Objective

1.) Review and summarize the most recent Internal Audit, External Audit, and Examiners Reports. This will assist in setting scope of the
audit depending upon what issues have een identi!ed and whether the" have since een resolved or not.
#.) Review Ris$ Assessment %&otes 'in$ Ris$ Assessment 'in$) and Ris$ Responses %&otes 'in$ Ris$ Response 'in$). The purpose here is
to identif" and familiarize the auditor with issues from the last audit and(or review of the ris$s and associated controls so that the"
can e incorporated into the audit program as needed to ensure the" have een addressed(resolved and if not, wh". The Ris$
Assessment and the Ris$ Responses are not to e updated at this time, that will e performed once the audit is complete as part of
wor$ paper )*+.
+.) Review the most recent internal compliance reports, to identif" and familiarize the auditor with issues from the last audit and(or
review of the ris$s and associated controls for the area eing audited. In toda",s environment this would consist of the -ealth
.anagement /ompliance reports that are completed " for the AR0, Trust, and Insurance functions. This information should e used
to identif" higher ris$ areas(processes and should also e used as a comparison to actual audit results.
1.) 2or Enterprise Ris$ .anagement %ER.), .anagers are responsile for managing their ris$s and will do so 1) " utilizing their 3$e" ris$
indicators3 and " updating their ris$s 4uarterl" within the dataase %ER. on 52*1). &ew enterprise ris$s ma" e added to or
deleted from the dataase at an" given time.
Source/Scope
Process/Procedure/Policy Review:
'in$ to 'oan 6olic" 777
Personnel Discussions:
8nderwriting .anager
'oan 6roduct .anager and /hief 'ending 9:cer
/hief /redit 9:cer
Link to previous workpaper 777
Link to supporting workpaper 777
Objective 1):
R1: #*11 /redit Administration Internal Audit Report 777 -6 1*# Internal Audit Report for #*11.pdf
R#; Internal Audit Report Rating 777 -6 1*# Internal Audit Report Rating.pdf
R3: #*11 /redit Administration 2indings .emo 777 -6 1*# /redit Administration #*11
2indings .emo.pdf
R: 9// 0afet" and 0oundness Exit .eeting 777 -6 1*# 9// 0afet" and 0oundness Exit
.eeting.pdf
R!; <rad" .artz 777 -6 1*# <rad" .artz = Audit Report and 0A0111 letter %#*11).pdf
Objective "):
R#: Ris$ Evaluation 2orm 777 -6 1*# Ris$ Evaluation 2orm.pdf
Objective ):
R$: ER. Ris$s>Audits Testing = 0hortcut.ln$
R%: ?e" Ris$ Indicators and .easurements 0preadsheet 777 -6 1*#>?RI and .easurements.xlsx 86@ATE
9&/E TERRA '99?0 AT A66'I/A<'E -(6
Results
Objective 1) ; Review and summarize the most recent Internal Audit, External Audit, and Examiners Reports. This will assist in setting
scope of the audit depending upon what issues have een identi!ed and whether the" have since een resolved or not.
The previous Internal Audit Report for /redit Administration was conducted in the months of Banuar" through .arch #*11 &R1)' The Audit
is conducted to ensure operations and controls for /redit Administration along with the 8nderwriting functions are accomplished. The
rating assigned to the Audit was Marginally Satisfactory &R") after the completion of testing, reviewing internal controls, review of
automated scoring s"stems, dataases and other tests deemed appropriate. The end result was !ve reportale !ndings;&R3)
'oan Approvals('ending Authorit"
Extension and Renewals
/redit Reviews
0coring .odels
Real Estate Cigh 'oan to Dalue .onitoring

Audit reviewed the External Audit performed " the 9// &R) 0afet" and 0oundness, the exit meeting date was 9ctoer #E,#*11. The
examination concluded with the following;
/redit Administration practices are satisfactor" ut need strengthening in certain areas.
/orrective actions for prior .atters Re4uiring Attention %.RA)
0enior .anagement need to !nalize their evaluation of compliance s"stems and enterprises ris$ management.

The 9// examination conclusions are senior management and the <oard provide satisfactor" oversight of an$ activities. @uring the
examination, we provided management with recommendations(suggestions to further strengthen the an$,s control environment in light
of the an$,s increasing size and complexit" of operations. The recommendations can e implemented through the normal course of
usiness and represent est practices within the an$ing industr". .anagement has een provided handouts providing the
recommendations.
Audit reviewed the Independent 0ervice Auditor,s Report provided " <rad" .artz F Associates, 6./. External Audit &R!). The audit
revealed several area,s that were reviewed within the Audit. 2or the purpose of this Audit=/redit Administration, the" concluded the
following;
Ciring of a loan reviewer %6rior .RA)
/redit Administration practices are satisfactor" ut need strengthening in certain areas. Recommendations to re4uire gloal
cash Gow anal"sis for related usiness interests, clarif" loan impairment assessments for Allowance for 'oan and 'ease 'osses,
and provide loan portfolio diversi!cation reports that cover all loan categories, including those that don,t represent a
concentration of credit.
Asset 4ualit" is satisfactor" ut the dollar volume of classi!ed assets in trending upwards.
Objective "): Review Ris$ Assessment % &otes 'in$ Ris$ Assessment 'in$ ) and Ris$ Responses % &otes 'in$ Ris$ Response 'in$ ). The
purpose here is to identif" and familiarize the auditor with issues from the last audit and(or review of the ris$s and associated controls so
that the" can e incorporated into the audit program as needed to ensure the" have een addressed(resolved and if not, wh". The Ris$
Assessment and the Ris$ Responses are not to e updated at this time, that will e performed once the audit is complete as part of wor$
paper )*+.
Audit reviewed the ris$ assessment for /redit Administration, with the score eing #)H dated 1(1#(#*11. -ith the comination of the ris$
factors and weights, this area continues to e the area with a concentration of high ris$. The score has een consistent from previous
Audits &R#)'

Objective 3): Review the most recent internal compliance reports, to identif" and familiarize the auditor with issues from the last audit
and(or review of the ris$s and associated controls for the area eing audited. In toda",s environment this would consist of the -ealth
.anagement /ompliance reports that are completed " for the AR0, Trust, and Insurance functions. This information should e used to
identif" higher ris$ areas(processes and should also e used as a comparison to actual audit results.
This area of review is limited to the -ealth .anagement area. There are not compliance reports generated for the <an$ side of Auditing.
Objective ): 2or Enterprise Ris$ .anagement %ER.), .anagers are responsile for managing their ris$s and will do so 1) " utilizing
their 3$e" ris$ indicators3 and #) " updating their ris$s 4uarterl" within the dataase %ER. on 52*1). &ew enterprise ris$s ma" e
added to or deleted from the dataase at an" given time.
Audit reviewed the Enterprise Ris$ .anagement %ER.) dataase &R$). The responsile owners to the applicale 3$e" ris$ indicators3
within the /redit Administration Audit are; 1;) 'oan 6roduct .anager #;) /hief /redit 9:cer +;) 8nderwriting .anager. There is a total of
#* ER.,s to the area. .r. III is the owner of J ER.,s, all of which have not een updated from the 1th 4uarter of #*11. .r. AAA is the
owner of 1* ER.,s, all have een updated, and .R.AAAA is the owner of + ER.,s with # of them updated. Audit had a meeting with each
to discuss how each ris$ is eing measured and monitored. The results are located in ?e" Ris$ Indicators 0preadsheet &R%)'
()*ception noted+ lin$ to oservation 777 &otes 'in$