Must Know 4.2 4.6 Flashcards
(47 cards)
The Board has the primary responsibility for creating, implementing, and monitoring a system of internal controls
TRUE
The five components of internal control
o Control environment o risk assessment o control activities o information and communication o monitoring activities
The four basic elements of an internal control system
o organizational structure
o appropriate accounting procedures
o provisions for protection of assets
o development/use of an effective audit program
The five minimum items that organizational structure should provide an internal control system
o Directors’ Approvals o Segregation of Duties o Rotation of Personnel o Sound Personnel Policies o Vacation Policies
The six characteristics that should be found in accounting procedures
o Operating Responsibilities o Current records o Subsidiary Control accounts o Audit trail o Pre-numbered documents o accounting manual
The various methods/procedures used to protect assets
o Cash control: tellers are responsible for their separate cash drawers
o Joint Custody: two people each have a combo for the safe
o Dual Control: the work of one person is verified by another
o Employee Hiring Procedures
o Emergency Preparedness Plans
o Reporting Shortages
The definitions of Joint Custody and Dual Control and how the two terms differ
o Cash control: tellers are responsible for their separate cash drawers
o Joint Custody: two people each have a combo for the safe
The minimum standards of an internal audit program (as specified by Part 364)
o Adequate monitoring of the internal control system
o Independence and objectivity
o qualified personnel
o adequate testing and review of information systems
o adequate documentation of tests/findings and corrective action
o Verification and review of management’s actions to address material weaknesses
o review by the audit committee or Board of the internal audit systems’ effectiveness
The key characteristics of the internal audit function:
o Structure – no conflict of interest or undue influence of internal audit staff by management; internal audit should report directly to audit committee
o Management/staffing/audit quality – Audit manager is responsible for control risk assessments, audit plans, audit programs, and audit reports; audit function should be competently supervised and adequately staffed
o Scope – frequency and external of internal audit should be consistent with nature, complexity, and risk of bank’s activities; audit committee should review and approve of internal audit’s control risk assessment and audit plan scope at least annually
o Communication – significant matters should be promptly reported directly to the Board
o Contingency Planning – All institutions should have an audit contingency plan in place
The general list of items that should be discussed/included in a contract with an third party internal auditor
o a definition of both parties expectations
o scope, frequency, fees
o responsibilities for providing and receiving information
o the process for changing service contract terms
o that the internal reports are the institution’s property
o The bank and regulators can access work papers
o The time period that auditors must retain work papers
“materiality” is not generally a good indicator of which audit exceptions/control weaknesses to report
TRUE
The purpose of the external audit
to determine whether a bank’s financial statements have been prepared in accordance with GAAP and to alert management to any significant deficiencies in internal controls over financial reporting
The minimum required security devices that all institutions must have:
o A means of protecting cash/liquid assets (May include a vault but does not have to be a vault! Can be a safe or other type of secure space.)
o A lighting system to illuminate the area around the vault during times of darkness, if the vault is visible from outside the office
o An alarm or other device for promptly notifying law enforcement of an attempted robbery or burglary
o Tamper-resistant locks on exterior doors and windows that maybe opened
o Other such devices as deemed appropriate by the security officer
That the audit committee/Board should be analyzing the extent of external audit coverage that is required at least
annually
The alternatives to an independent financial statement audit, and their merits and shortcomings
o Reporting by an Independent Public Accountant on an Institution’s Internal Control Structure For a smaller institution with less complex operations, this type of engagement is likely to be less costly than a financial statement or balance sheet audit.
o Balance Sheet Audit Performed by an Independent Public Accountant The cost of a balance sheet audit is likely to be less than a financial statement audit. However, under this type of program, the accountant does not examine or report on the fairness of the presentation of the institution’s income statement, statement of changes in equity capital, or statement of cash flows.
o Agreed-Upon Procedures State-Required Examinations Depending upon the engagement’s scope, the cost of agreed-upon procedures or a State-required examination may be less than the cost of an audit. However, under this type of program, the independent auditor does not report on the fairness of the institution’s financial statements or attest to the effectiveness of the internal control structure over financial reporting.
When, and within what timeframe, banks are required to submit copies of external auditing work and notices of engagement or change in external auditor
As soon as possible.
When an institution is deemed to have given permission to the FDIC to communicate with its external auditor
once the institution has notified the FDIC of the name of the accountant or accounting firm that it has engaged
When examiners should review external auditor workpapers and general procedures that are followed when reviewing them
A workpaper review is not expected to be performed for every institution; however, examiners should review workpapers before or during an examination, (unless the workpapers of the institution for that fiscal year have been previously reviewed) in the following instances: each insured institution subject to Part 363 that has been or is expected to be assigned a CAMELS rating of 4 or 5; each state nonmember bank not subject to Part 363 that has been or is expected to be a assigned a CAMELS rating of 4 or 5; and where an institution, regardless of size, is not expected to be assigned a rating of 4 or 5, but significant concerns exist regarding other matters that would have been covered in the audit.
Requests by the Regional Director to independent public accountants for access to workpapers should be in writing and specify the institution to be reviewed, indicate that the accountant’s related policies and procedures should be available for review, and request that a staff member knowledgeable about the institution be available for any questions.
Procedures for filing complaints against accountants
initially discuss the matter with the accountant in an attempt to resolve the concern. If the concern is not resolved in this manner, the examiner should send a memorandum to the Regional Director, with a copy to the Regional Accountant, summarizing the evidence of possible violations of professional standards and the inability to resolve the matter with the accountant. As part of the discussion, the accountant should be made aware that a complaint to the AICPA and/or the State board of accountancy is under consideration. Documentary evidence should be attached to support comments. Where notification of apparent violation of professional standards appears appropriate, letters should be concurrently forwarded by the Regional Director to the State board of accountancy in the institution’s home state, the Professional Ethics Division of the AICPA (in the case of certified public accountants), the subject accountant or firm, and the DSC Accounting and Securities Disclosure Section.
Scenarios in which an examiner might request an institution to obtain a specialized audit, and procedures for requesting this
If institution is involved in unique activities or complex transactions that are not within management’s range of expertise. When requiring or recommending that an institution contract with an independent public accountant or other outside professional for specific additional work, the examiner should advise the institution to provide the FDIC with a copy of the contract for review before the contract is signed. The contract should be reviewed to ascertain whether it describes the work that needs to be performed in sufficient detail so that the outside professional understands exactly what the FDIC’s expectations are and can be responsive to any requirements established by the FDIC concerning the work to be performed.
Which banks are required to comply with the Sarbanes-Oxley Act
Some FDIC-supervised banks have registered their securities pursuant to Part 335 of the FDIC’s regulations and are, therefore, public companies. Other FDIC-supervised banks are subsidiaries of bank holding companies that are public companies. These public companies and their independent public accountants must comply with the Sarbanes-Oxley Act – including those provisions governing auditor independence, corporate responsibility and enhanced financial disclosures. Banks are also required to comply when they have more than $500MM in total assets at the beginning of the fiscal year under part 363.
The principals of direct verification, the differences between positive direct verification and negative direct verification, and which types of accounts should receive which type of verification
There are two well-recognized types of direct verification, positive and negative. When the positive method is used, the customer is asked to confirm whether or not the balance, as shown, is correct. When the negative method is used, a reply is not requested unless an exception is noted. The positive method is recommended for loan accounts and preferred for deposit accounts, but because of the high volume and cost factor in the latter, the negative method is often employed. It is suggested that at least large accounts, public accounts, dormant accounts and accounts with high and usual volumes of activity be positively verified.
The various points to consider when making recommendations and criticisms of Internal Routines and Controls
- The advantage and profitability of the suggestion to the bank should be stressed, not the advantage to the examiner.
- The suggestion or criticism must have substance and merit; criticisms that might be regarded as petty or reflect personal preference of the examiner will not be well-received.
- The recommendation or criticism should be discussed with operating management prior to bringing it to the attention of the board of directors. The record or procedure being criticized may have been devised by the banker who may have considerable pride in it and, conceivably, can offer a persuasive reason for its continuance.
- Recommending records or accounting forms supplied by a particular vendor is to be avoided. These decisions are within the purview of bank management, not examiners.
- It is possible to overdo criticisms. The goal of obtaining correction of major deficiencies, as opposed to listing a volume of relatively minor criticisms, is more desirable.
- The best results are achieved when criticisms are based on specific negative findings, rather than generalities, and accompanied by recommended remedial action consistent with the seriousness of the deficiencies and the bank’s capacity and needs. However, the relative importance of an individual control or lack thereof must be viewed in the context of the other offsetting control procedures that may be in place. When deficiencies are considered to be of sufficient importance, appropriate comments should be set forth in the examination report.
methods used to perpetrate fraud in various types of accounts and the various types of audit techniques
• Loans
Forged or fictitious notes; accommodation loans; loans to insider-related shell companies; embezzlement of principal and interest payments; failure to cancel paid notes; use of blank, signed notes; embezzlement of escrow and collection accounts; commissions and kickbacks on loans; fraudulent loans to cover cash items and overdrafts; and diverted recoveries of charged-off loans.
• Loan Collateral
Loans secured by phony collateral such as altered, stolen, or counterfeit securities; or certificates of deposit issued by illegitimate offshore banks; and brokered loans and link-financing arrangements where underlying collateral is not properly pledged or is prematurely released.
• Deposits
Unauthorized withdrawals from dormant accounts; fictitious charges to customer accounts; unauthorized overdrafts; payment of bank personnel checks against customer accounts or against fictitious accounts, manipulation of bookkeepers’ throw-out items, computer rejects or other items needed to reconcile deposit trial balances; unauthorized withdrawals from accounts where the employee is acting as an agent or in some other fiduciary capacity; withholding and destroying deposit tickets and checks; misappropriation of service charges; kiting; and manipulation of certificates of deposit, official checks, and money orders.
• Correspondent Bank Accounts
Lapping of cash letters; delayed remittance of cash letters; fictitious credits and debits; issuing of drafts without corresponding recordation on the bank’s books or credit to the account; overstatement of cash letters and return items; and false collection items.
• Tellers and Cash
Lapping deposits; theft of cash; excessive over and short activity; fraudulent checks drawn on customers’ accounts; fictitious cash items; manipulation of cash items; and intentional failure to report large currency transactions or suspicious activity.
• Income and Expense
Embezzlement of income; fraudulent rebates on loan interest; fictitious expense charges; overstated expense; and misapplication of credit life insurance premiums. and Bond Trading
