Publications & Resources

November/December 2008
Focus: Directors Issues

Best Practices Checklists for the Audit Committee

By Len Filppu

The audit committee is the intersecting point of a bank’s internal audit, external audit, board of directors, management, and shareholders. While always a critical crossroads of corporate governance, accountability and checks and balances, Sarbanes-Oxley and heightened regulatory expectations have made the job of today’s audit committee tougher and trickier.

To help navigate safely and soundly through this more stringent regulatory environment, here are some compliance check-lists based on industry standards that can guide bank directors to understand, analyze and implement appropriate audit committee policies and procedures.

Remember, corporate governance is an ongoing journey, not a destination. There is always room for improvement, but it most important that banks strive to meet the spirit of Sarbanes-Oxley and corporate governance guidelines. Perfection may never be attained, but progress is achievable using step-by-step checklist .

Bank Director Responsibilities

Bank directors must understand their new responsibilities and adopt policies and procedures to assure immediate and continuing compliance.

Be honest
Be accountable for bank’s safe, sound and efficient operation
Monitor operations to ensure they are in compliance with laws and policies
Exercise independent judgment in evaluating management’s actions and competence
Consider the impact of actions on the bank, customers, employees and the community
Attend meetings, participate, attend training, and stay informed.

Audit Committee Purpose

The general purpose of the audit committee includes communicating to the bank’s board of directors its oversight duties relating to:

Quality and integrity of financial statements and financial reporting
Quality and integrity of internal control considerations
Independent auditor qualifications, independence, engagement and performance
Internal auditor qualifications and performance
Compliance with legal and regulatory requirements
Preparation of audit committee report(s)
Other duties specifically assigned by the board of directors.

Audit Committee Members

While individual bank charters may specify various requirements, these membership characteristics generally apply throughout the industry:

Charter should specify minimum number of members, their terms and qualifications (most audit committees include at least three members)
Audit committee members must be outside directors
Members should not be employees of the bank
Members should have no “material relationship” with the bank, either as a partner, shareholder, or officer of any organization that has a material relationship
Members should be knowledgeable of the bank’s affairs and the nature of auditing
At least one member must be “financially literate”
- In general, a financial expert has education and experience as a public accountant, auditor, financial officer, comptroller, accounting officer, and/or understands accounting principles and financial statement preparation and auditing.

Audit Committee Duties

While audit committee duties can vary from bank to bank, these are the key duties as described in the source material from the Bank Administration Institute’s Certified Bank Auditor Examination Review, Volume 3.

Review of external and internal auditor reports
Annual audit report on financial statements
Annual attest report on internal control procedures
Reports on reportable conditions, material weaknesses and regulatory investigations
Assure the rotation of the external auditor’s lead partner and the partner who reviews the audit (Sarbanes-Oxley Act requires rotation every five years)
Meet with management and external auditors to review quarterly financial statements
Review quarterly disclosures under Management’s Discussion & Analysis
Review press releases related to financial information
Arrange periodic meetings on a separate basis with management, internal auditors and external auditors
Discuss with internal and external auditors how they view management’s approach to monitoring and controlling financial risk
Review with internal and external auditors problems and corrective actions on the audits, particularly scope restrictions and any disagreements with management
Review all external auditor adjustments deemed “immaterial” by management
Establish policies for hiring employees of the external auditing firm
Ensure an independent reporting structure to the audit committee for the in-house or outsourced internal auditor.

Miscellaneous Audit Committee Standards and Actions

Again, individual bank charters specify different requirements, but the following characteristics generally apply throughout the industry:

Most audit committees meet at least four times per year
Each meeting should include a private session with the internal and external auditors without bank management present
Most audit committees utilize an annual risk assessment to develop the strategic internal audit plan
Ensure adequate resources are allocated to the internal audit function, regardless of whether it is in-house staffed or outsourced
Document the consideration of all audit reports and their respective responses
Maintain a corrective action log for reference at each meeting to monitor progress with audit and examination criticisms
Ensure the security of the bank’s Information Technology network
Promote cross institutional communication and support between the internal audit and the bank’s risk management functions.

Len Filppu is director of marketing communications for AuditOne LLC, a San Jose, Calif.-based independent internal audit firm specializing in banks and their service providers throughout the United States. Filppu and AuditOne can be reached at 408-980-8099 or www.audit-one.com.