Four internal audit considerations for FDICIA compliance at $1 billion

The Federal Deposit Insurance Corporation Improvement Act (FDICIA) was signed into law in 1991 and raised the compliance bar for banks at both the $500 million and $1 billion thresholds. Though compliance requirements were already known to be stringent, institutions over the $1 billion threshold are now subject to even more rigorous audit requirements under Statement of Auditing Standards (SAS) No. 130.

Although the compliance threshold is high, many institutions procrastinate when it comes to preparing for FDICIA compliance.

Those that fail to consider the realistic volume of work necessary to satisfy requirements at the $1 billion threshold could find themselves rushing internal audits prior to the deadline — and risking noncompliance.

Learn how your organization can prepare in advance of deadlines, which could result in time and cost-saving measures.

Crucial planning

When an organization faces the challenge of FDICIA compliance requirements, it’s never too soon to start planning.

These time-consuming processes include financial statement mapping, organization-wide risk assessment, and business segment identification.  They require coordination from beginning to end, with total buy-in from all business units and levels within the organization.

Additional time must also be devoted to mapping risks associated with information technology.  Applications, operating systems, and database types should be assessed across the organization with risks documented for each significant account or business process.

Realistic timelines should be established well in advance and remain flexible as the project unfolds. Delays are almost certain to occur as controls are assessed, examined, and tested — often for the first time.

Budgets should also remain cautiously flexible. Remediation testing for control failures isn’t known until the final phases of testing and can increase both time and costs.

Establish key controls

The process of identifying the key controls of an organization involves extensive analysis across systems and processes within the organization as a whole, and should be performed by qualified and experienced individuals.

It involves reviewing all business segments for the purpose of identifying and distinguishing between: