthorized forms or unusual procedures.) Review the purchasing procedures from the issuance of a purchase requisition by a department until payment is made by accounting. Obtain a listing of employees who are authorized to approve purchase requisitions, purchase orders, invoices, and supply requisitions. Define the dollar limits of their authority. Determine if the limitations appear reasonable. For audit purposes, select all blanket purchase orders, all purchase orders over [insert amount], and [insert number] purchase orders on a random basis. For purchase orders selected, perform the following tests: Determine if purchase orders are correctly completed and approved by the proper authority. Determine if purchase requisitions are correctly completed and approved by the proper authority. Determine if the prices, quantities, item descriptions, terms, and conditions are in agreement on the purchase requisition, purchase order, invoice, and receiving report. Evaluate the follow-up procedures for short shipments and back orders. Ascertain that all purchase orders have been accounted for. Review and evaluate the method of control. Determine that blank purchase orders are properly controlled and safeguarded. Date Completed For major purchases, evaluate the procedures to obtain competitive bids. Determine the criteria used to select bidders. Examine all debit and credit memos for purchase orders selected. Determine if debit memos have been completed accurately, documented, and approved by the proper authority. Trace payments, debit memos, and credit memos to the general ledger. Scan the commonly used general ledger accounts for unusual entries, review the supporting documentation, and obtain explanations. Determine if the accounting classifications of purchased items appear reasonable. Review [insert number] items charged to the following categories: Utilities Maintenance and repairs Telephone and supply expense Determine if the expenditures were reasonable for the type of service performed. Review the systems of controlling purchased items from the point of receipt until use for their intended purpose. Fixed Asset Review Performed by: Reviewed by: W/P Reference: AUDIT OBJECTIVES To determine whether the credit union has adequate policies, procedures, and controls for the acquisition, maintenance, and disposition of fixed assets. To document whether the current and planned levels of fixed assets are consistent with the credit union’s business plan. To verify whether the current and planned levels of fixed assets are detrimental to the credit union. To evaluate the scope and adequacy of accounting procedures and auditing functions for fixed assets. AUDIT PROCEDURES Date Completed Review audit scoping material related to fixed assets. Review the preceding report of audit and fixed asset-related exceptions noted and determine whether management has taken corrective action. Analyze the credit union’s policies and procedures regarding the acquisition and disposition of, and total investment in, fixed assets and related annual expenditures. Determine the reasonableness relative to the following items: Business plan. Capital structure. Earnings. Date Completed Nature and volume of operations. Future goals and objectives. Future earnings. Conflicts of interest. Affiliate or insider transactions. Document if the board approved material acquisitions and dispositions. Discuss major planned capital expenditures with management. Obtain a schedule of fixed assets and their accumulated depreciation. Balance the schedule to the general ledger. Determine if the credit union properly reported fixed assets on the 5300 report. For major purchases, determine if the credit union obtained independent appraisals, or competitive bids, and whether the transactions meet regulatory requirements. Document whether accounting treatment and reporting of fixed assets are correct. Verify the adequacy of feasibility and cost analysis studies supporting the credit union: Investment in large new projects where the credit union will expect rental income to reduce substantially its cost of occupancy. Branch operation expansions. Review lease pertaining to fixed assets. Evaluate if lease terms are having an adverse effect on the credit union’s profitability and operations. Establish if the credit union granted affiliates or insiders favorable lease terms to the detriment of the credit union. Date Completed Determine whether credit union personnel are improperly using the credit union fixed assets for their own benefit. For sales, determine if the credit union financed the sale consistent with the conditions and terms offered to the general public and if the credit union received market value for the property. Review documentation and determine whether the credit union made prudent decisions regarding assets sold and subsequently leased back; use present value techniques to determine cost to the credit union. Ascertain the effectiveness of sale/leaseback agreements and whether the credit union accounts for them according to GAAP and NCUA guidelines. Obtain an explanation for the extended holding period of the site(s) if the credit union acquired real estate for use as an office or related facility more than three years ago but had not developed it. Document the explanation in the audit report. Note: If a federal credit union has acquired unimproved land for future expansion it has up to six years to partially occupy the premises. (12 CFR 701.36(b)) Determine if the credit union accounts for any real estate it no longer intend to develop for its own use as REO. For credit unions that share facilities with other financial institutions, determine whether the credit union has adequate guidelines to avoid conflicts of interest and usurpation of corporate opportunity. This should include a plan that addresses the following items: Specific areas where conflicts and abuses can occur. Policies and actions that avoid potential conflicts and abuse. Procedures to deal with individuals who violate such policies. For sales judged to be below fair market value, determine the need for reappraisals. Date Completed Determine whether the credit union carries property and equipment being held for sale, or no longer in use, at the lower of adjusted cost or market value. If there is evidence the credit union does not expect to recover the adjusted cost of major facilities still in service (that is, items that the credit union uses and not held for sale), determine if the credit union has written down or classified such items. Relate any funding commitments under lease agreements and fixed asset expenditures, if significant to review of liquidity. Determine that the credit union makes adequate provisions for the following items: Maintenance of adequate hazard insurance, public liability insurance, nonowner automobile protection insurance, and automobile property damage insurance, as applicable. Arrangements for sharing equipment or facilities (e.g., electronic data processing) with others. Periodic physical inventories of other fixed assets and reconciliations to fixed asset records. Inventory Control Review Performed by: Reviewed by: W/P Reference: AUDIT OBJECTIVES To verify that procedures are in place that will protect the credit union’s assets. To determine that records are complete so that assets can be accounted for accurately. AUDIT PROCEDURES Date Complete d Review all inventory control cards maintained at the warehouse. (The warehouse may be an off-site storage facility or on the premises.) Review highusage items, obsolete inventory, high unit cost items, items obtained under blanket purchase orders, and items subject to theft. Select [insert number] items for testing on a judgment basis. For those items selected, perform the following tests: Review the inventory ledgers. Compare the inventory additions with receiving reports, purchase orders, and invoices. Determine that all documents have been properly approved. Compare the inventory issues with supply requisitions. Determine that supply requisitions are properly approved. Trace the supply requisitions (issues) to the general ledger. Take a physical inventory of selected items and compare the count with the quantity recorded on the inventory card. Date Complete d Determine if the quantities on hand appear to be reasonable considering usage. Evaluate the system used to determine the total value of supply inventory. Describe and evaluate the system of reordering quantities based on maximum/minimum levels. Inspect the inventory in central supply. Evaluate the controls, procedures, fire control system, and other means used to safeguard the assets of the credit union. Include key distribution. Select [insert number] items for inventory and trace to the inventory control ledger(s). Look for slow moving items, high total value items, high unit cost items, or unusual items that appear to be extravagant or unnecessary. For those items selected, perform the following steps: Take a physical inventory and compare the count with the quantity recorded on the inventory card. Review the inventory ledger. Compare the inventory additions with receiving reports, purchase orders, and invoices. Ascertain that all documents have been properly approved. Compare the inventory issues with supply requisitions. Ascertain that supply requisitions are properly approved. Trace the supply requisitions (issues) to the general ledger. Determine if the quantities on hand appear to be reasonable considering usage. Exhibit 17.1 contains model audit reports for premises and equipment, office property and equipment, and furniture and fixtures that can be used for this review. You may need to customize the model forms for your credit union’s needs. Telephone Review Performed by: Reviewed by: W/P Reference: AUDIT OBJECTIVES To establish that controls are in place so that proper accounting can be made regarding telephone expenses. AUDIT PROCEDURES Date Complete d Obtain a listing of telephone and extension numbers from the telephone company. Review the listing to determine authenticity and accuracy of content. Randomly select telephones by key set configuration and determine that charges for service and equipment are accurate. Obtain telephone bills from the accounting division. Review bills for calls outside the local area to determine if abusive practices exist. Mailroom Review Performed by: Reviewed by: W/P Reference: AUDIT OBJECTIVES To determine that procedures are in place to handle mail efficiently and to deliver mail internally in a timely manner. To ascertain that controls are in place so that the most economical and appropriate postage or method of shipping is used when sending credit union material. AUDIT PROCEDURES Date Completed General Administration Is a designated area of the credit union reserved exclusively for mailroom activities? Is the mailroom in an easily accessible location? Is a regular mailing schedule maintained and followed consistently? Is outgoing mail checked for the appropriate zip codes? Is incoming mail date-stamped? Does the credit union qualify for a special bulk rate? Does the credit union maintain a special business reply advance deposit account at the post office? Does the mailroom ever obtain a certificate of mailing when a proof of mailing is needed prior to a mailing deadline? Date Completed Are insurance receipts maintained? Equipment Is the mailroom sufficient in size for the volume of incoming/outgoing mail? Is there an automatic postal meter? Are postage scales used? Are automated mail opener machines implemented? Is mailroom furniture adequate for mailroom use? Is the mailroom kept tidy? Is there adequate lighting in the mailroom? Materials Does the mailroom maintain a variety of envelopes on hand to accommodate items being mailed? Is the phrase “Address Correction Requested” printed on the outside of envelopes? Personnel Do department employees maintain confidentiality with respect to job-related information? Are there written job descriptions for every position in the department? Do new employees receive any type of formal training? Interoffice Mail Is consideration given to the elimination of unnecessary internal mailings in order to cut down on “paper pollution?” Date Completed Are reusable envelopes used for intra-credit union mail? Are mailings to employees made in-house rather than through the postal service? Mail Deposit Processing Review Performed by: Reviewed by: W/P Reference: AUDIT OBJECTIVES To ascertain that mail is handled in a secure manner. To determine that mail is sorted and delivered internally in an expedient manner. AUDIT PROCEDURES Date Completed Determine if incoming mail is signed for by someone in mail processing. Review settlement sheets of mail tellers to determine that proper procedures are in effect for handling: Cash Checks Loan payments Deposits Withdrawals Determine if a system is in effect that accurately accounts for all incoming items and their eventual distribution. Determine if security is adequate for this area. Office Automation (Personal Computers) Review Performed by: Reviewed by: W/P Reference: AUDIT OBJECTIVES To determine that personal computers are secure and protected. To verify that procedures are in place so that data can be recalled after a disaster and PCs are online within a reasonable time after any disruption in service. AUDIT PROCEDURES Date Completed Determine the types of security and password controls available and evaluate how effectively they are used. Verify whether written policies and procedures are in place covering the security classifications of key office documents and data. Confirm whether employees understand these classifications. Review a sample of files that have not been password protected and determine whether they should be protected. Ascertain whether office automation equipment password and user identifications (IDs) are changed on a regular basis. Establish whether backup procedures are adequate for automation equipment files and whether backup disks are stored in secure off-site locations. Visit office automation equipment areas during hours and determine whether: Machines are turned off and locked. Date Completed Draft reports, disks, and other sensitive materials are adequately secured. Critical equipment such as local area network (LAN) file controllers are physically secured in separate facilities. Substantiate whether office automation equipment is properly identified with tags, and trace a sample to the asset inventory records. Confirm whether the archiving of word processing documents is consistent with any special document retention requirements. Validate whether important, older documents can be readily retrieved. Identify “gateways” from the office LAN to mainframe or other computer systems and evaluate potential information security vulnerabilities. Authenticate whether any modems are attached to LAN microcomputers and whether security controls preclude improper access to other LAN devices. Departmental Manuals Review Performed by: Reviewed by: W/P Reference: AUDIT OBJECTIVES To ensure that all departmental manuals are current and are updated regularly. To determine that the manuals are complete in describing the necessary procedures for a department and cover all compliance matters applicable to the specific department. AUDIT PROCEDURES Date Completed Have formal standards, policy, and procedures been established and put in writing for each department within the credit union? Is there a standard or policy committee to review and set procedures? Does the manual contain the following: Procedures to follow A required documentation package Specific parameters to be used, such as standard abbreviations and standard terminology Program testing procedures Procedures for changing policy, direction, or procedures Compliance requirements Which employee maintains the manuals to make sure they are current? Date Completed Where are the manuals kept? Who is responsible for ensuring that standards are followed within the department? Are documentation standards included in the manual? Do documentation standards require the following to be in a separate section: Narrative Documentation of program changes with effective dates Procedures Are documentation standards generally followed? Who reviews documentation for adequacy before a procedure is accepted as complete? Who is responsible for ensuring that documentation is current? How are changes to documentation made? Describe the procedure for instituting manual changes. How are changes requested? Who authorizes changes? Is the auditor notified of these changes? Property and Equipment Review Performed by: Reviewed by: W/P Reference: AUDIT OBJECTIVES To establish that procedures are in place to adequately account for property and equipment. To determine that the proper records are utilized to correctly record depreciation or amortization of the property or equipment required to be accounted for. AUDIT PROCEDURES Date Completed Cost and General Issues Obtain a schedule for the period showing, by account, beginning balance, additions, retirements, other changes, and ending balance. Check clerical accuracy and trace beginning balances to prior year’s work papers and ending balances to trial balance. Obtain schedules, by account, of additions (including date, vendor, description, new or used, life depreciation method, and cost) and retirements (including acquired and disposal dates, purchaser or disposition, description, life depreciation method, cost, accumulated depreciation, sales proceeds, gain or loss, and depreciation recapture). Check clerical accuracy and agree totals to summary schedule. Review capitalization policy and ascertain that additions were capitalized assets and that lives assigned are reasonable. For additions and retirements over minimum amounts set forth below, correlate additions to purchase invoices and supporting data; examine Date Completed sales memos, invoices, contracts, etc., in support of proceeds from sales of items: Account Additions Land $_____ $__________ Building _____ __________ Leaseholds _____ __________ Furniture and fixtures Autos Retirements _____ _____ __________ __________ Inspect title policy, grant deed, and purchase contract to determine validity and amount of land acquired. For significant retirements, trace costs and accumulated allowances to detail records and check computation of applicable allowances. Agree gain or loss to profit and loss account(s). Trace large additions, retirements, and transfers to authorization from responsible credit union officials, capital budgets, and board minutes. Compare actual amounts with authorized amounts and inquire as to nature and approval for any significant differences. Review property transactions with affiliated persons or entities, and between the credit union and its credit union service organization (CUSO), for unusual transactions. Review for evidence of transactions in leased assets to ascertain if they should be or have been properly capitalized. Consider confirming pertinent terms with the lessor. Exhibit 17.1 contains model audit reports for premises owned and leasehold improvements that can be used for this review. You may need to customize the model forms for your credit union’s needs. For additions over [insert amount]: Examine tax bills, insurance policies, vehicle licenses, and other data on a test basis for indications that property, plant, and equipment are rec- Date Completed orded and that the credit union has title to such assets. Physically inspect additions on a test basis. From observations, discussions with employees, and knowledge of operations and current period additions, ascertain if there are any indications of unrecorded sales, retirements, or other disposals of significant property items. Review the nature of charges to repairs and maintenance to see if any additions were erroneously expensed. Ascertain if any property and equipment are encumbered with respect to notes, contracts, or other debt. Schedule net carrying amounts of such items. Determine the gross amount of fully depreciated assets and review the propriety of treatment. Inquire as to, and obtain information on, any major expansion of programs, their estimated total cost, and the amount of commitments outstanding. Follow up in connection with a post-balance sheet review. Allowances for Depreciation and Amortization Obtain a schedule for the period showing, by account, beginning balance, additions (provisions), deletions (sales, retirements, transfers), and ending balance. Check clerical accuracy and trace beginning balances to prior year’s work papers and ending balances to trial balance. Prepare an overall test of depreciation expenses for the period. Check consistency of methods applied and summarize methods and lives for recent purchases. Correlate additions (provisions) on summary schedule to expense accounts and other accounts. Date Completed Review the adequacy of accumulating allowances in relation to estimated useful lives and possible net salvage values, and propriety of amortization of leasehold property improvements in relation to the period of the lease or the estimated life of improvements, whichever is shorter. If depreciation is computed for tax purposes (depending on the credit union’s exemption status) differently than for statement purposes, reconcile period provisions and accumulated amounts at end of period to the amounts on the return. Test check computations as appropriate. Exhibit 17.1 contains a model accumulated depreciation audit report that can be used for this review. You may need to customize the model form for your credit union’s needs. Record Retention Review Performed by: Reviewed by: W/P Reference: AUDIT OBJECTIVES To determine that the credit union follows regulatory guidelines on record retention periods. To confirm that a destruction date appears on all boxed records. AUDIT PROCEDURES Date Completed Review archive (record) procedures. Determine the adequacy of control of the records and policy exercised by observation and interrogation of operating personnel. Verify that the records retention schedule policy is being followed. Check that written authorization is required for access to archives by other than authorized employees. Ascertain whether a signed receipt is required for any material that is to be removed from archives. Determine whether adequate facilities are available for storing and safeguarding records. Check that the material received from credit union departments for sorting is properly labeled and that the retention date is noted. Determine that proper methods are used in the disposal of records. Sale of Equipment Review Performed by: Reviewed by: W/P Reference: AUDIT OBJECTIVES To ensure that the credit union receives the best sale price on all property and equipment to be sold. To determine that the property and equipment is actually surplus and has been approved for sale. AUDIT PROCEDURES Date Completed Evaluate the procedures for controlling the sale and disposition of office equipment, furniture, fixtures, automobiles, or other surplus items. Select [insert number] transactions and perform the following tests: Determine that the sale is fully documented and properly approved. Ascertain that the item sold or disposed of is actually surplus. Determine if the sales price appears to be fair and reasonable and if it was established in an arm’s-length transaction. Trace the sale to the appropriate general ledger account. Contingency Planning Review Performed by: Reviewed by: W/P Reference: AUDIT OBJECTIVES To determine whether senior management has instituted a current workable contingency planning process throughout the credit union. To establish that there is an effective recovery planning process in the event a disaster or major disruption disables credit union operations. AUDIT PROCEDURES Date Completed Cost and General Issues Determine if the board of directors has approved a credit unionwide contingency plan. Establish if a senior manager has been assigned responsibility to oversee development, implementation, and maintenance of the credit union contingency plan. Verify if management periodically reviews and prioritizes each operational unit, department, and facility as to its critical importance to the credit union. If so, how often are the reviews conducted? Review the written contingency plan and verify if it: Addresses all critical operational units, departments, and facilities Has a clear and current telephone calling tree Date Completed Clearly defines responsibilities and decisionmaking authorities for the designated teams or employees Documents guidelines for recovery-related expenses for insurance/taxloss claims Has designated a spokesman for the credit union Identifies needed office supplies and equipment Addresses the recovery of free-standing personal computers (PCs) and local area networks (LANs) Ascertain whether adequate procedures are in place to ensure the plan is maintained in a current fashion and is upgraded regularly. Determine if management and staff are adequately trained on their specific responsibilities under the plan. Premises and Equipment Review Performed by: Reviewed by: W/P Reference: AUDIT OBJECTIVES To determine if the policies, practices, procedures, and internal controls regarding premises and equipment are adequate. To verify if officers and employees are operating in conformance with established guidelines. To ascertain the adequacy and propriety of the credit union’s present and planned investment in premises. To establish compliance with laws and regulations. To initiate corrective action when policies, practices, procedures, or internal controls are deficient or when violations of laws or regulations have been noted. AUDIT PROCEDURES Date Completed Cost and General Issues Determine the scope of the examination. Test for compliance with policies, practices, procedures, and internal controls in conjunction with performing the remaining procedures. Also, obtain a listing of any deficiencies noted in the latest review conducted by external auditors. Obtain a summary of changes in fixed-asset and depreciation ledgers that have occurred since the previous audit. Also, balance each of the fixedasset subsidiary accounts to the appropriate general control account. Date Completed Verify, by reference to excerpts of the minutes of the board meetings, that all major additions and disposals of fixed assets are properly documented. Ascertain by observation and inquiry of appropriate management personnel that the credit union’s general ledger has been properly adjusted to reflect significant assets that are idle, abandoned, or useless. In instances where credit union premises are subject to lease, perform the following for: Credit union as lessee: For each lease that has an initial lease period of more than one year, obtain: Name of lessor Expiration date Required minimum annual payments Current status Renewable option provisions Credit union as lessor: Determine if the credit union relies on rental income to contribute to payment of occupancy expenses and if the income is material. As a general guideline, rental income is considered material if it equals or exceeds 1 percent of total operating revenues. If rental income is material, analyze the credit union’s potential exposure from: Concentration among lessees Impending expiration of major leases Lack of creditworthiness of lessee Date Completed Noncompliance with lease terms To the auditor assigned “Funds Management,” confirm: The total minimum annual commitment under various lease agreements. The dollar amount of any significant future fixed-asset expenditure(s). By reference to appropriate work papers, determine that fire and hazard insurance, in sufficient amounts, is in force. Perform a limited test of the records to verify that depreciation methods are consistent with credit union policy, prior years’ calculations, GAAP, and applicable IRS laws. Analyze the credit union’s investment in fixed assets and the annual expenditures required to carry them and determine their reasonableness relative to: Present total capital structure Present annual earnings Projected future earnings Nature and volume of operations Review the following with appropriate management personnel: Any internal control deficiencies Any policy deficiencies Any violation of law Review findings with respect to the propriety and adequacy of present and projected investment in credit union premises. To assist in this endeavor consider: Size of credit union Date Completed Cash flow forecasts Existing fixed-asset investments Anticipated growth potential Credit union programs to maintain assets at their most optimal use The policy used to establish the useful life of each asset Control of inventory procedures Systems used to record all asset purchases, sales, and retirements between physical inventories Prepare comments regarding deficiencies or violation of law for inclusion in the audit report. Prepare the appropriate write-ups for the report. Update work papers with any information that will facilitate future audits. Purchasing Questionnaire Yes Purchasing Are all supplies purchased after receiving a supply request? Are supplies kept in an area that is secure? When supplies are ordered, is the request reviewed for proper approval? Prepared by: Title: Date: ADDITIONAL COMMENTS: No Remarks Fixed Assets Questionnaire Yes Does an officer who does not also control related disbursement or receipt of funds sign for the acquisition or disposal of property? Does the credit union have procedures that require the board’s approval for all major acquisitions or dispositions of property? Does the board approve all major transactions? Do the credit union’s procedures require an independent appraisal of an asset to determine the propriety of the proposed purchase or sale price? Do the credit union’s procedures require that regular charges be made for depreciation expense? Does an employee who does not also have sole custody of the property prepare, execute, post, and adequately review records for the acquisition, disposition, or depreciation of property? Does an employee who does not have sole custody of the property balance all applicable property and depreciation records to the appropriate general ledger at least quarterly? Does an employee who does not also have sole custody of the property post subsidiary property and applicable depreciation records? Does an employee who does not also have sole custody of the property balance subsidiary property and applicable depreciation records to the appropriate general ledger accounts? Do credit union policies provide for division of the duties involved in billing, collecting, and posting of rental pay- No Remarks Yes ments? Does the credit union monitor the lease agreement terms? Does the credit union perform credit checks on potential lessees? Do credit union policies provide for periodic review of lessees to identify concentrations of affiliated or related concerns? Does the credit union have a clearly defined method of determining whether it should own or lease fixed assets? Does the credit union maintain supporting documentation? Does the credit union have procedures to determine whether a lease is a capital or an operating lease as defined by GAAP? Do the credit union’s operating procedures for capital leases provide for the review of the amount recorded for accuracy? Are credit union personnel aware of the existence of guidelines for shared facilities? Do personnel adhere to these guidelines? Are the personnel of the other entity aware of the credit union’s guidelines for shared facilities? Do they have their own guidelines? Do personnel adhere to both sets of guidelines? Do the credit union’s procedures preclude persons who have access to property from having sole custody of property, in that: Its physical character or use would make any unauthorized use or disposal readily apparent? No Remarks Yes Inventory control methods sufficiently limit accessibility? Do the credit union’s procedures require review of additions to fixed assets to determine whether they represent replacement? Does the credit union clear any replacement items for the accounts? Do the credit union’s procedures require signed receipts for removal of equipment? Does the credit union periodically perform a physical inventory of credit union equipment? If so, does an employee who does not also have sole custody of the property review any differences from inventory records? Do the credit union’s procedures provide for serial numbering of equipment from inventory records? Does the credit union maintain separate property files that include invoices, titles, and other pertinent ownership data as part of the required documentation? Does the credit union have adequate physical safeguards for the property? Does the credit union account for property and equipment individually? Do credit union personnel improperly use the credit union’s fixed assets for their own benefit? Does the credit union have written procedures for selecting a seller, servicers, insurer, or purchaser of major assets to prevent any possibility of a conflict of interest or self- dealing? Does the credit union obtain the benefit of expert tax advice from external auditors before making financial decisions No Remarks Yes on material transactions involving fixed assets? Do officers and directors periodically review the adequacy of insurance coverage? Prepared by: Title: Date: ADDITIONAL COMMENTS: No Remarks Mailroom Questionnaire Yes Mail Department Is mail opened and sorted in a timely fashion? Is a record kept of all outgoing certified/registered mail? Is returned mail forwarded to one employee not involved in operations? Mail Deposits Is mail opened only under dual control? Is all cash received placed in the log? Are employees, other than the mail handlers, given the deposits for processing? Is the processing of mail tested by a third person for completeness? Prepared by: Title: Date: ADDITIONAL COMMENTS: No Remarks Property and Equipment Questionnaire Yes Are the detailed fixed assets records reconciled to the general ledger monthly? Do the detailed fixed assets records contain sufficient information to identify the asset? Does the credit union have established policies for: Capitalization limits Establishing useful lives Selection of depreciation method Does the credit union have adequate physical safeguards for the property? Is each property item assigned a number? Is physical inventory of fixed assets performed periodically? Are records maintained of fully depreciated assets still in use, even if such items are written off? Are major additions approved by the board of directors? Is a periodic review of the adequacy of insurance coverage made by officers and directors? Do procedures ensure that all additions are reviewed to determine whether they represent replacements and that any replaced items are cleared from the accounts? Is the preparation and posting of property records performed by persons who do not have sole custody of property? Are recorded gains and losses on sales of property subsequently checked by reference to supporting documents No Remarks Yes (e.g., sales invoices, contracts) by persons who do not have sole custody of property and who do not have responsibility for the cash receipts function? Are depreciation methods tested to see that proper methods are followed, that the amounts charged are correct, and that overall consistency is evident? If the credit union rents out office space, are the leases checked and is the income from this operation checked? Prepared by: Title: Date: ADDITIONAL COMMENTS: No Remarks Records Retention Questionnaire Yes Do the credit union’s procedures for document retention include the following: The general guidelines under which records are retained? Maintenance and review of records to be retained? Storage and security of records, including the storage location? A schedule of records to be destroyed? The requirements of each specific regulation that has record retention provisions (e.g., Regulations B and Z, RESPA, and others contain records retention requirements)? Policies regarding maintenance, retention, and destruction of microfilmed records? Is there a policy covering record retention? Are records kept in a secure location? Are the records inventoried by department? Prepared by: Title: Date: ADDITIONAL COMMENTS: No Remarks Premises and Equipment Questionnaire Yes Do the credit union’s procedures prohibit employees who have access to property from having “sole custody of property,” in that: Its physical character or use would make any unauthorized disposal readily apparent? Inventory control methods sufficiently limit accessibility? Is the addition, sale, or disposal of property approved by the signature of an officer who does not also control the related disbursement or receipt of funds? Is the board’s approval required for all major additions, sales, or disposals of property? (If so, indicate the amount that constitutes a major addition, sale, or disposal $____.) Is the preparation, addition, and posing of property additions, sales, and disposals records, if any, performed and/or adequately reviewed by persons who do not also have sole custody of property? Are property additions, sales, and disposal records, balanced, at least annually, to the appropriate general controls by persons who do not also have sole custody of property? Are the credit union’s procedures such that all additions are reviewed to determine whether they represent replacements and that any replaced items are cleared from the accounts? Do the credit union’s procedures provide for signed receipts for removal of equipment? Do the credit union’s policies cover procedures for selecting a seller, servicer, insurer, or purchaser of major assets (through competitive bidding, etc.) to prevent any possibil- No Remarks Yes ity of conflict of interest or self-dealing? Do the review procedures provide for appraisal of an asset to determine the appropriateness of the proposed purchase or sales price? Is the preparation, addition, and posting of periodic depreciation records performed and adequately reviewed by employees who do not also have sole custody of property? Do the credit union’s procedures require that regular charges be made for depreciation expense? Are the subsidiary depreciation records balanced, at least annually, to the appropriate general controls by employees who do not also have sole custody of property? Are subsidiary property records posted by employees who do not also have sole custody of property? Are the subsidiary property records balanced, at least annually, to the appropriate general ledger accounts by employees who do not also have sole custody of property? Do policies provide for division of the duties involved in billing and collection of rental payments? Are the lease agreements subject to the same direct verification program applied to other credit union assets and liabilities? Are credit checks performed on potential lessees? Do policies provide for a periodic review of lessees for undue concentrations of affiliated or related concerns? Does the credit union have a clearly defined method of determining whether fixed assets should be owned or leased, and are supporting documents maintained by the credit union? No Remarks Yes Are procedures in effect to determine whether a lease is a “capital” or an “operating” lease as defined by GAAP? On “capital” leases, do the credit union’s operating procedures provide that the amount capitalized is computed by more than one employee and/or reviewed by an independent employee? Is the physical existence of credit union equipment periodically checked or tested, such as by a physical inventory, and are any differences from property records investigated by persons who do not have sole custody of property? Do the credit union’s procedures provide for serial numbering of equipment? Are the credit union’s policies and procedures on property in written form? Does the credit union maintain separate property files that include invoices (including settlement sheets and bills of sale, as necessary); titles (on real estate or vehicles); and other pertinent ownership data as part of the required documentation? Prepared by: Title: Date: ADDITIONAL COMMENTS: No Remarks Disaster Recovery Compliance Questionnaire AUDIT OBJECTIVES Determine that adequate internal controls are structured to assure senior management that: Records are being processed accurately and in a safe and sound manner. Accounting data is reliable. Operating procedures are efficient and effective. Procedures are in effect to ensure continuity of services. High-risk conditions, functions, and activities are identified and effectively monitored. There is proper adherence to management standards and policies, applicable laws and regulations, regulatory statements of policy, and other guidelines. AUDIT PROCEDURES Yes Has the board approved a credit union-wide contingency plan within the last 12 months? Is a senior manager assigned responsibility to oversee development, implementation, and maintenance of the corporate contingency plan? Does management periodically review and prioritize each business unit, department, and functional unit for its critical importance? How often are the reviews conducted? Has management reviewed the written disaster recovery plan to verify that the plan: Addresses all the critical business units, departments, and functions identified in question 3? No Remarks Yes Includes a clear and current employee/manager notification tree? Clearly defines responsibilities and decision-making authorities for designated teams and/or staff members? Documents guidelines for recovery-related expenses for later insurance or tax loss claims? Designates a public relations spokesperson? Identifies sources of needed office supplies and equipment? Addresses the recovery of free-standing personal computers (PCs) and local area networks (LANs) (if this is not included in the plan, determine whether a separate plan for recovery of these resources exists)? Are adequate procedures in place to ensure that the plan is maintained in a current manner and updated regularly? Are personnel adequately trained in their specific responsibilities under the plan? How often is the corporate contingency plan tested? Are all critical business units, departments, and functions included in the testing? Does management verify that tests include: Goals that are set in advance? Realistic conditions and activity volumes? Use of actual backup system and data files from off-site storage? Post-test analysis report and review process that includes No Remarks Yes a comparison of test results to the original goals? Development of a corrective action plan for all problems encountered? Are interdependent departments involved in testing at the same time to uncover potential conflicts? Does the data center have a properly documented contingency plan? Does the IT contingency plan properly support and reasonably reflect the goals and priorities identified in the credit union contingency plan? Does the written IT contingency plan: Clearly identify the management individuals who have authority to declare a disaster? Clearly define responsibilities for designated teams or staff members? Explain the actions to be taken in specific emergency situations? Allow for remote storage of emergency procedures manuals? Define the conditions under which the backup site would be used? Include procedures for notifying the backup site? Include procedures for notifying employees? Establish processing priorities to be followed? Provide for reserve supplies? Does the plan cover all critical resources, including data No Remarks Yes communication networks, automated teller machines (ATMs), etc.? Does the plan address stand-alone PCs and LANs? If not, is there a separate plan for those resources? Is a copy of the IT contingency plan stored off-site? Have arrangements been made for alternative processing capabilities in the event the data center or any portion of the work environment becomes disabled? Are these arrangements documented in writing? If the credit union is relying on in-house systems in separate physical locations for backup, has management verified that the equipment is capable of independently processing critical applications? If the credit union is relying on outside facilities for backup, does the backup site: Have the ability to process the required volume? Provide sufficient processing time for the anticipated workload based on emergency priorities? Allow the institution to use the facility until it fully recovers from the disaster and resumes activity at its own facilities? Does the outside backup facility provider maintain a contingency plan for cases when simultaneous disaster conditions affect several of its customers? Is the credit union informed of any changes at the recovery site (e.g., hardware or software upgrades or modifications) that might require adjustments to credit union’s software or to the recovery plan? No Remarks Yes Does the plan provide physical security at the recovery site? In conjunction with the review of backup tape creation and rotation procedures performed under the operations work program, determine the following: Are duplicates of the operating system available both onand off-site? Are duplicates of the production programs, including both source and object versions, available on- and off-site? Are all programming and system software changes included in the backup? Is backup media stored off-site where it can be retrieved quickly at any time? Does the written IT contingency plan address the backup of the systems and programming function (if applicable), including: Qualifications of personal? Backup of programming tools and software? Off-site copies of program and system documentation? Does the IT contingency plan provide for logical security procedures at the recovery site? In the backup tape creation and rotation procedures performed under the operations work program, are all master files and transaction files backed up adequately to facilitate recovery if a disaster occurs? Does management assess the network environment, including: Individual components in the network? No Remarks Yes Dependence on each component? Probability of a component going down or becoming unavailable or unreliable? Is the IT contingency plan tested at least annually? Are all critical applications and services tested? Do the tests include: Goals that are set in advance? Realistic conditions and activity volumes? Use of actual backup system and data files from off-site storage? Post-test analysis report and review process that includes a comparison of test results to the original goals? Development of a corrective action plan for all problems encountered? Are several user departments involved in testing at the same time to uncover potential conflicts? Prepared by: Title: Date: ADDITIONAL COMMENTS: No Remarks Exhibit 17.1: Model Inventory Control Reports Administrative Services Audit as of MMDDYYYY Audit Reference: Inventory Control Source: Premises and Equipment (net) Description Assets Balance per G/L Land Buildings Leasehold Improvements Furniture & Fixtures Vehicle(s) Land & Buildings held for future use Construction Progress Adjustments Reclass Item Depreciation Correcte d Balance Balance per G/L Adjustments Reclass Item Net Correcte d Balance Balance per G/L Correcte d Balance Exhibit 17.1: Model Inventory Control Reports (cont.) Administrative Services Audit as of MMDDYYYY Audit Reference: Inventory Control Source: Office Property and Equipment Description Adjustments Account Number CU-Owned Premises Depreciatio n Leasehold Improvements Amortizatio n Premises Acquired Furniture & Fixtures Depreciatio n Vehicle(s) Depreciatio n Legend: + Information Verified Balance Prior Year Current Balance Debit Credit Reclassification Adjusted Balance Debit Credit Balance Exhibit 17.1: Model Inventory Control Reports (cont.) Administrative Services Audit as of MMDDYYYY Audit Reference: Inventory Control Source: Furniture and Fixtures Description Account Number Balance Prior Year Legend: F = Foot CF = Cross foot 1 = Agreed to G/L 2 = Tested depreciation reasonableness 3 = Tied to prior year’s schedule 4 = Tied to supporting detail Additions Disposal s Transfers In (Out) Balance Currentl y A/C ____ Depreciatio n Expense Exhibit 17.1: Model Inventory Control Reports (cont.) Administrative Services Audit as of MMDDYYYY Audit Reference: Inventory Control Source: Premises Owned Description Account Number Balance Prior Year Legend: F = Foot CF = Cross foot 1 = Agreed to G/L 2 = Tested depreciation reasonableness 3 = Tied to prior year’s schedule 4 = Tied to supporting detail Additions Disposal s Transfers In (Out) Balance Currentl y A/C ____ Depreciatio n Expense Exhibit 17.1: Model Inventory Control Reports (cont.) Administrative Services Audit as of MMDDYYYY Audit Reference: Inventory Control Source: Leasehold Improvements Description Account Number Balance Prior Year Legend: F = Foot CF = Cross foot 1 = Agreed to G/L 2 = Tested depreciation reasonableness 3 = Tied to prior year’s schedule 4 = Tied to supporting detail Additions Disposal s Transfers In (Out) Balance Currentl y A/C ____ Depreciatio n Expense Exhibit 17.1: Model Inventory Control Reports (cont.) Administrative Services Audit as of MMDDYYYY Audit Reference: Inventory Control Source: Accumulated Depreciation Description Account Number Balance Prior Year Premises Leasehold Improvements Furniture & Fixtures Vehicle(s) Legend: F = Foot CF = Cross foot 1 = Agreed to G/L 2 = Tested depreciation reasonableness 3 = Tied to prior year’s schedule 4 = Tied to supporting detail Charges to Expense Disposals Unrecorded Difference Balance Currently
