OFFICE OF FINANCIAL INSTITUTIONS OFI BULLETIN BL-01-2005 (B,SB,SL) February 1, 2005 TO: THE CHAIRMAN OF THE AUDIT COMMITTEE AND CHIEF EXECUTIVE OFFICER/MANAGER OF ALL BANKS AND THRIFTS FROM: SIDNEY E. SEYMOUR, CEM CHIEF EXAMINER SUBJECT: AUDIT / AUDITOR REQUIREMENTS AND NEW EXAMINATION PROCEDURES The purpose of this bulletin is to provide additional information regarding internal and external audit requirements, clarify some common misconceptions regarding these requirements, and explain the latest auditor independence requirements. This will also detail what examiners will be reviewing in these areas at future examinations. Internal Audit Requirements In addition to an external audit, the Interagency Policy Statement on the Internal Audit Function and its Outsourcing requires every bank and thrift to have an internal audit function that is appropriate based on the size, nature, and scope of its activities. At a minimum, each institution’s internal audit function should include the following: (1) an annual control risk assessment, (2) an internal audit plan based on the risk assessment, (3) an internal audit program, (4) written audit reports, and (5) appropriate responses by management in resolving and correcting deficiencies noted in audit reports. This interagency policy states that the Audit Committee should oversee the internal audit function and evaluate its performance, as well as determine whether ...