By the Division of Banks
You may view and print this Regulation as an
Adobe Acrobat PDF File 
Section
43.01: Purpose and Scope
43.02: Definitions
43.03: Auditing Committee Audits and Verifications
43.04: Requirements for an Outside Audit
43.05: Selection and Approval of Outside Auditors
43.06: Effective Date
43.01: Purpose and Scope
The purpose of 209 CMR 43.00 is to establish examination and audit requirements for credit unions and their auditing committees. The frequency, scope and minimum requirements for credit union audits and share verifications are specified within 209 CMR 43.00.
43.02: Definitions
As used in 209 CMR 43.00, the following words shall, unless the context otherwise requires, have the following meanings:-
Audit, an examination of the books, securities, cash, assets, liabilities, income and expenditures of a credit union including trial balance of the deposit and share account conducted under generally accepted accounting principles ("GAAP") subject to such other conditions and requirements that the Commissioner may impose from time to time under M.G.L. c. 171, § 16.
Auditing Committee, the committee elected by the credit union's Board of Directors under M.G.L. c. 171, § 15 and which operates under M.G.L. c. 171, § 16.
Commissioner, the Commissioner of Banks.
Credit Union, a credit union as defined by M.G.L. c. 171, § 1 and subject to supervision and examination by the Commissioner.
Members of their immediate families, a spouse, or a child, parent, grandchild, grandparent, brother or sister, or the spouse of any such individual.
43.03: Auditing Committee Audits and Verifications
(1) The Auditing Committee is responsible to determine that the financial condition of the credit union is accurately and fairly presented in the credit union's statements and that management practices and procedures are sufficient to safeguard members' shares. To accomplish this responsibility, the Auditing Committee shall determine that the credit union's accounting records and reports are prepared promptly and accurately reflect operations and results, that internal controls are established and effectively maintained to safeguard the credit union's assets, and that the plans, policies, and control procedures established by the board of directors are being properly administered. The Auditing Committee is also responsible for reviewing policies and control procedures to safeguard against error, carelessness, fraud, and selfdealing (conflict of interest). The audit and verification of members' accounts, mandated by 209 CMR 43.03(5) are the activities generally used to carry out these responsibilities; however, the Auditing Committee is expected to exercise such other tests and reviews as may be necessary in the Auditing Committee's judgment to meet its responsibilities.
(2) An audit of each credit union shall occur at least once every year and shall cover the period elapsed since the last annual audit. The audit shall be made using GAAS standards. However, each credit union's annual audit shall, as a minimum, test the credit union's assets, liabilities, equity, income, and expenses for existence, proper cut off, valuations, ownership, disclosures and classification, and internal controls. Upon completion, the Audit Committee shall report the findings of the annual audit to the board of directors of the credit union. The report shall be available for review by any examiner of the Commissioner. The Auditing Committee shall ensure the timely and adequate completion of the annual audit under GAAS auditing procedures. The annual audit required by 209 CMR 43.03 shall constitute the annual audit required by M.G.L. c. 171, § 16.
(3) The Auditing Committee and/or its independent auditors shall be responsible for the preparation and the maintenance of workpapers used to support annual audits. The Audit Committee shall make such workpapers available for review by any examiner of the Commissioner.
(4) Credit union compensated auditors, performing audits for the Auditing Committee, must be independent of the credit union's employees, members of the board of directors, auditing and credit committees and/or the credit union's loan officers, and members of their immediate families. Such auditors shall not be members of the credit union.
(5) The Auditing Committee shall verify or cause to be verified, under controlled conditions, all share/deposit accounts with the records of the treasurer not less frequently than once every two years. The verification of members' accounts shall be made using any of the following methods:
(a) Controlled verification of 100% of members' share/deposit and loan accounts;
(b) Controlled random statistical sampling method that accurately tests sufficient accounts in both number and scope to provide assurance that the General Ledger accounts are fairly stated and that members' accounts are properly safeguarded. That sampling procedure must provide each member account an equal chance of being selected.
Records of those accounts verified will be maintained and retained until the next verification of members' accounts is completed.
43.04: Requirements for an Outside Audit
(1) A credit union shall obtain an independent audit by a certified public accountant or licensed public accountant for any fiscal year during which any one of the following conditions is present:
(a) the credit union's Auditing Committee has not conducted an annual audit under 209 CMR 43.03(2);
(b) the credit union's annual audit did not meet the audit requirements of 209 CMR 43.03;
(c) the credit union's Auditing Committee has failed to comply with the annual audit requirements of M.G.L. c. 171, § 16;
(d) the credit union has experienced serious and persistent recordkeeping deficiencies as defined in 209 CMR 43.04(3);
(e) the credit union has assets over $5,000,000 and it has not had an outside audit within three years; or
(f) the credit union has assets in excess of $30,000,000.
(2) In the case of an audit required pursuant to condition 209 CMR 43.04(1)(a) through (f), the scope of the outside, independent audit conducted by a certified public accountant or licensed public accountant must fully encompass the requirements set forth in 209 CMR 43.03. In the case of an audit required pursuant to condition 209 CMR 43.04(1)(d), the outside, independent audit by a certified public accountant or licensed public accountant must be an opinion audit as that term is understood under GAAP standards.
(3) As used in condition 209 CMR 43.04(1)(d), persistent recordkeeping deficiencies shall mean serious recordkeeping problems which continue to exist past a usual, expected, or normal period of time. The Commissioner shall consider persistent recordkeeping deficiencies serious if he has a reasonable doubt that the financial condition of the credit union is accurately and fairly presented in the credit union's statements and that management practices and procedures are sufficient to safeguard members' share accounts.
(4) An outside audit conducted under 209 CMR 43.04(1)(e) or 209 CMR 43.04(1)(f) shall be deemed to satisfy the requirement for an annual audit under 209 CMR 43.03(2).
43.05: Selection and Approval of Outside Auditors
(1) Selection. The Auditing Committee shall only select a certified public accountant or public accountant that is duly licensed by the Commonwealth.
(2) Notification. The Auditing Committee shall notify the Commissioner in writing within seven calendar days of the name and address of the certified public accountant or public accountant selected under 209 CMR 43.05(1).
(3) Approval. An Auditing Committee's selection of a certified public accountant or a public accountant will be deemed approved unless the Commissioner issues a notice of disapproval within seven days of receipt of notification under 209 CMR 43.05(2).
43.06: Effective Date
209 CMR 43.00 shall govern all audits for the fiscal year ending December 31, 1991.
REGULATORY AUTHORITY
209 CMR 43.00: M.G.L. c. 167, § 6; c. 171, § 16.