Guidance on internal audits raises stakes for banks
The internal audit at big banks has become a pressure-packed, high-stakes process. The financial crisis and aftermath has exposed lots of instances where risk management processes were lacking, exposing the bank to future harm.
But even before the financial crisis, the Fed and other regulators were pushing banks to upgrade their internal audit functions to create a more independent and more savvy view of the risks, all based on relevant data. The Fed delivered some formal guidance way back in 2003 on this issue. It wasn't until this year, however, that it updated that guidance.
According to the new and improved guidance, "An effective internal audit function is a vehicle to advance an institution's safety and soundness and compliance with consumer laws and regulations and is therefore considered as part of the supervisory review process," it noted.
The guidance also noted that, "Federal Reserve examiners will make an overall determination as to whether the internal audit function and its processes are effective or ineffective and whether examiners can potentially rely upon internal audit's work as part of the supervisory review process. If internal audit's overall processes are deemed effective, examiners may be able to rely on the work performed by internal audit depending on the nature and risk of the functions subject to examination."
While the updated guidance does not mark a radical break from the past, it does represent a lot of future work for internal audit executives.
A new report from Protiviti says that all affected institutions (mainly big banks) "will need to reassess their internal audit function in light of the supplemental guidance providing clarification of what is expected of an effectively functioning internal audit group, audit committee, board of directors, senior management and CAE."
That's no small task.