CUSO Audit Review


With the CUSO Registry in full swing, the NCUA will be examining CUSOs more closely. Some CUSOs that have never experienced an examination are much more likely to have examiners at their door. Our team can help prepare you and your staff on what to expect and areas to shore up before going through the process.


With the advent of the Rule 712 (the “CUSO” Rule), all CUSOs must register their activities and financials on the NCUA’s website. It is expected that the NCUA will review this information and then begin examining CUSOs it deems to be a risk to the credit union industry, especially those CUSOs engaged in businesses that the NCUA has little knowledge or understanding of.

Schedule of Tasks

  1. Is the CUSO engaged in permissible activities or services?
  2. Are credit union investments or loans in a CUSO permissible, and does the CUSO present risk as a going concern?
  3. Does the CUSO interact with non-public personally identifiable financial information of members, and if so, does the CUSO have appropriate safeguards?
  4. Does the CUSO present systemic risk to the credit union clients or owners, particularly with respect to the credit union’s lending portfolio or financial statements?
  5. Are the CUSO services in compliance with regulations?

The following is a sample estimate on the time to complete various audits. Of course, times could vary considerably given the discrepancy in size and complexity of services offered.

Audit Est. Time to Complete
Formation and Legality 6 hours
Governance 4 hours
Investors and Investments 4 hours
Financial Condition 12 hours
Data Processing 12 hours
Software Development 8 hours
IT Services 4 hours
ACH Services 2 hours
Audit and Compliance 6 hours
Loan Servicing 8 hours
Marketing 12 hours
Collections 8 hours
Account and Back Office 8 hours

How it Works

The proposed audit plan involves a pre-audit risk assessment, a review based on the NCUA Examiners Manual, and a detailed report on the effectiveness of the CUSOs controls. It is expected that the timeframe from the beginning of the engagement to delivery of the final report will be approximately one-two months. The deliverable will be a report highlighting control deficiencies and which might cause the CUSO to fail any of the above objectives, as well as an estimated cost of remediation if possible. CU*Answers can also provide assistance with the implementation of corrective actions for an additional charge to be determined at that time

Technical Details

The approach to reviewing the controls will follow a systematic pattern of data collection, testing, observations, and analysis. Specifically, this engagement will review:

  • Organization and Management
  • Financial Condition
  • Internal Controls
  • Information Security
  • Regulations/Legal
  • Lending Services
  • Vendor Assessment

Designated CUSO management will be notified in writing of any matters that, in the opinion of the auditor, are significant deficiencies or material weaknesses in controls that could adversely affect the CUSO’s ability to withstand a regulatory examination.

The engagement will not include an examination of all aspects of your system of internal controls or testing of all areas of its operations, and therefore, we will not express an opinion on your system of internal controls. The engagement will not be able to review or assess any subject matter which would create a conflict of interest between CU*Answers and the CUSO. The engagement will not enable CU*Answers to address legal or regulatory matters or abuses of management discretion, including fraud or defalcations, of which matters should be properly discussed by you with legal counsel. Our procedures will not include a detailed examination of all transactions and cannot be relied on to disclose all errors or irregularities that may exist. Additionally, our engagement is not for the purpose of discovering security flaws within your applications software or networking software. However, we will inform your designated management or Board representative of any such material matters that come to the attention of CU*Answers.

Requirements & Prerequisites

The CUSO shall provide complete, timely information and data to meet the requirements of the engagement. The CUSO shall furnish the required information and data as expeditiously as is necessary for the orderly progress of the work. CU*Answers will rely on the accuracy and completeness of the required information. CU*Answers cannot be held responsible in any way for information provided by the CUSO. The CUSO shall designate a representative authorized to make commitments on the CUSO’s behalf for this Engagement and Agreement. The Authorized Representative shall render decisions promptly to avoid delay in the progress of CU*Answers’ services. The CUSO’s Authorized Representative for this engagement shall be listed in the Agreement and Acceptance section of the Proposal.

Search this service on AnswerBook


There are no reviews yet.

Be the first to review “CUSO Audit Review”

Your email address will not be published. Required fields are marked *