Highly Effective Supervisory Committees

Highly Effective  Supervisory Committees Highly Effective  Supervisory Committees - Start

2018-09-19 1K 1 0 0

Highly Effective Supervisory Committees - Description

Dean Rohne, CPA, CIA. Course Objectives. Function and Duties Overview. Governance Issues. Fraud/Risk Awareness. NCUA Examination Trend Awareness. Summary. 2. Function. The Supervisory Committee Must –. ID: 671798 Download Presentation

Download Presentation

Highly Effective Supervisory Committees




Download Presentation - The PPT/PDF document "Highly Effective Supervisory Committees" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.



Presentations text content in Highly Effective Supervisory Committees

Slide1

Highly Effective Supervisory Committees

Dean Rohne, CPA, CIA

Slide2

Course ObjectivesFunction and Duties Overview

Governance Issues

Fraud/Risk Awareness

NCUA Examination Trend AwarenessSummary

2

Slide3

Function

The Supervisory Committee Must –

Operate Within the Bylaws and Overview Credit Union Operations

:

The Board Establishes Strategic Direction, PolicyManagement Establishes Procedures, Controls & Quality Assessments

and SupervisionEmployees Interact with Members and Complete Day to Day OperationsInternal Audit and Supervisory Committee Evaluates the Process via External Audit

Slide4

Powers, Duties and Responsibilities

Regulatory

Sources – Supervisory Committee

The Federal Credit Union Act – Section 115,

The Federal Credit Union Act – Section 202,Credit Union By-Laws – Article IX,NCUA Rules and Regulations – Part 715

Slide5

NCUA Supervisory Committee Guide

Last Revised in 1999

On the Web at

www.ncua.gov/guidesmanuals/supervisory_comm/supervisory.pdf

The Guide is written for credit unions with non-complex structures and non-audit professionalsUse the Guide to gain an understanding of the credit union’s audit scope

Slide6

Duties and Responsibilities

Elect

a

chair and

secretaryConduct an annual audit and special audits as needed and report

results to the board or directorsConduct a verification of members’ accounts at

least once every two years

Hold regular meetings

at

least monthly

or

quarterly

Slide7

Duties and Responsibilities

Respond

to

member and NCUA inquiries

Report to the membership at the annual meeting

Overview internal audit effectivenessParticipate in and ensure Bank Secrecy Act (BSA) compliance

Slide8

Duties and Responsibilities

NCUA Rules and Regulation – Part 715.3 Specifics

:

To achieve

the primary objectives the Supervisory Committee must determine:Internal controls are established and effectively maintained sufficient to satisfy management objectives

Audits, verification of members’ accounts, are evaluated for financial reporting and disclosureAccounting records are timely and accurate

Strategic Plans

, policies and control objectives are properly

administered

Slide9

Duties and Responsibilities

Policies and controls are sufficient to safeguard against error, conflict of interest, self-dealing and

fraud

Ensure that the credit union adheres to the

filing requirements for reports filed with the NCUA (Form 5300)

To achieve its objectives the Supervisory Committee must determine: (Continued)

Slide10

Effectiveness

As the Supervisory Committee is a volunteer group with

limited time, resources and skills, it is dependent on them to –

Establish an Effective Audit

Effort Develop

Comprehensive Audit Plans and ProceduresEnsure IndependenceEmploy Qualified Audit

Professionals

Monitor

Corrective Measures

Slide11

The Annual Audit

Establish a

budget

with the board of directors

Select and engage an external auditor

Determine the scope of the audit Opinion

or Non-Opinion

Arrange the

timing

of

audit procedures

Review and

obtain

an

understanding

of the

audit findings

with the

auditor

Review the

audit findings

with

internal audit

,

management

and the

board

Follow up on

corrective procedures

Slide12

Internal Audit

Establish an Internal Audit

Charter

Determine Internal Audit Authority

Ensure IndependenceGather support for all Levels of the Credit Union

Determine Internal Audit ResponsibilitiesEstablish Lines of CommunicationAssess

Effectiveness

Slide13

BSA Requirements

Training Required for ALL – Staff and Officials

Policy requires board of director approval (board)

SAR Reporting required to the boardAnnual independent assessment of BSA program internal control effectiveness

Slide14

Credit Union Governance

Federal Credit Union Act

NCUA Rules and Regulations

Bylaws

Applicable Laws and RegulationsBoard of DirectorsBoard PoliciesSupervisory Committee

Management

Slide15

Good Governance RequiresDefined Roles for Board and Management

Compliance with NCUA Rules and Regulations

Active Risk Assessment and Communication

Effective AuditsManagement Integrity and Attestation

Performance Evaluation ProcessQualified and Attentive ParticipationPromoting Financial TransparencyFinancial Training (Now NCUA Mandated)

Slide16

Policies and Procedures

Document retention

Whistle-Blower protection

Conflict of interest

Dishonesty/Fraud policy statementDocument accounting policies and procedures

Slide17

Understanding Board Responsibilities

The Board is Ultimately Responsible for ensuring the Credit Union:

Is capably managed by capable CEO and staff

Operates using sound business practices for the good of the membership

Complies with all applicable laws and regulationsAchieves goals stated in strategic plan

Fulfills its purpose of making low-cost loans and encouraging thriftProvides adequate financial reserves to cover delinquent loans and other financial risksProtects against unauthorized or illegal acts through safe operating procedures

Slide18

Financial Transparency

Develop 1 page financial report

Produce timely and accurate reports

CEO and CFO should certify reports

Increase your financial knowledge

Review methods of recording financial transactions annually – do they appear appropriateAlways side on disclosing more than needed – don’t cover up bad results

Use your web-site to publish information

Slide19

Financial Statements

Provide meaningful data

Variances

Benchmarks

Incorporate non-financial (members, # served)

Provide monthly reports to:Department heads

Board or Oversight Committee

Provide details or explanation on high risk accounts

Have a process for asking questions - how are ?? resolved

Slide20

SARBANES OXLEY ACTPassed in 2002

Corporate Governance

Financial Disclosures

Auditor RelationshipsApplies to Publicly traded Co’s registered with the SEC – Does not directly apply to Credit Unions

Slide21

SARBANES OXLEY ACT (Continued)

SOA AND NCUA – LETTER 03-FCU-07, OCTOBER 2003

Credit Unions should address the points in 03-FCU-07 in their corporate governance policies

Slide22

SARBANES OXLEY ACT (Continued)

Require

Active Audit Committees

Financial Reporting Assurances (Sign-Offs)

Board ResponsibilitiesDisclosure of Corrections/MisstatementsDiscourage Related Party Transactions

Establish and Enforce a Code of EthicsInternal Control Reporting

Slide23

SOA - BEST PRACTICE Recommendations

Get

expertise on the Board and committees,

Renew ethics, fraud and conflict of interest policies regularly,

Establish whistle blower provisions, Establish charters for all committees,

Establish a governance policy (qualifications, responsibilities, access, continuing education)

Slide24

Other

Areas of Committee Overview

Document internal controls and test controls

Avoid employee loans (except in normal course of business)

Support compensation based on independent market data

Directors and Officers insuranceHire qualified and experienced individuals Do what fits your credit union – several small high impact improvements are better than an extensive plan that isn’t followed

Slide25

Internal Control

Under the COSO* Internal Control-Integrated Framework, a widely-used framework in the United States, internal control is broadly defined as:

A process, produced by a credit union’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories:

Effectiveness and efficiency of operations;

Reliability of financial reporting; Compliance with laws and regulations.

* Committee of Sponsoring Organizations of the Treadway Commission (COSO). COSO has established a common internal control model against which companies and organizations may assess their control systems.

Slide26

FINANCIAL INSTITUTION CHARACTERISTICS BY ASSET SIZE

Consideration

< $25 Million

$25 - $150 Million

$150

- $500 Million> $500 Million

Organizational

Profile

Personnel Resources

IT management

Knowledge of Resources

Segregation of Duties

“Hands On” CEO is responsible for system

, accounting, operations, and strategic planning.

Limited resources, knowledge, or time – will borrow ideas, policies, and practices from other entities

Outsourced IT functions for network admin and data processing support

Complete lack of segregation of duties due to staff limitations

Significant lack of compensating controls

Hands On” CEO

Controller/

accounting manager is typically the IT manager

Limited resources or knowledge-will tend to borrow ideas, policies or practices from other entities versus self creating

Varying lack of Segregation of duties due to staff limitations

Organization will have begun development of a middle management team

Varying lack of Compensating Controls

CEO functions as an “inquiry” only on the system / on review

Separate

IT Department staffed by generalists (1-2 people) with an emphasis on the Core Data Processing system.

Network functions may still be outsourced.

Implementation of intended security features at the network and data processing system

Will have a CFO – but that individual may not perform like a CFO

Middle Management positions may be staffed-ongoing training may be inadequate

Lack of depth of management team will create segregation of duties issues upon turnover of personnel

CEO functions as an “inquiry” only on the system / on review

Separate IT Department

Knowledgeable/Specialized

Resources by Network Administrator, Core System, Security Administration

Active Enforcement of intended security features at the network and data processing system

Dedicated CFO that is knowledgeable of job responsibilities and accountabilities

Middle management positions will be staffed and generally have access to appropriate ongoing training

Lack of depth of management team will create segregation of duties upon turnover of personnel.

Slide27

CONTRASTING CONTROL ENVIORNMENTS

Cash

Small credit unions

No segregation of duties

Teller activity should be balanced and posted daily.

Check signers are authorized by the BOD.Bank reconciliation is done by manager or someone else who acts as a teller or signs checks and records these transactions.Supervisors handle cash and generate transactions on the front line

Medium to Large Credit Unions

Some Segregation of Duties

Same

Same

Bank reconciliation may be done by someone who does not directly handle credit union funds or record them

Periodic surprise cash count and reviews of activities are made by supervisors.

Slide28

Officer and Director LiabilityInsured by D&O Policy

Reviewed Annually…Ask for copy!

Directors are indemnified when their actions are prudent and carried out in good faith and with reasonable care.

Slide29

Powers The Supervisory Committee Does Not Have

To

Interfere With Credit Union Operations

To Establish Policy and Procedures

To Become involved in Personnel MattersTo Act on Your Own Aside From the CommitteeTo Attend Board Meetings Uninvited

To Have a Paid Staff, Financial Officer, Board Chair or Credit Committee Member Participate on the Committee

Slide30

FRAUD

SAS 99 auditor’s responsibility for fraud detection

Auditors have a responsibility to plan and perform the audit to obtain

reasonable assurance

about whether the financial statements are free of material misstatement, whether caused by error or fraud

SAS 99 management’s responsibility with respect to fraud

Management continues to be responsible for designing and implementing company internal controls to prevent, deter, and detect fraud.

Slide31

FRAUD

Why Fraud Occurs:

Three conditions generally are present when fraud occurs:

Incentive/pressure

-- reason to commit fraud.

Opportunity -- absence of controls, ineffective controls, ability of management to override controls.

Rationalize/attitude

-- individual possesses a character or set of ethical values that allows them to commit fraud.

Slide32

EMBEZZLEMENT FORMULA

MOTIVE

+

OPPURTUNITY(The Control Environment)

+RATIONALIZATION=EMBEZZLEMENT

Slide33

How Fraud is Discovered

Slide34

FRAUD POLICY

Creating an Ethical Organization Culture

Setting the tone at the

top. KEY!!!

Looking at fraud occurrences over the years, this was a major factor.

Establishing

a code of conduct.

Creating a positive workplace environment.

Hiring and promoting ethical employees.

Providing ethics training.

Set policies to detect fraud.

Disciplining and prosecuting violators

.

Supervisory Committee oversight to ensure compliance with above.

Slide35

Risk Management

Risk Categories

Credit Risk

Interest Rate Risk

Liquidity Risk

Transaction (Operating or Fraud) RiskCompliance RiskStrategic RiskReputation Risk

Slide36

Risk Management

The Board of Director’s Role

Set policy

Authorize risk containment controls

Approve budget/funding for ongoing risk management

skills training or hiring

Participate in centralized oversight and monitoring

Participate in strategic and reputation risk management processes

Slide37

Risk ManagementThe Supervisory Committee’s Role

Determine that compliance is occurring by either:

Committee Overview

Internal Audit Review

Outside Contract ReviewHelping to prevent embarrassment or lawsuits

Slide38

Top 10 Reasons Directors get SUED!

Approving self-serving, improvident or excessive loans

Failing to comply with regulatory directives

Failing to supervise management properly

Failing to authorize and conduct periodic audits

Failing to assess internal control effectivenessAuthorizing improper payments or expensesImproperly maintaining and monitoring liquidity reserve requirements

Failing to attend meetings on regular basis

Extending too much investment in a limited area

Failing to exercise independent judgment

Slide39

What to Expect from NCUA Exams

NCUA has taken a lot of criticism by outside parties

Class action lawsuit by a group of credit unions as a result of the corporate losses and the overall effect to the share insurance fund and assessments. (ALCOA Tennessee FCU)

Office of Inspector General (OIG) of NCUA Reports (

www.ncua.gov.oig):OIG Capping Report on Material Loss Reviews

– November 23, 2010OIG Semiannual Report to Congress – September 30, 2010 & March 31, 2011

Slide40

Credit Union Failures: Lessons Learned

NCUA OIG Reports Reasons for Recent Failures:

Poor Strategic Planning and Decision Making

Inadequate Internal Controls and Policies

FraudLack of Follow-Up on Exceptions Noted in Outside ReportsOther Related Causes – Inadequate capital, excessive growth, concentration issues associated with deteriorating economicsAggressive underwriting decisions and practices

Weak oversight of third party vendors

Slide41

Current Examination TrendsSignificant increases in number of Documents of Resolutions (DOR)

Increase in length and bullet points in DOR

Increases in number of net-worth restoration plans NWRP – (pursuant to 702.206 Rules and Regulations “RR”)

Slide42

Future Exams Will Be “EVEN MORE”Risk Focused

Anything that potentially could cause risks will be reviewed

NCUA Letter 11-CU-03 addressed some of these areas

Credit Risk

– concerns with real estate values, loan delinquencies, and underwritingInterest Rate Risk

– as a result of increase in long term assets (New – R + R section 741.B)Concentration Risk – Do not put all your eggs in one basket

Slide43

Federal Examiners Will Be Looking For…..

Additional Items in these Areas:

Third Party Reporting

Updated Policies & Procedures

Internal Control TestingRegulatory Compliance

Slide44

Third Party Reporting

If your examiner has not asked before, expect them to ask for any and all outside reports that you have received. This effort is a result of OIG report findings.

Slide45

Third Party Reporting - NCUA Required

Expect them to ask for your:

Audit reports and Workpapers - RR Part 715

Verification of Members Accounts and Workpapers – RR Part 715

Third Party Validation of Assumptions on Asset Liability Models – RR Part 741 / Letter CU -03-11BSA Examination Reporting and Testing -RR Part 748.2SAS-70 Reports on Critical Vendors and How Client Control Considerations are being addressed by the Credit Union - RR Part 748

Investment Shock Reports - RR Parts 741 and 703Website Compliance Review – RR Part 740Disaster Recovery Tests – RR Part 748Red Flag Compliance Review - RR Part 717 Appendix J

Slide46

Third Party Reporting – Other Requirements

ACH, ATM-TG-3, and PCI Compliance Reports (even though they are not necessarily required to be filed with outside third parties)

ACH- Risk Assessment (new in 2010)

Market Value Analysis on Mortgage Loan Portfolio

FHA – Title II – Lender – Annual LAAS FilingAbandoned Property Reporting and any related state audit reports

Slide47

Third Party Reporting – Best PracticesPenetration Testing / Internal Vulnerability Assessment

Enterprise Risk Assessments

Business Impact Analysis

Information Security Risk ReviewAbandoned Property Reporting and any related state audit reports

VISA Instant Card Issue Self Audit Form

Slide48

Policies & Procedures

You will be asked to provide the following policies and how monitoring for compliance is performed in some of the following areas. A lot of these requests may be new.

Security Policies & Procedures – RR 748

Appraisal Policy (NCUA Guidelines 12-2-2010) – RR 722

Vendor Due Diligence Policy – RR 748

Loan Participation Policy – RR 701.22Allowance for Loan Loss Policy – to comply with new NCUA requirements (July 2011 Board Review Date) & FASB audit disclosure requirements. – RR 702

Slide49

Policies & Procedures

TDR and Loan Modification Policy – Letter 09-CU-19

Charge-Off Policy – RR 741.201 C 5

Identity Theft Detection Prevention Policy – RR 717 Appendix F-I

Member Business Loan Policy – Risk Policy - RR 723General Authority and Duties of Directors Policy – RR 701.4Ethics Policy – Article XIX Section 4 of by-laws / RR 703.17IRR Policy – RR 741.B

Slide50

Internal Control Testing

Other new requests that examiners are frequently asking to see or requesting that Credit Unions implement:

Quarterly Independent Review of Employees and Officials Accounts (Supervisory Committee review)

Loan Due Date Change Reporting Monitoring

Wire Transfer Control Testing

Documentation of Board Financial Literacy TrainingControl and Monitoring of Dormant Account ActivitySigned Fraud / Internet Use and Ethics Policy Statements (annual update)

Slide51

Credit Unions Face Compliance Tidal Wave

Consumer Financial Protection Bureau

will only increase this focus

Slide52

Regulatory Compliance RequirementsThat Examiners Will Be Looking For

Safe Act

Have mortgage loan originators properly registered in compliance with NCUA Safe Act Regulations?

Does the Credit Union have written policies and procedures that address requirements if they originate mortgage loans?

Slide53

Regulatory Compliance RequirementsThat Examiners Will Be Looking For (Continued)

Dodd-Frank Act

Change in rating agencies

Appraisals – compliance with new NCUA letter to Credit Unions –

December 2, 2010Debit Interchange Fees

Executive Compensation DisclosuresHome Mortgage Disclosure Act (HDMA) updated12 new data collection requirements

Slide54

The Safe Act and Dodd-Frank Act are just two of the many compliance areas coming into focus this year.

If you do not conduct a periodic compliance review, you could be quickly out of compliance and subject to fines and penalties.

Slide55

Supervisory Committee Responsibilities

How can the supervisory committee’s responsibilities best be met?

Participation on Committee by Individuals with Adequate Expertise

Significant individual contribution of timeHire and supervise internal auditor

Hire and manage external auditor

Slide56

BE AWARE OF AND RESPOND TO CREDIT UNION MARKET PLACE ISSUES

MARKET PLACE ISSUES

New services or Products

New Delivery Methods for Services and ProductsNew or Expanded Fields of Membership

Continual Expansion of Electronic Information SystemsChanging Regulatory Focus

Slide57

Understand National TrendsRelated to Audit Committees for Public Companies and the Public Company Accounting Oversight Board (PCAOB) as these trends could filter down.

Slide58

Slide59

Piling It On by Sarah Johnson

While it is rare to see companies give audit committees primary responsibility for overseeing their overall risks, a new Securities and Exchange Commission rule requiring companies to explain their board’s role in overseeing risk has prompted some companies “to delegate this role to the audit committee in order to avoid embarrassing disclosure that they didn't have a risk oversight in place” says Frederick Lipman, a partner at Blank Rome and president of the Association of Audit Committee Members.

This change doesn’t sit well with more-traditionally minded audit committee members, who believe oversight of enterprise risk management should rest with the full board. Some audit committee, for example, have been asked to weigh in on corporate pay practices, following new SEC rules asking for explicit discussion about the risks that compensation structures might incentivize.

Audit committees may, in fact, see their mandates increase even further, thanks to a proposed rule from the Public Accounting Oversight Board (PCAOB). In practice, corporate finance executives play a significant role in communications with the audit firm – a habit the new rule would curb. To emphasize independence and encourage a culture in which auditors answer to audit committees rather than management, the proposal would have auditors indicate whether two-way communication is occurring between them and the audit-committee members, and access how well management communicates accounting issues to audit-committee members.

This is from the October 2010 issue of CFO Magazine.

SARAH JOHNSON (SARAH

JOHNSON@CFO.COM

) IS A SENIOR EDITOR FOR REGULATION AT CFO.

Slide60

Questions?

Slide61

Dean Rohne, CPA, CIA Principal, LarsonAllen drohne@larsonallen.com800/657-4477

www.larsonallen.com/credituions


About DocSlides
DocSlides allows users to easily upload and share presentations, PDF documents, and images.Share your documents with the world , watch,share and upload any time you want. How can you benefit from using DocSlides? DocSlides consists documents from individuals and organizations on topics ranging from technology and business to travel, health, and education. Find and search for what interests you, and learn from people and more. You can also download DocSlides to read or reference later.