Pub. 1 2013 Issue 2

www.uba.org 12 COMPLIANCE CORNER IS YOUR AUDITOR PARTICIPATING IN WRITING OF POLICIES AND PROCEDURES? IF SO, THEY MAY BE DETERMINED TO NOT BE INDEPENDENT By Darlia Fogarty, Director of Compliance, Compliance Alliance, Inc. T here are two important aspects to inde- pendence that must be distinguished from one another: independence in fact (real independence) and independence in appear- ance (perceived independence). Both aspects are essential to achieve the goals of independence. Real independence refers to the actual independence of the auditor, also known as independence of mind. More specifically, real inde- pendence concerns the state of mind of an auditor and how the auditor reacts and deals with a specific situation. An auditor, who is in fact independent, has the ability to make independent decisions even if there is a perceived lack of independence present or if the auditor is placed in a compromising posi- tion by company directors. Many difficulties lie in determining whether an auditor is truly indepen- dent, since it is impossible to observe and measure a person’s mental attitude and personal integrity. Similarly, an auditor’s objectivity must be beyond question, but how can this be guaranteed and measured? This is why perceived independence is of great importance. It is essential that the auditor not only acts independently, but also appears independent as well. If an auditor is in fact independent, but one or more factors suggest otherwise, this could potentially lead to the conclusion that the audit report does not represent a true and fair view. Independence in appearances also reduces the opportunity for an auditor to act otherwise than independently, which subsequently adds credibility to the audit report. There are a wide range of opinions regarding the difference between auditing and consulting. The majority agree that compliance review and risk assessment objectives are strongly associated with auditing, while implementing policies and proce- dures are strongly associated with consulting. However, a significant majority believe that the identification of critical issues and recommenda- tions to solve problems were a mix of auditing and consulting combined. In an effort to make certain there is no confusion between these two very different functions, we have identified a set of activities that are considered “Best Practice” for the two fields: CONSULTING ACTIVITIES: 1. Focus on daily activities and future events (procedures for daily functions and policies for future) 2. Address the implementation of activities 3. Initiated by departmental needs 4. Primary client is department manager 5. Involves staff throughout the organization 6. Yields a product (policies, procedures, tools) rather than an audit report AUDITS ACTIVITIES: 1. Focused on past or historical events (specific point in time; i.e. “as of date” for audit or exam) 2. Address compliance issues and business risks 3. Initiated by audit committee or boardof directors 4. Primary client is audit committee/senior manager 5. Conducted exclusively by members of third party audit firm or internal audit department 6. Yields an audit report with findings and recommendation used by senior managers to address how well the organization is adhering to policies and legal requirements, as well as to begin the development of a product (i.e., a policy, procedure, tool) to guide the organiza- tion with compliance for requirements of the policy or procedure. In regulatory opinion, as stated in several exam findings, allowing the audit personnel to perform traditional consulting activities (policy or proce- dure development) gives the bank a “false” sense  Compliance Corner — continued on page 14 In response to the plea for help from banks across the Commonwealth and the Nation, Compliance Alli- ance was formed to increase the effectiveness of banks’ compliance programs and to facilitate broad industry initiatives directedat address- ing a variety of compliance functions for member banks and concerns of common interest. The primary goal of Compliance Alliance is to provide quality compliance services and allow more hours for the bank’s com- pliance personnel to focus on strategic bank-specific functions. In each edition, Utah Banker will provide a short article from the Compliance Alliance.