AUDITS OF CREDIT UNIONS
By Thomas A. Ratcliffe
The AICPA has issued an updated audit and accounting guide, Audits of Credit Unions. The new guide supersedes the AICPA audit and accounting guide of the same name originally issued in 1986. Prepared by the Credit Unions Committee, the guide contains modified guidance due to the issuance of authoritative pronouncements since the guide originally was issued.
The primary objective of this guide is to help independent auditors audit and report on the financial statements of natural-person credit unions. The new guide is not intended to apply to corporate credit unions; however, portions of the guide may be useful to auditors in their work related to corporate credit unions.
General Planning Issues
The scope of the services rendered by auditors generally depends on the types of reports to be issued as the result of the engagement. Early in the audit, the auditor should establish an understanding with credit union management regarding the services to be performed and reports to be issued. The following types of services typically are performed by auditors engaged by credit unions:
* Auditing the financial statements in accordance with generally accepted auditing standards.
* Applying agreed-upon procedures to assist the supervisory committee in fulfilling its responsibilities.
* Reporting on internal controls.
* Reporting on supplemental financial and other information.
* Applying agreed-upon procedures to management assertions related to mortgage-banking activities in accordance with Statements on Standards for Attestation Engagements.
* Reporting on the processing of transactions by credit unions functioning as service organizations in accordance with SAS No. 70, Reports on the Processing of Transactions by Service Organizations.
Unique Industry Characteristics. To plan an audit of the financial statements of a credit union, the auditor should be familiar with the characteristics of the operations and business of credit unions unique to the industry and require the auditor's consideration in assessing audit risk, developing an overall audit strategy, and performing auditing procedures. Some of those characteristics include--
* the regulatory environment,
* financial products and instruments,
* the internal control environment, and
* the economic environment.
Industry Risk Characteristics. Credit unions face several different types of risk with respect to the investing and lending activities that encompass the major part of their operations. Some of these risks are as follows:
* Credit Risk. The probability that a borrower may not repay a loan.
* Interest-Rate Risk. The probability that changes in interest rates will negatively affect earnings.
* Liquidity Risk. The probability a credit union will not have funds available to repay fully all maturing liabilities on a timely basis.
* Processing Risk. The risk that the accuracy and timeliness of information processed by credit unions could be impaired.
Sound business policies suggest that the board of directors and management of a credit union should review risk exposure and devise a policy for the management of those risks.
Knowledge of the Client's Business. This requirement is generally obtained through experience with the client and discussions with other auditors or client personnel. Such knowledge may also be obtained or supplemented by performing procedures such as a) reviewing the charter and bylaws of the credit union and b) reading minutes of meetings of the board of directors, the supervisory committee, the credit committee (or the loan officers or both), and other appropriate committees.
Internal Control Issues
Several procedures are particularly important to credit union operations. If in place and functioning properly, the following procedures could strengthen internal controls.
* Daily reconciliations of all loan, deposit, and related interest trial balances with the general ledger.
* Daily balancing of tellers' and vault cash.
* Tellers' proof function.
* Establishment of dual controls over certain assets and records, such as vault cash, consigned items, dormant account information, and investment records.
Audit Risk Issues
There are certain risks inherent in all audit engagements. One such risk is the possibility the financial statements are materially misstated as the result of errors and fraud. SAS No. 47, Audit Risk and Materiality in Conducting an Audit and SAS No. 82, Consideration of Fraud in a Financial Statement Audit, provide guidance on the auditor's responsibility for the detection of errors and fraud in an audit of financial statements in accordance with generally accepted auditing standards. Some of the factors that need to be considered by an auditor in this regard are summarized in Exhibit 1.
An important factor to consider in assessing the risk of material misstatement in a credit union's financial statements is the potential for insider abuse. Insider abuse refers to actions by a credit union's officers/directors that are intended to benefit them or related parties without regard to the effect of these actions on the soundness of the credit union. Insider abuse may involve unsound loans to insiders or related parties or even embezzlement of a credit union's funds. Factors that may indicate possible insider abuse include the following:
* Unsound lending practices;
* Loans secured by collateral that has had recent, dramatic increases in value;
* Loans of unusual size or with unusual interest rates or terms;
* Poor loan documentation;
* Loans with unusual or questionable collateral or collateral inconsistent with the credit union's normal underwriting practices;
* Violations of legal limits on loans to one borrower;
* Out-of-territory loans;
* Loans that are continuously extended or modified; or
* Multiple transactions with a single party or a group of affiliated parties.
Regulatory examination reports and related communications between examiners and a credit union can provide important information to auditors. Policies of the National Credit Union Administration (NCUA) and most state agencies that regulate credit unions have traditionally allowed a credit union's independent auditor access to certain confidential reports of examinations of the credit union. In addition, examiners generally have been permitted to provide pertinent information to the independent auditor with the prior approval of the credit union.
The independent auditor should review reports of significant examinations and related communications between examiners and the credit union and, when appropriate, make inquiries of the examiners. The independent auditor should--
* request that management provide access to all reports of examination and related correspondence;
* review reports of significant examinations and related correspondence between examiners and the credit union during the period under audit through the date of the independent auditor's report; and
* communicate with the examiners, with the prior approval of the credit union, when their examination of the credit union is in process or a report on a recent examination has not been received by the credit union.
A refusal by management to allow the independent auditor to review communications from, or to communicate with, the examiner would ordinarily be a limitation on the scope of the audit sufficient to preclude an opinion. A refusal by the examiner to communicate with the auditor may be a limitation on the scope of the audit sufficient to preclude an unqualified opinion, depending on the auditor's assessment of other relevant facts and circumstances.
With the prior approval of the credit union, the independent auditor should consider attending as an observer the exit conference between the examiner and the credit union's board of directors (or its supervisory committee) or its executive officers or both. Further, if the examiners request permission to attend the meeting between the independent auditor and management or the credit union's board of directors (or an appropriate board committee) and management concurs, the independent auditor should generally concur.
Compliance with Laws and Regulations
If information comes to the auditor's attention that provides evidence of noncompliance with applicable regulations, the auditor should follow the guidance in SAS No. 54, Illegal Acts by Clients. Examples of areas in which noncompliance penalties may be imposed on a credit union include the following:
* Backup withholding of income taxes on interest paid on deposit accounts.
* Reporting of mortgage interest.
* Reporting of currency transactions to the Department of the Treasury.
* Limitations on loans to one borrower.
* Truth-in-savings disclosures.
When planning and conducting the audit, the independent auditor should consider what impact noncompliance with various regulations may have.
SAS No. 19, Management Representations, and for audits of financial statements for periods ending after June 30, 1998, SAS 85, its replacement, require the auditor to obtain certain written representations from management as part of an audit and provides guidance concerning these representations. The specific written representations to be obtained depend on the circumstances of the engagement and on the nature and basis of presentation of the financial statements. The SASs list matters ordinarily included in management's representation letter. Certain other representations related to credit union operations normally are obtained from credit union clients. These particular representations are summarized in Exhibit 2.
Going Concern Issues
In conducting a financial statement audit, the auditor may identify information about certain conditions or events that, when considered in the aggregate, indicate there could be substantial doubt about the credit union's ability to continue as a going concern for a reasonable period of time. Examples of procedures normally performed in audits of credit unions that may identify conditions and events that indicate a going concern problem are summarized in Exhibit 3. The significance of such conditions and events will depend on the circumstances, and some may have significance only when viewed in conjunction with others. Examples of such conditions and events that may be encountered in audits of credit unions include--
* recurring operating losses,
* indications of strained liquidity,
* negative equity,
* concerns expressed by regulatory authorities about alleged unsafe and unsound practices,
* indications of strained relationships between management and regulatory authorities, and
* noncompliance with regulatory capital requirements.
Thomas A. Ratcliffe, PhD, CPA, is Dean of the Sorrel College of Business at Troy State University.
John F. Burke, CPA
©2009 The New York State Society of CPAs. Legal Notices
Visit the new cpajournal.com.