[Federal Register Volume 60, Number 212 (Thursday, November 2, 1995)]
[Proposed Rules]
[Pages 55663-55668]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 95-27045]



 ========================================================================
 Proposed Rules
                                                 Federal Register
 ________________________________________________________________________
 
 This section of the FEDERAL REGISTER contains notices to the public of 
 the proposed issuance of rules and regulations. The purpose of these 
 notices is to give interested persons an opportunity to participate in 
 the rule making prior to the adoption of the final rules.
 
 ========================================================================
 

  Federal Register / Vol. 60, No. 212 / Thursday, November 2, 1995 / 
Proposed Rules  

[[Page 55663]]


NATIONAL CREDIT UNION ADMINISTRATION

12 CFR Part 701


Supervisory Committee Audits and Verifications

AGENCY: National Credit Union Administration (NCUA).

ACTION: Proposed rule.

------------------------------------------------------------------------
---

SUMMARY: The National Credit Union Administration (NCUA) is proposing 
to amend its regulations governing credit union supervisory committee 
audits and verifications. The NCUA Board is proposing to amend the 
regulations to clarify existing audit scope; expand audit scope and 
reporting requirements in certain areas; clarify existing working paper 
access requirements and strengthen administrative remedies for denial 
of access; require a comprehensive engagement letter setting forth 
minimum contracting terms and conditions; and add relevant definitions 
of accounting/auditing terms used throughout the regulation.

DATES: Comments must be received on or before January 2, 1996.

ADDRESSES: Send comments to Becky Baker, Secretary of the Board, 
National Credit Union Administration Board, 1775 Duke Street, 
Alexandria, VA 22314-3428.

FOR FURTHER INFORMATION CONTACT: Karen Kelbly, Accounting Officer, 
Office of Examination and Insurance (703) 518-6360, or Michael McKenna, 
Attorney, Office of General Counsel (703) 518-6540, at the above 
address.

SUPPLEMENTARY INFORMATION:

Background

    On March 25, 1993, the NCUA Board issued for public comment a 
proposed amendment to the ``then'' supervisory committee audit and 
verification requirements. Two hundred two comment letters were 
received over a 60-day comment period which ended June 7, 1993. Thirty-
one commenters gave their full support of the amendment as written; 
fifty-three commenters offered mixed support; and one hundred eighteen 
commenters opposed the amendment.
    In their final amendment, the NCUA Board changed the regulations 
governing supervisory committee audits and verification to: (1) Add a 
nonstatistical sampling option for independent, licensed, certified 
public accountants in the verification of members' accounts consistent 
with applicable generally accepted auditing standards (GAAS); and (2) 
change applicable sections of the ``then'' regulation to more properly 
reflect accounting/auditing terms of art without otherwise changing the 
intent of the regulation. Dropped from consideration in the final 
amendment were the proposed amendments to require independent annual 
audits (opinion audits) for federally insured credit unions with assets 
exceeding $50 million, and to require that the supervisory committee 
and/or its auditors provide NCUA the option to photocopy working papers 
supporting the audit.
    Since July 1993 when Sec. 701.12 was last amended, NCUA has had 
continued concerns about the scope of the supervisory committee audit. 
Many of these concerns are outlined in specific detail below. Rather 
than again proposing an amendment for an opinion audit requirement, 
which many commenters soundly rejected in their comment letters on the 
last proposed amendment, the Board wishes to solicit views on a 
proposed revision to the current regulation which expands audit scope 
without requiring an opinion audit. This proposal is an opportunity to 
consider a middle ground approach, with the goal of building a 
consensus that both the regulated and the regulator would find 
agreeable.
    Currently, Sec. 701.12, 12 C.F.R. 701.12, sets forth the 
supervisory committee's responsibility in meeting the audit and 
verification requirements of section 115 of the Federal Credit Union 
Act, 12 U.S.C. 1761d. A supervisory committee audit is required at 
least once every calendar year covering the period since the last 
audit. The scope of the audit must be sufficient, at a minimum, to test 
the federal credit union's assets, liabilities, equity, income, and 
expenses for existence, proper cut off, valuations, ownership, 
disclosures and classification, and internal controls (current 
Sec. 701.12(b)). A written report on the audit must be made to the 
board of directors and, if requested, NCUA (current Sec. 701.12(c)). 
Working papers must be maintained and made available to NCUA (current 
Sec. 701.12(c)). Independence requirements must be met (current 
Sec. 701.12(d)); standards governing verifications--100 percent 
verification or statistical sampling--are set forth (current 
Sec. 701.12(e)). Section 741.2 makes these requirements applicable to 
federally insured state-chartered credit unions.
    The proposed regulation will address practical enforcement problems 
in the existing regulation, some of which have arisen through the 
examination process as a matter of course and others of which have 
arisen in litigation and in negotiating settlements. The proposed 
changes in audit scope represent increased requirements which the Board 
believes have grown out of necessity. The scope changes are more 
specific and are aimed at eliminating vagueness regarding the audit 
scope required, in certain targeted risk areas, to meet the provisions 
of this regulation. The vagueness of audit scope has been the subject 
of complaints from both the regulated and the regulator/insurer.
    The majority of added requirements are not applicable to credit 
unions which do not employ a compensated auditor. If the supervisory 
committee or an uncompensated designated representative will be 
performing the supervisory committee audit as described in 
Sec. 701.12(4)(iv), the following portions of the proposed regulation 
do not apply to the supervisory committee audit: Sec. 701.12(c)(3) 
[increased scope requirements in designated areas]; 
Sec. 701.12(4)(i)(A)-(C) [opinion audits and agreed-upon-procedures in 
relation to compensated auditors]; and Sec. 701.12(d) [engagement 
letter requirements].

Proposed Regulation

    Added to the first part of proposed Sec. 701.12(a) is a set of 
definitions for terms used in the regulation. Many of these terms, 
while familiar to accounting/auditing professionals, may be less well 
known to supervisory committee volunteers. For example, the definition 
of ``audit'' is intended to closely follow the language in AICPA, 
Professional Standards, volume 1, AU 

[[Page 55664]]
section 110.01; the definition of ``independence'' is intended to be 
consistent with Rule 101 of the AICPA Code of Professional Conduct; the 
definition of ``related party transactions'' is intended to be 
consistent with FASB Statement No. 57; and the definition of ``internal 
control reportable conditions'' is intended to be consistent with 
Statement of Auditing Standard (SAS) No. 60, Communication of Internal 
Control Structure Related Matters Noted in an Audit (AICPA, 
Professional Standards, volume 1, AU section 325).
    Additionally, as concerns ``independence,'' the auditor must be 
intellectually honest and be recognized as independent, i.e., free from 
any material obligation to or interest in the credit union or its 
officials. The independent auditor must enjoy the confidence of the 
general public. Such confidence may be compromised by evidence that 
independence is lacking, or by the existence of circumstances which 
reasonable people might believe likely to influence independence. The 
definition of ``related party transactions'' uses as examples of senior 
management the chief executive officer (CEO), president, treasurer/
manager, assistant CEO, and the chief financial officer (Comptroller) 
of a credit union, and their families, etc. However, this is not 
intended to be an all inclusive list of related parties.
    The proposed definitions rely on accepted supplemental references, 
e.g., a reference for the definition of ``generally accepted accounting 
principles'' is SAS No. 69, The Meaning of ``Present Fairly in 
Conformity With Generally Accepted Accounting Principles'' in the 
Independent Auditor's Report which establishes a GAAP hierarchy (GAAP 
serves to provide a standard by which to measure financial statement 
presentations); a reference for the definition of ``internal controls'' 
is Internal Control--Integrated Framework, published by the Committee 
of Sponsoring Organizations of the Treadway Commission; and a reference 
for the definition of ``illegal acts'' is SAS No. 54, Illegal Acts By 
Clients, (AICPA, Professional Standards, volume 1 AU section 317). The 
definitions section was added to elucidate terms used in the 
regulation. The NCUA Board seeks comments as to whether the definitions 
clarify the regulation. The NCUA Board also is interested to learn of 
any additional terms which should be defined in the regulation.
    Subsections 701.12(b)(1), (b)(2), and (c)(1), (c)(2) of the 
proposed regulation represent a reordering of the existing regulatory 
provisions with minor changes in language which are intended not to 
change, but to clarify, the existing regulation's meaning or 
provisions. However, the supervisory committee is expected to conduct 
such further tests and reviews as may, in the committee's judgment, be 
necessary to meet its responsibilities. Additionally, the changes 
incorporate in part enhancements suggested by the American Institute of 
Certified Public Accountants, Credit Unions Committee (``the AICPA 
Committee''). The AICPA Committee reviewed the proposed regulation for 
technical accuracy of usage of accounting/auditing technical terms and 
concepts. NCUA is grateful to the AICPA Committee for its advice during 
the drafting of the proposed regulation.
    The audit scope changes added to Sec. 701.12(c)(3) expand the 
required audit scope when a supervisory committee employs the services 
of a compensated auditor. The additional requirements are not intended 
to discourage a credit union from hiring a compensated auditor, but are 
intended to achieve a more definitive audit scope in targeted areas, 
which experience indicates are of higher risk in credit unions. The 
AICPA audit guide, Audits of Credit Unions, prepared by the AICPA 
Credit Unions Committee, is a proper reference for the auditor in 
making judgments, based on the facts and circumstances of the 
engagement, as to what procedures to perform to obtain sufficient, 
competent evidential matter to afford a reasonable basis for 
conclusions regarding the financial statements under audit. The NCUA 
Board believes the expanded scope will provide those credit unions 
having the resources to employ a compensated auditor with an enhanced 
audit product that meets the applicable GAAS requirements of an opinion 
audit in the following areas: internal controls; cash; loans and 
interest thereon; investments and interest thereon; shares and 
dividends and/or interest thereon; related party transactions; and the 
detection and reporting of errors and irregularities. NCUA believes 
this increased scope requirement not only will give the credit union a 
greater return on the dollars invested in the audit, but will result in 
a more useful audit report for the examiner, whether regulator or 
insurer.
    The more definitive audit scope is designed to address and to 
reduce confusion which occurs when the supervisory committee and the 
compensated auditor agree that the audit engagement will consist of 
less than the full scope of a supervisory committee audit as prescribed 
in 701.12 (b) and (c). Experience indicates that supervisory committees 
often do not realize that, due to the compensated auditor's exclusion 
of scope provisions (e.g., evaluation of the reasonableness of the 
allowance for loan losses, evaluation of securities held, adequacy of 
loan collateral, etc.), the final audit product is not a complete 
supervisory committee audit. Nor do supervisory committees realize that 
in such instances they remain responsible for performing the additional 
audit work needed to ``fill the gaps'' and produce a complete 
supervisory committee audit. The NCUA Board believes that vagueness in 
the existing audit scope provision may have contributed to the 
confusion, and that a more definitive audit scope will end the finger 
pointing between supervisory committees and compensated auditors as to 
who is responsible for the audit scope components excluded from the 
audit engagement.
    To further reduce confusion about responsibility for required scope 
components that are excluded from the audit engagement, the NCUA Board 
has added a requirement in Sec. 701.12 (d)(2) and (d)(3) for the 
engagement letter between the supervisory committee and the compensated 
auditor to address audit scope either by (1) certifying that the 
compensated auditor is to complete the full scope of a supervisory 
committee audit or, alternatively (2) specifying what prescribed 
financial statement elements and/or attributes will be excluded from 
the engagement, and expressly cautioning the supervisory committee that 
it is responsible for fulfilling the scope of the supervisory committee 
audit with respect to the excluded elements and attributes.
    The additions to Sec. 701.12(c)(4) of the proposed regulation set 
forth how the requirements of this part may be satisfied. The 
revisions, like those discussed above, represent minor changes in 
language which are not intended to change the existing regulation's 
meaning or provisions. Instead, the revisions incorporate technical 
improvements suggested by the AICPA Committee. The additional 
requirement that the compensated auditors contract for the audit 
engagement only with the supervisory committee and return the written 
audit report(s) to the supervisory committee clarifies requirements 
contained in the current regulation.
    The NCUA Board had considered including a requirement in the 
proposed regulation's audit scope for certain credit unions to have an 
ongoing internal audit function in the form of 

[[Page 55665]]
either an internal auditor or an internal audit department. Such a 
function would benefit the credit union, the regulator, and the 
insurer. Internal auditors would neither take the place nor diminish 
the role of the supervisory committee in any way. Ideally, the internal 
auditor would be hired by, receive instructions from, and report to, 
the supervisory committee. The work of the internal auditor would 
supplement the mandated role and responsibilities of the supervisory 
committee. Although the NCUA Board has decided against requiring credit 
unions to employ an internal auditor, it encourages credit unions that 
have the resources, to consider the benefits of employing an internal 
auditor (e.g., testing of the effectiveness of internal controls on an 
interim and/or on-going basis; routine and on-going testing for 
material errors and omissions, and irregularities and illegal acts; 
continuous testing of the electronic data processing system for 
reliance thereon; and improving economy and efficiency). Internal 
auditors can play an important role in maintaining strong operational 
and financial management controls. The NCUA Board invites comments as 
to whether it should reconsider mandating an internal audit function 
and, if so, whether such a requirement should be imposed on all or only 
some credit unions, and on what basis., i.e., according to asset size, 
complexity of services, etc.
    The NCUA Board is inclined to add requirements in Sec. 701.12(d) 
for credit unions which employ compensated auditors to memorialize the 
terms and conditions of the engagement in a comprehensive engagement 
letter, which constitutes an enforceable contract between the 
compensated auditor and the supervisory committee. The proposed 
regulation sets forth the minimum requirement of an audit engagement to 
be addressed in such a letter. The majority of items required are 
fairly consistent with standard items included in engagement letters as 
used in current practice: terms and objectives of engagement; nature 
and limitations; identification of the basis of accounting to be used; 
identification of areas excluded from the scope; and an appendix 
setting forth the procedures to be performed (if not an opinion audit). 
Other requirements were added to ensure access by NCUA to a complete 
set of original working papers and delivery of the required report(s) 
to the supervisory committee within a reasonable period of time. The 
NCUA Board seeks comment on any additional areas which should be 
addressed in the engagement letter memorializing the terms and 
conditions of the audit engagement.
    Additional reporting requirements have been added in 
Sec. 701.12(e)(1). Along with the existing requirement for a written 
audit report is a requirement for two additional written reports where 
applicable--a written report of internal control exceptions or 
reportable conditions noted, if any, and a written report of 
irregularities or illegal acts noted during the audit, if any. The 
addition of these two reporting requirements does not necessitate 
additional audit work (i.e., do not require separate engagements to 
report on the credit union's system of internal accounting control or 
its compliance with laws and regulations). These are simply reports of 
information already obtained in the normal course of the supervisory 
committee audit. This requirement corrects the current regulation, 
which does not require such reports to be communicated to either the 
credit union, the regulator, or the insurer.
    A clarifying sentence was added to Sec. 701.12(e)(2) to ensure that 
NCUA access to a complete set of original working papers includes all 
the existing documentation relative to the audit: audit programs, 
working papers documenting conclusions or judgments, supervisory 
reviewer's notes (if any), etc. This is a response to increasing 
instances where NCUA examiners find that information deemed by the 
auditor to be ``proprietary information'' is excluded from the working 
papers. The exclusion of this additional and pertinent documentation 
(e.g., audit programs) impairs NCUA's ability to assess the adequacy of 
the work performed by the auditor to satisfy the requirements of this 
section. Proposed Sec. 701.12(d)(1)(vii) requires the supervisory 
committee to incorporate in the comprehensive engagement letter a 
certification by the outside compensated auditors that a complete set 
of original working papers supporting the audit, including the audit 
program, will be provided upon request for inspection by NCUA.
    Finally, the NCUA Board has added an enforcement mechanism to 
ensure compliance with the requirements of this section and with the 
requirements of the comprehensive engagement letter memorializing the 
audit engagement between the supervisory committee and its compensated 
auditor. In the event of failure to comply, proposed Sec. 701.12(e)(3) 
authorizes the Regional Director, as a first step toward enforcement, 
to reject as deficient the supervisory committee audit and the reports 
thereof. An additional and more severe sanction for failure to comply 
is available under section 206(r) of the FCU Act, 12 U.S.C. 1786(r), 
which authorizes NCUA to seek formal administrative sanctions (e.g., an 
order to cease and desist, or imposition of civil money penalties) 
against the supervisory committee and/or its compensated auditor as 
``institution affiliated parties'' of the credit union.
    Parts of the existing regulation relating to the independence and 
verification of members' accounts were unchanged in substance, although 
redesignated as subsections 701.12 (f) and (g), respectively.
    One change to part 701.13 was made to give recognition to the 
redesignation of old Sec. 701.12(e) to new Sec. 701.12(g).

Regulatory Procedures

Regulatory Flexibility Act

    The Regulatory Flexibility Act requires NCUA to prepare an analysis 
to describe any significant economic impact a proposed regulation may 
have on a substantial number of small credit unions (primarily those 
under $1 million in assets). The NCUA Board has determined and 
certifies that the proposed amendment, if adopted, will not have a 
significant economic impact on a substantial number of small credit 
unions. As to small credit unions, the proposed amendment clarifies 
without imposing additional burden. Accordingly, the NCUA Board 
determines and certifies that this proposed amendment does not have a 
significant economic impact on a substantial number of small credit 
unions and that a Regulatory Flexibility Analysis is not required.

Paperwork Reduction Act

    NCUA has determined that the three requirements: (1) to prepare and 
sign an engagement letter memorializing the terms and conditions of the 
audit engagement in a comprehensive engagement letter, which 
constitutes an enforceable contract between the compensated auditor and 
the supervisory committee; (2) to provide a written report of internal 
control exceptions or reportable conditions noted, if any; and (3) to 
provide a written report of irregularities or illegal acts noted during 
the audit, if any; do constitute a collection of information under the 
Paperwork Reduction Act. The Paperwork Reduction Act of 1995 and 
regulations of the Office of Management and Budget (OMB) require that 
the public be provided an opportunity to comment on information 
collection requirements, including an 

[[Page 55666]]
agency's estimate of the burden of the collection of information. NCUA 
estimates that most federal credit unions will be affected by this 
regulation. However, it is the NCUA's view that the time a credit union 
spends developing an enforceable engagement contract and provides in 
writing, known internal control exceptions and reportable conditions, 
if any, and/or irregularities and illegal acts, if any, is necessary to 
the effectiveness of the audit and verification function and thus, the 
safety and soundness of the credit union. The paperwork burden created 
by this rule is the requirement that such actions be put in writing. 
NCUA estimates that it should reasonably take one hour per requirement 
(thus, 1 hour minimum--3 hours maximum) to comply with the three 
requirements, if applicable to a given circumstance. Therefore, 12,000-
36,000 total burden hours are required to comply with the collection 
requirement. For the majority of credit unions, 1 hour would be 
required, or 12,000 total burden hours.
    The NCUA Board invites comment on: (1) whether the collection of 
the information is necessary for the proper performance of the 
functions of NCUA, including whether the information will have 
practical utility; (2) the accuracy of NCUA's estimate of the burden of 
the collection of information; (3) ways to enhance the quality, 
utility, and clarity of the information to be collected; and (4) ways 
to minimize the burden of collection of information. Send comments to 
Attn: Milo Sunderhaug, OMB Reports Management Branch, New Executive 
Office Building, Rm. 10202, Washington, DC 20530.

Executive Order 12612

    Executive Order 12612 requires NCUA to consider the effect of its 
actions on state interests. The proposed amendment will not have a 
substantial direct effect on the states, on the relationship between 
the national government and the states, or on the distribution of 
rights and responsibilities among the various levels of government.

List of Subjects in 12 CFR Part 701

    Credit unions, Reporting and recordkeeping requirements.

    By the National Credit Union Administration Board on October 19, 
1995.
James Engel,
Acting Secretary of the Board.

    Accordingly, it is proposed that 12 CFR, part 701 be amended to 
read as set forth below:

PART 701--[AMENDED]

    1. The authority citation for Part 701 continues to read as 
follows:

    Authority: 12 U.S.C. 1752(5), 1755, 1756, 1757, 1759, 1761a, 
1761b, 1766, 1767, 1782, 1784, 1787, 1789, 1798 and Public Law 101-
73. Section 701.6 is also authorized by 31 U.S.C. 3717. Section 
701.31 is also authorized by 15 U.S.C. 1601, et seq., 42 U.S.C. 1981 
and 42 U.S.C. 3601-3610.

    2. Section 701.12 is amended by redesignating paragraphs (d) and 
(e) as paragraphs (f) and (g), by revising paragraphs (a) through (c), 
and by adding new paragraphs (d) and (e) to read as follows:


Sec. 701.12  Supervisory committee audits and verifications.

    (a) Definitions. As used in this chapter:
    (1) Agreed-upon procedures means the performance by an independent, 
licensed certified public accountant of an engagement in which the 
scope is limited to applying specified agreed-upon procedures to one or 
more specified elements, accounts, or items of a financial statement. 
Such procedures are insufficient to express an opinion regarding either 
the financial statements taken as a whole, or the specified elements, 
accounts, or items.
    (2) Applicable generally accepted auditing standards (GAAS) means 
generally accepted auditing standards to the extent applicable in the 
circumstances. The second general standard of GAAS relating to 
independence and the four standards relating to reporting are not 
applicable to a compensated auditor who is not an ``independent, 
licensed, certified public accountant'' as defined in paragraph (a)(9) 
of this section; all other requirements of GAAS would apply to such an 
auditor.
    (3) Audit or Opinion audit means an examination of the financial 
statements performed by an independent, licensed, certified public 
accountant in accordance with generally accepted auditing standards. 
The objective of an ``audit'' or ``opinion audit'' is to express an 
opinion as to whether those financial statements present fairly, in all 
material respects, the financial position and the results of its 
operations and its cash flows in conformity with generally accepted 
accounting principles or an ``other comprehensive basis of 
accounting,'' as defined in paragraph (a)(11) of this section.
    (4) Compensated auditor means any accounting/auditing professional 
who is compensated for performing the supervisory committee audit and/
or verification services.
    (5) Financial statements means a presentation of financial data, 
including accompanying notes, derived from accounting records of the 
credit union, and intended to disclose a credit union's economic 
resources or obligations at a point in time, or the changes therein for 
a period of time, in conformity with generally accepted accounting 
principles (GAAP) or an ``other comprehensive basis of accounting,'' as 
defined in paragraph (a)(11) of this section. Each of the following is 
considered to be a financial statement: a balance sheet or statement of 
financial condition; statement of income or statement of operations; 
statement of retained earnings; statement of cash flows; statement of 
changes in owners' equity; statement of assets and liabilities that 
does not include owners' equity accounts; statement of revenue and 
expenses; summary of operations; and statement of cash receipts and 
disbursements.
    (6) Generally accepted accounting principles (GAAP) means the 
conventions, rules, and procedures which define accepted accounting 
practice. GAAP includes both broad general guidelines and detailed 
practices and procedures, provides a standard by which to measure 
financial statement presentations, and encompasses not only accounting 
principles and practices but also the methods of applying them.
    (7) Generally accepted auditing standards (GAAS) means the 
standards approved and adopted by the American Institute of Certified 
Public Accountants which apply when an ``independent, licensed 
certified public accountant'' audits financial statements. Auditing 
standards differ from auditing procedures in that ``procedures'' 
address acts to be performed, whereas ``standards'' measure the quality 
of the performance of those acts and the objectives to be achieved by 
use of the procedures undertaken. In addition, auditing standards 
address the auditor's professional qualifications as well as the 
judgment exercised in performing the audit and in preparing the report 
of the audit. Copies of GAAS may be obtained from Harcourt Brace & Co., 
6277 Sea Harbor Drive, Orlando, FL 32887.
    (8) Independence and Independent means to be without bias with 
respect to the credit union so as to maintain the impartiality 
necessary for the reliability of the compensated auditor's findings. 
Independence requires the exercise of fairness toward credit union 
management, members, creditors and others who may rely upon the 
independent, compensated auditor's 

[[Page 55667]]
report. Auditors must be independent in fact and in appearance.
    (9) Independent, licensed, certified public accountant means an 
individual who has passed the Uniform Certified Public Accounting 
Examination, is licensed by a state board of accountancy to practice 
accounting/auditing, and is independent as defined in paragraph (a)(8) 
of this section.
    (10) Internal controls means the process, established by the credit 
union's board of directors, officers and employees, designed to provide 
reasonable assurance of reliable financial reporting and safeguarding 
of assets against unauthorized acquisition, use, or disposition. A 
credit union's internal control structure consists of five components: 
control environment; risk assessment; control activities; information 
and communication; and monitoring. Reliable financial reporting refers 
to preparation of financial statements that ``present fairly'' the 
financial position and results of its operations and its cash flows, in 
conformity with GAAP or an ``other comprehensive basis of accounting,'' 
as defined in paragraph (a)(11) of this section. Internal control over 
safeguarding of assets against unauthorized acquisition, use, or 
disposition refers to prevention or timely detection of transactions 
involving such unauthorized access, use, or disposition of assets which 
could result in a loss which is material to the financial statements. -
-
    (11) Other comprehensive basis of accounting means a comprehensive 
basis of accounting or definite set of criteria, other than GAAP, 
having substantial support. In this case the ``other comprehensive 
basis of accounting'' is limited to applicable regulatory accounting 
practices (RAP), i.e., that basis of accounting which has the 
substantial support of NCUA or the state supervisor, when applicable.
    (12) Related party transactions means transactions among or between 
parties where one party controls or can significantly influence the 
management or operating policies of the other so as to prevent the 
other party from pursuing exclusively its own interests. Examples of 
related parties include: credit union members and their families, and 
credit union officials and their families. Examples of ``related party 
transactions'' include: interest-free loans or loans at below market 
rates; sale of real estate significantly below appraised value; 
nonmonetary exchange of property; and making of loans lacking scheduled 
terms for repayment.
    (13) Reportable Conditions means a matter coming to the compensated 
auditor's attention that, in his or her judgment, represents a 
significant deficiency in the design or operation of the internal 
control structure of the credit union, which could adversely affect its 
ability to record, process, summarize, and report financial data 
consistent with the representations of management in the financial 
statements.
    (14) Substantive testing means testing of details and analytical 
procedures to detect material misstatements in the account balance, 
transaction class, and disclosure components of financial statements.
    (15) Supervisory committee means a supervisory committee as defined 
in Section 111(b) of the Federal Credit Union Act, 12 U.S.C. 1761(b). 
For some federally-insured state chartered credit unions, the ``audit 
committee'' designated by state statute or regulation is the equivalent 
of a supervisory committee.
    (16) Supervisory committee audit means an examination of the credit 
union's financial statements in accordance with applicable GAAS, which 
is performed by the supervisory committee or its designated 
representative as prescribed in paragraph (c)(4) of this section. An 
audit as defined in paragraph (a)(3) of this section satisfies the 
definition of a ``supervisory committee audit.''
    (17) Working papers means the principal record, in any form, of the 
work performed by the auditor and/or supervisory committee to support 
its findings and/or conclusions concerning significant matters. 
Examples include the written record of procedures applied, tests 
performed, information obtained, and pertinent conclusions reached in 
the engagement, audit programs, analyses, memoranda, letters of 
confirmation and representation, abstracts of credit union documents, 
reviewer's notes, if retained, and schedules or commentaries prepared 
or obtained by the independent, compensated auditor.
    (b) Supervisory committee responsibilities. (1) The supervisory 
committee is responsible for ensuring that:
    (i) The credit union's financial statements, taken as a whole, 
fairly present, in all material respects, the financial position, the 
results of its operations and its cash flows, in conformity with GAAP 
or an ``other comprehensive basis of accounting,'' although this 
requirement should not be interpreted to necessarily require an opinion 
audit.
    (ii) The credit union's management practices and procedures are 
sufficient to safeguard members' assets.
    (2)(i) To satisfy the requirements of paragraph (b)(1) of this 
section, the supervisory committee shall determine whether:
    (A) Internal controls are established and effectively maintained to 
achieve the credit union's financial reporting objectives which, at a 
minimum, must support the satisfaction of the requirements of 
paragraphs (b) and (c) of this section;
    (B) The credit union's accounting records and financial reports are 
promptly prepared and accurately reflect operations and results;
    (C) The plans, policies, and control procedures established by the 
board of directors are properly administered; and
    (D) Policies and control procedures are sufficient to safeguard 
against error, carelessness, conflict of interest, self-dealing and 
fraud.
    (ii) The audit and verification of members' accounts, as mandated 
in Section 115 of the Federal Credit Union Act, 12 U.S.C. 1761d, are 
the minimum requirements for satisfying this paragraph (b).
    (c) Supervisory committee audit. (1) A supervisory committee audit 
of each Federal credit union's financial statements shall occur at 
least once every calendar year and shall cover the period elapsed since 
the last audit. The supervisory committee audit shall be made by the 
supervisory committee or its designated representative, as described in 
paragraph (c)(4) of this section, using applicable GAAS.
    (2) The scope of the supervisory committee audit shall include:
    (i) Gaining an understanding of the internal control structure;
    (ii) Assessing the level of control risk; and
    (iii) Based on paragraph (c)(2)(ii) of this section, determining 
the nature, timing, and extent of substantive testing necessary to 
confirm the assertions made by management, in the financial statements, 
regarding each of assets, liabilities, equity, income, and expenses for 
the following attributes:
    (A) Existence or occurrence;
    (B) Completeness;
    (C) Valuation or allocation;
    (D) Rights and obligations; and
    (E) Presentation and disclosures.
    (3) For the compensated auditor, audit testing of the following 
areas must satisfy applicable GAAS for expressing an opinion on the 
financial statements taken as a whole: internal controls, cash, loans 
and interest thereon, investments and interest thereon, shares and 
dividends and/or interest thereon, related party transactions, and the 
detection and reporting of errors and irregularities with regard to 
each of these areas.

[[Page 55668]]

    (4)(i) The requirements of the annual supervisory committee audit 
may be satisfied by one or more of the following:
    (A) An audit of the credit union's financial statements performed 
by an independent, licensed, certified public accountant in accordance 
with GAAS;
    (B) An ``agreed-upon procedures engagement'' performed by an 
independent, licensed, certified public accountant in accordance with 
applicable GAAS, which by itself or in combination with procedures 
performed by the supervisory committee, fulfills the required scope of 
the supervisory committee audit;
    (C) A supervisory committee audit performed by an independent, 
compensated auditor other than an independent, licensed, certified 
public accountant in accordance with applicable GAAS, which by itself 
or in combination with procedures performed by the supervisory 
committee, fulfills the scope of a supervisory committee audit; or
    (D) A supervisory committee audit by the supervisory committee or 
its designated, uncompensated representative, performed in accordance 
with applicable GAAS.
    (ii) In all cases, an independent, compensated auditor is required 
to contract directly with the supervisory committee for the audit 
engagement and to deliver its written reports directly to the 
supervisory committee.
    (d) Engagement letter. (1) The engagement of a compensated auditor 
to perform all or part of the scope of a supervisory committee audit 
shall be evidenced by an engagement letter. The engagement letter shall 
be signed by the compensated auditor and acknowledged therein by the 
supervisory committee prior to commencement of a supervisory committee 
audit. The engagement letter shall:
    (i) Specify the terms, conditions, and objectives of engagement;
    (ii) Identify the basis of accounting to be used, e.g., GAAP or an 
``other comprehensive basis'' as defined in paragraph (a)(11) of this 
section;
    (iii) Include an appendix setting forth the procedures to be 
performed (if not an opinion audit);
    (iv) Specify the compensation to be paid for audit;
    (v) Provide that the auditor shall, upon completion of the 
engagement, deliver to the supervisory committee written reports. All 
such reports may be based on work performed during the normal course of 
the audit; separate engagements are not required to report on the 
credit union's system of internal accounting control or its compliance 
with laws and regulations. The written reports shall consist of:
    (A) The supervisory committee audit;
    (B) Any internal control exceptions or reportable conditions noted 
in the internal control review phase of the audit; and
    (C) Any irregularities or illegal acts noted during the audit;
    (vi) Specify a date of delivery of the written reports required by 
paragraph (d)(1)(v) of this section; and
    (vii) In the case of a compensated auditor, certify that NCUA staff 
or its designated representative will be provided unconditional access 
to a complete set of original working papers, as defined in paragraph 
(a)(17) of this section, either at the credit union or at a mutually 
agreeable location.
    (2) In the case of a supervisory committee audit engagement which 
will address all of the financial statement elements and attributes 
prescribed in paragraph (c)(2) of this section, the engagement letter 
shall, in addition to the requirements of paragraph (d)(1) of this 
section, include a certification that the audit is a complete 
supervisory committee audit.
    (3)(i) In the case of a supervisory committee audit engagement 
which will exclude any financial statement elements and attributes 
prescribed in paragraph (c)(2) of this section, the engagement letter 
shall, in addition to requirements of paragraph (d)(1) of this section:
    (A) Specifically identify the elements and attributes excluded from 
the audit;
    (B) State that, because of the exclusion(s), the resulting audit 
will not, in and of itself, fulfill the scope of a supervisory 
committee audit; and
    (C) Caution that the supervisory committee will remain responsible 
for fulfilling the scope of a supervisory committee audit with respect 
to the excluded elements and attributes.
    (ii) A compensated audit fully satisfies the requirements of a 
supervisory committee audit when it meets the requirements of 
paragraphs (b) and (c)(1) of this section and addresses all of the 
financial statement elements and attributes prescribed in paragraphs 
(c)(2) and (c)(3) of this section.
    (e) Audit reports and working paper access. (1) Upon completion or 
receipt of the supervisory committee audit reports prescribed in 
paragraph (d)(1)(v) of this section, the supervisory committee shall 
provide the reports to the board of directors. The supervisory 
committee shall ensure that the compensated auditor and its reports 
comply with the terms of the engagement letter prescribed by paragraph 
(d) of this section. The supervisory committee shall, upon request, 
provide to the National Credit Union Administration a copy of each of 
the written reports received from the auditor.
    (2) The supervisory committee shall be responsible for preparing 
and maintaining, or making available, a complete set of original 
working papers (as defined in paragraph (a)(17) of this section) 
supporting each supervisory committee audit. The supervisory committee 
shall, upon request, provide NCUA staff unconditional access to such 
complete set of original working papers either at the offices of the 
credit union or at a mutually agreeable location.
    (3) Failure of a supervisory committee and/or its compensated 
auditor to comply with the requirements of this section, or the terms 
of an engagement letter required by this section, may be grounds for:
    (i) The Regional Director to reject the supervisory committee 
audit; and
    (ii) The NCUA to seek formal administrative sanctions against the 
supervisory committee and/or its compensated auditor pursuant to 
section 206(r) of the FCU Act, 12 U.S.C. 1786(r).
* * * * *


Sec. 701.13  [Amended]

    3. Section 701.13 is amended in paragraph (a)(2) by revising 
``Sec. 701.12(e)'' to read ``Sec. 701.12(g)''.

[FR Doc. 95-27045 Filed 11-1-95; 8:45 am]
BILLING CODE 7535-01-U