5 Ways to Take the Uncertainty Out of Compliance Audits
They say that death and taxes are the only certainties in life. But in the credit union world, there’s a third certainty – the annual compliance audit. Whether that has the same dreaded connotation as death and taxes is subjective, but it’s probably safe to say that it’s not at the top of anyone’s “most exciting” list.
And that’s likely because of the uncertainties that come along with an audit. Will they find a policy that doesn’t adhere to regulations? Is our recordkeeping good enough to create a clear paper trail? Have we done enough to ensure security of our credit union’s data?
The trick is to take the uncertainty out of the audit process. Create your own process for handling these audits, from start to finish. If you’re wondering how, the answer is probably a lot simpler and more apparent than you’d think…just create your own internal process for handling audits.
I know that may sound obvious, and you might already have some formalized process in place. But what’s important is that it is comprised of five important considerations that will make all steps of the audit process easier – from preparations beforehand to dealing with things that come up during the audit and, finally, addressing findings post-audit.
So, what are those all-important considerations? Let’s take a look!
1. Get your docs in a row. That’s right…your docs, not your ducks! Sorry, but a little punny audit humor never hurt anybody, right? In all seriousness, taking inventory of all the necessary documentation you’ll need is key in being prepared for your audit. Review your records and try to locate any important documents before the actual audit begins. A clean paper (or e-doc) trail will make the audit flow so much more smoothly for you and the auditors this way, so don’t skip this step!
2. Do your own, unofficial audit. Think of it as a dress rehearsal where you put yourself in the auditor’s shoes. This will give you some perspective when you’re doing your prep work to see what still needs some attention before your actual compliance audit begins. Are there any outstanding tasks that need to be done? Are there tweaks that need to be made to existing policies or internal controls to ensure they align with recent regulations? Do you see any clear gaps that will likely come up with the auditors? Vett all of these things out during a pre-audit audit to save you precious time and resources later on.
3. Establish communication avenues. Audits require a lot of people to work together, which means communication is essential. The compliance director, risk team, auditors and any other key parties will need to have clear and constant communication, so it’s a good idea to find out which avenues work best and most efficiently for everybody. Perhaps the group would like to start an email thread or exchange phone numbers for direct access, for example. Whatever the case may be, get input from all parties so everybody is on the same page and you can set clear expectations for communication throughout the audit process.
4. Estimate your audit schedule. It goes without saying – audits require a lot of time, effort and resources from your team. With that in mind, plan ahead for what you think the audit schedule might look like. You know your organization and your well of available resources best, so consider who on your team will be handling certain tasks and how much time it may take them to prepare. In figuring out your estimations, make sure you give yourselves some extra wiggle room for unexpected delays, important deadlines and auditor availability. While you’ll want to maintain some level of flexibility, determining a specific schedule of events will help with both task and time management – both of which are critical pieces of a well-organized audit.
5. Review recent regulation changes. Nothing is worse than thinking you’re in compliance with existing rules and regulations, only to find out about a new requirement that was recently established. Not only does being caught unaware mean more work for you and the auditors, but it also reflects poorly on the credit union. Of course, it’s important to keep track of the latest regulations as part of your day-to-day compliance process, but it’s especially important to brush up on them prior to an audit. Do your homework, and do it thoroughly. It will definitely pay off in the long run – and certainly in the case of your annual compliance audit.
What will happen during your credit union’s annual audit is unpredictable. It’s possible – and even probable – that an unexpected issue will arise here and there. But with these five things in mind – and more importantly, in practice – you’ll be well on your way to dispelling many of the uncertainties that come along with the all-too-certain compliance audit. That means less dread and more relief…a welcome addition to any audit experience!
Bryan Hoover is the compliance risk analyst for Vizo Financial. He is also a certified Credit Union Compliance Expert (CUCE) and Bank Secrecy Act Compliance Specialist (BSACS).