When Should You Do Your Annual ACH Audit?

Remember the good old days (back in 1993) when you only needed to do an ACH audit once every three years?
Apparently, NACHA didn’t feel that was enough. Now, you are required to perform an ACH audit every year by December 1 of each year. Hence, most financial institutions put off having their audits done until November.  Then there typically is a mad panic to complete the audit before the due date.  Audit committees, audit managers, senior level officers and even external auditors must scramble to complete the long and extensive list of NACHA examination guidelines.
In my experience, that last minute approach to the ACH audit isn’t the best way to go. Just because the due date is December 1^st doesn’t mean the audit must be performed in the fourth quarter. On the contrary, ACH audits can be performed at any time during the year. If you procrastinate, in addition to having to rush the job, if your institution hires outside auditors to perform the task, chances are your outside auditors know the deadline and will reflect that with their November fees.
The world of electronic payments is constantly changing and, as a result, the rules and regulations are also constantly reacting in an effort to keep up. Conducting your annual audit early in the year gives you more time to really understand the risks and problems facing your institution.  It gives you time to consider the options for improvement. It allows you to research the different policies and procedures for minimizing exceptions and reducing problems. Audits done a week before the deadline seldom do more than check off the requirement.
Because you must do an annual audit anyway, then why not actually make that audit useful? Do it early in the year so you have time to really look at the ACH system. This could include:
1. Reviewing all the roles of each participant in the ACH transaction
2. Analyzing the different types of transactions processes
3. Knowing your warranties and duties
4. Understanding how different regulations come into play (regulation E, CC, D and BSA/OFAC)
5. Assessing the different types of risk (credit, liquidity, transactional, etc.) that face your institution
6. Meeting the specific NACHA requirements
As with many areas of business conduct, a little planning with the ACH audit can make all the difference.