ACUIA Conference 6/14/20111 Internal Audit Process Credit Union Internal Auditing from the Ground Up from the Ground Up John Gallagher, Director Internal

ACUIA Conference 6/14/2011 1

Internal Audit ProcessInternal Audit ProcessCredit Union Internal AuditingCredit Union Internal Auditing

from the Ground Upfrom the Ground Up

John GallagherJohn Gallagher, , Director Internal Audit Director Internal Audit SEFCU (New York)SEFCU (New York)

Barry Lucas, Barry Lucas, Internal AuditorInternal Auditor Desco Desco FCU (Ohio)FCU (Ohio)

Pat RicheyPat Richey, , Director Internal AuditDirector Internal Audit Finance Center FCU (Indiana)Finance Center FCU (Indiana)


Serving Many MastersServing Many Masters

Internal Audit DefinitionInternal Audit Definition

Internal auditing is an independent, objectivInternal auditing is an independent, objective e assurance andassurance and consulting activity designed to consulting activity designed to add value and improve anadd value and improve an organization's organization's operations. It helps an organizationoperations. It helps an organization accomplish its objectives by bringing a accomplish its objectives by bringing a systematic,systematic,

disciplined approach to evaluate and improve disciplined approach to evaluate and improve thethe effectiveness of risk management, effectiveness of risk management, control, and governancecontrol, and governance processes.processes.



RoleRole

Independence and Objectivity

Reporting Structure

Assurance and Consulting Add Value and Improve Services Systematic and Disciplined

Board of Directors(13 members)

Supervisory Committee(4 Members)

Board Committees(ALCO, Governance, CEO Compensation)

President/CEO Internal Audit

Chief Administrative Officer

Chief Financial Officer

Chief Banking Officer

Chief

Marketing Officer

President Commercial

Services

Chief Technology

Officer

CUSOs

ORM

HR

AccountingFinance

Collections

Ops Support

Branch Network

Call Center

Marketing

e-Services

CRM

Commercial Lending

Business Accounts

IT

Facilities

Lending

SEFCU Organizational Chart

Members


Barb Hess Chief Administrative Officer

John Anderson EVP, Organizational Risk Management

Donna Chardeen Director of Regulatory Compliance and Fraud Mitigation

Chrisopher Duwe Director of Business Continuity, Safety, and Security

Kirsten LeBlanc Contracts Administrator

Jeffrey Bregenzer Commercial Loan Review Officer

John Gallagher Director of Internal Audit

Suzanne Alderman Fraud/Loss Mitigation

Christine Wheeler Compliance Analyst

Dennis Whiteford Internal Auditor

Rachael Martin Internal Auditor




ResponsibilitiesResponsibilities

o Internal Audit Charter

o Supervisory/Audit Committee Charter

o Audit Staff Structure

o Job Descriptions



Relationships and PoliticsRelationships and Politics

Management

Employees



RelationshipsRelationships

Supervisory & Audit CommitteesSupervisory & Audit Committees

Board of DirectorsBoard of Directors



RelationshipsRelationships

External AuditorsExternal Auditors

RegulatorsRegulators



QUESTIONS ?QUESTIONS ?


Performing Audit WorkWhere Do I Start?

Risk Assessment

Audit Universe

Models

Risk Priority


Performing Audit WorkWhere Do I Start?• Business/Audit Plan


Performing Audit WorkWhere Do I Start?• Audit Scheduling• Distractions

– Fraud Investigation– New Products / Services– Training / Vacations– Turn over


Performing Audit Work Objectives

- broad statements

- risks Scope

- who-

what-

when-

where


Performing Audit Work Audit Program

- written procedures- interview questions- collecting information- testing, sampling- analyzing- evaluation


Performing Audit Work Workpapers

- support findings- restricted access- retention- testing, sampling- analyzing- evaluation


Performing Audit Work

QUESTIONS ?


Communications and Follow Communications and Follow UpUp

Audit ReportsAudit ReportsManagement & Internal Audit need to agree Management & Internal Audit need to agree

up frontup front

•FindingsFindings

•RecommendationsRecommendations

•Report StructureReport Structure

•Who gets them?Who gets them?


Communications and Communications and Follow-UpFollow-Up

Follow-UpFollow-Up

• Follow-up AuditsFollow-up Audits

• Monitoring resultsMonitoring results

• Implementation of recommendationsImplementation of recommendations

If you do not do this – Nothing If you do not do this – Nothing

happens!happens!



Supervisory / Audit Committee Supervisory / Audit Committee MeetingsMeetings

•FrequencyFrequency

•StructureStructure

•AgendaAgenda




ACUIA Conference 6/14/2011ACUIA Conference 6/14/2011 2323

Tools and ResourcesTools and Resources

TechnologyTechnology

Paperless auditingPaperless auditing

Internet toolsInternet tools

Analytical review using audit Analytical review using audit

softwaresoftware



Credit Union Objectives- Operations- Financial Reporting- Compliance

Internal Control Components- Control Environment- Risk Assessment- Control Activities- Information and

Communication- Monitoring

Basic Internal Controls - COSO



Credit Union Objectives- Operations- Financial Reporting- Compliance

- Strategic

ERM Components- Internal Environment

- Objective Setting - Event Identification

- Risk Assessment- Risk Response

- Control Activities- Information and Communication- Monitoring

Enterprise Risk Mgmt - COSO



International Standards for the Professional Practice of Internal Auditing - Attribute Standards - Performance Standards - Quality Assurance Review



Control Self-AssessmentControl Self-Assessment

Management Buy InManagement Buy In Business ObjectivesBusiness Objectives Identify RisksIdentify Risks Gather Best PracticesGather Best Practices Provide DocumentsProvide Documents



ResourcesResources Professional Journals Professional Journals

- IIA, ACFE, ISACA- IIA, ACFE, ISACA

Professional StandardsProfessional Standards

- COBIT - COBIT

- GTAGs- GTAGs

Current Issues of Internal Auditing – GovernanceCurrent Issues of Internal Auditing – Governance

WebsitesWebsites

- Credit union industry, regulatory, professional- Credit union industry, regulatory, professional


Audit ProfessionalismAudit Professionalism

CertificationCertification

- CIA – - CIA – Common Body of KnowledgeCommon Body of Knowledge

- CFE- CFE

- CUCE, NCCO- CUCE, NCCO

- CISA- CISA

- CPA- CPA

- CFSA- CFSA



TrainingTraining

- Conferences / Seminars- Conferences / Seminars

- Local Chapters- Local Chapters

- Webinars / Teleseminars- Webinars / Teleseminars

- Compliance Schools- Compliance Schools



ACUIAACUIA Website Website Message ForumMessage Forum Membership DirectoryMembership Directory Audit GuideAudit Guide The Audit Report magazineThe Audit Report magazine Lending LibraryLending Library Conferences, seminarsConferences, seminars


