Auditing: New Spotlight on Governance

Not long ago, accounting was a profession only a bean counter could love. Now, thanks to the corporate scandals that led to the passage of the Sarbanes-Oxley Act of 2002, banks see their external auditors as more important partners than ever before.

Today, banks face the increased filing requirements of the new legislation, in addition to the challenges of a recession and an interest rate environment that hasn’t been seen since the Eisenhower administration. Fortunately, the burden of being highly regulated to begin with may prove to be a benefit, as long as managements and boards aren’t complacent about the advantage.

Audit committees in the spotlight

“[Sarbanes-Oxley] really empowered the audit committee, but with that comes some very significant responsibility,” notes Rick Ueltschy, head of the bank audit practice at Crowe Chizek & Co., which audits about 450 banks, most of which are community banks and just under one-third of which are public.

Many community banks, for example, are used to treating their audit committees as a formality, limiting them to receiving reports from an external auditor chosen by management. But the ground has shifted, and today’s audit committees should be proactive in preapproving all services provided by external auditors. In fact, directors need to evaluate qualitative input from three different sources: management, internal auditors, and external auditors. They also need to be aware of changes from quarter to quarter instead of treating each reporting period as an isolated snapshot. Consequently, directors, particularly those on the audit committee, should be prepared to spend more time in board and committee meetings, and to meet more frequently.

“Audit committees should take a good look at their role and their charter, because in consultant parlance, their cheese has moved,” says Joseph Mauriello, vice chairman for financial services at KPMG’s banking practice. “They need to concentrate on general change management. The risk is that audit committees get so involved, they step over into the role of management.”

Not surprisingly, newly strengthened auditing standards and deeper audits are likely to result in increased audit fees. In particular, the heightened requirements for extensive fraud testing could cost community banks a pretty penny.

“An audit is not a commodity,” says Bill Massey, a shareholder with Florida-based CPA firm Saltmarsh, Cleaveland & Gund, which audits approximately 50 small community banks in the Southeast. “In the past you went with the lowest fee, but there’s a tremendous discrepancy in audit fees right now, and it will be the board’s responsibility to ask what they’re getting in exchange for the fee.”

Proactive, proactive, proactive

If there is a keyword to Sarbanes-Oxley compliance, it is “proactive.” “Well-documented,” however, runs a close second. Accounting experts advise boards at banks of all sizes, both public and privately owned, to examine their audit committee procedures before challenges arise and document the process.

The new requirement for audit partner rotation is a case in point. “Most smaller community banks have developed a relationship with the audit partner, and it may seem to them like changing accounting firms if they change the audit partner,” says Gerald E. Pfeiffer, a partner at Clifton Gunderson, which audits community banks up to $3 billion in size, including about 20 public clients.

Pfeiffer recommends that the audit committee work with the audit firm to develop a strategy for partner rotation well in advance. Because Sarbanes-Oxley gives the board considerable leeway in determining whether the audit firm can be hired for other needs, such as M&A consulting, the board should also schedule an internal discussion to decide how it will respond to these needs before they occur. And, of course, the entire process should be amply documented to ensure regulatory compliance.

Another example is the requirement that external auditors must attest to management’s certification of the bank’s internal controls, contained in section 404 of Sarbanes-Oxley. This provision has already led external auditors to shift subtly away from relying heavily on the work of internal auditors, because they are required to perform control testing themselves. And because the responsibility for engaging external auditors is now incumbent upon audit committees, directors also need to educate themselves about section 404 compliance.

Dealing with regulators

“Banks are used to being regulated. Because of that, they can adapt more quickly to new rulings, as was shown, for example, by their quick adoption of the anti-money-laundering provisions of the USA Patriot Act,” points out Jerry Licari, industry sector leader for KPMG’s banking practice. “Also, banks understand the risks of noncompliance.”

However, experts caution banks against complacency. “Within the banking world, there may be a false sense of comfort about Sarbanes-Oxley’s filing requirements,” comments Paul Wirth, a managing partner with the national banking practice of Deloitte & Touche. “The hard truth is that the bar for all institutions across all industries is being raised dramatically.”

This is especially true at those banks where, loath though directors might be to admit it, FDICIA compliance has become nothing more than a paper-pushing exercise. “If I were an audit committee member, I’d ask whether FDICIA has been treated as an appendage, that is, merely as a regulatory compliance issue, or if it has been integrated and embedded into the institution’s corporate governance philosophy,” says KPMG’s Mauriello.

There is also a group of small, private banks not subject to FDICIA, most of which are also not subject to Sarbanes-Oxley. Nevertheless, the FDIC is strongly urging these companies to comply with as many provisions of the act as feasible, simply because they represent best practices in corporate governance. “We’re seeing a slightly more adversarial approach by the banking regulators,” says Wirth.

Beyond Sarbanes-Oxley

Two accounting-related issues outside the scope of Sarbanes-Oxley should also be on directors’ radar screens this year. The first is addressed in FASB’s recent Interpretation No. 46, which outlines new criteria for the consolidation of variable-interest entities (VIEs).

The interpretation’s scope is extremely broad, and the consolidation criteria focus on the economics of the structures rather than on the form of ownership. Inventorying a company’s VIEs will be the first challenge. One result, according to Barry Kroeger, director of banking for Ernst & Young’s Americas practice, is that “companies are questioning whether they should continue to have those structures or whether they need to change them.”

“We’re going to see a number of structures that were not on balance sheets before being brought back onto the balance sheet,” says Wirth. “Some risks that were formerly passed on to third parties may come back to banks.” The upshot, say experts, is that boards need to understand and document the purpose of these transactions, making sure the rewards are worth the risks.

The second issue is a possible requirement to charge earnings for other-than-temporary impairment of securities. The FASB’s Emerging Issues Task Force is studying the issue, and accounting experts agree that a proposal likely will be adopted relatively soon. “If the rules are put in place, then there’s going to be much less judgment available to auditors of financial statements, which will lead to much more rapid writedowns,” says Kroeger.

However, information about banks’ securities portfolios is already available in standard financial statements for regulators and investors to inspect. “Most banks are already marking to market on a quarterly basis,” says KPMG’s Licari, who predicts that even if the rules are adopted, banks won’t take a sudden earnings hit.

Don’t forget the basics

Despite all the Sarbanes-Oxley headlines, directors should definitely not lose sight of the basics of banking. Managing interest rate risk is of primary importance. Although conventional wisdom says a low interest rate environment is good for banks, current lows are straining banks’ interest margins, and further downward movement will exacerbate the problem. On the other hand, if rates go up, banks that are seeing a high volume of mortgage originations may see a drop in refinancing activity, so directors at these banks should understand how the company is managing interest rate risk within the cost structure of the mortgage operation.

Also stemming from record-low interest rates is a concern that banks need to reexamine their formulas for recognizing mortgage servicing rights. Do the calculations take into account the high volume of refinancingu00e2u20ac”and the resulting rapid prepayment of existing loansu00e2u20ac”the industry is currently seeing, and how will they be adjusted if rates go up or down?

Another banking basic is the question of loan-loss allowances. The industry rule of thumb has always been 1%, but advanced technology now allows such allowances to be customized to a given company’s loan mix and customer trends. Clifton Gunderson’s Pfeiffer recommends that the board review the loan-loss allowance computations and their underlying assumptions at least annually.

Finally, directors should keep themselves informed about their institution’s approach to credit risk. “One of the most important issues for smaller and mid-size banks is credit quality,” says Crowe Chizak’s Ueltschy. “We’re seeing that consumers are stressed, and in commercial lending, some of the more marginal borrowers are giving up the ghost.”

Although Sarbanes-Oxley will no doubt have far-reaching effects on every industry, the banking industry has always taken its fiduciary responsibility to customers and shareholders seriously. Depository institutions have not been subject to the corporate excesses seen elsewhere. With today’s financially astute directors looking out for reputation risks, the industry is well placed to lead the way in corporate governance.

Who Do Youu00c2 Call?

BDO Seidman, LLP

Chicago, IL


Steve Ferrara


37 U.S. offices

Ernst & Young

New York, NY


Barry Kroeger


U.S. offices in nearly 90 cities


Chicago, IL


Richard H. Stein


21 U.S. Offices

Grant Thornton

Washington, D.C.


Paul G. Pustorino


51 U.S. offices

Clifton Gunderson LLP

Peoria, IL


Gerald Pfeiffer


U.S. offices in 13 states and Washington, D.C.


New York, NY


Joseph Mauriello


122 U.S. offices

Crowe Chizek & Co. LLC

Indianapolis, IN


Rick Ueltschy


20 U.S. offices in 8 states, mostly in the Midwest

McGladrey & Pullen LLP

New York, NY


Jim Koltveit


100 U.S. offices

Deloitte & Touche

New York, NY


Paul Wirth


U.S. offices in 80 cities



New York, NY

Tim Ryan


apprx. 100 U.S. offices

Join OUr Community

Bank Director’s annual Bank Services Membership Program combines Bank Director’s extensive online library of director training materials, conferences, our quarterly publication, and access to FinXTech Connect.

Become a Member

Our commitment to those leaders who believe a strong board makes a strong bank never wavers.