Audit Process
advertisement
Internal Audit Process Credit Union Internal Auditing from the Ground Up John Gallagher, SEFCU (New York) Barry Lucas, Internal Auditor Desco FCU (Ohio) Director Internal Audit Pat Richey, Director Internal Audit Finance Center FCU (Indiana) ACUIA Conference 6/14/2011 1 Serving Many Masters Internal Audit Definition Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. ACUIA Conference 6/14/2011 2 Serving Many Masters Role Independence and Objectivity Assurance and Consulting Add Value and Improve Services Systematic and Disciplined Reporting Structure ACUIA Conference 6/14/2011 3 SEFCU Organizational Chart Members Board Committees (ALCO, Governance, CEO Compensation) Board of Directors (13 members) CUSOs Chief Administrative Officer Chief Financial Officer Supervisory Committee (4 Members) President/CEO Chief Banking Officer Internal Audit Chief Marketing Officer President Commercial Services Chief Technology Officer ORM Accounting Finance Branch Network Marketing Commercial Lending IT HR Collections Call Center e-Services Business Accounts Facilities Ops Support Lending CRM Barb Hess Chief Administrative Officer John Anderson EVP, Organizational Risk Management John Gallagher Director of Internal Audit Donna Chardeen Director of Regulatory Compliance and Fraud Mitigation Dennis Whiteford Internal Auditor Suzanne Alderman Fraud/Loss Mitigation Rachael Martin Internal Auditor Christine Wheeler Compliance Analyst Chrisopher Duwe Director of Business Continuity, Safety, and Security Kirsten LeBlanc Contracts Administrator Jeffrey Bregenzer Commercial Loan Review Officer ACUIA Conference 6/14/2011 5 ACUIA Conference 6/14/2011 6 Serving Many Masters Responsibilities o Internal Audit Charter o Supervisory/Audit Committee Charter o Job Descriptions o Audit Staff Structure ACUIA Conference 6/14/2011 7 Serving Many Masters Relationships and Politics Management Employees ACUIA Conference 6/14/2011 8 Serving Many Masters Relationships Supervisory & Audit Committees Board of Directors ACUIA Conference 6/14/2011 9 Serving Many Masters Relationships External Auditors Regulators ACUIA Conference 6/14/2011 10 Serving Many Masters QUESTIONS ? ACUIA Conference 6/14/2011 11 Performing Audit Work Where Do I Start? Risk Assessment Audit Universe Models Risk Priority ACUIA Conference 6/14/2011 12 Performing Audit Work Where Do I Start? • Business/Audit Plan ACUIA Conference 6/14/2011 13 Performing Audit Work Where Do I Start? • Audit Scheduling • Distractions – – – – Fraud Investigation New Products / Services Training / Vacations Turn over ACUIA Conference 6/14/2011 14 Performing Audit Work Objectives - broad statements - risks Scope - who - what - when - where ACUIA Conference 6/14/2011 15 Performing Audit Work Audit Program - written procedures - interview questions - collecting information - testing, sampling - analyzing - evaluation ACUIA Conference 6/14/2011 16 Performing Audit Work Workpapers - support findings - restricted access - retention - testing, sampling - analyzing - evaluation ACUIA Conference 6/14/2011 17 Performing Audit Work QUESTIONS ? ACUIA Conference 6/14/2011 18 Communications and Follow Up Audit Reports Management & Internal Audit need to agree up front • Findings • Recommendations • Report Structure • Who gets them? ACUIA Conference 6/14/2011 19 Communications and Follow-Up Follow-Up • Follow-up Audits • Monitoring results • Implementation of recommendations If you do not do this – Nothing happens! ACUIA Conference 6/14/2011 20 Communications and Follow-Up Supervisory / Audit Committee Meetings • Frequency • Structure • Agenda ACUIA Conference 6/14/2011 21 Communications and Follow-Up QUESTIONS ? ACUIA Conference 6/14/2011 22 Tools and Resources Technology Paperless auditing Internet tools Analytical review using audit software ACUIA Conference 6/14/2011 23 Tools and Resources Basic Internal Controls - COSO Credit Union Objectives - Operations - Financial Reporting - Compliance Internal Control Components - Control Environment - Risk Assessment - Control Activities - Information and Communication - Monitoring ACUIA Conference 6/14/2011 24 Tools and Resources Enterprise Risk Mgmt - COSO Credit Union Objectives - Operations - Financial Reporting - Compliance - Strategic ERM Components - Internal Environment - Objective Setting - Event Identification - Risk Assessment - Risk Response - Control Activities - Information and Communication - Monitoring ACUIA Conference 6/14/2011 25 Tools and Resources International Standards for the Professional Practice of Internal Auditing - Attribute Standards - Performance Standards - Quality Assurance Review ACUIA Conference 6/14/2011 26 Tools and Resources Control Self-Assessment Management Buy In Business Objectives Identify Risks Gather Best Practices Provide Documents ACUIA Conference 6/14/2011 27 Tools and Resources Resources Professional Journals - IIA, ACFE, ISACA Professional Standards - COBIT - GTAGs Current Issues of Internal Auditing – Governance Websites - Credit union industry, regulatory, professional ACUIA Conference 6/14/2011 28 Audit Professionalism Certification - CIA – Common Body of Knowledge - CFE - CUCE, NCCO - CISA - CPA - CFSA ACUIA Conference 6/14/2011 29 Audit Professionalism Training - Conferences / Seminars - Local Chapters - Webinars / Teleseminars - Compliance Schools ACUIA Conference 6/14/2011 30 Audit Professionalism ACUIA Website Message Forum Membership Directory Audit Guide The Audit Report magazine Lending Library Conferences, seminars ACUIA Conference 6/14/2011 31 Tools and Resources QUESTIONS ? ACUIA Conference 6/14/2011 32
