§ 701.12 - Supervisory committee audits and verifications.  

(a) Definitions. As used in this chapter:

(1) Agreed-upon procedures engagement refers to the performance by an independent, licensed certified public accountant of an engagement in which the scope is limited to applying specified agreed-upon procedures to one or more specified elements, accounts or items of a financial statement. Such procedures are insufficient to express an opinion regarding either the financial statements taken as a whole, or the specified elements, accounts or items under examination.

(2) Compensated auditor refers to any accounting/auditing professional, excluding credit union employees, who is compensated for performing more than one compensated supervisory committee audit and/or verification of members’ accounts, or opinion audit, per calendar year.

(3) Financial statements refers to a presentation of financial data, including accompanying notes, derived from accounting records of the credit union, and intended to disclose a credit union's economic resources or obligations at a appoint in time, or the changes therein for a period of time, in conformity with GAAP or RAP, as defined herein. Each of the following is considered to be a financial statement: a balance sheet or statement of financial condition; statement of income or statement of operations; statement of undivided earnings; statement of cash flows; statement of changes in members’ equity; statement of assets and liabilities that does not include members’ equity accounts; statement of revenue and expenses; and statement of cash receipts and disbursements.

(4) GAAP is an acronym for “generally accepted accounting principles” which refers to the conventions, rules, and procedures which define accepted accounting practice. GAAP includes both broad general guidelines and detailed practices and procedures, provides a standard by which to measure financial statement presentations, and encompasses not only accounting principles and practices but also the methods of applying them.

(5) GAAS is an acronym for “generally accepted auditing standards” which refers to the standards approved and adopted by the American Institute of Certified Public Accountants which apply when an “independent, licensed certified public accountant” audits financial statements. Auditing standards differ from auditing procedures in that “procedures” address acts to be performed, whereas “standards” measure the quality of the performance of those acts and the objectives to be achieved by use of the procedures undertaken. In addition, auditing standards address the auditor's professional qualifications as well as the judgment exercised in performing the audit and in preparing the report of the audit. Copies of GAAS may be obtained from the AICPA, Order Department, Harborside Financial Center, 201 Plaza Three, Jersey City, NJ 07311-3881, telephone (800) TO-AICPA or (800) 862-4272.

(6) Independence and Independent means the impartiality necessary for the reliability of the compensated auditor's findings. Independence requires the exercise of fairness toward credit union officials, members, creditors and others who may rely upon the supervisory committee audit report.

(7) Internal controls refers to the process, established by the credit union's board of directors, officers and employees, designed to provide reasonable assurance of reliable financial reporting and safeguarding of assets against unauthorized acquisition, use, or disposition. A credit union's internal control structure consists of five components: control environment; risk assessment; control activities; information and communication; and monitoring. Reliable financial reporting refers to preparation of financial statements that “present fairly” the financial position of the credit union and results of its operations and its cash flows, in conformity with GAAP or RAP, as defined herein. Internal control over safeguarding of assets against unauthorized acquisition, use, or disposition refers to prevention or timely detection of transactions involving such unauthorized access, use, or disposition of assets which could result in a loss that is material to the financial statements.

(8) Licensed, certified public accountant refers to an accounting/auditing professional who has received a certificate and license from a duly-appointed state licensing authority to practice accounting/auditing, and is independent as defined herein.

(9) Opinion audit refers to an examination of the financial statements performed by an independent, licensed, certified public accountant in accordance with GAAS. The objective of an “opinion audit” is to express an opinion as to whether those financial statements of the credit union present fairly, in all material respects, the financial position and the results of its operations and its cash flows in conformity with GAAP or RAP, as defined herein.

(10) RAP is an acronym for “regulatory accounting practices” which refer to the conventions, rules, and procedures governing accepted accounting practices, other than GAAP, for credit unions and having the substantial support of either the NCUA or the applicable state credit union supervisor.

(11) Related party transactions refers to transactions among or between parties where one party controls or can significantly influence the management or operating policies of the other so as to prevent the other party from pursuing exclusively its own interests. Examples of related parties include: executive management, board members, supervisory committee members, credit committee members, and employees, and their families. Examples of “related party transactions” include: interest-free loans or loans at below market rates; sale of real estate significantly below appraised value; nonmonetary exchange of property; below market fees, and making of loans lacking scheduled terms for repayment.

(12) Reportable conditions refers to a matter coming to the attention of the independent, compensated auditor which, in his or her judgment, represents a significant deficiency in the design or operation of the internal control structure of the credit union, which could adversely affect its ability to record, process, summarize, and report financial data consistent with the representations of management in the financial statements.

(13) Specified elements, accounts or items of a financial statement refers to accounting information that is a part of, but significantly less than, a financial statement. These may be directly identified in a financial statement or notes thereto; or they may be derived from a financial statement by analysis, aggregation, summarization, or mathematical computation.

(14) Substantive testing refers to testing of details and analytical procedures to detect material misstatements in the account balance, transaction class, and disclosure components of financial statements.

(15) Supervisory committee refers to a supervisory committee as defined in Section 111(b) of the Federal Credit Union Act, 12 U.S.C. 1786(r). For some federally-insured state chartered credit unions, the “audit committee” designated by state statute or regulation is the equivalent of a supervisory committee.

(16) Supervisory committee audit refers to an examination of specified elements, accounts or items of the credit union's financial statement to the full extent required in this part. An opinion audit as defined herein exceeds the requirements of a “supervisory committee audit.”

(17) Working papers refers to the principal record, in any form, of the work performed by the auditor and/or supervisory committee to support its findings and/or conclusions concerning significant matters. Examples include the written record of procedures applied, tests performed, information obtained, and pertinent conclusions reached in the engagement, proprietary audit programs, analyses, memoranda, letters of confirmation and representation, abstracts of credit union documents, reviewer's notes, if retained, and schedules or commentaries prepared or obtained by the independent, compensated auditor.

(b) Supervisory committee responsibilities. (1) The supervisory committee is responsible for ensuring that:

(i) The financial condition of the credit union is accurately and fairly presented in the credit union's financial statements; and

(ii) The credit union's management practices and procedures are sufficient to safeguard members’ assets.

(2) To meet its responsibilities, the supervisory committee shall determine whether:

(i) Internal controls are established and effectively maintained to achieve the credit union's financial reporting objectives which must be sufficient to satisfy the requirements of the supervisory committee audit, verification of members’ accounts and its additional responsibilities;

(ii) The credit union's accounting records and financial reports are promptly prepared and accurately reflect operations and results;

(iii) The relevant plans, policies, and control procedures established by the board of directors are properly administered; and

(iv) Policies and control procedures are sufficient to safeguard against error, carelessness, conflict of interest, self-dealing and fraud.

(c) Supervisory committee audit. (1) A supervisory committee audit of each Federal credit union shall occur at least once every calendar year and shall cover the period elapsed since the last audit period. The supervisory committee audit shall be performed by the supervisory committee or its designated representative, as prescribed in paragraph (c)(5) of this section.

(2) Standards for Performing Supervisory Committee Audit. The supervisory committee audit procedures/testing must be performed in accordance with the following standards:

(i) The audit is to be performed by a person or persons having adequate technical training and proficiency as an auditor commensurate with the level of sophistication and complexity of the credit union under audit.

(ii) Reasonable care is to be exercised in the performance of the audit and the preparation of the report.

(iii) The work is to be adequately planned and assistants, if any, are to be properly supervised.

(iv) The person or persons performing the audit must attain a sufficient understanding of the internal control structure to plan the audit and to determine the nature, timing, and extent of tests to be performed.

(v) The person or persons performing the audit must, through inspection, observation, inquiry, and confirmation obtain sufficient evidence to afford a reasonable basis for the financial statement elements, accounts or items under audit.

(3) Scope of Supervisory Committee Audit. The scope of the supervisory committee audit shall consist of:

(i) Attaining an understanding of the internal control structure;

(ii) Assessing the level of control risk; and

(iii) Based on the level of control risk, determining the nature, timing, and extent of substantive testing necessary to confirm the assertions made by management regarding each of assets, liabilities, equity, income, and expenses for the following attributes:

(A) Existence or occurrence;

(B) Completeness;

(C) Valuation or allocation;

(D) Rights and obligations; and

(E) Presentation and disclosures.

(4) In addition to scope requirements set forth in paragraph (c)(3) of this section, an audit performed by an independent, compensated auditor which includes any of the following areas must, with respect to audit scope but not with respect to reporting, satisfy GAAS for expressing an opinion on the financial statements taken as a whole:

(i) Internal controls;

(ii) Cash;

(iii) Loans and interest thereon;

(iv) Investments and interest thereon;

(v) Shares and dividends and/or interest thereon;

(vi) Related party transactions; and

(vii) The reporting of identified errors and irregularities with regard to each of the items in paragraphs (c)(4) (i) through (vi) of this section.

(5)(i) The requirements of the annual supervisory committee audit may be satisfied by one of the following:

(A) An opinion audit of the credit union's financial statements performed by an independent, licensed, certified public accountant;

(B) An “agreed-upon procedures engagement” performed by an independent, licensed, certified public accountant, which by itself or in combination with procedures performed by the supervisory committee, fulfills the required scope of the supervisory committee audit;

(C) A supervisory committee audit performed by an independent, compensated auditor other than an independent, licensed, certified public accountant which by itself or in combination with procedures performed by the supervisory committee, fulfills the scope of a supervisory committee audit; or

(D) A supervisory committee audit by the supervisory committee or its designated, uncompensated representative.

(ii) In all cases, an independent, compensated auditor is required to contract directly with the supervisory committee for the audit engagement and to deliver its written reports directly to the supervisory committee.

(iii) For a supervisory committee audit performed by the supervisory committee or its designated, uncompensated representative, the supervisory committee shall prepare a written report of the supervisory committee audit.

(d) Engagement letter. (1) The engagement of an independent, compensated auditor to perform all or a portion of the scope of a supervisory committee audit shall be evidenced by an engagement letter. The engagement letter shall be signed by the compensated auditor and acknowledged therein by the supervisory committee prior to commencement of a supervisory committee audit. The engagement letter shall:

(i) Specify the terms, conditions, and objectives of engagement;

(ii) Identify the basis of accounting to be used, e.g., GAAP or RAP;

(iii) Include an appendix setting forth the procedures to be performed (if not an opinion audit);

(iv) Specify the rate of, or total, compensation to be paid for the audit;

(v) Provided that the audit shall, upon completion of the engagement, deliver to the supervisory committee:

(A) A written report of the supervisory committee audit; and

(B) Notice in writing, either within the report or communicated separately, of any internal control reportable conditions and/or irregularities or illegal acts which come to the auditor's attention during the normal course of the audit (i.e., no additional duty is imposed nor additional written communications beyond (A) is required if none of these is noted);

(vi) Specify a target date of delivery of the written reports;

(vii) Certify that NCUA staff or its designated representative will be provided unconditional access to the complete set of original working papers either at the credit union or at a mutually agreeable location, for purposes of inspection; and

(viii) Acknowledge that working papers shall be retained for a minimum of three years from the date of the written audit report.

(2) In the case of a supervisory committee audit engagement which addresses all of the financial statement elements, accounts or items and attributes prescribed in paragraphs (c)(3) and (c)(4) of this section, the engagement letter shall certify that the contracted scope of the audit satisfies the requirements of a complete supervisory committee audit.

(3) In the case of a supervisory committee audit engagement which excludes any financial statement elements, accounts or items and attributes prescribed in paragraphs (c)(3) and (c)(4) of this section, the engagement letter shall:

(i) Identify the elements, accounts or items and attributes excluded from the audit;

(ii) State that, because of the exclusion(s), the resulting audit will not, by itself, fulfill the scope of a supervisory committee audit; and

(iii) Caution that the supervisory committee will remain responsible for fulfilling the scope of a supervisory committee audit with respect to the excluded elements, accounts or items and attributes.

(e) Audit reports and working paper access. (1) Upon completion or receipt of the written supervisory committee audit reports, the supervisory committee shall provide the reports to the board of directors. The supervisory committee shall ensure that the independent, compensated audit and its reports comply with the terms of the engagement letter prescribed in this section. The supervisory committee shall, upon request, provide to the National Credit Union Administration a copy of the written reports received from the auditor.

(2) The supervisory committee shall be responsible for preparing and maintaining, or making available, a complete set of original working papers supporting each supervisory committee audit. The supervisory committee shall, upon request, provide NCUA staff unconditional access to such working papers either at the offices of the credit union or at a mutually agreeable location, for purposes of inspecting such working papers.

(f) Sanctions. (1) Failure of a supervisory committee and/or its independent compensated auditor to comply with the requirements of this section, or the terms of an engagement letter required by this section, is grounds for:

(i) The regional director to reject the supervisory committee audit;

(ii) The regional director to impose the remedies available in § 701.13, provided any of the conditions specified in § 701.13 is present; and

(iii) The NCUA to seek formal administrative sanctions against the supervisory committee and/or its independent, compensated auditor pursuant to section 206(r) of the Federal Credit Union Act, 12 U.S.C. 1786(r).

(2) In the case of a federally-insured state chartered credit union, NCUA shall provide the state regulator an opportunity to timely impose a remedy satisfactory to NCUA before seeking to impose a sanction permitted under (f)(1) of this section.

(g) Federal credit union compensated auditors, performing audits for supervisory committees, must be independent of the credit union's employees, members of the board of directors, supervisory and credit committees and/or the credit union's loan officers, and members of their immediate families. “Members of their immediate families” means a spouse, or a child, parent, grandchild, grandparent, brother or sister, or the spouse of any such individual.

(h)(1) The verification of members’ accounts shall be made using any of the following methods:

(i) A controlled verification of 100 percent of members’ share and loan accounts;

(ii) A sampling method that provides a random selection that is expected to be representative of the population from which the sample was selected, which will allow the auditor to test sufficient accounts in both number and scope to provide assurance that the General Ledger accounts are fairly stated in relation to the financial statements taken as a whole. When the auditor concludes that evidence provided by confirmations alone is not sufficient, additional procedures should be performed. That sampling procedure must provide each dollar in the population an equal chance of being selected;

(iii) Independent, licensed, certified public accountants are provided the additional option of sampling members’ accounts using nonstatistical sampling methods consistent with applicable generally accepted auditing standards, provided the sampling method provides a selection that allows the auditor to test sufficient accounts in both number and scope to provide assurance that the General Ledger accounts are fairly stated in relation to the financial statements taken as a whole. When the auditor concludes that evidence provided by confirmations alone is not sufficient, additional procedures should be performed. Independent, licensed, certified public accountants will be responsible for documenting their sampling procedures, and providing evidence to NCUA, if requested, that the method used is consistent with applicable generally accepted auditing standards.

(2) Records of those accounts verified will be maintained and will be retained until the next verification of members’ accounts is completed.