Minimum Audit Requirements

Minimum Audit Requirements A written internal audit program shall be approved by the Board of Directors. The program will define the scope of the audit, be reviewed on a periodic basis, and revised by the Board when necessary. The Board of Directors or an auditor selected by the Board should perform the actual audit. A comprehensive internal audit program should include, but may not be limited to: Quarterly Functions

1. Balance all subsidiary records with respective general ledger accounts.
2. Verify a portion of teller cash. This process should be unannounced; the timing and selection varied to avoid recognizable patterns.
3. Reconcile cash items determining their legitimacy and collectibility.
4. Reconcile correspondent bank accounts. Outstanding items should be reviewed for legitimacy and collectibility. Monthly reconcilement records should be reviewed for completeness, timeliness of compilation and appropriate follow-up regarding outstanding items.
5. Reconcile official checks. Determine that checks paid since the previous audit are appropriately cancelled and filed. Compliance with signature requirements should also be ascertained.
6. Reconcile dormant accounts and ascertain that controls are adequate. Verify that entries posted since the previous audit where appropriate.
7. Verify appropriate controls are in place for recordation of collateral and items held for safekeeping, including that items are properly recorded and protected.
8. Verify a cross-section of income and expenses from source to general ledger, including accrual and prepaid accounts.
9. Prepare and retain complete work papers detailing each audit function. Annual Functions
10. Verify securities held off premise.
11. Verify bank-owned certificates of deposit.
12. Verify all loan participations purchased.
13. Verify that nonaccrual loan practices are administered in accordance with GAAP and bank policy. OSBC 4/2016 1

Minimum Audit Requirements (Continued) 5) Review plans and policies established by the Board, including: the Loan Policy, the Investment Policy, the Funds Management Policy and Contingency Funding Plan, the Management Succession Plan, and the Strategic Plan, to ensure they address the institution’s current and planned business lines, activities, and risks. 6) For all Other Real Estate and Other Assets acquired since the previous audit ascertain: a. The Other Real Estate was properly recorded at the fair value less cost to sell; b. The Other Assets were properly recorded at the fair value; c. The expenses and income associated with the property are recorded to the proper bank expense and income accounts; and d. The property is carried in compliance with K.S.A. 9-1102. 7) Ascertain that loan losses and recoveries are properly recorded and that ledgers pertaining to charged off accounts are accurately maintained, pursuant to K.A.R. 17-11-19. 8) Verify the bank is maintaining proper audit trails by tracing a sampling of transactions. 9) Check to insure fidelity and casualty insurance are in force and that all policies have been reviewed and approved by the Board. 10) If the bank obtains an opinion audit by a CPA firm, the OSBC will accept their percentage sampling. In lieu of an opinion audit, direct verification of loan and deposit accounts will be, at a minimum, 5% of the actual number of loan accounts and 2.5% of the actual number of deposit accounts. The sampling should be random enough to include loan and deposit accounts of various sizes. Implementation of an audit program should locate differences in accounts, safeguard assets, and reduce violations. A record of each quarterly audit's results should be noted in the Board of Directors' minutes, per K.S.A. 9-1116(b), and working papers should be kept for Directors' and examiners' review. If the bank obtains an “unqualified” opinion audit by a CPA firm, the OSBC will accept the audit in lieu of the minimum guidelines. Any other type of audit opinion would have to meet the minimum guidelines. OSBC 4/2016 2