Internal Audit Process Credit Union Internal Auditing from the Ground Up John Gallagher, Director Internal Audit SEFCU (New York) Barry Lucas,
Internal Auditor Desco FCU (Ohio) Pat Richey, Director Internal Audit Finance Center FCU (Indiana) ACUIA Conference 6/14/2011 1 Serving Many Masters Internal Audit Definition Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a
systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. ACUIA Conference 6/14/2011 2 Serving Many Masters Role Independence and Objectivity Assurance and Consulting Add Value and Improve Services
Systematic and Disciplined Reporting Structure ACUIA Conference 6/14/2011 3 SEFCU Organizational Chart Members Board Committees (ALCO, Governance, CEO Compensation) Board of Directors (13 members)
CUSOs Chief Administrati ve Officer Chief Financial Officer Supervisory Committee (4 Members) President/CEO Chief Banking Officer
Internal Audit Chief Marketing Officer President Commercial Services Chief Technology Officer ORM
Accounting Finance Branch Network Marketing Commercial Lending IT HR Collections
Call Center e-Services Business Accounts Facilities Ops Support Lending CRM Barb Hess Chief Administrative Officer
John Anderson EVP, Organizational Risk Management John Gallagher Director of Internal Audit Donna Chardeen Director of Regulatory Compliance and Fraud Mitigation Dennis Whiteford Internal Auditor Suzanne Alderman Fraud/Loss Mitigation Rachael Martin Internal Auditor
Christine Wheeler Compliance Analyst Chrisopher Duwe Director of Business Continuity, Safety, and Security Kirsten LeBlanc Contracts Administrator Jeffrey Bregenzer Commercial Loan Review Officer ACUIA Conference 6/14/2011 5 ACUIA Conference 6/14/2011
6 Serving Many Masters Responsibilities o Internal Audit Charter o Supervisory/Audit Committee Charter o Job Descriptions o Audit Staff Structure ACUIA Conference 6/14/2011 7 Serving Many Masters Relationships and Politics Management
Employees ACUIA Conference 6/14/2011 8 Serving Many Masters Relationships Supervisory & Audit Committees Board of Directors ACUIA Conference 6/14/2011
9 Serving Many Masters Relationships External Auditors Regulators ACUIA Conference 6/14/2011 10
Serving Many Masters QUESTIONS ? ACUIA Conference 6/14/2011 11 Performing Audit Work Where Do I Start? Risk Assessment Audit Universe Models Risk Priority ACUIA Conference 6/14/2011
12 Performing Audit Work Where Do I Start? Business/Audit Plan ACUIA Conference 6/14/2011 13 Performing Audit Work Where Do I Start? Audit Scheduling Distractions
Fraud Investigation New Products / Services Training / Vacations Turn over ACUIA Conference 6/14/2011 14 Performing Audit Work Objectives - broad statements - risks Scope
- who - what - when - where ACUIA Conference 6/14/2011 15 Performing Audit Work - Audit Program written procedures interview questions collecting information testing, sampling analyzing
evaluation ACUIA Conference 6/14/2011 16 Performing Audit Work - Workpapers support findings restricted access retention testing, sampling analyzing evaluation
ACUIA Conference 6/14/2011 17 Performing Audit Work QUESTIONS ? ACUIA Conference 6/14/2011 18 Communications and Follow Up Audit Reports Management & Internal Audit need to agree up front
Findings Recommendations Report Structure Who gets them? ACUIA Conference 6/14/2011 19 Communications and Follow-Up Follow-Up Follow-up Audits Monitoring results Implementation of recommendations If you do not do this Nothing happens!
ACUIA Conference 6/14/2011 20 Communications and Follow-Up Supervisory / Audit Committee Meetings Frequency Structure Agenda ACUIA Conference 6/14/2011 21 Communications and
Follow-Up QUESTIONS ? ACUIA Conference 6/14/2011 22 Tools and Resources Technology Paperless auditing Internet tools
Analytical review using audit software ACUIA Conference 6/14/2011 23 Tools and Resources Basic Internal Controls COSO Credit Union Objectives - Operations - Financial Reporting - Compliance
Internal Control Components - Control Environment - Risk Assessment - Control Activities - Information and Communication - Monitoring ACUIA Conference 6/14/2011 24 Tools and Resources Enterprise Risk Mgmt COSO Credit Union Objectives - Operations
- Financial Reporting - Compliance - Strategic ERM Components - Internal Environment - Objective Setting - Event Identification - Risk Assessment - Risk Response - Control Activities - Information and Communication - Monitoring ACUIA Conference 6/14/2011 25
Tools and Resources International Standards for the Professional Practice of Internal Auditing - Attribute Standards - Performance Standards - Quality Assurance Review ACUIA Conference 6/14/2011 26 Tools and Resources Control Self-Assessment
Management Buy In Business Objectives Identify Risks Gather Best Practices Provide Documents ACUIA Conference 6/14/2011 27 Tools and Resources Resources
Professional Journals - IIA, ACFE, ISACA Professional Standards - COBIT - GTAGs Current Issues of Internal Auditing Governance Websites
- Credit union industry, regulatory, professional ACUIA Conference 6/14/2011 28 Audit Professionalism Certification - CIA Common Body of Knowledge - CFE - CUCE, NCCO - CISA - CPA - CFSA ACUIA Conference 6/14/2011
29 Audit Professionalism Training - Conferences / Seminars - Local Chapters - Webinars / Teleseminars - Compliance Schools ACUIA Conference 6/14/2011 30 Audit Professionalism ACUIA
Website Message Forum Membership Directory Audit Guide The Audit Report magazine Lending Library Conferences, seminars ACUIA Conference 6/14/2011 31 Tools and Resources QUESTIONS ?
ACUIA Conference 6/14/2011 32
