ABRAMS GARFINKEL MARGOLIS BERGSON, LLP
Dynamic Legal Representation for You and Your Business


Internal Audit Requirements - Fannie Mae

Q: What are Fannie Mae’s internal audit requirements?

A: As noted in Fannie Mae’s Selling Guide A1-1-01: Application and Approval of Lender, Fannie Mae requires lenders to have “internal audit and management controls to evaluate and monitor the overall quality of its loan production and/or servicing.”

As outlined in Fannie Mae’s Beyond the Guide, "an appropriate internal audit program should at a minimum include the following key elements:

•    An independent reporting structure with direct report to senior management and/or the board of directors. There should be no shared reporting lines within the QC functional areas to be reviewed by the internal audit function.

•    A risk assessment methodology used to identify the operational areas and functions to be audited and the frequency of those audits. The risk assessment is generally completed annually by the internal audit department to identify the scope of the review and apply risk rating to the areas to be reviewed. The risk assessment generally identifies the frequency of reviews based on the risk rating applied to the areas listed.

•    Documented policies and procedures to detail the internal audit review processes, govern reporting to senior management, and address the remediation of findings.

•    A departmental and functional audit schedule for a minimum 12-month period. The schedule should identify the areas subject to review during the current period and align with the risk assessment.”

While not explicit in the Selling Guide in terms of the number and frequency of audits in  a calendar year, Fannie Mae leaves it to its Seller/Servicers to determine those items; however, the number of audits and frequency should be commensurate with the size and complexity of the organization.  A single audit does not meet the minimum requirements as evidenced in recent MORA examination results requiring a Seller/Servicer to submit the two most recent internal audit reports, minimum 12-month audit schedule, and most recent risk assessment.




Share the AGMB Compliance Question of the Week:

Facebook   LinkedIn   Twitter

New York Attorney Advertising: This email is designed for general information only.
The information presented in this email should not be construed to be formal legal advice nor the
formation of a lawyer/client relationship. Prior results do not guarantee a similar outcome.

© Copyright 2019 by Abrams Garfinkel Margolis Bergson, LLP. All rights reserved.
This email is designed and developed by PR4Lawyers.
Facebook Twitter LinkedIn Google+ Youtube Neil Garfinkel Michael Barone Neil Garfinkel E-Mail Michael Barone E-Mail Marie O' Brien Marie O'Brien E-Mail