DFI-CU 73.02(4)
(4) "Director" means the director of the office of credit unions or an authorized representative of the director.
DFI-CU 73.02(5)
(5) "Financial statements" means a presentation of financial data, including accompanying notes, derived from accounting records of the credit union, and intended to disclose a credit union's economic resources or obligations at a point in time, or the changes therein for a period of time, in conformity with GAAP or regulatory accounting procedures.
DFI-CU 73.02 Note
Example: Financial statements include any of the following: balance sheet or statement of financial condition, statement of income or statement of operations, statement of undivided earnings, statement of cash flows, statement of changes in members' equity, statement of revenue and expenses, and statement of cash receipts and disbursements.
DFI-CU 73.02(6)
(6) "Financial statement audit" or "opinion audit" means an audit of the financial statements of a credit union performed in accordance with GAAS by an independent state-licensed person. A financial statement audit shall express an opinion as to whether those financial statements present fairly, in all material respects, the credit union's financial position, and the results of its operations and its cash flows, in conformity with GAAP or regulatory accounting practices.
DFI-CU 73.02(7)
(7) "GAAP" means "generally accepted accounting principles," the conventions, rules, and procedures that define accepted accounting practice.
DFI-CU 73.02 Note
Note: GAAP includes broad general guidelines and detailed practices and procedures; provides a standard by which to measure financial statement presentations; and encompasses not only accounting principles and practices, but also the methods of applying them.
DFI-CU 73.02(8)
(8) "GAAS" means "generally accepted auditing standards," as approved and adopted by the American Institute of Certified Public Accountants. GAAS apply when an independent, licensed certified public accountant audits financial statements.
DFI-CU 73.02 Note
Note: Auditing standards differ from auditing procedures in that procedures address acts to be performed, whereas standards measure the quality of the performance of those acts and the objectives to be achieved by use of the procedures undertaken. In addition, auditing standards address the auditor's professional qualifications, and the judgment exercised in performing the audit and in preparing the report of the audit.
DFI-CU 73.02(9)
(9) "Independent" means the impartiality necessary for the dependability of the compensated auditor's findings and the exercise of fairness toward credit union officials, members, creditors and others who may rely upon an audit committee report.
DFI-CU 73.02(10)
(10) "Internal control" means the process, established by the credit union's board of directors, officers and employees, designed to provide reasonable assurance of reliable financial reporting and to safeguard assets against unauthorized acquisition, use or disposition. Internal control over safeguarding of assets against unauthorized acquisition, use or disposition refers to prevention and timely detection of transactions involving such unauthorized access, use or disposition of assets which could result in a loss that is material to the financial statements.
DFI-CU 73.02(12)
(12) "Reliable reporting" means the preparation of call reports on NCUA-prescribed call report forms.
DFI-CU 73.02(13)
(13) "Reportable conditions" means a matter coming to the attention of the independent, compensated auditor which, in the auditor's judgment, represents a significant deficiency in the design or operation of the internal control structure of a credit union, and which may adversely affect the credit union's ability to record, process, summarize and report financial data consistent with the representations of management in the financial statements.
DFI-CU 73.02(14)
(14) "Report of examination of internal control over call reporting" means an engagement in which an independent, licensed, certified public accountant or public accountant, consistent with attestation standards, examines and reports on management's written assertions concerning the effectiveness of its internal control over financial reporting in its most recently filed semi-annual or year-end call report, with a concentration in high risk areas.
DFI-CU 73.02 Note
Note: High risk areas most often include lending activity, investing activity, and cash handling and deposit-taking activity.
DFI-CU 73.02(15)
(15) "State-licensed person" means a certified public accountant who is licensed by the state of Wisconsin to perform accounting or auditing services for the credit union.
DFI-CU 73.02(16)
(16) "Supervisory committee" means a committee appointed by the board of directors consisting of not less than three members nor more than five members, one of whom may be a member of the board of directors other than a compensated officer of the board that assumes the responsibilities under
s. DFI-CU 73.03.
DFI-CU 73.02(17)
(17) "Working papers" means a principal record, in any form, of the work performed by the auditor or audit committee, or both, to support its findings and conclusions concerning significant matters.
DFI-CU 73.02 Note
Example: Working papers include any of the following: the written record of procedures applied, tests performed, information obtained and pertinent conclusions reached in the engagement; proprietary audit programs; analyses; memoranda; letters of confirmation and representation; abstracts; credit union documents; reviewer's notes; schedules; and commentaries prepared or obtained in the course of the engagement.
DFI-CU 73.02 History
History: CR 02-133: cr.
Register February 2004 No. 578, eff. 3-1-04.
DFI-CU 73.03
DFI-CU 73.03
General responsibilities of the board of directors. DFI-CU 73.03(1)(1) The board of directors shall ensure that financial reporting objectives are met by management, and that management shall establish practices and procedures sufficient to safeguard members' assets.
DFI-CU 73.03(2)
(2) In meeting the responsibilities of this section, the board shall do all of the following:
DFI-CU 73.03(2)(a)
(a) Ensure that internal controls to achieve reporting objectives are established and effectively maintained. These controls shall be sufficient to satisfy the requirements of the audit, verification of members' accounts and any additional responsibilities.
DFI-CU 73.03(2)(b)
(b) Ensure that accounting records and financial reports that accurately reflect operations and results are prepared.
DFI-CU 73.03(2)(c)
(c) Ensure that relevant plans, policies and control procedures are established and properly administered.
DFI-CU 73.03(2)(d)
(d) Ensure that policies and control procedures that are sufficient to safeguard against error, conflict of interest, self-dealing and fraud are established.
DFI-CU 73.03(2)(e)
(e) Ensure that the credit union adheres to the measurement and filing requirements for the call report or any other reports requested in writing by the office of credit unions or NCUA.
DFI-CU 73.03(2)(f)
(f) Obtain an annual audit, as set forth in
ss. DFI-CU 73.04 and
73.05, which occurs at least once every calendar year or the period of performance, and covers the period elapsed since the last audit period or period effectively covered.
DFI-CU 73.03(2)(g)
(g) Ensure the verification of members' passbooks and accounts against the records of the credit union, as set forth in
s. DFI-CU 73.07.
DFI-CU 73.03(3)
(3) In carrying out the responsibilities of this section, the board may appoint a supervisory committee to oversee these responsibilities and report to the board.
DFI-CU 73.03 History
History: CR 02-133: cr.
Register February 2004 No. 578, eff. 3-1-04.
DFI-CU 73.04
DFI-CU 73.04
Audit of credit unions with total assets of $500 million or greater. To fulfill its audit requirement, a credit union having total assets of $500 million or greater shall obtain an annual financial statement audit performed in accordance with GAAS by an independent state-licensed person.
DFI-CU 73.04 History
History: CR 02-133: cr.
Register February 2004 No. 578, eff. 3-1-04.
DFI-CU 73.05
DFI-CU 73.05
Audit of credit unions with total assets of less than $500 million. To fulfill its audit requirement, a credit union having total assets of less than $500 million shall obtain an annual audit as set forth in
s. DFI-CU 73.04 or
73.06.
DFI-CU 73.05 History
History: CR 02-133: cr.
Register February 2004 No. 578, eff. 3-1-04.
DFI-CU 73.06
DFI-CU 73.06
Alternatives to financial statement audit. DFI-CU 73.06(1)(1) A credit union that is not required to obtain a financial statement audit shall fulfill its audit requirements by any one of the following methods:
DFI-CU 73.06(1)(a)
(a)
Balance sheet audit. A balance sheet audit performed by a state-licensed person.
DFI-CU 73.06(1)(b)
(b)
Report of examination of internal control over call reporting. A report of examination of internal control over call reporting performed by a state-licensed person, in which the management of the credit union specifies the criteria on which it based its evaluation of internal control.
DFI-CU 73.06(1)(c)
(c)
Supervisory Committee Guide audit. An audit performed by the audit committee, its internal auditor or any other qualified person in accordance with the procedures prescribed in NCUA's Supervisory Committee Guide. Qualified persons who are not state-licensed shall not provide assurance services under this subsection.
DFI-CU 73.06 Note
Example: Qualified person includes any of the following: certified public accountant, public accountant, league auditor, credit union auditor consultant and retired financial institutions examiner.
DFI-CU 73.06 Note
Note: A copy of the guide may be obtained by writing the Office of Credit Unions, P.O. Box 14137, Madison, WI 53714-0137.
DFI-CU 73.06(2)
(2) Upon completion of each audit, the auditor shall make a written report of the auditor's activities, findings and recommendations to the board of directors. The report shall be retained in the records of the credit union.
DFI-CU 73.06 History
History: CR 02-133: cr.
Register February 2004 No. 578, eff. 3-1-04.
DFI-CU 73.07
DFI-CU 73.07
Requirements for verification of accounts and passbooks. At least once every two years, accounts which include passbooks, statement of accounts or other account records of the members shall be verified against the records of the credit union. Any of the following verification methods may be used:
DFI-CU 73.07(1)
(1) Controlled. A controlled verification of 100% of members' share and loan accounts.
DFI-CU 73.07(2)
(2) Statistical. A sampling that includes all of the following:
DFI-CU 73.07(2)(b)
(b) A sample which is representative of the population from which it was selected.
DFI-CU 73.07(2)(d)
(d) Sufficient accounts in both number and scope on which to base conclusions concerning management's financial reporting objectives.
DFI-CU 73.07(2)(e)
(e) Additional procedures to be performed if evidence provided by confirmations alone is not sufficient.
DFI-CU 73.07(3)
(3) Non-statistical. When verification is performed by an independent state-licensed person, the auditor may choose among the sampling methods set forth in
subs. (1) and
(2), and non-statistical sampling methods consistent with GAAS, if the sampling methods include all of the following:
DFI-CU 73.07(3)(a)
(a) Sufficient accounts in both number and scope on which to base conclusions concerning management's financial reporting objectives to provide assurance that the general ledger accounts are fairly stated in relation to the financial statements taken as a whole.
DFI-CU 73.07(3)(b)
(b) Additional procedures to be performed by the auditor if evidence provided by confirmations alone is not sufficient.
DFI-CU 73.07(3)(c)
(c) Documentation of the sampling procedures used and of their consistency with GAAS. The documentation shall be provided to the director or NCUA, or both, upon request.
DFI-CU 73.07(4)
(4) Retention of records. The records of each verification of member passbooks and accounts shall be retained by the credit union until the next verification of member passbooks and accounts is completed.
DFI-CU 73.07 History
History: CR 02-133: cr.
Register February 2004 No. 578, eff. 3-1-04.
DFI-CU 73.08(1)(1)
Unrelated to officials. A compensated auditor who performs an audit on behalf of a credit union shall not be related by blood or marriage to any management employee or loan officer, or any member of the board of directors, audit committee, supervisory committee or credit committee of that credit union.
DFI-CU 73.08(2)
(2) Engagement letter. The engagement of a compensated auditor to perform all or a portion of the scope of an annual audit requirement shall be evidenced by an engagement letter. The engagement letter shall be signed by the compensated auditor and acknowledged by the audit committee, supervisory committee or board prior to commencement of the engagement.
DFI-CU 73.08(3)(d)
(d) Specify the rate of or total compensation to be paid for the audit.
DFI-CU 73.08(3)(e)
(e) Provide that the compensated auditor shall, upon completion of the engagement, deliver a written report of the audit and provide notice in writing, either within the report or communicated separately, of any internal control reportable conditions, irregularities and illegal acts which come to the compensated auditor's attention during the normal course of the audit. Notice is not required if there are no reportable conditions, irregularities or illegal acts.
DFI-CU 73.08(3)(f)
(f) Specify a target date for delivery of the written reports, such target date not to exceed 120 days from the date of the calendar or fiscal year-end audit, or period covered, unless the credit union obtains a waiver from the director.
DFI-CU 73.08(3)(g)
(g) Certify that the director or NCUA staff, or both, or their designated representatives, shall be provided unconditional access to the complete set of original working papers, either at the offices of the credit union or at a mutually agreed upon location, for purposes of inspection.
DFI-CU 73.08(3)(h)
(h) Acknowledge that working papers shall be retained for a minimum of three years from the date of the written audit report.
DFI-CU 73.08(4)
(4) If the engagement is to perform a supervisory committee guide audit, as set forth in
s. DFI-CU 73.06 (1) (c), the engagement letter shall certify that the audit shall address the complete scope of that engagement unless otherwise noted.
DFI-CU 73.08(5)
(5) If the engagement is to perform a supervisory committee guide audit, as set forth in
s. DFI-CU 73.06 (1) (c), which will exclude any item required by the applicable section of the guide, the engagement letter shall do all of the following:
DFI-CU 73.08(5)(b)
(b) State that because of any exclusions, the resulting audit alone will not fulfill the scope of a supervisory committee audit.
DFI-CU 73.08(5)(c)
(c) State that the credit union shall remain responsible for fulfilling the scope of a supervisory committee audit with respect to the excluded items.
DFI-CU 73.08 History
History: CR 02-133: cr.
Register February 2004 No. 578, eff. 3-1-04.
DFI-CU 73.09(1)(1)
Audit report. Upon completion of a written audit report, the person completing the report shall verify that the audit was performed and reported in accordance with the terms of the engagement letter. The report shall be submitted to the board of directors. A summary of the results of the audit shall be presented to the members of the credit union orally or in writing at the next annual meeting of the credit union. If a member so requests, access to the full audit report shall be provided. Upon request by the office of credit unions or NCUA, or both, the credit union shall provide a copy of each of the audit reports it receives or produces.
DFI-CU 73.09(2)
(2) Working papers. A set of working papers that supports each audit shall be prepared and maintained by the credit union or auditor, or both. Upon request by the office of credit unions or NCUA, or both, the credit union shall provide unconditional access to the working papers at the offices of the credit union or at a mutually agreeable location for purposes of inspecting such working papers.
DFI-CU 73.09 History
History: CR 02-133: cr.
Register February 2004 No. 578, eff. 3-1-04.
DFI-CU 73.10
DFI-CU 73.10
Sanctions. The office of credit unions may order an independent audit at the credit union's expense if the annual audit requirement has not been met or the office of credit unions finds an annual audit to be unsatisfactory.
DFI-CU 73.10 History
History: CR 02-133: cr.
Register February 2004 No. 578, eff. 3-1-04.
