13Deposits – Audit and Accounting Guide Depository and Lending Institutions, 2nd Edition

Chapter 13


13.01 Deposits are an important source of funds for banks, credit unions, and savings institutions. Finance and mortgage companies do not take insured deposits. Because a credit union’s members are also its owners, credit unions often refer to deposits as share accounts and related interest paid as dividends. Some credit unions permit nonmembers to deposit funds subject to certain restrictions.

13.02 Deposits are often an institution's most significant liability and interest expense on deposits an institution's most significant expense.

13.03 Deposits are generally classified by whether they bear interest, by their ownership (for example, public, private, interbank, or foreign), and by their type (for example, demand, time, and savings; or transaction and nontransaction). A description of various deposit products follows. These descriptions may not correspond to regulatory designations under the Board of Governors of the Federal Reserve System (Federal Reserve) Regulation D.

Demand Deposits1

13.04 Demand deposits (often called transaction accounts or DDAs) are accounts that may bear interest and the depositor is entitled to withdraw at any time without prior notice. Checking and negotiable order of withdrawal accounts are the most common form of demand deposits. Withdrawals are typically made through check writing, automated teller machines (ATMs), debit cards at point-of-sale (POS) terminals, electronic funds transfers (EFTs), or preauthorized payment transactions. Deposits are generally made through direct deposit (such as payroll amounts) or EFTs, or at ATMs or teller windows.

Savings Deposits

13.05 Savings deposits bear interest and have no stated maturity. Savings deposits include passbook and statement savings accounts and money-market deposit accounts (MMDAs). Withdrawals and deposits are typically made at ATMs or teller windows, by EFTs, or by preauthorized payments. Furthermore, MMDAs generally permit the customer to write checks, although the number of checks that may be written is limited by law.

Time Deposits

13.06 Time deposits, which include certificates of deposit (CDs), IRAs, and open accounts, bear interest for a fixed, stated period of time.

13.07 CDs bear a stipulated maturity and interest rate, payable either periodically or at maturity. CDs may be issued in bearer form (payable to the holder) or registered form (payable only to a specified individual or entity) and may be negotiable or nonnegotiable (always issued in registered form). Negotiable CDs, for which there is an active secondary market, are generally short term and are most commonly sold to corporations, pension funds, and government bodies in large denominations (generally, $100,000 to $1 million). Nonnegotiable CDs, including savings certificates, are generally in smaller denominations. Depositors holding nonnegotiable CDs may recover their funds prior to the stated maturity, however, in doing so they normally pay a penalty.

13.08 Retirement accounts known as IRAs, Keogh accounts (also known as H.R. 10 plans), and self-employed-person accounts are generally maintained as CDs. However, because of the tax benefits for depositors, they typically have longer terms than most CDs. Many retirement accounts provide for automatic renewal on maturity.

13.09 Open accounts are time deposits with specific maturities and fixed interest rates but, unlike savings certificates, amounts may be added to them until maturity. Common types of open accounts are vacation and Christmas club accounts.

13.10 According to IRC regulations, employers that withhold federal taxes from employees' pay are required to deposit those funds periodically with a depository institution. Institutions record such deposits, which are noninterest-bearing, as treasury tax and loan accounts and include such accounts with their deposits. (See paragraph 15.18 of this guide.)

Brokered Deposits

13.11 Brokered deposits are time deposits that are third-party deposits placed by or through the assistance of a deposit broker. Deposit brokers sometimes sell interests in placed deposits to third parties. As discussed in subsequent paragraphs, federal law restricts the acceptance and renewal of brokered deposits by an institution based on its capitalization.

13.12 Brokered deposits are similar to other deposits in that they represent funds placed at the institution by a third party. However, they are fundamentally different in that the funds were acquired through the use of a broker, not through a customer relationship.

13.13 In recent years, a brokered deposit account type known as the Certificate of Deposit Account Registry Service (CDARS) program has become more prevalent. With CDARS, an investor who wishes to buy CDs in excess of the FDIC insurance limit is able to do so through one account. The sponsoring financial institution sells the amount in excess of the FDIC insurance limit to other institutions. The investor ultimately has one CDARS account through which their entire CD balance is FDIC insured. Financial institutions can participate in the process through buying deposits, selling deposits, or a reciprocating relationship.

Dormant Accounts

13.14 Institutions generally have a policy on classifying accounts as dormant. Before a savings account is classified as dormant, it must be inactive for a standard period of time, which normally exceeds that of checking accounts. After a much longer specific period of inactivity, as determined by the state in which the institution is located, state regulations may require that inactive deposits be turned over to (escheated to) the state.

Closed Accounts

13.15 When an account is closed, the signature card or electronic file is generally removed from the file of active accounts and placed in a closed-account section.

Other Deposit Services

13.16 Institutions often offer other deposit services such as reserve or overdraft protection programs2 (which combine a checking account and a preauthorized personal loan), check guarantee services, and consolidated account statements (which combine the account information of several services into one monthly statement).

The Payments Function and Services

13.17 The payments function of a depository institution involves facilitating money payments and transferring funds. The payments function is accomplished through checks and EFTs.

13.18 Check processing. The check-clearing process, which is highly automated, involves the exchange of checks and the settlement of balances among institutions locally, regionally, and nationally. Check processing traditionally involved the encoding of checks with magnetic ink character recognition (MICR) symbols to facilitate routing, the proof and transit function, and the flow of checks for collection. A correspondent system and the Federal Reserve perform such clearinghouse functions for depository institutions. More recently, check processing occurs through the digital capture of check images and the electronic transfer and settlement between accounts.

13.19 An institution receives two types of checks: (a) on-us checks, drawn on a depositor's account and (b) foreign checks, drawn on accounts of other institutions. Such checks may be received from the Federal Reserve, local clearinghouses, other depository institutions, at an ATM or teller window, through the mail, or by other means, such as a loan payment.

13.20 Many physical checks that an institution receives have been dollar-amount encoded by the first institution that handles the check. However, checks received through an institution's own operations must go through its proof department or its correspondent bank. A proof department has the responsibility to

  1. a. prove the individual transaction against its documentation, such as a deposit slip;
  2. b. verify totals for several departments;
  3. c. encode the dollar-amount field;
  4. d. mechanically endorse the back of the check; and
  5. e. sort the items according to destination.

13.21 The flow of physical checks for collection depends primarily on the location of the institution on which the check is drawn. Processing an on-us check for deposit to another account in the same institution is straightforward: The institution debits the check writer's account and credits the check depositor's account. Processing a check drawn on another depository institution, however, can be complex.

13.22 Though some direct collections are made in the banking system, most institutions collect foreign checks through a clearing arrangement (clearinghouse), a correspondent bank, or the Federal Reserve.

13.23 In a clearing arrangement, a group of depository institutions in a given area that receive large numbers of deposited checks drawn on one another meets to exchange and collect payment for the checks. Checks are physically exchanged among participants, and collection is made by crediting or debiting the net amount presented by each institution against all the others.

13.24 When a correspondent institution receives a check drawn on one of its respondent institutions, the check collection process can take several different routes. If the presented check is drawn on an institution that also maintains an account with the correspondent, collection simply involves the correspondent's transfer of deposit credit from one account to another account. If the check is drawn on an institution that does not have an account relationship with the correspondent, the check is credited to the respondent institution's account and then either (a) sent to a second correspondent in which the first correspondent and the institution on which the check is drawn both have an account, (b) sent to a local clearinghouse, or (c) sent to a Federal Reserve bank.

13.25 The Federal Reserve collects checks by internally transferring credit balances from one account to another, in much the same way that individual institutions collect on-us checks. For presenting and paying institutions that have accounts at two different Federal Reserve banks, an extra step is involved in the collection process. Each Federal Reserve bank has an interdistrict settlement account that it maintains on the books of the Interdistrict Settlement Fund established in Washington, D.C., to handle settlements. A check presented to one Federal Reserve bank drawn on a depository institution in another Federal Reserve district will result in a transfer of interdistrict settlement account balances from one Federal Reserve bank to another.

13.26 EFT systems. Institutions have responded to the large volume of checks and the high costs of clearing checks by increasingly using EFT systems. EFT systems are computer-based networks designed to move funds to and from accounts and to and from other institutions electronically, thus eliminating paper-based transactions. Banks and savings institutions transact an enormous volume of daily business between themselves and for customers over regional and national EFT systems. The three principal kinds of EFT systems are direct deposit systems, automated clearinghouse (ACH) systems, and ATMs.

13.27 A direct deposit system involves the direct deposit of payments into a customer's account without the use of a definitive check and is widely used for payrolls. The payment information is usually transmitted to the institution from the payer in electronic form and processed through the institution's proof system.

13.28 An ACH is used to transfer funds from one institution's account at a Federal Reserve bank to that of another; conduct transactions in the federal funds market; transfer funds for customers; transfer book entries representing certain securities; and receive, send, and control other specific EFT messages between member banks and other clearinghouses. The largest ACH is Fedwire, operated by the Federal Reserve. The Clearing House Interbank Payments System (CHIPS) is an ACH operated by the New York Clearing House Association and is the focal point for payments in the world's international dollars market. International dollar payments generally do not leave the United States but are held as deposits at money-center and regional banks or the U.S. branches of foreign banks and are transferred between accounts through CHIPS in payment for internationally traded goods and services, international financial transactions, or settlement of debt.

13.29 Institutions also provide a variety of retail EFT services, including ATMs, POS terminals, telephone bill payment, and home computer banking.

13.30 The Check Clearing for the 21st Century Act (Check 21). Check 21 requires financial institutions to recognize paper checks constructed from digital images as negotiable instruments (Subpart D of Regulation CC, Expedited Funds Availability). These negotiable instruments, known as substitute checks, contain certain information to be considered a legal equivalent of an original check. To be a legal equivalent, substitute checks must

  1. a. be suitable for automated processing;
  2. b. bear a MICR line containing all the information appearing on the original check;
  3. c. meet the technical requirements for substitute checks;
  4. d. bear a legend that states, “This is a legal copy of your check. You can use it the same way you would use the original check;” and
  5. e. be able to be processed in the same manner as the original check with current check processing equipment.

13.31 Check 21 includes necessary warranties, indemnities and disclosures. If a financial institution transfers, presents, or returns a substitute check for consideration (payment), it warrants that

  1. a. the substitute check has met all the requirements to have legal equivalence to the original check, and
  2. b. no party will be asked to pay a check that already has been paid.

Under these warranties, the financial institution will indemnify any person who suffered a loss due to the receipt of a substitute check instead of the original check. If the financial institution transferred a substitute check to a consumer who experienced a loss, it may be responsible for recrediting the consumer. Banks normally have procedures in place for processing recredit amounts for consumer payment. Additionally, upon the implementation of Check 21, certain consumer disclosures explaining Check 21 are required to be sent to consumers.

13.32 With Check 21, financial institutions can convert paper checks into electronic images and deliver Image Replacement Documents in place of the original for payment. Additionally, two banks or a network of multiple banks through mutual agreement can now exchange data taken from the MICR of the original check or an electronic image of the original check, and drastically reduce turnaround time (float).

Regulatory Matters

Limitations on Brokered Deposits3

13.33 Restrictions on the acceptance of brokered deposits, particularly for institutions that become undercapitalized, could affect an institution's liquidity. The effect of such restrictions on liquidity may be a condition, when considered with other factors that could indicate substantial doubt about an entity's ability to continue as a going concern. (See chapter 5, “Audit Considerations and Certain Financial Reporting Matters,” of this guide.)

13.34 Banks and savings institutions. Section 29 of the Federal Deposit Insurance Act (FDI Act) (codified in Title 12 U.S. Code of Federal Regulations [CFR] Part 337) significantly limits the acceptance or use of brokered deposits, funds which the reporting bank obtains directly or indirectly by or through any deposit broker for deposit into one or more accounts, by depository institutions other than those that are well capitalized (as defined for purposes of prompt corrective regulatory action, as discussed in chapter 1, “Industry Overview—Banks and Savings Institutions,” of this guide). Adequately capitalized institutions may accept brokered deposits only if they first obtain a waiver from the FDIC. Undercapitalized institutions are prohibited from accepting brokered deposits.

13.35 Also, the federal banking agencies may restrict the use of brokered deposits of an institution about which the agencies have concerns, even though the institution may continue to be deemed well capitalized. Such restriction may be evidenced by a memorandum of understanding, board resolution, cease-and-desist order or other regulatory order.

13.36 Section 29 of the FDI Act also limits the interest rates that may be offered by under- or adequately capitalized institutions. Undercapitalized institutions may not solicit any deposits by offering rates significantly higher (as defined) than prevailing rates in the institution’s market area or the prevailing rate in the market area from which the deposit is accepted. Adequately capitalized institutions are prohibited from paying interest on brokered deposits above certain levels. The applicable federal banking agency may also restrict the rate paid by well capitalized institutions.

13.37 Effective January 1, 2010, institutions subject to these interest rate restrictions are required to use the national rate to determine conformance with the restrictions. The national rate is defined as a simple average of rates paid by insured depository institutions and branches for which data are available. Institutions subject to the restrictions operating in an area where the rates paid on deposits are higher than the "national rate" can use the local market to determine the prevailing rate if they seek and receive approval from the FDIC. (See FDIC Financial Institution Letter [FIL]-69-2009, Process for Determining If An Institution Subject to Interest-Rate Restrictions is Operating in a High-Rate Area, dated December 4, 2009.)

13.38 Credit unions. Section 107(6) of the Federal Credit Union Act (codified in 12 CFR 701.32(b)) limits the acceptance and use of nonmember and public unit deposits (as defined), including brokered deposits, to the greater of (a) 20 percent of the total deposits of the federal credit union or (b) $1.5 million.

Classification of Deposits of Credit Unions

13.39 The Credit Union Membership Access Act (codified in 12 CFR 715) requires all federally insured credit unions with assets of $10 million and over to follow U.S. generally accepted accounting principles (GAAP). Accordingly, all federally insured credit unions with over $10 million in assets are required to file their Call Report on a GAAP basis. However, the Call Report is not structured for GAAP presentation and disclosure and shows deposits in a separate category, not in equity or liabilities. To the National Credit Union Administration (NCUA), the Call Report deals specifically with recognition and measurement for GAAP rather than presentation and disclosure.

13.40 As discussed further in paragraph 13.64, supervisory committees of federal credit unions are required to perform a verification of member’s accounts.

Accounting and Financial Reporting4

13.41 FASB ASC 942-405-25-3 states that the institution's liability for deposits originates and should be recognized at the time deposits are received rather than when the institution collects the funds. Checks that are deposited by customers and that are in the process of collection and are currently not available for withdrawal (deposit float) should be recorded as assets and liabilities. Deposits should not be recorded based solely on collections.

13.42 Deposit accounts that are overdrawn should be reclassified as loans and should therefore be evaluated for collectibility as part of the evaluation of credit loss allowances.

13.43 Credit unions and corporate credit unions should report unequivocally all member deposit accounts, including member shares, as liabilities in the statement of financial condition, as stated in FASB ASC 942-405-25-4. Paragraphs 3–4 of FASB ASC 942-405-45 address presentation guidance related to member deposits and respective interest payable on those deposit accounts. The statement of financial condition should either (a) present deposit accounts as the first item in the liabilities and equity section or (b) include deposit accounts within a captioned subtotal for total liabilities. An unclassified presentation whereby all liabilities and equity are shown together under one subheading and savings accounts are presented as the last item before retained earnings should not be an acceptable presentation. The interest paid or accrued on these accounts, commonly referred to as dividends, should be reported as an interest expense on the statement of income, and the amount of interest payable to members should be included as a liability in the statement of financial condition.

13.44 FASB ASC 942-405-50-1 states that disclosures about deposit liabilities should include all of the following:

  1. a. The aggregate amount of time deposit accounts (including CDs) in denominations that meet or exceed the FDIC insurance limit at the balance sheet date
  2. b. Securities, mortgage loans, or other financial instruments that serve as collateral for deposits, that are otherwise not disclosed under FASB ASC 860, Transfers and Servicing
  3. c. The aggregate amount of any demand deposits that have been reclassified as loan balances, such as overdrafts, at the balance sheet date
  4. d. Deposits that are received on terms other than those available in the normal course of business

13.45 Some additional disclosures about deposits should generally include the following:

  1. a. For time deposits having a remaining term of more than one year, the aggregate amount of maturities for each of the five years following the balance sheet date (in accordance with FASB ASC 470-10-50-1)
  2. b. The amount of deposits of related parties at the balance sheet date (in accordance with FASB ASC 850, Related Party Disclosures)

13.46 In accordance with FASB ASC 825, Financial Instruments, the fair value of deposits should also be disclosed. In estimating the fair value of deposit liabilities, FASB ASC 942-470-50-1 states that a financial entity should not take into account the value of its long term relationships with depositors, commonly known as core deposit intangibles, which are separate intangible assets, not financial instruments. For deposits liabilities with no defined maturities, the fair value to be disclosed under FASB ASC 825-10-50-13 and FASB ASC 825-10-60-1 is the amount payable on demand at the reporting date.



13.47 The primary objectives of auditing procedures for deposit liabilities are to obtain sufficient appropriate evidence that

  1. a. financial statement amounts for deposit liabilities and related transactions include all deposit obligations of the institution and reflect all related transactions for the period; and
  2. b. deposit liabilities and related income statement and balance sheet accounts have been properly valued, classified, and disclosed in conformity with GAAP.


13.48 In accordance with AU-C section 315, Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement (AICPA, Professional Standards), the objective of the auditor is to identify and assess the risks of material misstatement, whether due to fraud or error, at the financial statement and relevant assertion levels through understanding the entity and its environment, including the entity’s internal control, thereby providing a basis for designing and implementing responses to the assessed risks of material misstatement (as described in chapter 5 of this guide). The following factors related to deposits may contribute to higher inherent risk:

  1. a. Large number of accounts and volumes of transactions
  2. b. Transactions executed through a variety of means and locations
  3. c. Accounts typically can be opened in numerous locations or through the Internet
  4. d. Recurring and significant difficulties in reconciling exception items
  5. e. A practice of permitting depositors to withdraw funds from their accounts before deposited checks have been collected by the institution
  6. f. Introduction of new deposit products
  7. g. The existence and activity of previously inactive or dormant accounts
  8. h. Significant increases in the number of closed accounts, especially near the end of a reporting period
  9. i. Numerous accounts having instructions not to mail account statements to the depositor (no-mail accounts)

13.49 As stated in paragraphs .A36 and .A44 of AU-C section 200, Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance With Generally Accepted Auditing Standards (AICPA, Professional Standards), audit risk is a function of the risks of material misstatement (consisting of inherent risk and control risk) and detection risk. (A detailed discussion on audit risk can be found in chapter 5 of this guide.) The assessment of risks is a matter of professional judgment, rather than a matter capable of precise measurement. The assessment of the risks of material misstatement may be expressed in quantitative terms, such as in percentages, or in nonquantitative terms. In any case, the need for the auditor to make appropriate risk assessments is more important than the different approaches by which they may be made. For example, if deposit liabilities have a higher inherent risk, considering factors listed in paragraph 13.48 or other factors, and if there is a basis for concluding that control risk is low, the auditor may conclude that the overall risk of material misstatement is low.

Internal Control Over Financial Reporting and Possible Tests of Controls

13.50 AU-C section 315 addresses the auditor’s responsibility to identify and assess the risks of material misstatement in the financial statements through understanding the entity and its environment, including the entity’s internal control. Paragraphs .13–.14 of AU-C section 315 state that the auditor should obtain an understanding of internal control relevant to the audit and, in doing so, should evaluate the design of those controls and determine whether they have been implemented by performing procedures in addition to inquiry of the entity’s personnel. (See chapter 5 of this guide for further discussion of the components of internal control.) To provide a basis for designing and performing further audit procedures, paragraph .26 of AU-C section 315 states that the auditor should identify and assess the risks of material misstatement at the financial statement level and the relevant assertion level for classes of transactions, account balances, and disclosures.

13.51 AU-C section 330, Performing Audit Procedures in Response to Assessed Risks and Evaluating the Audit Evidence Obtained (AICPA, Professional Standards), addresses the auditor’s responsibility to design and implement responses to the risks of material misstatement identified and assessed by the auditor in accordance with AU-C section 315 and to evaluate the audit evidence obtained in an audit of financial statements.

13.52 Effective internal control (as it relates to financial reporting of deposits) provides reasonable assurance that (a) deposits are accepted in accordance with management's established policies, (b) misstatements caused by error or fraud in the processing of accounting information for deposits are prevented or detected, and (c) deposits are monitored on an ongoing basis to determine whether recorded financial statement amounts necessitate adjustment.

13.53 According paragraph .15 of AU-C section 315, the auditor should obtain an understanding of the control environment. As part of obtaining this understanding, the auditor should evaluate whether (a) management, with the oversight of those charged with governance, has created and maintained a culture of honesty and ethical behavior and (b) the strengths in the control environment elements collectively provide an appropriate foundation for the other components of internal control and whether those other components are not undermined by deficiencies in the control environment. Control activities that may contribute to a strong control environment may include

  • policies and procedures approved by the board of directors and that include position limits for each type of deposit (including brokered deposits) and guidelines for setting the interest rates offered on deposits.
  • segregation of duties between persons involved with the proof function, persons having access to cash, persons responsible for opening new accounts and issuing CDs or savings certificates, persons with responsibility for authorizing account adjustments, and persons with responsibility for posting information to the general ledger. (Because many of the potential duty conflicts found in the deposit area also exist for cash, it is usually efficient to coordinate any assessment of segregation of duties in those two areas.)
  • reconciliation of subsidiary ledgers for deposit principal, accrued interest, and related accounts to the general ledger on a periodic basis.
  • daily performance of a proof and transit operation with rejected or exception items segregated and individually reviewed. (Examples of such items include activity in dormant accounts or customer overdrafts.)
  • designation by management of persons such as officers or supervisory employees, to be responsible for reviewing and approving unposted holdover items, overdrafts, return items, and status of inactive or dormant accounts.
  • files, ledger cards, canceled checks, deposit tickets, signature cards, and unissued CDs and savings certificates safeguarded from unauthorized access (including dual control over and pre-numbering of unissued certificates and official checks).
  • periodic depositor account statements mailed regularly. (Returned statements are controlled, with follow-up on a timely basis.)
  • supervisory personnel designated by management to be responsible for periodically reviewing activity in employee accounts for unusual transactions.
  • EFTs subject to control procedures that

—  segregate duties between employees who handle cash, balance EFT transactions, authorize EFTs, and post EFTs to deposit accounts.

—  require authorization for EFTs exceeding a depositor's available balance.

—  establish and maintain current, written agreements with all depositors making EFT requests, particularly for those customers who initiate EFT requests by telephone, cellular phone, Internet, POS terminal and other means not involving signed authorization. These agreements generally should set forth the scope of the institution's liability and the agreed-upon security procedures for authenticating transactions (such as callbacks or passwords).

—  provide for the review of rejected transactions and the correction and reversal of entries by a supervisor.

—  restrict initiation of EFTs and access to computer terminals or other EFT equipment.

—  require that documentation of EFTs is provided to the parties involved on a timely basis.

—  disclose the name of the debit party to the receiver of funds.

—  provide for written instructions to employees and users concerning the EFT function.

—  provide for the use and confidentiality of authorized caller and other access codes or authentication algorithms, including periodic changes in such codes or algorithms.

—  provide for the maintenance of a current list of personnel authorized to initiate EFTs.

—  establish authorization limits for personnel.

—  provide for holds to be placed on customer accounts by EFT personnel when instructions are received directly from the authorized customer to confirm that available funds are in the customer's account or that the EFT funds are within authorized limits before the EFT is made.

—  provide for the maintenance of card files or authorization letters on file for all customers who initiate EFTs.

  • controls and verification procedures over requests for EFTs in place at respondent depository institutions.

13.54 In accordance with paragraph .08 of AU-C section 330, the auditor should design and perform tests of controls to obtain sufficient appropriate audit evidence about the operating effectiveness of relevant controls if (a) the auditor’s assessment of risks of material misstatement at the relevant assertion level includes an expectation that the controls are operating effectively or (b) substantive procedures alone do not provide sufficient appropriate audit evidence at the relevant assertion level, such as typically would be the case with the audit of deposits. Examples of tests of controls might include

  • observing or otherwise obtaining evidence about segregation of duties and supervisory review of activity in employee accounts;
  • testing the reconciliations of related accounts, including the disposition of reconciling items and review and approval by a person other than the preparer;
  • testing controls over origination of and access to signature cards and mailing address files;
  • testing controls over the direct mailing of statements to depositors;
  • comparing withdrawal slips with the applicable signature cards; and
  • testing controls over restrictions on deposits pledged as collateral, inactive or dormant accounts, and mail receipts.

13.55 Tests of control activities related to EFTs might include

  • testing compliance with management's established authorization and verification procedures;
  • validating sequence numbers on transfers sent and received;
  • confirming that acknowledgments are returned for all outgoing messages;
  • reviewing management's daily comparison of the total number and dollar amount of EFTs sent and received with summaries received from the Federal Reserve;
  • testing the reconciliations of daily reserve or clearing account statements for disposition of reconciling differences and supervisory review and approval;
  • testing the procedures for identification and verification of EFTs with respondent institutions; and
  • observing control activities that address access.

Substantive Tests

13.56 Irrespective of the assessed risks of material misstatement, paragraph .18 of AU-C section 330 states that the auditor should design and perform substantive procedures for all relevant assertions related to each material class of transactions, account balance, and disclosure, which for a financial institution would include deposits. In accordance with paragraph .A45 of AU-C section 330, this requirement reflects the facts that (a) the auditor’s assessment of risk is judgmental and may not identify all risks of material misstatement and (b) inherent limitations to internal control exist, including management override.

13.57 Audit procedures for deposits might include testing the reconciliations of related subsidiary and general ledger accounts, confirmation of account balances, and analytical procedures.

13.58 Subsidiary records and reconciliations. In accordance with paragraph .21 of AU-C section 330, the auditor’s substantive procedures should include audit procedures relating to the financial statement closing process, such as agreeing or reconciling financial statement balances, including deposit balances and related accounts (accrued interest payable), with the underlying accounting records (trial balance, general ledger, and other subsidiary records). The disposition of reconciling items between general and subsidiary ledgers (such as returned items, adjustment items, holdovers, overdrafts, and service charges) might be investigated to determine whether any adjustments to recorded amounts are necessary.

13.59 Confirmations. Paragraph .A8 of AU-C section 500, Audit Evidence (AICPA, Professional Standards), states that corroborating information obtained from a source independent of the entity may increase the assurance that the auditor obtains from audit evidence that is generated internally, such as evidence existing within the accounting records, minutes of meetings, or a management representation. AU-C section 505, External Confirmations (AICPA, Professional Standards), addresses the auditor’s use of external confirmation procedures to obtain audit evidence, in accordance with the requirements of AU-C sections 330 and 500.

13.60 Confirmation of deposits provides evidence about existence and valuation (accuracy), but it may not provide evidence about other assertions. Paragraph .15 of AU-C section 505 states that negative confirmations provide less persuasive audit evidence than positive confirmations. Accordingly, the auditor should not use negative confirmation requests as the sole substantive audit procedure to address an assessed risk of material misstatement at the assertion level, unless all of the following are present:

  1. a. The auditor has assessed the risk of material misstatement as low and has obtained sufficient appropriate audit evidence regarding the operating effectiveness of controls relevant to the assertion.
  2. b. The population of items subject to negative confirmation procedures comprises a large number of small, homogeneous account balances, transactions, or conditions.
  3. c. A very low exception rate is expected.
  4. d. The auditor is not aware of circumstances or conditions that would cause recipients of negative confirmation requests to disregard such requests.

13.61 According to paragraph .A5 of AU-C section 505, factors to consider when designing confirmation requests include the following:

  • The assertions being addressed.
  • Specific identified risks of material misstatement, including fraud risk.
  • The layout and presentation of the confirmation request.
  • Prior experience on the audit or similar engagements.
  • The method of communication (for example, in paper form or by electronic or other medium).
  • Management’s authorization or encouragement to the confirming parties to respond to the auditor. Confirming parties may only be willing to respond to a confirmation containing management’s authorization.

13.62 Refer to AU-C section 505 for additional guidance on the confirmation process. Refer to AU-C sections 530, Audit Sampling, and 320, Materiality in Planning and Performing an Audit (AICPA, Professional Standards), for guidance on the extent of audit procedures (that is, considerations involved in determining the number of items to confirm). Readers may also refer to the AICPA Audit Guide Audit Sampling that provides guidance to help auditors apply audit sampling in accordance with AU-C section 530. Guidance on the timing of audit procedures is included in AU-C section 330.

13.63 In the case of each nonresponse,6 paragraph .12 of AU-C section 505 states that the auditor should perform alternative procedures to obtain relevant and reliable audit evidence. (See paragraphs .A24–.A27 of AU-C section 505 for additional guidance regarding alternative procedures.) Some depositors may have instructed the institution not to send account statements to the depositor's mailing address. For such no-mail accounts, the auditor might review a written request from the depositor requesting the no-mail status and could use alternative procedures. Alternative procedures for positive confirmation nonreplies and no-mail accounts might include obtaining the respective period deposit account statement and subsequent statements to review for unusual activity and investigating any significant or unusual activity noted.

13.64 Credit union supervisory committee procedures. Note that one of the explicit duties of a federally insured credit union's supervisory committee is to periodically perform a verification of the members' accounts. In addition to procedures required under generally accepted auditing standards (GAAS), auditors may be asked to extend their procedures to assist in meeting the supervisory committee’s requirements. Part 715.8(b) of the NCUA's regulations require that the verification be made using any of the following methods:

  • A controlled verification of 100 percent of members' share and loan accounts.
  • A statistical sampling method that provides for random selection that is expected to be representative of the population from which the sample was selected with an equal chance of selecting each item in the population, which will allow the auditor to test sufficient accounts in both number and scope on which to base conclusions concerning management’s financial reporting objectives. The auditor should also perform alternative procedures if evidence provided by confirmations alone is not sufficient. (According to paragraph .08 of AU-C section 530, the auditor should select items for the sample in such a way that the auditor can reasonable expect the sample to be representative of the relevant population and likely to provide the auditor with a reasonable basis for conclusion about the population.)
  • For independent, licensed, CPAs, the additional option of sampling members' accounts using nonstatistical sampling methods consistent with applicable GAAS may be chosen as long as the sampling method provides a selection that allows the auditor to test sufficient accounts in both number and scope to provide assurance that the general ledger accounts are fairly stated in relation to the financial statements taken as a whole. (Independent, licensed, CPAs will be responsible for documenting their sampling procedures, and providing evidence to the NCUA, if requested, that the method used is consistent with applicable GAAS.)

13.65 Check 21. The following are some potential audit concerns that may arise related to Check 21:

  • The auditor will see fewer original checks as they are replaced by substitute checks. Audit planning may be adjusted based on the financial institution’s processes for disseminating and returning checks.
  • Detecting check fraud may become more difficult as substitute checks will no longer contain watermarks, fingerprints, ink or original paper with access to pressure points. Because the original check is no longer used for processing, the security of the electronic systems will reduce human access to the financial information and reduce employee fraud or error. Shorter processing time will allow for a quicker identification of check fraud or forgery.
  • The financial institution may have purchased equipment that does not have the proper controls in place to prevent computer hacking.

13.66 Accrued interest payable, interest expense, and service charge income. Substantive audit procedures should be performed on accrued interest payable, interest expense, and service charge income in connection with other procedures on deposits. Audit procedures for such amounts might include reviewing and testing reconciliations of subsidiary ledgers with the general ledger, recalculating interest paid, accrued interest payable, and service charge income, and testing of interest expense and service charge income for the period.

13.67 Overdraft protection programs. Audit procedures on overdraft protection programs may include verifying that overdraft balances are properly classified along with the related write-offs of uncollectible balances.

13.68 Other analytical procedures. AU-C section 520, Analytical Procedures (AICPA, Professional Standards), addresses the auditor’s use of analytical procedures as substantive procedures (substantive analytical procedures). Paragraph .05 of AU-C section 520 states that when designing and performing analytical procedures, either alone or in combination with tests of details, as substantive procedures in accordance with AU-C section 330,7 the auditor should

  1. a. determine the suitability of particular substantive analytical procedures for given assertions, taking into account the assessed risks of material misstatement and tests of details, if any, for these assertions. (For example, analytical review procedures can provide substantive evidence about the completeness of deposit-related financial statement amounts and disclosures; however, such procedures in tests of deposit expense are often less precise than substantive tests such as recalculations. Because institutions generally offer a wide variety of deposit products with rates that change frequently during a financial reporting period, it is normally difficult to develop expectations to be used in analyzing yields on deposits.)
  2. b. evaluate the reliability of data from which the auditor’s expectation of recorded amounts or ratios is developed, taking into account the source, comparability, and nature and relevance of information available and controls over preparation.
  3. c. develop an expectation of recorded amounts or ratios and evaluate whether the expectation is sufficiently precise (taking into account whether substantive analytical procedures are to be performed alone or in combination with tests of details) to identify a misstatement that, individually or when aggregated with other misstatements, may cause the financial statements to be materially misstated.
  4. d. determine the amount of any difference of recorded amounts from expected values that is acceptable without further investigation as required by paragraph .07 of AU-C section 520 and compare the recorded amounts, or ratios developed from recorded amounts, with the expectations.

13.69 As discussed in item a in paragraph 13.68, it is normally difficult to develop sufficiently precise expectations to be used in analyzing yields on deposits. Accordingly, analytical procedures in this area might be considered only as a supplement to other substantive procedures, except where an expected yield can be known with some precision (using computer-assisted audit techniques). Analytical review procedures that the auditor may apply in the deposit area include analysis and evaluation of the following:

  • Comparison of the percentage of deposit growth during the period with historical percentages
  • Comparison of the average deposit account balances during the period with those of prior periods
  • Changes in the relative composition of deposits from period to period
  • Comparison of the amounts and percentage ratio of dormant accounts to total deposits with those of prior periods
  • Comparison of deposit interest rates with those prevailing in the institution's marketing area for the same periods

However, be careful not to view trends entirely from a historical perspective; current environmental and business factors as well as local, regional, and national trends could be considered to determine if the institution's trend appears reasonable.

13.70 Paragraph .A7 of AU-C section 520 states that the auditor’s substantive procedures to address the assessed risk of material misstatement for relevant assertions may be tests of details, substantive analytical procedures, or a combination of both. The decision about which audit procedures to perform, including whether to use substantive analytical procedures, is based on the auditor’s professional judgment about the expected effectiveness and efficiency of the available audit procedures to reduce the assessed risk of material misstatement to an acceptably low level. Further guidance on the auditor’s use of analytical procedures as substantive procedures is provided in AU-C section 520. AU-C section 315 addresses the use of analytical procedures as risk assessment procedures, and AU-C section 330 addresses the nature, timing, and extent of audit procedures in response to assessed risks; these audit procedures may include substantive analytical procedures. In addition, see analytical procedures discussion within paragraphs 5.94–.97 of this guide for further guidance on designing and performing substantive analytical procedures.