In an extension of supervision-by-risk, federal regulators issued new guidelines this week requiring top bank officials to supervise internal audits directly.
"The board of directors and senior managers of an institution are responsible for ensuring the system of internal controls operates effectively," the banking and thrift agencies wrote in a letter sent Tuesday to insured depositories. "Their responsibility cannot be delegated to others within the institution or to outside parties."
Internal audits should detect unauthorized and incomplete transactions, faulty financial reports, violations of law, and deviations from corporate policies, they said.
The board, without management present, also should meet periodically with the director of internal audit, the agencies said.
Hiring an accounting firm to do internal audits does not absolve directors and senior management of responsibility, the agencies said. Rather, a bank's top officials must research the firm's qualifications and monitor its work. Banks also should have a contingency plan in case the accounting firm quits.
Accounting firms that do internal audits may not also do the external audit of a company's financial records if they have helped design new products or given advice on the company's strategic plan.
Internal audits should be done by officials who do not report to business-line managers, the agencies said. Also, the director of internal audits should report directly to the board or its audit committee and should report problems immediately to this panel.
Examiners will monitor compliance with the guidelines, which were issued Tuesday by the Federal Reserve Board, the Office of the Comptroller of the Currency, the Federal Deposit Insurance Corp., and the Office of Thrift Supervision.