Internal Auditing Risk Management by urn45018


More Info
									                                         [ X ] POLICY     MANUAL                                        SECTION
           COMPANY XXX                   [ ] PROCEDURE
SUBJECT                                  BOARD APPROVAL   EFFECTIVE DATE       SUPERSEDES       PAGE      PAGES

Internal Audit Policy                       3/22/07             3/22/07            3/23/06       1     OF 4

                                           INTERNAL AUDIT POLICY

This audit policy identifies the purpose, authority, and responsibility of the internal audit function. The
objective of internal audit is to assist all members of management and the Board of Directors in the effective
discharge of their responsibilities by furnishing them with analyses, appraisals, recommendations and pertinent
comments concerning the activities reviewed.

The purpose of the Internal Audit Policy is to formally establish and provide guidance for an independent audit
function that complies with regulatory requirements and best practices as identified in business presentations
and business literature. Since certain portions of this function are outsourced, an engagement letter is obtained
that sets forth adherence to the Interagency Policy Statement. The function will perform in accordance with the
Interagency Policy Statement on Internal Auditing.


The mission of the internal audit function is three fold: 1) to ensure Bank Policy and related procedures comply
with current laws, regulations, and best practices; 2) to ensure that procedures include internal controls which
are sufficient to mitigate undesirable risks; 3) and, through monitoring, ensure Bank Policy and related
procedures are followed consistently.


The Internal Audit Department reports functionally to the Audit Committee of the Board of Directors through
Risk Management and the Chief Risk Officer. This reporting relationship ensures independence, promotes
comprehensive audit coverage, and assures adequate consideration of audit recommendations.

Assigned auditors, in the performance of audits, are granted full authority to review areas of the Bank or
subsidiaries at any time with access to all activities, records, property and personnel.

Internal audit is a staff function that has no direct authority over activities subject to audit. The performance of
these reviews does not relieve management of any assigned responsibilities.

Audit Committee

The Audit Committee of the Bank is a standing Committee of the Board of Directors that has established a
comprehensive Audit Charter setting forth the membership requirements, roles and responsibilities regarding
internal controls and financial reporting, compliance with laws and regulations, internal audit, external audit,
and meetings and reporting.

The Audit Committee will evaluate the quality of the work of the internal audit function. The Committee will
evaluate audit performance based on the following criteria:

         Providing an effective and independent assessment of the bank’s internal control structure
         Acting independently of management
                                        [ X ] POLICY      MANUAL                                       SECTION
           COMPANY XXX                  [ ] PROCEDURE
SUBJECT                                 BOARD APPROVAL    EFFECTIVE DATE       SUPERSEDES      PAGE      PAGES

Internal Audit Policy                       3/22/07            3/22/07            3/23/06       2     OF 4

         Having appropriate experience to perform all audit activities included in the annual risk assessment and
          audit schedule
         Providing sufficient audit coverage of the bank’s operations
         Meeting the audit plan
         Recommending changes that add value

Audit Liaison

The Director of Audit acts as the audit liaison with the third party auditors. The audit liaison acts as the
communication link between the outsourced auditors and the organization. The Director of Audit meets
regularly with the third party auditors to discuss progress relative to completion of the audit plan and any issues
or concerns identified by audit. The liaison provides information relative to personnel, product and system
changes occurring in the organization. In addition, the liaison would assist in resolving any disagreements with
management regarding audit recommendations and developing an acceptable response. The liaison would also
review changes in target dates for resolving audit findings for reasonability.

Audit Risk Assessment and Internal Audit Plan

The Audit Committee will obtain from the Director of Audit an audit risk assessment and internal audit plan
that will set forth the frequency of the audits to be performed which will be reported to and monitored by the
Audit Committee. The audits will be conducted in accordance with Professional Practice Standards of the
Institute of Internal Auditors . The Director of Audit will be evaluated periodically by the Audit Committee
relative to the completion of the Plan. The audit plan will be reviewed with the Audit Committee on a regular
basis and any material changes to the plan will be approved by the Audit Committee. Audit findings, and
subsequent follow-up on the findings, will be reported to the Audit Committee.

Audits are conducted on an annual basis based on a “Line of Business” approach. Lines of Business have been
identified, consistent with the bank’s organization chart. A determination regarding specific audit areas within
each Line of Business is made during planning meetings preceeding each audit, and is facilitated through
RNB’s Enterprise Risk Management process.

In order to enhance coverage of high risk areas while improving the efficiency of the audit process, additional
testing, outside the annual Line of Business audit, may be accomplished using Continuous Auditing and other
electronic/automated methodology. Continuous Audit test plans with be reviewed with the Audit Committee
before implementation.

Note: Low risk functions within an audit area may be cycled from an audit program. The basis for cycling will
be documented in the Enterprise Risk Management database.

Internal Audit Responsibilities

The Internal Audit Department is responsible for reporting to the Audit Committee the results of evaluations of
the internal control systems for financial reporting, compliance management and electronic data processing
systems. Principal responsibilities include:
                                       [ X ] POLICY      MANUAL                                        SECTION
          COMPANY XXX                  [ ] PROCEDURE
SUBJECT                                 BOARD APPROVAL   EFFECTIVE DATE       SUPERSEDES       PAGE      PAGES

Internal Audit Policy                      3/22/07             3/22/07            3/23/06       3     OF 4

1. Development of an annual plan in conjunction with a risk assessment. Presenting the plan to the Audit
   Committee for their review/approval.

2. Evaluating the bank’s risk management program for efficiency, effectiveness and application of the Bank’s
   accounting, financial and other operating control systems, and promoting effective control at a reasonable

3. Ascertaining the extent of compliance with established policies and procedures and regulatory requirements.

4. Ascertaining the reliability of management data developed within the organization.

5. Presenting reports on audit activities periodically to the Audit Committee focusing on the efficiency and
   effectiveness of the internal control system throughout the Bank and recommending operating

6. Communicating with executive management concerning the overall internal control structure of the Bank in
   conjunction with the management assessment requirements of the FDIC Improvement Act of 1991.

7. Contributing to the enterprise wide risk management process through ongoing collaboration with
   Compliance, Information Security, BSA/AML and other Risk Management functions to ensure that risks are
   appropriately identified and managed.

8. Acting as a liaison between the Bank and all regulatory and external certified public accounting audit

Internal Audit Duties

1. Internal Audit is responsible for assessing and monitoring the effectiveness of the Bank’s systems of
   internal controls as defined by the Committee of Sponsoring Organizations (COSO).

2. Determine the third party audit engagements are carried out in accordance with the Standards for the
   Professional Practice of Internal Auditing promulgated by the Institute of Internal Auditors.

3.    The Director of Audit will review and evaluate the programs utilized by the auditors to determine
     applicability to relevant laws and regulations; policies and procedures will be tested and reviewed on a risk
     effective basis.

4. Internal audits will be organized and conducted in a manner to ensure impartial evaluation and reporting of
   audit findings and to recommend effective action based on the findings.

5. Internal audits will be conducted in an objective and fair manner in support of the operation of the audited
   activity as well as to ensure effective management control.
                                     [ X ] POLICY      MANUAL                                      SECTION
          COMPANY XXX                [ ] PROCEDURE
SUBJECT                               BOARD APPROVAL   EFFECTIVE DATE      SUPERSEDES      PAGE      PAGES

Internal Audit Policy                    3/22/07            3/22/07            3/23/06       4    OF 4

6. Audit findings and recommendations will be thoroughly reviewed with operating management. Reports will
   be distributed to the Audit Committee and to the levels of management which have functional responsibility
   on the findings and recommendations.

7. Appropriate management will be expected to provide responses of actions taken on audit findings and
   related recommendations. Any plans for resolution or corrective action taken will be evaluated for
   satisfactory disposition of audit findings.

8. The Director of Audit will be responsible for monitoring and documenting the completion of audit
   recommendations that require additional time after the completion of the audit to implement.

Review and Approval for Audit Policy:

The Audit Committee of the Board of Directors will review and approve the Audit Policy at least annually.

Approved: 3/22/07

To top