[Federal Register Volume 64, Number 145 (Thursday, July 29, 1999)]
[Rules and Regulations]
[Pages 41029-41040]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 99-19254]
=======================================================================
-----------------------------------------------------------------------
NATIONAL CREDIT UNION ADMINISTRATION
12 CFR Parts 701, 715 and 741
Supervisory Committee Audits and Verifications
AGENCY: National Credit Union Administration.
ACTION: Final rule.
-----------------------------------------------------------------------
SUMMARY: The Credit Union Membership Access Act amended certain audit
and financial reporting requirements of the Federal Credit Union Act.
The National Credit Union Administration has received and reviewed
public comments on its proposed rule implementing those amendments. As
revised to reflect commenters' suggestions and to enhance clarity, the
final rule specifies the minimum annual audit a credit union is
required to obtain according to its charter type and asset size, the
licensing authority required of persons performing certain audits, the
auditing principles that apply to certain audits, and the accounting
principles that must be followed in reports filed with the NCUA Board.
DATES: Effective January 1, 2000.
FOR FURTHER INFORMATION CONTACT: Karen Kelbly, Program Officer, Office
of Examination and Insurance at (703) 518-6360, or Steven W. Widerman,
Trial Attorney, Office of General Counsel, at (703) 518-6557, National
Credit Union Administration Board, 1775 Duke Street, Alexandria, VA
22314-3428.
SUPPLEMENTARY INFORMATION:
I. Background
A. Credit Union Membership Access Act
Section 201(a) of the Credit Union Membership Access Act (CUMAA),
Public Law 105-219, 112 Stat. 918 (1998), added two new subsections to
section 202(a)(6) of the Federal Credit Union Act (FCUA), 12 U.S.C.
1782(a)(6)(C) and (D). Subsection (C) addresses accounting principles,
generally requiring credit unions having assets of $10 million or more
to follow generally accepted accounting principles (GAAP) in all
reports or statements filed with the NCUA Board.\1\ 12 U.S.C.
1782(a)(6)(C). The NCUA Board, and State credit union supervisors under
applicable statutes, are given the authority to require credit unions
having less than $10 million in assets to follow GAAP. 12 U.S.C.
1782(a)(6)(C)(iii).
---------------------------------------------------------------------------
\1\ In lieu of GAAP, the NCUA Board may prescribe ``an
accounting principle * * * that is no less stringent than [GAAP].''
12 U.S.C. 1782(a)(6)(c)(ii).
---------------------------------------------------------------------------
Subsection (D) imposes audit requirements for large federally-
insured credit unions--those having assets of $500 million or more. A
credit union at or above that level of assets, whether State-or
Federally-chartered, is required to obtain an annual independent audit
of its financial statements performed in accordance with generally
accepted auditing standards (GAAS)--hereinafter referred to as a
``financial statement audit.'' Furthermore, that audit must be
performed by an independent certified public accountant or public
accountant licensed to do so by the appropriate State or jurisdiction.
12 U.S.C. 1782(a)(6)(D)(i). For a breakdown of State-licensing
requirements for persons who perform audits, see proposed rule, 64 FR
777n.2.
A federally-chartered credit union having total assets of less than
$500 million but more than $10 million is subject to only one
requirement under subsection (D). If that credit union elects to obtain
the financial statement audit required of a credit union having assets
of $500 million or more, the audit must be performed consistent with
the accountancy laws and licensing requirements of the appropriate
State or jurisdiction. 12 U.S.C. 1782(a)(6)(D)(ii). The appropriate
State or jurisdiction normally is the State in which the credit union
is principally located.
Subsection (D) imposes no minimum audit requirements at all on
federally-chartered credit unions having total assets of less than $500
million but more than $10 million that do not voluntarily elect to
obtain a financial statement audit performed in accordance with GAAS
(as credit unions having assets of $500 million or more must obtain
under subsection (D)(i)). See Sec. 715.2(f) (GAAS definition). Only in
the case of a financial statement audit performed in accordance with
GAAS, whether by choice or by law, do State accountancy laws and
licensing requirements apply.\2\ Subsection (D) is silent regarding
audits of federally-chartered credit unions having assets of $10
million or less, and Federally-insured State-chartered credit unions
(FISCUs) having assets of less than $500 million.
---------------------------------------------------------------------------
\2\ FCUA section 202(a)(6)(D)(ii), 12 U.S.C. 1782(a)(6)(D)(ii),
provides: If a Federal credit union that is not required to conduct
and audit under clause (i), and that has total assets of more than
$10,000,000 conducts such an audit for any purpose, using an
independent auditor who is compensated for his or her audit services
with respect to that audit, the audit shall be performed consistent
with the accountancy laws of the appropriate State or jurisdiction,
including licensing requirements.'' (emphasis added.) ``Such an
audit'' refers back to ``an audit under clause (i)'' of section
1782(a)(6)(D). A clause (i) audit is a financial statement audit
performed in accordance with GAAS. The clause (ii) requirement to
follow State accountancy and licensing laws is triggered only when a
credit union voluntarily chooses a financial statement audit.
---------------------------------------------------------------------------
With respect to financial statement audits, the threshold set by
subsection (D) at $500 million for requiring a financial statement
audit puts federally-insured credit unions in parity with other
federally-insured depository institutions. The institutions supervised
by the Federal Deposit Insurance Corporation, the Office of Thrift
Supervision, the Office of Comptroller of the Currency and the Federal
Reserve Board are required to obtain a financial statement audit if
they have assets of $500 million or more.\3\ 12 CFR 363. For
institutions having assets of less than $500 million, the Federal
Financial Institutions Examination Council (FFIEC) has proposed audit
options similar to two of those which this final rule prescribes for
credit unions. FFIEC, Policy Statement on External Auditing Programs of
Banks and Savings Associations, 63 FR 7796 (Feb. 17, 1998) (FFIEC
Policy Statement).
---------------------------------------------------------------------------
\3\ The statute authorizing 12 CFR 363, originally established a
$150 million asset floor for requiring a financial statement audit.
12 U.S.C. 1831m(j)(2). However, the banking agencies exercised their
statutory authority to increase the asset floor to $500 million,
thereby exempting two-thirds of all institutions required under
Sec. 1831m to obtain a financial statement audit. 12 CFR 363.1(a) 58
FR 31332 (June 2, 1993).
---------------------------------------------------------------------------
B. Proposed Rule
On January 6, 1999, NCUA published a Notice of Proposed Rule, 64 FR
776 (Jan. 6, 1999), establishing new part 715 to implement the
statutory minimum audit requirements imposed by
[[Page 41030]]
CUMAA, 12 U.S.C. 1782(a)(6) (C) and (D); to provide supervisory
committee audit alternatives for credit unions which are not required
to obtain a financial statement audit; and to retain in substance the
current rules relating to Supervisory Committee audit responsibilities,
verification of accounts, independence of outside auditors, the
requirement of an engagement letter, audit report and workpaper
maintenance and access, and sanctions and remedies for inadequate
audits. Secs. 701.12 and 701.13. In addition, the proposed rule revised
section 741.6 [financial and statistical and other reports] to change
certain Call Report filing dates and to introduce the use of GAAP in
Call Reports filed by credit unions having $10 million or more in
assets. Finally, the proposed rule conformed the citations in section
741.202 to apply part 715 to Federally-insured State-chartered credit
unions. See 12 U.S.C. 1781(b)(9), 1789(a)(11) (authority for
application to FISCUs).
By the comment deadline of March 8, 1999, NCUA received thirty-one
comments in response to the Notice of Proposed Rule. Comments were
submitted by eleven Federal credit unions, seven credit union industry
trade associations, seven certified public accounting or auditing
firms, two auditing industry trade associations, two unlicensed credit
union auditors, an association of state credit union supervisors, and
one banking industry trade association.
Except for the latter group, the comments generally support NCUA's
interpretation of the statutory ``financial statement audit''
requirement and, in concept if not in detail, all three of the audit
engagements proposed in the rule as alternatives to a financial
statement audit--a balance sheet audit; a ``review and evaluation of
internal controls over Call Reporting'' (renamed and redefined in the
final rule); and an audit pursuant to NCUA's Supervisory Committee
Guide.\4\ Predictably, licensed individuals opposed provisions of the
rule allowing unlicensed persons a role in the credit union auditing
process. Conversely, unlicensed individuals were grateful that NCUA
preserved their role in the process. The comments are analyzed
generally in section II. immediately below, except that comments of the
internal auditing industry and banking industry trade associations are
addressed separately in section II.I.
---------------------------------------------------------------------------
\4\ NCUA anticipates issuing the revised Supervisory Committee
Guide in late 1999.
---------------------------------------------------------------------------
II. Section-Within-Subject Analysis of Comments
A. Definitions
Section 715.2 establishes definitions for the terms that are used
in part 715, nearly all of which are virtually identical in form and
substance to their predecessors in current Sec. 701.12(a). Several
commenters suggested revisions to the proposed definitions as follows.
``Balance sheet audit.'' One commenter suggested that the ``balance
sheet audit'' definition, Sec. 715.2(a), should prescribe GAAP as a
basis of accounting for this engagement. The definition has been
revised to provide that a credit union which obtains a ``balance sheet
audit'' engagement shall use as a basis of accounting the same basis of
accounting used in its Call Reports. Effectively, this means that
credit unions which have $10 million or more in assets will be required
to use GAAP as a basis of accounting for this engagement. See
Sec. 741.6(b) (requiring credit unions having assets of $10 million or
greater to follow GAAP in Call Reports).
``Compensated person.'' Two commenters objected to the definition
of a ``compensated person,'' Sec. 715.2(b), because it expressly omits
individuals or firms who are compensated to perform only one
supervisory committee audit per year. The omission is intentionally
designed to exempt from this rule persons who are not in the business
of auditing credit unions, but who are modestly compensated by a single
credit union to perform its annual supervisory committee audit. NCUA
remains committed to ensuring that such one-time audit engagements do
not trigger the requirements of this rule.
``Financial statement .'' One commenter strongly urged deleting the
``statement of assets and liabilities that does not include members''
equity accounts'' from the definition of ``financial statement''
Sec. 715.2(c), because that statement is rarely used and is of little
benefit to the financial statement reader. NCUA agrees and has amended
the proposed definition accordingly.
``Independent person.'' Two commenters pointed out that the
interchangeable use of the terms ``independent person'' and
``independent auditor'' throughout the proposed rule was confusing.
Thus, the final rule retains ``independent person'' and omits
``independent auditor.'' Two commenters urged that the terms
``independent'' and ``independence'' be redefined either to parallel
the GAAS definition of ``independence'' as it applies to State-licensed
persons, or to otherwise incorporate the GAAS definition to some
extent.\5\ To define ``independence'' as GAAS does would have the
unintended effect of limiting the auditing of Federal credit unions to
State-licensed individuals. NCUA is committed to enabling both licensed
and unlicensed persons to satisfy its ``independence'' definition, so
that both may have a role in auditing credit unions. Regardless of
NCUA's definition, licensed persons already would be required under
State law to comply with GAAS independence rules. The proposed
definition of ``independence,'' Sec. 715.2(g), is no less stringent
than the GAAS definition, and may in certain circumstances be more
stringent.
---------------------------------------------------------------------------
\5\ See 1 AICPA, AICPA Professional Standards AUSec. 220.02
(1997) (GAAS definition of ``independence'').
---------------------------------------------------------------------------
``Qualified person.'' Although not defined in the proposed rule,
the term ``qualified person'' is used throughout as the minimum
standard for persons who may perform certain audit engagements although
they are not State-licensed. Four commenters suggested expressly
defining a ``qualified person.'' NCUA declines to add such a definition
because the proposed rule already identifies persons who would be
qualified to perform an audit under the Supervisory Committee Guide,
e.g., a certified public accountant, public accountant, league auditor,
credit union auditor consultant, retired financial institutions
examiner. Sec. 715.7(c). It is the responsibility of the Supervisory
Committee to apply its judgment within given guidance to determine who
is a ``qualified person.''
``Report on examination of internal control over Call Reporting.''
The proposed rule referred to this engagement as a ``review and
evaluation of internal controls over Call Reporting.'' An auditing
industry trade association suggested that the proper term of art for
this engagement is an ``examination,'' not a ``review,'' and should be
subject to attestation standards. NCUA agrees and has renamed this
engagement a ``Report on the examination of internal control over Call
Reporting'' and is redefining it consistent with attestation
standards.\6\ Sec. 715.2(j). See discussion of Sec. 715.7(b) infra.
---------------------------------------------------------------------------
\6\ In the final rule, 715.7(b) provides that a ``Report on
examination of internal control over Call Reporting'' may be
performed only by a ``State-licensed per.'' See discussion of
Sec. 715.7(b) infra.
---------------------------------------------------------------------------
``State-licensed person.'' The proposed definition of ``State-
licensed person'' refers to a ``person who is licensed by the State or
jurisdiction where the credit union is located . . . .''
[[Page 41031]]
Sec. 715.2(k). One commenter insists that this definition departs from
CUMAA because it is not as specific or restrictive as the statute
provides. In fact, the definition in the rule mirrors the language of
CUMAA. Compare Sec. 715.2(k) and 12 U.S.C. 1786(a)(2)(D). Another
commenter suggested replacing the word ``located'' with the word
``headquartered'' to address instances where a credit union has
multiple branches and overseas locations. This point is well taken. To
eliminate confusion as to where a person must be licensed, NCUA is
replacing the term ``located'' with the term'' principally located''
throughout the final rule. See, e.g., Secs. 715.4(b), 715.5(a),
715.6(a) and (b), 715.7(a) and (b).
``Supervisory committee audit.'' One commenter objected that the
last sentence of the proposed definition of a ``supervisory committee
audit''--which had provided that a financial statement audit ``fulfills
the requirements of a `supervisory committee audit' ''--is redundant
and outside the scope of a definition. Sec. 715.2(m). This sentence has
been eliminated in view of the fact that the point it makes is
expressed elsewhere in the rule. See, e.g., Sec. 715.4(b).
``Working papers.'' NCUA staff determined that the phrase ``by the
independent, compensated auditor'' at the end of the definition of
``working papers,'' Sec. 715.2(n), unintentionally excluded
uncompensated auditors from that definition. Therefore, that phrase has
been eliminated.
B. Supervisory Committee Responsibilities
Section 715.3--General Responsibilities of the Supervisory Committee
Under this section, a principal duty of the Supervisory Committee
is to ``establish practices and procedures sufficient to safeguard
members' assets'' against ``error, conflict of interest, self-dealing
and fraud.'' Sec. 715.3(a) and (b)(4). The sole commenter addressing
this section, who generally supported the rule, interpreted this
language as improperly creating a duty to prevent acts which constitute
error, conflict of interest, self-dealing and fraud. NCUA disagrees
with that interpretation; the rule clearly mandates a duty to establish
practices and procedures designed to ``safeguard members'' assets''
against such misconduct, but imposes no absolute liability on the board
of directors or management to prevent such misconduct. Therefore, NCUA
retains the original language of paragraph (a). Although there were no
further substantive comments on this section, paragraph (b) is modified
in form to improve clarify and parallelism.
Section 715.4--Audit Responsibility of the Supervisory Committee
This section restates the Supervisory Committee's annual audit
responsibility under 12 U.S.C. 1761d, Sec. 715.4(c); provides that a
financial statement audit will always satisfy that responsibility,
Sec. 715.4(b); and that other options to satisfy that responsibility
are available to credit unions which do not choose to obtain a
financial statement audit. Sec. 715.4(c). For the convenience of the
reader, the minimum audit requirements according to charter type and
asset size are summarized in a diagram preceding Sec. 715.5. NCUA
received no comments directly addressing this section. To eliminate
ambiguity in determining asset size, NCUA has added a sentence
indicating that ``asset size is the amount of total assets reported in
the Call Report for the year-end immediately preceding and outside of
the period under audit.'' Sec. 715.4(c).
C. Minimum Audit Requirements
The proposed rule was organized primarily according to asset size--
$500 million and above, less than $500 million but more than $10
million, and $10 million or less--rather than by charter type. An
association of state credit union supervisors urged reorganization of
part 715 primarily by charter type, and then by asset size, so that
audit requirements which apply to FISCUs are consolidated according to
asset size in one section and those which apply to federally-chartered
credit unions (FCUs) are consolidated according to asset size in a
separate section. NCUA believes that the benefits of such a
reorganization--namely, improved clarity and accessibility--outweigh
the minimal duplication that results. Accordingly, in the final rule,
Sec. 715.5 addresses audit requirements exclusive to federal charters,
and Sec. 715.6 addresses audit requirements exclusive to State
charters. The substance of the applicable audit requirements remains
unchanged in both sections.
Section 715.5--Audit of Federal Credit Unions
This section sets forth the minimum requirements for the audit of
federal credit unions (FCUs) according to asset size. As CUMAA
mandates, 12 U.S.C. 1782(a)(6)(D), an FCU having assets of $500 million
or greater must obtain a financial statement audit. Sec. 715.5(a). For
FCUs having less than $500 million in assets, Sec. 715.5(b) reflects
NCUA's interpretation that CUMAA allows credit unions the choice of
obtaining a financial statement audit under Sec. 715.6(a)--as credit
unions having $500 million or more in assets must do--or one of three
alternative audit engagements set forth in Sec. 715.7. See 12 U.S.C.
1782(a)(6)(D)(ii). NCUA received eight comments expressly agreeing with
NCUA's interpretation of CUMAA; four opposing the interpretation; and
eighteen which did not comment on the matter. One supporter enclosed a
legal opinion concurring with NCUA's interpretation. Another pronounced
the rule clear and concise and the interpretation appropriate.
The four commenters opposing NCUA's interpretation of CUMAA consist
of licensed auditing professionals and an auditing industry trade
association, all of whom favored an interpretation of CUMAA limiting
auditing of credit unions above $10 million in assets exclusively to
State-licensed individuals like themselves. In stark contrast, another
commenter who is an unlicensed auditor insisted that, compared to
current Sec. 701.12, the proposed rule is a concession to the auditing
profession and is contrary to the best interests of the credit unions,
even though it maximizes audit choice for credit unions.
Consistent with its interpretation of CUMAA, NCUA stands by section
715.5 as proposed, except to add a final paragraph (d) indicating that
FCUs must meet applicable requirements elsewhere in part 715 regardless
of which audit engagement they choose under Sec. 715.5. See
Secs. 715.8, 715.9(b) through (e), 715.10.
Section 715.6--Audit of Federally-insured, State-chartered Credit
Unions
This section sets forth the minimum requirements for the audit of
FISCUs according to asset size. As in the case of FCUs, CUMAA mandates
that FISCUs having assets of $500 million or greater must obtain a
financial statement audit. Sec. 715.6(a). For FISCUs having less than
$500 million in assets, Sec. 715.6 gives FISCUs the choice of obtaining
a financial statement audit per Sec. 715.6(a), or one of three
alternative audit engagements set forth in Sec. 715.7. The rule
provides, however, that if the State or jurisdiction in which the
credit union is principally located prescribes an audit engagement
which is more stringent than the alternative engagements offered in
Sec. 715.7, the FISCU must comply with the State-mandated audit.
Sec. 715.6(b).\7\ As in the
[[Page 41032]]
case of FCUs, a new subsection (c) has been added to indicate that
FISCUs must meet applicable requirements elsewhere in part 715
regardless of which engagement they choose under Sec. 715.6. See
Secs. 715.8, 715.9(b) through (e), 715.10. NCUA received no comments on
the predecessor provision to this section.
---------------------------------------------------------------------------
\7\ NCUA does not define ``stringent'' except to suggest that it
might involve enhanced audit scope and depth. ``Stringent'' is not
defined in 12 U.S.C. 1782(a)(6)(C)(iii), which refers to an
accounting principle that is ``no less stringent'' than GAAP.
In comparison to NCUA's current supervisory committee audit
rule, Sec. 701.12, State-prescribed audits for credit unions
generally fall into three categories: (1) States which prescribe
audits substantially similar to 12 U.S.C. 1761d and/or Sec. 701.12;
(2) States which prescribe audits which differ in some respects from
12 U.S.C. 1761d and/or Sec. 701.12, but which are not necessarily
``more stringent,'' including four States which determine the type
of audit by asset size, e.g., Mich. Comp. Laws Sec. 490.11(2); and
(3) States in which a financial statement audit is prescribed for
certain credit unions.
---------------------------------------------------------------------------
Section 715.7--Supervisory Committee Audit Alternatives To a Financial
Statement Audit
This section establishes alternative supervisory committee audit
engagements for federally-insured credit unions that are not required
by virtue of asset size to obtain a financial statement audit, and that
otherwise do not voluntarily elect to obtain a financial statement
audit.
``Opinion on the balance sheet.'' Like a financial statement audit,
this engagement, also known as a ``balance sheet audit,'' must be
performed in accordance with GAAS by a person who is licensed under
State law to do so. Sec. 715.7(a). This engagement consists of an
examination of assets, liabilities and equity and requires an opinion
by the auditor on the fairness of the balance sheet only. Apart from
the basis of accounting required, see Sec. 715.2(a), this option is
identical to that of the same name proposed for other federally-insured
financial institutions by the FFIEC. FFIEC Policy Statement, 63 F.R. at
7797, 7800.
Five commenters addressed the ``balance sheet audit'' option. One
commenter fully supported the option. One characterized it as a step
backwards due to insufficient testing of the internal control structure
and less assurance than in current Sec. 701.12. Three commenters were
cautious--one suggesting this engagement should incorporate
supplemental analytic procedures, one criticizing the limited scope and
limited assurance of this option, and one urging mandatory linkage to a
basis of accounting consistent with GAAP. NCUA believes that these
generally are matters of judgment which, to the extent possible, should
be left to the supervisory committee. Thus, the ``opinion on the
balance sheet'' is modified only to require the same basis of
accounting as that which is reflected in the credit union's Call
Reports. See discussion of Sec. 715.2(a) supra.
``Report on examination of internal control over Call Reporting.''
This engagement was originally proposed as a ``review and evaluation of
internal controls over Call Reporting,'' consisting of an examination
of management's written assertions concerning the effectiveness of
internal controls over data reported in Call Reports (NCUA Form 5300)
which addresses high risk areas. In this engagement, the auditor
produces a report on the written assertions of management. See
Sec. 715.2(j).
Ten commenters addressed the originally proposed ``review and
evaluation of internal controls over Call Reporting. One commenter
fully supported this option as written; one commenter believed it would
confuse credit unions and should be clarified; and a third opposed it
outright. The latter commenter argued that this engagement is too
limited, does not consider many areas of the financial structure, and
does not identify problems that may exist with account balances. As a
remedy, this commenter recommended that the ``review and evaluation''
be subject to attestation standards of the auditing profession--thus
allowing only licensed individuals to perform this examination--and be
increased in scope.
Seven commenters supported this audit option in a revised form.
Five argued that only external, licensed certified public accountants
under the attestation standards of the profession should be allowed to
perform this engagement. One of these commenters suggested that
attestation standards demand use of the nomenclature ``examination,''
rather than ``review,'' as these terms have different ascribed meanings
under auditing standards. This same commenter strongly recommended that
the rule clearly define the scope and level of work for this
engagement, specify the criteria for the evaluation of internal
controls, and define a ``complex'' credit union. Another commenter
argued that small credit unions lack sound internal controls and that
this engagement will not be helpful to them. This commenter also
contended that it would be difficult for credit union management to
document its internal control assertions,\8\ and that the engagement
would not yield a particularly reduced fee. This commenter joined two
others in opposing the use of differing levels of expertise for
performing this engagement--a ``State-licensed person'' if performed
for a credit union defined as ``complex,'' but only a ``qualified
person'' if not. NCUA found these comments generally persuasive and has
revised the final rule as follows.
---------------------------------------------------------------------------
\8\ In the case of a small credit union which lacks the
expertise to develop management's written assertions and is unable
to gain such expertise, this engagement would not be a viable
alternative for fulfilling its supervisory committee audit
responsibility.
---------------------------------------------------------------------------
First, the final rule renames this engagement a ``report on the
examination of internal control over Call Reporting'' and requires it
to satisfy the attestation standards of the auditing profession.
Sec. 715.7(b). Second, whereas the proposed rule was silent about the
criteria on which the review of internal controls is based, the final
rule assigns credit union management the responsibility of
``specif[ying] the criteria on which it based its evaluation of
internal controls.'' \9\
---------------------------------------------------------------------------
\9\ For example, Internal Control--Integrated Framework
published by the Committee of Sponsoring Organizations of the
Treadway Commission identifies an entity's internal control as
consisting of five components: control environment, risk assessment,
control activities, information and communication, and monitoring.
---------------------------------------------------------------------------
Third, whereas the proposed rule prescribed the ``high risk areas''
on which this engagement concentrates--loans, investments, and cash and
deposit activity--the final rule gives management the responsibility of
designating the areas it considers high risk. However, the NCUA Board
still believes that high risk areas should most often include: lending
activities, investing activities, and cash-handling and deposit-taking
activities.
Finally, the final rule abandons the proposed two-tier approach to
the expertise required to perform this engagement, in favor of a
single, higher level of expertise. The final rule now provides that
only State-licensed persons under attestation standards of the auditing
profession may perform a ``report and examination of internal control
over Call Reporting'' regardless whether the credit union is defined as
``complex'' for prompt corrective action purposes. See CUMAA
Sec. 301(d)(2)(B) and (e)(2) (requirement to adopt definition of
``complex'' credit union).
As modified in the final rule, the ``report on examination of
internal control over Call Reporting'' is comparable to the FFIEC-
proposed option of an ``attestation report on
[[Page 41033]]
internal control assertions.'' 63 FR at 7797, 7800.
``Supervisory Committee Guide audit.'' This engagement follows an
audit program prescribed in NCUA's Supervisory Committee Guide (Guide),
as revised to conform to part 715, and is similar to a ``Directors'
Examination'' used by some Federally-insured banks. The Guide
engagement is the only audit alternative under the final rule that can
be performed either by a ``State-licensed person'' or by a ``qualified
person'' who is not licensed. As revised, the Guide will provide
guidance regarding the minimum scope and procedures of the engagement,
and clearly distinguish a Guide engagement from a financial statement
audit engagement.
Eleven comments addressed the Guide option. Two advocated limiting
performance of the Guide engagement to ``State-licensed persons.'' The
NCUA Board disagrees because this is directly contrary to the objective
of providing a supervisory committee audit option that can be performed
by individuals who are not ``State-licensed.'' The Guide engagement
accomplishes this objective.
Five of the commenters asked that NCUA issue the proposed Guide for
public comment before finalizing it. Because it is likely that the
Guide will be revised periodically, NCUA has decided to issue the Guide
as a manual rather than as a rule. As such, the Guide will not be
issued for public comment. Three commenters strongly encouraged NCUA to
write the Guide so that it conforms to auditing standards governing an
``agreed-upon procedures'' engagement, thereby permitting ``State-
licensed persons'' to perform this engagement. To achieve this
objective in revising the Guide, and in lieu of soliciting public
comment, NCUA is seeking the assistance of the Credit Unions Committee
of the American Institute of Certified Public Accountants in
identifying appropriate minimum procedures to append to the Guide.
A commenter suggested that the Guide audit be available only to
credit unions under $50 million in assets, and another encouraged NCUA
to tailor the Guide audit program according to asset size. NCUA
declines both suggestions. Although NCUA prefers to make the Guide
audit universally available to all credit unions regardless of asset
size, experience indicates that it is the option most often chosen by
credit unions which are relatively small in asset size. NCUA also
prefers to offer a uniform audit program regardless of asset size. NCUA
believes that an audit program which varies by asset size is unworkable
and would substitute the regulator's judgment for that which is
properly reserved to the supervisory committee.
Choice among audit options. One commenter suggested that the final
rule should provide guidance as to which audit option is appropriate
for a credit union which is not required to obtain a financial
statement audit--a voluntary-chosen ``financial statement audit,'' a
``balance sheet audit,'' a ``report on examination of internal controls
over Call Reporting,'' or a ``Supervisory Committee Guide audit.'' The
NCUA Board declines to provide such guidance, believing instead that it
is the supervisory committee's responsibility to obtain the highest
level of supervisory committee audit service that is consistent with
the credit union's size, the nature and scope of its activities, and
any compensating internal controls. Cost of service alone should not be
the deciding factor in this decision. Cost should be one among many
factors the supervisory committee thoughtfully considers when weighing
the purpose and benefit of each audit alternative. A supervisory
committee which is unfamiliar with distinctions among the different
types of audits should seek the advice of an independent accountant in
choosing among them.
December 1998 NCUA Call Report data shows that 80% of Federally-
insured credit unions above $50 million in assets already obtain a
financial statement audit voluntarily. NCUA encourages all credit
unions, regardless of asset size, to obtain financial statement audits,
but recognizes that financial statement audits may not be practical for
all credit unions. Accordingly, the final rule seeks to preserve less
burdensome audit alternatives for credit unions that do not obtain
financial statement audits, without compromising the Supervisory
Committee's ability to carry out its oversight responsibilities.
D. Verification of Accounts
Section 715.8--Requirements for Verification of Accounts and Passbooks
As mandated by 12 U.S.C. 1761d, this section requires the
Supervisory Committee to conduct a verification of the passbooks and
accounts of the members against the records of the credit union at
least once every two years. One commenter urged removing proposed
language requiring the auditor to ``provide assurance'' or draw
conclusions in reference to both the statistical and non-statistical
methods of verification. NCUA agrees with regard to the statistical
sampling methods under Sec. 715.8(b)(2), but disagrees with regard to
the non-statistical methods under Sec. 715.8(b)(3).
Consistent with State licensing requirements, NCUA prohibits
persons who are not ``State-licensed'' from providing assurance
services in connection with a verification. Sec. 715.7(c). Because a
``controlled verification,'' Sec. 715.8(b)(1), and statistical sampling
methods, Sec. 715.8(b)(2), may be performed by persons who are not
``State-licensed,'' the ``assurance'' language has been removed from
Sec. 715.8(b)(2)(iv). Because non-statistical sampling methods
consistent with GAAS, Sec. 715.8(b)(3), may be performed only by a
``State-licensed person,'' who is authorized to provide assurance
services, the ``assurance'' language remains intact in
Sec. 715.8(b)(3)(i).
E. Other Audit Requirements
Section 715.9--Assistance From Outside Compensated Person
This section sets the independence and engagement letter
requirements that are triggered when the Supervisory Committee engages
an outside person who is compensated to perform, or to assist in the
performance of, a supervisory committee audit under this part.
Paragraph (a) concerns the auditor's independence from credit union
officials. Although NCUA received no comments on this provision, it has
determined that the definition of persons ``unrelated to officials'' of
the credit union (i.e., persons who qualify as independent of credit
union officials) was too narrow with respect to relatives of credit
union employees. This made the category of persons not sufficiently
independent of credit union officials overinclusive. Accordingly, the
final rule provides that a compensated auditor ``shall not be related
by blood or marriage to any management employee * * * of the credit
union,'' and eliminates as redundant the list of blood and marital
relations. Sec. 715.9(a) (emphasis added).
Paragraph (b) sets forth the general requirement for an engagement
letter between the Supervisory Committee and the outside auditor
memorializing the terms and conditions of the audit engagement. Two
commenters sought clarification of the requirement that ``the
engagement must be contracted with the supervisory committee,''
Sec. 715.9(b), suggesting the possibility that the supervisory
committee may not have the authority to contract for the audit. The
NCUA Board disagrees, believing that the supervisory committee's
authority to contract for the credit union's audit is clear from the
language of the FCUA,
[[Page 41034]]
which provides that ``the supervisory committee shall make or cause to
be made an annual audit.'' 12 U.S.C. 1761d.
Paragraph (c) sets forth the required contents of an engagement
letter. Proposed paragraph (c)(6) required the engagement letter to
``specify a target date of delivery'' for the audit report. At the
suggestion of an auditing industry trade association, this provision
has been revised to prescribe a fixed target date of delivery ``not to
exceed 120 days from date of calendar or fiscal year-end under audit
(period covered), unless the supervisory committee obtains a waiver
from the supervising NCUA Regional Director.'' Sec. 715.9(c)(6). NCUA
believes that prescribing a uniform fixed date of delivery, rather than
allowing the date to be set on an engagement-by-engagement basis, will
improve the consistency and efficiency of the auditing process.
To avert post-engagement disputes between the credit union and its
outside auditor, proposed paragraphs (d) and (e) together mirrored the
current rule, Sec. 701.12(d)(2)-(3), in requiring an auditor to certify
in the engagement letter when all items within the scope of a
supervisory committee audit will be addressed in the engagement, and
conversely, to identify any items that will be excluded from the
engagement. The final rule is revised to reflect that certification of
complete scope is redundant with respect to three types of audit
engagements under part 715--the financial statement audit, the balance
sheet audit, and the report on examination of internal control over
Call Reporting--because reporting standards under GAAS and attestation
standards, respectively, for those engagements already would require
any excluded items to be reflected in the level of assurance the
independent accountant provides in rendering an opinion. In contrast,
the Supervisory Committee Guide audit engagement available under part
715 does not by definition include all items within the scope of the
engagement. Therefore, with regard to that engagement only, the final
rule still requires the auditor to certify the completeness of scope
or, conversely, to specify the exclusions from the scope of the
engagement. Sec. 715.9(d) and (e).
In the case of a Guide engagement, for example, the auditor and the
supervisory committee may by agreement exclude the allowance for loan
losses from the scope of the engagement. In that event, paragraph (e)
would require the engagement letter to specify the excluded items.
Section 715.10--Audit Report and Working Paper Maintenance and Access
This section addresses the procedure for distributing the audit
report produced either by the Supervisory Committee or by an outside
person who performed the audit, and the responsibility for maintenance
of, and access to, the auditor's ``working papers'' once the engagement
is complete. Whereas the proposed rule expressly stated that credit
union members must be provided with ``a report of the results of an
audit at the next annual meeting,'' the final rule provides that
members must be provided with a ``summary'' of the results of the
audit, ``orally or in writing''. Sec. 715.10(a). The purpose of this
revision is to indicate that credit unions need not provide members a
written, abridged version of the audit report itself.
One commenter suggested that NCUA specify minimum information to be
included in a report (or summary) of the results of the audit. Although
NCUA has not experienced problems of insufficient disclosure of audit
results, the final rule nonetheless includes a remedy: ``If a member so
requests, the Supervisory Committee shall provide the member access to
the full audit report,'' Sec. 715.10(b), although the member would not
necessarily have a right to a copy of the report.
Paragraph (b) concerns maintenance of, and access to, audit working
papers. Sec. 701.10(e)(2). Two commenters sought a commitment from
NCUA, either by rule or otherwise, to maintain the confidentiality of
working papers to which it is given access under this section. Such a
commitment is not necessary because audit workpapers fall within the
scope of confidential, commercial and financial information protected
from disclosure by NCUA regulations, except to other government
agencies and as required by law. 12 CFR 792.11(a)(4) and (8), 792.30,
792.60.
F. Sanctions and Remedies
Section 715.11--Sanctions for Failure To Comply With This Part
This section authorizes NCUA to reject an audit or to impose formal
administrative sanctions when a Supervisory Committee or its
independent compensated auditor violates a provision of this part or a
provision of an engagement letter prescribed by this part. Although
NCUA received no substantive comments on this section, the final rule
has been revised in two ways. First, to provide that when a regional
director rejects an audit, he or she must ``provide a reasonable
opportunity to correct the deficiencies.'' Sec. 715.11(a)(1). Second,
to clarify that this section applies to FISCUs, the final rule cites
section 741.202 of chapter VII as authority. Sec. 715.11(b).
Section 715.12--Statutory Audit Remedies for Federal Credit Unions
This section provides the NCUA Board with a pair of additional
remedies which, if certain conditions are met, apply to federally-
chartered credit unions by statute, 12 U.S.C. 1782(a)(6)(A), and to
State-chartered credit unions by regulation. 12 CFR 701.13(a)(2). The
remedies are the authority to compel a credit union in this category to
have its audit performed by a State-licensed person, Sec. 715.12(a), or
to compel the credit union to obtain a financial statement audit even
when it is not otherwise required to do so. Sec. 715.12(b). NCUA
received a single comment on this section, cautioning that these
sanctions alone, when imposed against a small credit union, could drive
that credit union into liquidation. NCUA emphasizes in response its
commitment to chartering and continued growth of small credit unions
when feasible, and to considering all circumstances in imposing lawful
sanctions and remedies under this section. Finally, this section has
been modified in the last sentence to indicate that, in addition to a
``adverse opinion,'' a ``disclaimer of opinion'' should be an exception
to the objective of producing an unqualified opinion. Sec. 71512(b).
G. Appropriation for Non-conforming Investments
Section 741.3--Criteria
Although not raised in the proposed rule, Sec. 741.3(a)(3) is
revised in the final rule to conform to a change in the technical
nomenclature used in NCUA's Call Report (NCUA Form 5300). The phrases
``Investment Valuation Reserve Account'' and ``Investment Valuation
Reserve'' both are renamed the ``Appropriation for Non-conforming
Investments''. This account receives appropriated funds from undivided
earnings in amounts by which investment fair value exceeds book value
in FISCUs that hold investments which would be impermissible
investments for an FCU to hold, i.e., non-conforming investments. As
the auditing industry trade association suggested, this change more
appropriately reflects the function and composition of the account
under GAAP.
[[Page 41035]]
H. Call Reporting Requirements
Section 741.6--Financial and Statistical and Other Reports
This section sets deadlines for filing Call Reports with NCUA and
implements the statutory mandate that Call Reports filed by credit
unions having assets of $10 million or more must be consistent with
GAAP. 12 U.S.C. 1782(a)(6)(C)(i). The proposed rule required that such
Call Reports ``reflect measurement principles consistent with GAAP.''
An auditing industry trade association encouraged NCUA to specify other
principles of GAAP in addition to ``measurement principles.'' Instead
of identifying specific principles of GAAP, however, NCUA has concluded
that it is consistent with CUMAA to simply require Call Reporting to
``reflect GAAP'' without further specification. Sec. 741.6(b). Because
NCUA received no other comments on this section, it is otherwise
unchanged.
I. Comments of Principal Trade Associations
Internal Auditing Industry
The principal trade association of the internal auditing industry
agreed with the intent of the proposed rule but disagreed with its
implementation, advocating that certain requirements of the rule can be
met only by internal auditors. The association urged the NCUA to
relieve untrained, unpaid supervisory committee volunteers of the
burden of meeting those requirements. Seeking a niche for internal
auditors, the trade association further proposed to replace the
regulatory scheme in part 715 with a hierarchy of both mandatory
internal and external audit requirements based on six asset size
categories. Depending on the category in which a credit union falls,
the hierarchy prescribes an examination period ranging between 12 and
36 months, the option or requirement to conduct an internal audit, and
different supervisory committee audit alternatives available in each
category.
While NCUA appreciates the constructive input of the internal
auditing industry trade association, it is not prepared at this
juncture to tailor auditing requirements by asset size, to prescribe
examination periods of varying lengths, to mandate an internal audit
function, or to designate particular types of audits available under
different asset categories. Rather, the NCUA's objective in part 715 is
to implement the auditing requirements of CUMAA and to establish for
federally-insured credit unions having less than $500 million in assets
a uniform structure of universally available alternatives to fulfill
the supervisory committee audit responsibility. All but one of these
alternatives may be performed only by State-licensed auditors.
Principal Banking Industry Trade Association
In sum, the principal banking industry trade association contends
that while the proposed rule fulfills the requirements of CUMAA, those
requirements still are much less stringent than those to which banks
are held. Many of the points raised by the trade association were
raised by other commenters and are addressed earlier in this preamble.
Apart from these points, the trade association complains that even
though part 715 complies with CUMAA, it still is less stringent than
audit requirements imposed on banks; that although not required to do
so, NCUA should require the Call Reports of credit unions having less
than $10 million in assets to reflect GAAP; that the statutory minimum
audit requirements should be addressed in a rule which is entirely
separate from part 715, which as proposed purportedly is ``missing
critical elements''; that many of the definitions in part 715 are
deficient and many terms used in the rule are undefined; that the
Supervisory Committee's responsibilities need to be ``clarified and
strengthened''; and that the standards and scope provisions of the
current rule, Sec. 701.12(c)(2) and (3), should be retained in part 715
and in the Supervisory Committee Guide.
In general, the trade association's views are fundamentally
contrary to NCUA's objectives in part 715. Whereas NCUA wishes to
faithfully implement the minimum audit requirements of CUMAA, the trade
association apparently wants to hold credit unions to a standard
approaching that which applies to the institutions which are its
members. To do so would impose an unwarranted burden on credit unions.
Rather, NCUA's objective in part 715 is to serve the distinctive needs
of credit unions for simplicity, choice and flexibility in the auditing
process, consistent with the supervisory committee's oversight
responsibility and NCUA's duty to protect the National Credit Union
Share Insurance Fund.
Regulatory Procedures
Regulatory Flexibility Act
The Regulatory Flexibility Act requires NCUA to prepare an analysis
to describe any significant economic impact a proposed regulation may
have on a substantial number of small credit unions (primarily those
under $1 million in assets). The NCUA Board has determined and
certifies that the final rule will not have a significant economic
impact on a substantial number of small credit unions. Thus, a
Regulatory Flexibility Analysis is not required.
Paperwork Reduction Act
The final rule imposes no additional information collection
requirements beyond those in the current rule it replaces. Therefore,
no Paperwork Reduction Act analysis is required.
Executive Order 12612
Executive Order 12612 requires NCUA to consider the effect of its
actions on state interests. The final rule will not have a substantial
direct effect on the states, on the relationship between the national
government and the states, or on the distribution of rights and
responsibilities among the various levels of government.
List of Subjects
12 CFR Parts 710 and 741
Credit unions, Reporting and recordkeeping requirements.
12 CFR Part 715
Audits, Credit unions, Reporting and recordkeeping requirements,
Supervisory committee.
By the National Credit Union Administration Board on July 22,
1999.
Becky Baker,
Secretary of the Board.
Accordingly, 12 CFR parts 701, 715 and 741 are amended as set forth
below:
PART 701--ORGANIZATION AND OPERATION OF FEDERAL CREDIT UNIONS
1. The authority citation for part 701 continues to read as
follows:
Authority: 12 U.S.C. 1752(5), 1755, 1756, 1757, 1759, 1761a,
1761b, 1766, 1767, 1782, 1784, 1787, 1789 and 1798. Section 701.6 is
also authorized by 31 U.S.C. 3717. Section 701.31 is also authorized
by 15 U.S.C. 1601 et seq.; 42 U.S.C. 1981 and 3601-3610. Section
701.35 is also authorized by 42 U.S.C. 4311-4312.
Secs. 701.12 and 701.13 [Removed]
2. Sections 701.12 and 701.13 are removed.
3. Part 715 is added to read as follows:
PART 715--SUPERVISORY COMMITTEE AUDITS AND VERIFICATIONS
Sec.
715.1 Scope of this part.
715.2 Definitions used in this part.
[[Page 41036]]
715.3 General responsibilities of the Supervisory Committee.
715.4 Audit responsibility of the Supervisory Committee.
715.5 Audit of Federal Credit Unions.
715.6 Audit of Federally-insured State-chartered credit unions.
715.7 Supervisory Committee audit alternatives to a financial
statement audit.
715.8 Requirements for verification of accounts and passbooks.
715.9 Assistance from outside, compensated person.
715.10 Audit report and working paper maintenance and access.
715.11 Sanctions for failure to comply with this part.
715.12 Statutory audit remedies for Federal credit unions.
Authority: 12 U.S.C. 1761d, 1782(a)(6).
Sec. 715.1 Scope of this part.
This part implements section 202(a)(6)(D) of the Federal Credit
Union Act, 12 U.S.C. 1782(a)(6)(D), as added by section 201(a) of the
Credit Union Membership Access Act, Pub. L. No. 105-219, 112 Stat. 918
(1998). This part prescribes the responsibilities of the Supervisory
Committee to obtain an annual audit of the credit union according to
its charter type and asset size, and to conduct a verification of
members' accounts.
Sec. 715.2 Definitions used in this part.
As used in this part:
(a) Balance sheet audit refers to the examination of a credit
union's assets, liabilities, and equity under generally accepted
auditing standards (GAAS) by an independent public accountant for the
purpose of opining on the fairness of the presentation on the balance
sheet. Credit unions required to file call reports consistent with GAAP
should ensure the audited balance sheet is likewise prepared on a GAAP
basis. The opinion under this type of engagement would not address the
fairness of the presentation of the credit union's income statement,
statement of changes in equity (including comprehensive income), or
statement of cash flows.
(b) Compensated person refers to any accounting/auditing
professional, excluding a credit union employee, who is compensated for
performing more than one supervisory committee audit and/or
verification of members' accounts per calendar year.
(c) Financial statements refers to a presentation of financial
data, including accompanying notes, derived from accounting records of
the credit union, and intended to disclose a credit union's economic
resources or obligations at a point in time, or the changes therein for
a period of time, in conformity with GAAP, as defined herein, or
regulatory accounting procedures. Each of the following is considered
to be a financial statement: a balance sheet or statement of financial
condition; statement of income or statement of operations; statement of
undivided earnings; statement of cash flows; statement of changes in
members' equity; statement of revenue and expenses; and statement of
cash receipts and disbursements.
(d) Financial statement audit (also known as an ``opinion audit'')
refers to an audit of the financial statements of a credit union
performed in accordance with GAAS by an independent person who is
licensed by the appropriate State or jurisdiction. The objective of a
financial statement audit is to express an opinion as to whether those
financial statements of the credit union present fairly, in all
material respects, the financial position and the results of its
operations and its cash flows in conformity with GAAP, as defined
herein, or regulatory accounting practices.
(e) GAAP is an acronym for ``generally accepted accounting
principles'' which refers to the conventions, rules, and procedures
which define accepted accounting practice. GAAP includes both broad
general guidelines and detailed practices and procedures, provides a
standard by which to measure financial statement presentations, and
encompasses not only accounting principles and practices but also the
methods of applying them.
(f) GAAS is an acronym for ``generally accepted auditing
standards'' which refers to the standards approved and adopted by the
American Institute of Certified Public Accountants which apply when an
``independent, licensed certified public accountant'' audits financial
statements. Auditing standards differ from auditing procedures in that
``procedures'' address acts to be performed, whereas ``standards''
measure the quality of the performance of those acts and the objectives
to be achieved by use of the procedures undertaken. In addition,
auditing standards address the auditor's professional qualifications as
well as the judgment exercised in performing the audit and in preparing
the report of the audit.
(g) Independent means the impartiality necessary for the
dependability of the compensated auditor's findings. Independence
requires the exercise of fairness toward credit union officials,
members, creditors and others who may rely upon the report of a
supervisory committee audit report.
(h) Internal control refers to the process, established by the
credit union's board of directors, officers and employees, designed to
provide reasonable assurance of reliable financial reporting and
safeguarding of assets against unauthorized acquisition, use, or
disposition. A credit union's internal control structure consists of
five components: control environment; risk assessment; control
activities; information and communication; and monitoring. Reliable
financial reporting refers to preparation of Call Reports (NCUA Forms
5300 and 5310) that meet management's financial reporting objectives.
Internal control over safeguarding of assets against unauthorized
acquisition, use, or disposition refers to prevention or timely
detection of transactions involving such unauthorized access, use, or
disposition of assets which could result in a loss that is material to
the financial statements.
(i) Reportable conditions refers to a matter coming to the
attention of the independent, compensated auditor which, in his or her
judgment, represents a significant deficiency in the design or
operation of the internal control structure of the credit union, which
could adversely affect its ability to record, process, summarize, and
report financial data consistent with the representations of management
in the financial statements.
(j) Report on Examination of Internal Control over Call Reporting
refers to an engagement in which an independent, licensed, certified
public accountant or public accountant, consistent with attestation
standards, examines and reports on management's written assertions
concerning the effectiveness of its internal control over financial
reporting in its most recently filed semiannual or year-end Call
Report, with a concentration in high risk areas. For credit unions,
such high risk areas most often include: lending activity; investing
activity; and cash handling and deposit-taking activity.
(k) State-licensed person refers to a certified public accountant
or public accountant who is licensed by the State or jurisdiction where
the credit union is principally located to perform accounting or
auditing services for that credit union.
(l) Supervisory committee refers to a supervisory committee as
defined in Section 111(b) of the Federal Credit Union Act, 12 U.S.C.
1786(r). For some federally-insured state chartered credit unions, the
``audit committee'' designated by state statute or regulation is the
equivalent of a supervisory committee.
[[Page 41037]]
(m) Supervisory committee audit refers to an engagement under
either Sec. 715.5 or Sec. 715.6 of this part.
(n) Working papers refers to the principal record, in any form, of
the work performed by the auditor and/or supervisory committee to
support its findings and/or conclusions concerning significant matters.
Examples include the written record of procedures applied, tests
performed, information obtained, and pertinent conclusions reached in
the engagement, proprietary audit programs, analyses, memoranda,
letters of confirmation and representation, abstracts of credit union
documents, reviewer's notes, if retained, and schedules or commentaries
prepared or obtained in the course of the engagement.
Sec. 715.3 General responsibilities of the Supervisory Committee.
(a) Basic. The supervisory committee is responsible for ensuring
that the board of directors and management of the credit union--
(1) Meet required financial reporting objectives;
(2) And establish practices and procedures sufficient to safeguard
members' assets.
(b) Specific. To carry out the responsibilities set forth in
paragraph (a) of this section, the supervisory committee must determine
whether:
(1) Internal controls are established and effectively maintained to
achieve the credit union's financial reporting objectives which must be
sufficient to satisfy the requirements of the supervisory committee
audit, verification of members' accounts and its additional
responsibilities;
(2) The credit union's accounting records and financial reports are
promptly prepared and accurately reflect operations and results;
(3) The relevant plans, policies, and control procedures
established by the board of directors are properly administered; and
(4) Policies and control procedures are sufficient to safeguard
against error, conflict of interest, self-dealing and fraud.
(c) Mandates. In carrying out the responsibilities set forth in
paragraphs (a) and (b) of this section, the Supervisory Committee must:
(1) Ensure that the credit union adheres to the measurement and
filing requirements for reports filed with the NCUA Board under
Sec. 741.6 of this chapter;
(2) Perform or obtain a supervisory committee audit, as prescribed
in Sec. 715.4 of this part;
(3) Verify or cause the verification of members' passbooks and
accounts against the records of the credit union, as prescribed in
Sec. 715.8 of this part;
(4) Act to avoid imposition of sanctions for failure to comply with
the requirements of this part, as prescribed in Sec. 715.11 and
Sec. 715.12 of this part.
Sec. 715.4 Audit responsibility of the Supervisory Committee.
(a) Annual audit requirement. A federally-insured credit union is
required to obtain an annual supervisory committee audit which occurs
at least once every calendar year (period of performance) and must
cover the period elapsed since the last audit period (period
effectively covered).
(b) Financial statement audit option. Any federally-insured credit
union, whether Federally- or State-chartered and regardless of asset
size, may choose to fulfill its Supervisory Committee audit
responsibility by obtaining an annual audit of its financial statements
performed in accordance with GAAS by an independent person who is
licensed to do so by the State or jurisdiction in which the credit
union is principally located. (A ``financial statement audit'' is
distinct from a ``supervisory committee audit,'' although a financial
statement audit is included among the options for fulfilling the
supervisory committee audit requirement. Compare Sec. 715.2(c) and
(j).)
(c) Other audit options. A federally insured credit union which
does not choose to obtain a financial statement audit as permitted by
subsection (b) must fulfill its supervisory audit responsibility under
either of Sec. 715.5 or Sec. 715.6 of this part, whichever is
applicable. See Table 1. For purposes of this part, a credit union's
asset size is the amount of total assets reported in the year-end Call
Report (NCUA form 5300) filed for the calendar year-end immediately
preceding the period under audit.
[[Page 41038]]
[GRAPHIC] [TIFF OMITTED] TR29JY99.000
\1\ The Supervisory Committee audit responsibility under Part
715 can always be fulfilled by obtaining a financial statement
audit. Sec. 715.4(b).
Sec. 715.5 Audit of Federal Credit Unions.
(a) Total assets of $500 million or greater. To fulfill its
Supervisory Committee audit responsibility, a federal credit union
having total assets of $500 million or greater must obtain an annual
audit of its financial statements performed in accordance with GAAS by
an independent person who is licensed to do so by the State or
jurisdiction in which the credit union is principally located.
(b) Total assets of less than $500 million but more than $10
million. To fulfill its Supervisory Committee audit responsibility, a
Federally-chartered credit union having total assets of less than $500
million but more than $10 Million which does not choose to obtain an
audit under Sec. 715.5(a), must obtain an annual supervisory committee
audit as prescribed in Sec. 715.7.
(c) Total assets of $10 million or less. To fulfill its Supervisory
Committee audit responsibility, a Federally-chartered credit union
having total assets of $10 million or less must obtain an annual
Supervisory Committee audit as prescribed in Sec. 715.7.
(d) Other requirements. A federally chartered credit union,
regardless of which audit it is required to obtain under this section,
must meet other applicable requirements of this part.
Sec. 715.6 Audit of Federally-insured State-chartered credit unions.
(a) Total assets of $500 million or greater. To fulfill its
Supervisory Committee audit responsibility, a federally-insured State-
chartered credit union having total assets of $500 million or greater
must obtain an annual audit of its financial statements performed in
accordance with GAAS by an independent person who is licensed to do so
by the State or jurisdiction in which the credit union is principally
located.
(b) Total assets of less than $500 million. To fulfill its
Supervisory Committee audit responsibility, a federally-insured State-
chartered credit union having total assets of less than $500 million
must obtain either an annual supervisory committee audit as prescribed
under either Sec. 715.6(a) or Sec. 715.7, or an audit as prescribed by
the State or jurisdiction in which the credit union is principally
located, whichever audit is more stringent.
(c) Other requirements. A federally-insured, state-chartered credit
union, regardless of which audit it is required to obtain under this
section, must meet other applicable requirements of this part except
Secs. 715.5 and 715.12.
Sec. 715.7 Supervisory Committee audit alternatives to a financial
statement audit.
A credit union which is not required to obtain a financial
statement audit may fulfill its supervisory committee responsibility by
any one of the following engagements:
(a) Balance sheet audit. A balance sheet audit, as defined in
Sec. 715.2(a), performed by a person who is licensed to do so by the
State or jurisdiction in which the credit union is principally located;
or
(b) Report on Examination of Internal Control over Call Reporting.
An engagement and report on management's written assertions concerning
the effectiveness of internal control over financial reporting in the
credit union's most recently filed semiannual or year-end call report
(NCUA Form 5300), as defined in Sec. 715.2(j), performed by a person
who is licensed to do so by the State or jurisdiction in which the
credit union is principally located, and in which management specifies
the criteria on which it based its evaluation of internal control; or
(c) Audit per Supervisory Committee Guide. An audit performed by
the supervisory committee, its internal auditor, or any other qualified
person (such as a certified public accountant, public accountant,
league auditor, credit union auditor consultant, retired financial
institutions examiner, etc.) in accordance with the procedures
prescribed in NCUA's Supervisory Committee Guide. Qualified persons who
are not State-licensed cannot provide assurance services under this
subsection.
[[Page 41039]]
Sec. 715.8 Requirements for verification of accounts and passbooks.
(a) Verification obligation. The Supervisory Committee shall, at
least once every two years, cause the passbooks (including any book,
statements of account, or other record approved by the NCUA Board) and
accounts of the members to be verified against the records of the
treasurer of the credit union.
(b) Methods. Any of the following methods may be used to verify
members' passbooks and accounts, as appropriate:
(1) Controlled verification. A controlled verification of 100
percent of members' share and loan accounts;
(2) Statistical method. A sampling method which provides for:
(i) Random selection:
(ii) A sample which is representative of the population from which
it was selected;
(iii) An equal chance of selecting each dollar in the population;
(iv) Sufficient accounts in both number and scope on which to base
conclusions concerning management's financial reporting objectives; and
(v) Additional procedures to be performed if evidence provided by
confirmations alone is not sufficient.
(3) Non-statistical method. When the verification is performed by
an Independent person licensed by the State or jurisdiction in which
the credit union is principally located, the auditor may choose among
the sampling methods set forth in paragraphs (b)(1) and (2) of this
section and non-statistical sampling methods consistent with GAAS if
such methods provide for:
(i) Sufficient accounts in both number and scope on which to base
conclusions concerning management's financial reporting objectives to
provide assurance that the General Ledger accounts are fairly stated in
relation to the financial statements taken as a whole;
(ii) Additional procedures to be performed by the auditor if
evidence provided by confirmations alone is not sufficient; and
(iii) Documentation of the sampling procedures used and of their
consistency with GAAS (to be provided to the NCUA Board upon request).
(c) Retention of records. The supervisory committee must retain the
records of each verification of members' passbooks and accounts until
it completes the next verification of members' passbooks and accounts.
Sec. 715.9 Assistance from outside, compensated person.
(a) Unrelated to officials. A compensated auditor who performs a
Supervisory Committee audit on behalf of a credit union shall not be
related by blood or marriage to any management employee, member of
either the board of directors, the Supervisory Committee or the credit
committee, or loan officer of that credit union.
(b) Engagement letter. The engagement of a compensated auditor to
perform all or a portion of the scope of a financial statement audit or
supervisory committee audit shall be evidenced by an engagement letter.
In all cases, the engagement must be contracted directly with the
Supervisory Committee. The engagement letter must be signed by the
compensated auditor and acknowledged therein by the Supervisory
Committee prior to commencement of the engagement.
(c) Contents of letter. The engagement letter shall:
(1) Specify the terms, conditions, and objectives of the
engagement;
(2) Identify the basis of accounting to be used;
(3) If a Supervisory Committee Guide audit, include an appendix
setting forth the procedures to be performed;
(4) Specify the rate of, or total, compensation to be paid for the
audit;
(5) Provide that the auditor shall, upon completion of the
engagement, deliver to the Supervisory Committee a written report of
the audit and notice in writing, either within the report or
communicated separately, of any internal control reportable conditions
and/or irregularities or illegal acts, if any, which come to the
auditor's attention during the normal course of the audit (i.e., no
notice required if none noted);
(6) Specify a target date of delivery of the written reports, such
target date not to exceed 120 days from date of calendar or fiscal
year-end under audit (period covered), unless the supervisory committee
obtains a waiver from the supervising NCUA Regional Director;
(7) Certify that NCUA staff and/or the State credit union
supervisor, or designated representatives of each, will be provided
unconditional access to the complete set of original working papers,
either at the offices of the credit union or at a mutually agreed upon
location, for purposes of inspection; and
(8) Acknowledge that working papers shall be retained for a minimum
of three years from the date of the written audit report.
(d) Complete scope. If the engagement is to perform a Supervisory
Committee Guide audit intended to fully meet the requirements of
Sec. 715.7(c), the engagement letter shall certify that the audit will
address the complete scope of that engagement;
(e) Exclusions from scope. If the engagement is to perform a
Supervisory Committee Guide audit which will exclude any item required
by the applicable section, the engagement letter shall:
(1) Identify the excluded items;
(2) State that, because of the exclusion(s), the resulting audit
will not, by itself, fulfill the scope of a supervisory committee
audit; and
(3) Caution that the supervisory committee will remain responsible
for fulfilling the scope of a supervisory committee audit with respect
to the excluded items.
Sec. 715.10 Audit report and working paper maintenance and access.
(a) Audit report. Upon completion and/or receipt of the written
report of a financial statement audit or a supervisory committee audit,
the Supervisory Committee must verify that the audit was performed and
reported in accordance with the terms of the engagement letter
prescribed herein. The Supervisory Committee must submit the report(s)
to the board of directors, and provide a summary of the results of the
audit to the members of the credit union orally or in writing at the
next annual meeting of the credit union. If a member so requests, the
Supervisory Committee shall provide the member access to the full audit
report. If the National Credit Union Administration (``NCUA'') so
requests, the Supervisory Committee shall provide NCUA a copy of each
of the audit reports it receives or produces.
(b) Working papers. The supervisory committee shall be responsible
for preparing and maintaining, or making available, a complete set of
original working papers supporting each supervisory committee audit.
The supervisory committee shall, upon request, provide NCUA staff
unconditional access to such working papers, either at the offices of
the credit union or at a mutually agreeable location, for purposes of
inspecting such working papers.
Sec. 715.11 Sanctions for failure to comply with this part.
(a) Sanctions. Failure of a supervisory committee and/or its
independent compensated auditor or other person to comply with the
requirements of this section, or the terms of an engagement letter
required by this section, is grounds for:
(1) The regional director to reject the supervisory committee audit
and provide a reasonable opportunity to correct deficiencies;
(2) The regional director to impose the remedies available in
Sec. 715.12, provided
[[Page 41040]]
any of the conditions specified therein is present; and
(3) The NCUA Board to seek formal administrative sanctions against
the supervisory committee and/or its independent, compensated auditor
pursuant to section 206(r) of the Federal Credit Union Act, 12 U.S.C.
1786(r).
(b) State Charters. In the case of a federally-insured state
chartered credit union, NCUA shall provide the state regulator an
opportunity to timely impose a remedy satisfactory to NCUA before
exercising it authority under Sec. 741.202 of this chapter to impose a
sanction permitted under paragraph (a) of this section.
Sec. 715.12 Statutory audit remedies for Federal credit unions.
(a) Audit by alternative licensed person. The NCUA Board may compel
a federal credit union to obtain a supervisory committee audit which
meets the minimum requirements of Sec. 715.5 or Sec. 715.7, and which
is performed by an independent person who is licensed by the State or
jurisdiction in which the credit union is principally located, for any
fiscal year in which any of the following three conditions is present:
(1) The Supervisory Committee has not obtained an annual financial
statement audit or performed a supervisory committee audit; or
(2) The Supervisory Committee has obtained a financial statement
audit or performed a supervisory committee audit which does not meet
the requirements of part 715 including those in Sec. 715.8.
(3) The credit union has experienced serious and persistent
recordkeeping deficiencies as defined in paragraph (c) of this section.
(b) Financial statement audit required. The NCUA Board may compel a
federal credit union to obtain a financial statement audit performed in
accordance with GAAS by an independent person who is licensed by the
State or jurisdiction in which the credit union is principally located
(even if such audit is not required by Sec. 715.5), for any fiscal year
in which the credit union has experienced serious and persistent
recordkeeping deficiencies as defined in paragraph (c) of this section.
The objective of a financial statement audit performed under this
paragraph is to reconstruct the records of the credit union sufficient
to allow an unqualified or, if necessary, a qualified opinion on the
credit union's financial statements. An adverse opinion or disclaimer
of opinion should be the exception rather than the norm.
(c) ``Serious and persistent recordkeeping deficiencies.'' A
record-keeping deficiency is ``serious'' if the NCUA Board reasonably
believes that the board of directors and management of the credit union
have not timely met financial reporting objectives and established
practices and procedures sufficient to safeguard members' assets. A
serious recordkeeping deficiency is ``persistent'' when it continues
beyond a usual, expected or reasonable period of time.
PART 741--REQUIREMENTS FOR INSURANCE
4. The authority citation for part 741 continues to read as
follows:
Authority: 12 U.S.C. 1757, 1766, and 1781-1790. Section 741.4 is
also authorized by 31 U.S.C. 3717.
Sec. 741.3 [Amended]
5. Section 741.3 is amended to change both the phrase ``Investment
Valuation Reserve Account'' and the phrase ``Investment Valuation
Reserve'' in paragraph (a)(3) to ``Appropriation for Non-conforming
Investments''.
6. Section 741.6 is amended to change the phrase in paragraph (a)
from ``before January 31 and on or before July 31'' to ``before January
22 and on or before July 22''; and to redesignate paragraph (b) as
paragraph (d) and to add paragraphs (b) and (c) to read as follows:
Sec. 741.6 Financial and statistical and other reports.
* * * * *
(b) Consistency with GAAP. The accounts of financial statements and
reports required to be filed quarterly or semiannually under paragraph
(a) of this section must reflect GAAP if the credit union has total
assets of $10 million or greater, but may reflect regulatory accounting
principles other than GAAP if the credit union has total assets of less
than $10 million (except that a Federally-insured State-chartered
credit union may be required by its state credit union supervisor to
follow GAAP regardless of asset size).
(c) GAAP sources. GAAP means generally accepted accounting
principles, as defined in Sec. 715.2(e) of this chapter. GAAP is
distinct from GAAS, which means generally accepted auditing standards,
as defined in Sec. 715.2(f) of this chapter. Authoritative sources of
GAAP include, but are not limited to, pronouncements of the Financial
Accounting Standards Board (FASB) and its predecessor organizations,
the Accounting Standards Executive Committee (AcSEC) of the American
Institute of Certified Public Accountants (AICPA), the FASB's Emerging
Issues Task Force (EITF), and the applicable AICPA Audit and Accounting
Guide.
* * * * *
Sec. 741.202 [Amended]
7. Section 741.202 is amended to change: the references in
paragraph (a) from ``requirements set forth in Secs. 701.12 and
701.13'' to ``applicable requirements set forth in part 715''; to add
at the ending of paragraph (a) after ``of this chapter'' the phrase
``or applicable state law, whichever requirement is more stringent.'';
and to change references in paragraph (b) from ``Secs. 701.12(e) and
701.13'' to ``Sec. 715.8''.
[FR Doc. 99-19254 Filed 7-28-99; 8:45 am]
BILLING CODE 7535-01-U