Over the course of working with a variety of banks, I have seen numerous approaches to the audit committee role. In the best cases, the audit committee works in collaboration with the internal audit (IA) group, the external auditor and management toward a set of common goals. In others, work groups are compartmentalized and focused on their own work, not sharing information or goals.
The speed of change and complexity of the issues banks are facing today make isolation particularly hazardous. Collaboration often represents the best way to identify risk and build a strategy to get ahead of it. Finance teams must be capable of performing daily processes while keeping a view of the future. Without proper foresight and expertise, issues like changing allowances for loan loss calculations or cybersecurity can threaten the success of a bank’s financial reporting.
The audit committee is an arm of the board of directors. As such, it is charged with specific guidance responsibilities. Ideally, its members bring profound knowledge of financial issues and the bank’s strategy to address them. That process includes asking the right questions. While this list is not exhaustive, it introduces the cornerstone issues your audit committee must be able to help you address.
Is the internal auditor or audit team focused on the right areas, and can they identify and address key risks?
If the IA team gets mired in the status quo, it can fail to adapt to evolving threats and opportunities. By performing the same reviews and completing the same programs every year, rather than examining the entire organization, the IA team can miss new or elevated risks.
In addition, IA teams often are understaffed and overwhelmed with day-to-day operations. Audit committee members must assess the workload of the IA group. That includes making sure the team is staffed appropriately and managing procedures that align with the bank’s highest priority goals.
The audit committee should ensure that the IA team can remain informed about potential risks across the bank and that they can act as an integral part of the organization as a whole. The team should regularly collaborate with colleagues, communicate about potential risks, and engage regularly with C-level executives.
Is management able to identify and mitigate IT risk?
The pace at which information technology continues to change requires that banks must regularly evaluate its operations and risk exposure. To carry out its governance responsibilities effectively, the audit committee must begin by examining four basic areas of concerns – cybersecurity, disaster recovery, the capabilities of existing information technology systems, and any planned changes to existing systems.
The rapid adoption of cloud services means that cybersecurity is a primary concern. Cloud storage vendors and their subcontractors can be security risks. Assessing their safeguards falls under the audit committee’s purview.
The audit committee should review IT capabilities for existing systems and ask questions to understand future needs. They should ensure proper planning for scheduled changes to IT systems, taking full consideration of the immediate and long-term impact on operations. An independent readiness assessment by the audit committee can help ensure changes are executed properly and seamlessly, keeping the organization moving forward.
Is financial management positioned to address new accounting challenges, such as the new CECL standards?
Although the audit committee doesn’t have direct oversight of the accounting staff, it is responsible for accurate and timely financial reporting. It is appropriate for the audit committee to ascertain corporate readiness to implement accounting changes.
Accounting staff often concentrates on daily operations and may lack the capacity to address future challenges proactively. They may not begin planning for required changes until it’s too late. Consequently, they may not be able to meet new standards or make changes to accounting procedures in a timely manner. An outside advisory firm can augment or offer expertise and perspective that is lacking internally.
Is the staffing level in accounting appropriate for current operations and strategic initiatives under consideration?
The financial management team must make certain that the accounting staff is sufficient to handle existing and future needs. The audit committee must work with management to address staffing needs and plan appropriately to meet them. This is another case in which an outside advisory firm can boost staff on an “as-needed” basis for specific tasks or projects, rather than for all accounting functions.
Ideally, the audit committee works alongside management to assess these and other key issues. The collaboration allows for a deeper examination of the challenges and strengths of the bank, and a chance to discuss what each decision means and how it will impact the bank down the line. With this model in place, audit committee members can rise above surface analysis to provide careful, informed and involved guidance to the board of directors.
Join the conversation and receive updates of new posts
Leave A Comment