The unexpected collapse of Silicon Valley Bank (SVB) in early 2023 (though some would argue it should not have been as big a shock as it was) threw some shade on the effectiveness of internal audit, highlighting the critical importance of robust internal audit functions and comprehensive risk assessments within financial institutions.
Internal audit plays a critical role in helping organizations navigate the complexities of risk and ensuring that an organization’s risk management, governance, and internal control processes operate effectively. At the heart of internal audit is the risk assessment process, the foundation for planning and executing audits that provide meaningful insights and value to the organization.
Risk assessments are integral to the internal audit process, as they help to identify and prioritize the risks that could adversely affect an organization’s ability to achieve its objectives. In the context of SVB, the rapid rise in interest rates and the corresponding impact on bond portfolios were risks that materialized swiftly. A proactive risk assessment should have flagged the sensitivity of the bank’s balance sheet to such changes in the rate environment and prompted internal auditors to scrutinize the effectiveness of the bank’s interest rate risk management strategies.
The FDIC’s comments on SVB’s failure focused on board effectiveness, the bank’s inadequate risk management practices, and the need for a stronger regulatory framework to ensure the safety and soundness of financial institutions. The FDIC pointed out that banks must have robust internal audit functions that can effectively challenge management’s risk-taking and ensure that risk management practices evolve with the changing financial landscape. These points aren’t new; however, they called attention to the level of comfort many organizations and departments had with the status quo.
A critical aspect of the risk assessment process is communication. Internal auditors must engage with stakeholders across the organization, including senior management and the board, to understand their perspectives on risk and ensure that the audit plan aligns with the organization’s strategic priorities. This collaboration ensures that the internal audit function is not operating in a silo but is integrated into the broader governance framework of the organization.
The output of the risk assessment process is an audit plan that lays out the audits to be conducted over a given period. This plan should be flexible enough to accommodate emerging risks that may arise unexpectedly. By being adaptable, an internal audit can ensure that it remains responsive to the organization’s needs in a rapidly changing environment.
This was further exemplified by the failure of Signature Bank in March 2023 and Government regulators seizing and selling off First Republic Bank in May, 2023. These three banks had approximately over $500 billion in combined assets. How many are at risk in 2024?
© Copyright CBIZ, Inc. All rights reserved. Use of the material contained herein without the express written consent of the firms is prohibited by law. This publication is distributed with the understanding that CBIZ is not rendering legal, accounting or other professional advice. The reader is advised to contact a tax professional prior to taking any action based upon this information. CBIZ assumes no liability whatsoever in connection with the use of this information and assumes no obligation to inform the reader of any changes in tax laws or other factors that could affect the information contained herein. Material contained in this publication is informational and promotional in nature and not intended to be specific financial, tax or consulting advice. Readers are advised to seek professional consultation regarding circumstances affecting their organization.
“CBIZ” is the brand name under which CBIZ CPAs P.C. and CBIZ, Inc. and its subsidiaries, including CBIZ Advisors, LLC, provide professional services. CBIZ CPAs P.C. and CBIZ, Inc. (and its subsidiaries) practice as an alternative practice structure in accordance with the AICPA Code of Professional Conduct and applicable law, regulations, and professional standards. CBIZ CPAs P.C. is a licensed independent CPA firm that provides attest services to its clients. CBIZ, Inc. and its subsidiary entities provide tax, advisory, and consulting services to their clients. CBIZ, Inc. and its subsidiary entities are not licensed CPA firms and, therefore, cannot provide attest services.