| Subject: |
Bank Audit Policy |
In recent years, a bank's audit function has become increasingly
more important. Many elements of the business community have
come to rely on the adequacy of a bank's audit program as a
measure of the soundness of a bank. Scrutiny of the audit function
has increased tremendously in only a few years. Particular focus
on the audit program has been brought by the insurance industry
which is responsible for writing fidelity coverage for banks.
In recent years, some Michigan banks have had their fidelity
coverage cancelled because of a lack of or a deficient audit
program. This topic has been the subject of a previous bank
bulletin and remains of major concern today.
The Board of Directors is charged by law with the responsibility
of operating a bank in a safe and sound manner, and management
is charged with the responsibility for carrying out Board policies.
As defined by Bank Administration Institute in its "Statement
of Principle and Standards for Internal Auditing in the Banking
Industry":
"Internal auditing is that management function which
independently evaluates the adequacy, effectiveness and efficiency
of the systems of control within the organization and the quality
of ongoing operations."
As its primary responsibility, the bank's audit function should
provide reasonable assurance that assets are safeguarded, depositors
and shareholders protected, opportunities for irregularities minimized
and, when discovered, are eliminated promptly, operations are
efficient, and management operates the bank in compliance with
Board policy, laws, regulations, and sound financial principles.
The Financial Institutions Bureau believes that the banking
industry as a whole, along with its many depositors, shareholders,
creditors, as well as the general public will be better served
by the bank's Board of Directors assuming the initiative and
responsibility for the establishment of an audit program. Because
of this view, each Board of Directors is requested to formulate
a formal and comprehensive audit policy by December 31, 1978,
which will be subject to review during the course of the regular
examination. This policy should be maintained in the bank's
policy book and updated as the need arises. It should cover,
as a minimum, the following areas:
- The Board of Directors should designate an individual to
function as the bank's internal auditor or to supervise the
bank's audit function. Of primary importance in this decision
is the necessity for independence and continuity of operation.
- Establishment of general guidelines detailing the bank's
audit program which would necessitate the development of standards
as to:
- Frequency
- Intensity (Depth)
- Confirmation of Accounts
- Reporting
- Sufficiency of resources allocated to properly accomplish
the goals of the audit function.
- A requirement that written reports be made directly to the
Board of Directors or a committee thereof, on a monthly basis,
or more frequently if deemed necessary by the bank's auditor.
- A formal reporting procedure be established where management
shall be required to respond to significant audit findings
in writing.
- At least once a year, the auditor shall make a summary report
to the Board or to a committee thereof which describes his/her
role, function, findings, scope, etc., and which would include
an opinion on the overall condition of the bank's controls
and operation.
- A formal audit plan should be formulated which includes
a comprehensive review of the bank's internal controls and
operations and will summarize audit activities for the coming
year.
- A procedure established for a followup, review, or modification
in audit function on at least an annual basis.
In establishing an audit policy, the Board should make a decision
as to the type of audit function necessary to fulfill their objectives.
This may be accomplished by adopting any one or a combination
of the following:
- Hiring a technically competent internal auditor.
- Designation of an audit supervisor from within the bank's
staff.
- Engagement of a CPA to perform external (opinion) audits.
- Engagement of a CPA to perform directors' examinations.
- In the case of banks belonging to holding companies, the
engagement of holding company internal auditors to perform
a directors' examination.
In all of the above cases, the general guidelines as previously
indicated should be carefully adhered to. Independence in all
cases must be assured, and the scope, workpapers, engagement letters
(where appropriate) and all reports and management letters must
be made available to Bank and Trust examiners for their review.
All annual audit reports made to the Board of Directors including
comments and findings from both the internal and external auditors
must be available for review by Bank and Trust examiners.
The above requirements are considered to be a minimum necessary
for a realistic and operative audit policy. Excellent resources
are available through Bank Administration Institute to aid in
the development of this policy internally and from various CPA
firms for the total program. In particular, BAI's recent publication,
"Statements of Principle and Standards for Internal Auditing
in the Banking Industry.", contains many excellent ideas relating
to bank audit policy.
New examination procedures have been developed to insure compliance
with this bulletin.
| Signed: |
Richard J. Francis, Commissioner |
| |
Gifford Knudsen, Director, Bank & Trust Division |
| |
|
| Dated: |
September 18, 1978 |
|
Printer Friendly
Text Version 
Email Page
