From anti-money laundering regulations and cybersecurity controls in digital banking to ESG reporting and third-party vendor oversight, U.S. financial institutions face strict guidelines and expectations for their operations.
As a result, CFOs at these institutions are under tremendous pressure to ensure they have adequate audit capabilities and are audit-proof.
says Patrick Farrelly, managing partner of the U.S. Capital Region office at UHY LLP, a global accounting and advisory firm headquartered in London, England. Farrelly, who is also a managing director at UHY Advisors, is based in Albany, New York.
In these roles, Farrelly provides accounting and advisory services to public companies, other regulated companies and private companies in the financial services, broker-dealer, manufacturing and distribution sectors. He has over 10 years of experience managing and developing audit strategies for some of the most prestigious clients in the Big Four.
Mr. Farrelly shows how CFOs at financial institutions can ensure that today's audits are always on point.
What are the biggest gaps in audits that bank CFOs should be aware of?
Some of the most common audit gaps in banking are related to insufficient documentation, incomplete loan underwriting, insufficient internal control over financial reporting, and weaknesses in model risk management. Compliance with anti-money laundering and fair lending regulations, in particular, also tends to pose problems.
As banks increasingly engage in digital transactions, IT and cybersecurity controls have come under increased scrutiny, often exposing gaps in data governance and system integration. Discrepancies between accounting estimates such as allowance for credit losses and underlying data and assumptions are also an area of concern.
CFOs also need to be aware of new risks such as ESG reporting and third-party vendor monitoring. These are increasingly becoming part of the audit scope.
What are the best practices to avoid these issues and close the gaps?
A strong governance framework and culture of compliance are essential. CFOs must ensure a robust internal control environment with clear documentation and ownership of processes. Regular pre-audit reviews, including mock audits, can help identify gaps early.
Coordination between accounting, risk, compliance, and internal audit teams fosters collaboration on key issues. Investing in technology to monitor transactions and data accuracy in real time is critical. Ensure preparedness with staff training and ongoing education on regulatory updates and evolving risks.
Finally, maintaining open communication with auditors and regulators throughout the year, not just during an audit, can help address potential concerns proactively.
How do these challenges differ for small and medium-sized banks?
Smaller banks often face resource constraints, creating gaps in expertise such as segregation of duties, documentation, and complex credit modeling. May rely on manual processes, increasing the risk of error.
Medium-sized and larger banks typically have better resources, but they also tackle complex operations such as advanced loan portfolios, derivatives, and multi-entity integration. Their challenge is to manage consistent processes across sectors and geographies and address rising regulatory expectations.
Big banks are also facing increased scrutiny regarding cybersecurity, stress testing and capital adequacy. Gaps exist at all levels, but their nature and size vary widely depending on the size and complexity of the bank.
From a talent perspective, what should financial institution CFOs consider when managing or considering building an audit team?
CFOs should focus on building multidisciplinary audit teams with expertise in accounting, compliance, IT, cybersecurity, and risk management. It is important to recruit and retain talent who are familiar with current and emerging banking regulations, including current expected credit losses, ESG, and cybersecurity frameworks.
CFOs should prioritize ongoing training and certification opportunities to keep their teams updated on evolving standards. Cross-functional collaboration, especially between finance, risk, and IT, enhances audit readiness.
Additionally, fostering a culture of integrity, continuous improvement, and transparency encourages proactive problem identification. As technology evolves, CFOs should also look for audit professionals with data analysis and automation skills to increase audit efficiency and insight.
