skip to main navigation skip to secondary navigation skip to content
Board of Governors of the Federal Reserve System
skip to content
Board of Governors of the Federal Reserve System

Supervision and Regulation Letters

SR 13-1 / CA 13-1

Supplemental Policy Statement on the Internal Audit Function and Its Outsourcing

January 23, 2013

Seal of the Board of Governors of the Federal Reserve System
BOARD OF GOVERNORS
OF THE
FEDERAL RESERVE SYSTEM
WASHINGTON, D. C.  20551
DIVISION OF BANKING
SUPERVISION AND REGULATION
DIVISION OF CONSUMER
AND COMMUNITY AFFAIRS
SR 13-1
CA 13-1
January 23, 2013
TO THE OFFICER IN CHARGE OF SUPERVISION AT EACH FEDERAL RESERVE BANK
SUBJECT:   Supplemental Policy Statement on the Internal Audit Function and Its Outsourcing
Applicability to Community Banking Organizations:  This guidance does not apply to community banking organizations, defined as institutions supervised by the Federal Reserve with total consolidated assets of $10 billion or less.1

The Federal Reserve is issuing the attached policy statement, Supplemental Policy Statement on the Internal Audit Function and Its Outsourcing, to provide institutions2 with additional guidance related to interagency guidance that was issued in 2003 and remains in effect.3  Building upon the 2003 interagency guidance, the attached supplemental guidance addresses characteristics, governance, and operational effectiveness of an institution’s internal audit function. 

Further, this supplemental guidance explains changes over the past several years in banking regulations related to auditor independence and limitations placed on the external auditor. In summary, the supplemental guidance addresses:

  • Enhanced Internal Audit Practices – discusses the enhancements that an institution should incorporate into its internal audit function to address lessons learned from the recent financial crisis.
  • Internal Audit Function – addresses the characteristics, governance, and operational effectiveness of an institution’s internal audit function.
  • Internal Audit Outsourcing Arrangements – covers the responsibilities of an institution's board of directors and senior management to provide appropriate oversight of internal audit outsourcing arrangements.
  • Independence Guidance for the Independent Public Accountant – addresses certain changes to Section 36 of the FDI Act4 enacted since the issuance of the 2003 interagency guidance. Further, the supplemental guidance discusses the restrictions on the services of an institution’s external auditor.
  • Examination Guidance – discusses the supervisory assessment of an institution’s internal audit function and the ability of examiners to rely on work performed by internal audit.

Reserve Banks are asked to distribute this supplemental guidance to supervised institutions with greater than $10 billion in total consolidated assets, including state member banks, domestic bank and savings and loan holding companies, and U.S. operations of foreign banking organizations, as well as to their supervisory and examination staff, as appropriate. Questions on the attached guidance should be addressed to Steven P. Merriett, Deputy Associate Director and Chief Accountant-Supervision, at (202) 452-2531; or Terrill L. Garrison, Jr., Senior Accounting Policy Analyst, at (202) 452-2712; or Phyllis L. Harwell, Assistant Director, Consumer Compliance, at (202) 452-3658. In addition, questions may be sent via the Board’s public website.5

signed by
Michael S. Gibson
Director
Division of Banking
Supervision and Regulation
signed by
Sandra F. Braunstein
Director
Division of Consumer
and Community Affairs


Cross References:
SR letter 12-17 / CA letter 12-14, “Consolidated Supervision Framework for Large Financial Institutions.”

SR letter 03-5, “Amended Interagency Guidance on the Internal Audit Function and its Outsourcing”

 
Notes:
  1. Section 4 of the attached policy statement, however, clarifies certain changes to the Federal Deposit Insurance Corporation regulation (12 CFR part 363) on independence standards for independent public accountants at insured depository institutions with total assets of $500 million or more, which were adopted pursuant to 2009 amendments to Section 36 of the Federal Deposit Insurance Act (FDI Act).  Return to text
  2. For purposes of this guidance, "institutions" refer to state member banks, domestic bank and savings and loan holding companies, and U.S. operations of foreign banking organizations with total consolidated assets of $10 billion or more.  Return to text
  3. Refer to SR letter 03-5, "Amended Interagency Guidance on the Internal Audit Function and its Outsourcing."  Return to text
  4. See 12 CFR part 363.  Return to text
  5. See http://www.federalreserve.gov/apps/contactus/feedback.aspx.  Return to text
Last update: August 2, 2013