Developing An Internal Audit
Sunday, August 25, 2013 at 02:15AM
Cameron in Best Practices, Compliance, Internal Audit

With the kids starting school last week, we got a harsh dose of reality that summer is winding down and cooler temperatures will soon be with us.  Recently while in Cleveland performing an internal audit on a wholesale mortgage banker, we decided one night to catch a few innings of Indians baseball.  Progressive Field in ClevelandThe night was warm and too nice to stay inside the hotel.  The picture to the left was taken as the sun was setting and rain clouds were rolling in.  Warm thunder and lightening soon followed.  Beautiful stadium with a gorgeous backdrop and the tickets, hot dogs and beer was about half the cost of what we pay at a Giants game.  Can’t wait to go back. 

When we think of internal audits, we may think back to movies we’ve seen where a law enforcement department is under investigation from “internal affairs” for inappropriate behavior or illegal activities.  The police may consider these internal auditors intrusive and a “detached breed” that really don’t understand the actual inner workings of the job and the corresponding tasks.  They may be seen similarly to an IRS auditor; just wanting to make a bust and working to justify their job.  The police on their beat trying to keep the city safe may understand the police department’s policies and procedures, but may adjust and adapt according to the situation at hand.  In the end, policies and procedures may be breached with risk of serious reprisals, but the job gets done.  

However a breach can have serious consequences.  Breaches of policies and procedures can result in serious reprisals such as lawsuits or criminal violations. In addition, the more these policies and procedures are breached the process may go down a slippery slope whereby other employees deem these violations a modus operandi, escalating further violations.  Wrong behavior becomes right. 

In the end, employees within any enterprise need to understand the coral they can work and maneuver in.  They need to know someone is monitoring them to ensure they are working within the coral and are accountable if they jump outside the coral.  Internal audits help to assess whether the enterprise’s current policies and procedures are adequate and meet industry standards.  The audit also assesses, through testing, if employees are adhering to the polices and procedures.  

Audits should be performed by internal employees that are not performing the actual tasks or by independent auditors with broad based industry experience.  The end result of an internal audit is to identify risks and develop a plan to mitigate the risks.  Work flow process weaknesses, flawed polices/procedures and employee inappropriate behavior can all result in increase risks, potential reprisals and/or monetary penalties.

In the last 12 months, we’ve seen in increase in awareness by many mortgage bankers to develop an internal audit program.  Many mortgage bankers have been requested by the GSEs or by their board of directors to conduct internal audits to assess risks and to develop appropriate plans to mitigate risks.  Let’s look at the key components of developing an internal audit program. 

C. Watts believes the internal audit is not a “box checking” process and should be performed by an experienced professional that has broad knowledge of all aspects of a mortgage banking operation.  Identifying and addressing the risks with appropriate action plans to reduce and mitigate those risk internally is much more pleasant than waiting for the CFPB, a state regulatory agency or one of government agencies to uncover those areas of risk during an audit.


C. M. "Corky" Watts, CMB                                               Cameron Watts, CMB     
408.497.3135                                                               415.722.0369                                        


Article originally appeared on C. Watts Mortgage Consultative Services (
See website for complete article licensing information.