ABC BANK AUDIT PLAN

PRESENTATION TO AUDIT
COMMITTEE
(Date)
TABLE OF CONTENTS

Introduction of Internal and External Audit

Teams

Audit Risk Assessment Process and Audit

Plan

Summary Comparison of Audit Effort in Prior

Year Versus Plan for the Current Year

Internal Audit Schedule

Sample Audit Committee Deliverable

Matrix for Evaluation of Audit Independence

2
INTERNAL AUDIT PLAN - OVERVIEW

The audit plan was developed using a risk based audit approach. Utilizing experience and
understanding of the bank’s operations as well as industry knowledge, internal audit identified
auditable areas, performed a risk assessment for each of these areas, and assigned each of these a
risk rating of high, medium or low.

Internal audit considered the following factors, as well as knowledge of the bank, in determining the
risk rating for each auditable area:
• Discussions with bank management, which provided insight regarding issues and risks in the
auditable areas.
• Potential impact that the auditable area may have on the financial position of the bank.
• Other environmental factors, such as past audit results, changes in personnel and operations,
past and current emphasis by regulators, and future business strategies.

This risk assessment process will be performed on an ongoing (at least annually) basis to ensure
changing risk factors, including losses, operational changes or turnover, are continually monitored.

A cycling approach to the internal audit plan was used, whereby high-risk areas are audited on an
annual basis, and medium- to low-risk areas are audited over a 18- to 24-month cycle.
RISK MAP - ABC BANK

Medium Risks High Risks

High
• Disaster Recovery
• Treasury/Investments/ALM
• Commercial Lending
• Central Services
• Finance
• Internet Conn./Firewall
• IT Applications
• New Product Development
• Community Reinvestment Act
• Real Estate Lending
• Software Licensing
• Commercial Business Lending
• Logical Security/Security Admin.
• SBA Center
• IT Telecommunications
• Operations Support
• Small Business Lending
• Local Area Network
Significance

• Centralized Doc. Unit II I

Low Risks
• Branch Network
• Loan Administration Dept.
• Financial Products
• Marketing/Promotions
• Human Resources/Payroll
• Credit Administration
• Appraisal Department
• Facilities
Low

IV III

High
Low

Likelihood of control/process issues

4
SUMMARY AUDIT PLAN

Audit Area Risk Assessment Budgeted Hours

Treasury/Investments/ALM High X
Real Estate Lending High X
Central Services High X
Commercial Business Lending High X
SBA Center High X
New Product Development High X
Internet Connectivity/Firewall High X
Centralized Documentation Unit Medium X
Logical Security & Security Admin Medium X
Local Area Networks Medium X
IT Telecommunications Medium X
Disaster Recovery Planning Medium X
Software Licensing Medium X
Finance/Accounting/Accts Payable Medium X
Operations Support Medium X
Community Reinvestment Act Medium X
Branch Network Low X
Human Resources/Payroll Low X
Discretionary NA X
Planning, Admin & Reporting to AC NA X
Follow-Up on Prior Year Audit Plan NA X
Total Budgeted Audit Hours X

5
SUMMARY FOCUS OF AUDIT EFFORT DURING PRIOR
AND CURRENT YEARS

1800
1589
1600
1400
1200
1200
Hours

1000
800
800
650 650
600
600 550
470 450 470
400 400
400 300 260
200 160200 200
200 150 150 150
100
0 0
0
k l s
i ng ur
y
or gy ns ro
l
or
y
ct
s
ct tio
n ed ns
nd s w lo io y t u
oj
e et io
a et no at a ul
a
od tra g at
Le Tr
e N h e r
s/
P
eg P r Pr in
i s ud tig
& h ec O
p
ce R al i al nb
ve
s
e a nc n
T d ur ci ec d m /U In
nc Br tio li ze es
o an S p A i ck
na a tra Fi
n
g/
S
Fi rm n
R
fo e an ni
n
In C um ai
H Tr

Current Year Prior Year

6
SIGNIFICANT CHANGES IN AUDIT PLAN FROM PRIOR
TO CURRENT YEAR
As is depicted on the preceding page, the following summarizes the most significant changes seen in the audit plan
for this year versus last:

Greater emphasis on lending activities, including centralized documentation unit, based on risk
1 assessment process

Significant re-allocation of time from branch network to centralized/back office operational activities
2 based on our risk assessment process. For branch network, focus to be on high-risk activities,
including branch losses, wire initiation, etc.

3 Increased discretionary time for special projects

4 Reduced administration time, as well as no allocation for training, vacation or sick leave

7
INTERNAL AUDIT SCHEDULE
1ST QUARTER 2ND QUARTER 3RD QUARTER 4TH QUARTER
DESCRIPTION
Jan Feb Mar April May June July Aug Sept Oct Nov Dec
Branch Network
Branch 1
Branch 2
Branch 3
Branch 4
Branch 5
Branch 6
Branch 7
Branch 8

Business Processes/Operations
Treasury/Investments/ALM
Real Estate Lending
Central Services
Commercial Business Lending
SBA Center
Human Resources/Payroll
Centralized Documentation Unit
Finance/Accounting/Accounts Payable
Operations Support
Community Reinvestment Act
New Product Development
Follow-Up on Significant Issues
Discretionary To be determined……

1ST QUARTER 2ND QUARTER 3RD QUARTER 4TH QUARTER

DESCRIPTION
Jan Feb Mar April May June July Aug Sept Oct Nov Dec
Information Technology
GENERAL
Logical Security & Security Admin.
Local Area Networks
Internet Connectivity/Firewall
Disaster Recovery Planning
Software Liscencing
APPLICATION SYSTEMS
Deposit Application
General Ledger System
OTHER
Special Management Request Projects To be determined……

= Planned = In Process = Completed

8
INTERNAL AUDIT SCHEDULE (CONTD.)

DESCRIPTION 1ST QUARTER 2ND QUARTER 3RD QUARTER 4TH QUARTER

Jan Feb Mar April May June July Aug Sept Oct Nov Dec
Information Technology
GENERAL
Logical Security & Security Admin.
Local Area Networks
Internet Connectivity/Firewall
Disaster Recovery Planning
Software Licensing
IT Telecommunications
OTHER
Special Management Projects To be determined……
Follow-Up on Significant Issues

= Planned = In Process = Completed

9
INTERNAL AUDIT SCHEDULE – REGULATORY
COMPLIANCE
Federal/state regulations reviewed as part of the audit plan

As part of our review of the identified business processes and retail branches, internal audit will integrate
compliance testing of the following regulations:

DESCRIPTION Reg B Reg CC Reg D Reg DD Reg E Reg X Reg Z CRA OFAC

Branch Network      
Business Processes/Operations
Real Estate Lending   
Commercial Business Lending   
SBA Center   
Centralized Documentation Unit  
Small Business Lending   
Central Services  
Community Reinvestment Act 

Internal audit will coordinate with ABC Bank’s compliance officer when determining the scope and degree of work to
be performed for compliance-related issues.

10