64 FR 5709- Interagency Policy Statement on External Auditing Programs of Banks and Savings Associations

FIL9996.pdf

External Audits

64 FR 5709- Interagency Policy Statement on External Auditing Programs of Banks and Savings Associations

OMB: 3064-0113

Document [pdf]
Download: pdf | pdf
57094

Federal Register / Vol. 64, No. 204 / Friday, October 22, 1999 / Notices

Dated: October 14, 1999.
Michael B. Cook,
Director, Office of Wastewater Management.
[FR Doc. 99–27677 Filed 10–21–99; 8:45 am]
BILLING CODE 6560–50–U

FEDERAL DEPOSIT INSURANCE
CORPORATION
Rescission of Policy Statement
Regarding Independent External
Auditing Programs of State
Nonmember Banks, and Adoption of
the Interagency Policy Statement on
External Auditing Programs of Banks
and Savings Associations
Federal Deposit Insurance
Corporation (FDIC or Corporation).
ACTION: Rescission of a Policy Statement
and Adoption of an Interagency Policy
Statement.
AGENCY:

SUMMARY: In an effort to provide
consistent guidance for banks and
savings associations regardless of their
primary federal supervisor, the FDIC is
rescinding its Statement of Policy
Regarding Independent External
Auditing Programs of State Nonmember
Banks (Current Policy Statement) and
concurrently adopting the Interagency
Policy Statement on External Auditing
Programs of Banks and Savings
Associations (Interagency Policy
Statement). Both policy statements
encourage institutions to adopt an
annual external auditing program,
preferably an audit by an independent
public accountant, and to establish an
audit committee composed entirely of
outside directors, where practicable. In
addition, the Interagency Policy
Statement includes two alternatives to
an audit by an independent public
accountant for institutions not subject to
the audit requirement in section 36 of
the Federal Deposit Insurance Act (FDI
Act). The alternatives consist of (1) An
attestation report on internal control
over specified schedules of the
institution’s regulatory reports or (2) A
report on the institution’s balance sheet.
Both must be performed by an
independent public accountant.
The Interagency Policy Statement also
includes guidance regarding the
responsibilities of boards of directors,
audit committees, and senior
management with respect to external
auditing programs; the attributes and
types of external auditing programs; and
the review of external auditing programs
by examiners.
DATES: The Current Policy Statement is
rescinded and the Interagency Policy
Statement is effective for fiscal years
beginning on or after January 1, 2000.

FOR FURTHER INFORMATION CONTACT:
Doris L. Marsh, Examination Specialist,
Division of Supervision, (202) 898–
8905, or A. Ann Johnson, Counsel, Legal
Division, (202) 898–3573, FDIC, 550
17th Street, NW, Washington, DC 20429.
SUPPLEMENTARY INFORMATION:

I. Background
The FDIC first adopted guidance on
external auditing programs in its Policy
Statement Regarding Independent
External Auditing Programs of State
Nonmember Banks in 1988 (53 FR
47871, November 28, 1988). In 1996, the
FDIC reviewed the Current Policy
Statement pursuant to section 303(a) of
the Riegle Community Development and
Regulatory Improvement Act of 1994
and adopted several amendments to
eliminate inconsistencies and outdated
requirements (61 FR 32438, June 24,
1996).
The Federal Financial Institutions
Examination Council (FFIEC), on behalf
of the Board of Governors of the Federal
Reserve System (FRB), the Federal
Deposit Insurance Corporation (FDIC),
the Office of the Comptroller of the
Currency (OCC), and the Office of Thrift
Supervision (OTS), collectively referred
to as the ‘‘banking agencies’’ or the
‘‘agencies,’’ have each provided
guidance on external audits to their
supervised institutions, but a uniform
policy did not exist. Under the auspices
of the FFIEC, the agencies sought public
comment on a proposed policy
statement on External Auditing
Programs of Banks and Savings
Associations in February 1998 (63 FR
7796, February 17, 1998). The FFIEC
received approximately 120 letters
commenting on the proposed policy
statement, and it revised the policy
statement after considering the
comments. On August 19, 1999, the
FFIEC approved the Interagency Policy
Statement on External Auditing
Programs of Banks and Savings
Associations (Policy Statement) (64 FR
52319, September 28, 1999) and
recommended that the banking agencies
adopt it.1
II. Rescission of the Current Policy
Statement and Adoption of the
Interagency Policy Statement
In order to minimize burden on
institutions and holding companies and
in the spirit of section 303 of the Riegle
Community Development and
Regulatory Improvement Act of 1994,
the banking agencies seek to provide
consistent and uniform guidance for
1 The National Credit Union Administration
(NCUA), also a member of the FFIEC, is not
adopting the policy.

supervised institutions. The banking
agencies believe that an independent
external audit provides reasonable
assurance that an institution’s financial
statements are prepared in accordance
with generally accepted accounting
principles (GAAP). Accordingly, the
banking agencies recommend that every
institution have an external auditing
program.
To provide explicit guidance to
institutions regarding these programs,
the FFIEC approved a uniform
Interagency Policy Statement on August
19, 1999. The FFIEC recommended to
the banking agencies that they
individually adopt the policy. Thus, the
FDIC must replace its Current Policy
Statement with the Interagency Policy
Statement in order to achieve
uniformity in this area.
III. Comparison of the Current and
Interagency Policy Statements
For the most part, both the Current
Policy Statement and the Interagency
Policy Statement provide similar
guidance. Both encourage each
institution to have an annual audit of its
financial statements performed by an
independent public accountant. The
Interagency Policy Statement also
describes two alternatives to an audit
that an institution may elect to have
performed annually in order to have an
acceptable external auditing program.
These alternatives, which must be
performed by an independent public
accountant, are an attestation on
internal control over financial reporting
on certain schedules of the Reports of
Condition and Income (Call Report) and
an audit of the institution’s balance
sheet. The Interagency Policy Statement
further indicates that for a smaller
institution with less complex
operations, the attestation on internal
control may be less costly than an audit
of its financial statements or its balance
sheet and provide more useful
information to management. Neither
policy precludes the use of agreed-upon
procedures/state-required examinations
as an external auditing program.
Both policy statements include
sections discussing their applicability to
institutions that are part of a holding
company, newly chartered institutions,
and institutions presenting supervisory
concern. In addition, both policies
recommend that each institution have
an audit committee consisting entirely
of outside directors, unless
impracticable.
Banks and savings associations
(institutions) with $500 million or more
in total assets must have an annual
audit performed by an independent
public accountant under section 36 of

Federal Register / Vol. 64, No. 204 / Friday, October 22, 1999 / Notices
the Federal Deposit Insurance Act (FDI
Act), as implemented by 12 CFR part
363. Thus, both policy statements are
directed toward institutions below that
threshold that are not otherwise subject
to audit requirements.
The two policies differ in the extent
of guidance provided rather than the
content of the guidance. Accordingly,
the Interagency Policy Statement
includes some guidance regarding
independent external auditing programs

that is lacking in the Current Policy
Statement. For example, it discusses the
responsibilities of boards of directors,
audit committees, and senior
management in more detail than the
Current Policy Statement. It also
describes the attributes and types of
external auditing programs available
and includes a short description of each.
Guidance on what examiners will be
evaluating in their review of external
auditing programs is also included in

57095

the Interagency Policy Statement. This
policy statement also recommends that
examiners have access to the auditor’s
workpapers concerning the auditing
engagement.
The following table shows the number
and section title of each of the
paragraphs in the Current Policy
Statement and the section title of the
corresponding provision in the
Interagency Policy Statement:

PARAGRAPH CONVERSION TABLE
Current policy
paragaraph No.

Current policy statement: section title

Interagency policy statement: section title

1–3 .......................
4 ...........................
5 ...........................
6 ...........................

Introduction ..............................................................................
State Nonmember Banks Not Subject to Part 363 .................
..................................................................................................
..................................................................................................

7 ...........................

Audit by an Independent Public Accountant ...........................

8 ...........................
9–10 .....................
11 .........................
12–13 ...................
14 .........................
15 .........................

..................................................................................................
Alternatives to a Financial Statement Audit ............................
Newly Insured Banks ..............................................................
Notification and Submission of Reports ..................................
Holding Company Subsidiaries ...............................................
Troubled Banks .......................................................................

Appendix A ..........

Definitions ................................................................................

Introduction.
Introduction.
Overview of the External Auditing Program Audit Committee.
Examiner Guidance Review of the External Auditing Program.
External Auditing Programs Types of External Auditing Programs.
External Auditing Programs Other Considerations—Timing.
External Auditing Programs External Auditing Programs.
Special Situations Newly Insured Institutions.
Examiner Guidance Access to Reports.
Special Situations Holding Company Subsidiaries.
Special Situations Institutions Presenting Supervisory Concerns.
Appendix A—Definitions.

The Interagency Policy Statement
instructs institutions to provide copies
of reports pertaining to the external
auditing program, including any
management letters, to the agencies and
any state authority in accordance with
their appropriate supervisory office’s
guidance. The FDIC requests that each
state nonmember bank furnish a copy of
any reports by the independent public
accountant pertaining to the bank’s
external auditing program (regardless of
the scope) to the appropriate FDIC
regional office as soon as possible after
the report is received by the bank. In
addition, the FDIC requests each bank to
promptly notify the appropriate FDIC
regional office when any independent
public accountant is initially engaged to
perform external auditing work and
when a change in, or termination of, its
independent public accountant occurs.
IV. Paperwork Reduction Act
In accordance with the Paperwork
Reduction Act of 1995 (PRA), the FDIC
may not conduct or sponsor, and the
respondent is not required to respond
to, an information collection that does
not display a currently valid Office of
Management and Budget (OMB) control
number. The FDIC submitted to OMB a
request for approval of the information
collection requested by this policy

statement (64 FR 55926, October 15,
1999).
V. Rescission and Adoption of Policy
Statements
For the reasons set forth in the
preamble, the Board of Directors of the
FDIC hereby rescinds the FDIC’s Policy
Statement Regarding Independent
External Auditing Programs of State
Nonmember Banks and adopts the
Interagency Policy Statement on
External Auditing Programs of Banks
and Savings Associations.
The text of the Interagency Policy
Statement follows:
Interagency Policy Statement On
External Auditing Programs of Banks
and Savings Associations
Introduction
The board of directors and senior
managers of a banking institution or
savings association (institution) are
responsible for ensuring that the
institution operates in a safe and sound
manner. To achieve this goal and meet
the safety and soundness guidelines
implementing section 39 of the Federal
Deposit Insurance Act (FDI Act) (12
U.S.C. 1831p-1),1 the institution should
1 See 12 CFR part 30 for national banks; 12 CFR
part 364 for state nonmember banks; 12 CFR part
208 for state member banks; and 12 CFR part 510
for savings associations.

maintain effective systems and internal
control 2 to produce reliable and
accurate financial reports.
Accurate financial reporting is
essential to an institution’s safety and
soundness for numerous reasons. First,
accurate financial information enables
management to effectively manage the
institution’s risks and make sound
business decisions. In addition,
institutions are required by law 3 to
provide accurate and timely financial
reports (e.g., Reports of Condition and
Income [Call Reports] and Thrift
Financial Reports) to their appropriate
regulatory agency. These reports serve
an important role in the agencies’ 4 riskfocused supervision programs by
contributing to their pre-examination
planning, off-site monitoring programs,
and assessments of an institution’s
capital adequacy and financial strength.
Further, reliable financial reports are
necessary for the institution to raise
capital. They provide data to
stockholders, depositors and other
2 This Policy Statement provides guidance
consistent with the guidance established in the
‘‘Interagency Policy Statement on the Internal Audit
Function and its Outsourcing.’’
3 See 12 U.S.C. 161 for national banks; 12 U.S.C.
1817a for state nonmember banks; 12 U.S.C. 324 for
state member banks; and 12 U.S.C. 1464(v) for
savings associations.
4 Terms defined in appendix A are italicized the
first time they appear in this policy statement.

57096

Federal Register / Vol. 64, No. 204 / Friday, October 22, 1999 / Notices

funds providers, borrowers, and
potential investors on the company’s
financial position and results of
operations. Such information is critical
to effective market discipline of the
institution.
To help ensure accurate and reliable
financial reporting, the agencies
recommend that the board of directors
of each institution establish and
maintain an external auditing program.
An external auditing program should be
an important component of an
institution’s overall risk management
process. For example, an external
auditing program complements the
internal auditing function of an
institution by providing management
and the board of directors with an
independent and objective view of the
reliability of the institution’s financial
statements and the adequacy of its
financial reporting internal controls.
Additionally, an effective external
auditing program contributes to the
efficiency of the agencies’ risk-focused
examination process. By considering the
significant risk areas of an institution,
an effective external auditing program
may reduce the examination time the
agencies spend in such areas. Moreover,
it can improve the safety and soundness
of an institution substantially and lessen
the risk the institution poses to the
insurance funds administered by the
FDIC.
This policy statement outlines the
characteristics of an effective external
auditing program and provides
examples of how an institution can use
an external auditor to help ensure the
reliability of its financial reports. It also
provides guidance on how an examiner
may assess an institution’s external
auditing program. In addition, this
policy statement provides specific
guidance on external auditing programs
for institutions that are holding
company subsidiaries, newly insured
institutions, and institutions presenting
supervisory concerns.
The adoption of a financial statement
audit or other specified type of external
auditing program is generally only
required in specific circumstances. For
example, insured depository institutions
covered by section 36 of the FDI Act (12
U.S.C. 1831m), as implemented by part
363 of the FDIC’s regulations (12 CFR
part 363), are required to have an
external audit and an audit committee.
Therefore, this policy statement is
directed toward banks and savings
associations which are exempt from part
363 (i.e., institutions with less than
$500 million in total assets at the
beginning of their fiscal year) or are not
otherwise subject to audit requirements

by order, agreement, statute, or agency
regulations.
Overview of External Auditing
Programs
Responsibilities of the Board of
Directors
The board of directors of an
institution is responsible for
determining how to best obtain
reasonable assurance that the
institution’s financial statements and
regulatory reports are reliably prepared.
In this regard, the board is also
responsible for ensuring that its external
auditing program is appropriate for the
institution and adequately addresses the
financial reporting aspects of the
significant risk areas and any other areas
of concern of the institution’s business.
To help ensure the adequacy of its
internal and external auditing programs,
the agencies encourage the board of
directors of each institution that is not
otherwise required to do so to establish
an audit committee consisting entirely
of outside directors.5 However, if this is
impracticable, the board should
organize the audit committee so that
outside directors constitute a majority of
the membership.
Audit Committee
The audit committee or board of
directors is responsible for identifying at
least annually the risk areas of the
institution’s activities and assessing the
extent of external auditing involvement
needed over each area. The audit
committee or board is then responsible
for determining what type of external
auditing program will best meet the
institution’s needs (refer to the
descriptions under ‘‘Types of External
Auditing Programs’’).
When evaluating the institution’s
external auditing needs, the board or
audit committee should consider the
size of the institution and the nature,
scope, and complexity of its operations.
It should also consider the potential
benefits of an audit of the institution’s
financial statements or an examination
of the institution’s internal control
structure over financial reporting, or
both. In addition, the board or audit
committee may determine that
additional or specific external auditing
procedures are warranted for a
particular year or several years to cover
areas of particularly high risk or special
concern. The reasons supporting these
5 Institutions with $500 million or more in total
assets must establish an independent audit
committee made up of outside directors who are
independent of management. See 12 U.S.C.
1831m(g)(1) and 12 CFR 363.5.

decisions should be recorded in the
committee’s or board’s minutes.
If, in its annual consideration of the
institution’s external auditing program,
the board or audit committee
determines, after considering its
inherent limitations, that an agreedupon procedures/state-required
examination is sufficient, they should
also consider whether an independent
public accountant should perform the
work. When an independent public
accountant performs auditing and
attestation services, the accountant must
conduct his or her work under, and may
be held accountable for departures from,
professional standards. Furthermore,
when the external auditing program
includes an audit of the financial
statements, the board or audit
committee obtains an opinion from the
independent public accountant stating
whether the financial statements are
presented fairly, in all material respects,
in accordance with generally accepted
accounting principles (GAAP). When
the external auditing program includes
an examination of the internal control
structure over financial reporting, the
board or audit committee obtains an
opinion from the independent public
accountant stating whether the financial
reporting process is subject to any
material weaknesses.
Both the staff performing an internal
audit function and the independent
public accountant or other external
auditor should have unrestricted access
to the board or audit committee without
the need for any prior management
knowledge or approval. Other duties of
an audit committee may include
reviewing the independence of the
external auditor annually, consulting
with management, seeking an opinion
on an accounting issue, and overseeing
the quarterly regulatory reporting
process. The audit committee should
report its findings periodically to the
full board of directors.
External Auditing Programs
Basic Attributes
External auditing programs should
provide the board of directors with
information about the institution’s
financial reporting risk areas, e.g., the
institution’s internal control over
financial reporting, the accuracy of its
recording of transactions, and the
completeness of its financial reports
prepared in accordance with GAAP.
The board or audit committee of each
institution at least annually should
review the risks inherent in its
particular activities to determine the
scope of its external auditing program.
For most institutions, the lending and

57097

Federal Register / Vol. 64, No. 204 / Friday, October 22, 1999 / Notices
investment securities activities present
the most significant risks that affect
financial reporting. Thus, external
auditing programs should include
specific procedures designed to test at
least annually the risks associated with
the loan and investment portfolios. This
includes testing of internal control over
financial reporting, such as
management’s process to determine the
adequacy of the allowance for loan and
lease losses and whether this process is
based on a comprehensive, adequately
documented, and consistently applied
analysis of the institution’s loan and
lease portfolio.
An institution or its subsidiaries may
have other significant financial
reporting risk areas such as material real
estate investments, insurance
underwriting or sales activities,
securities broker-dealer or similar
activities (including securities
underwriting and investment advisory
services), loan servicing activities, or
fiduciary activities. The external
auditing program should address these
and other activities the board or audit
committee determines present
significant financial reporting risks to
the institution.
Types of External Auditing Programs
The agencies consider an annual audit
of an institution’s financial statements
performed by an independent public
accountant to be the preferred type of

external auditing program. The agencies
also consider an annual examination of
the effectiveness of the internal control
structure over financial reporting or an
audit of an institution’s balance sheet,
both performed by an independent
public accountant, to be acceptable
alternative external auditing programs.
However, the agencies recognize that
some institutions only have agreedupon procedures/state-required
examinations performed annually as
their external auditing program.
Regardless of the option chosen, the
board or audit committee should agree
in advance with the external auditor on
the objectives and scope of the external
auditing program.
Financial Statement Audit by an
Independent Public Accountant. The
agencies encourage all institutions to
have an external audit performed in
accordance with generally accepted
auditing standards (GAAS). The audit’s
scope should be sufficient to enable the
auditor to express an opinion on the
institution’s financial statements taken
as a whole.
A financial statement audit provides
assurance about the fair presentation of
an institution’s financial statements. In
addition, an audit may provide
recommendations for management in
carrying out its control responsibilities.
For example, an audit may provide
management with guidance on
establishing or improving accounting

and operating policies and
recommendations on internal control
(including internal auditing programs)
necessary to ensure the fair presentation
of the financial statements.
Reporting by an Independent Public
Accountant on an Institution’s Internal
Control Structure Over Financial
Reporting. Another external auditing
program is an independent public
accountant’s examination and report on
management’s assertion on the
effectiveness of the institution’s internal
control over financial reporting. For a
smaller institution with less complex
operations, this type of engagement is
likely to be less costly than an audit of
its financial statements or its balance
sheet. It would specifically provide
recommendations for improving
internal control, including suggestions
for compensating controls, to mitigate
the risks due to staffing and resource
limitations.
Such an attestation engagement may
be performed for all internal controls
relating to the preparation of annual
financial statements or specified
schedules of the institution’s regulatory
reports.6 This type of engagement is
performed under generally accepted
standards for attestation engagements
(GASAE).7
Note: For banks and savings associations,
the lending, investment securities, trading,
and off-balance sheet schedules consist of:

Area schedules

Reports of condition
and income
schedules

Loans and Lease Financing Receivables ............................................................................................
Past Due and Nonaccrual Loans, Leases, and Other Assets .............................................................
Allowance for Credit Losses ................................................................................................................
Securities ..............................................................................................................................................
Trading Assets and Liabilities ..............................................................................................................
Off-Balance Sheet Items ......................................................................................................................

RC–C, Part I ...........
RC–N ......................
RI–B ........................
RC–B .......................
RC–D ......................
RC–L .......................

Thrift financial
report
SC, CF.
PD.
SC, VA.
SC, SI, CF.
SO, SI.
SI, CMR.

Balance Sheet Audit Performed by an
Independent Public Accountant. With
this program, the institution engages an
independent public accountant to
examine and report only on the balance
sheet. As with the audit of the financial
statements, this audit is performed in
accordance with GAAS. The cost of a
balance sheet audit is likely to be less
than a financial statement audit.
However, under this type of program,

the accountant does not examine or
report on the fairness of the presentation
of the institution’s income statement,
statement of changes in equity capital,
or statement of cash flows.
Agreed-Upon Procedures/StateRequired Examinations. Some statechartered depository institutions are
required by state statute or regulation to
have specified procedures performed
annually by their directors or

independent persons.8 The bylaws of
many national banks also require that
some specified procedures be performed
annually by directors or others,
including internal or independent
persons. Depending upon the scope of
the engagement, the cost of agreed-upon
procedures or a state-required
examination may be less than the cost
of an audit. However, under this type of
program, the independent auditor does

6 Since the lending and investment securities
activities generally present the most significant
risks that affect an institution’s financial reporting,
management’s assertion and the accountant’s
attestation generally should cover those regulatory
report schedules. If the institution has trading or
off-balance sheet activities that present material
financial reporting risks, the board or audit
committee should ensure that the regulatory report

schedules for those activities also are covered by
management’s assertion and the accountant’s
attestation. (See Note.) However, the schedules
listed in the Note are not intended to address all
possible risks in an institution.
7 An attestation engagement is not an audit. It is
performed under different professional standards
than an audit of an institution’s financial statements
or its balance sheet.

8 When performed by an independent public
accountant, ‘‘specified procedures’’ and ‘‘agreedupon procedures’’ engagements are performed
under standards, which are different professional
standards than those used for an audit of an
institution’s financial statements or its balance
sheet.

57098

Federal Register / Vol. 64, No. 204 / Friday, October 22, 1999 / Notices

not report on the fairness of the
institution’s financial statements or
attest to the effectiveness of the internal
control structure over financial
reporting. The findings or results of the
procedures are usually presented to the
board or the audit committee so that
they may draw their own conclusions
about the quality of the financial
reporting or the sufficiency of internal
control.
When choosing this type of external
auditing program, the board or audit
committee is responsible for
determining whether these procedures
meet the external auditing needs of the
institution, considering its size and the
nature, scope, and complexity of its
business activities. For example, if an
institution’s external auditing program
consists solely of confirmations of
deposits and loans, the board or
committee should consider expanding
the scope of the auditing work
performed to include additional
procedures to test the institution’s high
risk areas. Moreover, a financial
statement audit, an examination of the
effectiveness of the internal control
structure over financial reporting, and a
balance sheet audit may be accepted in
some states and for national banks in
lieu of agreed-upon procedures/staterequired examinations.
Other Considerations
Timing. The preferable time to
schedule the performance of an external
auditing program is as of an institution’s
fiscal year-end. However, a quarter-end
date that coincides with a regulatory
report date provides similar benefits.
Such an approach allows the institution
to incorporate the results of the external
auditing program into its regulatory
reporting process and, if appropriate,
amend the regulatory reports.
External Auditing Staff. The agencies
encourage an institution to engage an
independent public accountant to
perform its external auditing program.
An independent public accountant
provides a nationally recognized
standard of knowledge and objectivity
by performing engagements under
GAAS or GASAE. The firm or
independent person selected to conduct
an external auditing program and the
staff carrying out the work should have
experience with financial institution
accounting and auditing or similar
expertise and should be knowledgeable
about relevant laws and regulations.
Special Situations
Holding Company Subsidiaries
When an institution is owned by
another entity (such as a holding

company), it may be appropriate to
address the scope of its external audit
program in terms of the institution’s
relationship to the consolidated group.
In such cases, if the group’s
consolidated financial statements for the
same year are audited, the agencies
generally would not expect the
subsidiary of a holding company to
obtain a separate audit of its financial
statements. Nevertheless, the board of
directors or audit committee of the
subsidiary may determine that its
activities involve significant risks to the
subsidiary that are not within the
procedural scope of the audit of the
financial statements of the consolidated
entity. For example, the risks arising
from the subsidiary’s activities may be
immaterial to the financial statements of
the consolidated entity, but material to
the subsidiary. Under such
circumstances, the audit committee or
board of the subsidiary should consider
strengthening the internal audit
coverage of those activities or
implementing an appropriate alternative
external auditing program.
Newly Insured Institutions
Under the FDIC Statement of Policy
on Applications for Deposit Insurance,
applicants for deposit insurance
coverage are expected to commit the
depository institution to obtain annual
audits by an independent public
accountant once it begins operations as
an insured institution and for a limited
period thereafter.
Institutions Presenting Supervisory
Concerns
As previously noted, an external
auditing program complements the
agencies’ supervisory process and the
institution’s internal auditing program
by identifying or further clarifying
issues of potential concern or exposure.
An external auditing program also can
greatly assist management in taking
corrective action, particularly when
weaknesses are detected in internal
control or management information
systems affecting financial reporting.
The agencies may require a financial
institution presenting safety and
soundness concerns to engage an
independent public accountant or other
independent external auditor to perform
external auditing services.9 Supervisory
concerns may include:
• Inadequate internal control,
including the internal auditing program;
9 The Office of Thrift Supervision requires an
external audit by an independent public accountant
for savings associations with a composite rating of
3, 4, or 5 under the Uniform Financial Institution
Rating System, and on a case-by-case basis.

• A board of directors generally
uninformed about internal control;
• Evidence of insider abuse;
• Known or suspected defalcations;
• Known or suspected criminal
activity;
• Probable director liability for losses;
• The need for direct verification of
loans or deposits;
• Questionable transactions with
affiliates; or
• The need for improvements in the
external auditing program.
The agencies may also require that the
institution provide its appropriate
supervisory office with a copy of any
reports, including management letters,
issued by the independent public
accountant or other external auditor.
They also may require the institution to
notify the supervisory office prior to any
meeting with the independent public
accountant or other external auditor at
which auditing findings are to be
presented.
Examiner Guidance
Review of the External Auditing
Program
The review of an institution’s external
auditing program is a normal part of the
agencies’ examination procedures. An
examiner’s evaluation of, and any
recommendations for improvements in,
an institution’s external auditing
program will consider the institution’s
size; the nature, scope, and complexity
of its business activities; its risk profile;
any actions taken or planned by it to
minimize or eliminate identified
weaknesses; the extent of its internal
audit program; and any compensating
controls in place. Examiners will
exercise judgment and discretion in
evaluating the adequacy of an
institution’s external auditing program.
Specifically, examiners will consider
the policies, processes, and personnel
surrounding an institution’s external
auditing program in determining
whether:
• The board of directors or its audit
committee adequately reviews and
approves external auditing program
policies at least annually.
• The external auditing program is
conducted by an independent public
accountant or other independent auditor
and is appropriate for the institution.
• The engagement letter covering
external auditing activities is adequate.
• The report prepared by the auditor
on the results of the external auditing
program adequately explains the
auditor’s findings.
• The external auditor maintains
appropriate independence regarding
relationships with the institution under
relevant professional standards.

Federal Register / Vol. 64, No. 204 / Friday, October 22, 1999 / Notices
• The board of directors performs due
diligence on the relevant experience and
competence of the independent auditor
and staff carrying out the work (whether
or not an independent public
accountant is engaged).
• The board or audit committee
minutes reflect approval and monitoring
of the external auditing program and
schedule, including board or committee
reviews of audit reports with
management and timely action on audit
findings and recommendations.

Significant developments regarding the
external auditing program should be
communicated promptly to the
appropriate supervisory office.
Examples of those developments
include the hiring of an independent
public accountant or other third party to
perform external auditing work and a
change in, or termination of, an
independent public accountant or other
external auditor.

Access to Reports
Management should provide the
independent public accountant or other
auditor with access to all examination
reports and written communication
between the institution and the agencies
or state bank supervisor since the last
external auditing activity. Management
also should provide the accountant with
access to any supervisory memoranda of
understanding, written agreements,
administrative orders, reports of action
initiated or taken by a federal or state
banking agency under section 8 of the
FDI Act (or a similar state law), and
proposed or ordered assessments of civil
money penalties against the institution
or an institution-related party, as well as
any associated correspondence. The
auditor must maintain the
confidentiality of examination reports
and other confidential supervisory
information.
In addition, the independent public
accountant or other auditor of an
institution should agree in the
engagement letter to grant examiners
access to all the accountant’s or
auditor’s workpapers and other material
pertaining to the institution prepared in
the course of performing the completed
external auditing program.
Institutions should provide reports 10
issued by the independent public
accountant or other auditor pertaining
to the external auditing program,
including any management letters, to
the agencies and any state authority in
accordance with their appropriate
supervisory office’s guidance.11

Agencies. The agencies are the Board of
Governors of the Federal Reserve System
(FRB), the Federal Deposit Insurance
Corporation (FDIC), the Office of the
Comptroller of the Currency (OCC), and the
Office of Thrift Supervision (OTS).
Appropriate supervisory office. The
regional or district office of the institution’s
primary federal banking agency responsible
for supervising the institution or, in the case
of an institution that is part of a group of
related insured institutions, the regional or
district office of the institution’s federal
banking agency responsible for monitoring
the group. If the institution is a subsidiary of
a holding company, the term ‘‘appropriate
supervisory office’’ also includes the federal
banking agency responsible for supervising
the holding company. In addition, if the
institution is state-chartered, the term
‘‘appropriate supervisory office’’ includes the
appropriate state bank or savings association
regulatory authority.
Audit. An examination of the financial
statements, accounting records, and other
supporting evidence of an institution
performed by an independent certified or
licensed public accountant in accordance
with generally accepted auditing standards
(GAAS) and of sufficient scope to enable the
independent public accountant to express an
opinion on the institution’s financial
statements as to their presentation in
accordance with generally accepted
accounting principles (GAAP).
Audit committee. A committee of the board
of directors whose members should, to the
extent possible, be knowledgeable about
accounting and auditing. The committee
should be responsible for reviewing and
approving the institution’s internal and
external auditing programs or recommending
adoption of these programs to the full board.
Balance sheet audit performed by an
independent public accountant. An
examination of an institution’s balance sheet
and any accompanying footnotes performed
and reported on by an independent public
accountant in accordance with GAAS and of
sufficient scope to enable the independent
public accountant to express an opinion on
the fairness of the balance sheet presentation
in accordance with GAAP.
Engagement letter. A letter from an
independent public accountant to the board

10 The institution’s engagement letter is not a
‘‘report’’ and is not expected to be submitted to the
appropriate supervisory office unless specifically
requested by that office.
11 When an institution’s financial information is
included in the audited consolidated financial
statements of its parent company, the institution
should provide a copy of the audited financial
statements of the consolidated company and any
other reports by the independent public accountant
in accordance with their appropriate supervisory
office’s guidance. If several institutions are owned
by one parent company, a single copy of the reports
may be supplied in accordance with the guidance
of the appropriate supervisory office of each agency
supervising one or more of the affiliated institutions
and the holding company. A transmittal letter

Appendix A—Definitions

should identify the institutions covered. Any
notifications of changes in, or terminations of, a
consolidated company’s independent public
accountant may be similarly supplied to the
appropriate supervisory office of each supervising
agency.

57099

of directors or audit committee of an
institution that usually addresses the purpose
and scope of the external auditing work to be
performed, period of time to be covered by
the auditing work, reports expected to be
rendered, and any limitations placed on the
scope of the auditing work.
Examination of the internal control
structure over financial reporting. See
Reporting by an Independent Public
Accountant on an Institution’s Internal
Control Structure Over Financial Reporting.
External auditing program. The
performance of procedures to test and
evaluate high risk areas of an institution’s
business by an independent auditor, who
may or may not be a public accountant,
sufficient for the auditor to be able to express
an opinion on the financial statements or to
report on the results of the procedures
performed.
Financial statement audit by an
independent public accountant. See Audit.
Financial statements. The statements of
financial position (balance sheet), income,
cash flows, and changes in equity together
with related notes.
Independent public accountant. An
accountant who is independent of the
institution and registered or licensed to
practice, and holds himself or herself out, as
a public accountant, and who is in good
standing under the laws of the state or other
political subdivision of the United States in
which the home office of the institution is
located. The independent public accountant
should comply with the American Institute
of Certified Public Accountants’ (AICPA)
Code of Professional Conduct and any related
guidance adopted by the Independence
Standards Board and the agencies. No
certified public accountant or public
accountant will be recognized as
independent who is not independent both in
fact and in appearance.
Internal auditing. An independent
assessment function established within an
institution to examine and evaluate its
system of internal control and the efficiency
with which the various units of the
institution are carrying out their assigned
tasks. The objective of internal auditing is to
assist the management and directors of the
institution in the effective discharge of their
responsibilities. To this end, internal
auditing furnishes management with
analyses, evaluations, recommendations,
counsel, and information concerning the
activities reviewed.
Outside directors. Members of an
institution’s board of directors who are not
officers, employees, or principal stockholders
of the institution, its subsidiaries, or its
affiliates, and who do not have any material
business dealings with the institution, its
subsidiaries, or its affiliates.
Regulatory reports. These reports are the
Reports of Condition and Income (Call
Reports) for banks, Thrift Financial Reports
(TFRs) for savings associations, Federal
Reserve (FR) Y reports for bank holding
companies, and the H–(b)11 Annual Report
for thrift holding companies.
Reporting by an independent public
accountant on an institution’s internal
control structure over financial reporting.

57100

Federal Register / Vol. 64, No. 204 / Friday, October 22, 1999 / Notices

Under this engagement, management
evaluates and documents its review of the
effectiveness of the institution’s internal
control over financial reporting in the
identified risk areas as of a specific report
date. Management prepares a written
assertion, which specifies the criteria on
which management based its evaluation
about the effectiveness of the institution’s
internal control over financial reporting in
the identified risk areas and states
management’s opinion on the effectiveness of
internal control over this specified financial
reporting. The independent public
accountant is engaged to perform tests on the
internal control over the specified financial
reporting in order to attest to management’s
assertion. If the accountant concurs with
management’s assertion, even if the assertion
discloses one or more instances of material
internal control weakness, the accountant
would provide a report attesting to
management’s assertion.
Risk areas. Those particular activities of an
institution that expose it to greater potential
losses if problems exist and go undetected.
The areas with the highest financial reporting
risk in most institutions generally are their
lending and investment securities activities.
Specified procedures. Procedures agreedupon by the institution and the auditor to test
its activities in certain areas. The auditor
reports findings and test results, but does not
express an opinion on controls or balances.
If performed by an independent public
accountant, these procedures should be
performed under generally accepted
standards for attestation engagements
(GASAE).
By order of the Board of Directors.
Dated at Washington, DC this 15th day of
October, 1999.
Federal Deposit Insurance Corporation.
Robert E. Feldman,
Executive Secretary.
[FR Doc. 99–27588 Filed 10–21–99; 8:45 am]
BILLING CODE 6714–01–P

FEDERAL RESERVE SYSTEM
Sunshine Act Meeting
Board of
Governors of the Federal Reserve
System.
TIME AND DATE: 10 a.m., Wednesday,
October 27, 1999.
PLACE: Marriner S. Eccles Federal
Reserve Board Building, 20th and C
Streets, N.W., Washington, DC 20551.
STATUS: Closed.
MATTERS TO BE CONSIDERED:
1. Personnel actions (appointments,
promotions, assignments,
reassignments, and salary actions)
involving individual Federal Reserve
System employees.
2. Any matters carried forward from a
previously announced meeting.
CONTACT PERSON FOR MORE INFORMATION:
Lynn S. Fox, Assistant to the Board;
202–452–3204.
AGENCY HOLDING THE MEETING:

You may
call 202–452–3206 beginning at
approximately 5 p.m. two business days
before the meeting for a recorded
announcement of bank and bank
holding company applications
scheduled for the meeting; or you may
contact the Board’s Web site at http://
www.federalreserve.gov for an
electronic announcement that not only
lists applications, but also indicates
procedural and other information about
the meeting.

SUPPLEMENTARY INFORMATION:

Dated: October 20, 1999.
Robert deV. Frierson,
Associate Secretary of the Board.
[FR Doc. 99–27735 Filed 10–20–99; 11:52
am]
BILLING CODE 6210–01–P

DEPARTMENT OF HEALTH AND
HUMAN SERVICES
Agency for Toxic Substances and
Disease Registry
Research Agenda Subcommittee of the
Board of Scientific Counselors,
Agency for Toxic Substances and
Disease Registry: Meeting
In accordance with section 10(a)(2) of
the Federal Advisory Committee Act
(Pub. L. 92–463), the Agency for Toxic
Substances and Disease Registry
(ATSDR) announces the following
subcommittee meeting.
Name: Research Agenda
Subcommittee of the Board of Scientific
Counselors.
Time and Date: 8:30 a.m.–4:10 p.m.,
November 3, 1999.
Place: Radisson Inn Hotel, 2061 North
Druid Hills Road, Atlanta, Georgia
30329, telephone 404/321–4174.
Status: Open to the public, limited by
the available space. The meeting room
accommodates approximately 60
people.
Purpose: This subcommittee will meet
to obtain individual advice and
comments regarding the formation of
ATSDR’s Five-Year Environmental
Public Health Research Agenda from
scientific and public health partners and
community and tribal constituents.
Matters To Be Discussed: Agenda
items will include an overview of
ATSDR’s Research Program; discussions
on exposure assessment; evaluation and
surveillance of health effects; evaluation
of chemical mixtures; health promotion
and intervention; children, minorities,
and other special populations; and
special issues concerning tribes and
communities which will help to identify
research needs.

Written comments are welcome and
should be received by the contact
person listed below prior to the opening
of the meeting.
Agenda items are subject to change as
priorities dictate.
Contact Person for More Information:
Robert F. Spengler, Sc.D., Executive
Secretary, BSC, ATSDR, M/S E–28, 1600
Clifton Road, NE, Atlanta, Georgia
30333, telephone 404/639–0708.
The Director, Management Analysis
and Services Office, has been delegated
the authority to sign Federal Register
notices pertaining to announcements of
meetings and other committee
management activities, for both the
Centers for Disease Control and
Prevention and the Agency for Toxic
Substances and Disease Registry.
Dated: October 19, 1999.
Carolyn J. Russell,
Director, Management Analysis and Services
Office, Centers for Disease Control and
Prevention.
[FR Doc. 99–27720 Filed 10–20–99; 12:00
pm]
BILLING CODE 4163–70–P

DEPARTMENT OF HEALTH AND
HUMAN SERVICES
Centers for Disease Control and
Prevention
National Center for Health Statistics
(NCHS), Data Policy and Standards
Staff, Announces the Following
Meeting
ICD–9–CM Coordination and
Maintenance Committee meeting.
TIME AND DATE: 9 a.m.–4 p.m., November
12, 1999.
PLACE: The Health Care Financing
Administration (HCFA), Auditorium,
7500 Security Boulevard, Baltimore,
Maryland. In the interest of security,
persons without a government I.D. will
need to show a photo I.D. and sign-in at
the security desk upon entering the
building.
STATUS: Open to the public, limited only
by the space available. The auditorium
will accommodate 500 people.
PURPOSE: The ICD–9-CM Coordination
and Maintenance (C&M) Committee will
hold its final meeting of the 1999 cycle
on Friday, November 12, 1999. The
C&M meeting is a public forum for the
presentation of proposed modifications
to the International Classification of
Diseases, Ninth-Revision, Clinical
Modification.
MATTERS TO BE DISCUSSED: Agenda items
include:
NAME:
File Typeapplication/pdf
File TitleDocument
SubjectExtracted Pages
AuthorU.S. Government Printing Office
File Modified1999-10-22
File Created1999-10-22
© 2024 OMB.report | Privacy Policy