Creating Managing Evaluating the Internal Audit Function W
- Slides: 29
Creating, Managing & Evaluating the Internal Audit Function W. Samuel Capuano Manager of Internal Audit Sunmark FCU 518 -347 -3156 scapuano@sunmarkfcu. org 1
Overview �Creating the IA Function �Managing the IA Function �Evaluating the CAE 2
Enclosures �ACUIA Internal Audit Shop Tools �Audit Charter 3
Creating the IA Function Does the CU need an IA Dept. ? �NCUA SC Guide 6. 01 �Large CU’s/complex operations �Benefits of IA to the CU �Making the argument 4
Creating the IA Function Who to hire? �NCUA SC Guide 6. 05 �Sharing? �“Qualified Individual” �From within? �Other FI Auditor �External Auditor/Examiner 5
Creating the IA Function Candidate qualifications �NCUA SC Guide 6. 05 �Academic credentials and/or technical training/proficiency �Commitment to CPE �Well developed communication skills �Independence 6
Creating the IA Function CAE on the Org Chart �Independence Issue �NCUA AIRES Q#1 �Direct report to SC �Free from BOD & Mgmt. undue influence 7
Creating the IA Function CAE on the Org Chart, cont’d �Functional report to SC �Dotted (administrative) line to? �Proper authority for CAE? �Under management’s thumb? 8
Creating the IA Function Audit Charter � 1 st order of business �Document independence �Document reporting structure �Full, free, unrestricted access (to everything!) �Confidentiality! 9
Creating the IA Function 10
Creating the IA Function Charter, cont’d �CEO notification �SC approval �BOD meeting �Both chairs’ signatures 11
Creating the IA Function Audit Plan �CAE meetings with EMT �Materiality determination 12
Creating the IA Function vvgg VS. 13
Creating the IA Function Audit Program Sources �ACUIA Interactive Audit Guide �NCUA AIRES Checklists �Subscription Services 14
Creating the IA Function Employee Relations �CU existed before �They may not like us �SC assistance 15
Creating the IA Function 16
Creating the IA Function 17
Creating the IA Function First Audit! �Prior CAE communication of process �Audit Report format �Grading system 18
Managing IA 19
Managing IA SC performing IA tasks? �Duplication of efforts �Transition out �SC’s decision 20
Managing IA SC Meetings �Frequency �(New? ) Format �Who sets agenda 21
Managing IA SC Monitoring �CAE Goals �SC – CAE ongoing communication �Open lines of communication 22
Managing IA Reports to SC �IA Reports/Responses �System Reports �External Audits �Others? 23
Managing IA RFP’s �External Financial Statement Audits �System Vulnerability Assessments �Other outsourced �IA research �SC approval 24
Evaluating IA 25
Evaluating IA CAE Performance Evaluation �Whose responsibility �Management input? �Goals establishment �NCUA/External Audit IA comments 26
Evaluating IA Status Updates �Quarterly status of plan vs. actual �Action item status 27
Evaluating IA Audit Plan �Annual presentation to SC �SC approval � 4 th quarter materiality assessment 28
Questions 29