Presentation on theme: "ABC BANK Audit Plan Presentation to Audit Committee (Date)"— Presentation transcript:
1ABC BANK Audit Plan Presentation to Audit Committee (Date)
2Table of Contents Introduction of Internal and External Audit Teams Audit Risk Assessment Process and Audit PlanSummary Comparison of Audit Effort in Prior YearVersus Plan for the Current YearInternal Audit ScheduleSample Audit Committee DeliverableMatrix for Evaluation of Audit Independence
3Internal Audit Plan - Overview The audit plan was developed using a risk based audit approach. Utilizing experience and understanding of the bank’s operations as well as industry knowledge, internal audit identified auditable areas, performed a risk assessment for each of these areas, and assigned each of these a risk rating of high, medium or low.Internal audit considered the following factors, as well as knowledge of the bank, in determining the risk rating for each auditable area:Discussions with bank management, which provided insight regarding issues and risks in the auditable areasPotential impact that the auditable area may have on the financial position of the bankOther environmental factors, such as past audit results, changes in personnel and operations, past and current emphasis by regulators, and future business strategiesThis risk assessment process will be performed on an ongoing (at least annually) basis to ensure changing risk factors, including losses, operational changes or turnover, are continually monitored.A cycling approach to the internal audit plan was used, whereby high-risk areas are audited on an annual basis, and medium- to low-risk areas are audited over a 18- to 24-month cycle.
4Likelihood of control/process issues Risk Map - ABC BankMedium RisksHigh RisksLow RisksHighLowSignificanceLikelihood of control/process issuesDisaster RecoveryCommercial LendingFinanceIT ApplicationsCommunity Reinvestment ActSoftware LicensingLogical Security/Security Admin.IT TelecommunicationsOperations SupportSmall Business LendingLocal Area NetworkCentralized Doc. UnitTreasury/Investments/ALMCentral ServicesInternet Conn./FirewallNew Product DevelopmentReal Estate LendingCommercial Business LendingSBA CenterIIIBranch NetworkLoan Administration Dept.Financial ProductsMarketing/PromotionsHuman Resources/PayrollCredit AdministrationAppraisal DepartmentFacilitiesRisk assessment used to rank auditable areas by significance of risk, meaning, how much could the bank be affected if a control breakdown occurred in the area, and by likelihood, meaning, how likely is it that something could go wrong. Likelihood considers two components -- what is the inherent likelihood and what is the likelihood given the current environment at the Bank.Coverage of auditable areas will therefore include any areas denoted as high or medium risk, and certain of those areas considered low risk generally, although management has concerns about these areas. All high and medium are covered, and the two low covered are branches and human resources.IVIII
5Total Budgeted Audit Hours Summary Audit PlanAudit AreaRisk AssessmentBudgeted HoursTreasury/Investments/ALMHighXReal Estate LendingCentral ServicesCommercial Business LendingSBA CenterNew Product DevelopmentInternet Connectivity/FirewallCentralized Documentation UnitMediumLogical Security & Security AdminLocal Area NetworksIT TelecommunicationsDisaster Recovery PlanningSoftware LicensingFinance/Accounting/Accts PayableOperations SupportCommunity Reinvestment ActBranch NetworkLowHuman Resources/PayrollDiscretionaryNAPlanning, Admin & Reporting to ACFollow-Up on Prior Year Audit PlanTotal Budgeted Audit HoursKey issues/risks communicated during our discussions with management:Compliance risk, including Reg B -- inappropriate guarantees taken from spouses, Fair lending and CRA in SBLCOperational risks, related to consistency of procedures, issues with fraud, monitoring of suspense accounts, efficiencies between branch offices. Other branch network issues include turnover issues, strength of managementInformation technology risks -- web based activities,Human Resource risks -- loss of credit people in Commercial Business centersLending risks -- anticipated growth in SBA, accounting for related fee incomeNew product development -- regulatory aspects, internal communications, reporting mechanisms. Alliances with investment and trust servicesOur own assessments include the following:Central services as high risk because of wire activityTreasury/investments high risk because of nature of transactions conductedSBA center because of growth focus in the area and certain complexities of accounting in the areaLending in general because of marketplaceInternet connectivity -- security, firewall, customer information
6Summary Focus of Audit Effort During Prior and Current Years HoursThis is based on total plan hours of approximately 7,600 (3 staff plus Terry), of which 1,800 is non-chargeable hours (924 Admin for Nabors, approx. 320 for staff training, 100 unbudgeted, 120 sick, 200 special investigations). Therefore approximately 5,800 is chargeable hours. Inefficiencies spending 1600 hours on branches, versus 400 hours in our plan (diff of 1,200) gets to(5,800-1,200) 4,600. Our total plan hours are approximately 4,500.
7Significant Changes in Audit Plan from Prior to Current Year As is depicted on the preceding page, the following summarizes the most significant changes seen in the audit plan for this year versus last:Greater emphasis on lending activities, including centralized documentation unit, based on risk assessment processSignificant re-allocation of time from branch network to centralized/back office operational activities based on our risk assessment process. For branch network, focus to be on high-risk activities, including branch losses, wire initiation, etc.Increased discretionary time for special projectsReduced administration time, as well as no allocation for training, vacation or sick leave
8Internal Audit Schedule = Planned= In Process= Completed
9Internal Audit Schedule (Contd.) = Planned= In Process= Completed
10Internal Audit Schedule - Regulatory Compliance Federal/state regulations reviewed as part of the audit planAs part of our review of the identified business processes and retail branches, internal audit will integrate compliance testing of the following regulations:Internal audit will coordinate with ABC Bank’s compliance officer when determining the scope and degree of work to be performed for compliance-related issues.