Audit Process

advertisement
Internal Audit Process
Credit Union Internal Auditing
from the Ground Up

John Gallagher,


SEFCU (New York)
Barry Lucas, Internal Auditor
Desco FCU (Ohio)


Director Internal Audit
Pat Richey,
Director Internal Audit
Finance Center FCU (Indiana)
ACUIA Conference 6/14/2011
1
Serving Many Masters
Internal Audit Definition
Internal auditing is an independent, objective
assurance and consulting activity designed to
add value and improve an organization's
operations. It helps an organization accomplish
its objectives by bringing a systematic,
disciplined approach to evaluate and improve
the effectiveness of risk management, control,
and governance processes.
ACUIA Conference 6/14/2011
2
Serving Many Masters
Role





Independence and Objectivity
Assurance and Consulting
Add Value and Improve Services
Systematic and Disciplined
Reporting Structure
ACUIA Conference 6/14/2011
3
SEFCU Organizational Chart
Members
Board Committees
(ALCO, Governance, CEO Compensation)
Board of Directors
(13 members)
CUSOs
Chief
Administrative
Officer
Chief Financial
Officer
Supervisory Committee
(4 Members)
President/CEO
Chief Banking
Officer
Internal Audit
Chief
Marketing
Officer
President
Commercial
Services
Chief Technology
Officer
ORM
Accounting
Finance
Branch Network
Marketing
Commercial
Lending
IT
HR
Collections
Call Center
e-Services
Business Accounts
Facilities
Ops Support
Lending
CRM
Barb Hess
Chief Administrative Officer
John Anderson
EVP, Organizational Risk Management
John Gallagher
Director of Internal Audit
Donna Chardeen
Director of Regulatory Compliance and Fraud Mitigation
Dennis Whiteford
Internal Auditor
Suzanne Alderman
Fraud/Loss Mitigation
Rachael Martin
Internal Auditor
Christine Wheeler
Compliance Analyst
Chrisopher Duwe
Director of Business Continuity, Safety, and Security
Kirsten LeBlanc
Contracts Administrator
Jeffrey Bregenzer
Commercial Loan Review Officer
ACUIA Conference 6/14/2011
5
ACUIA Conference 6/14/2011
6
Serving Many Masters
Responsibilities
o Internal Audit Charter
o Supervisory/Audit Committee Charter
o Job Descriptions
o Audit Staff Structure
ACUIA Conference 6/14/2011
7
Serving Many Masters
Relationships and Politics
 Management
 Employees
ACUIA Conference 6/14/2011
8
Serving Many Masters
Relationships

Supervisory & Audit Committees

Board of Directors
ACUIA Conference 6/14/2011
9
Serving Many Masters
Relationships

External Auditors

Regulators
ACUIA Conference 6/14/2011
10
Serving Many Masters
QUESTIONS ?
ACUIA Conference 6/14/2011
11
Performing Audit Work
Where Do I Start?
Risk Assessment
Audit Universe
Models
Risk Priority
ACUIA Conference 6/14/2011
12
Performing Audit Work
Where Do I Start?
• Business/Audit Plan
ACUIA Conference 6/14/2011
13
Performing Audit Work
Where Do I Start?
• Audit Scheduling
• Distractions
–
–
–
–
Fraud Investigation
New Products / Services
Training / Vacations
Turn over
ACUIA Conference 6/14/2011
14
Performing Audit Work
Objectives
- broad statements
- risks
Scope
- who
- what
- when
- where
ACUIA Conference 6/14/2011
15
Performing Audit Work
Audit Program
- written procedures
- interview questions
- collecting information
- testing, sampling
- analyzing
- evaluation
ACUIA Conference 6/14/2011
16
Performing Audit Work
Workpapers
- support findings
- restricted access
- retention
- testing, sampling
- analyzing
- evaluation
ACUIA Conference 6/14/2011
17
Performing Audit Work
QUESTIONS ?
ACUIA Conference 6/14/2011
18
Communications and Follow Up
Audit Reports
Management & Internal Audit need to agree up front
• Findings
• Recommendations
• Report Structure
• Who gets them?
ACUIA Conference 6/14/2011
19
Communications and Follow-Up
Follow-Up
• Follow-up Audits
• Monitoring results
• Implementation of recommendations
If you do not do this – Nothing happens!
ACUIA Conference 6/14/2011
20
Communications and Follow-Up
Supervisory / Audit Committee Meetings
• Frequency
• Structure
• Agenda
ACUIA Conference 6/14/2011
21
Communications and Follow-Up
QUESTIONS ?
ACUIA Conference 6/14/2011
22
Tools and Resources
Technology

Paperless auditing

Internet tools

Analytical review using audit
software
ACUIA Conference 6/14/2011
23
Tools and Resources
Basic Internal Controls - COSO

Credit Union Objectives
- Operations
- Financial Reporting
- Compliance
 Internal Control Components
- Control Environment
- Risk Assessment
- Control Activities
- Information and Communication
- Monitoring
ACUIA Conference 6/14/2011
24
Tools and Resources
Enterprise Risk Mgmt - COSO

Credit Union Objectives
- Operations
- Financial Reporting
- Compliance
- Strategic
ERM Components
- Internal Environment
- Objective Setting
- Event Identification
- Risk Assessment
- Risk Response
- Control Activities
- Information and Communication
- Monitoring
ACUIA Conference 6/14/2011
25
Tools and Resources
International Standards for
the Professional Practice of
Internal Auditing
- Attribute Standards
- Performance Standards
- Quality Assurance Review
ACUIA Conference 6/14/2011
26
Tools and Resources
Control Self-Assessment





Management Buy In
Business Objectives
Identify Risks
Gather Best Practices
Provide Documents
ACUIA Conference 6/14/2011
27
Tools and Resources
Resources

Professional Journals
- IIA, ACFE, ISACA

Professional Standards
- COBIT
- GTAGs

Current Issues of Internal Auditing – Governance

Websites
- Credit union industry, regulatory, professional
ACUIA Conference 6/14/2011
28
Audit Professionalism

Certification
- CIA – Common Body of Knowledge
- CFE
- CUCE, NCCO
- CISA
- CPA
- CFSA
ACUIA Conference 6/14/2011
29
Audit Professionalism

Training
- Conferences / Seminars
- Local Chapters
- Webinars / Teleseminars
- Compliance Schools
ACUIA Conference 6/14/2011
30
Audit Professionalism
ACUIA
 Website
 Message Forum
 Membership Directory
 Audit Guide
 The Audit Report magazine
 Lending Library
 Conferences, seminars

ACUIA Conference 6/14/2011
31
Tools and Resources
QUESTIONS ?
ACUIA Conference 6/14/2011
32
Download