Credit unions: Supervisory committee audits and verifications,

[Federal Register: July 29, 1999 (Volume 64, Number 145)]

[Rules and Regulations]

[Page 41029-41040]

From the Federal Register Online via GPO Access [wais.access.gpo.gov]

[DOCID:fr29jy99-5]

NATIONAL CREDIT UNION ADMINISTRATION

12 CFR Parts 701, 715 and 741

Supervisory Committee Audits and Verifications

AGENCY: National Credit Union Administration.

ACTION: Final rule.

SUMMARY: The Credit Union Membership Access Act amended certain audit and financial reporting requirements of the Federal Credit Union Act. The National Credit Union Administration has received and reviewed public comments on its proposed rule implementing those amendments. As revised to reflect commenters' suggestions and to enhance clarity, the final rule specifies the minimum annual audit a credit union is required to obtain according to its charter type and asset size, the licensing authority required of persons performing certain audits, the auditing principles that apply to certain audits, and the accounting principles that must be followed in reports filedwith the NCUA Board.

DATES: Effective January 1, 2000.

FOR FURTHER INFORMATION CONTACT: Karen Kelbly, Program Officer, Office of Examination and Insurance at (703) 518-6360, or Steven W. Widerman, Trial Attorney, Office of General Counsel, at (703) 518-6557, National Credit Union Administration Board, 1775 Duke Street, Alexandria, VA 22314-3428.

SUPPLEMENTARY INFORMATION:

  1. Background

    1. Credit Union Membership Access Act

      Section 201(a) of the Credit Union Membership Access Act (CUMAA), Public Law 105-219, 112 Stat. 918 (1998), added two new subsections to section 202(a)(6) of the Federal Credit Union Act (FCUA), 12 U.S.C. 1782(a)(6)(C) and (D). Subsection (C) addresses accounting principles, generally requiring credit unions having assets of $10 million or more to follow generally accepted accounting principles (GAAP) in all reports or statements filedwith the NCUA Board.\1\ 12 U.S.C. 1782(a)(6)(C). The NCUA Board, and State credit union supervisors under applicable statutes, are given the authority to require credit unions having less than $10 million in assets to follow GAAP. 12 U.S.C. 1782(a)(6)(C)(iii).

      \1\ In lieu of GAAP, the NCUA Board may prescribe ``an accounting principle * * * that is no less stringent than [GAAP].'' 12 U.S.C. 1782(a)(6)(c)(ii).

      Subsection (D) imposes audit requirements for large federally- insured credit unions--those having assets of $500 million or more. A credit union at or above that level of assets, whether State-or Federally-chartered, is required to obtain an annual independent audit of its financial statements performed in accordance with generally accepted auditing standards (GAAS)--hereinafter referred to as a ``financial statement audit.'' Furthermore, that audit must be performed by an independent certified public accountant or public accountant licensed to do so by the appropriate State or jurisdiction. 12 U.S.C. 1782(a)(6)(D)(i). For a breakdown of State-licensing requirements for persons who perform audits, see proposed rule, 64 FR 777n.2.

      A federally-chartered credit union having total assets of less than $500 million but more than $10 million is subject to only one requirement under subsection (D). If that credit union elects to obtain the financial statement audit required of a credit union having assets of $500 million or more, the audit must be performed consistent with the accountancy laws and licensing requirements of the appropriate State or jurisdiction. 12 U.S.C. 1782(a)(6)(D)(ii). The appropriate State or jurisdiction normally is the State in which the credit union is principally located.

      Subsection (D) imposes no minimum audit requirements at all on federally-chartered credit unions having total assets of less than $500 million but more than $10 million that do not voluntarily elect to obtain a financial statement audit performed in accordance with GAAS (as credit unions having assets of $500 million or more must obtain under subsection (D)(i)). See Sec. 715.2(f) (GAAS definition). Only in the case of a financial statement audit performed in accordance with GAAS, whether by choice or by law, do State accountancy laws and licensing requirements apply.\2\ Subsection (D) is silent regarding audits of federally-chartered credit unions having assets of $10 million or less, and Federally-insured State-chartered credit unions (FISCUs) having assets of less than $500 million.

      \2\ FCUA section 202(a)(6)(D)(ii), 12 U.S.C. 1782(a)(6)(D)(ii), provides: If a Federal credit union that is not required to conduct and audit under clause (i), and that has total assets of more than $10,000,000 conducts such an audit for any purpose, using an independent auditor who is compensated for his or her audit services with respect to that audit, the audit shall be performed consistent with the accountancy laws of the appropriate State or jurisdiction, including licensing requirements.'' (emphasis added.) ``Such an audit'' refers back to ``an audit under clause (i)'' of section 1782(a)(6)(D). A clause (i) audit is a financial statement audit performed in accordance with GAAS. The clause (ii) requirement to follow State accountancy and licensing laws is triggered only when a credit union voluntarily chooses a financial statement audit.

      With respect to financial statement audits, the threshold set by subsection (D) at $500 million for requiring a financial statement audit puts federally-insured credit unions in parity with other federally-insured depository institutions. The institutions supervised by the Federal Deposit Insurance Corporation, the Office of Thrift Supervision, the Office of Comptroller of the Currency and the Federal Reserve Board are required to obtain a financial statement audit if they have assets of $500 million or more.\3\ 12 CFR 363. For institutions having assets of less than $500 million, the Federal Financial Institutions Examination Council (FFIEC) has proposed audit options similar to two of those which this final rule prescribes for credit unions. FFIEC, Policy Statement on External Auditing Programs of Banks and Savings Associations, 63 FR 7796 (Feb. 17, 1998) (FFIEC Policy Statement).

      \3\ The statute authorizing 12 CFR 363, originally established a $150 million asset floor for requiring a financial statement audit. 12 U.S.C. 1831m(j)(2). However, the banking agencies exercised their statutory authority to increase the asset floor to $500 million, thereby exempting two-thirds of all institutions required under Sec. 1831m to obtain a financial statement audit. 12 CFR 363.1(a) 58 FR 31332 (June 2, 1993).

    2. Proposed Rule

      On January 6, 1999, NCUA published a Notice of Proposed Rule, 64 FR 776 (Jan. 6, 1999), establishing new part 715 to implement the statutory minimum audit requirements imposed by

      [[Page 41030]]

      CUMAA, 12 U.S.C. 1782(a)(6) (C) and (D); to provide supervisory committee audit alternatives for credit unions which are not required to obtain a financial statement audit; and to retain in substance the current rules relating to Supervisory Committee audit responsibilities, verification of accounts, independence of outside auditors, the requirement of an engagement letter, audit report and workpaper maintenance and access, and sanctions and remedies for inadequate audits. Secs. 701.12 and 701.13. In addition, the proposed rule revised section 741.6 [financial and statistical and other reports] to change certain Call Report filing dates and to introduce the use of GAAP in Call Reports filedby credit unions having $10 million or more in assets. Finally, the proposed rule conformed the citations in section 741.202 to apply part 715 to Federally-insured State-chartered credit unions. See 12 U.S.C. 1781(b)(9), 1789(a)(11) (authority for application to FISCUs).

      By the comment deadline of March 8, 1999, NCUA received thirty-one comments in response to the Notice of Proposed Rule. Comments were submitted by eleven Federal credit unions, seven credit union industry trade associations, seven certified public accounting or auditing firms, two auditing industry trade associations, two unlicensed credit union auditors, an association of state credit union supervisors, and one banking industry trade association.

      Except for the latter group, the comments generally support NCUA's interpretation of the statutory ``financial statement audit'' requirement and, in concept if not in detail, all three of the audit engagements proposed in the rule as alternatives to a financial statement audit--a balance sheet audit; a ``review and evaluation of internal controls over Call Reporting'' (renamed and redefined in the final rule); and an audit pursuant to NCUA's Supervisory Committee Guide.\4\ Predictably, licensed individuals opposed provisions of the rule allowing unlicensed persons a role in the credit union auditing process. Conversely, unlicensed individuals were grateful that NCUA preserved their role in the process. The comments are analyzed generally in section II. immediately below, except that comments of the internal auditing industry and banking industry trade associations are addressed separately in section II.I.

      \4\ NCUA anticipates issuing the revised Supervisory Committee Guide in late 1999.

  2. Section-Within-Subject Analysis of Comments

    1. Definitions

      Section 715.2 establishes definitions for the terms that are used in part 715, nearly all of which are virtually identical in form and substance to their predecessors in current Sec. 701.12(a). Several commenters suggested revisions to the proposed definitions as follows.

      ``Balance sheet audit.'' One commenter suggested that the ``balance sheet audit'' definition, Sec. 715.2(a), should prescribe GAAP as a basis of accounting for this engagement. The definition has been revised to provide that a credit union which obtains a ``balance sheet audit'' engagement shall use as a basis of accounting the same basis of accounting used in its Call Reports. Effectively, this means that credit unions which have $10 million or more in assets will be required to use GAAP as a basis of accounting for this engagement. See Sec. 741.6(b) (requiring credit unions having assets of $10 million or greater to follow GAAP in Call Reports).

      ``Compensated person.'' Two commenters objected to the definition of a ``compensated person,'' Sec. 715.2(b), because it expressly omits individuals or firms who are compensated to perform only one supervisory committee audit per year. The omission is intentionally designed to exempt from this rule persons who are not in the business of auditing credit unions, but who are modestly compensated by a single credit union to perform its annual supervisory committee audit. NCUA remains committed to ensuring that such one-time audit engagements do not trigger the requirements of this rule.

      ``Financial statement .'' One commenter strongly urged deleting the ``statement of assets and liabilities that does not include members'' equity accounts'' from the definition of ``financial statement'' Sec. 715.2(c), because that statement is rarely used and is of little benefit to the financial statement reader. NCUA agrees and has amended the proposed definition accordingly.

      ``Independent person.'' Two commenters pointed out that the interchangeable use of the terms ``independent person'' and ``independent auditor'' throughout the proposed rule was confusing. Thus, the final rule retains ``independent person'' and omits ``independent auditor.'' Two commenters urged that the terms ``independent'' and ``independence'' be redefined either to parallel the GAAS definition of ``independence'' as it applies to State-licensed persons, or to otherwise incorporate the GAAS definition to some extent.\5\ To define ``independence'' as GAAS does would have the unintended effect of limiting the auditing of Federal credit unions to State-licensed individuals. NCUA is committed to enabling both licensed and unlicensed persons to satisfy its ``independence'' definition, so that both may have a role in auditing credit unions. Regardless of NCUA's definition, licensed persons already would be required under State law to comply with GAAS independence rules. The proposed definition of ``independence,'' Sec. 715.2(g), is no less stringent than the GAAS definition, and may in certain circumstances be more stringent.

      \5\ See 1 AICPA, AICPA Professional Standards AUSec. 220.02 (1997) (GAAS definition of ``independence'').

      ``Qualified person.'' Although not defined in the proposed rule, the term ``qualified person'' is used throughout as the minimum standard for persons who may perform certain audit engagements although they are not State-licensed. Four commenters suggested expressly defining a ``qualified person.'' NCUA declines to add such a definition because the proposed rule already identifies persons who would be qualified to perform an audit under the Supervisory Committee Guide, e.g., a certified public accountant, public accountant, league auditor, credit union auditor consultant, retired financial institutions examiner. Sec. 715.7(c). It is the responsibility of the Supervisory Committee to apply its judgment within given guidance to determine who is a ``qualified person.''

      ``Report on examination of internal control over Call Reporting.'' The proposed rule referred to this engagement as a ``review and evaluation of internal controls over Call Reporting.'' An auditing industry trade association suggested that the proper term of art for this engagement is an ``examination,'' not a ``review,'' and should be subject to attestation standards. NCUA agrees and has renamed this engagement a ``Report on the examination of internal control over Call Reporting'' and is redefining it consistent with attestation standards.\6\ Sec. 715.2(j). See discussion of Sec. 715.7(b) infra.

      \6\ In the final rule, 715.7(b) provides that a ``Report on examination of internal control over Call Reporting'' may be performed only by a ``State-licensed per.'' See discussion of Sec. 715.7(b) infra.

      ``State-licensed person.'' The proposed definition of ``State- licensed person'' refers to a ``person who is licensed by the State or jurisdiction where the credit union is located . . . .''

      [[Page 41031]]

      Sec. 715.2(k). One commenter insists that this definition departs from CUMAA because it is not as specific or restrictive as the statute provides. In fact, the definition in the rule mirrors the language of CUMAA. Compare Sec. 715.2(k) and 12 U.S.C. 1786(a)(2)(D). Another commenter suggested replacing the word ``located'' with the word ``headquartered'' to address instances where a credit union has multiple branches and overseas locations. This point is well taken. To eliminate confusion as to where a person must be licensed, NCUA is replacing the term ``located'' with the term'' principally located'' throughout the final rule. See, e.g., Secs. 715.4(b), 715.5(a), 715.6(a) and (b), 715.7(a) and (b).

      ``Supervisory committee audit.'' One commenter objected that the last sentence of the proposed definition of a ``supervisory committee audit''--which had provided that a financial statement audit ``fulfills the requirements of a `supervisory committee audit' ''--is redundant and outside the scope of a definition. Sec. 715.2(m). This sentence has been eliminated in view of the fact that the point it makes is expressed elsewhere in the rule. See, e.g., Sec. 715.4(b).

      ``Working papers.'' NCUA staff determined that the phrase ``by the independent, compensated auditor'' at the end of the definition of ``working papers,'' Sec. 715.2(n), unintentionally excluded uncompensated auditors from that definition. Therefore, that phrase has been eliminated.

    2. Supervisory Committee Responsibilities

      Section 715.3--General Responsibilities of the Supervisory Committee

      Under this section, a principal duty of the Supervisory Committee is to ``establish practices and procedures sufficient to safeguard members' assets'' against ``error, conflict of interest, self-dealing and fraud.'' Sec. 715.3(a) and (b)(4). The sole commenter addressing this section, who generally supported the rule, interpreted this language as improperly creating a duty to prevent acts which constitute error, conflict of interest, self-dealing and fraud. NCUA disagrees with that interpretation; the rule clearly mandates a duty to establish practices and procedures designed to ``safeguard members'' assets'' against such misconduct, but imposes no absolute liability on the board of directors or management to prevent such misconduct. Therefore, NCUA retains the original language of paragraph (a). Although there were no further substantive comments on this section, paragraph (b) is modified in form to improve clarify and parallelism. Section 715.4--Audit Responsibility of the Supervisory Committee

      This section restates the Supervisory Committee's annual audit responsibility under 12 U.S.C. 1761d, Sec. 715.4(c); provides that a financial statement audit will always satisfy that responsibility, Sec. 715.4(b); and that other options to satisfy that responsibility are available to credit unions which do not choose to obtain a financial statement audit. Sec. 715.4(c). For the convenience of the reader, the minimum audit requirements according to charter type and asset size are summarized in a diagram preceding Sec. 715.5. NCUA received no comments directly addressing this section. To eliminate ambiguity in determining asset size, NCUA has added a sentence indicating that ``asset size is the amount of total assets reported in the Call Report for the year-end immediately preceding and outside of the period under audit.'' Sec. 715.4(c).

    3. Minimum Audit Requirements

      The proposed rule was organized primarily according to asset size-- $500 million and above, less than $500 million but more than $10 million, and $10 million or less--rather than by charter type. An association of state credit union supervisors urged reorganization of part 715 primarily by charter type, and then by asset size, so that audit requirements which apply to FISCUs are consolidated according to asset size in one section and those which apply to federally-chartered credit unions (FCUs) are consolidated according to asset size in a separate section. NCUA believes that the benefits of such a reorganization--namely, improved clarity and accessibility--outweigh the minimal duplication that results. Accordingly, in the final rule, Sec. 715.5 addresses audit requirements exclusive to federal charters, and Sec. 715.6 addresses audit requirements exclusive to State charters. The substance of the applicable audit requirements remains unchanged in both sections. Section 715.5--Audit of Federal Credit Unions

      This section sets forth the minimum requirements for the audit of federal credit unions (FCUs) according to asset size. As CUMAA mandates, 12 U.S.C. 1782(a)(6)(D), an FCU having assets of $500 million or greater must obtain a financial statement audit. Sec. 715.5(a). For FCUs having less than $500 million in assets, Sec. 715.5(b) reflects NCUA's interpretation that CUMAA allows credit unions the choice of obtaining a financial statement audit under Sec. 715.6(a)--as credit unions having $500 million or more in assets must do--or one of three alternative audit engagements set forth in Sec. 715.7. See 12 U.S.C. 1782(a)(6)(D)(ii). NCUA received eight comments expressly agreeing with NCUA's interpretation of CUMAA; four opposing the interpretation; and eighteen which did not comment on the matter. One supporter enclosed a legal opinion concurring with NCUA's interpretation. Another pronounced the rule clear and concise and the interpretation appropriate.

      The four commenters opposing NCUA's interpretation of CUMAA consist of licensed auditing professionals and an auditing industry trade association, all of whom favored an interpretation of CUMAA limiting auditing of credit unions above $10 million in assets exclusively to State-licensed individuals like themselves. In stark contrast, another commenter who is an unlicensed auditor insisted that, compared to current Sec. 701.12, the proposed rule is a concession to the auditing profession and is contrary to the best interests of the credit unions, even though it maximizes audit choice for credit unions.

      Consistent with its interpretation of CUMAA, NCUA stands by section 715.5 as proposed, except to add a final paragraph (d) indicating that FCUs must meet applicable requirements elsewhere in part 715 regardless of which audit engagement they choose under Sec. 715.5. See Secs. 715.8, 715.9(b) through (e), 715.10. Section 715.6--Audit of Federally-insured, State-chartered Credit Unions

      This section sets forth the minimum requirements for the audit of FISCUs according to asset size. As in the case of FCUs, CUMAA mandates that FISCUs having assets of $500 million or greater must obtain a financial statement audit. Sec. 715.6(a). For FISCUs having less than $500 million in assets, Sec. 715.6 gives FISCUs the choice of obtaining a financial statement audit per Sec. 715.6(a), or one of three alternative audit engagements set forth in Sec. 715.7. The rule provides, however, that if the State or jurisdiction in which the credit union is principally located prescribes an audit engagement which is more stringent than the alternative engagements offered in Sec. 715.7, the FISCU must comply with the State-mandated audit. Sec. 715.6(b).\7\ As in the

      [[Page 41032]]

      case of FCUs, a new subsection (c) has been added to indicate that FISCUs must meet applicable requirements elsewhere in part 715 regardless of which engagement they choose under Sec. 715.6. See Secs. 715.8, 715.9(b) through (e), 715.10. NCUA received no comments on the predecessor provision to this section.

      \7\ NCUA does not define ``stringent'' except to suggest that it might involve enhanced audit scope and depth. ``Stringent'' is not defined in 12 U.S.C. 1782(a)(6)(C)(iii), which refers to an accounting principle that is ``no less stringent'' than GAAP.

      In comparison to NCUA's current supervisory committee audit rule, Sec. 701.12, State-prescribed audits for credit unions generally fall into three categories: (1) States which prescribe audits substantially similar to 12 U.S.C. 1761d and/or Sec. 701.12; (2) States which prescribe audits which differ in some respects from 12 U.S.C. 1761d and/or Sec. 701.12, but which are not necessarily ``more stringent,'' including four States which determine the type of audit by asset size, e.g., Mich. Comp. Laws Sec. 490.11(2); and (3) States in which a financial statement audit is prescribed for certain credit unions.

      Section 715.7--Supervisory Committee Audit Alternatives To a Financial Statement Audit

      This section establishes alternative supervisory committee audit engagements for federally-insured credit unions that are not required by virtue of asset size to obtain a financial statement audit, and that otherwise do not voluntarily elect to obtain a financial statement audit.

      ``Opinion on the balance sheet.'' Like a financial statement audit, this engagement, also known as a ``balance sheet audit,'' must be performed in accordance with GAAS by a person who is licensed under State law to do so. Sec. 715.7(a). This engagement consists of an examination of assets, liabilities and equity and requires an opinion by the auditor on the fairness of the balance sheet only. Apart from the basis of accounting required, see Sec. 715.2(a), this option is identical to that of the same name proposed for other federally-insured financial institutions by the FFIEC. FFIEC Policy Statement, 63 F.R. at 7797, 7800.

      Five commenters addressed the ``balance sheet audit'' option. One commenter fully supported the option. One characterized it as a step backwards due to insufficient testing of the internal control structure and less assurance than in current Sec. 701.12. Three commenters were cautious--one suggesting this engagement should incorporate supplemental analytic procedures, one criticizing the limited scope and limited assurance of this option, and one urging mandatory linkage to a basis of accounting consistent with GAAP. NCUA believes that these generally are matters of judgment which, to the extent possible, should be left to the supervisory committee. Thus, the ``opinion on the balance sheet'' is modified only to require the same basis of accounting as that which is reflected in the credit union's Call Reports. See discussion of Sec. 715.2(a) supra.

      ``Report on examination of internal control over Call Reporting.'' This engagement was originally proposed as a ``review and evaluation of internal controls over Call Reporting,'' consisting of an examination of management's written assertions concerning the effectiveness of internal controls over data reported in Call Reports (NCUA Form 5300) which addresses high risk areas. In this engagement, the auditor produces a report on the written assertions of management. See Sec. 715.2(j).

      Ten commenters addressed the originally proposed ``review and evaluation of internal controls over Call Reporting. One commenter fully supported this option as written; one commenter believed it would confuse credit unions and should be clarified; and a third opposed it outright. The latter commenter argued that this engagement is too limited, does not consider many areas of the financial structure, and does not identify problems that may exist with account balances. As a remedy, this commenter recommended that the ``review and evaluation'' be subject to attestation standards of the auditing profession--thus allowing only licensed individuals to perform this examination--and be increased in scope.

      Seven commenters supported this audit option in a revised form. Five argued that only external, licensed certified public accountants under the attestation standards of the profession should be allowed to perform this engagement. One of these commenters suggested that attestation standards demand use of the nomenclature ``examination,'' rather than ``review,'' as these terms have different ascribed meanings under auditing standards. This same commenter strongly recommended that the rule clearly define the scope and level of work for this engagement, specify the criteria for the evaluation of internal controls, and define a ``complex'' credit union. Another commenter argued that small credit unions lack sound internal controls and that this engagement will not be helpful to them. This commenter also contended that it would be difficult for credit union management to document its internal control assertions,\8\ and that the engagement would not yield a particularly reduced fee. This commenter joined two others in opposing the use of differing levels of expertise for performing this engagement--a ``State-licensed person'' if performed for a credit union defined as ``complex,'' but only a ``qualified person'' if not. NCUA found these comments generally persuasive and has revised the final rule as follows.

      \8\ In the case of a small credit union which lacks the expertise to develop management's written assertions and is unable to gain such expertise, this engagement would not be a viable alternative for fulfilling its supervisory committee audit responsibility.

      First, the final rule renames this engagement a ``report on the examination of internal control over Call Reporting'' and requires it to satisfy the attestation standards of the auditing profession. Sec. 715.7(b). Second, whereas the proposed rule was silent about the criteria on which the review of internal controls is based, the final rule assigns credit union management the responsibility of ``specif[ying] the criteria on which it based its evaluation of internal controls.'' \9\

      \9\ For example, Internal Control--Integrated Framework published by the Committee of Sponsoring Organizations of the Treadway Commission identifies an entity's internal control as consisting of five components: control environment, risk assessment, control activities, information and communication, and monitoring.

      Third, whereas the proposed rule prescribed the ``high risk areas'' on which this engagement concentrates--loans, investments, and cash and deposit activity--the final rule gives management the responsibility of designating the areas it considers high risk. However, the NCUA Board still believes that high risk areas should most often include: lending activities, investing activities, and cash-handling and deposit-taking activities.

      Finally, the final rule abandons the proposed two-tier approach to the expertise required to perform this engagement, in favor of a single, higher level of expertise. The final rule now provides that only State-licensed persons under attestation standards of the auditing profession may perform a ``report and examination of internal control over Call Reporting'' regardless whether the credit union is defined as ``complex'' for prompt corrective action purposes. See CUMAA Sec. 301(d)(2)(B) and (e)(2) (requirement to adopt definition of ``complex'' credit union).

      As modified in the final rule, the ``report on examination of internal control over Call Reporting'' is comparable to the FFIEC- proposed option of an ``attestation report on

      [[Page 41033]]

      internal control assertions.'' 63 FR at 7797, 7800.

      ``Supervisory Committee Guide audit.'' This engagement follows an audit program prescribed in NCUA's Supervisory Committee Guide (Guide), as revised to conform to part 715, and is similar to a ``Directors' Examination'' used by some Federally-insured banks. The Guide engagement is the only audit alternative under the final rule that can be performed either by a ``State-licensed person'' or by a ``qualified person'' who is not licensed. As revised, the Guide will provide guidance regarding the minimum scope and procedures of the engagement, and clearly distinguish a Guide engagement from a financial statement audit engagement.

      Eleven comments addressed the Guide option. Two advocated limiting performance of the Guide engagement to ``State-licensed persons.'' The NCUA Board disagrees because this is directly contrary to the objective of providing a supervisory committee audit option that can be performed by individuals who are not ``State-licensed.'' The Guide engagement accomplishes this objective.

      Five of the commenters asked that NCUA issue the proposed Guide for public comment before finalizing it. Because it is likely that the Guide will be revised periodically, NCUA has decided to issue the Guide as a manual rather than as a rule. As such, the Guide will not be issued for public comment. Three commenters strongly encouraged NCUA to write the Guide so that it conforms to auditing standards governing an ``agreed-upon procedures'' engagement, thereby permitting ``State- licensed persons'' to perform this engagement. To achieve this objective in revising the Guide, and in lieu of soliciting public comment, NCUA is seeking the assistance of the Credit Unions Committee of the American Institute of Certified Public Accountants in identifying appropriate minimum procedures to append to the Guide.

      A commenter suggested that the Guide audit be available only to credit unions under $50 million in assets, and another encouraged NCUA to tailor the Guide audit program according to asset size. NCUA declines both suggestions. Although NCUA prefers to make the Guide audit universally available to all credit unions regardless of asset size, experience indicates that it is the option most often chosen by credit unions which are relatively small in asset size. NCUA also prefers to offer a uniform audit program regardless of asset size. NCUA believes that an audit program which varies by asset size is unworkable and would substitute the regulator's judgment for that which is properly reserved to the supervisory committee.

      Choice among audit options. One commenter suggested that the final rule should provide guidance as to which audit option is appropriate for a credit union which is not required to obtain a financial statement audit--a voluntary-chosen ``financial statement audit,'' a ``balance sheet audit,'' a ``report on examination of internal controls over Call Reporting,'' or a ``Supervisory Committee Guide audit.'' The NCUA Board declines to provide such guidance, believing instead that it is the supervisory committee's responsibility to obtain the highest level of supervisory committee audit service that is consistent with the credit union's size, the nature and scope of its activities, and any compensating internal controls. Cost of service alone should not be the deciding factor in this decision. Cost should be one among many factors the supervisory committee thoughtfully considers when weighing the purpose and benefit of each audit alternative. A supervisory committee which is unfamiliar with distinctions among the different types of audits should seek the advice of an independent accountant in choosing among them.

      December 1998 NCUA Call Report data shows that 80% of Federally- insured credit unions above $50 million in assets already obtain a financial statement audit voluntarily. NCUA encourages all credit unions, regardless of asset size, to obtain financial statement audits, but recognizes that financial statement audits may not be practical for all credit unions. Accordingly, the final rule seeks to preserve less burdensome audit alternatives for credit unions that do not obtain financial statement audits, without compromising the Supervisory Committee's ability to carry out its oversight responsibilities.

    4. Verification of Accounts

      Section 715.8--Requirements for Verification of Accounts and Passbooks

      As mandated by 12 U.S.C. 1761d, this section requires the Supervisory Committee to conduct a verification of the passbooks and accounts of the members against the records of the credit union at least once every two years. One commenter urged removing proposed language requiring the auditor to ``provide assurance'' or draw conclusions in reference to both the statistical and non-statistical methods of verification. NCUA agrees with regard to the statistical sampling methods under Sec. 715.8(b)(2), but disagrees with regard to the non-statistical methods under Sec. 715.8(b)(3).

      Consistent with State licensing requirements, NCUA prohibits persons who are not ``State-licensed'' from providing assurance services in connection with a verification. Sec. 715.7(c). Because a ``controlled verification,'' Sec. 715.8(b)(1), and statistical sampling methods, Sec. 715.8(b)(2), may be performed by persons who are not ``State-licensed,'' the ``assurance'' language has been removed from Sec. 715.8(b)(2)(iv). Because non-statistical sampling methods consistent with GAAS, Sec. 715.8(b)(3), may be performed only by a ``State-licensed person,'' who is authorized to provide assurance services, the ``assurance'' language remains intact in Sec. 715.8(b)(3)(i).

    5. Other Audit Requirements

      Section 715.9--Assistance From Outside Compensated Person

      This section sets the independence and engagement letter requirements that are triggered when the Supervisory Committee engages an outside person who is compensated to perform, or to assist in the performance of, a supervisory committee audit under this part. Paragraph (a) concerns the auditor's independence from credit union officials. Although NCUA received no comments on this provision, it has determined that the definition of persons ``unrelated to officials'' of the credit union (i.e., persons who qualify as independent of credit union officials) was too narrow with respect to relatives of credit union employees. This made the category of persons not sufficiently independent of credit union officials overinclusive. Accordingly, the final rule provides that a compensated auditor ``shall not be related by blood or marriage to any management employee * * * of the credit union,'' and eliminates as redundant the list of blood and marital relations. Sec. 715.9(a) (emphasis added).

      Paragraph (b) sets forth the general requirement for an engagement letter between the Supervisory Committee and the outside auditor memorializing the terms and conditions of the audit engagement. Two commenters sought clarification of the requirement that ``the engagement must be contracted with the supervisory committee,'' Sec. 715.9(b), suggesting the possibility that the supervisory committee may not have the authority to contract for the audit. The NCUA Board disagrees, believing that the supervisory committee's authority to contract for the credit union's audit is clear from the language of the FCUA,

      [[Page 41034]]

      which provides that ``the supervisory committee shall make or cause to be made an annual audit.'' 12 U.S.C. 1761d.

      Paragraph (c) sets forth the required contents of an engagement letter. Proposed paragraph (c)(6) required the engagement letter to ``specify a target date of delivery'' for the audit report. At the suggestion of an auditing industry trade association, this provision has been revised to prescribe a fixed target date of delivery ``not to exceed 120 days from date of calendar or fiscal year-end under audit (period covered), unless the supervisory committee obtains a waiver from the supervising NCUA Regional Director.'' Sec. 715.9(c)(6). NCUA believes that prescribing a uniform fixed date of delivery, rather than allowing the date to be set on an engagement-by-engagement basis, will improve the consistency and efficiency of the auditing process.

      To avert post-engagement disputes between the credit union and its outside auditor, proposed paragraphs (d) and (e) together mirrored the current rule, Sec. 701.12(d)(2)-(3), in requiring an auditor to certify in the engagement letter when all items within the scope of a supervisory committee audit will be addressed in the engagement, and conversely, to identify any items that will be excluded from the engagement. The final rule is revised to reflect that certification of complete scope is redundant with respect to three types of audit engagements under part 715--the financial statement audit, the balance sheet audit, and the report on examination of internal control over Call Reporting--because reporting standards under GAAS and attestation standards, respectively, for those engagements already would require any excluded items to be reflected in the level of assurance the independent accountant provides in rendering an opinion. In contrast, the Supervisory Committee Guide audit engagement available under part 715 does not by definition include all items within the scope of the engagement. Therefore, with regard to that engagement only, the final rule still requires the auditor to certify the completeness of scope or, conversely, to specify the exclusions from the scope of the engagement. Sec. 715.9(d) and (e).

      In the case of a Guide engagement, for example, the auditor and the supervisory committee may by agreement exclude the allowance for loan losses from the scope of the engagement. In that event, paragraph (e) would require the engagement letter to specify the excluded items. Section 715.10--Audit Report and Working Paper Maintenance and Access

      This section addresses the procedure for distributing the audit report produced either by the Supervisory Committee or by an outside person who performed the audit, and the responsibility for maintenance of, and access to, the auditor's ``working papers'' once the engagement is complete. Whereas the proposed rule expressly stated that credit union members must be provided with ``a report of the results of an audit at the next annual meeting,'' the final rule provides that members must be provided with a ``summary'' of the results of the audit, ``orally or in writing''. Sec. 715.10(a). The purpose of this revision is to indicate that credit unions need not provide members a written, abridged version of the audit report itself.

      One commenter suggested that NCUA specify minimum information to be included in a report (or summary) of the results of the audit. Although NCUA has not experienced problems of insufficient disclosure of audit results, the final rule nonetheless includes a remedy: ``If a member so requests, the Supervisory Committee shall provide the member access to the full audit report,'' Sec. 715.10(b), although the member would not necessarily have a right to a copy of the report.

      Paragraph (b) concerns maintenance of, and access to, audit working papers. Sec. 701.10(e)(2). Two commenters sought a commitment from NCUA, either by rule or otherwise, to maintain the confidentiality of working papers to which it is given access under this section. Such a commitment is not necessary because audit workpapers fall within the scope of confidential, commercial and financial information protected from disclosure by NCUA regulations, except to other government agencies and as required by law. 12 CFR 792.11(a)(4) and (8), 792.30, 792.60.

    6. Sanctions and Remedies

      Section 715.11--Sanctions for Failure To Comply With This Part

      This section authorizes NCUA to reject an audit or to impose formal administrative sanctions when a Supervisory Committee or its independent compensated auditor violates a provision of this part or a provision of an engagement letter prescribed by this part. Although NCUA received no substantive comments on this section, the final rule has been revised in two ways. First, to provide that when a regional director rejects an audit, he or she must ``provide a reasonable opportunity to correct the deficiencies.'' Sec. 715.11(a)(1). Second, to clarify that this section applies to FISCUs, the final rule cites section 741.202 of chapter VII as authority. Sec. 715.11(b). Section 715.12--Statutory Audit Remedies for Federal Credit Unions

      This section provides the NCUA Board with a pair of additional remedies which, if certain conditions are met, apply to federally- chartered credit unions by statute, 12 U.S.C. 1782(a)(6)(A), and to State-chartered credit unions by regulation. 12 CFR 701.13(a)(2). The remedies are the authority to compel a credit union in this category to have its audit performed by a State-licensed person, Sec. 715.12(a), or to compel the credit union to obtain a financial statement audit even when it is not otherwise required to do so. Sec. 715.12(b). NCUA received a single comment on this section, cautioning that these sanctions alone, when imposed against a small credit union, could drive that credit union into liquidation. NCUA emphasizes in response its commitment to chartering and continued growth of small credit unions when feasible, and to considering all circumstances in imposing lawful sanctions and remedies under this section. Finally, this section has been modified in the last sentence to indicate that, in addition to a ``adverse opinion,'' a ``disclaimer of opinion'' should be an exception to the objective of producing an unqualified opinion. Sec. 71512(b).

    7. Appropriation for Non-conforming Investments

      Section 741.3--Criteria

      Although not raised in the proposed rule, Sec. 741.3(a)(3) is revised in the final rule to conform to a change in the technical nomenclature used in NCUA's Call Report (NCUA Form 5300). The phrases ``Investment Valuation Reserve Account'' and ``Investment Valuation Reserve'' both are renamed the ``Appropriation for Non-conforming Investments''. This account receives appropriated funds from undivided earnings in amounts by which investment fair value exceeds book value in FISCUs that hold investments which would be impermissible investments for an FCU to hold, i.e., non-conforming investments. As the auditing industry trade association suggested, this change more appropriately reflects the function and composition of the account under GAAP.

      [[Page 41035]]

    8. Call Reporting Requirements

      Section 741.6--Financial and Statistical and Other Reports

      This section sets deadlines for filing Call Reports with NCUA and implements the statutory mandate that Call Reports filedby credit unions having assets of $10 million or more must be consistent with GAAP. 12 U.S.C. 1782(a)(6)(C)(i). The proposed rule required that such Call Reports ``reflect measurement principles consistent with GAAP.'' An auditing industry trade association encouraged NCUA to specify other principles of GAAP in addition to ``measurement principles.'' Instead of identifying specific principles of GAAP, however, NCUA has concluded that it is consistent with CUMAA to simply require Call Reporting to ``reflect GAAP'' without further specification. Sec. 741.6(b). Because NCUA received no other comments on this section, it is otherwise unchanged.

  3. Comments of Principal Trade Associations

    Internal Auditing Industry

    The principal trade association of the internal auditing industry agreed with the intent of the proposed rule but disagreed with its implementation, advocating that certain requirements of the rule can be met only by internal auditors. The association urged the NCUA to relieve untrained, unpaid supervisory committee volunteers of the burden of meeting those requirements. Seeking a niche for internal auditors, the trade association further proposed to replace the regulatory scheme in part 715 with a hierarchy of both mandatory internal and external audit requirements based on six asset size categories. Depending on the category in which a credit union falls, the hierarchy prescribes an examination period ranging between 12 and 36 months, the option or requirement to conduct an internal audit, and different supervisory committee audit alternatives available in each category.

    While NCUA appreciates the constructive input of the internal auditing industry trade association, it is not prepared at this juncture to tailor auditing requirements by asset size, to prescribe examination periods of varying lengths, to mandate an internal audit function, or to designate particular types of audits available under different asset categories. Rather, the NCUA's objective in part 715 is to implement the auditing requirements of CUMAA and to establish for federally-insured credit unions having less than $500 million in assets a uniform structure of universally available alternatives to fulfill the supervisory committee audit responsibility. All but one of these alternatives may be performed only by State-licensed auditors. Principal Banking Industry Trade Association

    In sum, the principal banking industry trade association contends that while the proposed rule fulfills the requirements of CUMAA, those requirements still are much less stringent than those to which banks are held. Many of the points raised by the trade association were raised by other commenters and are addressed earlier in this preamble. Apart from these points, the trade association complains that even though part 715 complies with CUMAA, it still is less stringent than audit requirements imposed on banks; that although not required to do so, NCUA should require the Call Reports of credit unions having less than $10 million in assets to reflect GAAP; that the statutory minimum audit requirements should be addressed in a rule which is entirely separate from part 715, which as proposed purportedly is ``missing critical elements''; that many of the definitions in part 715 are deficient and many terms used in the rule are undefined; that the Supervisory Committee's responsibilities need to be ``clarified and strengthened''; and that the standards and scope provisions of the current rule, Sec. 701.12(c)(2) and (3), should be retained in part 715 and in the Supervisory Committee Guide.

    In general, the trade association's views are fundamentally contrary to NCUA's objectives in part 715. Whereas NCUA wishes to faithfully implement the minimum audit requirements of CUMAA, the trade association apparently wants to hold credit unions to a standard approaching that which applies to the institutions which are its members. To do so would impose an unwarranted burden on credit unions. Rather, NCUA's objective in part 715 is to serve the distinctive needs of credit unions for simplicity, choice and flexibility in the auditing process, consistent with the supervisory committee's oversight responsibility and NCUA's duty to protect the National Credit Union Share Insurance Fund.

    Regulatory Procedures

    Regulatory Flexibility Act

    The Regulatory Flexibility Act requires NCUA to prepare an analysis to describe any significant economic impact a proposed regulation may have on a substantial number of small credit unions (primarily those under $1 million in assets). The NCUA Board has determined and certifies that the final rule will not have a significant economic impact on a substantial number of small credit unions. Thus, a Regulatory Flexibility Analysis is not required.

    Paperwork Reduction Act

    The final rule imposes no additional information collection requirements beyond those in the current rule it replaces. Therefore, no Paperwork Reduction Act analysis is required.

    Executive Order 12612

    Executive Order 12612 requires NCUA to consider the effect of its actions on state interests. The final rule will not have a substantial direct effect on the states, on the relationship between the national government and the states, or on the distribution of rights and responsibilities among the various levels of government.

    List of Subjects

    12 CFR Parts 710 and 741

    Credit unions, Reporting and recordkeeping requirements.

    12 CFR Part 715

    Audits, Credit unions, Reporting and recordkeeping requirements, Supervisory committee.

    By the National Credit Union Administration Board on July 22, 1999. Becky Baker, Secretary of the Board.

    Accordingly, 12 CFR parts 701, 715 and 741 are amended as set forth below:

    PART 701--ORGANIZATION AND OPERATION OF FEDERAL CREDIT UNIONS

    1. The authority citation for part 701 continues to read as follows:

      Authority: 12 U.S.C. 1752(5), 1755, 1756, 1757, 1759, 1761a, 1761b, 1766, 1767, 1782, 1784, 1787, 1789 and 1798. Section 701.6 is also authorized by 31 U.S.C. 3717. Section 701.31 is also authorized by 15 U.S.C. 1601 et seq.; 42 U.S.C. 1981 and 3601-3610. Section 701.35 is also authorized by 42 U.S.C. 4311-4312.

      Secs. 701.12 and 701.13 [Removed]

    2. Sections 701.12 and 701.13 are removed.

    3. Part 715 is added to read as follows:

      PART 715--SUPERVISORY COMMITTEE AUDITS AND VERIFICATIONS

      Sec. 715.1 Scope of this part. 715.2 Definitions used in this part.

      [[Page 41036]]

      715.3 General responsibilities of the Supervisory Committee. 715.4 Audit responsibility of the Supervisory Committee. 715.5 Audit of Federal Credit Unions. 715.6 Audit of Federally-insured State-chartered credit unions. 715.7 Supervisory Committee audit alternatives to a financial statement audit. 715.8 Requirements for verification of accounts and passbooks. 715.9 Assistance from outside, compensated person. 715.10 Audit report and working paper maintenance and access. 715.11 Sanctions for failure to comply with this part. 715.12 Statutory audit remedies for Federal credit unions.

      Authority: 12 U.S.C. 1761d, 1782(a)(6).

      Sec. 715.1 Scope of this part.

      This part implements section 202(a)(6)(D) of the Federal Credit Union Act, 12 U.S.C. 1782(a)(6)(D), as added by section 201(a) of the Credit Union Membership Access Act, Pub. L. No. 105-219, 112 Stat. 918 (1998). This part prescribes the responsibilities of the Supervisory Committee to obtain an annual audit of the credit union according to its charter type and asset size, and to conduct a verification of members' accounts.

      Sec. 715.2 Definitions used in this part.

      As used in this part:

      (a) Balance sheet audit refers to the examination of a credit union's assets, liabilities, and equity under generally accepted auditing standards (GAAS) by an independent public accountant for the purpose of opining on the fairness of the presentation on the balance sheet. Credit unions required to file call reports consistent with GAAP should ensure the audited balance sheet is likewise prepared on a GAAP basis. The opinion under this type of engagement would not address the fairness of the presentation of the credit union's income statement, statement of changes in equity (including comprehensive income), or statement of cash flows.

      (b) Compensated person refers to any accounting/auditing professional, excluding a credit union employee, who is compensated for performing more than one supervisory committee audit and/or verification of members' accounts per calendar year.

      (c) Financial statements refers to a presentation of financial data, including accompanying notes, derived from accounting records of the credit union, and intended to disclose a credit union's economic resources or obligations at a point in time, or the changes therein for a period of time, in conformity with GAAP, as defined herein, or regulatory accounting procedures. Each of the following is considered to be a financial statement: a balance sheet or statement of financial condition; statement of income or statement of operations; statement of undivided earnings; statement of cash flows; statement of changes in members' equity; statement of revenue and expenses; and statement of cash receipts and disbursements.

      (d) Financial statement audit (also known as an ``opinion audit'') refers to an audit of the financial statements of a credit union performed in accordance with GAAS by an independent person who is licensed by the appropriate State or jurisdiction. The objective of a financial statement audit is to express an opinion as to whether those financial statements of the credit union present fairly, in all material respects, the financial position and the results of its operations and its cash flows in conformity with GAAP, as defined herein, or regulatory accounting practices.

      (e) GAAP is an acronym for ``generally accepted accounting principles'' which refers to the conventions, rules, and procedures which define accepted accounting practice. GAAP includes both broad general guidelines and detailed practices and procedures, provides a standard by which to measure financial statement presentations, and encompasses not only accounting principles and practices but also the methods of applying them.

      (f) GAAS is an acronym for ``generally accepted auditing standards'' which refers to the standards approved and adopted by the American Institute of Certified Public Accountants which apply when an ``independent, licensed certified public accountant'' audits financial statements. Auditing standards differ from auditing procedures in that ``procedures'' address acts to be performed, whereas ``standards'' measure the quality of the performance of those acts and the objectives to be achieved by use of the procedures undertaken. In addition, auditing standards address the auditor's professional qualifications as well as the judgment exercised in performing the audit and in preparing the report of the audit.

      (g) Independent means the impartiality necessary for the dependability of the compensated auditor's findings. Independence requires the exercise of fairness toward credit union officials, members, creditors and others who may rely upon the report of a supervisory committee audit report.

      (h) Internal control refers to the process, established by the credit union's board of directors, officers and employees, designed to provide reasonable assurance of reliable financial reporting and safeguarding of assets against unauthorized acquisition, use, or disposition. A credit union's internal control structure consists of five components: control environment; risk assessment; control activities; information and communication; and monitoring. Reliable financial reporting refers to preparation of Call Reports (NCUA Forms 5300 and 5310) that meet management's financial reporting objectives. Internal control over safeguarding of assets against unauthorized acquisition, use, or disposition refers to prevention or timely detection of transactions involving such unauthorized access, use, or disposition of assets which could result in a loss that is material to the financial statements.

      (i) Reportable conditions refers to a matter coming to the attention of the independent, compensated auditor which, in his or her judgment, represents a significant deficiency in the design or operation of the internal control structure of the credit union, which could adversely affect its ability to record, process, summarize, and report financial data consistent with the representations of management in the financial statements.

      (j) Report on Examination of Internal Control over Call Reporting refers to an engagement in which an independent, licensed, certified public accountant or public accountant, consistent with attestation standards, examines and reports on management's written assertions concerning the effectiveness of its internal control over financial reporting in its most recently filedsemiannual or year-end Call Report, with a concentration in high risk areas. For credit unions, such high risk areas most often include: lending activity; investing activity; and cash handling and deposit-taking activity.

      (k) State-licensed person refers to a certified public accountant or public accountant who is licensed by the State or jurisdiction where the credit union is principally located to perform accounting or auditing services for that credit union.

      (l) Supervisory committee refers to a supervisory committee as defined in Section 111(b) of the Federal Credit Union Act, 12 U.S.C. 1786(r). For some federally-insured state chartered credit unions, the ``audit committee'' designated by state statute or regulation is the equivalent of a supervisory committee.

      [[Page 41037]]

      (m) Supervisory committee audit refers to an engagement under either Sec. 715.5 or Sec. 715.6 of this part.

      (n) Working papers refers to the principal record, in any form, of the work performed by the auditor and/or supervisory committee to support its findings and/or conclusions concerning significant matters. Examples include the written record of procedures applied, tests performed, information obtained, and pertinent conclusions reached in the engagement, proprietary audit programs, analyses, memoranda, letters of confirmation and representation, abstracts of credit union documents, reviewer's notes, if retained, and schedules or commentaries prepared or obtained in the course of the engagement.

      Sec. 715.3 General responsibilities of the Supervisory Committee.

      (a) Basic. The supervisory committee is responsible for ensuring that the board of directors and management of the credit union--

      (1) Meet required financial reporting objectives;

      (2) And establish practices and procedures sufficient to safeguard members' assets.

      (b) Specific. To carry out the responsibilities set forth in paragraph (a) of this section, the supervisory committee must determine whether:

      (1) Internal controls are established and effectively maintained to achieve the credit union's financial reporting objectives which must be sufficient to satisfy the requirements of the supervisory committee audit, verification of members' accounts and its additional responsibilities;

      (2) The credit union's accounting records and financial reports are promptly prepared and accurately reflect operations and results;

      (3) The relevant plans, policies, and control procedures established by the board of directors are properly administered; and

      (4) Policies and control procedures are sufficient to safeguard against error, conflict of interest, self-dealing and fraud.

      (c) Mandates. In carrying out the responsibilities set forth in paragraphs (a) and (b) of this section, the Supervisory Committee must:

      (1) Ensure that the credit union adheres to the measurement and filing requirements for reports filedwith the NCUA Board under Sec. 741.6 of this chapter;

      (2) Perform or obtain a supervisory committee audit, as prescribed in Sec. 715.4 of this part;

      (3) Verify or cause the verification of members' passbooks and accounts against the records of the credit union, as prescribed in Sec. 715.8 of this part;

      (4) Act to avoid imposition of sanctions for failure to comply with the requirements of this part, as prescribed in Sec. 715.11 and Sec. 715.12 of this part.

      Sec. 715.4 Audit responsibility of the Supervisory Committee.

      (a) Annual audit requirement. A federally-insured credit union is required to obtain an annual supervisory committee audit which occurs at least once every calendar year (period of performance) and must cover the period elapsed since the last audit period (period effectively covered).

      (b) Financial statement audit option. Any federally-insured credit union, whether Federally- or State-chartered and regardless of asset size, may choose to fulfill its Supervisory Committee audit responsibility by obtaining an annual audit of its financial statements performed in accordance with GAAS by an independent person who is licensed to do so by the State or jurisdiction in which the credit union is principally located. (A ``financial statement audit'' is distinct from a ``supervisory committee audit,'' although a financial statement audit is included among the options for fulfilling the supervisory committee audit requirement. Compare Sec. 715.2(c) and (j).)

      (c) Other audit options. A federally insured credit union which does not choose to obtain a financial statement audit as permitted by subsection (b) must fulfill its supervisory audit responsibility under either of Sec. 715.5 or Sec. 715.6 of this part, whichever is applicable. See Table 1. For purposes of this part, a credit union's asset size is the amount of total assets reported in the year-end Call Report (NCUA form 5300) filedfor the calendar year-end immediately preceding the period under audit.

      [[Page 41038]]

      [GRAPHIC] [TIFF OMITTED] TR29JY99.000

      \1\ The Supervisory Committee audit responsibility under Part 715 can always be fulfilled by obtaining a financial statement audit. Sec. 715.4(b).

      Sec. 715.5 Audit of Federal Credit Unions.

      (a) Total assets of $500 million or greater. To fulfill its Supervisory Committee audit responsibility, a federal credit union having total assets of $500 million or greater must obtain an annual audit of its financial statements performed in accordance with GAAS by an independent person who is licensed to do so by the State or jurisdiction in which the credit union is principally located.

      (b) Total assets of less than $500 million but more than $10 million. To fulfill its Supervisory Committee audit responsibility, a Federally-chartered credit union having total assets of less than $500 million but more than $10 Million which does not choose to obtain an audit under Sec. 715.5(a), must obtain an annual supervisory committee audit as prescribed in Sec. 715.7.

      (c) Total assets of $10 million or less. To fulfill its Supervisory Committee audit responsibility, a Federally-chartered credit union having total assets of $10 million or less must obtain an annual Supervisory Committee audit as prescribed in Sec. 715.7.

      (d) Other requirements. A federally chartered credit union, regardless of which audit it is required to obtain under this section, must meet other applicable requirements of this part.

      Sec. 715.6 Audit of Federally-insured State-chartered credit unions.

      (a) Total assets of $500 million or greater. To fulfill its Supervisory Committee audit responsibility, a federally-insured State- chartered credit union having total assets of $500 million or greater must obtain an annual audit of its financial statements performed in accordance with GAAS by an independent person who is licensed to do so by the State or jurisdiction in which the credit union is principally located.

      (b) Total assets of less than $500 million. To fulfill its Supervisory Committee audit responsibility, a federally-insured State- chartered credit union having total assets of less than $500 million must obtain either an annual supervisory committee audit as prescribed under either Sec. 715.6(a) or Sec. 715.7, or an audit as prescribed by the State or jurisdiction in which the credit union is principally located, whichever audit is more stringent.

      (c) Other requirements. A federally-insured, state-chartered credit union, regardless of which audit it is required to obtain under this section, must meet other applicable requirements of this part except Secs. 715.5 and 715.12.

      Sec. 715.7 Supervisory Committee audit alternatives to a financial statement audit.

      A credit union which is not required to obtain a financial statement audit may fulfill its supervisory committee responsibility by any one of the following engagements:

      (a) Balance sheet audit. A balance sheet audit, as defined in Sec. 715.2(a), performed by a person who is licensed to do so by the State or jurisdiction in which the credit union is principally located; or

      (b) Report on Examination of Internal Control over Call Reporting. An engagement and report on management's written assertions concerning the effectiveness of internal control over financial reporting in the credit union's most recently filedsemiannual or year-end call report (NCUA Form 5300), as defined in Sec. 715.2(j), performed by a person who is licensed to do so by the State or jurisdiction in which the credit union is principally located, and in which management specifies the criteria on which it based its evaluation of internal control; or

      (c) Audit per Supervisory Committee Guide. An audit performed by the supervisory committee, its internal auditor, or any other qualified person (such as a certified public accountant, public accountant, league auditor, credit union auditor consultant, retired financial institutions examiner, etc.) in accordance with the procedures prescribed in NCUA's Supervisory Committee Guide. Qualified persons who are not State-licensed cannot provide assurance services under this subsection.

      [[Page 41039]]

      Sec. 715.8 Requirements for verification of accounts and passbooks.

      (a) Verification obligation. The Supervisory Committee shall, at least once every two years, cause the passbooks (including any book, statements of account, or other record approved by the NCUA Board) and accounts of the members to be verified against the records of the treasurer of the credit union.

      (b) Methods. Any of the following methods may be used to verify members' passbooks and accounts, as appropriate:

      (1) Controlled verification. A controlled verification of 100 percent of members' share and loan accounts;

      (2) Statistical method. A sampling method which provides for:

      (i) Random selection:

      (ii) A sample which is representative of the population from which it was selected;

      (iii) An equal chance of selecting each dollar in the population;

      (iv) Sufficient accounts in both number and scope on which to base conclusions concerning management's financial reporting objectives; and

      (v) Additional procedures to be performed if evidence provided by confirmations alone is not sufficient.

      (3) Non-statistical method. When the verification is performed by an Independent person licensed by the State or jurisdiction in which the credit union is principally located, the auditor may choose among the sampling methods set forth in paragraphs (b)(1) and (2) of this section and non-statistical sampling methods consistent with GAAS if such methods provide for:

      (i) Sufficient accounts in both number and scope on which to base conclusions concerning management's financial reporting objectives to provide assurance that the General Ledger accounts are fairly stated in relation to the financial statements taken as a whole;

      (ii) Additional procedures to be performed by the auditor if evidence provided by confirmations alone is not sufficient; and

      (iii) Documentation of the sampling procedures used and of their consistency with GAAS (to be provided to the NCUA Board upon request).

      (c) Retention of records. The supervisory committee must retain the records of each verification of members' passbooks and accounts until it completes the next verification of members' passbooks and accounts.

      Sec. 715.9 Assistance from outside, compensated person.

      (a) Unrelated to officials. A compensated auditor who performs a Supervisory Committee audit on behalf of a credit union shall not be related by blood or marriage to any management employee, member of either the board of directors, the Supervisory Committee or the credit committee, or loan officer of that credit union.

      (b) Engagement letter. The engagement of a compensated auditor to perform all or a portion of the scope of a financial statement audit or supervisory committee audit shall be evidenced by an engagement letter. In all cases, the engagement must be contracted directly with the Supervisory Committee. The engagement letter must be signed by the compensated auditor and acknowledged therein by the Supervisory Committee prior to commencement of the engagement.

      (c) Contents of letter. The engagement letter shall:

      (1) Specify the terms, conditions, and objectives of the engagement;

      (2) Identify the basis of accounting to be used;

      (3) If a Supervisory Committee Guide audit, include an appendix setting forth the procedures to be performed;

      (4) Specify the rate of, or total, compensation to be paid for the audit;

      (5) Provide that the auditor shall, upon completion of the engagement, deliver to the Supervisory Committee a written report of the audit and notice in writing, either within the report or communicated separately, of any internal control reportable conditions and/or irregularities or illegal acts, if any, which come to the auditor's attention during the normal course of the audit (i.e., no notice required if none noted);

      (6) Specify a target date of delivery of the written reports, such target date not to exceed 120 days from date of calendar or fiscal year-end under audit (period covered), unless the supervisory committee obtains a waiver from the supervising NCUA Regional Director;

      (7) Certify that NCUA staff and/or the State credit union supervisor, or designated representatives of each, will be provided unconditional access to the complete set of original working papers, either at the offices of the credit union or at a mutually agreed upon location, for purposes of inspection; and

      (8) Acknowledge that working papers shall be retained for a minimum of three years from the date of the written audit report.

      (d) Complete scope. If the engagement is to perform a Supervisory Committee Guide audit intended to fully meet the requirements of Sec. 715.7(c), the engagement letter shall certify that the audit will address the complete scope of that engagement;

      (e) Exclusions from scope. If the engagement is to perform a Supervisory Committee Guide audit which will exclude any item required by the applicable section, the engagement letter shall:

      (1) Identify the excluded items;

      (2) State that, because of the exclusion(s), the resulting audit will not, by itself, fulfill the scope of a supervisory committee audit; and

      (3) Caution that the supervisory committee will remain responsible for fulfilling the scope of a supervisory committee audit with respect to the excluded items.

      Sec. 715.10 Audit report and working paper maintenance and access.

      (a) Audit report. Upon completion and/or receipt of the written report of a financial statement audit or a supervisory committee audit, the Supervisory Committee must verify that the audit was performed and reported in accordance with the terms of the engagement letter prescribed herein. The Supervisory Committee must submit the report(s) to the board of directors, and provide a summary of the results of the audit to the members of the credit union orally or in writing at the next annual meeting of the credit union. If a member so requests, the Supervisory Committee shall provide the member access to the full audit report. If the National Credit Union Administration (``NCUA'') so requests, the Supervisory Committee shall provide NCUA a copy of each of the audit reports it receives or produces.

      (b) Working papers. The supervisory committee shall be responsible for preparing and maintaining, or making available, a complete set of original working papers supporting each supervisory committee audit. The supervisory committee shall, upon request, provide NCUA staff unconditional access to such working papers, either at the offices of the credit union or at a mutually agreeable location, for purposes of inspecting such working papers.

      Sec. 715.11 Sanctions for failure to comply with this part.

      (a) Sanctions. Failure of a supervisory committee and/or its independent compensated auditor or other person to comply with the requirements of this section, or the terms of an engagement letter required by this section, is grounds for:

      (1) The regional director to reject the supervisory committee audit and provide a reasonable opportunity to correct deficiencies;

      (2) The regional director to impose the remedies available in Sec. 715.12, provided

      [[Page 41040]]

      any of the conditions specified therein is present; and

      (3) The NCUA Board to seek formal administrative sanctions against the supervisory committee and/or its independent, compensated auditor pursuant to section 206(r) of the Federal Credit Union Act, 12 U.S.C. 1786(r).

      (b) State Charters. In the case of a federally-insured state chartered credit union, NCUA shall provide the state regulator an opportunity to timely impose a remedy satisfactory to NCUA before exercising it authority under Sec. 741.202 of this chapter to impose a sanction permitted under paragraph (a) of this section.

      Sec. 715.12 Statutory audit remedies for Federal credit unions.

      (a) Audit by alternative licensed person. The NCUA Board may compel a federal credit union to obtain a supervisory committee audit which meets the minimum requirements of Sec. 715.5 or Sec. 715.7, and which is performed by an independent person who is licensed by the State or jurisdiction in which the credit union is principally located, for any fiscal year in which any of the following three conditions is present:

      (1) The Supervisory Committee has not obtained an annual financial statement audit or performed a supervisory committee audit; or

      (2) The Supervisory Committee has obtained a financial statement audit or performed a supervisory committee audit which does not meet the requirements of part 715 including those in Sec. 715.8.

      (3) The credit union has experienced serious and persistent recordkeeping deficiencies as defined in paragraph (c) of this section.

      (b) Financial statement audit required. The NCUA Board may compel a federal credit union to obtain a financial statement audit performed in accordance with GAAS by an independent person who is licensed by the State or jurisdiction in which the credit union is principally located (even if such audit is not required by Sec. 715.5), for any fiscal year in which the credit union has experienced serious and persistent recordkeeping deficiencies as defined in paragraph (c) of this section. The objective of a financial statement audit performed under this paragraph is to reconstruct the records of the credit union sufficient to allow an unqualified or, if necessary, a qualified opinion on the credit union's financial statements. An adverse opinion or disclaimer of opinion should be the exception rather than the norm.

      (c) ``Serious and persistent recordkeeping deficiencies.'' A record-keeping deficiency is ``serious'' if the NCUA Board reasonably believes that the board of directors and management of the credit union have not timely met financial reporting objectives and established practices and procedures sufficient to safeguard members' assets. A serious recordkeeping deficiency is ``persistent'' when it continues beyond a usual, expected or reasonable period of time.

      PART 741--REQUIREMENTS FOR INSURANCE

    4. The authority citation for part 741 continues to read as follows:

      Authority: 12 U.S.C. 1757, 1766, and 1781-1790. Section 741.4 is also authorized by 31 U.S.C. 3717.

      Sec. 741.3 [Amended]

    5. Section 741.3 is amended to change both the phrase ``Investment Valuation Reserve Account'' and the phrase ``Investment Valuation Reserve'' in paragraph (a)(3) to ``Appropriation for Non-conforming Investments''.

    6. Section 741.6 is amended to change the phrase in paragraph (a) from ``before January 31 and on or before July 31'' to ``before January 22 and on or before July 22''; and to redesignate paragraph (b) as paragraph (d) and to add paragraphs (b) and (c) to read as follows:

      Sec. 741.6 Financial and statistical and other reports.

      * * * * *

      (b) Consistency with GAAP. The accounts of financial statements and reports required to be filedquarterly or semiannually under paragraph (a) of this section must reflect GAAP if the credit union has total assets of $10 million or greater, but may reflect regulatory accounting principles other than GAAP if the credit union has total assets of less than $10 million (except that a Federally-insured State-chartered credit union may be required by its state credit union supervisor to follow GAAP regardless of asset size).

      (c) GAAP sources. GAAP means generally accepted accounting principles, as defined in Sec. 715.2(e) of this chapter. GAAP is distinct from GAAS, which means generally accepted auditing standards, as defined in Sec. 715.2(f) of this chapter. Authoritative sources of GAAP include, but are not limited to, pronouncements of the Financial Accounting Standards Board (FASB) and its predecessor organizations, the Accounting Standards Executive Committee (AcSEC) of the American Institute of Certified Public Accountants (AICPA), the FASB's Emerging Issues Task Force (EITF), and the applicable AICPA Audit and Accounting Guide. * * * * *

      Sec. 741.202 [Amended]

    7. Section 741.202 is amended to change: the references in paragraph (a) from ``requirements set forth in Secs. 701.12 and 701.13'' to ``applicable requirements set forth in part 715''; to add at the ending of paragraph (a) after ``of this chapter'' the phrase ``or applicable state law, whichever requirement is more stringent.''; and to change references in paragraph (b) from ``Secs. 701.12(e) and 701.13'' to ``Sec. 715.8''.

      [FR Doc. 99-19254Filed7-28-99; 8:45 am]

      BILLING CODE 7535-01-U

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT