LeiningerCPA, Ltd. INTERNAL AUDIT AND CONTROL POLICY STATEMENT. Summary of Overall Responsibilities and Objectives

Similar documents
Internal Audit Best Practices for Community Banks. A CSH White Paper

LeiningerCPA, Ltd. RISK MANAGEMENT POLICY STATEMENT

This charter defines the purpose, authority and responsibility of News Corporation s (the Company ) Corporate Audit Department.

Self Assessment Workbook

AUDIT COMMITTEE CHARTER REINSURANCE GROUP OF AMERICA, INCORPORATED. the audits of the Company s financial statements;

BOARD OF DIRECTORS CHARTER

Guidance Note: Corporate Governance - Audit Committee. March Ce document est aussi disponible en français.

AUDIT COMMITTEE OF THE BOARD OF DIRECTORS

Implementation Guides

Audit & Risk Committee Charter

MAGNA INTERNATIONAL INC. BOARD CHARTER

TITLE 21 - AUDIT. Chapter 01. Audit Committee Chair... 2

SUNEDISON, INC. AUDIT COMMITTEE CHARTER (Adopted October 29, 2008)

THE AUDIT COMMITTEE HANDBOOK

Model Risk Management

Internal Audit Appendix: IIA Standards

WELLS FARGO & COMPANY AUDIT AND EXAMINATION COMMITTEE CHARTER

MODEC, Inc. Corporate Governance Guidelines

Internal Audit Mandate

CHARTER FEDERAL RESERVE BANK OF RICHMOND BOARD OF DIRECTORS AUDIT AND RISK COMMITTEE

University Students Council of the University of Western Ontario BY-LAW #4. AUTHORITY: Council RATIFIED BY: Council DAY MONTH YEAR BY-LAW #4

Audit Committee Charter

Terms of Reference of the Audit Committee

AUDIT COMMITTEE OF THE BOARD OF DIRECTORS OF THE TORONTO-DOMINION BANK CHARTER

A Firm s System of Quality Control

AUDIT COMMITTEE CHARTER (updated as of August 2016)

BIOSCRIP, INC. CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS

DIXIE STATE UNIVERSITY 2017 Staff Employee Annual Review

OSHKOSH CORPORATION BOARD OF DIRECTORS AUDIT COMMITTEE CHARTER. As Amended as of May 9, 2016

Audit Committee Charter for XL Group Ltd

CHARTER OF THE AUDIT COMMITTEE NATIONWIDE MUTUAL INSURANCE COMPANY NATIONWIDE MUTUAL FIRE INSURANCE COMPANY NATIONWIDE CORPORATION

Audit Committee Charter

Delta Dental of Michigan, Ohio, and Indiana. Compliance Plan

Internal Audit Policy and Procedures Internal Audit Charter

STARWOOD HOTELS & RESORTS WORLDWIDE, INC. CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS

AUDIT COMMITTEE CHARTER. Specifically, the Audit Committee is responsible for overseeing that:

AUDIT COMMITTEE CHARTER

AUDIT COMMITTEE CHARTER

CHARTER AUDIT COMMITTEE

FRONTERA ENERGY CORPORATION CORPORATE GOVERNANCE POLICY

TOTAL S.A. RULES OF PROCEDURE OF THE BOARD OF DIRECTORS

AUDIT COMMITTEE CHARTER DATED AS OF AUGUST 5, 2010

PT Mandom Indonesia Tbk GCG

Basel Committee on Banking Supervision. Consultative Document. External audits of banks. Issued for comment by 21 June 2013

MAXAR TECHNOLOGIES LTD. TERMS OF REFERENCE HUMAN RESOURCES AND MANAGEMENT COMPENSATION COMMITTEE

CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS OF MULESOFT, INC.

FLORIDA STATE UNIVERSITY Office of Inspector General Services Report #17-06

Chief Executive Officers, General Managers and Board Presidents Saskatchewan Credit Unions

GROUP 1 AUTOMOTIVE, INC. AUDIT COMMITTEE CHARTER

Charter of the Audit Committee of the Board of Directors of Novo Nordisk A/S. CVR no

PPG INDUSTRIES, INC. AUDIT COMMITTEE CHARTER

X5 RETAIL GROUP Rules on External Auditor Independence and Selection Adopted on 1 December 2015 by the Audit Committee

CDK GLOBAL, INC. AUDIT COMMITTEE CHARTER Effective January 20, 2016

2012 IIA Standards Update

THE UNIVERSITY OF BRITISH COLUMBIA

W. R. GRACE & CO. CORPORATE GOVERNANCE PRINCIPLES

1. Number. Except as otherwise permitted by the applicable NASDAQ rules, the Audit Committee shall consist of at least three members of the Board.

SONOCO PRODUCTS COMPANY BOARD OF DIRECTORS CORPORATE GOVERNANCE GUIDELINES

1. Definition & Mission

WINTHROP UNIVERSITY EMPLOYEE PERFORMANCE MANAGEMENT SYSTEM POLICY AND PROCEDURE

Bank of Botswana Internal Audit Charter March 18, 2013 INTERNAL AUDIT CHARTER BANK OF BOTSWANA

ADES International Holding Ltd (the Company )

For personal use only

AUDIT COMMITTEE CHARTER

AMENDED AND RESTATED ON SEMICONDUCTOR CORPORATION CORPORATE GOVERNANCE PRINCIPLES

MINDEN BANCORP, INC. AUDIT COMMITTEE CHARTER

provide leadership to the Company by practising ethical and sustainable decision making in the best interest of the Company and shareholders;

2017 Archaeology Audit Program Procedure Manual. April 2017

AICPA STANDARDS FOR PERFORMING AND REPORTING ON PEER REVIEWS. Effective for Peer Reviews Commencing on or After January 1, 2009

Audit Committee Charter Amended September 3, Tyco International plc

INTUIT INC. CORPORATE GOVERNANCE PRINCIPLES FOR THE BOARD OF DIRECTORS as amended July 20, 2017

Audit Committees: A Self-Assessment Checklist

GOVERNANCE GUIDELINES FOR THE BOARD OF DIRECTORS

CFPB Examination Procedures

Internal Audit Challenges & Opportunities Speaker: Laurie Shen, Director, Grant Thornton LLP

In Control: Getting Familiar with the New COSO Guidelines. CSMFO Monterey, California February 18, 2015

FIAT CHRYSLER AUTOMOBILES N.V. AUDIT COMMITTEE CHARTER

SOUTHWEST AIRLINES CO. AUDIT COMMITTEE CHARTER

The new CEO will be responsible for the overall management of the credit union and achievement of Board directed goals and initiatives.

Report. Quality Assessment of Internal Audit at <Organisation> Draft Report / Final Report

JACOBS ENGINEERING GROUP INC. CORPORATE GOVERNANCE GUIDELINES

Audit Committee Manual

NEWMARK GROUP, INC. AUDIT COMMITTEE CHARTER. (as of December 2017)

Corporate Governance Manual

NSW Government Capability Framework - Benchmark Job Evaluations. NSW Department of Premier and Cabinet

DIRECTOR TRAINING AND QUALIFICATIONS: SAMPLE SELF-ASSESSMENT TOOL February 2015

BOARD GUIDELINES ON SIGNIFICANT CORPORATE GOVERNANCE ISSUES

TG Therapeutics, Inc. Audit Committee Charter

AUDIT COMMITTEE CHARTER

The following are matters specifically reserved for the Board:-

Equal Employment Opportunity AP 3420

China Southern Airlines Company Limited Terms of Reference of Audit and Risk Management Committee

Corporate Governance Principles. As Amended June 7, 2017

BOARD CHARTER Introduction Company Board Responsibilities

CONTENTS I. POLICY SUMMARY

AUDIT COMMITTEE TERMS OF REFERENCE

GoldSRD Audit 101 Table of Contents & Resource Listing

German Corporate Governance Code

CODE OF ETHICS FOR CHIEF EXECUTIVE OFFICER AND SENIOR FINANCIAL OFFICERS UGI CORPORATION

Practice Guide. Developing the Internal Audit Strategic Plan

Transcription:

LeiningerCPA, Ltd. INTERNAL AUDIT AND CONTROL POLICY STATEMENT This policy statement provides an overview of the internal audit and control process and defines the broad responsibilities for overseeing these activities. Separate internal audit and internal control procedure statements provide further guidance for implementing these policies. Summary of Overall Responsibilities and Objectives Oversee Corporate Governance, Internal Audit and Control Activities Senior management and the directors are responsible for ensuring: The bank s corporate governance process is supportive of a strong risk management culture (referred to as inherent risk ). The system of internal control operates effectively ( control risk ). An effective internal audit function is in place ( audit or detection risk ). These overall responsibilities cannot be delegated to anyone else. They may, however, delegate the design, implementation and monitoring of specific internal controls to management, and the testing and assessment of internal controls to others, including outside vendors. Management is responsible for ensuring the effectiveness of internal control. Management self-assessments and on-going monitoring are an important first layer in ensuring the effectiveness of controls, but they are not impartial. Therefore, an important element in assessing the effectiveness of the internal control system is an internal audit function. Internal Audit Objectives The overall objective of the internal audit function is to independently and objectively evaluate and report on the effectiveness of the bank s risk management, internal control, and governance processes, and the quality of performance in carrying out assigned responsibilities. This objective includes promoting effective control at reasonable cost. When properly structured and conducted, internal audit provides vital information about weaknesses in the internal control system so that management can take prompt, remedial action. Audit Committee and Internal Audit Manager Appointment The Board shall consider appointing an Audit Committee, [consisting entirely of, or of a majority of, outside directors who are independent of management of the bank] to oversee the audit and examination functions performed by the bank s internal and external auditors, and regulators. [Or, state that these responsibilities will be fulfilled by the entire Board.] Page 1 of 5

The directors shall also assign responsibility for the internal audit function to a member of management who understands the function (the internal audit manager ). The responsibilities of the Internal Audit Manager are described in the Internal Audit Procedure Statement. Role of the Board Annual Approval of External Audit Involvement To help ensure accurate and reliable financial reporting, the directors shall maintain an effective external auditing program. The external auditing program is an important component of the bank s overall risk management process, and compliments the internal auditing function by providing an independent and objective view. 1. Approve the appropriate extent of external audit activities The audit committee or board is responsible: A) for identifying at least annually the risk areas of the bank s activities and assessing the extent of external auditing involvement needed over each area, and B) then determining what type of external auditing program will best meet the bank s needs. The directors should take into consideration the most cost-effective manner to ensure sufficient internal and/or external audit coverage of the bank's high risk areas and any other areas of potential concern, including such areas as loan review, market risk assessment, legal compliance, and/or information technology. 2. If an external firm is engaged The Board shall approve the engagement terms and the scope of the procedures performed, and review the independence of the external auditor annually. The directors shall perform due diligence on the relevant experience and competence of the independent auditor and staff carrying out the work. The external audit engagement letter must meet the requirements set forth in the 2003 Interagency Policy Statement on the Internal Audit Function and its Outsourcing. The directors should determine, and the engagement letter should specify, any additional or specific external auditing procedures that are warranted for a particular year or several years to cover areas of particularly high risk or special concern, or areas for which the bank does not possess the internal audit expertise. 3. If an external firm performs both internal and external audit procedures the engagement letter should document that the Board has pre-approved the internal audit outsourcing to its external auditor, and considered the independence issues associated with this arrangement. Regulatory guidance reflects the broad principles that audit firms that perform a bank s internal and external audit should not audit their own work, perform management functions for the same bank, or act as an advocate for the same bank. 4. The reasons supporting the above decisions should be supported in the minutes. Significant developments regarding the external auditing program, such as hiring, changing or terminating an independent public accountant to perform the external auditing work, should be communicated promptly to the appropriate supervisory office. Annual Internal Audit Responsibilities 5. Approve the results and reports of internal and external audits and supervisory examinations during the year, as well as action taken by management to correct deficiencies and implement recommendations for improving internal controls. Determine that the report adequately explains the auditor s findings, and that Page 2 of 5

the requirements of all relevant third parties have been met, including regulators and the bank s bonding company. Consider obtaining management's written response to the reports. 6. Approve the planned scope of internal audit activities for the next year as set forth in an annual audit plan. Ensure that the plan is realistic in design and that overall internal audit activities are efficiently directed toward areas of higher risk or concern. The directors and senior management should be confident that the internal audit function addresses the risks and meets the demands posed by the bank s current and planned activities, in combination with other external resources. 7. Periodically monitor adherence to the planned scope of internal audit activities set forth in the annual audit plan. Any other revisions to the plan should be made as appropriate. 8. Approve the dual reporting relationship of the internal audit manager: i.e. the internal audit manager is functionally accountable to the Board on issues discovered by the internal audit function, while reporting to another senior manager on administrative matters. The Board should weigh the risk of diminished independence against the benefit of reduced administrative burden, and document its consideration of this risk and mitigating controls. See Organizational Structure. 9. Approve the scope of coverage and effectiveness of internal control activities taking into consideration recommendations made by regulators and internal or external auditors. 10. Evaluate the internal auditor's performance, and ratify management's selection or termination of the auditor or internal audit manager. Consider feedback concerning the internal auditor's performance from management and the external auditor. 11. Approve the budget for audit activities, including the internal auditor's salary, training needs and tools. This may occur as part of approving the bank's overall annual budget. 12. Consider periodically meeting with the internal or external auditors (without management present if desired) to discuss the results of their audit procedures, and provide an open forum for discussing any other topic the auditor(s) believe should be brought to the Board's attention. 13. Hold management accountable for resolution of audit and examination findings and recommendations in a timely manner, and especially following-up on repeat criticisms. 14. Oversee the quarterly regulatory reporting process. 15. Maintain minutes and other relevant records of meetings and decisions that reflect approval and monitoring of the internal and external audit program and schedule, including Board or committee reviews of audit reports with management and timely action on audit findings and recommendations. If an Audit Committee is designated, periodically report Audit Committee activities to the full Board. 16. Review and approve this policy statement at least annually, and any material variances from the policy. Page 3 of 5

Role of the Internal Auditor In order to maintain independence and objectivity, the internal auditor is responsible directly to the Board. The internal auditor has the full authority vested with the Board to perform audits and investigations of all financial records, operations, activities, and affairs of the bank. The internal auditor shall have immediate access to the Board, without prior management approval, if the circumstances warrant such access. The auditor shall also have access to all examination reports and any written communication and/or correspondence with the regulatory agencies. The internal auditor will generally assist the Board in fulfilling its responsibilities to ensure the appropriate conduct of audit and control activities, specifically including the following: 1. Develop detailed risk-based audit plans and programs. Present, for management and Board approval, an annual audit plan designed to achieve the bank's overall audit objectives while emphasizing areas of higher risk or concern for management and the Board, and indicating the general allocation of the overall budget for major areas. The annual audit plan should be revised throughout the year to take into consideration changes in the bank s activities. Each internal audit report should discuss the status of completion of the procedures and suggest any necessary revisions to the annual audit plan. Internal audit procedures will be performed on a one- to three-year cycle. Testing will be performed annually for higher-risk activities. Lower-risk activities will be audited every 18-36 months, with at least a brief overview of the status of performance. 2. Carry out audit procedures to efficiently achieve the annual audit plan. Document work performed and conclusions in audit workpapers or other supportive evidence. 3. Discuss overall audit findings and recommendations with management immediately after completing each audit area, with the purpose of corroborating the factual accuracy of audit findings and obtaining their feedback in determining appropriate courses of action. Disagreements may occur between management and the auditor. Although the auditor should determine the factual accuracy of their findings with management, they are not required to obtain their concurrence as to audit conclusions or recommendations. 4. Periodically report audit procedures performed and related findings and recommendations in a timely manner to management and the Board. Give consideration to management's adherence to planned action steps and time frames to correct deficiencies and implement recommendations identified in previous internal and external audit and examination reports. 5. Assist in fostering an understanding of the risk management process and communicating risk management and control concepts to bank personnel, and participate in or facilitate the identification of major risks and the development of control procedures for new activities. 6. Maintain the necessary audit proficiency through on-the-job training, self study, seminars, and obtaining up-to-date audit tools, etc. Page 4 of 5

Role of Bank Management While the internal auditor is ultimately responsible directly to the Board, as a practical matter, he/she will report administratively to the President. The responsibilities of the President, with the assistance of other bank officers and/or consultants, include: 1. Oversee the day-to-day efforts and evaluate the overall performance of the auditor, and ensure appropriate day-to-day supervision of risk management systems and personnel. Provide overall direction concerning audit procedures and development of work programs. 2. Hold personnel accountable for appropriately conducting their responsibilities, and take timely action to resolve areas of inappropriate performance or non-compliance. 3. Review audit findings and provide feedback in determining appropriate recommendations. Provide a response to the audit report, where appropriate, and ensure appropriate action steps and time frames are established to correct deficiencies and implement recommendations. 4. Oversee correction of deficiencies and implementation of corrective measures identified during the audit and examination process. Review the quality and efficiency of bank operations and personnel noted during the audit process. 5. Assist in coordinating all risk management and internal and external audit activities. Management should follow a risk-based approach to effectively and efficiently allocate bank resources and prioritize activities. 6. Provide copies of external audit reports and management letters to supervisory authorities and other third parties as appropriate. Notify the supervisory authorities when an external auditor is initially engaged, and any subsequent change in external auditors, as appropriate. Organizational Structure The regulators acknowledge that in small banks, such as ours, the employee designated as a part-time auditor also has other operational responsibilities. The regulators state that a bank without a fully independent internal auditor can ensure that it maintains an objective internal audit function by implementing a comprehensive set of independent review of significant internal controls. To maintain independence, the key characteristic of such reviews is that the person(s) directing and/or performing the review of internal controls is not also responsible for managing or operating those controls, and should report findings directly to the Board. Further, the internal audit function should not assume a business-line management role over control activities, such as approving or implementing operating policies or procedures, including those it has helped design in connection with its consulting activities. * * * * * Page 5 of 5

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback