290 likes | 308 Views
Creating, Managing & Evaluating the Internal Audit Function. W. Samuel Capuano Manager of Internal Audit Sunmark FCU 518-347-3156 scapuano@sunmarkfcu.org. Overview. Creating the IA Function Managing the IA Function Evaluating the CAE. Enclosures. ACUIA Internal Audit Shop Tools
E N D
Creating, Managing & Evaluating the Internal Audit Function W. Samuel Capuano Manager of Internal Audit Sunmark FCU 518-347-3156 scapuano@sunmarkfcu.org
Overview • Creating the IA Function • Managing the IA Function • Evaluating the CAE
Enclosures • ACUIA Internal Audit Shop Tools • Audit Charter
Creating the IA Function Does the CU need an IA Dept.? • NCUA SC Guide 6.01 • Large CU’s/complex operations • Benefits of IA to the CU • Making the argument
Creating the IA Function Who to hire? • NCUA SC Guide 6.05 • Sharing? • “Qualified Individual” • From within? • Other FI Auditor • External Auditor/Examiner
Creating the IA Function Candidate qualifications • NCUA SC Guide 6.05 • Academic credentials and/or technical training/proficiency • Commitment to CPE • Well developed communication skills • Independence
Creating the IA Function CAE on the Org Chart • Independence Issue • NCUA AIRES Q#1 • Direct report to SC • Free from BOD & Mgmt. undue influence
Creating the IA Function CAE on the Org Chart, cont’d • Functional report to SC • Dotted (administrative) line to? • Proper authority for CAE? • Under management’s thumb?
Creating the IA Function Audit Charter • 1st order of business • Document independence • Document reporting structure • Full, free, unrestricted access (to everything!) • Confidentiality!
Creating the IA Function Charter, cont’d • CEO notification • SC approval • BOD meeting • Both chairs’ signatures
Creating the IA Function Audit Plan • CAE meetings with EMT • Materiality determination
Creating the IA Function vvgg VS.
Creating the IA Function Audit Program Sources • ACUIA Interactive Audit Guide • NCUA AIRES Checklists • Subscription Services
Creating the IA Function Employee Relations • CU existed before • They may not like us • SC assistance
Creating the IA Function First Audit! • Prior CAE communication of process • Audit Report format • Grading system
Managing IA SC performing IA tasks? • Duplication of efforts • Transition out • SC’s decision
Managing IA SC Meetings • Frequency • (New?) Format • Who sets agenda
Managing IA SC Monitoring • CAE Goals • SC – CAE ongoing communication • Open lines of communication
Managing IA Reports to SC • IA Reports/Responses • System Reports • External Audits • Others?
Managing IA RFP’s • External Financial Statement Audits • System Vulnerability Assessments • Other outsourced • IA research • SC approval
Evaluating IA CAE Performance Evaluation • Whose responsibility • Management input? • Goals establishment • NCUA/External Audit IA comments
Evaluating IA Status Updates • Quarterly status of plan vs. actual • Action item status
Evaluating IA Audit Plan • Annual presentation to SC • SC approval • 4th quarter materiality assessment