GA - GAC
Rules and Regulations of the State of Georgia
Terms and Conditions of Agreement for Access to Rules and Regulations of the State of Georgia Website

(Note: certain features of this site have been disabled for the general public to prevent digital piracy. If you are an entitled government entity pursuant the Georgia Administrative Procedures Act, O.C.G.A.§ 50-13-7(d) contact the State of Georgia's Administrative Procedures Division at 678-364-3785 to enable these features for your location.)

To access this website, you must agree to the following:

These terms of use are a contract between you and/or your employer (if any), and Lawriter, LLC.

You agree not to use any web crawler, scraper, or other robot or automated program or device to obtain data from the website.

You agree that you will not sell or license anything that you download, print, or copy from this website.

THIS WEBSITE AND ITS CONTENT ARE PROVIDED "AS IS." THE STATE OF GEORGIA AND LAWRITER EXPRESSLY DISCLAIM ALL WARRANTIES, INCLUDING THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT AND ARE NOT LIABLE TO ANY PERSON FOR ANY ERRORS IN INACCURACIES CONTAINED IN THIS WEBSITE.

By accessing and/or using this website, you agree to the terms and conditions above. If you do not agree to the terms and conditions above, you must cease accessing and/or using this website and destroy all material obtained from this website without your agreement.

If you accept these terms enter the information below and click “I AGREE”.

Subject 80-2-6 SUPERVISORY AUDITS

Rule 80-2-6-.01 Audits

(1) Every Audit Committee shall have an annual audit of the credit union performed, which must be comprehensive in scope covering the period elapsed since the last annual audit, and submit a summary of the audit results at the next annual meeting of the members of the credit union.
(2) The annual audit must be performed by a licensed independent accountant or firm of accountants. However, if the credit union has assets of less than $15 million, the Audit Committee may elect to have the annual audit conducted by the internal auditors of any sponsoring group, concern, or association of credit unions approved by the Department in writing.
(3)
(a) Audit reports in which a licensed independent accountant expresses an unqualified opinion shall be provided to the Department upon request. All other audit reports in which a licensed independent accountant expresses anything other than an unqualified opinion, including, but not limited to, a qualified opinion, an adverse opinion, or a disclaimer of opinion, shall be provided to the Department within fifteen (15) days following receipt by the financial institution. All audit reports generated by anyone besides a licensed independent accountant in accordance with Paragraph 2 of this rule, shall be provided to the Department within fifteen (15) days following receipt by the financial institution. Audit reports submitted to the Department shall be accompanied by the Letter to Management, if applicable, detailing any reportable conditions discovered during the audit engagement.
(b) Failure to obtain the required audit, or the auditor's report thereof, shall be reported to the Department within fifteen (15) days of discovery.
(c) The engagement letter should clearly define the extent of the audit work including, the scope of the audit, the objectives, the resource requirements, the audit timeframes, and the resulting reports, as well as detail the methods utilized by the auditor to handle and protect member information. The credit union shall provide the Department with a copy of the engagement letter at the same time the audit report is provided to the Department.
(d) The auditor shall also provide the Department with a copy of the audit as well as the engagement letter at the request of the Department.
(4) If the audit is conducted by a licensed independent accountant or firm of accountants, the individual or firm is responsible for the preparation and maintenance of any work papers used to support the findings and conclusions in the audit. Conversely, if the audit is conducted by the internal auditors of any sponsoring group, concern, or association of credit unions, the Audit Committee shall be responsible for the preparation and maintenance of any work papers used to support the finding and conclusions in the audit. Under either scenario, the work papers shall be subject to review by the Department and must be made available to the Department upon request.
(5) In the event the Department determines that an audit is deficient, the Department may require the credit union to immediately obtain a new annual audit performed on terms and by an individual acceptable to the Department.
(6) At frequent intervals, but under no circumstances less than annually, the Audit Committee shall also make, or cause to be made, an inspection of the assets and liabilities of the credit union, the credit union's loan and deposit accounts, and the credit union's information technology. The Audit Committee shall also have supplementary audits performed upon request of the Department.
(7) At frequent intervals, but under no circumstances less than annually, the Audit Committee shall make, or cause to be made, a physical cash count.

Rule 80-2-6-.02 [Repealed]

Rule 80-2-6-.03 Applicable Auditing Standards

An audit of a credit union by an independent accountant or firm of such accountants or the internal auditors of any sponsoring group, concern, or association of credit unions shall be made in accordance with generally accepted auditing standards as set forth in pronouncements of the American Institute of Certified Public Accountants.

Rule 80-2-6-.04 Scope of Audit

(1) The auditor should be generally familiar with the statutes, rules, and regulations under which the credit union being audited operates, and with its charter and bylaw provisions. The annual audit should incorporate the necessary procedures to satisfy the auditor that there is compliance with the applicable requirements that might materially affect the credit union's financial position of operation.
(2) Such annual audit shall include a review of the credit union's internal controls and such other tests and reviews of the credit union's records as deemed appropriate by the auditor, including, but not limited to, verifications of the credit union's loan and deposit accounts as well as adequate testing and review of the credit union's information technology activities.
(3) Specific Requirements for the annual audit:
(a) The audit must state the method and degree of direct verification of loan and share accounts and analyze the results by schedule. The audit should indicate whether positive or negative account confirmations were used, number of confirmations mailed, number of replies received, number of undeliverable confirmations, analysis of discrepancies disclosed, and degree of follow-up confirmation for non-replies and undeliverable confirmations;
(b) The audit includes a verification of a timely and accurate cash reconciliation and an affirmative verification of investments and deposits made by the audited credit union as well as the adequacy of the internal controls over these processes;
(c) Verification of the status of funds borrowed by the audited credit union, including promissory notes and certificates;
(d) The audit must confirm that internal routines and controls were evaluated and no exceptions were found or that certain listed exceptions were noted; and
(e) The audit must set forth in sufficient detail the general scope of the audit performed.

Rule 80-2-6-.05 Internal Audit Program

(1) An institution shall have an internal audit program that is appropriate to the size of the institution and the nature and scope of its activities. An appropriate internal audit program consists of qualified persons and provides for effective:
(a) Monitoring and reporting on the system of internal controls;
(b) Testing and review of controls over information systems;
(c) Documenting of testing activities, findings, and corrective actions;
(d) Verifying and reviewing of management actions to address material weaknesses; and
(e) Engagement and oversight by the institution's Board of Directors.
(2) The Board of Directors shall name an internal auditor or designate an officer to act as a liaison with third parties engaged to perform the internal audit program.
(3) The Board of Directors shall review and approve the scope of the internal audit program to include the operational areas targeted for review, the proposed timeline of reviews, testing procedures to be used, the qualifications of personnel for the subject matter to be reviewed, and the independence of personnel from operational responsibilities over areas to be reviewed. Alternatively, an audit committee formed in compliance with O.C.G.A. § 7-1-656(b)(2), is authorized to act in lieu of the Board of Directors. The scope of the internal audit will be documented - via an engagement letter when third parties are engaged - and provided to the Department upon request.
(4) The internal auditor or designated liaison shall:
(a) Implement or oversee implementation of the institution's internal audit program;
(b) Monitor the implementation of corrective actions; and
(c) Report to the Board of Directors at least annually on the status of the internal audit program to include audit activities, findings, and corrective actions.
(5) The internal audit shall be appropriate to the size of the institution and the nature and scope of its activities. In determining the nature and scope of the internal audit, the financial institution shall take into consideration the auditing standards formulated by The Auditing Standards Board of the AICPA, and/or the Institute for Internal Auditors.
(6) Unless pre-approved by the Department in writing, the external audit obtained pursuant to O.C.G.A. § 7-1-657 and Rule 80-2-6-.01 will not satisfy the internal audit program requirement.
(7) In the event the Department determines that an internal audit program is deficient, the Department may require the institution to:
(a) Replace the internal auditor with an individual acceptable to the Department;
(b) Perform additional reviews by personnel acceptable to the Department with subject matter expertise on, and independence from, the areas targeted for review; and
(c) Engage a third-party acceptable to the Department to perform a comprehensive review of the adequacy of the institution's internal control environment in accordance with a standard acceptable to the Department.