Date post: | 14-Dec-2015 |
Category: |
Documents |
Upload: | alondra-sturtevant |
View: | 214 times |
Download: | 0 times |
June 15, 20113:30 – 5:00 PM
Presented by:Catherine Bruder, CPA.CITP, CISA, CISM, CTGA
OPERATIONAL BRANCH AUDITS
Branch Audits – nothing has changed in 50 years!
Everything has changed! Survey
Operational Branch Auditing
© Doeren Mayhew 3
Select a branch Random, loss based, activity based, etc.
Gather Permanent File Branch organizational chart List of key personnel and duties List applicable policies and procedures List of forms and/or reports used by the
branch List of applicable laws and regulations
Planning
Policies and procedures Determine if the branch has current
documented policies and procedures for the CU
Determine if branch personnel are aware of the policies and procedures
Are the policies and procedures adequate?
Planning
Perform a risk assessment Identify risks
Cash and cash items ATM’s Money orders, cashier checks, travelers checks,
instant issue plastic cards Keys and combinations Safe deposit boxes Night depository Security Compliance
Risk Assessment
Conduct a walkthrough Interview key personnel
Do they understand the risk? Do they understand the policy?
Communicate with Finance Any outstanding concerns with the branch?
Communicate with Operations Inspect the premises
Doors and windows Video surveillance Insecure procedures
Risk Assessment
Branch basics Cash counts Policies & procedures Over and short reporting Branch limits Cashier’s checks, travelers checks, money orders Compliance postings Safe deposit boxes Security
Adjust the audit program to address the risks identified in the planning process
Audit Program
Document the branch operation in a narrative
Determine if the current operations reflect compliance with credit union policy and procedure
Identify key controls
Branch Processes
Cash Count – Surprise or No Surprise Control the cash – Vault cash, drawers,
ATM canisters and cash dispensers. Arrive prior to normal hours
Inspect compartments, drawers, etc. for unusual items.
Verify cash limits are maintained Obtain vault cash record and balancing
sheet
Cash Counts
Keep vault supervisor present throughout the count Inquire the number of cash compartments Count cash
Strapped cash and rolled coin Loose currency and change Bait money
Trace to schedule, schedule should be under dual control Watch for ‘stale dates’ on strap of bait money, change bait at
least monthly Compare totals and reconcile any differences Report differences immediately to the appropriate
supervisor
Cash Counts
Obtain teller over and short records for the last 6 -12 months
Determine if disciplinary action was taken
Look for patterns such as Short just before pay day or vacation Watch for large overs that correct
themselves
Over and Short
Dual control Observe the following vault
processes and compare to documented procedures Opening process Deposit and withdrawal procedures Access during business hours
“The Money Cart” Vault closing
Vault Security
Observe that teller cash is maintained under separate control of the one and only assigned teller
Observe that keys are maintained in the personal possession of the assigned teller at all times
Cash drawers are locked and the key removed Test whether a teller key will open any other teller
drawers (in the presence of the head teller) Ensure that teller cash is counted and securely
stored at the end of day
Cash Controls
Interview personnel regarding procedures for handling counterfeit currency
Secret Service – “Know Your Money”
Counterfeit Currency
http://www.secretservice.gov
Inventory stock is stored in a secure location under dual control Inventory of unissued stock by serial number
is maintained Physical inventory is performed at least
monthly Working stock controlled
Last issued inventory recorded Locked at night
Greater than $10k requires CTR
Cashier Checks, Money Orders, Travelers Checks
Observe access to the compartment is under dual control Register of bags/envelopes received is under dual control Register is adequately completed including
Account number Amount and number of all deposits Bag number Initials of two tellers
Controls over keys/combination Sample test deposits Ascertain that any bags held overnight containing valuable
are recorded and secured Sample night depository contracts
Signed and on file
Night Depository
Unrented boxes Sample test keys to ensure keys are maintained
under dual control Newly rented boxes
Sample boxes rented within the last 6 -12 months Member identification and contract is obtained Contract is signed and dated by member and
employee All blank lines in the contract are canceled in ink to
prevent adding unauthorized names Identification of the renter has been verified
Safe Deposit Boxes
Visits Register identifies employee that provided
access Member signature compared with the contract Proper identification is provided by the member Date and time is recorded Area is checked after the member leaves to
ensure no items or documents are left Delinquent boxes
Procedures are followed to ensure collection
Safe Deposit Boxes
Start-up or access cards are maintained under dual control
Cash and envelopes should be counted under dual control
Deposits should be verified to the audit tape, initialed and dated by both employees
ATM proving is periodically rotated Captured cards should be
destroyed under dual control
ATM
Cards are locked and stored under dual control – working and stock
Card stock logged and inventoried PIN encoding equipment is secured
During working hours and after
ATM Cards
Obtain the number of wire transfers, greater than $2,000 (or similar amount based upon risk tolerance) originated by branch
Wire transfer form is completed properly Fee was collected Transaction was processed from members
account Originator’s account number, name, address, etc. Recipient’s name, account number, financial
institution name and address, etc.
Wire Transfers
Interview VP of Lending Errors Low/high close rates
Determine delinquency and charge-offs by branch
Observe procedures Interview staff regarding policies and
procedures
Loan Documentation
Identify any exceptions noted in the BSA audit attributable to branch activity Modify audit program
Conduct a BSA assessment at the branch
Verify branch employees receive annual training
Bank Secrecy Act
Identify the number of Currency Transaction Reports (CTRs) filled by branch Determine the number of CTR errors for
each branch Ensure CTRs are stored appropriately
Identify the number of Suspicious Activity Reports (SARs) by branch Review wire transfers >$10k originated
at branch
CTRs and SARs
Inspect work areas Confidential, sensitive member
information User IDs or Passwords
Evaluate user access profile “Too few staff, I need more access” Segregation of duties
Social engineering Security awareness
Information Security
Ensure branch employees receive training Robbery and security BSA GLBA – Information Security Compliance Operational New procedures New products
Training
Combinations Vault, drawers, lockers, etc. Segregation
The same person shouldn’t control both combinations Combinations are changed at least once every 2
years even if the custodian has not changed Observe vault gate is kept closed (if
applicable) Control over gate key
Keys are kept under dual control Including the spares
Security
Video/DVR Checked daily to ensure
Proper coverage Time/date Clear picture/image
Maintained under management control Clean desk policy
Inspect working areas for sensitive or confidential information
Security
Observe opening procedures Inspection of premises Signal to other employees – all clear
Observe closing procedures All currency, negotiable instruments, valuables,
etc. are secured No unauthorized persons are present Doors and windows are secured Video/DVR is working Alarm is set
Conduct a physical security audit
Security
Evacuation Plans - Interview and verify that a written evacuation plan exists, containing: Designated emergency assembly area, with diagram Designated employee positions to act as evacuation
personnel Procedures for rapidly securing the institution's
facilities, assets, and records Telephone numbers to notify emergency-service
agencies. Emergency-notification telephone numbers for all
employees. Verify individuals demonstrate knowledge and
proficiency in emergency-activation procedures
Security
Verify initial disclosures are available to the members in the branch
Ensure the branch is providing Truth in Savings Act disclosures before opening the account
Expedited Funds Availability Act postings in the lobby NCUA posting Home Mortgage Disclosure Act Equal Housing Lender U.S. Patriot Act Inspect Labor Posting requirements
Federal (FMLA, EEO, ADA, OSHA, etc.) State
Compliance
Communicate with the branch manager
Validate initial findings and recommendation
Review the management responses and discuss with the manager
Communicate target dates for remediation
Reporting
Deposit accounts overdrawn for more than 30 days, including dollar amount and volume (number of accounts)
New accounts opened Fees waived Transactions per full-time equivalent (FTE) employee Statements mailed to branches Security alarm reports HR turnover ratio by branch Identify the number of member complaints by
branch
Other Metrics by Branch
Reassess audit program Rotate procedures
Document a rotation schedule for the next audit period
Document follow-up procedures
Audit Program
755 West Big Beaver Road Suite 2300
Troy, Michigan 48084
Thank You!
2603 Augusta DriveSuite 1100
Houston, Texas 77057
www.doeren.comCatherine Bruder, CPA.CITP, CISA, CISM, CTGA
Director, Financial Institutions GroupOffice: (248) 244-3295Cell : (248) 320-3434
Email : [email protected]
Services
38
Financial Institutions Group
Audit Mergers &
consolidations Information technology
assurance Vulnerability
assessments Penetration testing
Member business loan review
Commercial loan consulting
Internal audit co-sourcing
Loan loss & delinquency control systems
CUSO consulting Regulatory compliance
services