INTERNAL CONTROL REVIEWS

Some refer to these as internal control audits. The scope of this service makes up the primary responsibility of what is expected from most internal audit functions. It includes the review and testing of internal controls within each operation of the financial institution. The audits focus first on the control environment by referencing existing policies and procedures established by management. If none exist, or have not been adequately documented, the auditor will attempt to gather that information through inquiries with management. Also, best practices as seen among many banks can be used. All these methods are used to work toward establishing a framework to assess the adequacy of the control environment for the audited area. Once the framework has been assessed by our associates, it is then tested for compliance. Weaknesses in either the framework or compliance are then summarized in a report to your management team and the Audit Committee. This report will include a rating to help management and the Board more clearly understand the control environment related to the area under audit.

What areas are audited and how often? At the beginning of any engagement, Kendrick Services will perform a risk assessment for every operational area of your institution. An example follows:

Once a risk score has been established for each area of your institution, those scores are analyzed and placed on a frequency of audits as shown below over a three year period:


The above is a simple example of determining the scope and frequency of internal operational audits. Many institutions have more complicated structures and require a more thorough look at risks, but the concept presented above is true for every institution.