enforcement Flashcards
Informal supervisory actions are used to correct practices that warrant a less severe form of action. Informal actions are not legally enforceable nor are they made publicly available.
TRUE
Types of Informal Enforcement Actions
Commitments, Board Resolution, MOU
Types of Formal Enforcement Actions
Written Commitment, Cease & Desist, Temporary Cease & Desist, Prohibition and Removal, Prompt corrective action directives, Termination of Federal Reserve membership and FDIC Insurance; and Appointment of a conservator
Formal supervisory actions may be taken against a financial institution or any institution?affiliated party and are legally enforceable and made publicly available.
TRUE
4(m) Agreement
Corrective action against any FHC that fails to maintain compliance with the requirements to become a FHC.
Formal actions are drafted by the Board in conjunction with a Reserve Bank and can be issued against individuals and financial institutions.
TRUE
Primary institutions supervised by the FRB
State member banks; BHCs; FBOs, Edge and Argeement Corps, State and Federal Branches/Agencies of Foreign Banks,
At what point do you assign a rating to a non-bank subsidiary of a BHC?
TA of >= $10 MM or 5% of consolidated captial
4 goals of BS&R
- protect depositors 2. protect consumers 3. stabilize the monetary system 4. ensure safety and soundness
The FRS acts as ____for the US Treasury
a fiscal agent
Dual control of the vault should include
- combination lock/separate key 2. movement log
5 components of the COSO internal control framework
- control environment 2. control activities 3. information and communication 4. monitoring 5. risk assessment
Segregation of duties should NOT combine
- authorization to execute the transaction 2. ability to record the transaction 3. custody of the asset
Section 201 of Sarbanes Oxley
Prohibits accounting firm from acting as the external auditor of public company during same period the firm provides internal audit work
Part 363 of FDIC Regs
Privately held institutions w/assets of $500MM or more adhere to Section 201. Small non-public depository institution, less than $500MM in TA, are encouraged to follow Section 201.
according to FDICIA 112 an independent audit committee comprised entirely of outside directors is necessary for institutions
with assets > or = $500MM
Part 363 Annual Report
Due 90 after end of fiscal year, if publicly traded. Due 120 days if not public
Management letter sent to regulators
within 15 days of receipt
Audit Committee of institution more than $3 Billion in TA
Must include members with banking or related financial mgmt expertise, have access to own outside legal counsel, and not include large customers of institution.
Detective Control
Reveals errors and irregularities AFTER they have already occurred
Preventative Control
minimizes the likelihood that an undesirable event can occur
Directive Control
verbal and written directives from management and the board. policies and procedures that establish limits and define procedures
Compensating Control
alternative controls when at least one of the above, especially preventative, is
weak or absent
The ultimate responsibility for an effective audit function rest with whom?
The Board of Directors
The components of Operational Risk
Board and Senior Management Oversight, Policies, Procedures, and Limits, Risk Identification and Assessment, Risk Monitoring and Reporting, and Risk Transfer
Internal Audit SCARE factors
Safeguarding assets; Compliance with policies, plans, procedures & laws; Accomplishment of objectives; Reliability of financial information; Economical use of resources.
Primary objectives of internal control
- effectiveness and efficiency of operations 2. reliability of financial reporting 3. compliance with applicable laws and regs
4 Segregation of Duties Steps
Authorization, Recording/Reporting, Safekeeping, and Reconciliation
Internal Control definition per COSO
a process, implemented by an entity’s board and mgmt, designed to provide reasonable assurance regarding the achievement of the primary objectives of internal controls
Internal Control: Control Activities
Independent Review; segregation of duties, exposure Limits
Internal Control: Information and Communication
systems enabling bank to communicate
Internal Control: Monitoring
mgmt’s reviews and reconcilements
Internal Control: Risk Assessment
board’s awareness of bank’s risk
Internal Control: Control Environment
reflects mgmts attitude regarding controls implementation (mgmt philosophy, organizational structure, integrity)
Internal Audit’s responsibility
to independently monitor the effectiveness of the internal control system
2 components of internal controls
administrative controls, accounting controls
7 types of internal controls
- competent, trustworthy personnel with clear lines of authority and responsibility 2. adequate segregation of duties 3. proper procedures for authorization 4. adequate documents and records 5. property procedures for record keeping 6. physical control over assets and records 7. independent checks on performance
The need for Internal Auditor depends on
The size of the institution and # of locations; # and complexity of operations; division of operational resposibilities, existence of an external audit
To discharge IA responsibilities to the BOD and Sr Mgmt
Be accountable only to BOD or a board committee; have the board and mgmt support; have sufficient delegated responsibility; be independent of all audited activities
Auditor Competence
educational background, professional job qualifications, training, relevant work experience, quality of work
Types of Audit Reports
unqualified opinion; explanitory language; qualified opinion; adverse opinion; disclaimer of opinion
Generally Accepted Accounting Procedures
Concerned w/practices and procedures; professional standards that guide public accountants
Generally Accepted Auditing Procedures
Concerned w/independent public accountant’s professional qualifications
Services a registered accounting firm may provide
Tax services, if board provide advance approval
Public Company Accounting Oversight Board (PCAOB)
establish auditing standards for registered accounting firms
American Institute of CPAs - Code of Conduct
Independence and Integrity and Objectivity
Auditors independence not impared if their loans
Auto loans/leases, loans in amount of cash surrender value of life insurance, loan fully collateralized by cash deposit, CC or cash advances with unpaid balance of $5,000 or less
Under FDICA and Sarbanes Oxley, whose responsibility is to establish and maintain a system of financial controls?
The Board of Directors and Sr Management
Compliations
Offers no assurances about the financials; simply providing info that’s the representation of mgmt in financial statement form; no opinion rendered; no independence requirement, must disclose lack of independence
Reviews
Accountant makes some inquiries and performs analytical procedures; give limited assurance they’re not aware of material changes; no opinion rendered; doesn’t obtain understanding of internal controls or test records;
Agreed-upon Procedures
client hires accountant to issue report of findings based upon specific procedures; no opinion rendered on financials.
The 4 characteristics considered by an independent CPA when evaluating an accting system
Validity, Timeliness, Disclosure, Valuation
Numbers printed at bottom of a check
MICR #. Routing #, Federal Reserve District #, Account #, Check #
Components of the Uniform Rating Systems for Info Tech (URSIT)
Audit; Management; Development & Acquisition; Support & Delivery *Composite Rating
IT risk elements (SR 98-9)
- Mgmt process 2. architecture 3. integrity 4. security 5. availability
Effective MIS does what 4 things to risk?
- identify 2. measure 3. monitor 4. control
The quality of MIS depends on
effective internal control environment
Examiners review MIS to ensure that it is
Timely, accurate, complete, consistent, and relevant
SR 00-4 Outsoursing of Information and Transaction
bank is responsible for managing its software vendor and service provider relationships as if the processing was done in-house.
Assessing IT Risk
quantity of risk, quality of Risk Management over IT, adjusted risk, direction
Purpose of MIS
decision support
