| |
Yes |
No |
N/A |
Comments |
General Responsibilities |
|
|
|
|
Does the board of directors or its audit committee: |
|
|
|
|
a. Review and approve audit strategies, policies, programs (including BSA compliance programs), and organizational structure? |
|
|
|
|
b. Review and approve selection or termination of external auditors and outsourced internal audit vendors? |
|
|
|
|
c. Meet regularly with internal and external auditors and outsourced internal audit vendors? |
|
|
|
|
d. Ensure that internal and external auditors and outsourced internal audit vendors are independent and objective? |
|
|
|
|
e. Ensure that comprehensive audit coverage is in place to meet risks and demands posed by current and planned activities? |
|
|
|
|
f. Have significant input into hiring senior internal audit personnel, setting their compensation, and evaluating their performance? |
|
|
|
|
g. Review and approve annual audit plans and schedules, and any changes thereto, for both internal and external audits? |
|
|
|
|
h. Retain internal and external auditors and outsourced vendors qualified to audit the activities in which the bank is engaged? |
|
|
|
|
i. Monitor and track significant control weaknesses and management’s progress toward corrective action? |
|
|
|
|
j. Meet with examiners at least once each supervisory cycle to discuss audit review findings? |
|
|
|
|
|
|
|
|
|
Is the committee responsible for risk management issues? If so, does it: |
|
|
|
|
a. Communicate risk management concerns to the full board? |
|
|
|
|
b. Ensure that risk management evaluation functions are independent? |
|
|
|
|
c. Review risk management reports and information? |
|
|
|
|
|
|
|
|
|
Audit Committee |
|
|
|
|
Does the bank have an audit committee? (Required for 12CFR363 or OCC-registered banks) |
|
|
|
|
|
|
|
|
|
Does the committee maintain minutes and other relevant records of their meetings and decisions? (Required for banks subject to 12CFR363) |
|
|
|
|
|
|
|
|
|
Has the committee adopted and the board approved a written charter for the audit committee? (Required for OCC-registered banks) |
|
|
|
|
|
|
|
|
|
If so, does the charter address: |
|
|
|
|
a. The committee’s responsibilities and how they carry out those responsibilities (including structure, processes, and membership requirements)? |
|
|
|
|
b. The committee’s review and discussion with IPAs of any relationships or services that may affect the IPA’s independence or objectivity? (SEC’s revised independence rule require OCC-registered bank audit committees to pre-approve all audit, review, attest, and non-prohibited non-audit services.) |
|
|
|
|
c. The IPA’s accountability to the board and committee, and the board/committee’s authority and responsibility to select, evaluate, and (where appropriate) replace the IPA? |
|
|
|
|
|
|
|
|
|
Are committee members independent of management? (Required for 12CFR363 and OCC-registered banks) |
|
|
|
|
|
|
|
|
|
Is the committee
a. Made up entirely of outside directors (Required for 12CFR363 and OCC-registered banks) or |
|
|
|
|
b. A majority of outside directors? |
|
|
|
|
|
|
|
|
|
Does the board of directors annually make a determination of committee member independence? (Required for 12CFR363 and OCC-registered banks) |
|
|
|
|
|
|
|
|
|
If so, does the board’s determination consider whether members: |
|
|
|
|
a. Are, or have been, an officer or employee of the bank or its affiliates? |
|
|
|
|
b. Serve or have served as the bank’s or its affiliates’ consultant, advisor, promoter, underwriter, legal counsel, or trustee? |
|
|
|
|
c. Are relatives of a bank’s or its affiliates’ officers or employees? |
|
|
|
|
d. Hold or control, or did not hold or control within the preceding year, either directly or indirectly, a financial interest of 10% or more in the bank or its affiliates? |
|
|
|
|
e. Have outstanding extensions of credit from the bank or its affiliates? |
|
|
|
|
f. Whether any committee member is a large customer of the bank? |
|
|
|
|
|
|
|
|
|
Are committee members: |
|
|
|
|
a. Financially literate? |
|
|
|
|
b. Do they have banking or related financial management expertise? (Required for banks subject to 12CFR363 and OCC registered banks) |
|
|
|
|
|
|
|
|
|
Does the committee have access to its own counsel at its own discretion and without prior approval of the board or management? (Required for banks subject to 12CFR363 and OCC registered banks) |
|
|
|
|
|
|
|
|
|
Does the committee perform all duties as determined by the board of directors, including reviewing, as applicable, with management and the IPA: (Required for 12CFR363 and OCC-registered banks) |
|
|
|
|
a. The scope of services required by the external audit (i.e., IPA’s responsibilities under GAAS)? |
|
|
|
|
b. The basis of Part 363 required reports? |
|
|
|
|
c. Significant accounting policies? |
|
|
|
|
d. Management judgments and accounting estimates? |
|
|
|
|
e. Audit adjustments and passed or waived adjustments? |
|
|
|
|
f. IPA’s judgment about the quality of the bank’s accounting principles? |
|
|
|
|
g. Other information in documents containing audited financial statements? |
|
|
|
|
h. Disagreements between the IPA and management? |
|
|
|
|
i. Assessments of internal control adequacy and resolution of identified material internal control weaknesses and reportable conditions? |
|
|
|
|
j. The institution’s compliance with laws and regulations? |
|
|
|
|
k. Consultations with other accountants? |
|
|
|
|
l. Major issues discussed with management prior to retention of the IPA? |
|
|
|
|
m. Difficulties encountered in performing the audit? |
|
|
|
|
|
|
|
|
|
Does the committee oversee the internal audit function? (Required for banks subject to 12CFR363) |
|
|
|
|
|
|
|
|
|
Does the committee discuss with management the selection and termination of the IPA? (Required for 12CFR363 and OCC-registered banks) |
|
|
|
|
|
|
|
|
|
Does the audit committee pre-approve all audit and permitted non-audit services provided by the IPA? (Required for OCC-registered banks) |
|
|
|
|
|
|
|
|
|
Does the committee on an annual basis: (Required for OCC-registered banks) |
|
|
|
|
a. Receive and review written disclosures from the IPA disclosing all relationships between the IPA and its related entities and the bank and its related entities that, in the IPA’s judgment, may reasonably bear on independence? |
|
|
|
|
b. Review the above letter to ensure that the IPA confirms they are independent of the bank? |
|
|
|
|
c. Discuss the IPA’s independence with the IPA? |
|
|
|
|
|
|
|
|
|
Does the committee recommend to the board of directors that the audited financial statements be included in the bank’s annual report? (Required for OCC-registered banks) |
|
|
|
|
|
|
|
|
|
Does the committee review the aggregate fees billed by the IPA for: (Required for OCC-registered banks) |
|
|
|
|
a. The annual financial statement audit? |
|
|
|
|
b. Other audit-related services? |
|
|
|
|
c. Tax services? |
|
|
|
|
d. All other products and services provided by the IPA for the most recent fiscal year? |
|
|
|
|
|
|
|
|
|
Does the committee review the hours spent on the bank’s financial audit by persons other than the IPA’s full-time permanent employees? (Required for OCC-registered banks) |
|
|
|
|
|
|
|
|
|
