Volume 20, Issue 2, 2011
Special Issue Inside This Issue: ACUIA User Guide we highlight preferred vendors recommended by our very own members Round Two A look at upcoming online authentication changes for internet banking ACUIA Gets Social An overview of acuia’s new social media channels and how you can take advantage Member Spotlight: Dean Swensen The Standards internal auditing policies and procedures
Volume 20, Issue 2, 2011
TABLE OF CONTENTS
6 11
ON THE COVER
24
27 30
FEATURED ARTICLES
EDITORIALS
6
4 In This Issue
Round Two: Online Authentication Guidance
11 24
Cover Story
27
The Standards
ACUIA User’s Guide ACUIA Goes Social
A look at ACUIA’s new Facebook and LinkedIn pages.
Policies and Procedures
The Audit Report is the official publication of the Association of Credit Union Internal Auditors, Inc. It is published four times a year in Alexandria, VA, as a benefit of membership and circulated free of charge to ACUIA members. Executive Editor: Tabitha Ernst-Chadwick Information appearing in this publication is obtained from sources we believe to be reliable. The information may not be a complete statement of all available data and is not guaranteed as such. Conclusions are based solely on editorial judgment and analysis of technical factors and credit union industry information sources. The Audit Report is copyrighted and portions may be reprinted with the permission of the ACUIA. The Audit Report is not responsible for the contents of its advertisements and advises all members to investigate claims before making any purchases.
5 Chairman’s Message
ACUIA NEWS 30 Member Spotlight: Doug Wright 32 What’s Happening in the Forum 34 Regional News 39 ACUIA Member Application
Permission requests to reproduce written material should be sent to: 815 King Street, Suite 308, Alexandria, VA 22314, (703) 535-5757 © Copyright 2011, ACUIA. All rights reserved.
EDITORIALS
IN THIS ISSUE
This is a special issue. In addition to our recurring favorites – The Forum, The Standards, and The Spotlight - we have two great articles: news on ACUIA’s social networking strides and an IT expert’s insight on the upcoming online banking authentication guidance. The rest of the magazine is dedicated to you and your vendor needs. We asked you to tell us which vendors have given you excellent service, and we are sharing those insights with your colleagues. If you have vendor needs (as we all do), then this is the issue for you. I am excited about this issue - I work with a
by Tabitha Ernst-Chadwick, CIA, LRP, CTGA, CUCE
few fantastic vendors about which I love to brag, and they are all included in this issue. But I’m also seeking vendors for some new services, and this issue will be my first stop. I’m looking for some innovative ideas for future issues. So if there is an article you would like to see – or would like to write – please contact me. Recently a colleague sent out a group message about how Facebook was used to capture some bank robbers. That sparked some conversation in our e-mail group about how Facebook is used – not only as social networking but also as a way to find members who may
not want to be found; one of our group members suggested that this might be a good idea for a future article. So if that idea interests you, share your ideas and let me know how your credit union uses Facebook. It looks like there is going to be a good turnout at the conference this year. I am looking forward to seeing you all in Austin!
2011 BOARD OF DIRECTORS Chair Samuel Capuano, CBA, CRP, CLRO Sunmark FCU (518) 347-3156 scapuano@sunmarkfcu.org Term: 2009-2011
Director Linda Goff, CUCE
Enrichment FCU (865) 482-0045 x1201 lgoff@enrichmentfcu.org Term: 2010-2012
Vice Chair Jill Chase, CIA
Director Amy Schaefer, CUCE
Treasurer Barbara Franco, CPA, CIA
Director Geoff Meyer
WSECU (360) 754-6341 jchase@wsecu.org Term: 2011-2013
Royal CU (715) 833-7292 amy.schaefer@rcu.org Term: 2009-2011
GECU (915) 774-1718 barbara.franco@gecu-ep.org Term: 2011-2013
HVFCU (845) 463-3011 meyeg@hvfcu.org Term: 2010-2012
Secretary Dana McCranie, CBA, CUCE
Associate Director Marnie Hardebeck, CUCE
Empower FCU (315) 214-6582 dmccranie@empowerfcu.com Term: 2010-2012
4 | www.acuia.org | The Audit Report
Purdue EFCU (765) 497-7480 mhardebeck@purdueefcu.com
Associate Director Kara Giano, CIA, CIDA Golden 1 CU (916) 817-6522 kgiano@golden1.com
Associate Director Doug Wright Baxter CU (847) 522-8600 doug.wright@bcu.org
ACUIA can now be found on:
CHAIRMAN’S MESSAGE
onward
by Sam Capuano
In the past few issues, I have written about some unexpected changes within ACUIA, and some of the problems which have occurred as a result. I felt the Board of Directors owed you some explanations, and (in the case of the ListServe) even an apology. I firmly believe almost all of this is now behind us, and finally it is time to look forward. Straight ahead of course is the Annual Conference in Austin. I am quite optimistic about this for several reasons. For one, Texas’ capital city, is shall we say, unique. And they must love it that way, as they proudly sell T-shirts saying, “Keep Austin Weird.” I am quite sure having the city be infiltrated by a few hundred credit union auditors will help them in their cause. Another reason for excitement about the Austin conference is the content. Along with the usual many timely topics (and a special thanks to Dana McCranie and her committee for putting together an outstanding lineup this year), we will have a few esteemed speakers, such as CUNA President Bill Cheney and former NCUA Chair Dennis Dollar. But, what I am most excited about is we will see more of you this year. After a tough couple of years in which many credit union budgets cut out travel, we seem to be back in business attendance-wise. As I write this in early May, we already have more folks registered than in
each of the prior two years. I missed seeing some of our regulars in 2009 and 2010, and can’t wait to renew acquaintances. And to be perfectly honest, this will allow us to get some money back in our treasury, which of course allows us to provide more to all of you. One such item we can provide to you is the Interactive Audit Guide. I mentioned this in a previous column, but now we are up and running. Over the years there have been countless requests for audit programs, and our Audit Guide provides many for you to review and conform to your Credit Union. In my opinion, it is one of the best member benefits we now provide. For those of you who have not yet used the Interactive Audit Guide, go to: http://www. acuia.org/resources-iag and take a look. And feel free to send in your favorite audit program or two for inclusion, even if there is already a program for the topic. Submissions can be emailed to gbacino@acuia.org. Something else we have really put in motion over the past few months is our social networking efforts. As you are probably now aware, ACUIA has a presence on Facebook, LinkedIn, and Twitter. Last year was when I first kicked the idea around, but to be honest, really didn’t have a clue as to what or how we should go about doing it. So, at the ACUIA Strategic Planning Meeting last September, I tossed the idea to our newest Board member, Amy Schaefer (when
she wasn’t looking). That toss turned out to be one of my better ideas, as Amy quickly put together a social networking committee, and we were almost immediately on Facebook and LinkedIn. On the latter site, we currently have 72 members, and it keeps growing. Regional sub-groups have also been set up, and ideas are being shared. It’s just another way we can all communicate with each other. And just last month the committee got us up on Twitter. Follow us @theACUIA. The plan is to have continuous Tweets being sent during the Annual Conference, so those of you not able to attend can almost instantly know what’s going on down there. For those conference updates: #acuia2011. All of this is being done because not one person on your Board of Directors subscribes to the mantra, “We’ve always done it that way.” While we can certainly use our experience and learn from the past, I firmly believe our best days are ahead of us. Hope you’ll all be along for the ride.
ACUIA EXECUTIVE OFFICE ACUIA Executive Office 815 King Street Suite 308 Alexandria, VA 22314 (703) 535-5757 acuia@acuia.org www.acuia.org
“The Association of Credit Union Internal Auditors is committed to being the premier and quality provider of credit union internal audit resources.”
The Audit Report | www.acuia.org | 5
round two: internet authentication guidance Much needed guidance in this time of turmoil.
By Tom Schauer
NCUA Letter 10-CU-24 briefly appeared on the NCUA site. Then it disappeared. The letter announced new Internet Authentication guidance. The letter seems to have disappeared because the NCUA jumped-the-gun on disclosure. It seems the FFIEC wasn’t quite ready for the guidance to be mandated so they subsequently published the guidance as preliminary and open for comment. This guidance will most certainly be published as mandatory again and some Credit Unions are already positioning for compliance. As a matter of fact, TrustCC has already performed a risk assessment for a Washington State credit union using the guidance. 6 | www.acuia.org | The Audit Report
ON THE COVER
Why new guidance? Why now? Sometimes it is “best practice” to keep an eye on your enemies. And fraudsters using online banking applications are certainly a formidable enemy. Krebsonsecurity.com is an excellent site for monitoring security incidents and Krebs has done a great job tracking and analyzing online banking fraud. The facts are staggering. Attackers are primarily targeting businesses by hacking their systems, installing keystroke logging technology to steal online banking credentials, then using the credentials to commit fraud. Now similar attacks are increasingly common on consumer accounts. With the release of The Federal Financial Institutions Examination Council (FFIEC) new Online Authentication Guidance, credit unions will have to be far more diligent about information security and risk management controls in order to be compliant. The FFIEC is calling for institutions to perform better Internet Banking risk assessments to ensure that a layered security control environment exists to appropriately authenticate consumers/members utilizing electronic banking systems. In 2005, the FFIEC introduced an initial guidance for multi-factor authentication and security for online banking. Since then the criminal world has planned and executed hundreds of attacks on financial institutions. The attacks vary, but often take advantage of weak controls on member computers and weak online banking authentication techniques that are easily thwarted. The arrival of the updated guidance has been much anticipated and the draft is gaining both praise and criticism from industry members. The guidance indicates that small to mid-size financial institutions are forecasted to experience
more security threats in the coming year than ever before. At the center of the debate lies two critical questions:
• Will this new version effectively guide credit unions and bring clarity to guidance that has historically been difficult to understand and open to varying interpretations? And, • Will these new and more stringent compliance regulations be flexible enough to be implemented by credit unions of all sizes and complexity? Although it is believed that this draft will probably be amended, the fundamentals of the new online Authentication Guidance outline four areas of enhancement for credit unions’ security procedures:
• Improved risk assessments for financial institutions to gain a better understanding of how to prevent and respond to possible threats, including man-in-themiddle or man-in-the-browsers attacks, and key logger attacks (Risk Assessments must be regularly updated). • The effective and pervasive use of multifactor authentication, including techniques that are not susceptible to keystroke logging attacks. • The use of layered security controls to identify possible threats and suspicious activities. • Superior security awareness initiatives for customers/ members, including tools to help evaluate security practices. The financial services community has positively received some of the guidance revisions. The general feeling amongst
industry authorities is that the draft offers a more concrete understanding of the online threats that credit unions are facing. For example, the draft report examines the vulnerabilities that small and medium institutions may experience, such as ACH and wire fraud. Credit Unions are therefore required to be even more accountable to their members, as the Authentication Guidance explicitly outlines the threats and protective measures that need to be taken by institutions. For example, the Authentication Guidance highlights the following obligations that banks and credit unions will have to fulfill: • An
explanation of under what circumstances and through what means the institution may contact a customer/member and request the customer’s electronic banking credentials.
• A suggestion that commercial online banking customers/ members periodically perform a related risk assessment and controls evaluation. • A listing of alternative risk control mechanisms which customers/ members may consider implementing to mitigate their own risk. • A listing of institutional contacts for customers/members’ discretionary use in the event they notice suspicious account activity or experience customer information security-related events. Furthermore, internal security within credit unions will have to meet a higher standard of compliance. Examiners reported that many institutions initially adhered to the 2005 Guidance, but then failed to regularly update their risk assessments, authentication, and control
The Audit Report | www.acuia.org | 7
Credit Union security doesn’t stop at the vault.
SCA offers a full range of technology, compliance and training services that ensure your institution is safeguarded from all potential risks, guaranteeing you compliance and satisfaction. Technology Services
Compliance Services
Training Services
■■■External■System■Vulnerability■ Assessment ■■■Internal■System■Vulnerability■ Assessment ■■ASV■Certified■PCI■Scans ■■Online■Banking■Assessment ■■■Physical■Security■Assessment ■■■Social■Engineering■Tactical■ Exercise ■■Computer■Forensic■Services ■■■Virtual■Environment■ Assessment ■■Mobile■Banking■Evaluations
■■■Policy■&■Procedures■ Assessment,■Development■ and■Maintenance ■■■Third■Party■Due■Diligence■ &■Contract■Review ■■■PCI■Gap■Analysis/Readiness■ Assessment ■■■PCI■Remediation■ Assistance ■■■PCI■Validation■&■Ongoing■ Compliance ■■■Website■Compliance■ Review
■■■Information■Security■ Training ■■■PCI■–■DSS■Training■ Programs ■■■(ISC)2■CBK■Training■ Programs ■■■CISSP■Exam■Preparation■ Seminars ■■CISSP■Mentoring■Programs ■■BSA■Training■Programs
Securing Your Success Special Section
www.scasecurity.com 877-993-4472
techniques when new security threats emerged. Due to the examiners’ findings, credit unions and banks can expect far more regulatory oversight in this area. Multi-factor authentication was introduced as an attempt to provide assurance that the member conducting an electronic transaction was truly the owner (member) of the account. Multi-factor authentication is achieved when the owners provide a combination of something they know, something they have, or something they are. A debit card is a simple example of multi-factor authentication. You have a debit card (something you have) and you use a PIN (something you know). Something you “are” would involve bio-metrics (e.g., thumb print or retina scanner). Based on risk, some institutions have implemented multi-factor authentication. Techniques include tokens that generate one-time passwords that change every 60 seconds, challenge response questions, and negative confirmation techniques. Many institutions have implemented a means to help members verify they are on their legitimate online banking site through display of an avatar or picture previously selected by the member. If members don’t see the picture they selected with the name of the picture they chose, they are supposed to realize they are not on the right website. Many consumers don’t understand this control. Another critical area of focus in the draft guidance is improvements in layered security. Banks and credit unions will have to ensure that their security system is able to detect and deter suspicious activities and that there are more secure controls in place for users who have access to administrative passwords. Although this draft has received some acclaim for clarifying certain regulations and putting more pressure on institutions that are not making the effort to meet compliance regulations, experts are still
concerned that the Guidance is not clear enough for financial institutions. But what is clear is that regular security risk assessments and effective security measures need to be in place in order for credit unions to remain compliant. TrustCC recommends credit unions immediately undertake a project to update their Internet Banking Risk Assessment. The risk assessment should include:
• A summary level narrative describing the credit union’s Internet Banking System including changes in system functionality, changes to member use and adoption, and any actual incidents. The narrative should consider the incidents that have occurred at other financial institutions. • A narrative describing the Internet Banking System controls with emphasis on Authentication controls, detection of suspicious activity, and member enrollment. • A risk assessment describing
matrix
▫ ▫Threats, including those described in the NCUA guidance ▫ ▫Controls in place within the Internet Banking Layered Security Program ▫ ▫An evaluation of the sufficiency of the controls ▫ ▫Recommendations for control enhancements • A summary conclusion recommendations.
and
Once the risk assessment is complete, credit unions should begin working with vendors to enhance online banking system controls so risks are adequately mitigated. Credit unions will likely want to leverage the influence of a vendor’s user group to try and petition for the necessary enhancements. And if your vendor seems unresponsive, it is probably a good time to send out an RFP and consider a vendor change. In short, it takes just one published security incident to severely damage the reputation of a credit union. And just one incident can cost tens of thousands of dollars. Risk assessments and quality controls are not just regulatory requirements, they are business necessities.
The Audit Report | www.acuia.org | 9
CREDIT UNIONS DESERVE AN ADVANTAGE. THE WITT MARES ADVANTAGE your business is our highest
specializes
today ’s
opportunities.
health
our financial institutions team
in helping you take your organiz ation to a whole
confronting
our industry
priorit y.
challenges
and
capitalizing
new level
by
on tomorrow ’s
with the highest standards of service and integrit y, we put
k nowledge
to work for you and for the optimum
financial
of your institution .
FOR MORE INFORMATION, VISIT US ONLINE AT W W W.WITTMARES.COM OR CONTACT CR AIG ASCARI AT 804-323-0022
User’s Guide Welcome to the first ACUIA User’s Guide! As a member benefit, the User’s Guide provides the names of “preferred” vendors who serve the members of the association. While it is understood that there is no endorsement, the vendors in this guide have been recommended by active ACUIA members. As with all services, due diligence on the part of the credit union is still necessary.
Vendor List Accume Partners CastleGarde Cindrich Mahalak Clifton Gunderson DeLeon & Stang Doeren Mayhew Ferrin & Co. Firley, Moran, Freer & Eassa GlobalVision Systems IDEA/Audimation Larson Allen McGladrey Moss Adams Nawrocki Smith Nearman, Maynard, Vallez
Orth, Chakler, Murnane & Co. P & G Associates Security Compliance Associates (SCA) Schneider Downs Sciarabba Walker Sherpy & Jones Sheshunoff Information Services Smith Debnam TrustCC TWHC Vital Insight Wipfli Witt Mares Wojeski & Co. Wolf & Co.
ACUIA User’s Guide
SERVICES
Accume Partners
• • • •
•
Contact: Jay Bowman, Director Address: 341 New Albany Road, Suite 100 Moorestown, NJ 08057 Other Locations: MA, NY, NJ, PA, MD, GA, FL, CA Phone: 484-844-7132 Email: jbowman@accumepartners.com Website: www.accumepartners.com
CastleGarde, Inc
• • • •
“When we looked for partners, we found Accume to be the most appealing. After seven years with Accume, we believe we made the right choice.” – Curtis A. Baker, Chief Risk Officer, Citadel FCU
SERVICES • 12 CFR Part 748 App A&B-Compliant Information Security Programs for Credit Unions • Information Policy and Procedures • Information Security Risk Assessment (ISRA) • Website Compliance Assessment • Business Recovery Plan Development • Online Banking Assessment
Contact: Lowell Reed, VP Sales & Marketing Address: 4911 South West Shore Boulevard Tampa, FL 33611 Phone: 813-872-4844/866-751-3203 Email: lreed@castlegarde.com Website: www.castlegarde.com
“As you know, we are one of your biggest fans and recommend you to new credit unions every chance we get. You have done an excellent job, Alan!” - CEO, $227M Credit Union
SERVICES
Cindrich, Mahalak & Co.
Contact: Daniel J. Mahalak, CPA, Managing Partner Address: 31215 Jefferson Avenue St. Clair Shores, MI 48082 Other Locations: Grand Rapids, MI Phone: 586-296-1155/877-998-CMCO Email: dmahalak@cm-co.com Website: www.cm-co.com
Outsourcing/Co-Sourcing IT Internal Audits Enterprise Risk Management (ERM) Regulatory Compliance (e.g., BSA, Dodd-Frank) Technology Governance and Management - Network Vulnerability Assessment/Testing - DR/BC Management - Security/Privacy Management Mobile Banking Security Analyses Member Survey Assistance Annual Strategic Planning Assistance Fraud Investigation
• • • • • • • •
• Auditing • Consulting • Regulatory Compliance • Internal Audit Co-Sourcing Information Technology Strategic Planning CUSO Formation and Consulting Accounting Assistance Tax Preparation and Compliance Education and Training Regulatory Matters Personnel Recruiting and Placement
Daniel J. Mahalak, CPA
Special Section
summary Accume Partners has proudly served and supported credit unions since 1994. Our professionals have a deep understanding of the credit union movement, its challenging and complex regulatory requirements, as well as its products and services. We help financial institutions mitigate risks, enhance the overall control environment, achieve compliance with the latest rules, regulations and pronouncements, and improve overall operational efficiency. We have a strong working relationship with the regulatory agencies, including NCUA. Accume Partners firmly believes our role is to be proactive in educating credit union personnel on the implications of industry, accounting and regulatory changes. summary In practice since 2001, CastleGarde specializes in Information Security Programs and Information Security Risk Assessments. Currently CastleGarde supports over 130 credit unions across the country ranging in size from $5 million to over $5.4 billion in asset size. CastleGarde’s personnel have well over 100 combined years of experience serving credit unions. Our team of experts focuses on both your policy and technology risk assessment aspects of compliance with the specific regulations. Our services are founded on the belief that each client is unique, hence we offer a full spectrum of customized solutions that meet information security best practices. summary Cindrich, Mahalak & Co. is a certified public accounting firm that has been working with credit unions since 1971. This area of concentration has made us one of the largest credit union audit firms in the country. We embrace the concept of change, adapting to the ever-evolving credit union environment. We understand and obey the norms of yesteryear while continuously incorporating the technological advances of today. We are unique in that we are big enough to have the resources of larger CPA firms, but small enough to pay exceptional attention to every detail of the engagement. Our outstanding professionals provide credit unions with exceptional service on a timely basis and at a reasonable cost.
SERVICES
Clifton Gunderson LLP • • • • • • •
Contact: Bryan W. Mogensen, CPA, Assurance Partner Address: 3003 North Central Ave., Suite 500 Phoenix, AZ 85012 Other Locations: 46 offices across the country Phone: 602.266.2248 x73551 Email: Bryan.Mogensen@cliftoncpa.com Website: www.cliftoncpa.com
Bryan W. Mogensen, CPA
SERVICES
DeLeon & Stang
Contact: Allen P. DeLeon, CPA, Partner Address: 100 Lakeforest Blvd, Suite 650 Gaithersburg, MD 20877 Phone: 301-948-9825 Email: allen@deleonandstang.com Website: www.deleonandstang.com
• • • • • • • •
• Certified Audits • AUP Audits • Compliance Services • IT Services Credit Union Consulting Services PIN Security Audits Member Account Verification Risk Assessments Internal Audit Services OTTI Impairment Allowance for Loan Loss Reviews Election Ballot Services
“We’ve had problems with previous accountants, but DeLeon & Stang combines their personable approach with professionalism, diligence and efficiency. We love having them as a part of our team.” - Paul Lewis, CEO, SD Medical FCU
SERVICES
Doeren Mayhew • • • • • •
Contact: Robin D. Hoag, CPA, CMC Address: 755 W. Big Beaver Rd, Suite 2300 Troy, MI 48084 Other Locations: Houston, TX Phone: 248-244-3110 Email: financialinstitutions@doeren.com Website: www.doeren.com
• Audit • Supervisory Agreed-Upon Procedures • Consulting • Lending and Collections Consulting Regulatory Compliance Information Systems and Security Credit Union Taxation Mergers and Acquisitions Credit Union Service Organizations (CUSOs) Financial Management Efficiency and Compliance Consulting
• Certified Opinion Audit • Internal Audit Co-Sourcing • Information Technology Assurance • Lending Portfolio Review Regulatory Compliance Merger Advisory Business Valuation Enterprise Risk Management Employee Benefit Plan Audit 990/990T Tax Preparation and Compliance
summary Clifton Gunderson is a leading provider of audit and consulting services to credit unions nationwide with clients up to $22 billion in assets. Our insight and experience adds value to help you achieve your goals. With 50 years of serving credit unions, we offer deeper insight on the challenges you face. Our industry-dedicated professionals only work with credit unions, so quality service and timely response are a given, not a goal. National and local credit union associations only ask the most knowledgeable and respected firms to conduct their training and professional education. Our professionals regularly present at these events.
summary At DeLeon & Stang, we understand the regulatory and compliance challenges credit unions face and how daunting it can be to stay on top of the latest industry changes. Our specialists are dedicated to providing timely reports and continually monitor rules and regulations. In addition, we remain abreast of the latest industry updates through continuing education provided by the AICPA, MACPA and in-house training. DeLeon & Stang is the 22nd largest CPA firm in the United States serving credit unions. Our auditors are BSA/OFAC trained and have many years of experience performing these reviews, as well as other financial audits and compliance reviews.
summary Doeren Mayhew’s Financial Institutions Group has serviced hundreds of credit unions for over thirty-four years from coast to coast. Composed of professionals with in-depth credit union knowledge, each of our team members has distinctive training and experience within one or more of our ten technical specialty areas encompassing over thirty-two services.
Doeren Mayhew Partners Robin D. Hoag, CPA, CMC Robert Parks, CPA Catherine Bruder, CPA.CITP, CISA, CISM, CTGA Joseph A. Zito, CPA, MBA ACUIA User’s Guide
Do you like our User’s Guide? Let us know how we did or what we can do better on the ACUIA Facebook or LinkedIn pages.
SERVICES
Ferrin & Co.
• • • •
• • • • •
Contact: Bart Ferrin, CPA Address: PMB 503, 1905 West 4700 South Salt Lake City, UT 84118-1105 Phone: 801-840-2220 Email: ferrincpa@ferrincpa.com Website: www.ferrincpa.com
Firley, Moran, Freer & Eassa, P.C.
Contact: Mark Colombo, CPA, Principal Daniel Gilheney, CPA, Principal Address: 5010 Campuswood DriveEast Syracuse, NY 13057 Phone: 315-472-7045 Email: mcolombo@fmfecpa.com dgilheney@fmfecpa.com Website: www.fmfecpa.com
GlobalVision Systems
Contact: Andrew Ramage, Sr Account Exec Address: 9401 Oakdale Avenue Chatsworth, CA 91311 Phone: 818-998-7851 Email: aramage@gv-systems.com Website: www.gv-systems.com
Certified Financial Statement Audits Supervisory Committee Audits Members’ Verification Assistance Compliance Auditing, Including BSA Validation and ACH Audits Accounts Resolution and Troubleshooting Loan File and Lending Procedures Review Strategic Planning Internal Audit/Internal Controls Co-Sourcing Other Credit Union-Specific Assistance
Bart Ferrin, CPA
SERVICES
• Audited Financial Statements • Supervisory Committee Audits • Internal Audit Development and CoSourcing • Business and Consumer Loan Review • Bank Secrecy Act Compliance Reviews • Allowance for Loan Loss Reviews • Credit Union Service Organizations Consulting • Tax and General Business Consulting
Mark Colombo, CPA
summary Ferrin & Company, LLC is a niche CPA firm specializing in providing credit union audit and consulting services. In addition to the standard audit and attestation services, we also perform employee benefit/retirement plan audits, BSA validations and other compliance audits. Your credit union will be teamed with audit professionals who possess broad experience in credit unions and can make meaningful recommendations, resulting in efficiencies and better member service. We believe your credit union deserves the benefits of expertise, attentive service and a low fee structure from your audit firm. We are dedicated to identifying opportunities and solutions so that your credit union can serve its members with maximum effectiveness. summary Firley, Moran, Freer & Eassa, P.C., a CPA and consulting firm with over 70 professionals located in Syracuse, NY, is an independently owned member of the McGladrey Alliance. Our experience is with credit unions ranging in size from $40 million to over $1 billion. We take pride in developing long-term relationships with clients where they seek our advice on compliance, accounting, operational and regulatory matters. Our goal is to become invaluable service providers to clients and each client is important to accomplishing this goal. Our service model allows our clients to control costs, while receiving high quality and timely service.
Daniel Gilheney, CPA
SERVICES
• Anti-Money Laundering • Fraud Prevention • Bank Secrecy Act (BSA) • Regulatory Compliance • Identity Theft Red Flag (FACT Act) • Unlawful Internet Gambling Enforcement Act (UIGEA) • Anti-terrorist Financing (ATF) “With PATRIOT OFFICER, I am confident that our BSA/AML program is more efficient and reliable. The support that we have received from Global Visions staff, from the sale of the product to the implementation and now to the use of the product, has been very satisfying.” - Nancy Rice, Loss Prevention Manager, America’s First FCU, Birmingham, AL
Special Section
summary With a solid history and impeccable track record of over 15 years, GlobalVision has consistently helped customers pass regulatory examinations thousands of times with flying colors. GlobalVision’s PATRIOT OFFICER is recommended by the National Association of Federal Credit Unions (NAFCU) as the #1 BSA/AML/ ATF/FACTA/UIGEA/ANTI-FRAUD solution for credit unions. Credit unions using PATRIOT OFFICER automatically remain in compliance with the requirements in the BSA/AML Examination Manual published by The Federal Financial Institutions Examination Council (FFIEC). GlobalVision has over 1,000 financial institution clients worldwide including hundreds of credit unions across the nation.
IDEA/Audimation Services,
SERVICES
• I DEA® – Data Analysis Software and Inc. Supporting Technologies • CaseWare™ Monitor – Risk and Controls Monitoring Solution • Professional Services – IDEAScript Development, Importing and Data Analysis • Learning Events – Public and On-Site Training, Seminars and IDEA User Groups
“We are pleased with IDEA. I firmly believe that our work product has improved by us being able to perform “exception auditing” on entire populations of data vs. our previous sampling techniques.”
Contact: Joanne Koonce-Hamar Address: 1250 Wood Branch Park Drive, Suite 480 Houston, TX 77079 Phone: 888-641-2800 Ext. 2009 Email: info@audimation.com Website: www.audimation.com
- Jerry A. Hedrick, Jr., CFE, Director, Corporate Audit, Vectren Corporation
SERVICES
LarsonAllen • • • • • •
Contact: Dean Rohne, Principal Address: 220 South Sixth Street, Suite 300 Minneapolis, MN 55402-1436 Other Locations: Throughout the U.S. Phone: 800-657-4477/(cell) 507-438-2001 Email: drohne@larsonallen.com Website: www.larsonallen.com
•
summary The LarsonAllen Financial Institutions Group is a leader in providing accounting, tax, audit and consulting services to financial institutions. We actively shape the future of the financial institutions industry through our involvement in trade and professional organizations, and by developing long-term relationships with you. So whether analyzing your financial results or assessing your competition, we understand the challenges you face and we will be there for you when you need us.
“LarsonAllen continues to be a committed Strategic Partner of SPIRE Credit Union in all phases of our auditing and consulting services. In this fast-changing environment, it is absolutely critical that we have a team at LarsonAllen that we can depend on for expertise, quality and timely advice.” – Dan Stoltz, President/CEO, SPIRE CU
SERVICES
McGladrey
Contact: Mike Mossel, Managing Director Risk Advisory Services Address: 801 Nicollet Ave., Suite 1100 West Minneapolis, MN 55402 Other Locations: Nationwide Phone: 661-286-2119 Email: mike.mossel@mcgladrey.com Website: www.mcgladrey.com/Banking
• Opinion Audits • Internal Audit Assistance • Fraud Investigations and Bond Claims Product Profitability Analysis Merger and Acquisition Loan Portfolio Analysis Nonprofit Returns - 990s Asset Liability Management Information Security Services - Network Penetration Testing - Internal Vulnerability Assessment - Incident Response and Forensics Executive Search
summary As the U.S. distributor of IDEA® - Data Analysis Software and CaseWare™ Monitor, Audimation Services helps clients maximize their technology investments by providing support, consulting services, learning events and other valuable resources. IDEA is a powerful and userfriendly tool designed to help accounting and financial professionals extend their auditing capabilities, detect fraud and meet documentation standards. CaseWare™ Monitor is a sophisticated risk and controls monitoring solution that allows business, risk and control professionals, and auditors to quickly and confidently monitor any automated system. For a free demonstration CD of IDEA, contact sales@audimation.com.
• • • • • • • • •
• Audit Solutions (through McGladrey & Pullen) • Internal Audit • Enterprise Risk Information Security Information Systems Planning & Selection Regulatory Compliance Assessment Regulatory Compliance Program Web Site Compliance Assessment Business Continuity Planning Business Process Improvement Merger and Acquisition Delivery Channel Optimization “Great knowledge of regulatory and compliance environment, regardless of audit area, including effective knowledge transfer to our staff. Extremely knowledgeable about our industry and environment.”
– Credit Union CEO ACUIA User’s Guide
summary RSM McGladrey provides a comprehensive range of consulting services including enterprise risk assessments, information security, strategic technology planning, regulatory compliance, internal audit, business process improvement, tax services, merger consulting, Supervisory Committee guide audits and other advisory services to the credit union industry. Through an alternative practice structure, McGladrey & Pullen LLP offers audit and attest services. McGladrey is the brand under which these companies serve nearly 600 credit unions nationwide through nearly 90 offices. We are committed to the credit union industry and understand your goals and challenges. Let us show you the power that comes from being understoodSM.
Moss Adams LLP
• • • Contact: Travis Pettyjohn, Senior Manager Address: 601 W. Riverside Ave., Suite 1800 Spokane, WA 99201 Other Locations: California, Washington, Oregon, New Mexico, Arizona Phone: 800-888-4065 Email: creditunions@mossadams.com Website: www.mossadams.com/cu
• • • • •
SERVICES
Nawrocki Smith LLP • • • • •
Contact: Lauren Agunzo, Partner Address: 290 Broad Hollow Road Melville, NY 11747 Phone: 631-756-9500 Email: lagunzo@nsllpcpa.com Website: www.nsllpcpa.com
Nearman, Maynard, Vallez, CPAs, P.A.
Contact: Chris Vallez, Partner Address: 10621 N. Kendall Drive, Suite 219 Miami, FL 33176 Other Locations: Atlanta, GA Phone: 800-288-0293 Email: info@nearman.com Website: www.nearman.com
SERVICES • Opinion and Supervisory Committee Audits • Internet Security Assessments/ Penetration and Vulnerability Testing BSA/AML Compliance Examinations Internal Audit Outsourcing Merger Implementation and Due Diligence Consulting Member Business Lending Implementation, Training, and Loan Review Regulatory Compliance Examinations Profitability Enhancement Consulting UBIT Tax Planning EDP Audits
• R isk Assessments and Internal Audit Plan Development • Regulatory Compliance Audits • Financial and Operational Audits Branch Audits Fraud and Forensic Audits Informational Technology Audits Consulting and Advisory Services Training Services “In working with Nawrocki Smith we get a partnership and relationship with professionals who are very knowledgeable about the Credit Union industry. We have tremendous accessibility to every member of the engagement team and they have helped make our business better.”
summary Moss Adams LLP provides accounting, tax, and consulting services to credit unions and other middle-market public, private, and not-for-profit enterprises in a wide array of industries. Founded in 1913, Moss Adams is the 11th largest accounting and consulting firm in the United States, and the largest headquartered in the West. We are currently ranked in the top five for audit firms in terms of total credit union assets audited, and top 10 in terms of the number of credit unions audited. Serving our clients from 20 locations with more than 1,700 professionals, including over 230 partners, we recognize that when it comes to service, one size doesn’t fit all.
summary Nawrocki Smith LLP is a regional public accounting firm with offices in Melville, New York. It is comprised of six partners and approximately fortyfive associates and support staff, and services a diverse clientele throughout the Eastern United States. Nawrocki Smith has extensive experience in providing internal audit services to credit unions. We have highly trained internal audit professionals to meet the demand of this very important and time-sensitive function. We work with various institutions on either a cosource or an outsource basis.
– William O’Brien, Suffolk FCU
SERVICES
• Certified Audits • Supervisory Committee Audits • Pension Plan Audits • Internal Auditing and Co-Sourcing • Compliance Reviews • Bank Secrecy Act Audits (BSA) • ACH Audits
“Nearman, Maynard, Vallez, CPAs, PA has continually delivered us quality services. Their 30 years of experience specifically in the credit union industry attests to their professionalism and integrity.” - Supervisory Committee,1st Advantage FCU
Special Section
summary Established in 1979, Nearman, Maynard, Vallez, CPAs P.A. provides auditing and consulting services exclusively to credit unions throughout the United States. Our dedication to the credit union industry has given us the unique ability to provide exceptional service at a reasonable price. Our primary objective is to assist our clients in accomplishing their goals using our experience, service and commitment. Also, we have aligned our firm with other top professionals in the fields of information technology and taxation to offer a full array of services.
SERVICES
Orth, Chakler, Murnane & Company CPAs • • • • • • • •
Contact: Douglas Orth, Managing Partner Address: 12060 SW 129th Court, Suite 201 Miami, FL 33186-4582 Other Locations: Charlotte, NC; Dallas, TX Phone: 305-232-8272/888-676-3447 Email: dorth@ocmcpa.com Website: www.ocmcpa.com
“We have been clients of OCM for approximately 10 years and I can say with confidence that the professionalism and responsiveness of OCM far surpasses other firms we have dealt with in the past. This firm is a true pleasure to work with in addition to being very thorough and helpful.” - MJ Coon, SVP/CFO, Ent FCU
•
summary P&G Associates is a leading service provider of risk management and outsourced internal audit solutions for credit unions and community financial institutions since 1991. P&G operates in New York, New Jersey, Florida and Illinois, and is dedicated exclusively to the financial services industry. P&G utilizes a proprietary risk-based assessment audit model and customized, turnkey audit approach to design an effective risk management program to suit the needs of your institution. P&G’s Outsourced Internal Audit services cover the full range of activities, including: Lending Operations and Compliance, Deposit Operations, Regulatory Compliance, Information Technology, Financial Reporting, Branch Operations and Trust Activities.
• • • • • • • • • •
SERVICES • Policy and Procedures Review, Development and Maintenance • External Assessment Internal Assessment Online Banking Assessment PCI Compliance Services Social Engineering Physical Security Computer Forensics Third-Party Due Diligence Review Website Compliance Review Information Security Training CISSP Mentoring
summary Because cybercrime is prevalent and network security is ever evolving, Security Compliance Associates offers a business solution that makes sense from both an economical and practical standpoint. SCA has developed an all-encompassing program that allows for credit unions to comply with NCUA Regulations pertaining to “safeguarding member information.” SCA guarantees compliance as well as client satisfaction. Although credit unions may elect a la carte services, which satisfy compliance on individual levels, the SCA full program is intended to alleviate all information security concerns. Hundreds of credit union clients have benefited from what some examiners call the finest information security program that they have seen.
•
•
SCA
(Security Compliance Associates)
Contact: Rick Woods, Business Development Address: 2727 Ulmerton Road Clearwater, FL 33762 Phone: 727-571-1141 Email: rwoods@scasecurity.com Website: www.scasecurity.com
summary OCM is a public accounting firm that specializes in providing auditing and consulting services for the credit union industry. We currently serve over 200 credit unions and CUSOs in approximately 30 states. Each of the firm’s partners has relevant auditing and consulting experience in the credit union industry ranging from 20 to over 30 years. Every audit and consulting engagement is given priority treatment by our partners. Your staff will not have to train our auditors. We understand the professional needs of our clients and have tailored our audit process to provide superior personal service that is objective, comprehensive and helpful.
SERVICES • Outsourced Internal Audit • Regulatory Compliance - Risk Assessment - Bank Secrecy Act/AML Review Information Technology - Risk Assessment - Security Testing - Policy and Procedures Review Credit Risk Management: - Loan Review - Quality Control Program: Residential Mortgages Enterprise Risk Management
P & G Associates
Contact: Amit Govil, Partner Address: 646 Highway 18 East Brunswick, NJ 08816 Other Locations: Chicago, IL; Miami, FL Phone: 877-651-1700 Email: whatsyourrisk@pgcpa.com Website: www.pandgassociates.com
• Financial Statement Opinion Audits • Pension Plan Audits • Internal Audit Services • Quality Assurance Reviews (QARs) BSA Compliance Audits ACH Compliance Audits Business Loan Reviews Information Technology Reviews Allowance Loan for Losses Methodology Reviews Preparation of 990/990T and CUSO Tax Returns Merger Due Diligence Educational Conferences and Training
ACUIA User’s Guide
Schneider Downs, Inc. • • • • • Contact: James B. Yard, Internal Audit Shareholder Address: 1133 Penn Avenue Pittsburgh, PA 15222 Other Locations: Columbus, OH Phone: 412-697-5200 Email: jyard@schneiderdowns.com Website: www.schneiderdowns.com
SERVICES • Internal Audit Outsourcing • Internal Audit Co-Sourcing • SOX Assistance Quality Assurance Review Data Mining and Analysis Fraud Risk Assessment Information Technology Audit Information Security Assessment
“Schneider Downs has been a very important partner in the development and maturity of our Enterprise Wide Risk Management Program. The staff is professional, knowledgeable and a pleasure to work with.” - Joe Ghammashi, CRP, CRISC Chief Risk Officer, Corporate One FCU
SERVICES
Sciarabba Walker & Co., LLP
• Financial Statement Audits
• • • •
• S upervisory Committee Procedure Audits Fraud Procedures ACH and BSA/OFAC Audits Internal Controls Procedures Customized Agreed-Upon Procedures
Contact: Andrew Lundeen, Audit Manager Address: 200 East Buffalo Street, Suite 402 Ithaca, NY 14850 Other Locations: Cortland, NY Phone: 607-756-0073 Email: ael@sciarabbawalker.com Website: www.sciarabbawalker.com
Sherpy & Jones PA
Contact: Todd Sherpy, Partner Address: P.O. Box 2599 Lexington, SC 29071 Other Locations: Atlanta, GA Phone: 803-356-3327 Email: rts@sherpy-jones-law.com Website: www.sherpy-jones-law.com
summary Schneider Downs offers risk-based internal audit and risk advisory service options to ensure compliance, mitigate uncertainties and keep inefficiencies from eroding your bottom line. We work hand-in-hand with your audit committee and primary auditor on risk and control strategies to fully leverage internal audit and minimize compliance/audit costs. Our firm has offices in Pittsburgh, Pennsylvania and Columbus, Ohio. Visit us online at www.schneiderdowns.com, or call either 412-261-3644 (Pittsburgh) or 614-621-4060.
SERVICES
• Legal and Regulatory Compliance • Due Diligence • Compliance Auditing • Compliance Training • Collections
Todd Sherpy, Partner
Special Section
summary Sciarabba Walker & Co., LLP is an independent, regional, accounting and business-consulting firm based in Ithaca, New York. Our firm has a core group of professionals dedicated to serving the specific needs of credit unions. We are members of the AICPA and Association of Credit Union Internal Auditors and regularly attend national conferences to stay abreast of best practices and changes in the industry. Sciarabba Walker offers a wide range of management, accounting, and financial reporting services for credit unions. We strive to deliver practical, workable solutions that help you achieve your management objectives.
summary Legal and regulatory compliance, due diligence, on-site staff and volunteer training, and audits: Sherpy & Jones works with a pool of nearly 600 credit unions to provide day-to-day compliance assistance, vendor due diligence resources, forms, training and operations resources via our online resources, and constant guidance on ever-changing laws and regulations. We take pride in the practical perspective our lawyers bring to credit unions. We spend a substantial amount of time onsite at credit unions, with volunteers and credit union staff, which reflects on our straightforward approach to the services we offer.
PRODUCTS
Sheshunoff Information Services
Print and Online Materials for Legal and Regulatory Compliance: • Compliance Expert • Online Credit Union Training • First Line of Defense • Credit Union Compliance Calendar “I had the regulators in my credit union [in my office] and a review copy of the Wall Street book on my desk. One of the examiners picked it up, looked through it, and said, ‘I’m glad you are staying on top of all this.’ Sign me up!”
Contact: Francesca Dugger, Director of Sales Address: 4120 Friedrich Lane, Suite 100 Austin, TX 78744 Phone: 800-456-2340 Email: customer.service@sheshunoff.com Website: www.sheshunoff.com
- Michelle J., Compliance Officer, credit union
SERVICES
Smith Debnam Attorneys at law
• • • •
“Frank Drake has been an excellent resource for our credit union for over a decade, assisting us not only with advice on complicated member issues, but also with periodic policy review, contract negotiation and training. His insight is invaluable, his responses are timely, and he is very versatile.”
Contact: Frank Drake Address: The Landmark Center 4601 Six Forks Road, Suite 400 Raleigh, NC 27609 Phone: 919-250-2109 Email: fdrake@smithdebnamlaw.com Website: www.smithdebnamlaw.com
summary Smith Debnam was established in 1972 with a simple, straightforward goal: to solve the legal problems of our clients. Featuring one of the largest and most effective Creditors’ Rights practices in the Southeast, our firm represents everyone from national businesses and leading financial institutions to local firms and individuals. Our team members have extensive experience with credit unions and always look for innovative ways to resolve to legal issues. We believe that effectively solving our clients’ problems begins with a true understanding of our clients themselves. This means being available, easy to talk to and responsive to their needs.
- Tabitha Ernst, Marine FCU
TrustCC • • • • • • Contact: Tom Schauer Address: 3800A Bridgeport Way #542 University Place, WA 98466 Phone: 866-290-6774 Email: tschauer@trustcc.com Website: www.trustcc.com
• Creditors’ Rights and Collections • Secured and Unsecured Lending • Bankruptcy (creditor side) • Regulatory Compliance Transactional Law Creditors’ Defense Replevin Training and Speaking
summary Sheshunoff Information Services has been serving the information needs of financial institution professionals for more than 30 years, leading the market with its step-bystep, plain-English guidance for regulatory compliance and financial institution operations and management publications. Sheshunoff publishes books, newsletters, training courses, online libraries, audio conferences, webinars and work solutions by the country’s leading financial institution experts. Our product line covers leading titles on financial topics from regulatory compliance to information security, including Pratt’s Letter, Risk Assessments for Financial Institutions, and A Practical Guide to the Wall Street Reform and Consumer Protection Act, just to name a few.
SERVICES • IT Security Assessments/ Vulnerability and Penetration Testing Social Engineering IT Compliance Review Premium IT Audit IT Audit Co-Sourcing GLBA Risk Assessment FFIEC Guidance Audits “Wow, I can only say thank you. If you need any references that will tout your ‘exceptional service’ give out my name.”
- SVP and IT Manager ACUIA User’s Guide
summary TrustCC provides security assessments and IT audits to credit unions throughout the United States. Our methodologies are scalable and flexible to meet the needs of every size financial institutions. Our team consists of former examiners, systems administrators and information security officers, and team members have an average of 15 years experience in information technology. It has been our pleasure serving the ACUIA and its members.
NEED A PARTNER WITH ADVICE FOR TODAY AND SOLUTIONS FOR TOMORROW. As the financial institution landscape changes, it has never been more important to have a trusted advisor who understands your business and cares about your values. Wipfli CPAs and Consultants take your success personally, working by your side to find customized solutions that align with your goals and needs. Let their power of focus become an asset for you.
Š20 2011 | Wipfliwww.acuia.org LLP All Rights Reserved
| The Audit Report
800.486.3454 WipfliFIPractice@wipfli.com
www.wipfli.com
TWHC
Turner, Warren, Hwang & Conrad • •
Contact: Kian Moshirzadeh, Partner Address: 100 N. First Street, Suite 202 Burbank, CA 91502 Other Locations: San Francisco, CA Phone: 818-954-9700 Email: cpa@twhc.com Website: www.twhc.com
• • • • • • • •
SERVICES
Vital Insight • • • • • •
Contact: Tom Scanland, SVP Operations Address: 8127 Mesa Drive Austin, TX 78759 Phone: 512-547-5035 Email: tscanland@vitalinsight.com Website: www.vitalinsight.com
• E nterprise Risk Management (ERM) education and training for - Senior Management - Board of Directors - Supervisory Committee Enterprise Wide Risk Assessments Detailed Process Risk Assessments IT General Controls Review ERM Program Review Comprehensive ERM Software Solution Ongoing ERM Program Mentoring/Quality Assurance
summary Established in 1987, TWHC is a fullservice accounting firm providing topnotch professional services to over 100 credit unions. Due to our reputation for superb technical expertise, unmatched value and excellent responsiveness, TWHC is often retained to conduct audits and provide consulting services for larger credit unions, whose needs are particularly complex. In 2010, Callahan & Associates ranked TWHC #1 in growth. Today, TWHC is ranked as the fifth largest provider of credit union audit services in the United States in terms of client asset size.
summary Vital Insight is dedicated to providing best-of-breed ERM software and services to the credit union movement. Whether providing enterprise-wide, top-down risk assessments, detailed process-level deep dives or a comprehensive and powerful software solution, Vital Insight is the credit union’s choice for ERM.
“Vital Insight’s approach to educating senior management and the Board of Directors on why ERM is needed and the benefits it brings our credit union is something unique in the credit union world. Coupling that with their onsite enterprise-wide risk assessment services is a great combination for any credit union looking to get their ERM Program moving forward.”
– Mike Goodman, EVP Support Services, Redstone FCU
SERVICES
Wipfli
Contact: Maureen Fassbinder, JoAnn Cotter Address: 8665 Hudson Blvd North, Suite 200 St. Paul, MN 55042 Other Locations: Minnesota, Wisconsin, Illinois (multiple cities in each state) Phone: 651-766-2853 (Maureen) 920-662-2804 (JoAnn) Email: mfassbinder@wipfli.com jcotter@wifpli.com Website: www.wipfli.com
SERVICES • Opinion Audits • Internal Audits • ACH Audits BSA Audits PIN Encryption and Key Management Audits Information System Audits Pre-Merger Due Diligence Audits Tax Planning and Tax Preparation Management Transition Assistance Forensic Audits Supervisory Committee Seminars CUSO Development NACHA Audits
• • • • • •
• Internal Audit • Regulatory Compliance • Risk Assessment • Information Technology Loan Review Strategic Advisory Services Secondary Market Quality Control Financial Statement Audits Accounting Assistance Tax Services “I just wanted to drop you a quick note to express my appreciation for your professionalism and comprehensive support with our compliance and accounting functions. I wanted you to know that the choice to go with Wipfli was an outstanding decision.”
- Financial Institution client, St. Paul, MN
ACUIA User’s Guide
summary Wipfli LLP’s Financial Institutions practice provides accounting and consulting services to clients across the upper Midwest and beyond. Our practitioners include certified internal auditors, certified compliance specialists, former financial institution personnel, former regulators, certified trust auditors, loan review specialists, operations specialists, certified information technology specialists and licensed certified public accountants regionally recognized for their knowledge and expertise. We offer a full range of audit and consulting services, including attestation and risk management services.
A part of your team.
SETTING THE STANDARD IN CREDIT UNION PROFESSIONAL SERVICES AUDITING SERVICES • Certified Audits • Supervisory Committee Guide Audits • Pension Plan Audits • Internal Audit Co-Sourcing & Outsourcing OPERATIONAL SERVICES • Policy/Procedure Reviews • ATM Balancing/Training • Charter Conversion Analysis • Interim CEO/CFO Services COMPLIANCE SERVICES
• • • •
BSA/OFAC Compliance Reviews NACHA Compliance Audits ATM/TG-3 Compliance Reviews
Nearman, Maynard, Vallez, CPAs, P.A. is a national CPA firm, serving credit unions throughout the United States. Dedicated to the credit union industry for 30 years, we work with our clients to find solutions to their immediate concerns and help with long-term strategic decisions that will shape the future of the credit union. Our commitment to credit unions has given us the unique ability to provide exceptional service at a reasonable price. 100% of our clients are credit unions or credit union related organizations. Our primary objective is to assist credit unions in accomplishing their goals through our commitment, experience, and service. This objective is achieved through the quality of our audit, the rapport established with our clients, and the value added features we bring to the business partnership. Accomplishing these objectives is what sets our firm apart from other CPA firms.
Website Compliance Reviews
22 | N.www.acuia.org The AuditFL Report 10621 Kendall Dr, Suite|219, Miami, 33176 Tel 800.288.0293
www.nearman.com
info@nearman.com
PRODUCTS
Witt Mares, PLC • • • • • • • •
Contact: Harvey L. Johnson, CPA, Manager Address: 701 Town Center Drive, Suite 900 Newport News, VA 23606 Other Locations: Norfolk, Williamsburg, Richmond and Fairfax, VA Phone: 757-627-4644 Email: hjohnson@wittmares.com Website: www.wittmares.com
summary For more than 30 years, Witt Mares has provided accounting, tax and advisory services for financial institutions. As one of our core industry specialties, financial institutions have been a foundation of our business. Our Financial Institutions Team consists of highly experienced professionals with deep industry knowledge and a commitment to providing exceptional client service. From start up de novo institutions looking to grow, to more complex multibillion dollar institutions looking for a higher level of expertise, we provide a full range of services.
Harvey L. Johnson, CPA
SERVICES
Wojeski & Company CPAs, P.C.
• • • • • • • • •
Contact: Thomas J. O’Donnell, Partner Address: 75 Troy Road East Greenbush, NY 12061 Phone: 518-477-1102 Email: todonnell@wojeskico.com Website: www.wojeskico.com
• Financial Statement Audits • Supervisory Committee Audits • ACH Compliance Audits • BSA/OFAC Compliance Audits Website Compliance Audits Internal Auditing Services Consulting/Accounting Assistance Mergers Due Diligence Forensic Accounting Supervisory Committee, Board of Dir. Training Membership Confirmation/Verification Mail Ballot Elections “Wojeski’s knowledge of the credit union industry, their proactive approach to emerging issues and their responsiveness to our questions throughout our relationship has been outstanding. In short, we’ve had a great experience with Wojeski & Company and I would recommend them to any credit union seeking a trusted business partner.” - Shawn Hayes, President/CEO, Ticonderoga FCU
Wolf & Company, P.C. • • • •
Contact: John J. Leonard, CPA, Principal Address: 99 High Street, 21st Floor Boston, MA 02110 Other Locations: Springfield, MA; Albany, NY Phone: 617-261-8126 Email: jleonard@wolfandco.com Website: www.wolfandco.com
• Financial Statement Opinion Audits • Supervisory Committee Audits • Certified ACH Audits • Bank Secrecy Act Audits Internal Loan Reviews Asset/Liability Management Reviews Audits of Risk-based or Indirect Lending Programs Branch and Operational Audits QAR (Quality Assurance Reviews) Employee Benefit Plan Audits IT Reviews and Assessments Enterprise Risk Management Reviews WolfPAC®
• •
SERVICES
• Annual Financial Statement Audits • Internal Audits • Merger and Acquisition Due Diligence • Member Account Verification Information Technology Assurance Regulatory Compliance Consulting CUSO Formation and Tax Return Preparation Unrelated Business Income Tax Return Preparation for State-Chartered Credit Unions Review of Deferred Compensation Plans for Credit Union Management Employee Benefit Plan Audits “Mr. Leonard’s knack for explaining in plain language how changes in one area of the financial report affect other areas is easily understood and thorough. His level of client service outweighs most external audit firms I’ve dealt with and the audit team he deploys onsite is very professional, knowledgeable and friendly.”
- Ana Foret, Service CU
ACUIA User’s Guide
summary Wojeski & Company CPAs, P.C. is an accounting, tax and consulting firm that provides a wide range of financial, accounting and technology services. As trusted advisors with a reputation built on technical excellence, we provide extraordinary, personal and timely client service. Our team of knowledgeable and experienced professionals provides fresh thinking, new perspectives and solid solutions to yield value and results. With expertise in many financial and business specialties, we are able to service a diverse group of businesses, institutions and individuals. While our firm enjoys a broad client base, credit unions represent a central focus of our practice.
summary Wolf & Company’s financial institution practice is one of the largest in New England, providing assurance, tax, risk management and business consulting services to over 200 institutions. As we enter our second century, Wolf clients can expect direct involvement from our owners and senior management, as well as responsive service from a multidisciplinary team. With clients ranging from de novo to $10 billion in assets, our collaborative service strategy enables us to develop a deep understanding of our clients and their business needs so that we may maximize opportunities while navigating any potential obstacles.
acuia joins the social media world comment
like
share
By Amy Schaefer connect ACUIA Social Media Committee Chair Senior Internal Auditor at Royal Credit Union in Eau Claire, WI
You can now keep up to date with ACUIA events, discussions, and announcements through Facebook and LinkedIn.
24 | www.acuia.org | The Audit Report
This article explains how ACUIA will take advantage of these additional media outlets, why you would want to use them, tips on navigating the ACUIA social media pages, and who is monitoring the page content.
FEATURE ARTICLE Facebook and LinkedIn are another means to connect and “network” with colleagues throughout the world to ask questions, obtain information, expand your knowledge, and discover new learning opportunities.
What are LinkedIn and Facebook and why would I want to use it?
Besides the fact that your colleagues and family will think you are “cool,” “hip,” and “groovy” for using LinkedIn and Facebook, there are other reasons to use them:
Used to connect with past and present colleagues, to discover job opportunities, to stay associated with organizations such as ACUIA, IIA, college alumni associations, etc. To create a LinkedIn account, go to: www.linkedin.com
Used to connect with friends and family and to follow companies and organizations that are important to you. To create a Facebook account, go to: www.facebook.com
LinkedIn What is the purpose of the ACUIA LinkedIn and Facebook pages?
Will be used to post upcoming events, such as chapter, regional, annual meetings, and webinars. Members can post questions on the discussion board and read credit union related news feeds on the main Discussion page. We have created a LinkedIn subgroup page for each ACUIA Region. The Regional Directors, Chapter Coordinators and regional members can post discussions, advertise regional/chapter events, etc.
Will be used as a marketing tool to obtain new members, advertise events such as conferences, meetings, and webinars. In addition, the Social Media Committee will post pictures from regional meetings and conferences beginning with 2011 events.
If I have pictures to post from an ACUIA event, who should I send them to? Pictures can be submitted to Ellen Simpson, Social Media Committee Member, of University Federal Credit Union, Austin, Texas, via email to either:
esimpson@ufcu.org
-or-
esimpson@gmail.com
How can I join the LinkedIn and Facebook pages? Go to ACUIA’s homepage www.acuia.org and click on the Facebook and LinkedIn icons on the right side of the screen. If you do not already have personal Facebook and LinkedIn pages you will need to create them before you are able to join the ACUIA pages.
The Audit Report | www.acuia.org | 25
FEATURE ARTICLE How do I navigate the LinkedIn and Facebook pages?
If you would like to receive daily or weekly emails of the activity on the page (this includes new discussions, postings to a question you posted, new events, etc.) select “More”-->“My Settings” to set up the frequency and email address you would like to use to receive the digests.
To set or change email notification settings, select “Account” from upper right corner --“Account Settings” -->“Notifications.”
Utilize the tabs directly underneath “Association of Credit Union Internal Auditors (ACUIA)” to move between sections of the page. Events will be posted under the “Promotions” tab.
Utilize the menu options found on the left side of our Facebook page to view discussions, events, and photos.
We are currently holding a contest to see which Region will have the most ACUIA Members join their Region’s LinkedIn subgroup page. To join your Region’s subgroup page, select “More”-->“Subgroups,” click on your region and click “Join Group.” If you are unsure which region you are in, go to http://www.acuia.org/regions.
What are the Terms of Use for the LinkedIn and Facebook pages? Members of the ACUIA’s LinkedIn/Facebook group are encouraged to share information and experiences, network with peers, and ask questions about ACUIA, the credit union industry and internal audit profession. If you are looking for or have a job position available, please visit the ACUIA Job Forum at http://www.acuia.org/ job-forum. Group moderators will ban members who display inappropriate behavior such as explicit sexual, racist, defamatory, or other socially unacceptable behaviors.
Who are the Group Moderators? ACUIA has a Social Media Committee that is made up of members from each region and is listed below. The committee’s role is to monitor the activity on the pages, contribute to discussions, and post events and announcements on the pages. We are currently in need of a committee member for Region 5. If you are interested, please contact me at amy. schaefer@rcu.org.
26 | www.acuia.org | The Audit Report
name
credit union
region email
Amy Schaefer, chair
Royal CU
3
amy.schaefer@rcu.org
Clyde Weiss
SELCO Comm Credit Union
1
cweiss@selco.org
Timothy Sanchez-Brown
Sandia Laboratory FCU
2
tsanchez-brown@slfcu.org
Ellen Simpson
UFCU
4
esimpson@ufcu.org
Paul Szabo
1st Advantage FCU
6
pszabo@1stadvantage.org
Adam Buro
Northwest FCU
6
aburo@nwfcu.org
If you are having problems accessing or navigating the LinkedIn or Facebook pages, you can send an email to SocialMedia@acuia.org. I check this email account weekly.
THE STANDARDS
ACUIA NEWS
policies & Procedures
By Pat Richey, CFE, NCCO, CTGA
In our credit union Internal Audit department, the first thing we do when we start an audit is review the policies and procedures for the function being audited and determine if the policies/procedures are accurate and complete. Then we verify that the function is operating in compliance with its policies and procedures.
Almost every audit report includes recommendations for updating policies and/or procedures. For the Operations Administrative Assistant responsible for keeping the 84 documents that make up the Operations Procedures manual up-to-date, it is a never-ending job. But what about policies and procedures for the Internal Audit activity? International Standards for the Professional Practice of Internal Auditing 2040 (Standards) states that the Internal Audit activity should have policies and procedures to guide internal auditors. However, there are no set requirements. It is up to each audit activity to determine what is needed for the nature of its work.
The Audit Report | www.acuia.org | 27
ACUIA NEWS Related Practice Advisory 20401 states that small departments may be managed informally through daily, close supervision and memoranda outlining procedures. However, I am the Director of a small department (myself and Staff Auditor) and I have a very extensive set of procedures which I have collected into a 2-volume Audit Procedures Manual. Our Credit Union gave up hard-copy manuals ages ago and so did Internal Audit. Internal Audit’s electronic procedures manuals are on the Credit Union’s network, but accessible only to Internal Audit, similar to our workpapers.
Technolog y is our most powerful friend; everything we need and could possibly want to know is at our fingertips.
I think procedure is an issue of business continuity (or specifically Internal Audit continuity) and systematic training. I developed our procedures in the form of a step-bystep training manual, which I use when training new Staff Auditors. Also, the procedures would serve as a roadmap for someone stepping into my shoes should I get hit by the proverbial bus or win the lottery. Along with the procedures manual, we have an Audit Programs Manual which has all of our audit programs sorted by Credit Union function, and we have an Audit Report Manual which has 20 years worth of audit reports in audit report number (chronological) order. The 2 procedures manuals, the audit programs manual, and audit reports manual are the foundation of our department.
Organization Manual The procedures manual assumes the reader knows nothing about credit unions, our Credit Union in particular, or internal auditing. The 1st volume of the Audit Procedures Manual is our Organization Manual – everything a credit union Internal Auditor needs to know about the credit union industry and our Credit Union before the auditor can even start thinking about auditing. We include information about NCUA and the trade associations - background information on resources available to internal auditors to assist with the audit work. Internal Auditors must be peoplepersons, so the Manual walks the reader through the Credit Union’s organization chart. Since we are a small organization (150 employees), I expect auditors to know all the employees in the Credit Union, their positions, functions, and supervisors as soon as possible. Technology is our most powerful friend; everything we need and could possibly want to know is at our fingertips. The Manual includes a walk through all of the Credit Union systems used by or of-interest to Internal Audit. The sooner a new Internal Auditor learns these systems the sooner the Auditor can get up to speed. The Organization Manual includes a walk through the financial statements and how to read members’ accounts, the administrative functions/tasks procedures that are non-audit related, and a section on governance – procedures related to the Board of Directors and Supervisory Committee. Audit Procedures Manual The 2nd volume of our Procedures Manual is the “everything you always wanted to know about internal auditing but were afraid to ask” manual (most of you are too young to know what I
28 | www.acuia.org | The Audit Report
am referring to). This volume is a walk through the Standards and how those Standards are implemented in our department. The volume starts off with the IIA Code of Conduct and Ethics and our Internal Audit Charter, which could be considered our Audit Policy. However, we have another document in our procedures - an agreement between and signed by the CEO/President and the Supervisory Committee as to how audits will be conducted and reported, management’s responsibilities for responding to reports and implementing agreed-upon recommendations, and audit follow-up procedures. The Manual includes expectations for quality assurance and professional proficiency, audit job descriptions, the risk assessment and related procedures, audit plan development procedures, monitoring/tracking of audit plan results, audit report template and reporting procedures, and follow-up database. As you can see we have collected everything needed for an effective audit department in our set of manuals. The procedures are quite detailed, nothing left to the imagination. However, is it up-to-date? Like management, we do our best to keep procedures up to date, but I realized as I wrote this article that we had changed follow-up procedures somewhat and perhaps the follow-up related documents need some tweaking. From a business continuity planning and training perspective, do you have your procedures up-to-date? The procedures are not required to be collected in a manual as we have done, but they should be easy to locate, selfexplanatory, and up-to-date.
AVENIR congratulates ACUIA on 25 excellent years! | Business Development Programs | Innovative Marketing Strategies | Designed specifically to meet the needs of professional service organizations.
www.mya venir.com
The Audit Report | www.acuia.org | 29
MEMBER SPOTLIGHT
by Tabitha Ernst-Chadwick
Dean Swenson In this Issue we have the pleasure of getting to know Dean Swenson, General Auditor at Wings Financial Credit Union and the new ACUIA Region 3 Director.
Tell us about yourself Dean. I have been the General Auditor of Wings Financial Credit Union for over five years, where I work out of the credit union’s headquarters in Apple Valley, MN. I have been happily married for seventeen years to my wife, Tami. Together we have two daughters, Riley (14) and Olivia (11). I spend a majority of my free time driving my two daughters to their activities - soccer, volleyball, dance, golf, music lessons, and colorguard. In my spare time I enjoy golfing, watching baseball and soccer, attending plays and musicals with my wife, and playing cards with friends.
What about your educational background? I have an Associates in Arts Degree from Inver Hills Community College and a Bachelor of Arts Degree from Augsburg College in Minneapolis, MN.
Do you have any certifications? If so, how have they enhanced your career? I am a CPA, having kept my license active even though I am no longer in public accounting. Having this certification, or any certification for that matter, has given the opinions and suggestions I present to
management a higher level of acceptance. The certification shows that I have the appropriate experience and knowledge to make such recommendations.
Tell us about your audit career. How did you become involved in auditing? I have been in auditing for almost eighteen years. The first twelve plus years were in public accounting where I specialized in not-for-profit organizations. The remaining time has been as the general auditor for Wings Financial. I originally chose the accounting field as a major in college as a way to avoid writing reports. Oddly enough, writing reports is the majority of what I do now. From my first accounting class, I found that I loved the problem solving that comes with performing reconciliations and trying to figure out better ways to do things. The idea of becoming an auditor began for me after my first auditing class. This was enforced when I was able to work with the external auditors of Augsburg College as part of my college work study.
What have you found to be the most useful tools in streamlining audit processes, enhancing efficiencies, and making audit a value-added service? Technology would be an easy answer to this question. I have come to the belief that the effectiveness of an internal
30 | www.acuia.org | The Audit Report
audit department is significantly based upon a supportive Senior Management Team - a Senior Management Team that believes that internal audits are a valuable part of a credit union’s success and not a regulatory requirement.
FUN FACTS ABOUT Dean Favorite sports teams: Minnesota Twins
Favorite snack food: Jelly Beans
Favorite Vacation Destination: Walt Disney World, the happiest place on earth!
Favorite Author: Vince Flynn
Favorite acuia conf. location: Boston
unknown fact:
I have a collection of over 120 baseballs signed by current and former Minnesota Twins.
ACUIA NEWS
When the staff of the credit union accepts the internal audit department as a partner in the success of the credit union and not as an adversary whose only purpose is to find mistakes, the performance of audits and the presentation of audit recommendations becomes less defensive and more accepted by management.
Over the years you’ve been involved in auditing, how has the industry changed? Having a computer in the field for the first audits I worked on was considered to be a luxury. One improvement over the years I have come to appreciate is the ability to retrieve documents and reports through an optical system that can be accessed from any branch site. The on-site and clean-up time for audits has been greatly reduced for me since I no longer need to go back in the field to retrieve a document or have to rely on the regular mail system to have the document sent. The security issue of sending member sensitive documents or reports via email has also been eliminated by this service.
What do you know now that you wish you would have known coming into the industry?
internal auditors are being asked to take on responsibilities, such as compliance or risk management, due to budgetary concerns. These additional responsibilities are in fact operations in nature and impede upon the auditor’s independence. Unfortunately, there is no easy answer to this challenge.
What advice would you give to a new auditor just entering the field? Use your mind and don’t rely solely on the audit program. Audit programs are a guide and are not meant to cover everything. If something doesn’t feel right, chances are it is not. In many cases, the best tool is common sense. So don’t be afraid to ask questions and remember to not settle for a response that you don’t think answers your question. I also recommend that all auditors read Conspiracy of Fools by Kurt Eichenwald. It is an excellent book about the rise and fall of Enron written in the form of a novel and not as a text book. Throughout the story you see the obvious judgment errors and abuses made by all levels of management. Some of those decisions were immediately questioned but no follow up was ever performed or the follow up that was performed didn’t address the concerns raised.
Tell us about your involvement in ACUIA and how it has been beneficial. I became a member of ACUIA when I started at Wings over five years ago. Austin, TX will be my sixth conference. The training offered at the National Conference and Regional meetings has helped me greatly in gaining an understanding of the financial institution industry and in making the transition from external auditing to internal auditing. That is one reason I wanted to join the ACUIA National Conference committee. I stopped going to the AICPA Conference for Credit Unions and started attending the region meetings because I realized that they provided more of what I needed for a fraction of the cost.
What volunteer opportunities have you embraced in the organization and how has that enhanced your membership? I have recently accepted the position of Region 3 Director. I also started serving on the National Conference committee this year. Thanks Dean! We enjoyed getting to know you!
I wish I had taken a typing class and learned to type with more than two fingers.
What are the major challenges you feel the industry faces today and how can internal auditors overcome those challenges?
do you know a member who should be featured in our member spotlight?
One challenge that I see for internal auditors is their ability to remain independent. Some of the main traits an internal auditor can bring to an organization are independence and integrity. In too many cases,
Please email Tabitha Ernst-Chadwick at acuia@acuia.org with your nominations.
The Audit Report | www.acuia.org | 31
What’s Happening On the forum
by Warren Whiteoak, CUCE
Summary of Recent Discussions on the ACUIA Forum Question:
Do you permit cash advances on Corporate Credit cards?
Answer:
Even though some did, the consensus was that policy was silent on the matter. The purpose of the column is to summarize the discussions on
ACUIA’s
Forum.
The
Forum is being used more
Question:
Is it ethical to allow employees to earn frequent flier miles and rewards points on their credit cards used for business travel?
Answer:
and more every day. So go to
Most respondents saw nothing wrong with it but agreed that policy did not really address it.
www.acuia.org and see what your peers are discussing and join in. If you are a Compliance guru you might want to check out CUNA’s COBWEB Listserv; just go to the web site www.cuna.org under the Regulations & Compliance tab. Some of the topics they have discussed lately are Regulation Z Appraisal Independence; SARs on cash over/short; allowing the same CPA firm do your BSA review and your financial audit; mailing of members’ receipts; retention period for member statements; filing CTRs for shared branching; OFAC on vendors; ACH Risk Assessment; required BSA annual training; and Board financial literacy training policy. I hope to see all of you at the Annual Conference. The line up of speakers is awesome. Stop by and say hello.
Question:
Who approves loan modifications?
Answer:
Most respondents stated this approval was done by the collection officer; in one case it was the VP of Lending. In only one instance did the approval require the sign-off by two loan officers.
Question:
At what point is an account coded dormant?
Answer:
The majority of respondents stated it was after 12 months of inactivity.
Question:
Do you allow members to change their addresses online?
32 | www.acuia.org | The Audit Report
Answer:
All respondents said yes via Home Banking since it is a secured environment.
ACUIA NEWS
Question:
An auditor wanted to know if members’ checks over a certain dollar amount are reviewed for proper signature, endorsement, and agreement between the written and numeric dollar amount.
Answer:
All respondents stated no.
Question:
Do you share your Audit Plan with the Board of Directors or Management?
Answer:
Some respondents do not share, while others share with the CEO, one with the Board Chair, and two with Senior Management.
Question:
Service. Experience. Insight.
Does anyone confirm closed accounts?
Answer:
Four respondents do; two others do not - instead they test the documentation on file to close the account.
DeLeon & Stang has served credit unions for over 25 years. We pride ourselves on an intricate knowledge of the specific issues that credit unions face on a daily basis. Our CPAs can provide you insights to your most complex challenges and, in the process, eliminate your headaches and risks. In the end, DeLeon & Stang provides solutions to help credit unions achieve longevity and prosperity through increased profitability and confidence in the marketplace.
Question:
For a complete listing of our credit union services, please call 301-948-9825.
Is the Compliance function part of Internal Audit?
Answer:
The majority responded no. One respondent quoted the Institute of Internal Auditors Standards “…Internal Audit should not accept responsibility for non-audit functions…”
Question:
Question:
Do you review employee accounts and activity?
What audit software are you using?
Answer: It was a tie; three respondents did and three did not review employee accounts. Some receive a special report on employee accounts specifying share and loan interest rates, due dates and loan balances, and NSF data year-todate and month-to-date.
Answer: The responses included software such as IDEA, TeamMate, Adobe Professional, Word, Excel, and Auto Audit. One respondent was using various applications on IPAD- welcome to the future. See the Forum for more details on what is being used by your peers. Also, I am sure there will be a few software vendors at the annual conference.
The Audit Report | www.acuia.org | 33
ACUIA NEWS
REGIONAL NEWS REGION 1 Director Julie Wilson Internal Auditor, iQ CU juliew@iqcu.com
in Apple Valley, MN, which is only 15 minutes away from the Mall of America. A great array of topics is scheduled for the meeting with the final schedule planned to be available at the National Conference in Austin, TX. I will be at the conference so look for me if you have any questions regarding Region 3.
No news for Region 1; contact Julie for regional information.
REGION 4
REGION 2
Director Claudia Rodriguez, CFE
Audit Manager, Arizona State CU margaret.chamberlain@azstcu.org
The Region 4 Meeting planning is in the works. We will have a 2-day meeting in San Antonio, Texas on August 25-26, 2011 (tentative date). I just recently visited the city to find the best location for our meeting this year. The location is great, convenient, and perfect for shopping! Hope to see you there!
Director Margaret Chamberlain
The 2011 Region 2 Meeting is tentatively scheduled for October 6th and 7th. Feel free to contact me if there are any specific topics or speakers you would like to see on the agenda. If any Region 2 members are attending the annual conference and would like to participate in a social event please let me know at your earliest convenience.
GECU Internal Audit claudia.rodriguez@gecu-ep.org
REGION 5
Director Lorraine Heneka MBA, NCCO
Director of Internal Audit, Hudson Valley Federal Credit Union henel@hvfcu.org
REGION 3
Director Dean Swenson
General Auditor, Wings Financial FCU dswenson2@wingsfinancial.com
The Region 3 meeting has been scheduled for September 21st through the 23rd. The meeting will be held at Wings Financial Credit Union 34 | www.acuia.org | The Audit Report
Our regional meeting this year will be held October 3rd and 4th. As soon as I have the location confirmed, I will send an email with the details. If you have suggestions for topics or speakers, please contact me at henel@hvfcu.org. I look forward to meeting up with all Region 5 members who will be at the annual conference. See you in Austin!
ACUIA NEWS
NYC Chapter News, by Warren Whiteoak The NY Chapter held its quarterly meeting recently at Quorum FCU. There were about ten of us in attendance. Mike Garcia, the former auditor at Quorum showed up to let us know what an auditor does after retirement. We had a lively discussion which took most of the morning and included automated work papers, wire transfers, business lending, quality control, suspicious activity tools, audit software, SAS 70 reports, recent NCUA exams, and directors’ financial literacy. Any auditors or Supervisory Committee members in the New York City metropolitan area wishing for more information about the chapter should contact Warren Whiteoak at wwhiteoak@progressivecu.org.
REGION 6 Director Lora Worthy, CUCE Internal Audit Manager, Marine FCU lworthy@marinefederal.org
I am thankful spring has finally arrived and we can shed those winter coats and bulky sweaters and get ready to enjoy those sunny-season conferences. Plans for the Region 6 meeting are underway. The 2 ½ day meeting is scheduled for September 28th – 30th in Orlando, Florida. We are busy working on the agenda and lining up speakers. So far, speakers include Jack Greenburg of Clifton Gunderson LLP, Dave Miller of D2 Security, and Richard Chambers, President of the IIA. Since we are still in the early stages, you still have time to contact me with any suggestions for speakers or specific topics. So mark your calendars and I hope to see all of you there.
GOT QUESTIONS? Contact your regional director to find out the latest on region news and events.
The Audit Report | www.acuia.org | 35
ACUIA NEWS
REGION Directors Region 3
Region 1
Region 5
Dean Swenson dswenson2@wingsfinancial.com
Julie Wilson juliew@iqcu.com
Lorraine Heneka, MBA, NCCO henel@hvfcu.org
Region 6
Lora Worthy, CUCE lworthy@marinefederal.org
Region 2
Margaret Chamberlain margaret.chamberlain@azstcu.org
Region 4
Claudia H. Rodriguez, CFE claudia.rodriguez@gecu-ep.org
chapter coordinators California Chapter
New York City Chapter
Carolina Chapter
St. Louis Chapter
Indiana Chapter
Tennessee Chapter
Minnesota Chapter
Utah Chapter
Kara Giano kgiano@golden1.com
contact these volunteer leaders and get involved in local ACUIA activities.
Roger Holcomb roger.holcomb@sharonview.org
Patricia Richey, CFE, NCCO, CTGA prichey@fcfcu.com
Van Sprenger, NCCO, CIA vsprenger@toplinecu.com
36 | www.acuia.org | The Audit Report
Warren Whiteoak, CUCE, CFSA wwhiteoak@progressivecu.org
Shashawnee D. Newhouse shewhouse@firstcommunity.com
Mark Jenkins mjenkins@tvacreditunion.com
Randy Manscill, CIA, CFE, CFSA rmanscill@americafirst.com
ACUIA NEWS
ACUIA SELECT (as of June 1, 2011)
Benefactor Level ($5,000)
Sponsor Level ($4,000)
Supporter Level ($2,500)
ACUIA Select will give you exposure to the most qualified decision makers in this field, differentiating your company from others and significantly enhancing your visibility. If you have questions about joining ACUIA Select, please contact the Executive Office at (703) 535-5757.
The Audit Report | www.acuia.org | 37
Orth, Chakler, Murnane & Company, CPAs “Reaching New Heights”
Partners Douglas J. Orth, CPA, CFE Hugh Chakler, CPA, CISA, CITP, CFE John J. Murnane, CPA
Our partners and managers work on-site, providing direct access to our most experienced professionals.
We provide free telephone support and advice throughout the year.
The 2nd Annual OCM Supervisory Committee Conference will take place on October 19 - 21, 2011, in Dallas, Texas. Please see our roster of speakers and relevant topics at http://www.ocmcpa.com
Daniel C. Moulton, CPA James A. Griner, CPA Lori J. Carmichael, CPA
Services provided by our firm
Opinion Audits
Office Locations
Pension/401(k) Audits
Miami, Florida
CUSO Audits
Charlotte, North Carolina
Internal Audit - Co sourcing/Outsourcing
Dallas, Texas
Information Technology Audits
(We currently serve credit unions in 28 states)
ACH, BSA/OFAC, ATM PIN Audits
Credit Union and CUSO tax services
12060 SW 129th Court - Suite 201 Miami, FL 33186 Phone: (888) 676-3447 Fax: (305) 232-8388 www.ocmcpa.com
38 | www.acuia.org | The Audit Report
Membership Application
January 1, 2011 – December 31, 2011
For additional memberships, make copies of this application; go to the website at www.acuia.org to download the form or to apply online.
Payment Processing Center 815 King St., Suite 308, Alexandria, VA 22314 Toll Free (866) 254-8128 – Fax (703) 683-0295
Source: AR0210
Credit Union Information
Credit Union: ______________________________________
Website: __________________________________
Credit Union CEO: _________________________________
Toll Free Number: ______________________________
Address: _________________________________________
State: ________________
DP Firm: __________________________________________
Audit Firm: _____________________________________
ZIP: __________________
Membership Options Regular (Internal Auditor) ___$200 One Internal Auditor Member
Supervisory/Audit Committee ____$100 per Supervisory/Audit Member
___$300 Two or Three Internal Auditor Members ___$400 Four Internal Auditor Members ___$100 Each Additional Auditor Beyond Four
Primary Member Information
Privacy Information: Do not include my name in the ACUIA Directory ଠ
First Name: ________________________
Last Name: _______________________
Suffix:
Title: _____________________________
Phone Number: ____________________
Extension:
Fax Number*: ______________________
Email address*:
2nd Member Information
Privacy Information: Do not include my name in the ACUIA Directory ଠ
First Name: ________________________
Last Name: _______________________
Suffix:
Title: _____________________________
Phone Number: ____________________
Extension:
Fax Number*: ______________________
Email address*:
3rd Member Information
Privacy Information: Do not include my name in the ACUIA Directory ଠ
First Name: ________________________
Last Name: _______________________
Suffix:
Title: _____________________________
Phone Number: ____________________
Extension:
Fax Number*: ______________________
Email address*:
4th Member Information
Privacy Information: Do not include my name in the ACUIA Directory ଠ
First Name: ________________________
Last Name: _______________________
Suffix:
Title: _____________________________
Phone Number: ____________________
Extension:
Fax Number*: ______________________
Email address*:
*Fax and/or email will be used for member communications.
Payment Information Payments to ACUIA are not deductible as charitable contributions for federal income tax purposes. However, they may be deductible under other provisions of the Internal Revenue Code. Federal Tax ID # 39-1666875
ଠ Credit Card (Circle One) VISA
MasterCard
ଠ Check or Money Order Enclosed #: ____________________
Discover
Card Number: ____________________________________ Expiration Date: ____________ Security Number: __________ (3 – 4 digit number on back)
Cardholder Name: _________________________________ Cardholder Address: _________________________________ Authorized Signature: ______________________________________________ Date: ______________________________ The Association of Credit Union Internal Auditors (ACUIA) collects credit card information to make it easier for you to sign up for membership, as well as pay for other services. ACUIA does not use or share credit card information for any other purpose. We retain such information as is needed for standard accounting record keeping requirements. Every step is taken to protect the loss, misuse, and alteration of the information under our control. If you prefer, please use a check or money order to make any necessary payments. Payments to ACUIA are not deductible as charitable contributions for federal income tax purposes. However, they may be deductible under other provisions of the Internal Revenue Code.
Time For A Fresh Perspective?
Expertise refined by over 34 years of credit union focus. Our professionals have distinctive industry experience in an array of technical specialty areas delivering a single source of vast resources.
¡ External Auditing ¡ Internal Audit Co-Sourcing ¡ IT Assurance ¡ Lending Portfolio Reviews ¡ Mergers & Valuations ¡ Regulatory Compliance
248.244.3110 financialinstitutions@doeren.com Offices In Michigan and Texas Serving Credit Unions Nationwide