Register
Log Out Show Menu
MenuSearch
X

The Difference Between an ACH Audit and an ACH Risk Assessment

Posted: Dec 2, 2020 | Author: Cynthia Rogstad, Internal Audit AVP, Cornerstone Resources
ACH 

Cornerstone Resources has performed approximately 2,300 credit union ACH audits and ACH risk assessments since 2000. Our ACH specialists are frequently asked about the difference between the ACH audit and the ACH risk assessment, so we're happy to break it down for you. 

ACH AUDIT 

The ACH audit involves a review of the credit union’s adherence to ACH rules and guidelines established by the National Automated Clearing House Association. This audit relates solely to compliance with the ACH rules and is not limited to compliance with any specific rule or group of rules.  

The following are some examples of rules an ACH audit would include: 

  • Annual audit requirement 

  • Record retention 

  • Unsecured electronic networks 

  • Payment of network admin. fees 

  • Contact registration 

  • ACH risk assessment requirement 

  • Security requirements 

  • Verifying prenotifications 

  • Notification of change (NOC) 

  • Acceptance of entries 

  • Credit availability and posting of debits 

  • Content of member account statements 

  • ACH returns of debits and credits 

  • Stop payments 

  • UCC Article 4A Compliance 

  • Addenda records 

  • Sending point and binding agreements 

  • Exposure limits 

  • Receipt of return entries and NOCs 

  • Verifying originators 

  • Reversing entries and files 

  • Adherence to Regulation E 

  • Federal government reclamation and payment processing 

  • Direct access and third-party sender registration 

 

ACH RISK ASSESSMENT 

An ACH risk assessment concentrates on the risks associated with the ACH activities at the credit union and evaluates the credit union’s risk management program to reduce the risks involved with ACH processing. This risk assessment determines the credit union’s quantity of risk in specific areas and evaluates the quality of risk management controls.  

An ACH risk assessment would include the following areas: 

  • ACH and information technology – ACH processing risk 

  • User security settings risk 

  • ACH audit and compliance risk 

  • ACH policies and procedures risk 

  • Exception handling risk 

  • General ledger account reconcilement risk 

  • Money laundering activity risk 

  • Business continuity/recovery plan risk 

  • Credit risk 

While the ACH audit and ACH risk assessment overlap in some areas, such as policies and procedures, the two functions are different, but related. Together the audit and risk assessment provide the credit union with assurance that the ACH function is compliant and secure. 

Cynthia Rogstad is internal audit AVP with Cornerstone Resources. If you have questions about this information, please contact crogstad@cornerstoneresources.coop.  

_____________________________ 

Credit unions around the region and across the country have trusted Cornerstone Resources to conduct their financial audits. Callahan & Associates ranked Cornerstone Resources #6 in the nation on its 2020 list of top 10 auditing firms serving credit unions with more than $40 million in assets, and #4 in the Southeast.  

We can help you stay compliant and manage risk. Get more information.  

 If you're an existing client, please contact Deana Brown or client care.  



Subscribe

Sign up to the receive Cornerstone Resources blog notifications.

Need Solutions?

Cornerstone Resources offers a wide variety of products and services tailored to credit union interests.