Upload
lamnguyet
View
215
Download
1
Embed Size (px)
Citation preview
What Are Your Auditors Doing?
CARRIE KENNEDY, PARTNERDUSTIN BIRASHK, PARTNER
Disclaimer
The material appearing in this presentation is for informational purposes only and should not be construed as advice of any kind, including, without limitation, legal, accounting, or investment advice. This information is not intended to create, and receipt does not constitute, a legal relationship, including, but not limited to, an accountant‐ client relationship. Although this information may have been prepared by professionals, it should not be used as a substitute for professional services. If legal, accounting, investment, or other professional advice is required, the services of a professional should be sought.
2
Is a Financial Statement Audit Required?
• Yes, if your credit union is federally insured with assets of $500 million or more
• If your credit union is federally chartered with assets of more than $10 million but less than $500 million, you have four options:• As stated above.• An opinion audit on the credit union’s balance sheet performed by an
independent accountant licensed by the state or jurisdiction in which the audit is conducted.
• An examination of internal controls over call reporting conducted by an independent accountant licensed by the state or jurisdiction in which the audit is conducted.
• A supervisory committee audit that meets the minimum requirements of this.
3
What is an opinion audit?
Can only be done by a licensed CPA
Results in CPA expressing an opinion on fairness of the credit union’s financial statements
Places responsibility on the auditor to follow generally accepted auditing standards (GAAS)
Highest level audit engagement possible
4
Non‐Opinion Exam
• What is a non‐opinion exam?• Work can be done by a CPA or someone else• Engagement letter should be issued outlining the procedures to be
completed• Procedures must be sufficient to meet the minimum requirements of
the NCUA• There is no opinion expressed on the financial statements or
conformity to generally accepted accounting principals (GAAP)• A report is issued that describes procedures performed and
observations and recommendations• Less expensive than an opinion audit• Most appropriate for smaller credit unions with clean and basic
operations
5
Engagement Letters Are Required
• Chapter 5 of the SC Guide states that engagement letters must contain the following:
• Specify the terms, conditions, and objectives of the engagement.• Identify the basis of accounting to be used (examples: GAAP vs.
regulatory accounting practices (RAP)).• Specify the rate of, or total, compensation to be paid for the audit.• Upon completion of the engagement, the auditor will deliver a written
audit report to the supervisory committee.• Notice in writing, either within the audit report or a separate report, of
any internal control reportable conditions and/or irregularities or illegal acts that come to the auditor’s attention during the normal course of the audit.
• Specify a target date of delivery of the written reports.
6
What is an audit?
The auditor is responsible for performing the audit in accordance with GAAS and that the audit is designed to obtain reasonable, rather than absolute, assurance…
What does “reasonable assurance” mean???
7
What is an audit?
The auditor is responsible for performing the audit in accordance with GAAS and the audit is designed to obtain reasonable, rather than absolute, assurance….about whether the financial statements as a whole are free from material misstatement.
What does “free from material misstatement” mean???
8
Audit Plan: Where to focus and utilize resources?
Risk‐based audit approach• Where are the risks?
• ALLL and Impaired loans• Other Real Estate Owned• Investments• Internal controls over financial reporting• Other areas
9
Audit Plan: Where to focus and utilize resources?
You know what to test, but HOW do auditors test?
• Internal control reliance• System reliance on 3rd party payroll processor• Testing sample of originated loans to ensure proper approval,
underwriting, disbursement, and boarding into the loan sub‐ledger
• Substantive analytical review procedures• Testing interest expense through developing an independent expectation
of cost of funds using peer yields and actual average deposit balances of the CU
• Tests of details• Sending confirmations for cash balances to correspondent institutions• Vouching proceeds for sales of OREO properties
10
Internal Control Considerations in an Audit
“Don’t you test our internal controls?”• Yes and no!
Fun fact: Auditing standards do not require the test of internal controls.
The auditor is required to obtain an understanding of internal control relevant to the audit when identifying and assessing the risks of material misstatement.
11
Internal Control Considerations in an Audit
Deficiency in internal control. A deficiency in internal control exists when the design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent, or detect and correct, misstatements on a timely basis.
Are all deficiencies of the same severity?
12
Internal Control Considerations in an Audit
Material weakness. A deficiency, or a combination of deficiencies, in internal control, such that there is a reasonable possibility that a material misstatement of the entity’s financial statements will not be prevented, or detected and corrected, on a timely basis.
Significant deficiency. A deficiency, or a combination of deficiencies, in internal control that is less severe than a material weakness yet important enough to merit attention by those charged with governance.
13
Internal Control Weakness Indicators
Complex business arrangements that you
can’t understand
Last‐minute transactions that
result in improvement in
financial performance
Change in estimates that are hard to understand
Frequent differences between management
and the auditors
Management not receptive or
responsive to auditor or regulator findings
Failure to enforce the credit union’s code of
conduct
14
Internal Control Weakness Indicators
Failure by management to display and communicate an appropriate attitude regarding internal control
High turnover of senior
management
Rapid changes in the industry
Unusually rapid growth
or profitability compared with other
credit unions
15
Common Internal Control Audit Findings
• Employee accounts and related accounts not reviewed• Person performing reconciliation should be looking for
unusual items—not just wanting to make it balance• Investment account reconciliations prepared by same
individual who authorizes or initiates transactions• Same person can both produce a check and make journal
entries• Not all suspense and clearing accounts are reconciled and
reviewed
16
• Person reviews extensions, but doesn’t have full population• Person reviews loans, but doesn’t select from full population• Payroll duties concentrated in one individual, who receives
and files the payroll journals• Policies in place but not being followed• Network administrator account shared by several employees• No review of system access levels
17
Common Internal Control Audit Findings
What about fraud?
18
• Auditing standards require the consideration of fraud during a financial statement audit.
• During the planning phase, auditing standards require a discussion among the audit team to determine:• How may fraud occur?• Where in the financial statements is there a risk for
fraud?• How could management perpetrate and conceal
fraudulent financial reporting?• How could assets of the entity be misappropriated?
What about fraud?
19
• Required audit procedures• Brainstorming discussion• Inquiries of management and others within the CU• Unpredictable procedures to test for fraud:
• Test low materiality risk accounts or transactions• Use different sampling methods to identify items not
normally selected• Adjust timing of audit procedures from normal• Perform audit procedures at different locations
• Test journal entries:• Understand business purpose, timing, underlying controls,
and CU personnel surrounding the entries.
What about fraud?
• The Association of Certified Fraud Examiners (ACFE) completes a report every two years summarizing the key characteristics of fraud.
• The most recent report is from 2014.
• The following are excerpts from that summary(total of 1,483 cases, worldwide)
Industry of victim organizations
Source: ACFE 2014 Report to Nations FIGURE 22
MOST COMMON FRAUD ‐ frequency
Source: ACFE 2014 Report to Nations
Initial detection of fraud
Initial Detection of Occupational FraudsTip: 42.2%
Management Review: 16.0%Internal Audit: 14.1%
By Accident: 6.8%Account Reconciliation: 6.6%Document Examination: 4.2%
External Audit: 3.0%IT Controls: 1.1%
Source: ACFE 2014 Report to Nations
Source of fraud tips
Source: ACFE 2014 Report to Nations FIGURE 13
25
• Verifications; Loan File Review; Review of past due loans, TDRs, impaired loans; Review of allowance calculation; Revenue Recognition
Loans and Allowance
• Confirm safekeeping; Independent valuation test; Evaluate for OTTI; Premiums and Discounts
Investments
• Verification; revenue recognition; classificationShares
Critical Audit Areas
Critical audit areas
26
• Review examination report; Review any other regulatory correspondence for financial reporting impact
Regulatory Matters
• Test for ownership; review of outside appraisals for valuation; testing of sales
Other Real Estate Owned
• Subsequent events; Mergers; Non‐interest income and expenseOther Areas
Areas for Internal Audit Assistance
Member verification•Population•Reconciliation
Alternative Procedures•Gather information•Member discrepancies
Loans and
SharesWalk‐throughs•Scheduling•Samples
Information technology•Systems overview
Internal Controls Confirmations
•Accumulation•New cash, borrowing, investment, COLI accounts
Regulatory reports, internal audit reports, and finding tracking/monitoring
Other Areas
27
The audit is complete. Now what?Meet with the auditors…questions to ask:
What are the significant accounting policies?
Did the credit union select the accounting policies that were most appropriate, given the options?
What are management’s judgments and estimates that affect the financial statements? Any bias noted?
Did you have to post any significant audit adjustments?
Were there any waived adjustments?
Did you have any disagreements with management?
28
The audit is complete. Now what?Meet with the auditors…questions to ask:
Did you encounter any difficulties in conducting the audit?
Are there significant risks that management is not addressing?
Were there any significant control findings?
What did you perform as unpredictable procedures as part of the audit this year?
Are there any potential internal control issues discussed with management that didn’t end up in your written report?
If you had to mention one thing that could improve the effectiveness of the audit, what would it be?
29
Final Thoughts • Keep up to date on changes in your credit union:
• New products and services being offered to membership• Credit quality trends within the loan portfolio• Changes in field of membership• Important issues being discussed by Board and Supervisory Committee• Mergers, key personnel changes, new investments• Technology changes• New accounting and reporting standards• Rapid growth• Ask external and internal auditors how they have addressed any
resulting new risks from these changes in their audit plans
30
Don’t always believe something because someone says so!
31
Questions?
Carrie Kennedy, Assurance PartnerMoss Adams LLP509‐777‐[email protected]
Dustin Birashk, Assurance PartnerMoss Adams LLP425‐303‐[email protected]
32
References/Resources
• Supervisory Committee Guide (www.ncua.gov)• Federal Credit Union Act/Bylaws, Rules, and Regulations
(www.ncua.gov)• cutimes.com• Association of Credit Union Internal Auditors (www.acuia.org)• AU‐C 240, 260, and 265• Association of Certified Fraud Examiners Report to the Nation
on Occupational Fraud & Abuse www.acfe.com
33
Thank you!