On the Document Request for our upcoming compliance exam, under Compliance Management there are two sections that I would like some clarification on. 1) Internal Monitoring, the other 2) Periodic Independent Testing. For internal monitoring they are asking for checklists and a schedule. I am inclined to believe they are wanting to see checklist we use to ensure we are complying with the regs…i.e. flood insurance calcualtion worksheets, Reg Z and HOEPA worksheets, etc. I have no idea what they want as far as a schedule ❗ The 2nd (Periodic Testing) would be the actual audits performed? ❓
For Internal Monitoring they’d like to see when you’re auditing the regs and which regs and whose in charge of that, do you report these to a committee? Or the BOD? Are you tracking exceptions that you’ve found in audits etc? Are you training when you’re finding exceptions? How are you handling your monitoring… etc etc.
For Periodic Independent Testing, they probably want to know who your external auditors are and when you ask them to come by? Quarterly? Annually? etc etc. (I think that’s what the Periodic Ind. Testing is, I could be wrong)
The procedures we develop with our Compliance Masters Group include operating procedures, control procedures and audit procedures. The control procedures are internal monitoring. The audit procedures are the independent testing.