Today, Audit Committees, Board Members, Senior Management and Regulators are demanding real-time risk assessment and control accountability. At The Schinlever Group our proven ability to satisfy these demands is based on our competence, commitment and credibility. We apply The International Standards for the Professional Practice of Internal Auditing as promulgated by The Institute of Internal Auditors to provide creative solutions to complex business challenges.
Our full range of internal audit and control consulting services include:
Annual Internal Audit Plan Development and Execution
All types of internal audits including Accounting, Accounts Payable, Shareholder Equity, Deposits, Human Resources, Investments, Information Technology, Loans, Main Office and Branch Locations.
Specialized audits and compliance reviews including Asset Liability Management (ALM), Automated Clearing House (ACH), Wire Transfer, Bank Secrecy Act (BSA), Customer Identity Program (CIP), Item Process/Proof and Transit, Marketing, Public Funds Certification, Purchasing, Records Maintenance and Vendor Management.
Sarbanes-Oxley (SOX) Section 404 Control Documentation and Testing
Internal Audit Sourcing, Co-Sourcing and Strategic Affiliations.
Internal Control Design and Reviews
Quality Assurance Reviews (QAR’s)
With so much emphasis on accounting controls from SOX legislation, The Schinlever Group has developed a general accounting audit program that is designed to test identified key accounting controls. The areas included in the general accounting audit include accounts payable, borrowings, cash, control balancing, corporate income tax, due to/due from accounts, financial statement preparation, general ledger, investments, on-us demand deposit accounts, other assets, other liabilities, payroll reconcilement, employee benefit accounting, regulatory reporting and shareholder equity.
Based on our risk assessment it is important that we audit the accounting aspect of each of the areas identified above annually. Bi-annually we will perform a more in-depth audit of accounts payable, investments, and shareholder equity
The audit of asset liability management is designed to ensure that the bank has a system of control in place to properly manage balance sheet and off-balance sheet instruments, both to maximize and maintain the spread between interest earned and paid. Effective risk management includes a program for managing credit risk, interest rate risk, liquidity risk, compliance risk, price risk and reputation risk. Regulators encourage banks to have this review performed annually.
The deposit audit focuses on the potential understatement of liabilities and the potential overstatement of assets. Our objectives in auditing deposit accounts on an annual basis are to determine:
deposits are recorded completely and accurately
an accountability trail through deposit processing is created and maintained
unpayable items are promptly returned in accordance with pertinent laws, rules and regulations
overdrafts are addressed and collected in a timely manner
deposit service charges are correctly assessed, collected and recorded
interest on interest bearing accounts is calculated, paid and recorded correctly
accurate, complete and timely financial information is provided to management
adequate safeguards exist for the physical protection of records
The audit of benefits and personnel administration is designed to ensure that state and federal labor laws are being adhered to in order to avoid potential litigation. We test for adequate controls and compliance with bank policies and procedures. We also ensure that changes in Human Resources procedures are provided to management and employees in an accurate, complete and timely manner.
Investment activities include management of the corporation's balance sheet, and the investment portfolio, within established constraints designed to ensure compliance with sound banking practices and regulatory guidelines. The primary objective in auditing investments is to ensure that all activities are properly conducted in an environment well defined by a sound and effective system of internal controls. We will confirm transactions and security holdings with customers and safekeeping agents as well as test the accounting and operating procedures for compliance with generally accepted accounting principles and applicable regulatory guidelines.
Our objectives in auditing loans on an annual basis are to determine that:
adequate policies and procedures have been established,
adequate separation of duties exist between the administrative and operations of the loan function
loans are recorded and disbursed properly, timely and accurately
loan payments are received and applied to customer accounts properly, timely and accurately
interest income and fee income are properly calculated and recorded
Allowance for loan losses and charge-offs are appropriately approved and recognized on a timely basis.
adequate safeguards exist for the physical protection of records
accurate, complete and timely information is provided to management
The main office and branch locations provide the primary customer contact point for a variety of retail and commercial bank services. The objectives of the internal audit function in regard to the offices are to determine:
compliance with bank policies and procedures
assets are properly safeguarded
operations are in compliance with government regulations
general ledger balances are properly stated
These objectives will be met through a review of the system of internal controls, physical counts and observations, testing of transactions and the monitoring of on-going operations.
The Schinlever Group usually recommends the main office and branch locations to be audited on a rotating cycle of every two to three years. If we find significant control issues in any one branch or office we will schedule that audit sooner than the two to three year cycle.
The Schinlever Group’s objective with respect to the BSA and CIP audit is to ensure that management has an adequate policy and related procedures that reflect the requirements of the related regulations. We test the bank’s risk assessment, data collection, Suspicious Activity Reporting (SAR’s) and FinCen 104 documentation and filing. We review that corrective action is taken in instances of noncompliance with procedures and violations of the BSA and CIP regulations.
The control objectives with respect to Item Processing are to ensure:
all transactions are captured and summed daily
assets and equities are balanced daily
teller’s individual cash is balanced in detail each day
accurate cash letters are prepared to ensure timely collection
float is minimized to maximize the bank’s collected funds position
The Security for Public Deposit Act requires an independent certification. Our audit program mirrors the requirements of the regulations as detailed below:
1. For all monthly reports and quarterly reports, verify the mathematical accuracy of the presented calculations.
2. Review and test the procedures for compiling the report from the internal financial records.
3. For the calculation of the average balance, ascertain the reasonableness of the methodology used.
4. Review all new Virginia accounts to determine whether the accounts are correctly included or excluded as public deposits.
5. Ensure that FDIC amounts are applied correctly especially when an entity has more than one account with the institution.
6. Review the signed Security for Public Deposit Agreement to ensure that all information is correct and accurate.
7. Review the par and market value of pledged collateral to ensure proper application of the 80% calculation for all pooled securities.
8. Review written procedures for adequacy and the prior audit report for correction of reported findings.
A financial institution periodically turns its deposit base over by wire transfer. The bank, through an automated clearinghouse, electronically exchanges financial transactions with other participating member financial institutions. The control, security and audit functions are important considerations in providing reasonable assurance that sound protective measures are in place to safeguard these electronic transfers and to minimize exposure to losses resulting from errors or irregularities.
The Schinlever Group in alliance with Strategic Technologies will perform audits of the more technical areas such as operating systems, data communications and data base management systems. During the audit time is allocated to review compliance with corporate end-user computing policies, controls and security of Local Area Networks and microcomputer application development. Audit objectives for information technology systems will be to determine that:
written policies and procedures exist and are being followed
adequate security exists for sign on to the bank's internal IT environment including unique user ID's and passwords
adequate physical security exists for the computer and telecommunications rooms
The Schinlever’s Group approach to Sarbanes-Oxley (SOX) Section 404 control documentation and initial compliance testing is summarized in the following 10 steps and is based on the Committee of Sponsoring Organizations of the Treadway Commission (COSO) model.
1. Document and assess the control environment of your organization.
2. Document and assess your communication and information processes.
3. Perform a risk analysis of all financial statement elements which are captioned and disclosed in your 10-K or 10-KSB.
4. Perform a risk analysis on transaction cycles that impact higher risk financial elements.
5. Based on the risk analysis of financial elements and transaction cycles, document control activities for the entire entity.
6. Identify the key accounting controls for higher risk financial elements and determine if any gaps exist in controls.
7. Perform initial tests of the key accounting controls to determine effectiveness.
8. Identify and implement improvements in internal controls.
9. Determine the scope and frequency of monitoring.
10. Assist management in implementing a monitoring plan.
On a quarterly basis The Schinlever Group will test compliance with section 404 of SOX. The focus of our audit work will be to test throughout the year the significant accounting controls identified by management. The objective of which is to determine if there are any material existing conditions that could impact the quarterly financial statements or require public disclosure. These objectives will be accomplished by communicating with management; reviewing internal controls; following up on any significant problems identified in audits; checking major system/application reconcilements; and performing an analytical review of general ledger account balances. At year-end our testing efforts will be coordinated directly with the external accountant’s audit of the corporation's financial statements.
In-house audit functions are required by the Institute of Internal Auditors (IIA) to have an external quality assessment (QA) every five years. The external QA evaluates conformance with the International Standards for the Professional Practice of Internal Auditing (Standards), the efficiency and effectiveness of the internal audit activity, and the use of successful practices.
The external QA allows internal auditors to state their activities are conducted in accordance with the International Standards for the Professional Practice of Internal Auditing. It also builds stakeholder confidence by documenting management's commitment to quality and successful practices, and the internal auditors' mindset for professionalism. Obtaining an external QA provides evidence to the board, management, and staff that the audit committee and the internal audit activity are concerned about the success of the organization's internal controls, ethics, governance, and risk management processes.
The Schinlever Group is qualified to perform the required QA. We use the steps detailed in the IIA’s Quality Assessment Manual, 5th edition to perform our assessment.
