INTERNAL AUDIT. Supervisory Examiner

Similar documents
National Risk Committee (NRC) Semiannual Risk Perspective. Fall 2015

Audit Planning PRESENTED BY: MICHAEL L. FORTMAN, CPA SENIOR MANAGER BROK A. LAHRMAN, CPA SENIOR MANAGER

FINANCIAL INSTITUTION GOVERNANCE AND REGULATION SERVICES EXPERTS WITH IMPACT

ANNEX B Illustrative U.S. Bank Regulatory Driven Board or Board Committee Review and Approval Items

South Carolina Risk Management Seminar 2015 Thursday, May 14, 2015 Columbia Metropolitan Convention Center, Columbia, South Carolina

FINRA E-Learning Courses

Return on Assets for Commercial Banks

Managing Lending Risk. Presented by: Carrie Kennedy, CPA, Partner Anthony Porter, CPA, Manager

HSBC USA INC. HSBC BANK USA, N.A. CHARTER OF THE COMPLIANCE AND CONDUCT COMMITTEE

Fiduciary Risk Range of Practice - April 2012

CHARTER PEOPLE S UNITED FINANCIAL, INC. ENTERPRISE RISK COMMITTEE

Dodd-Frank Act Company-Run Stress Test Disclosures

Legal and Compliance Risks: Hot Topics

Assessing Credit Risk

Annual Compliance Meeting On-Demand Course Segments

Today s Conversations for a Better Tomorrow: 5 Key Areas the Board and Directors Should Be Discussing

FedLinks. Connecting Policy with Practice. Expectations for Banks. How Examiners Assess the ALLL

Return on Assets for Commercial Banks

IT Risk in Credit Unions - Thematic Review Findings

Certified Enterprise Risk Professional (CERP) Test Content Outline

UPDATE: YELLOW BOOK EXPOSURE DRAFT James Dalkin NASACT Emerging Leaders Conference April 19, 2018

The Commercial Real Estate Lending Decision Process Series (RMA)

NACHA Third-Party Sender Certification Program Criteria

Aligning Risk Management with CU Business Strategy

Quantitative and Qualitative Disclosures about Market Risk.

Credit Union Trends and Risks: The NCUA Perspective

Accounting for Credit Losses, Where will the road end up?

Enterprise Risk Management

Tailored Solutions for Financial Institutions GALLAGHER FINANCIAL INSTITUTIONS PRACTICE

Enhanced Cyber Risk Management Standards. Advance Notice of Proposed Rulemaking

CHARTER PEOPLE S UNITED FINANCIAL, INC. ENTERPRISE RISK COMMITTEE

STRATEGIES FOR MANAGING RISKS FROM FRAUD TO CORRUPTION. April 11, 2017

2017 WEBINAR SCHEDULE Affordable training, when and where you choose

Risk Review Committee Charter

Prudential Standard GOI 3 Risk Management and Internal Controls for Insurers

Estimating Credit Losses: Evaluating Loss Emergence Period and Qualitative Factors

2016 BSA/AML/OFAC Training Series

Hosted By Mike Gallagher October 2017

CU PolicyPro Policy Guidance. March 2018

Financial Stability Report 2016

CHARTER OF THE RISK AND COMPLIANCE JOINT COMMITTEE OF THE BOARDS OF DIRECTORS OF FIFTH THIRD BANCORP AND FIFTH THIRD BANK

Bank Secrecy Act Errors & Exceptions: How Does Your Credit Union Compare?

Strategies for Successful Fraud Mitigation

NCUA Regulatory Update on ALM

ERM + STRATEGIC PLANNING. February 2016 IBAT

Delivering Clarity to Credit Unions Through Expertise and Experience

TRENDS IN ASSET QUALITY AVERAGE LEVEL OF ADVERSELY GRADED ASSETS

INFOCUS. A Fundamental Shift in Models Used for Estimating Loan-Loss Reserves. The Importance of Getting CECL Right BY WILLIAN LANG WITH RYAN CHAREST

CECL Update - What Should Your Bank Be Doing Right Now? Todd Sprang, Principal David Heneke, Principal

CAPITAL WORKPAPERS TO PREPARED DIRECT TESTIMONY OF GAVIN H. WORDEN ON BEHALF OF SOUTHERN CALIFORNIA GAS COMPANY BEFORE THE PUBLIC UTILITIES COMMISSION

Examiner Expectations for the Supervisory Committee

Compliance Perspectives

Data Governance Risk Calculation Forum. Challenges in Information Security Risk Analysis

TD Group US Holdings LLC TD Bank, National Association TD Bank USA, National Association

Eye on the Prize: Accounting s Impact on the Bottom Line Gina Anderson and Sara Dopkin. financial services

Scott Neat, Director of Supervision. NCUA Office of Examination and Insurance. CUNA CFO Conference. NCUA Current Issues May 19, 2014 Las Vegas, NV

Financial Literacy Mastery

Setting Policies at the Board Level Agenda

Equifax Data Breach: Your Vital Next Steps

CREDIT RISK MANAGEMENT GUIDANCE FOR HOME EQUITY LENDING

UNITED STATES OF AMERICA DEPARTMENT OF THE TREASURY COMPTROLLER OF THE CURRENCY CONSENT ORDER

Terms of Reference for a Comprehensive Independent External Review of IFAD's Risk Management Policies Financial Risk Assessment

Accounting Update. Joanne Wakim. Chief Accountant Federal Reserve Board

Navigating the New Normal Enterprise Risk Management After e-risk Identification and Assessment

Center for Plain English Accounting

by: Stephen King, JD, AMLP

Annual Compliance Meeting On-Demand Overview and Course Segments

FRAMEWORK FOR SUPERVISORY INFORMATION

4Q 18 EARNINGS PRESENTATION

Introduction to CMA Part Section A External Financial Reporting Decisions... 2 A.1. Financial Statements... 2

Business Continuity Program Management Benchmarking Report

The market and competition, including demand, capacity, and price competition.

2018 National Survey of Community Banks

UNITED STATES OF AMERICA BEFORE THE BOARD OF GOVERNORS OF THE FEDERAL RESERVE SYSTEM WASHINGTON, D.C.

SAN IPSE CAPITAL OF SILICON VALLEY

Community Banking. Take the stress out of stress testing. A D V I S O R Spring Suspicious activity reports: Are you using key terms?

Preview of Observations from 2016 Inspections of Auditors of Issuers

Regulations on risk management in banks. 1. General provisions

Simplified Prospectus

Report on Internal Control

UNITED STATES OF AMERICA DEPARTMENT OF THE TREASURY FINANCIAL CRIMES ENFORCEMENT NETWORK ASSESSMENT OF CIVIL MONEY PENALTY

Supervisor of Banks: Proper Conduct of Banking Business (12/12) Operational Risk Management Page Operational Risk Management

Guidance Note System of Governance - Insurance Transition to Governance Requirements established under the Solvency II Directive

Consultation Paper. FSB Principles for Sound Residential Mortgage. Underwriting Practices

LOUISIANA CORPORATE CREDIT UNION FINANCIAL STATEMENTS DECEMBER 31, 2015 AND 2014

Quarterly Conversations with the Federal Reserve Bank of St. Louis Live from Arvest Bank Bentonville, Arkansas. May 20, 2015

What is Liquidity? Ability and ease with which assets can be converted to cash to meet shortterm obligations, without incurring unacceptable losses Me

NEW YORK STATE DEPARTMENT OF FINANCIAL SERVICES PROPOSED 23 NYCRR 500 CYBERSECURITY REQUIREMENTS FOR FINANCIAL SERVICES COMPANIES

P&G Banking A D V I S O R Spring 2015

4Q14 and FY 2014 Financial Results. January 26, 2015

+-' C :::J. c:: en en ::J J FCIC-FRBNY000732

Loan Portfolio Management

Annual Compliance Meeting On-Demand Course Segments

LESSONS FROM RECENT BSA/AML ENFORCEMENT ACTIONS

NCUA RLS Jerry Bonk 11/01/2016 3/10/ Lending Hot Topics. Key Lending Issues from an Examiner Perspective

Monetary Policy in Africa

ESMA Risk Assessment Work Programme 2018

BERMUDA MONETARY AUTHORITY GUIDELINES ON STRESS TESTING FOR THE BERMUDA BANKING SECTOR

ECON132 Exam #1 Summer 2005 Session B

STRESS TESTING Transition to DFAST compliance

Transcription:

INTERNAL AUDIT Elliott Davis Decosimo May 2015 Michael P. Egan Supervisory Examiner

Overview Back to Basics Approach Risk Assessments Audit Planning Audit Workprograms & Sampling Methodology Deficiency Tracking & Validation Guidance Staff Expertise and Ongoing Professional Education Quality Control Programs

Back to Basics Hot Topic Accountability Horizontal Review at Large Community Banks in North Carolina and South Carolina $1B-$10B Develop Best Practices and identify emerging risks

Risk Assessments Business line specific narrative regarding: Inherent risks High, Medium, and Low should have the same detail for every business line. Any mitigating controls in place Any other components that may impact the overall risk ratings Risk ratings should be defined and correspond to an audit frequency.

Audit Planning Comprehensive document approved by the Board/Audit Committee annually. Timing and Frequency of Audits Prior Audit Date and Rating Individual or vendor responsible for audit Large community banks project audit hours Multi-Year Audit Plan Reassess when needed Multi Year Audit Plan No 70% Yes 30%

Potential Red Flags Rapid growth Management or key employee turnover Recommendations are not effective in prompting management corrective action Concentrations of assets with complex valuation methods Basic internal control deficiencies Poor or absent documentation

Workprograms Expect more sampling at examinations Detailed scope Comprehensive procedures Sampling methodology Prior audit rating & findings Assess remediation efforts Risk-Focused versus Accounting-Based Regulatory Compliance

Sampling Methodology Review revealed sampling is generally guided by SOX testing requirements from vendors. In some instances the sample sizes appeared very low with little or no narrative. ALLL: 15 impairment analyses worksheets or less than 9% Wires: 20 sampled over 12 month period or less than 3% of outgoing wires. Consumer Loans: Random sample of 15 loans 4 Auto Reviews 6 HELOCS 5 Installments

Deficiency Tracking Responsibility for updating Guidance for validation efforts Next audit cycle may be up to 36 months Vary by significance Maintaining closed issues to determine if there are repeat findings Track regulatory findings and remediation

Average Experience by Title 23 21 Chief Audit Executive Audit Manager 14 Audit Supervisor Senior Auditor II 11 Senior Auditor I Staff Auditor II Staff Auditor I Audit Analyst 5 3 4 4 5 IT Analyst Average Audit Experience by Title

Audits per FTE participating in fieldwork Average audit personnel in department is approximately six individuals Five completing fieldwork Average Assets per Auditor $500M-$992M Average number of audits completed internally is 25 or approximately 75% Average Experience Professional Certifications, training, and development plans

Specialized Audit Areas Mortgage QC Acquired Loan Accounting Loss Share ALLL Interest Rate Risk Compliance CRA BSA-AML Trust Information Technology Information Technology 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% Trust BSA-AML CRA Compliance Interest Rate Risk ALLL Loss Share Acquired Loan Accounting Mortgage QC N/A 0% 33% 0% 0% 0% 0% 0% 33% 33% 0% Internal 17% 17% 17% 83% 67% 50% 50% 50% 33% 67% Outsourced 83% 50% 83% 17% 33% 50% 50% 17% 33% 33%

Quality Control Program Audit activities are conducted in accordance with Standards for the Professional Practice of Internal Auditing Assures compliance with Standards, Charter, Policies, Code of Ethics, practices, and regulatory requirements Identifies methods to improve organizational operations External assessment at least once every five years No QA Review, 83.33% Quality Assurance Review QA Review, 16.67%

Potential QC Review Components Budgeting and financial administration for internal audit Maintenance and updating of the risk assessment and audit universe Evaluation of long-range planning Audit tools and use of technology Training and development of staff Audit statistics and metrics used Review of summary reports Administration of deficiency tracking

Emerging Areas Credit Review 100% 75% 50% 25% 0% A B C D E F In-house 0% 100% 50% 0% 50% 75% # Staff 0 9 1 0 1 4 Internal Credit Review Function Internal Compliance Review Function Audit Department should assess the review functions

Resources Statement of Policy: Internal Audit and Its Outsourcing Part 363: Annual Independent Audits and Reporting Requirements Various Practice Advisories from The Institute of Internal Auditors

Common ALLL issues/concerns include: Improper use of or insufficient support/documentation for environmental factors Expected Cash Flow Definition Historical Loss Look-Back Period Negative Provisions CECL

ALLL Annual charge-off rates are calculated over a specified time period (e.g., three years or five years), which can vary based on a number of factors including the relevance of past periods experience to the current period or point in the credit cycle.

Credit Administration Seven Ways Banks Are Relaxing Loan Terms Extend Fixed-Rate Pricing: Tweak Guarantees: Stretch Out Amortization: Raise the Leverage: Waive Fees: Lower Debt-Service Limits: Ease Collateral Requirements:

Cybersecurity The National Institute of Standards and Technology defines cybersecurity as "the process of protecting information by preventing, detecting, and responding to attacks." As part of cybersecurity, institutions should consider management of internal and external threats and vulnerabilities to protect information assets and the supporting infrastructure from technology-based attacks.

Cyber Challenge: A Community Bank Cyber Exercise Objectives: Initiate discussion between financial institution management and staff on cyberrelated issues and concerns. Identify potential shortfalls in operational readiness capabilities. Strengthen preparedness and response efforts to promote an institution s resilience.

Cyber Challenge Scenario Overview: Cyber Challenge consists of a DVD with short video vignettes that present four unique scenarios for discussion. Challenge cards accompany each video vignette to facilitate discussions. Participants should play a video vignette and then respond to the associated challenge questions.

Cyber Challenge: A Community Bank Cyber Exercise Objectives: Initiate discussion between financial institution management and staff on cyberrelated issues and concerns. Identify potential shortfalls in operational readiness capabilities. Strengthen preparedness and response efforts to promote an institution s resilience.

Cyber Challenge The four vignette themes are: Vignette #1 - Item Processing Failure Vignette #2- Customer Account Takeover Vignette #3 - Bank Internal Error/Phishing & Malware Problem. Vignette #4 - Technology Service Provider Problem

Current Exam Issues Internal Audit ALLL/TDR s Liquidity/Stress Testing Interest Rate Risk Lending Programs Cyber Security-IT BSA Model Validation

QUESTIONS?

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback