ABC BANK Audit Plan Presentation to Audit Committee (Date)
-
Upload
adriel-curling -
Category
Documents
-
view
221 -
download
0
Transcript of ABC BANK Audit Plan Presentation to Audit Committee (Date)
ABC BANK Audit PlanPresentation to Audit Committee
(Date)
2Source: Protiviti KnowledgeLeader http: / / www.knowledgeleader.com
Table of Contents
Introduction of Internal and External Audit Teams
Audit Risk Assessment Process and Audit Plan
Summary Comparison of Audit Effort in Prior Year Versus Plan for the Current Year
Internal Audit Schedule
Sample Audit Committee Deliverable
Matrix for Evaluation of Audit Independence
3Source: Protiviti KnowledgeLeader http: / / www.knowledgeleader.com
Internal Audit Plan - Overview
The audit plan was developed using a risk based audit approach. Utilizing experience and understanding of the bank’s operations as well as industry knowledge, internal audit identified auditable areas, performed a risk assessment for each of these areas, and assigned each of these a risk rating of high, medium or low.
Internal audit considered the following factors, as well as knowledge of the bank, in determining the risk rating for each auditable area:• Discussions with bank management, which provided insight regarding issues and risks in the auditable areas• Potential impact that the auditable area may have on the financial position of the bank• Other environmental factors, such as past audit results, changes in personnel and operations, past and current
emphasis by regulators, and future business strategies
This risk assessment process will be performed on an ongoing (at least annually) basis to ensure changing risk factors, including losses, operational changes or turnover, are continually monitored.
A cycling approach to the internal audit plan was used, whereby high-risk areas are audited on an annual basis, and medium- to low-risk areas are audited over a 18- to 24-month cycle.
4Source: Protiviti KnowledgeLeader http: / / www.knowledgeleader.com
Medium Risks High Risks
Low Risks
HighLow
Lo
wH
igh
Sig
nific
ance
Likelihood of control/process issues
• Disaster Recovery• Commercial Lending• Finance• IT Applications• Community Reinvestment Act• Software Licensing• Logical Security/Security Admin.• IT Telecommunications• Operations Support• Small Business Lending• Local Area Network• Centralized Doc. Unit
• Treasury/Investments/ALM• Central Services• Internet Conn./Firewall• New Product Development• Real Estate Lending• Commercial Business Lending• SBA Center
• Branch Network• Loan Administration Dept.• Financial Products• Marketing/Promotions• Human Resources/Payroll• Credit Administration• Appraisal Department• Facilities
III
IIIIV
Risk Map - ABC Bank
5Source: Protiviti KnowledgeLeader http: / / www.knowledgeleader.com
Summary Audit Plan
Audit Area Risk Assessment Budgeted Hours
Treasury/Investments/ALM High X
Real Estate Lending High X
Central Services High X
Commercial Business Lending High X
SBA Center High X
New Product Development High X
Internet Connectivity/Firewall High X
Centralized Documentation Unit Medium X
Logical Security & Security Admin Medium X
Local Area Networks Medium X
IT Telecommunications Medium X
Disaster Recovery Planning Medium X
Software Licensing Medium X
Finance/Accounting/Accts Payable Medium X
Operations Support Medium X
Community Reinvestment Act Medium X
Branch Network Low X
Human Resources/Payroll Low X
Discretionary NA X
Planning, Admin & Reporting to AC NA X
Follow-Up on Prior Year Audit Plan NA X
Total Budgeted Audit Hours X
6Source: Protiviti KnowledgeLeader http: / / www.knowledgeleader.com
Summary Focus of Audit Effort During Prior and Current Years
1200
550
450 470
650
150 150 160
400
260
0 0
470
600
1589
300
100
650
200 200150
800
400
200
0
200
400
600
800
1000
1200
1400
1600
1800
Current Year
Prior YearHou
rs
7Source: Protiviti KnowledgeLeader http: / / www.knowledgeleader.com
Significant Changes in Audit Plan from Prior to Current Year
As is depicted on the preceding page, the following summarizes the most significant changes seen in the audit plan for this year versus last:
• Greater emphasis on lending activities, including centralized documentation unit, based on risk assessment process
• Significant re-allocation of time from branch network to centralized/back office operational activities based on our risk assessment process. For branch network, focus to be on high-risk activities, including branch losses, wire initiation, etc.
• Increased discretionary time for special projects
• Reduced administration time, as well as no allocation for training, vacation or sick leave
8Source: Protiviti KnowledgeLeader http: / / www.knowledgeleader.com
To be determined……
Jan Feb Mar April May June July Aug Sept Oct Nov Dec
To be determined……
4TH QUARTER1ST QUARTER 2ND QUARTER 3RD QUARTERDESCRIPTION
Branch 6Branch 7Branch 8
Business Processes/OperationsTreasury/Investments/ALM
Real Estate LendingCentral Services
Commercial Business LendingSBA Center
Human Resources/PayrollCentralized Documentation Unit
Finance/Accounting/Accounts PayableOperations Support
APPLICATION SYSTEMS
Community Reinvestment ActNew Product Development
Follow-Up on Significant IssuesDiscretionary
Information TechnologyGENERAL
Deposit ApplicationGeneral Ledger System
OTHERSpecial Management Request Projects
Follow-Up on Significant Issues
Logical Security & Security Admin.Local Area Networks
Internet Connectivity/FirewallDisaster Recovery Planning
Software Liscencing
Internal Audit Schedule
= Planned = In Process = Completed
9Source: Protiviti KnowledgeLeader http: / / www.knowledgeleader.com
Internal Audit Schedule (Contd.)
Jan Feb Mar April May June July Aug Sept Oct Nov Dec
To be determined……
DESCRIPTION 1ST QUARTER 2ND QUARTER 3RD QUARTER 4TH QUARTER
Information Technology
GENERAL
OTHER
Special Management Projects
Follow-Up on Significant Issues
Logical Security & Security Admin.
Local Area Networks
Internet Connectivity/Firewall
Disaster Recovery Planning
Software Licensing
IT Telecommunications
= Planned = In Process = Completed
10Source: Protiviti KnowledgeLeader http: / / www.knowledgeleader.com
Internal Audit Schedule - Regulatory Compliance
Federal/state regulations reviewed as part of the audit plan
As part of our review of the identified business processes and retail branches, internal audit will integrate compliance testing of the following regulations:
Internal audit will coordinate with ABC Bank’s compliance officer when determining the scope and degree of work to be performed for compliance-related issues.
OFAC HMDA BSAReg D Reg DD Reg E Reg X Reg Z CRA
Branch Network
Business Processes/Operations
DESCRIPTION
Real Estate Lending
Reg B Reg CC
Commercial Business Lending
SBA Center
Centralized Documentation Unit
Small Business Lending
Central Services
Community Reinvestment Act