The annual audit, if conducted by a qualified, bank-experienced, and independent certified public accounting firm, can be one of the primary oversight tools of a financial institution's board. Properly executed, the external audit can be insightful and should provide a primary defense against financial and managerial problems.
Managing this function is the primary responsibility of the institution's audit committee, which has increased in importance with the enactment of the Federal Deposit Insurance Corporation Improvement Act.
The committee is responsible for reviewing other services that are provided by the audit firm to the institution, its affiliates, or principals. The audit committee should be comfortable that such services do not mitigate the independence of the firm or the auditor's judgment.
It may be appropriate to rotate the external audit firm periodically (say, every five years) to ensure a fresh look and maintain a high degree of independence.
This does not imply that the firm must forgo its other relationships with the institution. There are, however, some financial institutions that divide the audit work and the accounting work between firms in order to safeguard independence.
|Too Nice' Versus |Half Mean'
The committee should be sure that management and the board do not become to familiar, comfortable, or cozy with the auditors. It is far more desirable to have an external audit firm that is "about half mean" rather than one that is "too nice."
Through the interview process, the committee should determine that members of the auditing staff who will conduct the audit are competent, experienced financial institution auditing professionals.
The bank should not find itself in the position of training the audit staff each year. The partner-in-charge of the audit should have sufficient bank auditing experience and professionalism to analyze management capabilities, determine asset quality, and, when appropriate, question management decisions.
A final, key criterion is the consideration of professional fees. Price comparisons should only be made to determine that a firm's fees are reasonable compared to similarly experienced firms. One of the worst things an audit committee can do is choose based on price to the detriment of experience and quality.
In the past decade, many institutions received unqualified ("clean") opinions when, in fact, the institutions were in serious financial difficulty.
To Avoid Misunderstandings
After a firm has been selected, the audit committee should review and approve the engagement letter and review with the auditor the scope of the engagement, so each party understand the other's expectations and capabilities.
We have found this review to be of critical importance; too often there is a misunderstanding by financial institution directors of what should and should not be expected as an audit product.
The audit committee (or at least its chairman) should meet with the auditors during the course of the audit. Available committee members may want to sit in on any summary meeting between the external auditors and the management at the conclusion of the audit.
If significant deficiencies are cited by the audit firm at this meeting, management should address them immediately rather than wait until the final report is submitted to the board.
The committee may wish to conduct a preliminary review of those findings with the entire board at is next meeting. When the final report is received for the audit firm, the committee will review the report in detail.
Depending upon the engagement and the findings of the audit, a representative of the auditing firm may wish to meet with the entire board to present the report and the management letter.
Following the submission of the final report to the board, the audit committee should follow up on the recommendations stated in the management letter to determine that they have been implemented, or find out why if they have not.
The audit committee's role with the internal auditors is just as crucial. It must determine that the internal auditor is competent and independent. Open and unfettered lines of communication must be established between committee and auditor.
All members of the audit committee should be outside, unaffiliated directors. Members of management should not be members of the audit committee, even in a advisory or ex-officio capacity.
Regulators insist, and other board members should determine, that members of the audit committee are independent of management. For example: Audit committee members should not be relatives or close friends of senior management, particularly the institution's CEO.
Members of the audit committee should be financially knowledgeable; diverse backgrounds are preferable. Certainly an accounting, auditing, or examining background is a plus.
It would be difficult to over-emphasize the importance of the audit committee. In banking it is one of the top two committees, on a par with the loan committee. Its changing role will be defined by how the FDIC will be defined by how the FDIC Improvement Act regulations shake out.
Mr. Freibert is president and CEO of Professional Bank Services, Louisville, Ky. He founded the firm in 1978 after 10 years with the FDIC's division of bank supervision.