One of the best ways to prevent last-minute audit fire drills is to prepare as far in advance as possible. Planning well before an on-site audit can go a long way toward facilitating the process, eliminating any last-minute surprises, and getting more value out of your audit.
Cybersecurity, IT governance, controls over financial reporting, and data management and privacy are among the top areas on 2017 internal audit plans in North America. With so many factors to consider, planning and preparation become key.
Integrate Audit Prep Into Everyday Processes
Being proactive in preparing for an audit can also be a long-term investment rather than a short-term expense.
For example, you can conduct periodic IT audits and cybersecurity risk assessments to identify and fix security issues right away instead of discovering them only before your scheduled audit. By integrating preparations into your regular processes, you won’t need to scramble every time your next audit comes.
With a plan in place, you can ensure a less stressful and smooth auditing process. Here are key ways to prepare for annual and periodic audits.
Audit Best Practices for Financial Institutions
Preparing for an annual audit requires more than collecting data and filing documents. Follow these preparatory steps to have as painless an audit as possible:
1. Review the audit request.
Once you get the audit notice, act on it immediately. Make a note of important details such as timelines, required data, supporting documents, and reporting preferences. Ask your auditor for a checklist if it isn’t already provided, and contact them for any questions or clarifications.
2. Conduct a preliminary audit overview with your internal audit committee.
Meet with your internal audit committee to carry out a preliminary audit overview and discuss this year’s requirements. Work out a plan on how each requirement should be handled and when it should be completed.
3. Review the previous audit report.
Refer to the last audit findings report that your institution received and check if you have resolved all concerns or issues stated in the report. If there are pending items, create an action plan to address them before the on-site audit.
4. Collate all required data and supporting documents.
Pull all required information from physical and virtual sources such as financial statements, management reports, and accounting policies and practices, among others. Work with staff members and employees to locate the relevant data and furnish multiple hard copies as well as electronic copies.
5. Verify gathered data.
Cross-reference each piece of information with existing financial and transaction reports. Compare dates, numbers, signatures, and any other verifiable data with current records. If possible, use different cross-checking methods. Additionally, perform a model validation of your Bank Secrecy Act software. Your model validation should verify authorizations, calculations, inputs, outputs, processes, rules, and specifications for accuracy and effectiveness.
If there are any errors or discrepancies from what’s expected, try to reconcile them before the on-site audit. Otherwise, be ready to explain these variances to your auditor and devise a corrective strategy to resolve these errors and prevent any future occurrences.
6. Consolidate all data into an audit information package.
Once you’ve verified all required data, compile and organize them in a binder which will serve as your audit information package. Data should be presented in the format specified by your auditor — be it summary reports, raw information, or supporting documentation.
7. Conduct a compliance review with your compliance team.
An ACH annual audit requires your institution to be in accordance with NACHA requirements, while the FDIC has their own audit and reporting requirements. Is your institution compliant with the latest standards or legal requirements? Make sure that your compliance team is on top of any recent changes or updates to regulations. They should also formulate an action plan in case of any non-compliance within your organization.
8. Evaluate internal controls and applications.
The auditing process has evolved to include not only legal and regulatory compliance but also management of cybersecurity and other technology risks. Therefore, your audit plan should also involve an evaluation of the security controls you have in place and the applications used within your organization. Notify any external organizations you work with about your upcoming audit so they can prepare any details needed on their end.
9. Bring in a third-party organization to prepare for your audit.
Working with an external firm that offers audit and compliance services can save you a lot of time and effort in preparing for an audit. These highly qualified and experienced experts can provide a thorough evaluation of your systems, examine your processes, and assess your risks.
They can formulate an FFIEC-compliant business continuity plan, create an incident response program that meets NIST standards, or perform a vulnerability assessment to uncover network vulnerabilities. Moreover, they add value to the audit preparation process by providing guidance on effective controls and recommending best practices that your institution can implement.
10. Carry out a final review.
Set up a meeting with your internal audit committee and compliance team at least one month before your on-site audit. Go over the plan you created during the preliminary audit overview to ensure that all requirements have been accomplished. Resolve any open items within the month.
11. Conduct a practice run before the on-site audit.
This dry run should be done at least one week before the on-site audit. This will help your teams understand how the actual auditing process will take place and how to respond to any auditor questions or requests for additional information.
This annual undertaking doesn’t have to be painful when you have the right help. By working with a third-party organization with proven expertise in auditing and compliance, you’ll be sure to have all your bases covered with your audit preparations.
With DataComm, you have a partner who is committed to your success in handling audits with the clarity, focus, and streamlined effort you’ve always worked to achieve. Get in touch with us today to learn more about how we can help make your audit process run smoothly.