CFPB Readiness Series: Developing an Internal Audit Process

by KirkpatrickPrice / February 25th, 2014

When you begin preparing for your CFPB examination, it is critical that you develop and implement an internal audit process to provide an independent, objective evaluation the operational effectiveness of your organizational controls. In this webinar, Information Security Specialists at KirkpatrickPrice will review how to develop an internal audit process for your organization and why it is essential for CFPB compliance.

Why Should I Have an Internal Audit Process?

According to the CFPB, “An effective compliance management system commonly has four interdependent control components: board and management oversight, compliance program, response to consumer complaints, and compliance audit. When all of these four control components are strong and well-coordinated, a supervised entity should be successful at managing its compliance responsibilities and risks.”

How Do I Develop an Internal Audit Process?

To develop your internal audit process, you can begin by doing the following:

  • Establishing authority for an internal audit process to operate: Your organization’s leadership, such as the Board of Directors or an owner, must give authorization and support for the policy.
  • Creating a reporting structure: You will need to identify independence, daily operational reporting, and audit deliverable reporting.
  • Determining the scope of the internal audit goals, deliverables, and objectives: Choose control frameworks and audit cycles.
  • Gathering internal audit staffing: Select staff based on professional competencies, develop internal audit performance metrics, and establish internal audit compensation schedules.
  • Developing an internal audit operational work process: Determine the documented frameworks needed, the audit plans to support those frameworks, the audit work paper requirements, and the data security and retention of audit work paper. You should also report the findings and recommendations, as well as the corrective action recommendations.
  • Using an internal audit program evaluation and updating accordingly: Analyze your program to see if it provides an independent objective evaluation of the operational effectiveness of organizational controls; if it includes findings, recommendations, and corrective action reporting in a timely manner; and if it requires that the current business model/cycle be updated.

For more information about CFPB compliance, contact us today.