Internal and External Audit Programs

Laws and Regulations

Key laws and regulations that pertain to FDIC-supervised institutions; note that other laws and regulations also may apply.

• Section 39 of the FDI Act — Standards for Safety and Soundness as implemented by Appendix A to Part 364 — Interagency Guidelines Establishing Standards for Safety and Soundness provides operational and managerial standards for safety and soundness to include internal controls, information systems, and internal audit systems in accordance with Section 36 of the FDI Act — Early Identification of Needed Improvements in Financial Management
• Section 36 of the FDI Act — Early Identification of Needed Improvements in Financial Management as implemented by Part 363 — Annual Independent Audits and Reporting Requirements discusses annual independent audit and reporting requirements for insured depository institutions with total assets of $500 million or more — note that Section 36 of the FDI Act and Part 363 apply to all FDIC-insured institutions
• Summary of Part 363 reporting requirements
• For questions concerning Part 363, please contact us at Part363@fdic.gov

Supervisory Resources

Frequently asked questions, advisories, statements of policy, and other information issued by the FDIC alone, or on an interagency basis, provided to promote safe-and-sound operations.

• Section 4.2 — Internal Routine and Controls of the Risk Management Manual of Examination Policies addresses the function and key components of internal control programs as well as internal and external audit programs, and describes examination processes used to assess effectiveness
• Interagency Policy Statement on the Internal Audit Function and its Outsourcing outlines key characteristics of the internal audit function and discusses the use of outsourcing arrangements and the effect on independence of an external auditor who also provides internal audit services to an institution
• Interagency Policy Statement on External Auditing Programs of Banks and Savings Associations outlines the characteristics of an effective external auditing program and provides examples of how an institution can use an external auditor to help ensure the reliability of its financial reports
• Interagency Advisory on the Unsafe and Unsound Use of Limitation of Liability Provisions in External Audit Engagement Letters informs financial institutions’ boards of directors, audit committees, and management that they should not enter into agreements that incorporate unsafe and unsound external auditor limitation of liability provisions
• Interagency Policy Statement on Coordination and Communication Between External Auditors and Examiners provides guidelines for information that should be provided by depository institutions to their external auditors and meetings between external auditors and examiners in connection with safety and soundness examinations
• Interagency Advisory on External Audits of Internationally Active U.S. Financial Institutions describes prudent considerations for incorporating the principles and expectations in the Basel Committee on Banking Supervision external audit guidance
• Statement on Part 363 Annual Reports in Response to the Coronavirus provides additional information and guidance to insured depository institutions subject to Part 363 that have been affected by the Coronavirus Disease 2019 (referred to as COVID-19)
• Electronic Filing of Part 363 Annual Reports and Other Reports and Notices provides insured depository institutions subject to Part 363 the option to file the annual reports and other reports and notices required under Part 363 electronically through the FDIC's secure website, FDICconnect (FCX), rather than in paper form
• Rescission of Statement on Part 363 Annual Reports in Response to the Coronavirus which provided an additional 45 days for insured depository institutions (IDIs) subject to Part 363 of the FDIC’s regulations to file their Part 363 Annual Reports and Other Reports and Notices

Other Resources

Supplemental information related to safe-and-sound banking operations.

• The American Institute of CPAs represents the Certified Professional Accountant (CPA) profession nationally regarding rule-making and standard-setting, and serves as an advocate before legislative bodies, public interest groups and other professional organizations
• The U.S. Securities and Exchange Commission protects investors, maintains fair, orderly, and efficient markets, and facilitates capital formation
• The Public Company Accounting Oversight Board establishes auditing and related professional practice standards for registered public accounting firms to follow in the preparation and issuance of audit reports
• The Committee of Sponsoring Organizations of the Treadway Commission provides thought leadership through the development of comprehensive frameworks and guidance on enterprise risk management, internal control, and fraud deterrence designed to improve organizational performance and governance, and to reduce the extent of fraud in organizations