1

 The views expressed are those of the speaker and do not necessarily reflect the views of the Federal Reserve Board of Governors, or the Federal Reserve System. The content of this presentation should not be construed as regulatory guidance. 2 2

 Purpose  Background  Implementation Phase  General Recommendations resulting from gap assessments  FBO Internal Audit Functions  Overall Effectiveness of Internal Audit  Relying on Internal Audit  Common Questions from Institutions 3 3

 Introduce enhancements that banking organizations (primarily large institutions) should incorporate into current internal audit practices  Update existing guidance to reflect current expectations  Evaluate the role of internal audit as an independent function and to look for opportunities for examiners to leverage the work of internal audit 4 4

 Supplements existing guidance (SR 03-5)  Applies to institutions with assets GT $10 billion ◦ Including the U.S. operations of foreign banking organizations  Banks $10 billion and below continue to be subject to SR

 Examiner (CPC) should discuss policy statement with CAE (Chief Audit Executive)  Institutions should perform gap assessment against current practices in light of the supervisory guidance ◦ Self or outside party assessment ◦ Assessment should include timing needed to make the necessary changes* _____________________ * Note: Institutions should be given the appropriate amount of time to address issues and some institutions may not have all issues resolved until next audit cycle. 6 6

 Clearly document audit decisions and judgments  Enhance evidence supporting each stage of the audit process  Consistently provide conclusions on design and operating effectiveness  Challenge current business monitoring processes  Develop and implement retrospective review process 7 7

 The internal audit function for the U.S. operations of an FBO should have appropriate independent oversight for the total assets of U.S. operations  When there is a resident U.S. audit function, the CAE of the U.S. audit function should report directly to senior officials of the internal audit department at the head office such as the global CAE.  If the FBO has separate U.S. subsidiaries, oversight may be provided by a U.S. based audit committee that meets U.S. public company standards for independence or by the foreign parent company’s internal audit function. 8 8

 Federal Reserve examiners will make an overall determination as to whether the internal audit function and its processes are effective or ineffective ◦ Communicated to CAE in a letter ◦ Overall processes may be effective with some comments 9 9

 Internal audit must be deemed effective to allow reliance  Annual reassessment to include: ◦ Adequacy and independence of the audit committee ◦ Independence and quality of audit staffing ◦ Quality and scope of audit risk methodology, plan, and risk assessment ◦ Adequacy of audit programs and work paper standards  Reliance in individual areas may depend on scope and timing of work 10

 Effective date  Thematic control issues  Risk analysis  Challenging management and policy  Reporting lines  Professional competence and staffing  Objectivity and ethics  Audit committee responsibilities  Continuous monitoring  Retrospective review process 11

Terrill L. Garrison, Jr., CPA Sr. Accounting Policy Analyst Board of Governors of the Federal Reserve Banking Supervision & Regulation Accounting Policy & Disclosure Section