Skip to content
BOL Conferences

New Reply Thread Options
#1372620 - 04/12/10 04:14 PM Difference Between Compliance Reviews and Audit
Anonymous
Unregistered

I'm the compliance officer/internal auditor for a small bank. I have a risk assessment for both IA and compliance that I follow annually. During our compliance exam we had a recommendation to implement compliance reviews and a statement that our compliance audits were very thorough. I'm not sure what the difference between a "compliance review" and a "compliance audit" is. Any suggestions? Should I be doing reviews instead of audits?

Return to Top Reply Quote Quick Reply Quick Quote
#1372630 - 04/12/10 04:21 PM Re: Difference Between Compliance Reviews and Audit Anonymous
Doug Hendrickson Offline
Power Poster
Doug Hendrickson
Joined: Oct 2009
Posts: 3,927
I actually leave the compliance audit to our internal auditor. I'm in the process of putting together a compliance procedures manual that lists reviews that I will perform on a regular basis (e.g., monthly check of excess debits from mmds/savings, semi-annual verification of NOW account eligibility).
_________________________
I hear and I forget. I see and I remember. I do and I understand.--Confucius

Return to Top Reply Quote Quick Reply Quick Quote
#1372870 - 04/12/10 08:29 PM Re: Difference Between Compliance Reviews and Audit Doug Hendrickson
Anonymous
Unregistered

I'm the only person responsible for both compliance and audit. I'm struggling with determining when to review vs doing an indepth audit. And how often the reviews should be done.

Return to Top Reply Quote Quick Reply Quick Quote
#1372886 - 04/12/10 08:41 PM Re: Difference Between Compliance Reviews and Audit Anonymous
Doug Hendrickson Offline
Power Poster
Doug Hendrickson
Joined: Oct 2009
Posts: 3,927
Sorry to hear that you've got both positions!

Personally, I think it's going to be a balance between risk management and time management. By that I mean that I would try to schedule reviews on the high risk areas where you might be able to catch things before they grow into bigger problems and save the audits (annual) for lesser-risk areas or where you need to spend more time because your scope will be broader.

For instance, if check holds (Reg CC) have been an issue you might want to review them on a monthly/quarterly basis to ensure that they are being done correctly and provide time for training and/or procedures development. The same for excess debits to money market deposit or savings accounts; ensure that someone is reviewing those reports and notifying customers on a regular basis.

Others, like a full examination of residential real estate for compliance with a number of regulations (FHA, ECOA, Flood) might take significant time and would be better as an annual audit.

Just my thoughts.
_________________________
I hear and I forget. I see and I remember. I do and I understand.--Confucius

Return to Top Reply Quote Quick Reply Quick Quote
#1373012 - 04/13/10 12:49 PM Re: Difference Between Compliance Reviews and Audit Doug Hendrickson
Retired DQ Offline
10K Club
Retired DQ
Joined: Dec 2002
Posts: 40,766
Turnpike Exit 10
The way I see it, audit dept tests compliance with the bank's procedures. Compliance dept tests the procedures for compliance with the regulation.
MHO
_________________________
Get your facts first, then you can distort them as you please. - Mark Twain

Return to Top Reply Quote Quick Reply Quick Quote
#1373065 - 04/13/10 01:24 PM Re: Difference Between Compliance Reviews and Audit Retired DQ
ktac MITCH Offline
Diamond Poster
ktac MITCH
Joined: May 2005
Posts: 1,813
Giant side of TX
I am the Compliance Officer & the Internal Auditor works for me & I tend to agree with deekles:
Audit looks at Bank Policy ; re-verifies that account reconcilements have been done & are correct ; verifiew wires had correct authroization by the sender ; ensures dual control procedures are followed ; surprise audits teller draws and vaults ; etc...

Compliance Audits look for compliance with regulations; and keeps tracking of upcoming changes and determines what policies, procedures etc. will need to change in order to implement the changes & works with appropriate depts. to ensure the changes are made.
AND - as Doug said, your schedule for both should be based on your riskassessment & you review the higher risk areas more often.
_________________________
My opinions are just that, and might be worth what you paid for them.

Return to Top Reply Quote Quick Reply Quick Quote
#1373210 - 04/13/10 03:10 PM Re: Difference Between Compliance Reviews and Audit ktac MITCH
Kathleen O. Blanchard Offline

10K Club
Kathleen O. Blanchard
Joined: Dec 2000
Posts: 21,293
Some of this will vary from bank to bank - some banks have auditors versed in compliance and actually audit regulatory compliance.

Others leave that testing to compliance - some have a group in compliance that does that testing.

The monitoring can then be handled like an internal control, tested by compliance or the business (by individuals not involved in the production work) or both. Think of monitoring as period checks that everything is proceeding as expected, no errors popping up, regs are being followed.

If there is a robust monitoring process, the audit may test to see that it is operating as planned and do some independent testing to confirm results.

The reason for periodic monitoring is that audits take place less frequently. Do you want to wait a year or more to see if everything is okay? The bank should want to check its processes more frequently than that.
_________________________
Kathleen O. Blanchard, CRCM "Kaybee"
HMDA/CRA Training/Consulting/Mapping
The HMDA Academy
www.kaybeescomplianceinsights.com

Return to Top Reply Quote Quick Reply Quick Quote
#1373256 - 04/13/10 04:00 PM Re: Difference Between Compliance Reviews and Audit Kathleen O. Blanchard
Anonymous
Unregistered

Our Bank has been criticized because our internal audits were not targeted toward regulatory issues. In reading above, it sounds like most people think the compliance reviews should be regulatory targeted and the internal audits targeted more toward following procedures. You may want to ask your regulator.

Return to Top Reply Quote Quick Reply Quick Quote
#1373281 - 04/13/10 04:21 PM Re: Difference Between Compliance Reviews and Audit Anonymous
Doug Hendrickson Offline
Power Poster
Doug Hendrickson
Joined: Oct 2009
Posts: 3,927
Our auditor performs a number of audits for a variety of purposes, regulatory is just one of them.

My goal is to have myself, as the Compliance Officer, perform a number of reviews each year, focused on regulatory issues where there is higher risk. My expectation is that the auditor will perform less auditing for regulatory purposes in those areas and to enable her to rely on my work (assuming she will test a few items I've done and do a small selection herself).

I view my work as part of the internal controls and her work as attesting that the internal controls are working.
_________________________
I hear and I forget. I see and I remember. I do and I understand.--Confucius

Return to Top Reply Quote Quick Reply Quick Quote
#1373431 - 04/13/10 06:04 PM Re: Difference Between Compliance Reviews and Audit Doug Hendrickson
Kathleen O. Blanchard Offline

10K Club
Kathleen O. Blanchard
Joined: Dec 2000
Posts: 21,293
It depends upon the strength of the compliance monitoring program. If there is a very strong compliance testing program - some banks have special teams that do just that - just that program is tested and is very acceptable to examiners. If the program is not strong enough, they may want more. As banks get larger, more and more compliance testing is done outside of audit.
_________________________
Kathleen O. Blanchard, CRCM "Kaybee"
HMDA/CRA Training/Consulting/Mapping
The HMDA Academy
www.kaybeescomplianceinsights.com

Return to Top Reply Quote Quick Reply Quick Quote
Quick Reply:
HTML is disabled
UBBCode is enabled




Moderator:  MagicCity, P*Q, Truffle Royale