The five key elements of an effective audit program

How do you know if your ‘third line of defense’ is strong enough?

There’s a reason that internal auditors are called the third line of defense. They ensure your credit union’s operations are safe and compliant. But how do you know if your defense is strong enough? Regardless of whether your credit union has an internal audit function or uses an audit firm, an audit program needs five key elements. I’ve outlined them here.

1. Board Support and Access

First, reviewers must be able to objectively assess the operations of a credit union. When reporting to their boss or the executive team, employees can often be afraid to report egregious violations or other types of findings that uncover questionable management. Simply put, they don’t want to rat out their co-worker or risk losing their job for being the messenger. Policies to protect reviewers from retaliation must be in place, including termination of employment. Any type of disciplinary action taken against them should be reviewed by the board.

To facilitate their reviews, reviewers should also have the authority to communicate with business units and employees without gatekeeping or red tape. While executives are protective of their resources, reviews are like a health checkup. If you stop going to your primary doctor for check-ups, the results could be much worse.


continue reading »