A compliance audit is simply a comprehensive review of how your credit union adheres to regulatory requirements and related policies the board adopts.
The compliance audit program is an annual review with a defined scope that reviews policies, procedures, training materials, staffing, forms, and work samples. It concludes with a report of significant findings, conclusions, and recommendations.
The process certainly should include reporting back to the board or a designated committee.
A successful compliance audit program consists of four stages:
The planning stage is perhaps the most important as it creates the roadmap for the entire audit process. The schedule and coverage of the audit program depends on the fuzzy, yet often-used, phrase, “size and complexity” of your operation.
You must customize your program based on assets, products, and delivery methods. A detailed review of prior audits, examinations, and current risk assessment will assist you in determining the priority of your individual audits.
The audit scope should include previous audit and examination findings, requirements, new product channels, and self-identified high-risk areas.
Senior management must impress upon departments the importance of cooperation and timeliness. The staff member charged with conducting the audit needs to coordinate among all operational areas and present an item-request list to each audited area with sufficient time for review and production.
These information requests, including an “internal control questionnaire,” raise the awareness of the compliance function within the operational areas and ensure efficient use of everyone’s time. You develop specific audit procedures during the planning stage.
Numerous resources are available to help you develop individualized compliance audits. Take great care in creating or selecting a compliance audit module to ensure you accurately address all essential elements of the area audited.
2. The audit
Your compliance audit toolkit will include the audit plan, compliance review sheet, internal control questionnaire, findings report, resolution tracking report, and a “request for extension and/or audit comment” worksheet.
With audit procedures and other requested information in hand, your designated auditor will begin to conduct the compliance audit.
The audit will consist of two primary functions: observation and testing. You must develop an adequate sampling procedure to ensure sufficient testing of particular requirements.
Staff involved on “both sides of the audit” should remember the importance of maintaining effective communication throughout the process to ensure reliable audit conclusions.
Next: Audit Report