Florida Regulations 69U-120.045: Minimum Internal Audit Procedures
Current as of: 2024 | Check for updates
|
Other versions
(1) Each state commercial bank, association and trust company shall have an internal audit performed every calendar year. The internal audit shall be performed within 15 months of the previous internal audit. However, if an internal audit is performed on a continuous basis, it shall be initiated during the calendar year and within 15 months of the previous internal audit.
(2) To satisfy the internal audit requirement, any party conducting the internal audit must be independent of any manager or employee in charge of operating the financial institution. The party must be one of the following:
(a) The audit department or internal auditor of the financial institution;
(b) The audit department of a related financial institution holding company or affiliate thereof;
(c) The audit department of a correspondent bank;
(d) A certified public accountant licensed to practice in the State of Florida and independent of the financial institution and its affiliates; or
(e) The board of directors as a whole or acting through a designated committee of board members; however, if a committee is designated, no active executive officers or employees of the financial institution may participate on the committee.
(3) A party is considered independent if:
(a) The party reports directly to the financial institution’s board of directors;
(b) The party’s duties at the financial institution are confined entirely to auditing the financial institution;
(c) The party has no proprietary interest, directly or indirectly, in any partnership, firm, or other person that controls or directs the financial institution;
(d) The party has no outstanding loans or other obligations which have been criticized by any other auditor or any regulatory agency; and,
(e) All relationships the party has with any member of the board of directors have been disclosed to the board of directors and all questions concerning the party’s independence have been resolved before the internal audit begins.
(4) To satisfy the requirements of this section, each internal audit shall:
(a) Assess the effectiveness of the financial institution’s internal control policies and procedures, including the electronic data processing function; and
(b) Shall include an assessment of each of the following areas:
1. Asset accounts;
2. Liability accounts;
3. Capital accounts;
4. Income and expense accounts; and,
5. Contingent liabilities and off-balance sheet activities.
(5) In lieu of a comprehensive internal audit, a financial institution may satisfy this audit requirement by having a continuous audit performed by a party qualified pursuant to subsection (2), above. Additionally, financial institutions that are subsidiaries of a holding company may satisfy this audit requirement by submitting an audit of the consolidated holding company, if such audit complies with the requirements of this rule.
(6) Within 90 days after the completion of the internal audit, and within 45 days of acceptance by the board of directors, the board of directors shall submit the following to OFR:
(a) A copy of the completed internal audit report, including the date or dates on which the audit was conducted and the date it was reviewed and approved by the board of directors;
(b) A statement indicating that all of the areas outlined in this rule were reviewed, or specific reasons why certain areas were not reviewed;
(c) A statement of condition and a statement of income and expense for the financial institution (and the holding company if appropriate) as of the audit date;
(d) A statement describing the findings and recommendations of the audit; and,
(e) The board of directors’ response to the findings and recommendations of the audit.
(7) OFR shall review each audit and, if it finds that the internal audit does not comprehensively address all relevant areas of concern or accurately reflect the condition of the financial institution, OFR shall require an audit pursuant to Section 655.045(3)(a), F.S.
Rulemaking Authority Florida Statutes § 655.012(2). Law Implemented Florida Statutes § 655.045. History-New 7-18-74, Amended 1-5-77, 6-30-81, Formerly 3-1.13, 3C-11.13, 3C-11.013, Amended 1-31-96, Formerly 3C-120.045, Amended 1-18-21.
Terms Used In Florida Regulations 69U-120.045
- Liabilities: The aggregate of all debts and other legal obligations of a particular person or legal entity.
- Partnership: A voluntary contract between two or more persons to pool some or all of their assets into a business, with the agreement that there will be a proportional sharing of profits and losses.
(a) The audit department or internal auditor of the financial institution;
(b) The audit department of a related financial institution holding company or affiliate thereof;
(c) The audit department of a correspondent bank;
(d) A certified public accountant licensed to practice in the State of Florida and independent of the financial institution and its affiliates; or
(e) The board of directors as a whole or acting through a designated committee of board members; however, if a committee is designated, no active executive officers or employees of the financial institution may participate on the committee.
(3) A party is considered independent if:
(a) The party reports directly to the financial institution’s board of directors;
(b) The party’s duties at the financial institution are confined entirely to auditing the financial institution;
(c) The party has no proprietary interest, directly or indirectly, in any partnership, firm, or other person that controls or directs the financial institution;
(d) The party has no outstanding loans or other obligations which have been criticized by any other auditor or any regulatory agency; and,
(e) All relationships the party has with any member of the board of directors have been disclosed to the board of directors and all questions concerning the party’s independence have been resolved before the internal audit begins.
(4) To satisfy the requirements of this section, each internal audit shall:
(a) Assess the effectiveness of the financial institution’s internal control policies and procedures, including the electronic data processing function; and
(b) Shall include an assessment of each of the following areas:
1. Asset accounts;
2. Liability accounts;
3. Capital accounts;
4. Income and expense accounts; and,
5. Contingent liabilities and off-balance sheet activities.
(5) In lieu of a comprehensive internal audit, a financial institution may satisfy this audit requirement by having a continuous audit performed by a party qualified pursuant to subsection (2), above. Additionally, financial institutions that are subsidiaries of a holding company may satisfy this audit requirement by submitting an audit of the consolidated holding company, if such audit complies with the requirements of this rule.
(6) Within 90 days after the completion of the internal audit, and within 45 days of acceptance by the board of directors, the board of directors shall submit the following to OFR:
(a) A copy of the completed internal audit report, including the date or dates on which the audit was conducted and the date it was reviewed and approved by the board of directors;
(b) A statement indicating that all of the areas outlined in this rule were reviewed, or specific reasons why certain areas were not reviewed;
(c) A statement of condition and a statement of income and expense for the financial institution (and the holding company if appropriate) as of the audit date;
(d) A statement describing the findings and recommendations of the audit; and,
(e) The board of directors’ response to the findings and recommendations of the audit.
(7) OFR shall review each audit and, if it finds that the internal audit does not comprehensively address all relevant areas of concern or accurately reflect the condition of the financial institution, OFR shall require an audit pursuant to Section 655.045(3)(a), F.S.
Rulemaking Authority Florida Statutes § 655.012(2). Law Implemented Florida Statutes § 655.045. History-New 7-18-74, Amended 1-5-77, 6-30-81, Formerly 3-1.13, 3C-11.13, 3C-11.013, Amended 1-31-96, Formerly 3C-120.045, Amended 1-18-21.