Even after audit is complete, still work to be done
One of the most important pieces of an effective compliance program is the audit function. Audits may help to identify individual compliance concerns or general gaps in a credit union’s program. However, the work is not done just because the audit is complete.
Prompt corrective action should be executed regarding each concern identified in the audit. Every credit union should develop a process appropriate for its level of resources; however, the following is a general outline of recommended actions.
Step 1: Defining the cause
The credit union should determine if the concern identified in the audit was a singular occurrence or if a gap in procedures may exist. An identified issue may be the result of many factors, such as general oversight, insufficient training or systems mapping. Analyzing the source of the error will aid the credit union in determining the appropriate corrective action.
Step 2: Assigning the resolution
Once the origin of the issue has been identified, the responsibility for resolution should be assigned to an individual or committee of individuals with the resources and authority to resolve the error. The assigned party will be responsible for ensuring an effective resolution occurs.
To mitigate any continual compliance risk, a due date should be established. If the corrective action will be part of a long-term process, it may be prudent to establish periodic checkpoints to ensure progress is continually made toward the resolution.
Step 3: Performing a follow-up review
When the corrective action is complete, an additional review should be conducted to verify the remedial action rectified the issue identified in the original audit. Assuming the item has been resolved, the credit union should document the result of its efforts.
Documentation should include the identity of the individual or committee that resolved the issue, a brief description of the action that was taken, the date on which it was completed and the results of the follow-up review. The documentation should be maintained for review by auditors and/or examiners.
Effective completion of this process will not only reduce ongoing compliance risk, but demonstrate the credit union’s commitment to evaluating its own compliance, correcting any identified errors and providing the highest level of member service. The results of this three-step post-audit process will be observed by staff, members and importantly, examiners.