Types of Audits

NCUA regulation § 715.3(c)(2) requires each credit union's supervisory committee to perform or obtain a supervisory committee audit as prescribed in NCUA regulation § 715.4, Audit responsibility of the Supervisory Committee. The type of audit will depend on the credit union's charter type and asset size. Below are the minimum audit standards for credit unions.

Charter Type	Asset Size	Minimum Audit Required to Fulfill Supervisory Committee Audit Responsibility	NCUA Rule Reference
Federal	≥$500M	Financial statement audit per GAAS by an independent person who is licensed by the state or jurisdiction in which the credit union is principally located	§ 715.5, Audit of Federal credit unions
	>$10M to <$500M	Either a financial statement audit per GAAS by an independent person who is licensed by the state or jurisdiction in which the credit union is principally located or a supervisory committee audit
	≤$10M	Supervisory committee audit
State	≥$500M	Financial statement audit per GAAS by an independent person who is licensed by the state or jurisdiction in which the credit union is principally located	§ 715.6, Audit of Federally-insured State-chartered credit unions
	<$500M	Supervisory committee audit unless audit prescribed by State law is more stringent

The minimum audit standards relate to two specific audit types:

• Financial statement (opinion) audit

• Other supervisory committee audit

Financial Statement (Opinion) Audit

A financial statement audit is an objective evaluation and examination of a credit union's balance sheet, income statement, statement of equity and other comprehensive income, and statement of cash flows to make sure the financial records are a fair and accurate representation.

The objective of an independent financial audit is to express an opinion as to whether the credit union’s financial statements are presented fairly, in all material respects, and in accordance with GAAP. Such audits are performed in accordance with GAAS by an independent, state-licensed CPA.

The AICPA establishes standards for thoroughness and independence of CPAs, auditing standards CPAs must follow in connection with their financial statement audits, and standards that govern CPA reports. While not all CPAs are members of the AICPA, all must follow professional standards adopted by their respective state societies or the state agency that issued their license.

For more information about the ethical and professional requirements for CPAs, see the AICPA’s Code of Professional Conduct, together with rules of state boards of accountancy and applicable regulatory agencies.

The objective of a financial statement audit is to express an opinion as to whether a credit union's financial statements present fairly, in all material respects, the financial position and the results of its operations and its cash flows, in conformity with GAAP.

A financial statement audit is the most extensive type of audit, where a CPA performs more detailed testing of all financial statements and disclosures and provides a reasonable assurance that the financial statements are free from material misstatements.

Other Supervisory Committee Audit

For credit unions not required to obtain a financial statement audit, the supervisory committee, its internal auditor, or any other qualified person may perform an other supervisory committee audit to satisfy the annual audit requirement in § 715.4(a), Annual audit requirement.

NCUA regulation § 715.7, Supervisory Committee alternatives to a financial statement audit, defines qualified persons as CPAs, public accountants, league auditors, credit union auditor consultants, retired financial institution examiners, etc.

The NCUA’s Other Supervisory Committee Audit Minimum Procedures Guide includes a list of procedures designed to assist the supervisory committee or its designee in completing the review areas required by NCUA regulation part 715, Appendix A: Supervisory Committee Audit—Minimum Procedures. The procedures identified in Appendix A are not all inclusive, and the supervisory committee must evaluate a credit union’s operations to determine if other areas of review would be appropriate.

Regardless of who conducts the other supervisory committee audit, the supervisory committee is responsible for the sufficiency of the procedures, judgments about materiality, and any need for additional or expanded procedures. Qualified persons who are not state-licensed cannot provide assurance services. For more information, see NCUA regulation § 715.7, Supervisory Committee alternatives to a financial statement audit.

Some independent accountants may seek the NCUA’s written assurance on the sufficiency of procedures and ask the NCUA to take responsibility for sufficiency of the procedures along with the supervisory committee. Examiners do not provide such assurances, and examiners are not authorized to identify the NCUA as a specified user.

A supervisory committee may engage CPAs or other external auditors to perform a review that, in conjunction with procedures performed by the committee itself, meets the minimum requirements of an other supervisory committee audit as outlined in NCUA regulation part 715, Appendix A: Supervisory Committee Audit—Minimum Procedures.

While the supervisory committee must hire an auditor or qualified person for the audit engagement as outlined in NCUA regulation § 715.9(b), Engagement letter, the board of directors typically authorizes the expense by approving the annual budget.

The AICPA Statement on Standards for Attestation Engagements No. 18, Attestation Standards: Clarification and Recodification, guides an independent CPA’s performance for this type of engagement. These standards are codified in AICPA’s AT-C Section 215, Agreed-Upon Procedures Engagements.

The supervisory committee ensures the scope of the work in an agreed-upon procedures engagement meets the minimum requirements of NCUA regulation part 715, Supervisory Committee Audits and Verifications. The committee cannot delegate its responsibility to an independent auditor.

Standards Governing Agreed-Upon Procedures Audit by a CPA

The AICPA addresses performance standards for agreed-upon procedure engagements in AT-C Section 105, Concepts Common to All Attestation Engagements and AT-C Section 215, Agreed-Upon Procedures Engagements. The standards CPAs must use for agreed-upon procedure engagements are similar to the standards for financial statement audits.

Findings and Workpapers

Audit standard AT-C Section 215, Agreed-Upon Procedures Engagements, requires independent accountants to present the results of applying agreed-upon procedures to specific subject matter in the form of procedures and findings. Independent accountants following best practices are specific in reporting the results of their reviews and avoid vague or ambiguous language when reporting findings.

Auditors prepare and maintain workpapers appropriate to the circumstances to support an agreed-upon procedures engagement (quantity, type, and content). Workpapers affirm the auditor adequately planned and supervised the work and obtained evidential matter to provide a reasonable basis for the finding. While the workpapers remain the property of the independent accountant (in most jurisdictions), the auditor must maintain them for the NCUA's review, consistent with requirements of NCUA regulation § 715.10(b), Working papers.

Workpapers

All audits include documentation of the work performed by the supervisory committee, external auditor, or qualified person and any conclusions reached upon completion of the audit. According to the AICPA’s Clarified Statement on Auditing Standard AU-C Section 230, Audit Documentation, an auditor’s objective is to prepare documentation that provides a sufficient and appropriate record of the basis for the report and evidence that the audit was planned and performed in accordance with GAAS and applicable legal and regulatory requirements.

An auditor’s documentation includes:

• Significant findings or issues arising during the audit

• Conclusions reached during the audit

• Significant professional judgments made in reaching conclusions

• A record and evidence of procedures performed

This documentation is often referred to as the audit workpapers. Examples include:

• The written record of procedures applied, tests performed, information obtained, and pertinent conclusions reached in the engagement

• Proprietary audit programs

• Analyses

• Memoranda

• Letters of confirmation and representation

• Abstracts of credit union documents

• Reviewer's notes, if retained

• Schedules

• Commentaries prepared or obtained during the engagement

The term workpapers is defined as the principal record, in any form, of the work performed by the auditor and/or supervisory committee to support its findings and/or conclusions concerning significant matters.

Ideally, audit workpapers clearly identify the scope/audit plan, who performed the audit work, and results of any testing performed. Documentation that supports a financial statement audit will be more extensive than other audit types and show the examiner that the external auditor met the standards under GAAS .

For audits where a state-licensed person expresses an opinion (financial statement audit), documentation will be more specific and will address the:

• Extent of planning for the fieldwork that will include determination of materiality and assessment of fraud risks

• The auditor’s understanding of credit union internal controls

• Collection of sufficient information to express an opinion

Last updated on October 14, 2022.