Over the last three decades, internal audit plans of financial institutions have shifted from a model focused on deep dives of sample selections to plans based on overall risk and controls. This has allowed internal auditors to focus on the big picture and address the biggest risks first — a critical shift that has mitigated challenges presented by chronic understaffing. Furthermore, internal audit plans have been influenced by examiners setting new expectations around the regular auditing of corporate governance systems.
Corporate governance provides a structure to set shared goals between a company's management teams, shareholders and board of directors. It refers to the strategies established to reach objectives and demonstrate accountability from the top of the organization down.
Below are examples of ways to audit each level of leadership associated with a corporate governance system to ensure the strength of a financial institution's enterprise risk management:
The board
When conducting an internal audit of corporate governance systems, it's critical to review how the board is functioning, the status of policy approvals and its overall leadership performance at the financial institution. These are typically assessed through a thorough audit of board meeting minutes, which requires sufficient notes be taken at every meeting. Internal auditors will be looking for dissent or challenges from board members regarding senior management's updates or proposals. These factors will paint a picture for the auditor to discern the board's level of involvement in the financial institution's business operations and the health of the relationships amongst management.
Additionally, internal auditors will often wish to review board packets to keep tabs on the overall loan and deposit operations of the institution. When it comes to compiling these packets, the more detail that can be included the better to ensure that internal auditors can verify the accuracy of critical transaction reporting around deposits, delinquencies, liability management and more.
The C-suite
The most important aspect of the "C" level management teams to audit is their communication. In order to have an effective ERM plan in place, senior leaders across the entire financial institution need to foster ongoing communication. This communication should include updates on new and existing projects and performance reports for each area of the institution. Like the board, these communications should be thoroughly documented via minutes for the internal auditor to review.
While communication amongst each other is of high importance, proper corporate governance systems also include requirements around the management team's communication with the board and their superiors. Leaders are expected to be accountable and transparent in all conversations with board members, maintain a strong roster of leaders and competent staff, and clearly define roles and responsibilities at every level of leadership.
To help internal auditors in their review of financial transactions across the organization, "C" level leaders should consistently maintain and update all financial records related to their business focus within the institution.
Financial institutions are truly only as good and competent as those running the show. Regular internal audits of corporate governance are a great way to maintain organizational accountability, discern the effectiveness of management, and avoid major enterprise risks.