By the Division of Banks


    The purpose of the bulletin is to enumerate guidelines relative to establishing and maintaining an audit policy. This bulletin is applicable to all banks.

    1. Prior to the annual audit required by statute, the auditing committee shall meet to (a) review the institution’s most recent audit and examination reports, and (b) based on this review, identify those areas, both new and existing, to which special attention should be given. The critical areas of the proposed audit scope, the firm selected and the cost of the audit should be noted in the audit committee minutes and made available to the Division upon request.
    2. During the course of such audit, the auditing committee shall make themselves reasonably available for consultation with the accountant conducting the audit.
    3. At the conclusion of the audit, the auditing committee shall review the audit report prepared by the accountant. Such meeting shall be held without the officers of the bank being present except at the request of the auditing committee and only for the purpose of responding to specific questions raised by the audit report. It should be emphasized that the accountants shall report only to the auditing committee, and not to the management of the institution.
    4. Having received and reviewed the audit report prepared by the accountant, the auditing committee shall submit such report, along with its own conclusions, to the full governing board of the institution. A single copy of the completed report and management letter must be sent to the Division. If a management letter is not provided by the auditor, the institution must submit a letter with the audit report stating that no management letter was received.
    5. Moreover, as a general matter, minutes of the meetings of the auditing committee shall be taken, as well as attendance records. Such minutes and attendance records of the auditing committee shall be made available to examiners from the Division.

    This bulletin now applies only to banks and replaces former Regulatory Bulletin 2.1-101 Audit Policy Requirements, which was substantially revised as of March 27, 1998, to replace Administrative Bulletins 1-3 issued July 1, 1979, and Administrative Bulletins 1-4 and 22-1A as restated in 1992. The bulletin was revised on May 8, 2012.


    G.L. c. 167, s. 20; G.L. c. 168, s. 25; and G.L. c. 170, s. 14.