1 / 61

Highly Effective Supervisory Committees

Highly Effective Supervisory Committees. Dean Rohne, CPA, CIA. Course Objectives. Function and Duties Overview Governance Issues Fraud/Risk Awareness NCUA Examination Trend Awareness Summary. Function. The Supervisory Committee Must –

shania
Download Presentation

Highly Effective Supervisory Committees

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Highly Effective Supervisory Committees Dean Rohne, CPA, CIA

  2. Course Objectives • Function and Duties Overview • Governance Issues • Fraud/Risk Awareness • NCUA Examination Trend Awareness • Summary

  3. Function The Supervisory Committee Must – Operate Within the Bylaws and Overview Credit Union Operations: • The Board Establishes Strategic Direction, Policy • Management Establishes Procedures, Controls & Quality Assessments and Supervision • Employees Interact with Members and Complete Day to Day Operations • Internal Audit and Supervisory Committee Evaluates the Process via External Audit

  4. Powers, Duties and Responsibilities Regulatory Sources – Supervisory Committee • The Federal Credit Union Act – Section 115, • The Federal Credit Union Act – Section 202, • Credit Union By-Laws – Article IX, • NCUA Rules and Regulations – Part 715

  5. NCUA Supervisory Committee Guide • Last Revised in 1999 • On the Web at www.ncua.gov/guidesmanuals/supervisory_comm/supervisory.pdf • The Guide is written for credit unions with non-complex structures and non-audit professionals • Use the Guide to gain an understanding of the credit union’s audit scope

  6. Duties and Responsibilities • Elect a chair and secretary • Conduct an annual audit and special audits as needed and report results to the board or directors • Conduct a verification of members’ accounts at least once every two years • Hold regular meetings at least monthly or quarterly

  7. Duties and Responsibilities • Respond to member and NCUA inquiries • Report to the membership at the annual meeting • Overview internal audit effectiveness • Participate in and ensure Bank Secrecy Act (BSA) compliance

  8. Duties and Responsibilities NCUA Rules and Regulation – Part 715.3 Specifics: To achieve the primary objectives the Supervisory Committee must determine: • Internal controls are established and effectively maintained sufficient to satisfy management objectives • Audits, verification of members’ accounts, are evaluated for financial reporting and disclosure • Accounting records are timely and accurate • Strategic Plans, policies and control objectives are properly administered

  9. Duties and Responsibilities • Policies and controls are sufficient to safeguard against error, conflict of interest, self-dealing and fraud • Ensure that the credit union adheres to the filing requirements for reports filed with the NCUA (Form 5300) To achieve its objectives the Supervisory Committee must determine: (Continued)

  10. Effectiveness As the Supervisory Committee is a volunteer group with limited time, resources and skills, it is dependent on them to – • Establish an Effective Audit Effort • Develop Comprehensive Audit Plans and Procedures • Ensure Independence • Employ Qualified Audit Professionals • Monitor Corrective Measures

  11. The Annual Audit • Establish a budget with the board of directors • Select and engage an external auditor • Determine the scope of the auditOpinion or Non-Opinion • Arrange the timing of audit procedures • Review and obtain an understanding of the audit findings with the auditor • Review the audit findings with internal audit, management and the board • Follow up on corrective procedures

  12. Internal Audit • Establish an Internal Audit Charter • Determine Internal Audit Authority • Ensure Independence • Gather support for all Levels of the Credit Union • Determine Internal Audit Responsibilities • Establish Lines of Communication • Assess Effectiveness

  13. BSA Requirements • Training Required for ALL – Staff and Officials • Policy requires board of director approval (board) • SAR Reporting required to the board • Annual independent assessment of BSA program internal control effectiveness

  14. Credit Union Governance • Federal Credit Union Act • NCUA Rules and Regulations • Bylaws • Applicable Laws and Regulations • Board of Directors • Board Policies • Supervisory Committee • Management

  15. Good Governance Requires • Defined Roles for Board and Management • Compliance with NCUA Rules and Regulations • Active Risk Assessment and Communication • Effective Audits • Management Integrity and Attestation • Performance Evaluation Process • Qualified and Attentive Participation • Promoting Financial Transparency • Financial Training (Now NCUA Mandated)

  16. Policies and Procedures • Document retention • Whistle-Blower protection • Conflict of interest • Dishonesty/Fraud policy statement • Document accounting policies and procedures

  17. Understanding Board Responsibilities • The Board is Ultimately Responsible for ensuring the Credit Union: • Is capably managed by capable CEO and staff • Operates using sound business practices for the good of the membership • Complies with all applicable laws and regulations • Achieves goals stated in strategic plan • Fulfills its purpose of making low-cost loans and encouraging thrift • Provides adequate financial reserves to cover delinquent loans and other financial risks • Protects against unauthorized or illegal acts through safe operating procedures

  18. Financial Transparency • Develop 1 page financial report • Produce timely and accurate reports • CEO and CFO should certify reports • Increase your financial knowledge • Review methods of recording financial transactions annually – do they appear appropriate • Always side on disclosing more than needed – don’t cover up bad results • Use your web-site to publish information

  19. Financial Statements • Provide meaningful data • Variances • Benchmarks • Incorporate non-financial (members, # served) • Provide monthly reports to: • Department heads • Board or Oversight Committee • Provide details or explanation on high risk accounts • Have a process for asking questions - how are ?? resolved

  20. SARBANES OXLEY ACT • Passed in 2002 • Corporate Governance • Financial Disclosures • Auditor Relationships • Applies to Publicly traded Co’s registered with the SEC – Does not directly apply to Credit Unions

  21. SARBANES OXLEY ACT (Continued) • SOA AND NCUA – LETTER 03-FCU-07, OCTOBER 2003 • Credit Unions should address the points in 03-FCU-07 in their corporate governance policies

  22. SARBANES OXLEY ACT (Continued) • Require Active Audit Committees • Financial Reporting Assurances (Sign-Offs) • Board Responsibilities • Disclosure of Corrections/Misstatements • Discourage Related Party Transactions • Establish and Enforce a Code of Ethics • Internal Control Reporting

  23. SOA - BEST PRACTICE Recommendations • Get expertise on the Board and committees, • Renew ethics, fraud and conflict of interest policies regularly, • Establish whistle blower provisions, • Establish charters for all committees, • Establish a governance policy (qualifications, responsibilities, access, continuing education)

  24. Other Areas of Committee Overview • Document internal controls and test controls • Avoid employee loans (except in normal course of business) • Support compensation based on independent market data • Directors and Officers insurance • Hire qualified and experienced individuals • Do what fits your credit union – several small high impact improvements are better than an extensive plan that isn’t followed

  25. Internal Control • Under the COSO* Internal Control-Integrated Framework, a widely-used framework in the United States, internal control is broadly defined as: • A process, produced by a credit union’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: • Effectiveness and efficiency of operations; • Reliability of financial reporting; • Compliance with laws and regulations. * Committee of Sponsoring Organizations of the Treadway Commission (COSO). COSO has established a common internal control model against which companies and organizations may assess their control systems.

  26. FINANCIAL INSTITUTION CHARACTERISTICS BY ASSET SIZE

  27. CONTRASTING CONTROL ENVIORNMENTSCash Small credit unions No segregation of duties • Teller activity should be balanced and posted daily. • Check signers are authorized by the BOD. • Bank reconciliation is done by manager or someone else who acts as a teller or signs checks and records these transactions. • Supervisors handle cash and generate transactions on the front line Medium to Large Credit Unions Some Segregation of Duties • Same • Same • Bank reconciliation may be done by someone who does not directly handle credit union funds or record them • Periodic surprise cash count and reviews of activities are made by supervisors.

  28. Officer and Director Liability • Insured by D&O Policy • Reviewed Annually…Ask for copy! • Directors are indemnified when their actions are prudent and carried out in good faith and with reasonable care.

  29. Powers The Supervisory Committee Does Not Have • To Interfere With Credit Union Operations • To Establish Policy and Procedures • To Become involved in Personnel Matters • To Act on Your Own Aside From the Committee • To Attend Board Meetings Uninvited • To Have a Paid Staff, Financial Officer, Board Chair or Credit Committee Member Participate on the Committee

  30. FRAUD • SAS 99 auditor’s responsibility for fraud detection • Auditors have a responsibility to plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement, whether caused by error or fraud • SAS 99 management’s responsibility with respect to fraud • Management continues to be responsible for designing and implementing company internal controls to prevent, deter, and detect fraud.

  31. FRAUD Why Fraud Occurs: Three conditions generally are present when fraud occurs: • Incentive/pressure -- reason to commit fraud. • Opportunity -- absence of controls, ineffective controls, ability of management to override controls. • Rationalize/attitude -- individual possesses a character or set of ethical values that allows them to commit fraud.

  32. EMBEZZLEMENT FORMULA MOTIVE + OPPURTUNITY (The Control Environment) + RATIONALIZATION = EMBEZZLEMENT

  33. How Fraud is Discovered

  34. FRAUD POLICY Creating an Ethical Organization Culture • Setting the tone at the top. KEY!!! • Looking at fraud occurrences over the years, this was a major factor. • Establishing a code of conduct. • Creating a positive workplace environment. • Hiring and promoting ethical employees. • Providing ethics training. • Set policies to detect fraud. • Disciplining and prosecuting violators. • Supervisory Committee oversight to ensure compliance with above.

  35. Risk Management Risk Categories • Credit Risk • Interest Rate Risk • Liquidity Risk • Transaction (Operating or Fraud) Risk • Compliance Risk • Strategic Risk • Reputation Risk

  36. Risk Management The Board of Director’s Role • Set policy • Authorize risk containment controls • Approve budget/funding for ongoing risk management skills training or hiring • Participate in centralized oversight and monitoring • Participate in strategic and reputation risk management processes

  37. Risk Management The Supervisory Committee’s Role • Determine that compliance is occurring by either: • Committee Overview • Internal Audit Review • Outside Contract Review Helping to prevent embarrassment or lawsuits

  38. Top 10 Reasons Directors get SUED! • Approving self-serving, improvident or excessive loans • Failing to comply with regulatory directives • Failing to supervise management properly • Failing to authorize and conduct periodic audits • Failing to assess internal control effectiveness • Authorizing improper payments or expenses • Improperly maintaining and monitoring liquidity reserve requirements • Failing to attend meetings on regular basis • Extending too much investment in a limited area • Failing to exercise independent judgment

  39. What to Expect from NCUA Exams NCUA has taken a lot of criticism by outside parties • Class action lawsuit by a group of credit unions as a result of the corporate losses and the overall effect to the share insurance fund and assessments. (ALCOA Tennessee FCU) • Office of Inspector General (OIG) of NCUA Reports (www.ncua.gov.oig): • OIG Capping Report on Material Loss Reviews – November 23, 2010 • OIG Semiannual Report to Congress – September 30, 2010 & March 31, 2011

  40. Credit Union Failures: Lessons Learned • NCUA OIG Reports Reasons for Recent Failures: • Poor Strategic Planning and Decision Making • Inadequate Internal Controls and Policies • Fraud • Lack of Follow-Up on Exceptions Noted in Outside Reports • Other Related Causes – Inadequate capital, excessive growth, concentration issues associated with deteriorating economics • Aggressive underwriting decisions and practices • Weak oversight of third party vendors

  41. Current Examination Trends • Significant increases in number of Documents of Resolutions (DOR) • Increase in length and bullet points in DOR • Increases in number of net-worth restoration plans NWRP – (pursuant to 702.206 Rules and Regulations “RR”)

  42. Future Exams Will Be “EVEN MORE”Risk Focused Anything that potentially could cause risks will be reviewed • NCUA Letter 11-CU-03 addressed some of these areas • Credit Risk – concerns with real estate values, loan delinquencies, and underwriting • Interest Rate Risk – as a result of increase in long term assets (New – R + R section 741.B) • Concentration Risk – Do not put all your eggs in one basket

  43. Federal Examiners Will Be Looking For….. • Additional Items in these Areas: • Third Party Reporting • Updated Policies & Procedures • Internal Control Testing • Regulatory Compliance

  44. Third Party Reporting If your examiner has not asked before, expect them to ask for any and all outside reports that you have received. This effort is a result of OIG report findings.

  45. Third Party Reporting - NCUA Required Expect them to ask for your: • Audit reports and Workpapers - RR Part 715 • Verification of Members Accounts and Workpapers – RR Part 715 • Third Party Validation of Assumptions on Asset Liability Models – RR Part 741 / Letter CU -03-11 • BSA Examination Reporting and Testing -RR Part 748.2 • SAS-70 Reports on Critical Vendors and How Client Control Considerations are being addressed by the Credit Union - RR Part 748 • Investment Shock Reports - RR Parts 741 and 703 • Website Compliance Review – RR Part 740 • Disaster Recovery Tests – RR Part 748 • Red Flag Compliance Review - RR Part 717 Appendix J

  46. Third Party Reporting – Other Requirements • ACH, ATM-TG-3, and PCI Compliance Reports (even though they are not necessarily required to be filed with outside third parties) • ACH- Risk Assessment (new in 2010) • Market Value Analysis on Mortgage Loan Portfolio • FHA – Title II – Lender – Annual LAAS Filing • Abandoned Property Reporting and any related state audit reports

  47. Third Party Reporting – Best Practices • Penetration Testing / Internal Vulnerability Assessment • Enterprise Risk Assessments • Business Impact Analysis • Information Security Risk Review • Abandoned Property Reporting and any related state audit reports • VISA Instant Card Issue Self Audit Form

  48. Policies & Procedures You will be asked to provide the following policies and how monitoring for compliance is performed in some of the following areas. A lot of these requests may be new. • Security Policies & Procedures – RR 748 • Appraisal Policy (NCUA Guidelines 12-2-2010) – RR 722 • Vendor Due Diligence Policy – RR 748 • Loan Participation Policy – RR 701.22 • Allowance for Loan Loss Policy – to comply with new NCUA requirements (July 2011 Board Review Date) & FASB audit disclosure requirements. – RR 702

  49. Policies & Procedures • TDR and Loan Modification Policy – Letter 09-CU-19 • Charge-Off Policy – RR 741.201 C 5 • Identity Theft Detection Prevention Policy – RR 717 Appendix F-I • Member Business Loan Policy – Risk Policy - RR 723 • General Authority and Duties of Directors Policy – RR 701.4 • Ethics Policy – Article XIX Section 4 of by-laws / RR 703.17 • IRR Policy – RR 741.B

  50. Internal Control Testing Other new requests that examiners are frequently asking to see or requesting that Credit Unions implement: • Quarterly Independent Review of Employees and Officials Accounts (Supervisory Committee review) • Loan Due Date Change Reporting Monitoring • Wire Transfer Control Testing • Documentation of Board Financial Literacy Training • Control and Monitoring of Dormant Account Activity • Signed Fraud / Internet Use and Ethics Policy Statements (annual update)

More Related