AICPA Supports Implementation of Credit Union Regulatory Body’s New Policy on Audit Report Submissions

National Credit Union Administration’s Directive Is Driven by Desire to Reduce Risk of Report Manipulation by Management

August 14, 2017

NEW YORK (August 14, 2017) – The American Institute of CPAs supports the National Credit Union Administration’s focus on the overall integrity of audit report submissions, and recently worked with the regulatory body to remove obstacles to the implementation of a new policy designed to reduce the risk of manipulation or fraud by credit union management.

NCUA regulates or insures almost 5,800 federally insured credit unions. The policy change on external auditor reports was designed to reduce the risk of manipulation by management after some issues emerged in the agency’s periodic material loss reviews. The new requirement initially caused concern among some CPA firms, however, because the act of forwarding the audit report directly to the agency is considered a management function, which could impair an external auditor’s independence. At the AICPA’s request, the NCUA agreed to accept an online delivery option for the documents.

“The policy change was designed to preserve the integrity of the auditor’s report, but inadvertently raised issues for external auditors,” said Sydney Garmong, a partner with Crowe Horwath LLP and chair of the American Institute of CPAs’ Depository Institutions Expert Panel, which addresses professional practice issues regarding financial institutions. “We’re grateful that the NCUA heard our concerns and agreed to acceptable alternatives to preserve auditor independence.”

In an update to credit union management and boards in May, the NCUA said the external auditor could either forward its audit report directly to the regulator, provide time for physical inspection of the document at a specified time or place, or use “a secure portal that verifies and validates the original document source and ensures the audit report submitted to NCUA is authentic and unaltered.” An online platform jointly developed by – the technology arm of the AICPA – and, RIVIO Clearinghouse, meets the latter criteria and is already in use for NCUA submissions.

RIVIO ensures private companies and authorized third parties can share audit reports and other relevant records from validated CPA firms. Company management, in this case credit union directors, can designate who views the audit reports uploaded by CPA firms, but cannot alter the financial presentation in any way. And because the clearinghouse ensures that management is solely responsible for authorizing access to data, it defuses questions about the auditor’s independence.

CPA firms that specialize in serving credit union clients are already making use of the platform.

“We have used RIVIO for all the NCUA requests received. It’s a very efficient way for us to follow the updated policy,” said Chris Vallez, CPA, of Nearman, Maynard, Vallez, a Miami-based CPA firm.

Erik Asgeirsson, president and CEO of, said: “The RIVIO Clearinghouse was developed to address the exact type of potential fraud or financial manipulation identified by the NCUA.” Brian Fox, president of, added: “Going forward, RIVIO will provide the NCUA the peace of mind that it is getting an unaltered audit report from a verified CPA firm, while still ensuring independence for CPA firms.”