July 24, 2000
OCC Reemphasizes Need for Strong Internal Control Systems and Audit Programs in Banks
WASHINGTON — The Office of the Comptroller of the Currency (OCC), in a handbook being distributed today to national banks and bank examiners, is reemphasizing the need for banks to establish and maintain strong internal control systems and audit programs.
The handbook notes that effective internal and external audit programs are a critical defense against fraud and provide vital information to the board of directors about the effectiveness of internal control systems.
The Internal and External Audits handbook discusses the duties and responsibilities of national bank directors and managers regarding audits; identifies characteristics of effective internal and external audits; and describes the OCC supervisory approach to assessing the quality of a national bank's audit program.
"A well-designed and executed audit program has always been an essential component of effective risk management, and is becoming ever more so as banking expands into new products, services, and technologies," said the OCC in a cover letter accompanying the handbook. "History offers many examples of serious problems that could have been avoided or identified earlier and mitigated, through proper audits."
A key factor in any audit program is the independence of the external auditor, said the OCC. The agency discourages banks from relying on the same firm to provide external audit services in combination with other significant services, including performance of the bank's internal audit function under an outsourcing arrangement. "National banks should exercise extreme caution before undertaking or continuing any arrangement that might compromise the independence of external auditors," the OCC said.
Comptroller John D. Hawke, Jr. will address this issue further in testimony before the Securities and Exchange Commission Thursday.
The primary objectives of internal audits are to independently and objectively:
- evaluate accounting, operating, and administrative controls;
- ensure that internal control systems result in accurate recording of transactions and proper safeguarding of assets; and
- determine whether the bank is complying with laws and regulations, adheres to bank policies, and is taking appropriate steps to address control system deficiencies.
The primary objectives of the external audits are to provide the board of directors and management with:
- reasonable assurance about the effectiveness of internal controls over financial reporting, the accuracy and timeliness in recording transactions, and the accuracy and completeness of financial and regulatory reports;
- an independent and objective view of the bank's activities, including processes relative to financial reporting; and
- information useful to directors and management in maintaining a bank's risk management processes.
The handbook provides the first detailed discussion of specialty audits, including audits for information systems and technology, fiduciary activities, and consumer compliance.