1 / 38

Operational Branch Audits

Operational Branch Audits. June 15, 2011 3:30 – 5:00 PM. Presented by: Catherine Bruder, CPA.CITP, CISA, CISM, CTGA. Overview. Branch Audits Planning Risk Assessment Audit Program Security Compliance. Operational Branch Auditing. Branch Audits – nothing has changed in 50 years!

loan
Download Presentation

Operational Branch Audits

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Operational Branch Audits June 15, 2011 3:30 – 5:00 PM Presented by: Catherine Bruder, CPA.CITP, CISA, CISM, CTGA

  2. Overview • Branch Audits • Planning • Risk Assessment • Audit Program • Security • Compliance

  3. Operational Branch Auditing • Branch Audits – nothing has changed in 50 years! • Everything has changed! • Survey

  4. Planning • Select a branch • Random, loss based, activity based, etc. • Gather Permanent File • Branch organizational chart • List of key personnel and duties • List applicable policies and procedures • List of forms and/or reports used by the branch • List of applicable laws and regulations

  5. Planning • Policies and procedures • Determine if the branch has current documented policies and procedures for the CU • Determine if branch personnel are aware of the policies and procedures • Are the policies and procedures adequate?

  6. Risk Assessment • Perform a risk assessment • Identify risks • Cash and cash items • ATM’s • Money orders, cashier checks, travelers checks, instant issue plastic cards • Keys and combinations • Safe deposit boxes • Night depository • Security • Compliance

  7. Risk Assessment • Conduct a walkthrough • Interview key personnel • Do they understand the risk? • Do they understand the policy? • Communicate with Finance • Any outstanding concerns with the branch? • Communicate with Operations • Inspect the premises • Doors and windows • Video surveillance • Insecure procedures

  8. Audit Program • Branch basics • Cash counts • Policies & procedures • Over and short reporting • Branch limits • Cashier’s checks, travelers checks, money orders • Compliance postings • Safe deposit boxes • Security • Adjust the audit program to address the risks identified in the planning process

  9. Branch Processes • Document the branch operation in a narrative • Determine if the current operations reflect compliance with credit union policy and procedure • Identify key controls

  10. Cash Counts • Cash Count – Surprise or No Surprise • Control the cash – Vault cash, drawers, ATM canisters and cash dispensers. • Arrive prior to normal hours • Inspect compartments, drawers, etc. for unusual items. • Verify cash limits are maintained • Obtain vault cash record and balancing sheet

  11. Cash Counts • Keep vault supervisor present throughout the count • Inquire the number of cash compartments • Count cash • Strapped cash and rolled coin • Loose currency and change • Bait money • Trace to schedule, schedule should be under dual control • Watch for ‘stale dates’ on strap of bait money, change bait at least monthly • Compare totals and reconcile any differences • Report differences immediately to the appropriate supervisor

  12. Over and Short • Obtain teller over and short records for the last 6 -12 months • Determine if disciplinary action was taken • Look for patterns such as • Short just before pay day or vacation • Watch for large overs that correct themselves

  13. Vault Security • Dual control • Observe the following vault processes and compare to documented procedures • Opening process • Deposit and withdrawal procedures • Access during business hours • “The Money Cart” • Vault closing

  14. Cash Controls • Observe that teller cash is maintained under separate control of the one and only assigned teller • Observe that keys are maintained in the personal possession of the assigned teller at all times • Cash drawers are locked and the key removed • Test whether a teller key will open any other teller drawers (in the presence of the head teller) • Ensure that teller cash is counted and securely stored at the end of day

  15. Counterfeit Currency • Interview personnel regarding procedures for handling counterfeit currency • Secret Service – “Know Your Money” http://www.secretservice.gov

  16. Cashier Checks, Money Orders, Travelers Checks • Inventory stock is stored in a secure location under dual control • Inventory of unissued stock by serial number is maintained • Physical inventory is performed at least monthly • Working stock controlled • Last issued inventory recorded • Locked at night • Greater than $10k requires CTR

  17. Night Depository • Observe access to the compartment is under dual control • Register of bags/envelopes received is under dual control • Register is adequately completed including • Account number • Amount and number of all deposits • Bag number • Initials of two tellers • Controls over keys/combination • Sample test deposits • Ascertain that any bags held overnight containing valuable are recorded and secured • Sample night depository contracts • Signed and on file

  18. Safe Deposit Boxes • Unrented boxes • Sample test keys to ensure keys are maintained under dual control • Newly rented boxes • Sample boxes rented within the last 6 -12 months • Member identification and contract is obtained • Contract is signed and dated by member and employee • All blank lines in the contract are canceled in ink to prevent adding unauthorized names • Identification of the renter has been verified

  19. Safe Deposit Boxes • Visits • Register identifies employee that provided access • Member signature compared with the contract • Proper identification is provided by the member • Date and time is recorded • Area is checked after the member leaves to ensure no items or documents are left • Delinquent boxes • Procedures are followed to ensure collection

  20. ATM • Start-up or access cards are maintained under dual control • Cash and envelopes should be counted under dual control • Deposits should be verified to the audit tape, initialed and dated by both employees • ATM proving is periodically rotated • Captured cards should be destroyed under dual control

  21. ATM Cards • Cards are locked and stored under dual control – working and stock • Card stock logged and inventoried • PIN encoding equipment is secured • During working hours and after

  22. Wire Transfers • Obtain the number of wire transfers, greater than $2,000 (or similar amount based upon risk tolerance) originated by branch • Wire transfer form is completed properly • Fee was collected • Transaction was processed from members account • Originator’s account number, name, address, etc. • Recipient’s name, account number, financial institution name and address, etc.

  23. Loan Documentation • Interview VP of Lending • Errors • Low/high close rates • Determine delinquency and charge-offs by branch • Observe procedures • Interview staff regarding policies and procedures

  24. Bank Secrecy Act • Identify any exceptions noted in the BSA audit attributable to branch activity • Modify audit program • Conduct a BSA assessment at the branch • Verify branch employees receive annual training

  25. CTRs and SARs • Identify the number of Currency Transaction Reports (CTRs) filled by branch • Determine the number of CTR errors for each branch • Ensure CTRs are stored appropriately • Identify the number of Suspicious Activity Reports (SARs) by branch • Review wire transfers >$10k originated at branch

  26. Information Security • Inspect work areas • Confidential, sensitive member information • User IDs or Passwords • Evaluate user access profile • “Too few staff, I need more access” • Segregation of duties • Social engineering • Security awareness

  27. Training • Ensure branch employees receive training • Robbery and security • BSA • GLBA – Information Security • Compliance • Operational • New procedures • New products

  28. Security • Combinations • Vault, drawers, lockers, etc. • Segregation • The same person shouldn’t control both combinations • Combinations are changed at least once every 2 years even if the custodian has not changed • Observe vault gate is kept closed (if applicable) • Control over gate key • Keys are kept under dual control • Including the spares

  29. Security • Video/DVR • Checked daily to ensure • Proper coverage • Time/date • Clear picture/image • Maintained under management control • Clean desk policy • Inspect working areas for sensitive or confidential information

  30. Security • Observe opening procedures • Inspection of premises • Signal to other employees – all clear • Observe closing procedures • All currency, negotiable instruments, valuables, etc. are secured • No unauthorized persons are present • Doors and windows are secured • Video/DVR is working • Alarm is set • Conduct a physical security audit

  31. Security • Evacuation Plans - Interview and verify that a written evacuation plan exists, containing: • Designated emergency assembly area, with diagram • Designated employee positions to act as evacuation personnel • Procedures for rapidly securing the institution's facilities, assets, and records • Telephone numbers to notify emergency-service agencies. • Emergency-notification telephone numbers for all employees. • Verify individuals demonstrate knowledge and proficiency in emergency-activation procedures

  32. Compliance • Verify initial disclosures are available to the members in the branch • Ensure the branch is providing Truth in Savings Act disclosures before opening the account • Expedited Funds Availability Act postings in the lobby • NCUA posting • Home Mortgage Disclosure Act • Equal Housing Lender • U.S. Patriot Act • Inspect Labor Posting requirements • Federal (FMLA, EEO, ADA, OSHA, etc.) • State

  33. Reporting • Communicate with the branch manager • Validate initial findings and recommendation • Review the management responses and discuss with the manager • Communicate target dates for remediation

  34. Other Metrics by Branch • Deposit accounts overdrawn for more than 30 days, including dollar amount and volume (number of accounts) • New accounts opened • Fees waived • Transactions per full-time equivalent (FTE) employee • Statements mailed to branches • Security alarm reports • HR turnover ratio by branch • Identify the number of member complaints by branch

  35. Audit Program • Reassess audit program • Rotate procedures • Document a rotation schedule for the next audit period • Document follow-up procedures

  36. Questions?

  37. Thank You! 755 West Big Beaver Road Suite 2300 Troy, Michigan 48084 Catherine Bruder, CPA.CITP, CISA, CISM, CTGA Director, Financial Institutions Group Office: (248) 244-3295 Cell : (248) 320-3434 Email : bruder@doeren.com www.doeren.com 2603 Augusta Drive Suite 1100 Houston, Texas 77057

  38. Financial Institutions Group Services • Audit • Mergers & consolidations • Information technology assurance • Vulnerability assessments • Penetration testing • Member business loan review • Commercial loan consulting • Internal audit co-sourcing • Loan loss & delinquency control systems • CUSO consulting • Regulatory compliance services

More Related