Download presentation
Presentation is loading. Please wait.
Published byAlondra Sturtevant Modified over 9 years ago
1
June 15, 2011 3:30 – 5:00 PM Presented by: Catherine Bruder, CPA.CITP, CISA, CISM, CTGA O PERATIONAL B RANCH A UDITS
2
Overview Branch Audits Planning Risk Assessment Audit Program Security Compliance 2
3
Branch Audits – nothing has changed in 50 years! Everything has changed! Survey Operational Branch Auditing © Doeren Mayhew3
4
Select a branch Random, loss based, activity based, etc. Gather Permanent File Branch organizational chart List of key personnel and duties List applicable policies and procedures List of forms and/or reports used by the branch List of applicable laws and regulations Planning
5
Policies and procedures Determine if the branch has current documented policies and procedures for the CU Determine if branch personnel are aware of the policies and procedures Are the policies and procedures adequate? Planning
6
Perform a risk assessment Identify risks Cash and cash items ATM’s Money orders, cashier checks, travelers checks, instant issue plastic cards Keys and combinations Safe deposit boxes Night depository Security Compliance Risk Assessment
7
Conduct a walkthrough Interview key personnel Do they understand the risk? Do they understand the policy? Communicate with Finance Any outstanding concerns with the branch? Communicate with Operations Inspect the premises Doors and windows Video surveillance Insecure procedures Risk Assessment
8
Branch basics Cash counts Policies & procedures Over and short reporting Branch limits Cashier’s checks, travelers checks, money orders Compliance postings Safe deposit boxes Security Adjust the audit program to address the risks identified in the planning process Audit Program
9
Document the branch operation in a narrative Determine if the current operations reflect compliance with credit union policy and procedure Identify key controls Branch Processes
10
Cash Count – Surprise or No Surprise Control the cash – Vault cash, drawers, ATM canisters and cash dispensers. Arrive prior to normal hours Inspect compartments, drawers, etc. for unusual items. Verify cash limits are maintained Obtain vault cash record and balancing sheet Cash Counts
11
Keep vault supervisor present throughout the count Inquire the number of cash compartments Count cash Strapped cash and rolled coin Loose currency and change Bait money Trace to schedule, schedule should be under dual control Watch for ‘stale dates’ on strap of bait money, change bait at least monthly Compare totals and reconcile any differences Report differences immediately to the appropriate supervisor Cash Counts
12
Obtain teller over and short records for the last 6 -12 months Determine if disciplinary action was taken Look for patterns such as Short just before pay day or vacation Watch for large overs that correct themselves Over and Short
13
Dual control Observe the following vault processes and compare to documented procedures Opening process Deposit and withdrawal procedures Access during business hours “The Money Cart” Vault closing Vault Security
14
Observe that teller cash is maintained under separate control of the one and only assigned teller Observe that keys are maintained in the personal possession of the assigned teller at all times Cash drawers are locked and the key removed Test whether a teller key will open any other teller drawers (in the presence of the head teller) Ensure that teller cash is counted and securely stored at the end of day Cash Controls
15
Interview personnel regarding procedures for handling counterfeit currency Secret Service – “Know Your Money” Counterfeit Currency http://www.secretservice.gov
16
Inventory stock is stored in a secure location under dual control Inventory of unissued stock by serial number is maintained Physical inventory is performed at least monthly Working stock controlled Last issued inventory recorded Locked at night Greater than $10k requires CTR Cashier Checks, Money Orders, Travelers Checks
17
Observe access to the compartment is under dual control Register of bags/envelopes received is under dual control Register is adequately completed including Account number Amount and number of all deposits Bag number Initials of two tellers Controls over keys/combination Sample test deposits Ascertain that any bags held overnight containing valuable are recorded and secured Sample night depository contracts Signed and on file Night Depository
18
Unrented boxes Sample test keys to ensure keys are maintained under dual control Newly rented boxes Sample boxes rented within the last 6 -12 months Member identification and contract is obtained Contract is signed and dated by member and employee All blank lines in the contract are canceled in ink to prevent adding unauthorized names Identification of the renter has been verified Safe Deposit Boxes
19
Visits Register identifies employee that provided access Member signature compared with the contract Proper identification is provided by the member Date and time is recorded Area is checked after the member leaves to ensure no items or documents are left Delinquent boxes Procedures are followed to ensure collection Safe Deposit Boxes
20
Start-up or access cards are maintained under dual control Cash and envelopes should be counted under dual control Deposits should be verified to the audit tape, initialed and dated by both employees ATM proving is periodically rotated Captured cards should be destroyed under dual control ATM
21
Cards are locked and stored under dual control – working and stock Card stock logged and inventoried PIN encoding equipment is secured During working hours and after ATM Cards
22
Obtain the number of wire transfers, greater than $2,000 (or similar amount based upon risk tolerance) originated by branch Wire transfer form is completed properly Fee was collected Transaction was processed from members account Originator’s account number, name, address, etc. Recipient’s name, account number, financial institution name and address, etc. Wire Transfers
23
Interview VP of Lending Errors Low/high close rates Determine delinquency and charge-offs by branch Observe procedures Interview staff regarding policies and procedures Loan Documentation
24
Identify any exceptions noted in the BSA audit attributable to branch activity Modify audit program Conduct a BSA assessment at the branch Verify branch employees receive annual training Bank Secrecy Act
25
Identify the number of Currency Transaction Reports (CTRs) filled by branch Determine the number of CTR errors for each branch Ensure CTRs are stored appropriately Identify the number of Suspicious Activity Reports (SARs) by branch Review wire transfers >$10k originated at branch CTRs and SARs
26
Inspect work areas Confidential, sensitive member information User IDs or Passwords Evaluate user access profile “Too few staff, I need more access” Segregation of duties Social engineering Security awareness Information Security
27
Ensure branch employees receive training Robbery and security BSA GLBA – Information Security Compliance Operational New procedures New products Training
28
Combinations Vault, drawers, lockers, etc. Segregation The same person shouldn’t control both combinations Combinations are changed at least once every 2 years even if the custodian has not changed Observe vault gate is kept closed (if applicable) Control over gate key Keys are kept under dual control Including the spares Security
29
Video/DVR Checked daily to ensure Proper coverage Time/date Clear picture/image Maintained under management control Clean desk policy Inspect working areas for sensitive or confidential information Security
30
Observe opening procedures Inspection of premises Signal to other employees – all clear Observe closing procedures All currency, negotiable instruments, valuables, etc. are secured No unauthorized persons are present Doors and windows are secured Video/DVR is working Alarm is set Conduct a physical security audit Security
31
Evacuation Plans - Interview and verify that a written evacuation plan exists, containing: Designated emergency assembly area, with diagram Designated employee positions to act as evacuation personnel Procedures for rapidly securing the institution's facilities, assets, and records Telephone numbers to notify emergency-service agencies. Emergency-notification telephone numbers for all employees. Verify individuals demonstrate knowledge and proficiency in emergency-activation procedures Security
32
Verify initial disclosures are available to the members in the branch Ensure the branch is providing Truth in Savings Act disclosures before opening the account Expedited Funds Availability Act postings in the lobby NCUA posting Home Mortgage Disclosure Act Equal Housing Lender U.S. Patriot Act Inspect Labor Posting requirements Federal (FMLA, EEO, ADA, OSHA, etc.) State Compliance
33
Communicate with the branch manager Validate initial findings and recommendation Review the management responses and discuss with the manager Communicate target dates for remediation Reporting
34
Deposit accounts overdrawn for more than 30 days, including dollar amount and volume (number of accounts) New accounts opened Fees waived Transactions per full-time equivalent (FTE) employee Statements mailed to branches Security alarm reports HR turnover ratio by branch Identify the number of member complaints by branch Other Metrics by Branch
35
Reassess audit program Rotate procedures Document a rotation schedule for the next audit period Document follow-up procedures Audit Program
36
Q UESTIONS ? © Doeren Mayhew, 2011 36
37
755 West Big Beaver Road Suite 2300 Troy, Michigan 48084 Thank You! 2603 Augusta Drive Suite 1100 Houston, Texas 77057 www.doeren.com Catherine Bruder, CPA.CITP, CISA, CISM, CTGA Director, Financial Institutions Group Office: (248) 244-3295 Cell : (248) 320-3434 Email : bruder@doeren.com
38
Services 38 Financial Institutions Group Audit Mergers & consolidations Information technology assurance Vulnerability assessments Penetration testing Member business loan review Commercial loan consulting Internal audit co-sourcing Loan loss & delinquency control systems CUSO consulting Regulatory compliance services
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.