The Board of Governors of the Federal Reserve System issued the Supplemental Policy Statement on the Internal Audit Function and its Outsourcing to officers in charge of supervision at each Federal Reserve Bank, with the stipulations applying directly to US banks and savings and loans companies with assets of $10bn or more.

Rather than supersede the interagency guidance the Federal Reserve issued in 2003, the Supplemental Policy Statement, issued earlier this year, will serve as a prompt to supervised financial institutions to consider their internal management strategies. It is hoped the new 15-page document will highlight the steps that institutions should begin taking, if they have not already done so, with regards to improving their internal audit functions to meet regulatory inspections.

The opening paragraph of the document affirms: “The Federal Reserve is providing this supplemental guidance to enhance regulated institutions’ internal audit practices and to encourage them to adopt professional standards and other authoritative guidance, including those issued by The Institute of Internal Auditors.”

The document maintains that financial institutions should enhance their internal audit practices by placing more emphasis on the assessment of critical risk management functions and identifying thematic macro control issues and incorporate professional standards, such as the Internal Audit Standards, into their audit architecture. It also stipulates the importance maintaining the same in-house standards if outsourcing arrangements are made.

Time scales for training and management are even proffered in the guidance, stipulating that internal audit management should perform knowledge gap assessments at least annually to evaluate whether staff members have adequate skills to conduct the organisation’s strategy. Internal auditors should receive a minimum of 40 hours of training on an annual basis in order to meet these annual assessments.

The Supplemental Policy statement emphasises the importance of independence, the structure of the function, and the key roles and responsibilities of the Chief Audit Executive and audit committees. Their role is to ensure that their internal audit framework works in accordance with both the 2003 Policy Statement and guidance issued by the Basel Committee in 2012 on Banking Supervision, as there is a significant overlap in mandatory controls stipulated in both the papers.

The Federal Reserve will be carrying out examinations to establish whether financial institutions have heeded their warning in making their internal auditing process effective in terms of both the 2003 policy statement and the more recent supplementary document.