Add to collection(s) Add to saved
  1. Business
  2. Accounting

Course Objectives

advertisement 
Highly Effective
Supervisory Committees
1
LLP
©2011
©2011LarsonAllen
LarsonAllenLLP
Dean Rohne, CPA, CIA
Course Objectives
Function and Duties Overview
Governance Issues
Fraud/Risk Awareness
NCUA Examination Trend Awareness
Summary
©2011 LarsonAllen LLP
•
•
•
•
•
2
2
Function
The Supervisory Committee Must –
Operate Within the Bylaws and Overview Credit
Union Operations:
• The Board Establishes Strategic Direction, Policy
Quality Assessments and Supervision
• Employees Interact with Members and Complete
Day to Day Operations
• Internal Audit and Supervisory Committee Evaluates
the Process via External Audit
3
©2011 LarsonAllen LLP
• Management Establishes Procedures, Controls &
Powers, Duties and Responsibilities
Regulatory Sources – Supervisory Committee
The Federal Credit Union Act – Section 115,
The Federal Credit Union Act – Section 202,
Credit Union By-Laws – Article IX,
NCUA Rules and Regulations – Part 715
©2011 LarsonAllen LLP
•
•
•
•
4
NCUA Supervisory Committee Guide
• Last Revised in 1999
• On the Web at
www.ncua.gov/guidesmanuals/su
pervisory_comm/supervisory.pdf
©2011 LarsonAllen LLP
• The Guide is written for
credit unions with noncomplex structures and nonaudit professionals
• Use the Guide to gain an
understanding of the credit
union’s audit scope
5
Duties and Responsibilities
– Elect a chair and secretary
– Conduct an annual audit and special audits as
needed and report results to the board or
directors
– Conduct a verification of members’ accounts at
least once every two years
©2011 LarsonAllen LLP
– Hold regular meetings at least monthly or
quarterly
6
Duties and Responsibilities
– Respond to member and NCUA inquiries
– Report to the membership at the annual
meeting
– Overview internal audit effectiveness
©2011 LarsonAllen LLP
– Participate in and ensure Bank Secrecy Act
(BSA) compliance
7
Duties and Responsibilities
©2011 LarsonAllen LLP
NCUA Rules and Regulation – Part 715.3 Specifics:
To achieve the primary objectives the Supervisory
Committee must determine:
– Internal controls are established and effectively
maintained sufficient to satisfy management objectives
– Audits, verification of members’ accounts, are
evaluated for financial reporting and disclosure
– Accounting records are timely and accurate
– Strategic Plans, policies and control objectives are
properly administered
8
Duties and Responsibilities
To achieve its objectives the Supervisory Committee must determine:
(Continued)
©2011 LarsonAllen LLP
– Policies and controls are sufficient to safeguard against
error, conflict of interest, self-dealing and fraud
– Ensure that the credit union adheres to the filing
requirements for reports filed with the NCUA (Form
5300)
9
Effectiveness
As the Supervisory Committee is a volunteer group with
limited time, resources and skills, it is dependent on them to –
Establish an Effective Audit Effort
Develop Comprehensive Audit Plans and Procedures
Ensure Independence
Employ Qualified Audit Professionals
Monitor Corrective Measures
©2011 LarsonAllen LLP
•
•
•
•
•
10
The Annual Audit
• Establish a budget with the board of directors
• Select and engage an external auditor
• Determine the scope of the audit
Opinion or Non-Opinion
• Arrange the timing of audit procedures
• Review and obtain an understanding of the audit
findings with the auditor
• Follow up on corrective procedures
11
©2011 LarsonAllen LLP
• Review the audit findings with internal audit,
management and the board
Internal Audit
• Establish an Internal Audit Charter
• Determine Internal Audit Authority
• Ensure Independence
• Gather support for all Levels of the
Credit Union
• Determine Internal Audit
Responsibilities
• Assess Effectiveness
12
©2011 LarsonAllen LLP
• Establish Lines of Communication
BSA Requirements
©2011 LarsonAllen LLP
• Training Required for ALL –
Staff and Officials
• Policy requires board of director
approval (board)
• SAR Reporting required to the
board
• Annual independent
assessment of BSA program
internal control effectiveness
13
Credit Union Governance
• Federal Credit Union Act
• NCUA Rules and Regulations
• Bylaws
• Applicable Laws and Regulations
• Board of Directors
– Board Policies
• Management
14
©2011 LarsonAllen LLP
• Supervisory Committee
•
•
•
•
•
•
•
•
•
15
Defined Roles for Board and Management
Compliance with NCUA Rules and Regulations
Active Risk Assessment and Communication
Effective Audits
Management Integrity and Attestation
Performance Evaluation Process
Qualified and Attentive Participation
Promoting Financial Transparency
Financial Training (Now NCUA Mandated)
©2011 LarsonAllen LLP
Good Governance Requires
Policies and Procedures
Document retention
Whistle-Blower protection
Conflict of interest
Dishonesty/Fraud policy statement
Document accounting policies and procedures
©2011 LarsonAllen LLP
•
•
•
•
•
16
Understanding Board Responsibilities
• The Board is Ultimately
ensuring the Credit Union:
Responsible
for
©2011 LarsonAllen LLP
– Is capably managed by capable CEO and staff
– Operates using sound business practices for the good of the
membership
– Complies with all applicable laws and regulations
– Achieves goals stated in strategic plan
– Fulfills its purpose of making low-cost loans and encouraging
thrift
– Provides adequate financial reserves to cover delinquent loans
and other financial risks
– Protects against unauthorized or illegal acts through safe
operating procedures
17
Financial Transparency
• Develop 1 page financial report
• Produce timely and accurate reports
• CEO and CFO should certify reports
• Increase your financial knowledge
• Review methods of recording financial transactions
annually – do they appear appropriate
• Use your web-site to publish information
18
©2011 LarsonAllen LLP
• Always side on disclosing more than needed – don’t cover
up bad results
Financial Statements
• Provide meaningful data
– Variances
– Benchmarks
– Incorporate non-financial (members, # served)
• Provide monthly reports to:
– Department heads
– Board or Oversight Committee
©2011 LarsonAllen LLP
• Provide details or explanation on high risk accounts
• Have a process for asking questions - how are ??
resolved
19
SARBANES OXLEY ACT
Passed in 2002
Corporate Governance
Financial Disclosures
Auditor Relationships
Applies to Publicly traded Co’s registered with
the SEC – Does not directly apply to Credit
Unions
©2011 LarsonAllen LLP
•
•
•
•
•
20
SARBANES OXLEY ACT (Continued)
• SOA AND NCUA – LETTER 03-FCU-07,
OCTOBER 2003
©2011 LarsonAllen LLP
• Credit Unions should address the points in 03FCU-07 in their corporate governance policies
21
SARBANES OXLEY ACT (Continued)
• Require Active Audit Committees
• Financial Reporting Assurances (Sign-Offs)
• Board Responsibilities
• Disclosure of Corrections/Misstatements
• Discourage Related Party Transactions
• Establish and Enforce a Code of Ethics
©2011 LarsonAllen LLP
• Internal Control Reporting
22
SOA - BEST PRACTICE Recommendations
• Get expertise on the Board and committees,
• Renew ethics, fraud and conflict of interest
policies regularly,
• Establish whistle blower provisions,
• Establish charters for all committees,
©2011 LarsonAllen LLP
• Establish a governance policy (qualifications,
responsibilities, access, continuing education)
23
• Document internal controls and test controls
• Avoid employee loans (except in normal course of
business)
• Support compensation based on independent
market data
• Directors and Officers insurance
• Hire qualified and experienced individuals
• Do what fits your credit union – several small high
impact improvements are better than an extensive
plan that isn’t followed
24
©2011 LarsonAllen LLP
Other Areas of Committee Overview
Internal Control
• Under
the
COSO*
Internal
Control-Integrated
Framework, a widely-used framework in the United
States, internal control is broadly defined as:
– A process, produced by a credit union’s board of directors,
management, and other personnel, designed to provide
reasonable assurance regarding the achievement of objectives
in the following categories:
◊ Effectiveness and efficiency of operations;
◊ Reliability of financial reporting;
* Committee of Sponsoring Organizations of the Treadway Commission (COSO). COSO has established a common
internal control model against which companies and organizations may assess their control systems.
25
©2011 LarsonAllen LLP
◊ Compliance with laws and regulations.
26
Consideration
< $25 Million
$25 - $150 Million
$150 - $500
Million
> $500 Million
Organizational
Profile
•Personnel
Resources
•IT management
•Knowledge of
Resources
•Segregation of
Duties
•“Hands On” CEO is
responsible for
system, accounting,
operations, and
strategic planning.
•Limited resources,
knowledge, or time –
will borrow ideas,
policies, and
practices from other
entities
•Outsourced IT
functions for network
admin and data
processing support
•Complete lack of
segregation of duties
due to staff
limitations
•Significant lack of
compensating
controls
•“Hands On” CEO
•Controller/accountin
g manager is typically
the IT manager
•Limited resources or
knowledge-will tend
to borrow ideas,
policies or practices
from other entities
versus self creating
•Varying lack of
Segregation of duties
due to staff
limitations
•Organization will
have begun
development of a
middle management
team
•Varying lack of
Compensating
Controls
•CEO functions as an
“inquiry” only on the
system / on review
•Separate IT
Department staffed by
generalists (1-2
people) with an
emphasis on the Core
Data Processing
system.
•Network functions may
still be outsourced.
•Implementation of
intended security
features at the network
and data processing
system
•Will have a CFO – but
that individual may not
perform like a CFO
•Middle Management
positions may be
staffed-ongoing training
may be inadequate
•Lack of depth of
management team will
create segregation of
duties issues upon
turnover of personnel
•CEO functions as an
“inquiry” only on the
system / on review
•Separate IT
Department
•Knowledgeable/Speci
alized Resources by
Network Administrator,
Core System, Security
Administration
•Active Enforcement of
intended security
features at the network
and data processing
system
•Dedicated CFO that is
knowledgeable of job
responsibilities and
accountabilities
•Middle management
positions will be staffed
and generally have
access to appropriate
ongoing training
•Lack of depth of
management team will
create segregation of
duties upon turnover of
personnel.
©2011 LarsonAllen LLP
FINANCIAL INSTITUTION CHARACTERISTICS BY ASSET SIZE
CONTRASTING CONTROL ENVIORNMENTS
Small credit unions
No segregation of duties
•
•
•
•
27
Teller activity should be balanced
and posted daily.
Check signers are authorized by
the BOD.
Bank reconciliation is done by
manager or someone else who
acts as a teller or signs checks
and records these transactions.
Supervisors handle cash and
generate transactions on the front
line
•
Medium to Large Credit Unions
Some Segregation of Duties
Same
•
Same
•
Bank reconciliation may be done by
someone who does not directly
handle credit union funds or record
them
•
Periodic surprise cash count and
reviews of activities are made by
supervisors.
©2011 LarsonAllen LLP
Cash
Officer and Director Liability
©2011 LarsonAllen LLP
• Insured by D&O Policy
• Reviewed Annually…Ask for copy!
• Directors are indemnified when their actions are
prudent and carried out in good faith and with
reasonable care.
28
Powers The Supervisory Committee Does Not
Have
• To Interfere With Credit Union Operations
• To Establish Policy and Procedures
• To Become involved in Personnel Matters
• To Act on Your Own Aside From the Committee
• To Attend Board Meetings Uninvited
• To Have a Paid Staff, Financial Officer, Board Chair or
©2011 LarsonAllen LLP
Credit Committee Member Participate on the Committee
29
FRAUD
• SAS 99 auditor’s responsibility for fraud detection
– Auditors have a responsibility to plan and perform the
audit to obtain reasonable assurance about whether
the financial statements are free of material
misstatement, whether caused by error or fraud
• SAS 99 management’s responsibility with respect to
fraud
©2011 LarsonAllen LLP
– Management continues to be responsible for
designing and implementing company internal
controls to prevent, deter, and detect fraud.
30
FRAUD
Why Fraud Occurs:
Three conditions generally are present when fraud
occurs:
©2011 LarsonAllen LLP
• Incentive/pressure -- reason to commit fraud.
• Opportunity -- absence of controls, ineffective controls,
ability of management to override controls.
• Rationalize/attitude -- individual possesses a character
or set of ethical values that allows them to commit fraud.
31
EMBEZZLEMENT FORMULA
©2011 LarsonAllen LLP
MOTIVE
+
OPPURTUNITY
(The Control Environment)
+
RATIONALIZATION
=
EMBEZZLEMENT
32
How Fraud is Discovered
External Auditor
Anonymous Letter
Accident
Notified by Customer
Mgmt. Investigation
Internal Audit
Notified by Emp.
0.00%
33
10.00% 20.00% 30.00% 40.00% 50.00% 60.00%
©2011 LarsonAllen LLP
Internal Controls
FRAUD POLICY
Creating an Ethical Organization Culture
• Setting the tone at the top. KEY!!!
34
Establishing a code of conduct.
Creating a positive workplace environment.
Hiring and promoting ethical employees.
Providing ethics training.
Set policies to detect fraud.
Disciplining and prosecuting violators.
Supervisory Committee oversight to
compliance with above.
ensure
©2011 LarsonAllen LLP
•
•
•
•
•
•
•
– Looking at fraud occurrences over the years, this was a major
factor.
Risk Management
©2011 LarsonAllen LLP
Risk Categories
• Credit Risk
• Interest Rate Risk
• Liquidity Risk
• Transaction (Operating or Fraud) Risk
• Compliance Risk
• Strategic Risk
• Reputation Risk
35
Risk Management
The Board of Director’s Role
• Set policy
• Authorize risk containment controls
• Approve budget/funding for ongoing risk
management
skills training or hiring
• Participate in strategic and reputation risk
management processes
36
©2011 LarsonAllen LLP
• Participate in centralized oversight and monitoring
Risk Management
The Supervisory Committee’s Role
• Determine that compliance is occurring by
either:
– Committee Overview
– Internal Audit Review
– Outside Contract Review
©2011 LarsonAllen LLP
Helping to prevent embarrassment or lawsuits
37
Top 10 Reasons Directors get SUED!
Approving self-serving, improvident or excessive loans
Failing to comply with regulatory directives
Failing to supervise management properly
Failing to authorize and conduct periodic audits
Failing to assess internal control effectiveness
Authorizing improper payments or expenses
Improperly maintaining and monitoring liquidity reserve
requirements
8. Failing to attend meetings on regular basis
9. Extending too much investment in a limited area
10. Failing to exercise independent judgment
38
©2011 LarsonAllen LLP
1.
2.
3.
4.
5.
6.
7.
What to Expect from NCUA Exams
– OIG Capping Report on Material Loss Reviews –
November 23, 2010
– OIG Semiannual Report to Congress –
September 30, 2010 & March 31, 2011
39
©2011 LarsonAllen LLP
NCUA has taken a lot of criticism by outside parties
• Class action lawsuit by a group of credit unions as
a result of the corporate losses and the overall
effect to the share insurance fund and
assessments. (ALCOA Tennessee FCU)
• Office of Inspector General (OIG) of NCUA Reports
(www.ncua.gov.oig):
Credit Union Failures: Lessons Learned
• NCUA OIG Reports Reasons for Recent Failures:
Poor Strategic Planning and Decision Making
Inadequate Internal Controls and Policies
Fraud
Lack of Follow-Up on Exceptions Noted in Outside
Reports
• Other Related Causes – Inadequate capital,
excessive growth, concentration issues associated
with deteriorating economics
• Aggressive underwriting decisions and practices
• Weak oversight of third party vendors
40
©2011 LarsonAllen LLP
–
–
–
–
Current Examination Trends
©2011 LarsonAllen LLP
• Significant increases in number of Documents of
Resolutions (DOR)
• Increase in length and bullet points in DOR
• Increases in number of net-worth restoration
plans NWRP – (pursuant to 702.206 Rules and
Regulations “RR”)
41
Future Exams Will Be “EVEN MORE”Risk
Focused
Anything that potentially could cause risks
will be reviewed
• NCUA Letter 11-CU-03 addressed some of these
areas
©2011 LarsonAllen LLP
– Credit Risk – concerns with real estate values, loan
delinquencies, and underwriting
– Interest Rate Risk – as a result of increase in long term
assets (New – R + R section 741.B)
– Concentration Risk – Do not put all your eggs in one
basket
42
Federal Examiners Will Be Looking For…..
• Additional Items in these Areas:
©2011 LarsonAllen LLP
– Third Party Reporting
– Updated Policies & Procedures
– Internal Control Testing
– Regulatory Compliance
43
If your examiner has
not asked before,
expect them to ask
for any and all
outside reports that
you have received.
This effort is a
result of OIG report
findings.
44
©2011 LarsonAllen LLP
Third Party Reporting
Third Party Reporting - NCUA Required
• Audit reports and Workpapers - RR Part 715
• Verification of Members Accounts and Workpapers – RR Part
715
• Third Party Validation of Assumptions on Asset Liability Models –
RR Part 741 / Letter CU -03-11
• BSA Examination Reporting and Testing -RR Part 748.2
• SAS-70 Reports on Critical Vendors and How Client Control
Considerations are being addressed by the Credit Union - RR
Part 748
• Investment Shock Reports - RR Parts 741 and 703
• Website Compliance Review – RR Part 740
• Disaster Recovery Tests – RR Part 748
• Red Flag Compliance Review - RR Part 717 Appendix J
45
©2011 LarsonAllen LLP
Expect them to ask for your:
Third Party Reporting – Other Requirements
©2011 LarsonAllen LLP
• ACH, ATM-TG-3, and PCI Compliance Reports (even
though they are not necessarily required to be filed with
outside third parties)
• ACH- Risk Assessment (new in 2010)
• Market Value Analysis on Mortgage Loan Portfolio
• FHA – Title II – Lender – Annual LAAS Filing
• Abandoned Property Reporting and any related state audit
reports
46
Third Party Reporting – Best Practices
©2011 LarsonAllen LLP
• Penetration Testing / Internal Vulnerability
Assessment
• Enterprise Risk Assessments
• Business Impact Analysis
• Information Security Risk Review
• Abandoned Property Reporting and any related
state audit reports
• VISA Instant Card Issue Self Audit Form
47
Policies & Procedures
•
•
•
•
•
48
Security Policies & Procedures – RR 748
Appraisal Policy (NCUA Guidelines 12-2-2010) – RR 722
Vendor Due Diligence Policy – RR 748
Loan Participation Policy – RR 701.22
Allowance for Loan Loss Policy – to comply with new
NCUA requirements (July 2011 Board Review Date) &
FASB audit disclosure requirements. – RR 702
©2011 LarsonAllen LLP
You will be asked to provide the following
policies and how monitoring for compliance is
performed in some of the following areas. A lot of
these requests may be new.
Policies & Procedures
©2011 LarsonAllen LLP
• TDR and Loan Modification Policy – Letter 09-CU-19
• Charge-Off Policy – RR 741.201 C 5
• Identity Theft Detection Prevention Policy – RR 717
Appendix F-I
• Member Business Loan Policy – Risk Policy - RR 723
• General Authority and Duties of Directors Policy – RR
701.4
• Ethics Policy – Article XIX Section 4 of by-laws / RR 703.17
• IRR Policy – RR 741.B
49
Internal Control Testing
• Quarterly Independent Review of Employees and Officials
Accounts (Supervisory Committee review)
• Loan Due Date Change Reporting Monitoring
• Wire Transfer Control Testing
• Documentation of Board Financial Literacy Training
• Control and Monitoring of Dormant Account Activity
• Signed Fraud / Internet Use and Ethics Policy Statements
(annual update)
50
©2011 LarsonAllen LLP
Other new requests that examiners are frequently
asking to see or requesting that Credit Unions
implement:
Credit Unions Face Compliance Tidal Wave
©2011 LarsonAllen LLP
Consumer Financial Protection Bureau
will only increase this focus
51
Regulatory Compliance Requirements
That Examiners Will Be Looking For
©2011 LarsonAllen LLP
Safe Act
• Have mortgage loan originators properly registered
in compliance with NCUA Safe Act Regulations?
• Does the Credit Union have written policies and
procedures that address requirements if they
originate mortgage loans?
52
Regulatory Compliance Requirements
That Examiners Will Be Looking For (Continued)
Dodd-Frank Act
• Change in rating agencies
• Appraisals – compliance with new NCUA letter to
Credit Unions – December 2, 2010
• Debit Interchange Fees
• Executive Compensation Disclosures
• Home Mortgage Disclosure Act (HDMA) updated
©2011 LarsonAllen LLP
– 12 new data collection requirements
53
The Safe Act and Dodd-Frank Act are just two of the
many compliance areas coming into focus this year.
©2011 LarsonAllen LLP
If you do not conduct a periodic
compliance review, you could be
quickly out of compliance and
subject to fines and penalties.
54
Supervisory Committee Responsibilities
How can the supervisory
responsibilities best be met?
committee’s
©2011 LarsonAllen LLP
• Participation on Committee by Individuals with
Adequate Expertise
• Significant individual contribution of time
• Hire and supervise internal auditor
• Hire and manage external auditor
55
BE AWARE OF AND RESPOND TO CREDIT
UNION MARKET PLACE ISSUES
•
•
•
•
©2011 LarsonAllen LLP
•
MARKET PLACE ISSUES
New services or Products
New Delivery Methods for Services and
Products
New or Expanded Fields of Membership
Continual Expansion of Electronic Information
Systems
Changing Regulatory Focus
56
Understand National Trends
©2011 LarsonAllen LLP
• Related to Audit Committees for Public
Companies and the Public Company Accounting
Oversight Board (PCAOB) as these trends could
filter down.
57
58
©2011 LarsonAllen LLP
Piling It On by Sarah Johnson
While it is rare to see companies give audit committees primary responsibility for
overseeing their overall risks, a new Securities and Exchange Commission rule
requiring companies to explain their board’s role in overseeing risk has prompted
some companies “to delegate this role to the audit committee in order to avoid
embarrassing disclosure that they didn't have a risk oversight in place” says Frederick
Lipman, a partner at Blank Rome and president of the Association of Audit
Committee Members.
This change doesn’t sit well with more-traditionally minded audit committee
members, who believe oversight of enterprise risk management should rest with the
full board. Some audit committee, for example, have been asked to weigh in on
corporate pay practices, following new SEC rules asking for explicit discussion about
the risks that compensation structures might incentivize.
Audit committees may, in fact, see their mandates increase even further,
thanks to a proposed rule from the Public Accounting Oversight Board (PCAOB). In
practice, corporate finance executives play a significant role in communications with
the audit firm – a habit the new rule would curb. To emphasize independence and
encourage a culture in which auditors answer to audit committees rather than
management, the proposal would have auditors indicate whether two-way
communication is occurring between them and the audit-committee members, and
access how well management communicates accounting issues to audit-committee
members.
SARAH JOHNSON (SARAH JOHNSON@CFO.COM) IS A SENIOR EDITOR FOR REGULATION AT CFO.
59
©2011 LarsonAllen LLP
This is from the October 2010 issue of CFO Magazine.
60
LLP
©2011
©2011LarsonAllen
LarsonAllenLLP
Questions?
Contact Us
• Dean Rohne, CPA, CIA
Principal, LarsonAllen
– drohne@larsonallen.com
– 800/657-4477
Follow our blog for current
discussions on health care.
www.larsonallen.com/blog
www.twitter.com/larsonallen
www.twitter.com/larsonallenhc
www.facebook.com/larsonallen
www.linkedin.com/companies/
larsonallen
©2011 LarsonAllen LLP
– www.larsonallen.com/credi
tuions
61
Related documents
UCSB Accounting Association
UCSB Accounting Association
UCSB Accounting Association 32nd Annual Awards Banquet
UCSB Accounting Association 32nd Annual Awards Banquet
Fact or Fiction: Hear from Experts in the Field on the Tax Subjects
Fact or Fiction: Hear from Experts in the Field on the Tax Subjects
Ms. Whitney F. Barton`s Curriculum VITAE
Ms. Whitney F. Barton`s Curriculum VITAE
Decanting of Liquid Nitrogen (LN2)
Decanting of Liquid Nitrogen (LN2)
SCHOOL OF BUSINESS PETER LOHREY Accounting, Law and
SCHOOL OF BUSINESS PETER LOHREY Accounting, Law and
Download
advertisement