[Federal Register Volume 60, Number 212 (Thursday, November 2, 1995)]
[Proposed Rules]
[Pages 55663-55668]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 95-27045]
�========================================================================
�Proposed Rules
� Federal Register
�________________________________________________________________________
�
�This section of the FEDERAL REGISTER contains notices to the public of
�the proposed issuance of rules and regulations. The purpose of these
�notices is to give interested persons an opportunity to participate in
�the rule making prior to the adoption of the final rules.
�
�========================================================================
�
��Federal Register / Vol. 60, No. 212 / Thursday, November 2, 1995 /
Proposed Rules��
[[Page 55663]]
NATIONAL CREDIT UNION ADMINISTRATION
12 CFR Part 701
Supervisory Committee Audits and Verifications
AGENCY: National Credit Union Administration (NCUA).
ACTION: Proposed rule.
------------------------------------------------------------------------
---
SUMMARY: The National Credit Union Administration (NCUA) is proposing
to amend its regulations governing credit union supervisory committee
audits and verifications. The NCUA Board is proposing to amend the
regulations to clarify existing audit scope; expand audit scope and
reporting requirements in certain areas; clarify existing working paper
access requirements and strengthen administrative remedies for denial
of access; require a comprehensive engagement letter setting forth
minimum contracting terms and conditions; and add relevant definitions
of accounting/auditing terms used throughout the regulation.
DATES: Comments must be received on or before January 2, 1996.
ADDRESSES: Send comments to Becky Baker, Secretary of the Board,
National Credit Union Administration Board, 1775 Duke Street,
Alexandria, VA 22314-3428.
FOR FURTHER INFORMATION CONTACT: Karen Kelbly, Accounting Officer,
Office of Examination and Insurance (703) 518-6360, or Michael McKenna,
Attorney, Office of General Counsel (703) 518-6540, at the above
address.
SUPPLEMENTARY INFORMATION:
Background
On March 25, 1993, the NCUA Board issued for public comment a
proposed amendment to the ``then'' supervisory committee audit and
verification requirements. Two hundred two comment letters were
received over a 60-day comment period which ended June 7, 1993. Thirty-
one commenters gave their full support of the amendment as written;
fifty-three commenters offered mixed support; and one hundred eighteen
commenters opposed the amendment.
In their final amendment, the NCUA Board changed the regulations
governing supervisory committee audits and verification to: (1) Add a
nonstatistical sampling option for independent, licensed, certified
public accountants in the verification of members' accounts consistent
with applicable generally accepted auditing standards (GAAS); and (2)
change applicable sections of the ``then'' regulation to more properly
reflect accounting/auditing terms of art without otherwise changing the
intent of the regulation. Dropped from consideration in the final
amendment were the proposed amendments to require independent annual
audits (opinion audits) for federally insured credit unions with assets
exceeding $50 million, and to require that the supervisory committee
and/or its auditors provide NCUA the option to photocopy working papers
supporting the audit.
Since July 1993 when Sec. 701.12 was last amended, NCUA has had
continued concerns about the scope of the supervisory committee audit.
Many of these concerns are outlined in specific detail below. Rather
than again proposing an amendment for an opinion audit requirement,
which many commenters soundly rejected in their comment letters on the
last proposed amendment, the Board wishes to solicit views on a
proposed revision to the current regulation which expands audit scope
without requiring an opinion audit. This proposal is an opportunity to
consider a middle ground approach, with the goal of building a
consensus that both the regulated and the regulator would find
agreeable.
Currently, Sec. 701.12, 12 C.F.R. 701.12, sets forth the
supervisory committee's responsibility in meeting the audit and
verification requirements of section 115 of the Federal Credit Union
Act, 12 U.S.C. 1761d. A supervisory committee audit is required at
least once every calendar year covering the period since the last
audit. The scope of the audit must be sufficient, at a minimum, to test
the federal credit union's assets, liabilities, equity, income, and
expenses for existence, proper cut off, valuations, ownership,
disclosures and classification, and internal controls (current
Sec. 701.12(b)). A written report on the audit must be made to the
board of directors and, if requested, NCUA (current Sec. 701.12(c)).
Working papers must be maintained and made available to NCUA (current
Sec. 701.12(c)). Independence requirements must be met (current
Sec. 701.12(d)); standards governing verifications--100 percent
verification or statistical sampling--are set forth (current
Sec. 701.12(e)). Section 741.2 makes these requirements applicable to
federally insured state-chartered credit unions.
The proposed regulation will address practical enforcement problems
in the existing regulation, some of which have arisen through the
examination process as a matter of course and others of which have
arisen in litigation and in negotiating settlements. The proposed
changes in audit scope represent increased requirements which the Board
believes have grown out of necessity. The scope changes are more
specific and are aimed at eliminating vagueness regarding the audit
scope required, in certain targeted risk areas, to meet the provisions
of this regulation. The vagueness of audit scope has been the subject
of complaints from both the regulated and the regulator/insurer.
The majority of added requirements are not applicable to credit
unions which do not employ a compensated auditor. If the supervisory
committee or an uncompensated designated representative will be
performing the supervisory committee audit as described in
Sec. 701.12(4)(iv), the following portions of the proposed regulation
do not apply to the supervisory committee audit: Sec. 701.12(c)(3)
[increased scope requirements in designated areas];
Sec. 701.12(4)(i)(A)-(C) [opinion audits and agreed-upon-procedures in
relation to compensated auditors]; and Sec. 701.12(d) [engagement
letter requirements].
Proposed Regulation
Added to the first part of proposed Sec. 701.12(a) is a set of
definitions for terms used in the regulation. Many of these terms,
while familiar to accounting/auditing professionals, may be less well
known to supervisory committee volunteers. For example, the definition
of ``audit'' is intended to closely follow the language in AICPA,
Professional Standards, volume 1, AU
[[Page 55664]]
section 110.01; the definition of ``independence'' is intended to be
consistent with Rule 101 of the AICPA Code of Professional Conduct; the
definition of ``related party transactions'' is intended to be
consistent with FASB Statement No. 57; and the definition of ``internal
control reportable conditions'' is intended to be consistent with
Statement of Auditing Standard (SAS) No. 60, Communication of Internal
Control Structure Related Matters Noted in an Audit (AICPA,
Professional Standards, volume 1, AU section 325).
Additionally, as concerns ``independence,'' the auditor must be
intellectually honest and be recognized as independent, i.e., free from
any material obligation to or interest in the credit union or its
officials. The independent auditor must enjoy the confidence of the
general public. Such confidence may be compromised by evidence that
independence is lacking, or by the existence of circumstances which
reasonable people might believe likely to influence independence. The
definition of ``related party transactions'' uses as examples of senior
management the chief executive officer (CEO), president, treasurer/
manager, assistant CEO, and the chief financial officer (Comptroller)
of a credit union, and their families, etc. However, this is not
intended to be an all inclusive list of related parties.
The proposed definitions rely on accepted supplemental references,
e.g., a reference for the definition of ``generally accepted accounting
principles'' is SAS No. 69, The Meaning of ``Present Fairly in
Conformity With Generally Accepted Accounting Principles'' in the
Independent Auditor's Report which establishes a GAAP hierarchy (GAAP
serves to provide a standard by which to measure financial statement
presentations); a reference for the definition of ``internal controls''
is Internal Control--Integrated Framework, published by the Committee
of Sponsoring Organizations of the Treadway Commission; and a reference
for the definition of ``illegal acts'' is SAS No. 54, Illegal Acts By
Clients, (AICPA, Professional Standards, volume 1 AU section 317). The
definitions section was added to elucidate terms used in the
regulation. The NCUA Board seeks comments as to whether the definitions
clarify the regulation. The NCUA Board also is interested to learn of
any additional terms which should be defined in the regulation.
Subsections 701.12(b)(1), (b)(2), and (c)(1), (c)(2) of the
proposed regulation represent a reordering of the existing regulatory
provisions with minor changes in language which are intended not to
change, but to clarify, the existing regulation's meaning or
provisions. However, the supervisory committee is expected to conduct
such further tests and reviews as may, in the committee's judgment, be
necessary to meet its responsibilities. Additionally, the changes
incorporate in part enhancements suggested by the American Institute of
Certified Public Accountants, Credit Unions Committee (``the AICPA
Committee''). The AICPA Committee reviewed the proposed regulation for
technical accuracy of usage of accounting/auditing technical terms and
concepts. NCUA is grateful to the AICPA Committee for its advice during
the drafting of the proposed regulation.
The audit scope changes added to Sec. 701.12(c)(3) expand the
required audit scope when a supervisory committee employs the services
of a compensated auditor. The additional requirements are not intended
to discourage a credit union from hiring a compensated auditor, but are
intended to achieve a more definitive audit scope in targeted areas,
which experience indicates are of higher risk in credit unions. The
AICPA audit guide, Audits of Credit Unions, prepared by the AICPA
Credit Unions Committee, is a proper reference for the auditor in
making judgments, based on the facts and circumstances of the
engagement, as to what procedures to perform to obtain sufficient,
competent evidential matter to afford a reasonable basis for
conclusions regarding the financial statements under audit. The NCUA
Board believes the expanded scope will provide those credit unions
having the resources to employ a compensated auditor with an enhanced
audit product that meets the applicable GAAS requirements of an opinion
audit in the following areas: internal controls; cash; loans and
interest thereon; investments and interest thereon; shares and
dividends and/or interest thereon; related party transactions; and the
detection and reporting of errors and irregularities. NCUA believes
this increased scope requirement not only will give the credit union a
greater return on the dollars invested in the audit, but will result in
a more useful audit report for the examiner, whether regulator or
insurer.
The more definitive audit scope is designed to address and to
reduce confusion which occurs when the supervisory committee and the
compensated auditor agree that the audit engagement will consist of
less than the full scope of a supervisory committee audit as prescribed
in 701.12 (b) and (c). Experience indicates that supervisory committees
often do not realize that, due to the compensated auditor's exclusion
of scope provisions (e.g., evaluation of the reasonableness of the
allowance for loan losses, evaluation of securities held, adequacy of
loan collateral, etc.), the final audit product is not a complete
supervisory committee audit. Nor do supervisory committees realize that
in such instances they remain responsible for performing the additional
audit work needed to ``fill the gaps'' and produce a complete
supervisory committee audit. The NCUA Board believes that vagueness in
the existing audit scope provision may have contributed to the
confusion, and that a more definitive audit scope will end the finger
pointing between supervisory committees and compensated auditors as to
who is responsible for the audit scope components excluded from the
audit engagement.
To further reduce confusion about responsibility for required scope
components that are excluded from the audit engagement, the NCUA Board
has added a requirement in Sec. 701.12 (d)(2) and (d)(3) for the
engagement letter between the supervisory committee and the compensated
auditor to address audit scope either by (1) certifying that the
compensated auditor is to complete the full scope of a supervisory
committee audit or, alternatively (2) specifying what prescribed
financial statement elements and/or attributes will be excluded from
the engagement, and expressly cautioning the supervisory committee that
it is responsible for fulfilling the scope of the supervisory committee
audit with respect to the excluded elements and attributes.
The additions to Sec. 701.12(c)(4) of the proposed regulation set
forth how the requirements of this part may be satisfied. The
revisions, like those discussed above, represent minor changes in
language which are not intended to change the existing regulation's
meaning or provisions. Instead, the revisions incorporate technical
improvements suggested by the AICPA Committee. The additional
requirement that the compensated auditors contract for the audit
engagement only with the supervisory committee and return the written
audit report(s) to the supervisory committee clarifies requirements
contained in the current regulation.
The NCUA Board had considered including a requirement in the
proposed regulation's audit scope for certain credit unions to have an
ongoing internal audit function in the form of
[[Page 55665]]
either an internal auditor or an internal audit department. Such a
function would benefit the credit union, the regulator, and the
insurer. Internal auditors would neither take the place nor diminish
the role of the supervisory committee in any way. Ideally, the internal
auditor would be hired by, receive instructions from, and report to,
the supervisory committee. The work of the internal auditor would
supplement the mandated role and responsibilities of the supervisory
committee. Although the NCUA Board has decided against requiring credit
unions to employ an internal auditor, it encourages credit unions that
have the resources, to consider the benefits of employing an internal
auditor (e.g., testing of the effectiveness of internal controls on an
interim and/or on-going basis; routine and on-going testing for
material errors and omissions, and irregularities and illegal acts;
continuous testing of the electronic data processing system for
reliance thereon; and improving economy and efficiency). Internal
auditors can play an important role in maintaining strong operational
and financial management controls. The NCUA Board invites comments as
to whether it should reconsider mandating an internal audit function
and, if so, whether such a requirement should be imposed on all or only
some credit unions, and on what basis., i.e., according to asset size,
complexity of services, etc.
The NCUA Board is inclined to add requirements in Sec. 701.12(d)
for credit unions which employ compensated auditors to memorialize the
terms and conditions of the engagement in a comprehensive engagement
letter, which constitutes an enforceable contract between the
compensated auditor and the supervisory committee. The proposed
regulation sets forth the minimum requirement of an audit engagement to
be addressed in such a letter. The majority of items required are
fairly consistent with standard items included in engagement letters as
used in current practice: terms and objectives of engagement; nature
and limitations; identification of the basis of accounting to be used;
identification of areas excluded from the scope; and an appendix
setting forth the procedures to be performed (if not an opinion audit).
Other requirements were added to ensure access by NCUA to a complete
set of original working papers and delivery of the required report(s)
to the supervisory committee within a reasonable period of time. The
NCUA Board seeks comment on any additional areas which should be
addressed in the engagement letter memorializing the terms and
conditions of the audit engagement.
Additional reporting requirements have been added in
Sec. 701.12(e)(1). Along with the existing requirement for a written
audit report is a requirement for two additional written reports where
applicable--a written report of internal control exceptions or
reportable conditions noted, if any, and a written report of
irregularities or illegal acts noted during the audit, if any. The
addition of these two reporting requirements does not necessitate
additional audit work (i.e., do not require separate engagements to
report on the credit union's system of internal accounting control or
its compliance with laws and regulations). These are simply reports of
information already obtained in the normal course of the supervisory
committee audit. This requirement corrects the current regulation,
which does not require such reports to be communicated to either the
credit union, the regulator, or the insurer.
A clarifying sentence was added to Sec. 701.12(e)(2) to ensure that
NCUA access to a complete set of original working papers includes all
the existing documentation relative to the audit: audit programs,
working papers documenting conclusions or judgments, supervisory
reviewer's notes (if any), etc. This is a response to increasing
instances where NCUA examiners find that information deemed by the
auditor to be ``proprietary information'' is excluded from the working
papers. The exclusion of this additional and pertinent documentation
(e.g., audit programs) impairs NCUA's ability to assess the adequacy of
the work performed by the auditor to satisfy the requirements of this
section. Proposed Sec. 701.12(d)(1)(vii) requires the supervisory
committee to incorporate in the comprehensive engagement letter a
certification by the outside compensated auditors that a complete set
of original working papers supporting the audit, including the audit
program, will be provided upon request for inspection by NCUA.
Finally, the NCUA Board has added an enforcement mechanism to
ensure compliance with the requirements of this section and with the
requirements of the comprehensive engagement letter memorializing the
audit engagement between the supervisory committee and its compensated
auditor. In the event of failure to comply, proposed Sec. 701.12(e)(3)
authorizes the Regional Director, as a first step toward enforcement,
to reject as deficient the supervisory committee audit and the reports
thereof. An additional and more severe sanction for failure to comply
is available under section 206(r) of the FCU Act, 12 U.S.C. 1786(r),
which authorizes NCUA to seek formal administrative sanctions (e.g., an
order to cease and desist, or imposition of civil money penalties)
against the supervisory committee and/or its compensated auditor as
``institution affiliated parties'' of the credit union.
Parts of the existing regulation relating to the independence and
verification of members' accounts were unchanged in substance, although
redesignated as subsections 701.12 (f) and (g), respectively.
One change to part 701.13 was made to give recognition to the
redesignation of old Sec. 701.12(e) to new Sec. 701.12(g).
Regulatory Procedures
Regulatory Flexibility Act
The Regulatory Flexibility Act requires NCUA to prepare an analysis
to describe any significant economic impact a proposed regulation may
have on a substantial number of small credit unions (primarily those
under $1 million in assets). The NCUA Board has determined and
certifies that the proposed amendment, if adopted, will not have a
significant economic impact on a substantial number of small credit
unions. As to small credit unions, the proposed amendment clarifies
without imposing additional burden. Accordingly, the NCUA Board
determines and certifies that this proposed amendment does not have a
significant economic impact on a substantial number of small credit
unions and that a Regulatory Flexibility Analysis is not required.
Paperwork Reduction Act
NCUA has determined that the three requirements: (1) to prepare and
sign an engagement letter memorializing the terms and conditions of the
audit engagement in a comprehensive engagement letter, which
constitutes an enforceable contract between the compensated auditor and
the supervisory committee; (2) to provide a written report of internal
control exceptions or reportable conditions noted, if any; and (3) to
provide a written report of irregularities or illegal acts noted during
the audit, if any; do constitute a collection of information under the
Paperwork Reduction Act. The Paperwork Reduction Act of 1995 and
regulations of the Office of Management and Budget (OMB) require that
the public be provided an opportunity to comment on information
collection requirements, including an
[[Page 55666]]
agency's estimate of the burden of the collection of information. NCUA
estimates that most federal credit unions will be affected by this
regulation. However, it is the NCUA's view that the time a credit union
spends developing an enforceable engagement contract and provides in
writing, known internal control exceptions and reportable conditions,
if any, and/or irregularities and illegal acts, if any, is necessary to
the effectiveness of the audit and verification function and thus, the
safety and soundness of the credit union. The paperwork burden created
by this rule is the requirement that such actions be put in writing.
NCUA estimates that it should reasonably take one hour per requirement
(thus, 1 hour minimum--3 hours maximum) to comply with the three
requirements, if applicable to a given circumstance. Therefore, 12,000-
36,000 total burden hours are required to comply with the collection
requirement. For the majority of credit unions, 1 hour would be
required, or 12,000 total burden hours.
The NCUA Board invites comment on: (1) whether the collection of
the information is necessary for the proper performance of the
functions of NCUA, including whether the information will have
practical utility; (2) the accuracy of NCUA's estimate of the burden of
the collection of information; (3) ways to enhance the quality,
utility, and clarity of the information to be collected; and (4) ways
to minimize the burden of collection of information. Send comments to
Attn: Milo Sunderhaug, OMB Reports Management Branch, New Executive
Office Building, Rm. 10202, Washington, DC 20530.
Executive Order 12612
Executive Order 12612 requires NCUA to consider the effect of its
actions on state interests. The proposed amendment will not have a
substantial direct effect on the states, on the relationship between
the national government and the states, or on the distribution of
rights and responsibilities among the various levels of government.
List of Subjects in 12 CFR Part 701
Credit unions, Reporting and recordkeeping requirements.
By the National Credit Union Administration Board on October 19,
1995.
James Engel,
Acting Secretary of the Board.
Accordingly, it is proposed that 12 CFR, part 701 be amended to
read as set forth below:
PART 701--[AMENDED]
1. The authority citation for Part 701 continues to read as
follows:
Authority: 12 U.S.C. 1752(5), 1755, 1756, 1757, 1759, 1761a,
1761b, 1766, 1767, 1782, 1784, 1787, 1789, 1798 and Public Law 101-
73. Section 701.6 is also authorized by 31 U.S.C. 3717. Section
701.31 is also authorized by 15 U.S.C. 1601, et seq., 42 U.S.C. 1981
and 42 U.S.C. 3601-3610.
2. Section 701.12 is amended by redesignating paragraphs (d) and
(e) as paragraphs (f) and (g), by revising paragraphs (a) through (c),
and by adding new paragraphs (d) and (e) to read as follows:
Sec. 701.12 Supervisory committee audits and verifications.
(a) Definitions. As used in this chapter:
(1) Agreed-upon procedures means the performance by an independent,
licensed certified public accountant of an engagement in which the
scope is limited to applying specified agreed-upon procedures to one or
more specified elements, accounts, or items of a financial statement.
Such procedures are insufficient to express an opinion regarding either
the financial statements taken as a whole, or the specified elements,
accounts, or items.
(2) Applicable generally accepted auditing standards (GAAS) means
generally accepted auditing standards to the extent applicable in the
circumstances. The second general standard of GAAS relating to
independence and the four standards relating to reporting are not
applicable to a compensated auditor who is not an ``independent,
licensed, certified public accountant'' as defined in paragraph (a)(9)
of this section; all other requirements of GAAS would apply to such an
auditor.
(3) Audit or Opinion audit means an examination of the financial
statements performed by an independent, licensed, certified public
accountant in accordance with generally accepted auditing standards.
The objective of an ``audit'' or ``opinion audit'' is to express an
opinion as to whether those financial statements present fairly, in all
material respects, the financial position and the results of its
operations and its cash flows in conformity with generally accepted
accounting principles or an ``other comprehensive basis of
accounting,'' as defined in paragraph (a)(11) of this section.
(4) Compensated auditor means any accounting/auditing professional
who is compensated for performing the supervisory committee audit and/
or verification services.
(5) Financial statements means a presentation of financial data,
including accompanying notes, derived from accounting records of the
credit union, and intended to disclose a credit union's economic
resources or obligations at a point in time, or the changes therein for
a period of time, in conformity with generally accepted accounting
principles (GAAP) or an ``other comprehensive basis of accounting,'' as
defined in paragraph (a)(11) of this section. Each of the following is
considered to be a financial statement: a balance sheet or statement of
financial condition; statement of income or statement of operations;
statement of retained earnings; statement of cash flows; statement of
changes in owners' equity; statement of assets and liabilities that
does not include owners' equity accounts; statement of revenue and
expenses; summary of operations; and statement of cash receipts and
disbursements.
(6) Generally accepted accounting principles (GAAP) means the
conventions, rules, and procedures which define accepted accounting
practice. GAAP includes both broad general guidelines and detailed
practices and procedures, provides a standard by which to measure
financial statement presentations, and encompasses not only accounting
principles and practices but also the methods of applying them.
(7) Generally accepted auditing standards (GAAS) means the
standards approved and adopted by the American Institute of Certified
Public Accountants which apply when an ``independent, licensed
certified public accountant'' audits financial statements. Auditing
standards differ from auditing procedures in that ``procedures''
address acts to be performed, whereas ``standards'' measure the quality
of the performance of those acts and the objectives to be achieved by
use of the procedures undertaken. In addition, auditing standards
address the auditor's professional qualifications as well as the
judgment exercised in performing the audit and in preparing the report
of the audit. Copies of GAAS may be obtained from Harcourt Brace & Co.,
6277 Sea Harbor Drive, Orlando, FL 32887.
(8) Independence and Independent means to be without bias with
respect to the credit union so as to maintain the impartiality
necessary for the reliability of the compensated auditor's findings.
Independence requires the exercise of fairness toward credit union
management, members, creditors and others who may rely upon the
independent, compensated auditor's
[[Page 55667]]
report. Auditors must be independent in fact and in appearance.
(9) Independent, licensed, certified public accountant means an
individual who has passed the Uniform Certified Public Accounting
Examination, is licensed by a state board of accountancy to practice
accounting/auditing, and is independent as defined in paragraph (a)(8)
of this section.
(10) Internal controls means the process, established by the credit
union's board of directors, officers and employees, designed to provide
reasonable assurance of reliable financial reporting and safeguarding
of assets against unauthorized acquisition, use, or disposition. A
credit union's internal control structure consists of five components:
control environment; risk assessment; control activities; information
and communication; and monitoring. Reliable financial reporting refers
to preparation of financial statements that ``present fairly'' the
financial position and results of its operations and its cash flows, in
conformity with GAAP or an ``other comprehensive basis of accounting,''
as defined in paragraph (a)(11) of this section. Internal control over
safeguarding of assets against unauthorized acquisition, use, or
disposition refers to prevention or timely detection of transactions
involving such unauthorized access, use, or disposition of assets which
could result in a loss which is material to the financial statements. -
-
(11) Other comprehensive basis of accounting means a comprehensive
basis of accounting or definite set of criteria, other than GAAP,
having substantial support. In this case the ``other comprehensive
basis of accounting'' is limited to applicable regulatory accounting
practices (RAP), i.e., that basis of accounting which has the
substantial support of NCUA or the state supervisor, when applicable.
(12) Related party transactions means transactions among or between
parties where one party controls or can significantly influence the
management or operating policies of the other so as to prevent the
other party from pursuing exclusively its own interests. Examples of
related parties include: credit union members and their families, and
credit union officials and their families. Examples of ``related party
transactions'' include: interest-free loans or loans at below market
rates; sale of real estate significantly below appraised value;
nonmonetary exchange of property; and making of loans lacking scheduled
terms for repayment.
(13) Reportable Conditions means a matter coming to the compensated
auditor's attention that, in his or her judgment, represents a
significant deficiency in the design or operation of the internal
control structure of the credit union, which could adversely affect its
ability to record, process, summarize, and report financial data
consistent with the representations of management in the financial
statements.
(14) Substantive testing means testing of details and analytical
procedures to detect material misstatements in the account balance,
transaction class, and disclosure components of financial statements.
(15) Supervisory committee means a supervisory committee as defined
in Section 111(b) of the Federal Credit Union Act, 12 U.S.C. 1761(b).
For some federally-insured state chartered credit unions, the ``audit
committee'' designated by state statute or regulation is the equivalent
of a supervisory committee.
(16) Supervisory committee audit means an examination of the credit
union's financial statements in accordance with applicable GAAS, which
is performed by the supervisory committee or its designated
representative as prescribed in paragraph (c)(4) of this section. An
audit as defined in paragraph (a)(3) of this section satisfies the
definition of a ``supervisory committee audit.''
(17) Working papers means the principal record, in any form, of the
work performed by the auditor and/or supervisory committee to support
its findings and/or conclusions concerning significant matters.
Examples include the written record of procedures applied, tests
performed, information obtained, and pertinent conclusions reached in
the engagement, audit programs, analyses, memoranda, letters of
confirmation and representation, abstracts of credit union documents,
reviewer's notes, if retained, and schedules or commentaries prepared
or obtained by the independent, compensated auditor.
(b) Supervisory committee responsibilities. (1) The supervisory
committee is responsible for ensuring that:
(i) The credit union's financial statements, taken as a whole,
fairly present, in all material respects, the financial position, the
results of its operations and its cash flows, in conformity with GAAP
or an ``other comprehensive basis of accounting,'' although this
requirement should not be interpreted to necessarily require an opinion
audit.
(ii) The credit union's management practices and procedures are
sufficient to safeguard members' assets.
(2)(i) To satisfy the requirements of paragraph (b)(1) of this
section, the supervisory committee shall determine whether:
(A) Internal controls are established and effectively maintained to
achieve the credit union's financial reporting objectives which, at a
minimum, must support the satisfaction of the requirements of
paragraphs (b) and (c) of this section;
(B) The credit union's accounting records and financial reports are
promptly prepared and accurately reflect operations and results;
(C) The plans, policies, and control procedures established by the
board of directors are properly administered; and
(D) Policies and control procedures are sufficient to safeguard
against error, carelessness, conflict of interest, self-dealing and
fraud.
(ii) The audit and verification of members' accounts, as mandated
in Section 115 of the Federal Credit Union Act, 12 U.S.C. 1761d, are
the minimum requirements for satisfying this paragraph (b).
(c) Supervisory committee audit. (1) A supervisory committee audit
of each Federal credit union's financial statements shall occur at
least once every calendar year and shall cover the period elapsed since
the last audit. The supervisory committee audit shall be made by the
supervisory committee or its designated representative, as described in
paragraph (c)(4) of this section, using applicable GAAS.
(2) The scope of the supervisory committee audit shall include:
(i) Gaining an understanding of the internal control structure;
(ii) Assessing the level of control risk; and
(iii) Based on paragraph (c)(2)(ii) of this section, determining
the nature, timing, and extent of substantive testing necessary to
confirm the assertions made by management, in the financial statements,
regarding each of assets, liabilities, equity, income, and expenses for
the following attributes:
(A) Existence or occurrence;
(B) Completeness;
(C) Valuation or allocation;
(D) Rights and obligations; and
(E) Presentation and disclosures.
(3) For the compensated auditor, audit testing of the following
areas must satisfy applicable GAAS for expressing an opinion on the
financial statements taken as a whole: internal controls, cash, loans
and interest thereon, investments and interest thereon, shares and
dividends and/or interest thereon, related party transactions, and the
detection and reporting of errors and irregularities with regard to
each of these areas.
[[Page 55668]]
(4)(i) The requirements of the annual supervisory committee audit
may be satisfied by one or more of the following:
(A) An audit of the credit union's financial statements performed
by an independent, licensed, certified public accountant in accordance
with GAAS;
(B) An ``agreed-upon procedures engagement'' performed by an
independent, licensed, certified public accountant in accordance with
applicable GAAS, which by itself or in combination with procedures
performed by the supervisory committee, fulfills the required scope of
the supervisory committee audit;
(C) A supervisory committee audit performed by an independent,
compensated auditor other than an independent, licensed, certified
public accountant in accordance with applicable GAAS, which by itself
or in combination with procedures performed by the supervisory
committee, fulfills the scope of a supervisory committee audit; or
(D) A supervisory committee audit by the supervisory committee or
its designated, uncompensated representative, performed in accordance
with applicable GAAS.
(ii) In all cases, an independent, compensated auditor is required
to contract directly with the supervisory committee for the audit
engagement and to deliver its written reports directly to the
supervisory committee.
(d) Engagement letter. (1) The engagement of a compensated auditor
to perform all or part of the scope of a supervisory committee audit
shall be evidenced by an engagement letter. The engagement letter shall
be signed by the compensated auditor and acknowledged therein by the
supervisory committee prior to commencement of a supervisory committee
audit. The engagement letter shall:
(i) Specify the terms, conditions, and objectives of engagement;
(ii) Identify the basis of accounting to be used, e.g., GAAP or an
``other comprehensive basis'' as defined in paragraph (a)(11) of this
section;
(iii) Include an appendix setting forth the procedures to be
performed (if not an opinion audit);
(iv) Specify the compensation to be paid for audit;
(v) Provide that the auditor shall, upon completion of the
engagement, deliver to the supervisory committee written reports. All
such reports may be based on work performed during the normal course of
the audit; separate engagements are not required to report on the
credit union's system of internal accounting control or its compliance
with laws and regulations. The written reports shall consist of:
(A) The supervisory committee audit;
(B) Any internal control exceptions or reportable conditions noted
in the internal control review phase of the audit; and
(C) Any irregularities or illegal acts noted during the audit;
(vi) Specify a date of delivery of the written reports required by
paragraph (d)(1)(v) of this section; and
(vii) In the case of a compensated auditor, certify that NCUA staff
or its designated representative will be provided unconditional access
to a complete set of original working papers, as defined in paragraph
(a)(17) of this section, either at the credit union or at a mutually
agreeable location.
(2) In the case of a supervisory committee audit engagement which
will address all of the financial statement elements and attributes
prescribed in paragraph (c)(2) of this section, the engagement letter
shall, in addition to the requirements of paragraph (d)(1) of this
section, include a certification that the audit is a complete
supervisory committee audit.
(3)(i) In the case of a supervisory committee audit engagement
which will exclude any financial statement elements and attributes
prescribed in paragraph (c)(2) of this section, the engagement letter
shall, in addition to requirements of paragraph (d)(1) of this section:
(A) Specifically identify the elements and attributes excluded from
the audit;
(B) State that, because of the exclusion(s), the resulting audit
will not, in and of itself, fulfill the scope of a supervisory
committee audit; and
(C) Caution that the supervisory committee will remain responsible
for fulfilling the scope of a supervisory committee audit with respect
to the excluded elements and attributes.
(ii) A compensated audit fully satisfies the requirements of a
supervisory committee audit when it meets the requirements of
paragraphs (b) and (c)(1) of this section and addresses all of the
financial statement elements and attributes prescribed in paragraphs
(c)(2) and (c)(3) of this section.
(e) Audit reports and working paper access. (1) Upon completion or
receipt of the supervisory committee audit reports prescribed in
paragraph (d)(1)(v) of this section, the supervisory committee shall
provide the reports to the board of directors. The supervisory
committee shall ensure that the compensated auditor and its reports
comply with the terms of the engagement letter prescribed by paragraph
(d) of this section. The supervisory committee shall, upon request,
provide to the National Credit Union Administration a copy of each of
the written reports received from the auditor.
(2) The supervisory committee shall be responsible for preparing
and maintaining, or making available, a complete set of original
working papers (as defined in paragraph (a)(17) of this section)
supporting each supervisory committee audit. The supervisory committee
shall, upon request, provide NCUA staff unconditional access to such
complete set of original working papers either at the offices of the
credit union or at a mutually agreeable location.
(3) Failure of a supervisory committee and/or its compensated
auditor to comply with the requirements of this section, or the terms
of an engagement letter required by this section, may be grounds for:
(i) The Regional Director to reject the supervisory committee
audit; and
(ii) The NCUA to seek formal administrative sanctions against the
supervisory committee and/or its compensated auditor pursuant to
section 206(r) of the FCU Act, 12 U.S.C. 1786(r).
* * * * *
Sec. 701.13 [Amended]
3. Section 701.13 is amended in paragraph (a)(2) by revising
``Sec. 701.12(e)'' to read ``Sec. 701.12(g)''.
[FR Doc. 95-27045 Filed 11-1-95; 8:45 am]
BILLING CODE 7535-01-U
