Branch Audit Program Branch: __ Date: _____
Full Scope Audit
Limited Scope Audit
Observation – Use Observation Outline
A. Security
Control Objectives:
- Credit union staff, members and information are safeguarded from threats.
- Internal and vendor key and security records are reliable and accurate.
- Practices are in compliance with credit union branch security procedures.
Prior to onsite visit:
1)Review credit union branch security procedures for adequacy.
2)Review responses to most recent “Quarterly Branch Control Checklist.” There should be detailed information about the office security system, camera coverage, etc. If documentation is lacking, follow-up with Branch Manager.
3)Review branch opening and closing procedures.
4)Obtain security vendor report that shows security devices have been tested.
5)Obtain alarm panel security listing for vendor and compare to branch records.
a)Obtain branch alarm panel list showing which user slots are in use (You do not want the codes)
b)Access branch security records
c)Compare and follow-up on discrepancies.
Onsite:
6)Question a sample of employees about how they can activate security devices.
7)Determine if vital records and member information is securely stored after business hours.
a) Check each office/workstation/work area for any member or credit union information left our overnight.
b) Select a sample of employees to ask them what information is considered confidential.
c) Leave whistle blowing business card on all desks.
8)Ask Branch Manager if security system vendor is following the established alarm procedures.
9)Verify credit union security procedures are followed.
10)Verify branch key storage.
B. Cash
Control Objectives:
- Currency is safeguarded from unauthorized access.
- Records are accurate and reliable.
- Teller operations are functioning effectively and efficiently.
- Practices are in compliance with credit union cash procedures and applicable regulations.
Prior to onsite visit:
1)Review credit union cash procedures for adequacy.
2)Print out branch cash box balances from OSI.
3)Determine cash drawer sample based on limitedscope (50% sample – should include all employees not working day of audit) vs. full scope audit (100%).
4)Set-up cashbox audit templates on laptop hard drive.
Onsite:
5)Count cash drawers in presence of a branch employee. (At no times should auditor be left alone with drawer funds.) If currency and check totals do not match OSI, resolve discrepancy. Have branch employee sign and date audit form. Leave business card regarding whistle blowing in all teller drawers.
6)If excess mutilated/unfit currency exists, discuss how often this currency is collected from tellers and returned to the Federal Reservewith Teller Supervisor and/or Branch Manager.
7)Count vault cash/coin in presence of branch employee. (At no times should auditor be left alone with drawer funds.) If currency and coin do not match OSI, resolve discrepancy. Have branch employee sign and date vault audit form.
8)Verify cash levels are reasonable for drawers, vault, etc to meet the needs of members.
9)Observe teller area to:
a)Ensure cash drawers are locked when unattended and keys remain in owner’s possession.
b)Verify credit union cash drawer procedures are followed.
c)Verify “slush” funds are not present.
d)Verify no passwords are in teller currency/coin compartments.
C. Night Deposit
Control Objectives:
- Night deposits are secured from unauthorized access.
- Night deposit operations are functioning effectively and efficiently.
- Practices are in compliance withcredit union night deposit procedures and applicable regulations.
Prior to onsite visit:
1)Review credit union night deposit procedures for adequacy.
Onsite:
2)Observe night depository process for adherence to procedures.
3)Ensure dual control is maintained at all times throughout the retrieval and deposit verification process.
D. Commercial Deposits
Control Objectives:
- Commercial Deposits are secured from unauthorized access.
- Commercial Deposit operations are functioning effectively and efficiently.
- Practices are in compliance with credit unioncommercial deposit procedures.
Prior to onsite visit:
1)Review credit union commercial deposit procedures for adequacy.
Onsite:
2)Observe adherence tocommercial deposit processing procedures.
E. ATM Balancing
Control Objectives:
- ATMcontents are secured from unauthorized access.
- Practices are in compliance with credit unionATM balancing procedures and applicable regulations.
Prior to onsite visit:
1)Determine if this branch service’s their ATM. If a third party is used, skip this section.
2)Review credit union ATM balancing procedures for adequacy.
Onsite:
3)Observe adherence toATM balancing procedures.
F. Corporate Checks
Control Objectives:
- Corporate check stock issecured from unauthorized access.
- Practices are in compliance with credit union corporate check procedures.
Prior to onsite visit:
1)Review credit union corporate check procedures for adequacy.
Onsite:
2)Ensure dual control is maintained over opened packages of corporate check stock.
3)Ask staff how printer is secured overnight. (Keys should be removed and placed under dual control nightly.)
4)Observe adherence to corporate check procedures.
G. Prepaid VISA cards
Control Objective:
- Prepaid VISA card inventory is secured from unauthorized access.
- Prepaid VISA card inventory is accurate and reliable.
- Practices are in compliance with credit union prepaid VISA card procedures.
Full Scope Audit complete 1-6
Limited Scope Audit omit 2-3
Prior to onsite visit:1)Review credit unionprepaid VISA procedures for adequacy.
Onsite:
2)Have branch staff print vendor detail report of current prepaid VISA inventory.
3)Trace physical inventory to vendor report, resolve any discrepancies.
4)Ensure dual control is maintained over access to prepaid VISA cards. If stock is checked out to staff, ensure credit union procedures are completed.
5)Ask to see the branch’s monthly inventory audits. (VISA requires monthly inventory audits.)
6)Observe adherence to prepaid VISA card procedures.
H. Fixed Assets
Control Objective:
- Fixed asset records accurately depict a sample of physical assets of the branch.
- Practices are in compliance with credit union fixed asset set-up and transfer procedures.
Prior to onsite visit:
1)Review credit union fixed asset policy and set-up/transfer procedures for adequacy.
2)Print out Branch’s asset report from the Fixed Asset Tagging System (FATS).
3)Find out when the branch assets were last scanned.
Onsite:
4)Select sample of items based on size of branch with values greater than $1,000 on FATS listing to physical inventory. Resolve any discrepancies.
5)Trace sample of large assets (vaults, copiers, printers) in branch to FATS report. Resolve any discrepancies.
6)Determine if adherence to policy/procedures is maintained.
I. Posting Requirements
Control Objective:
- Credit union is in compliance with federal and state regulatory signage requirements.
Full Scope Audit complete 1-3
Limited Scope Audit complete 1-2 only
Prior to onsite visit:1)Determine required state and federal signage required to be posted.
2)Review branch quarterly postings checklist completed by Branch Manager.
Onsite:
3)Use branch postings checklist to verify all appropriate postings are present. Follow-up with Branch Manager on any discrepancies.
J. Safe Deposit Boxes
Control Objectives:
- Safe Deposit Box online and physical records are accurate and reliable
- Practices are in compliance with credit union safe deposit box procedures.
Prior to onsite visit:
1)Review credit union safe deposit box procedures for adequacy.
2)Obtain branch safe deposit box listing from core system or report.
a)Determine which safe deposit boxes are rented vs. not rented.
b)Select a sample of 10 boxes opened in the last year and 5 opened prior to last year to review documentation.(Limited Scope = 5 opened in last year, and none opened prior years)
c)Select an additional 5 boxes that were accessed within the last 3 months.
3)Complete the following review for each box in sample:
a)Review lease for appropriate signatures and dates.
b)Review access tickets for signatures, dates, times, employee witness initials. Compare signature to signature card on file, etc
c)Verify OSI safe deposit box information is accurate.
Onsite:
4)Verify all non-rented boxes have keys stored under dual control. (n/a for Limited Scope audits)
5)Ask staff to explain the process used to close out a safe deposit box. Discuss any control deficiencies with Branch Manager.
6)Ask staff to explain the process used to drill a box. Discuss any control deficiencies with Branch Manager.
7)Verify storage of credit union box key and guard key.
8)Observe adherence to safe deposit box procedures.
L. Best Practices
Control Objective:
- Identify efficient and effective processes completed at branch for possible implementation as corporate practices.
Onsite:
Record any efficient processes or procedures completed at branch that is unique to office and could be implemented at other branches. Ask Teller Supervisor what they think they do well.
M. Physical Hazards
Control Objective:
- Identify potential hazards to staff and members in or outside of branch.
Onsite:
Record any physical hazards present in or outside of branch, i.e. torn carpeting, security issues, or other items that could present a hazard to staff or members. Ask Branch Manager if they have any concerns.
N. Online Banking Set-up
Control Objective:
- Determine if staff follows credit union procedures for setting up new online banking access.
Onsite:
1)Ask multiple staff members to explain the process used to set up members with online banking access.
2)Ask multiple staff members to explain the process used to help Members access e-Branch and use remote deposit using the branch iPad(s). i.e. signing on and passwords. (They should not be watching as the Member enters passfaces, passwords, etc.)
O. Follow-up
Control Objective:
- Determine if prior audit items have been resolved.
Prior to onsite visit:
1)Obtain outstanding audit conditions from previous branch audit.
Onsite:
2)Follow-up on all prior audit conditions.
ROYAL CREDIT UNION1