IT Examiner School

Results of On-Site Discussion with Management, Part 3

Examiner: Who does Contingent report their findings to? NA Fossil: They report all audit findings to the Audit Committee.

Examiner: I have not yet seen the written audit program. Can I have a copy of it? NA Fossil: Well, we have a contract with Contingent.

Examiner: Does the contract detail the scope of the audit and procedures to be performed? NA Fossil: No, it’s just a legal contract.

Examiner: That’s not an audit program. It’s only a small part of one. NA Fossil: The last I heard was there was an audit policy up for approval, but I haven’t seen it.

Examiner: Is Mr. Bose part of the Audit Committee? NA Fossil: Yes.

Examiner: How long have you had your processing arrangement with Fiserv? NA Fossil: Five years.

Examiner: The last audit by Contingent did not show in their Fiserv scope they looked at your loan imaging system or your mobile banking check deposit. How long have you been using both? NA Fossil: Yes, for about six months or so.

Examiner: Have prior audits reviewed these areas? NA Fossil: I don’t think so, but you would have to ask an executive officer.

Examiner: You know this is a good example of audit tying in with the risk assessment. NA Fossil: Ok.

Examiner: What about tracking the auditor’s comments? NA Fossil: Once the Board sees the Audit, I am provided with a copy to implement recommendations.

Examiner: Is this true of examinations as well? NA Fossil: Yes. I get a copy of the Reports and which issues I’m responsible for addressing.

Examiner: What happens then? NA Fossil: I provide my recommended actions and any costs to comply.

Examiner: Who do you provide this information to? NA Fossil: I provide this information to CEO Bose.