CUNA Comment Letter
RE: NCUA Proposed Regulations Regarding Auditing and Accounting Requirements
March 8, 1999
Ms. Becky Baker
Secretary of the Board
National Credit Union Administration
1775 Duke Street
Alexandria, Virginia 22314-3428
RE: NCUA Proposed Regulations Regarding Auditing and Accounting Requirements
Dear Ms. Baker:
The Credit Union National Association is pleased to comment on the National Credit Union Administration Board's proposal to implement provisions in the Credit Union Membership Access Act (P.L. 105-216) regarding audits and financial reporting requirements, which appeared in the Federal Register January 6, 1999. CUNA represents over 90% of the nation's approximately 11,000 state and federal credit unions.Summary of CUNA's Position
CUNA generally supports NCUA's interpretation of the audit provisions of the Credit Union Membership Access Act. We are also recommending several changes to the proposal to improve the final regulation. Our recommendations are:
- NCUA should define the term, "qualified individual" or provide guidance as to its meaning so it encompasses league audit services.
- NCUA should not impose different audit standards on a "complex" credit union.
- NCUA should work with credit unions and groups, such as our Examination and Supervision Subcommittee and League Auditors Task Force to help revise the new Supervisory Committee Audit Guide.
- NCUA should solicit comments on its new Supervisory Committee Audit Guide before approving it in final form.
- NCUA should allow credit unions to provide a summary report of their audit.
- NCUA should delay the effect day of the audit rule until January 2000.
Under the Credit Union Membership Access Act, reports or statements federally insured credit unions with assets of $10 million or more are required to file with NCUA must be consistent with Generally Accepted Accounting Principles. However, NCUA may determine that the application of GAAP to a credit union is not appropriate and may require the application of accounting principles that are no less stringent than GAAP. (12 USC 1782(a)(6)(C))
Federally insured credit unions with assets of $500 million or more must obtain an annual independent audit of their financial statements, in accordance with Generally Accepted Auditing Standards (GAAS). The audit must be preformed by an independent, certified public accountant or licensed public accountant. (12 USC 1782(a)(6)(D)(i))
If a federal credit union with assets of between $10 million and $500 million chooses to obtain a financial statement audit of the type required for a credit union with over $500 million in assets, the audit must comply with state accountancy and licensing requirements. (12 USC 1782(a)(6)(D)(ii)) If a federal credit union decides not to have such an audit, the requirement that its audit comply with state restrictions is not applicable.
We recognize that some in the accounting profession have a different opinion as to whether the statute requires a federal credit union covered by this provision to obtain an audit of its financial statements conducted by an independent CPA.
To examine their contention, we retained the law firm of Hogan and Hartson LLP to review the statute, legislative history and NCUA's proposal. After several months of review, they have provided to us a 14-page legal opinion that reinforces our interpretation and the one reflected in NCUA's proposal that federal credit unions under $500 million do not have to obtain a financial statement audit from a CPA. We believe the opinion, which accompanies this letter, accurately analyzes how a court would approach this question. Thus, based on our reading of the plain language of the statute and the reasoning reflected in the Hogan and Hartson opinion, we strongly concur with NCUA's interpretation that federal credit unions with assets under $500 million are not required to procure a financial statement audit conducted by a CPA.
We also want to bring to the NCUA Board's attention the description of the audit provisions in the Credit Union Membership Access Act found at the website of the American Institute of Certified Public Accountants as of March 8, 1999. The description, which itemizes the audit requirements of the Credit Union Membership Access Act, states:
The new law requires: ...
Federal credit unions with assets greater than $10 million that use an independent auditor to perform the audit required by the credit union supervisory committee to use an auditor licensed pursuant to the state accountancy statute.
This description is fully consistent with NCUA's interpretation.Proposed Minimum Audit Requirements
Under NCUA's proposal, the following minimum requirements would apply, depending on a credit union's size and/or charter.
- Federally-insured credit unions with assets of $500 million or greater must obtain an annual financial statement audit. Such an audit must be performed in accordance with GAAS and performed by a person licensed to do so by the state in which the credit union is located.
- Federally-insured state chartered credit unions with assets of less than $500 million would be allowed to fulfill their audit requirements by obtaining an annual supervisory committee audit as described in NCUA's rules or an audit prescribed by the state in which the credit union is located, whichever is more stringent.
- Federal credit unions with assets between $10 million and $500 million that do not obtain a financial statement audit would be required to obtain a supervisory committee audit as provided under NCUA's audit rule.
- Federal credit unions with less than $10 million in assets would be required to obtain an annual supervisory committee audit as prescribed by NCUA's audit rule.
- Supervisory committee audit requirements would apply to all federally insured credit unions that do not elect to obtain a financial statement audit or which are not required to obtain such an audit. A supervisory committee audit may take one of three forms, under the proposal:
- Opinion on the balance sheet. This audit must be performed in accordance with GAAS by an individual licensed under state law to do so. The audit examines the assets, liabilities and equity and requires an opinion by the auditor on the fairness of the balance sheet only.
- Review and evaluation of the internal controls over Call Reports. The audit would consist of an examination of management's written assertions regarding the effectiveness of internal controls over data reported in call reports in high-risk areas. The auditor would provide a report on management's assertions. The review and evaluation could be performed by an independent state-licensed individual or other "qualified person" unless the credit union is deemed to be "complex" under NCUA's prompt corrective action rules (now being developed - the definition of "complex" under PCA is not set to take effect until January 1, 2001). A complex credit union must use only an independent State-licensed person, according to NCUA.
- Audit according to NCUA's Supervisory Committee Audit Guide. This audit may be performed by an independent, state-licensed person or other "qualified person." NCUA states the Audit Guide will be amended to reflect the minimum scope and procedures and to distinguish such an audit from a financial statement audit.
In general, CUNA is very supportive of the approach the NCUA Board is proposing, particularly regarding federal credit unions with assets of between $10 million and $500 million. However, we do have some concerns and recommendations we would like to offer, which we believe will result in an improved final regulation.Definition of "Qualified Individual"
Under NCUA's proposal, credit unions that are not required to obtain a CPA audit of their financial statements may elect to have a balance sheet audit, a review of their internal controls or an audit that conforms to the requirements of NCUA's Audit Guide. The latter two audits may be conducted by or with the assistance of a "qualified individual."
NCUA's proposal does not define the term, "qualified individual." We urge NCUA to include a definition in the final rule or provide guidance in the Supplementary Information or Audit Guide to clarify that credit unions would be able to utilize league auditing services to perform audits that are not an audit of the financial statements. We believe such action would be fully compatible with the Credit Union Membership Access Act. Perhaps more to the point, we believe it would be inconsistent with the Act if NCUA were to preclude credit unions from using league auditing services for audits that are confined to a review of internal controls or which follow the parameters of the Audit Guide. This view is based on our reading of the statutory language in the Act, which imposes no requirements on credit unions with assets between $10 million and $500 million that do not obtain a financial statement audit.
NCUA's current Audit Guide states that supervisory committee audits must be conducted by someone "having adequate technical training and proficiency as an auditor commensurate with the level and sophistication and complexity of the credit union under audit." (This is based on NCUA's rule, 12 CFR 701.21(c)(2)(i).) The Audit Guide provides that an auditor should have an accounting degree unless the credit union is small and offers core services only. In that case, experience with double-entry bookkeeping would be sufficient. The Audit Guide provides that an understanding of auditing procedures, the Federal Credit Union Act and related documents are also essential. We believe similar language should be included in the Audit Guide, Supplementary Information, or rule to describe a "qualified individual" in the context of the new regulation, which expressly clarifies that league auditors may fit within that definition. One of the league auditors suggested the following definition for a qualified individual, which we could also support:
A person who has adequate knowledge of the credit union system and credit union operations as well as sufficient background and experience in accounting and auditing, such as a league auditor.Application of Audit Requirements to "Complex" Credit Unions
Under the proposal, a "complex" credit union must use a state-licensed auditor to perform its review and evaluation of internal controls over call reporting. NCUA would use the definition of "complex" in this context that it is now developing for purposes of prompt corrective action. We are curious as to the effect of this provision, since the agency does not plan to issue a final rule on "complex credit unions" for several months, presumably after the final audit rule has been adopted.
Further, we do not support interjecting different audit requirements for a credit union that is "complex" under prompt corrective action (PCA). Simply because a credit union is designated as complex under the definition of prompt corrective action does not mean that its financial operations are complicated and should be subjected to different audit requirements. Different audit standards for a "complex" credit union are not required by the statute, and we urge NCUA to reject this approach.Revising the Supervisory Committee Audit Guide
The Supplementary Information to the proposal states that NCUA intends to revise its Audit Guide to be consistent with the new audit regulation. We urge the Board to work with credit unions in developing the Audit Guide. For example, CUNA's Examination and Supervision Task Force, as well as our League Auditors Task Force, could serve as useful resources to NCUA as it revises the Guide. We also urge the agency to put the Guide out for comment to credit unions, examiners, and other interested parties before it is adopted in final form.Audit Report and Working Paper Access
The proposed rule would clarify that credit union members must be provided with a report of the results of an audit, either orally or in writing, if they are not provided with a copy of the audit report itself. We urge the Board to clarify that a summary of the report may satisfy this requirement. Some credit unions have raised concerns about preserving the confidentiality of working papers and have recommended that NCUA clarify that access to such papers be limited to NCUA, the credit union's Supervisory Committee and its Board.Timing of the Final Rule
Credit unions must have ample time to prepare for the final regulation. We urge the Board, as it has done in the past, to delay the implementation date of the final audit rule. We are requesting the rule not take effect until January 2000, in order that engagement letters may be developed by credit unions without having to worry whether such letters and subsequent audits for this year are in compliance with the new requirements.
Thank you for the opportunity to share our views on this important proposal. If you or others at NCUA have any questions about our letter or would care to discuss its contents, please do not hesitate to give me a call at 202-218-7769.
Mary Mitchell Dunn Associate General Counsel
cc: NCUA Board