United States

Community bank enhances internal audit processes with integrated SOX optimization loan review and more


Download the case study


Our client is a large publicly owned and operated community bank with nearly $1 billion in total assets.


The bank was in need of an internal audit provider to assist with its annual internal audit plan and implementation of a consistent approach and methodology. The institution also experienced some changes in its organization and sought to establish a relationship with a larger, flexible firm with the necessary experience to manage future, often critical risk concerns.


Following a solicitation of bids from various service providers for its internal audit work, the bank selected RSM as its consulting partner, primarily due to the industry knowledge, risk advisory experience and efficient approach of the proposal team.

Internal audit

The RSM team began the engagement by performing an enterprise-wide risk assessment and working with the bank to develop an internal audit plan for the year. During that process, additional internal audit projects emerged as well as a customized branch audit program. This program was designed for bank staff to audit their smaller branches without the assistance of an outside party. RSM provided training and developed a customized program specifically for the bank and its structure.

In addition to the full scope internal audit outsourcing, the branch audit program delivered significant value to the bank, training its employees and providing confidence that all branches were being consistently audited annually. RSM continues to provide quarterly supervision on the branch audit program, but the bank became more independent by instilling these processes and capabilities in-house on an ongoing basis.

SOX optimization

The institution became very confident in the capabilities of the RSM team, including its ability to deliver services on short notice. When an employee responsible for SOX testing resigned, the institution was anxious to stay on schedule and not lose time in completing third and fourth quarter work. In response, the bank hired a contract employee in conjunction with initiating a RSM SOX optimization project, evaluating existing controls and streamlining the process.

The success of the SOX optimization project has resulted in a reduction in the number of key controls tested, while still keeping the bank compliant. That in itself is saving the bank significant time, money and in-house resources. In addition, RSM helped organize an integrated internal audit and SOX program for the following year.

Loan review

RSM's flexibility and adaptability were also prominently displayed during a loan review project. The engagement was initially planned for 100 loans. However, in response to a request from the client, the sample was increased to 200 at the last minute. The staffing plan was quickly adjusted by RSM with appropriate personnel to review the loans in a timely manner. Effective loan review was a high priority for the bank, and RSM helped the bank successfully cover the number and types of loans indicated in its policy.

Additional projects

The bank's confidence in RSM's service capabilities and integrated approach led to several additional projects to supplement short- and long-term needs. This provided a flexible partnership to support the bank's business objectives.

The bank sought RSM's assistance with candidate sourcing to fill an open position in its finance department. The team provided a list of qualified candidates to consider prior to the interview process.

Lastly, the institution was concerned about the efficiency and effectiveness of its payment card industry (PCI) compliance processes. The success and speed of other projects resulted in the bank engaging the RSM team to perform a PCI audit project.


As a result of this engagement and RSM's integrated service delivery, the bank now has a strong and flexible internal audit foundation, having implemented a consistent methodology that extends throughout the organization. Bank management is also confident that despite reorganization and staffing changes, their partnership with RSM keeps them compliant with regulatory demands, thereby allowing them to remain focused on growth goals.

Other benefits of RSM's service include:

  • Developing and implementing a comprehensive, risk-based internal audit plan
  • Designing a custom branch audit plan, ensuring consistent results across all locations and training employees to perform audits in-house
  • Reducing SOX controls, saving money and conserving resources
  • Reviewing the bank's loan portfolio, ensuring compliance with regulatory expectations
  • Providing assistance in filling staff positions, including introductions to potential candidates

How can we help you?

Contact us by phone 800.274.3978 or
submit your questions, comments, or proposal requests.

Receive Risk Bulletin by Email


Cybersecurity Rapid Assessment®

Complete our Cybersecurity Rapid Assessment form to be contacted about receiving our "quick-hit" evaluation of your organization’s overall security risk.