Credit Union – Business Model Strategy

Your Strategic Planning Document is a living breathing document. It underpins your every decision and you report on the key performance indicators and goal achievement on a monthly and quarterly basis…. or is your strategic plan gathering dust on a shelf?

The strategic vision of the Registrar is “Strong Credit Unions in Safe Hands”. The foundation on which this strategy is built is on the belief that strong, well-governed Credit Unions, led by volunteers and retaining their local identity should remain an important part of the financial landscape of Ireland.

In February 2019 The Central Bank issued it’s guidance report on the Business Model Strategy for the sector. Downloadable directly the below link:

BM Guidance—guidance-for-credit-unions.pdf

Detailed within the report are the ten interrelated components to be considered when you are completing any business model risk assessment. We are now using these headers to assess all Strategic Plans. Does your strategic plan adequately assess challenge all of the below items?

  1. Common Bond: the differentiated groups of members to whom the business model is to deliver value.
  2. Member Relationships: the ongoing relationship (physical and virtual interaction) established with members.
  3. Delivery Channels: the routes for reaching new and existing members, for sales and ongoing relationships.
  4. Value Propositions, Products and Services: the value delivered in terms of products/services and other attributes.
  5. Revenue Streams: the new and recurring value being paid for products/services and other attributes.
  6. Key Activities and Key Resources: Key Activities are the activities needed to deliver on value propositions, while key resources are the resources (physical, financial, staff, know-how, software etc.) needed to deliver on value propositions.
  7. Key Partners, Outsourcing and Shared Services are the business partners, suppliers, collaborating entities in formal partnerships that are involved in the supply of products and/or services.
  8. Cost Analysis: the costs of delivering value propositions.
  9. Financial planning: the effect of business model change on financial performance.
  10. Balance sheet considerations: the effect of business model change on the balance sheet.

If your credit union has not completed a detailed review of it’s business model and strategic plan then you may benefit from a third party assessment. We can also assist management teams and Boards to effectively collect their strategies and goals into a fit for purpose reporting format. 

Should you require additional information or a consultation please contact us directly.

Internal Audit Quality Self-Assessment

As Internal Auditors in the Credit Union Sector WDA were invited to attend a workshop in the Central Bank on 18 July 2018. The subsequent report issued by Central Bank detailed its observations and highlighted Expectations for Internal Audit in the Sector.

WDA completed a detailed self-assessment of its own performance in line with the Central Bank’s Report issued on 18th July 2018 and it is our opinion that the Internal Audit services provided by WDA meets the highest standards expected by the Central Bank.


Supervisory Expectations on the Internal Audit Function.

CBI Findings WDA Response Compliant
Activities that are determined to be higher risk in a credit union should be audited in more depth and more frequently than activities that are determined to be lower risk –risk based approach.

WDA base all internal work plans and audit testing on a risk based approach. WDA have over 25 years of experience providing services to the Credit Union sector including Audit, Internal Audit, Risk and Compliance. WDA IAF staff have experience in conducting risk assessment of industrial and community credit unions ranging from €15m to €350m assets.

The IA Function should establish and maintain a system to monitor the implementation of actions agreed by the board of directors which should include a follow up process to ensure that agreed actions have been effectively implemented.


All quarterly reports issued to the board are accompanied by a response document. These formally capture the board’s consideration of the findings and response to all findings. WDA review all responses received and follow up on all material/ significant mitigation plans.



CBI Findings WDA Response Compliant
IA reports should provide objective assurance on the effectiveness of the credit union’s risk management, internal control and governance processes. It should be accurate, objective, clear, concise, constructive, and complete and timely -to support boards understanding of weaknesses identified.

WDA IAF reports maintain a formal assessment of the effectiveness of the credit union’s risk management, internal control and governance processes.

Reports should cover at a minimum:

o   objectives, scope and work undertaken;

o   An opinion on the effectiveness of the credit union’s risk management, internal control and governance processes;

o   Internal audit findings;

o   Recommendations, ranked by priority, with timelines for implementation, and progress on previously agreed action plans.

WDA have developed and tailored the reporting framework to adhere with all legislative requirements whilst maintaining concise and effective communication style. The reports are all issued in an RMP style and are regarded as being user-friendly and highly effective.


The WDA internal audit reporting framework has historically been well-received during CBI PRISM inspections. 



Engagement with Board    
CBI Findings WDA Response Compliant
Effective engagement with IA should be evident:

o   Boards should have an awareness and understanding of issues identified by IA.

o   Evidence of board discussion and challenge in relation to IA issues raised.

The IA function should make recommendations to boards on improving the effectiveness of the risk management, internal controls and governance processes

All reports issued to Board are accompanied by a response document that formalises the Board’s responses and requires direct engagement with the Board.



Priority Areas    
CBI Findings WDA Response Compliant
Appropriate and effective systems of control are at the core of mitigating operational risk. These include regular verification and reconciliation of transactions and accounts, as well as appropriate segregations of duties, including procedures to deal with key person risk.

WDA have designed a suite of verification tests to gain sufficient assurance with the internal control environment.


Once WDA determined that the risk of internal control failure is sufficiently low the process of implementation of a thematic review cycle can commence.

‘IT’ is a major enabler of strategy and business development for credit unions. The operational risks associated with this area need to be appropriately managed, monitored and reviewed given the reliance on and the pace of change in this area.

WDA have designed and executed a detailed Internal Audit review of IT Infrastructure and Environment in credit unions. 

AML/CFT framework should be included in the risk assessment undertaken by IA–the board should consider, on at least an annual basis, whether the AML/CFT framework should be tested by IA.

WDA have designed and executed a detailed Internal Audit review of AML/CTF in credit unions.


Supervisory Observations on the Internal Audit Function                                                                                                    

CBI Findings WDA Response Compliant
Ineffective engagement with the IA function, including a lack of written responses or challenge to reports from the IA function by the board.

The WDA reporting framework includes a ‘Response Document’ which requires the Board to formally respond on all IAF findings and recommendations.

Failure of boards to adequately monitor the quality of the IA function.

WDA have reported to Boards the requirement to document a formal appraisal of the IAF on an annual basis. WDA have received feedback resulting from these reviews in the past and incorporated improvements/ amendments to the process as a result.

Plans lacking in detail and not demonstrating comprehensive work plans in place.

Annual audit plan designed and discussed with management team including plans for each quarter’s theme. Themes selected on a risk based approach. WDA identify areas with potential control weaknesses and outline areas to be reviewed therein. Comprehensive work plan not reflected in the audit plan as the audit plan is initially set in Q4 of the preceding year and the detailed plan of works is considered when the lead auditor is scoping the areas of weakness in the upcoming quarter.

Lack of formal remediation plans to address findings in previous IA reports.


All findings in IAF report include details recommendations and expected timelines for remediation.

Lack of IA testing in key risk areas e.g. bank reconciliations, IT controls, credit underwriting and risk and compliance functions.

WDA have designed and implemented detailed thematic reviews of ‘IT’ Controls, Credit Underwriting and Credit Environment and Risk and Compliance functions. On all new IAF engagements WDA complete quarterly reviews of the bank and cash reconciliations until sufficient assurances have been sought regarding internal controls and the internal control environment. IAF will maintain testing on the bank and cash to ensure sufficient internal controls and financial controls are in place to mitigate the potential risk to error or fraud in the bank and cash reconciliations.

Examples of weaknesses concerning testing of branch locations (where applicable), including lack of evidence of testing by IA function in branches.

WDA have internal audit clients with multiple branch locations. Within the annual audit plan WDA included branch reviews and testing. The review included; visits on site in each branch location; testing of process and controls and interviews with branch staff.

No consideration given by IA to external audit management letters or third party external review reports.


WDA IAF maintain a review of all external reports and have reviewed the audit management letter in detail on an annual basis. These reviews are incorporated into the document review process in each quarter regardless of the theme.

o   Issues not identified in reports

o   Issues not appropriately ranked/prioritised

o   Lack of awareness at board level of issues identified by IA

o   Lack of review/response by the board of directors Lack of tracking of issues raised in IA Reports by boards and/or IA

WDA have modified and expanded the IAF reporting structure to ensure that all findings are laid out in the established ‘RMP’ format. This provides clarity on the issues/ expectations/ remediation and facilitates the Boards response to the findings. IAF are content that the reporting framework has been sufficiently developed to an acceptable standard and has repeatedly been positively appraised by PRISM inspectors.


If you wish to discuss internal audit services or want us to provide a quotation for services please do not hesitate to contact us: