w. samuel capuano manager of internal audit sunmark fcu 518-347-3156 [email protected] 1
TRANSCRIPT
OverviewCreating the IA FunctionManaging the IA FunctionEvaluating the CAE
2
EnclosuresACUIA Internal Audit Shop ToolsAudit Charter
3
Creating the IA FunctionDoes the CU need an IA Dept.?NCUA SC Guide 6.01Large CU’s/complex operationsBenefits of IA to the CUMaking the argument
4
Creating the IA FunctionWho to hire?NCUA SC Guide 6.05Sharing?“Qualified Individual”From within?Other FI AuditorExternal Auditor/Examiner
5
Creating the IA FunctionCandidate qualificationsNCUA SC Guide 6.05Academic credentials and/or technical training/proficiencyCommitment to CPEWell developed communication skillsIndependence
6
Creating the IA FunctionCAE on the Org ChartIndependence IssueNCUA AIRES Q#1Direct report to SCFree from BOD & Mgmt. undue influence
7
Creating the IA FunctionCAE on the Org Chart, cont’dFunctional report to SCDotted (administrative) line to?Proper authority for CAE?Under management’s thumb?
8
Creating the IA FunctionAudit Charter1st order of businessDocument independenceDocument reporting structureFull, free, unrestricted access (to
everything!)Confidentiality!
9
Creating the IA Function
10
Creating the IA FunctionCharter, cont’dCEO notificationSC approvalBOD meetingBoth chairs’ signatures
11
Creating the IA FunctionAudit PlanCAE meetings with EMTMateriality determination
12
Creating the IA Functionvvgg
13
VS.
Creating the IA Function
Audit Program SourcesACUIA Interactive Audit GuideNCUA AIRES ChecklistsSubscription Services
14
Creating the IA FunctionEmployee RelationsCU existed beforeThey may not like usSC assistance
15
Creating the IA Function
16
Creating the IA Function
17
Creating the IA FunctionFirst Audit!Prior CAE communication of processAudit Report formatGrading system
18
Managing IA
19
Managing IASC performing IA tasks?Duplication of effortsTransition outSC’s decision
20
Managing IASC MeetingsFrequency(New?) FormatWho sets agenda
21
Managing IASC MonitoringCAE GoalsSC – CAE ongoing communicationOpen lines of communication
22
Managing IAReports to SCIA Reports/ResponsesSystem ReportsExternal AuditsOthers?
23
Managing IARFP’sExternal Financial Statement AuditsSystem Vulnerability AssessmentsOther outsourcedIA researchSC approval
24
Evaluating IA
25
Evaluating IACAE Performance EvaluationWhose responsibilityManagement input?Goals establishmentNCUA/External Audit IA comments
26
Evaluating IAStatus UpdatesQuarterly status of plan vs. actualAction item status
27
Evaluating IAAudit PlanAnnual presentation to SCSC approval4th quarter materiality assessment
28
Questions
29