THIRD-PARTY RISK MANAGEMENT
|
|
- Virginia Clarke
- 6 years ago
- Views:
Transcription
1 THIRD-PARTY RISK MANAGEMENT Beyond a Regulatory Requirement April 28, 2017 Ken Glascock, CPA, CAMS, CIA, CFSA, CRCM Director kglascock@bkd.com
2 AGENDA Let s Break It Down What Is Third-Party Risk Management? It s Just for Big Institutions, Right? Why You Need a Third-Party Risk Management Program Regulatory Requirements Are the Right People Involved? It s Not Just an IT Responsibility Common Pitfalls in Third-Party Risk Management Programs Best Practices
3 What Is Third-Party Risk Management? Let s Break It Down
4 LET S BREAK IT DOWN What Is a Third Party? More than just IT services More than just critical vendors Formal Definition How to Identify All Third Parties
5 LET S BREAK IT DOWN What Is Risk Management? Process of Assessing Measuring Monitoring Controlling
6 Why You Need a Third-Party Risk Management Program It s Just for Big Institutions, Right?
7 IT S JUST FOR BIG INSTITUTIONS, RIGHT? No size threshold For all institutions using third parties Applicable to all third-party arrangements
8 WHY YOU NEED A THIRD-PARTY RISK MANAGEMENT PROGRAM
9 WHY YOU NEED A THIRD-PARTY RISK MANAGEMENT PROGRAM Lack of control of process (increased risk) Regulatory requirement Evaluate whether capital is sufficient to support risk exposures think AIG in the great recession Evaluate whether third party is doing its job properly
10 OUTSOURCING CASE STUDY Unirush, LLC and MasterCard International
11 CFPB ORDERS MASTERCARD AND UNIRUSH, LLC TO PAY $13 MILLION RushCard breakdowns cut off consumers access to funds Preventable failures left tens of thousands of economically vulnerable consumers unable to pay for necessitates Many customers could not use their RushCard to get their paychecks and other direct deposits, take out cash, make purchases, pay bills or get accurate balance information
12
13
14
15 Regulatory Requirements
16 POTENTIAL REGULATORS NCUA OCC FDIC Federal Reserve FFIEC CFPB
17 NCUA SUPERVISORY LETTER NO.: 07-01, 10/2007 Evaluating Third Party Relationships Ultimately, credit unions are responsible for safeguarding member assets and ensuring sound operations irrespective of whether or not a third party is involved. Risks may be mitigated, transferred, avoided, or accepted; however, they are rarely eliminated.
18 NCUA SUPERVISORY LETTER (CONT.) Exposure to full range of risks: Credit Interest rate Liquidity Transaction Compliance Strategic Reputation
19 NCUA SUPERVISORY LETTER (CONT.) Credit unions must complete the due diligence necessary to ensure the risks undertaken in a third party relationship are acceptable in relation to their risk profile and safety and soundness requirements.
20 NCUA SUPERVISORY LETTER (CONT.) Risk Assessment Credit unions should complete a risk assessment prior to engaging in a third party relationship to assess what internal changes, if any, will be required to safely and soundly participate.
21 NCUA SUPERVISORY LETTER (CONT.) Risk Assessment consider all seven risk areas and specifically: Expectations for Outsourced Functions Staff Expertise Criticality Risk-Reward or Cost-Benefit Relationship Insurance Impact on Membership Exit Strategy
22 NCUA SUPERVISORY LETTER (CONT.) Due Diligence Background Check Business Model Cash Flows Financial and Operational Control Review Contract Issues and Legal Review Accounting Considerations
23 AUDIT REPORTS SAS70 SSAE16 SSAE18 SOC I-III Type I-II
24
25 AUDIT REPORTS (CONT.) Effective May 1, 2017: SOC Reports will now be issued under SSAE 18 (AT-C Section 320) SSAE 18 replaces SSAE 10-14, 16 & 17 SSAE 18 covers all attestation engagements Refer to reports by their individual names (i.e., SOC1, SOC2 and SOC3), and not SSAE 18
26 SSAE 18 - IMPACT TO SERVICE ORGANIZATIONS AND USER ENTITIES Monitoring the effectiveness of internal controls at subservice organizations Service organizations must implement sufficient controls to monitor the relevant controls at their subservice organizations Assess the risk of material misstatement and perform procedures in response to those risks, i.e., perform a risk assessment Under SSAE 18, service auditors are instructed to better identify potential areas of risk specifically in regards to material misstatement
27 SSAE 18 - IMPACT TO SERVICE ORGANIZATIONS AND USER ENTITIES (CONT.) Complimentary subservice organization controls and modifications to management s assertion SSAE 18 introduces an additional requirement to include complementary subservice organization controls in SOC reports Evaluating the reliability of evidence produced by the service organization SSAE 18 clarifies the requirements to ensure that evidence provided by service organizations is complete, accurate and sufficiently detailed. The management assertion must be signed by management of the company.
28
29
30 NCUA SUP. LETTER (CONT.) CONTRACT ISSUES Scope of arrangement, services offered and activities authorized Responsibilities of all parties Service level agreements Performance reports Penalties for lack of performance Ownership, control, maintenance and access Ownership of servicing rights Audit rights and requirements Data security and member confidentiality Business resumption or contingency planning Insurance Member complaints and member service Compliance with regulatory requirements Dispute resolution Default, termination and escape clauses
31 NCUA SUPERVISORY LETTER (CONT.) Since credit unions may ultimately be responsible for consumer compliance violations committed by their agents, credit unions should be familiar with the third party s internal controls for ensuring regulatory compliance and adherence to agreed upon practices.
32 NCUA SUPERVISORY LETTER (CONT.) Risk Measurement, Monitoring and Control of Third Party Relationships Policies and Procedures Risk Measurement and Monitoring Control Systems and Reporting
33 The CFPB expects supervised banks and nonbanks to have an effective process for managing the risks of service provider relationships CFPB Bulletin
34 To limit the potential for statutory or regulatory violations and related consumer harm, supervised banks and nonbanks should take steps to ensure that their business arrangements with service providers do not present unwarranted risks to consumers CFPB Bulletin
35 CFPB & CREDIT UNIONS CFPB Orders Navy Federal Credit Union to Pay $28.5 Million for Improper Debt Collection Actions Credit Union Used False Threats to Collect Debts and Placed Unfair Restrictions on Account Access - OCT 11, 2016
36 FFIEC Outsourcing Technology Services Supervision of Technology Service Providers
37
38
39 OCC Comptroller s Handbooks Asset Management Other Real Estate Owned Internal and External Audits Merchant Processing Retail Nondeposit Investment Sales Etc.
40 A bank should adopt risk management processes commensurate with the level of risk and complexity of its third-party relationships OCC Bulletin , Third-Party Relationships
41 the OCC expects more comprehensive and rigorous oversight and management of third-party relationships that involve critical activities significant bank functions (e.g., payments, clearing, settlements, custody) or significant shared services (e.g., information technology) OCC Bulletin , Third-Party Relationships
42 Appropriately managed third-party relationships can enhance competitiveness, provide diversification, and ultimately strengthen the safety and soundness of insured institutions. Third-party arrangements can also help institutions attain key strategic objectives FDIC s Summer 2011 Supervisory Insights
43 A third-party relationship should be considered significant if the institution s relationship with the third party is a new relationship or involves implementing new bank activities FDIC Financial Institution Letter , Guidance for Managing Third-Party Risk
44 A community banking organization may have critical activities being outsourced, but the number may be few and to highly reputable service providers. Therefore, the risk management program may be simpler and use less elements and considerations Federal Reserve SR 13-19, Guidance on Managing Outsourcing Risk
45 As the service provider represents the institution by selling products or services on its behalf, the institution should consider whether the incentives provided might encourage the service provider to take imprudent risks Federal Reserve SR 13-19, Guidance on Managing Outsourcing Risk
46 It s Not Just an IT Responsibility Are the Right People Involved?
47 ARE THE RIGHT PEOPLE INVOLVED? Must know aspects of proper third-party risk management program to know who should be involved
48 ARE THE RIGHT PEOPLE INVOLVED? Five Phase Approach 1. Planning & risk assessment 2. Due diligence & third-party selection 3. Contracts 4. Ongoing monitoring 5. Termination
49 ARE THE RIGHT PEOPLE INVOLVED? Phase I - Planning & Risk Assessment (board of directors, management, line personnel) Is it a need or a want? Will it help accomplish strategy? Opportunity cost?
50 ARE THE RIGHT PEOPLE INVOLVED? Phase II - Due Diligence & Third-Party Selection Persons involved should be those who can properly evaluate Whether vendor will perform task(s) assigned (direct users) Cost/benefit (CFO, executive management, board)
51 ARE THE RIGHT PEOPLE INVOLVED? Phase III Contracts Legal CEO CFO
52 ARE THE RIGHT PEOPLE INVOLVED? Phase IV - Ongoing Monitoring Performance (direct users & IT) Financial stability (CFO, credit analysts) Business continuity (IT) Cybersecurity (IT)
53 BANKS FAIL TO ENFORCE CYBERSECURITY STANDARDS ON THIRD-PARTY PROVIDERS: FDIC WATCHDOG WASHINGTON Banks are woefully unprepared to face potential cybersecurity threats stemming from third-party technology providers, according to a report issued Wednesday by the Federal Deposit Insurance Corp. s independent watchdog. The FDIC's Office of Inspector General found that financial institutions failed to include important cybersecurity provisions in their contracts with the thirdparty firms. Typically, financial institution contracts with technology service providers did not clearly address TSP responsibilities and lacked specific contract provisions to protect FI interests or preserve FI rights, the report said.
54 ARE THE RIGHT PEOPLE INVOLVED? Phase V - Termination Legal IT Project management Business owner AP
55 Common Pitfalls in Third-Party Risk Management Programs
56 COMMON PITFALLS 1. Assuming IT can/should take on the responsibility alone 2. Performing only to appease examiners (checking the box) 3. Not including [*****] third parties 4. Board of directors not taking responsibility for oversight What do they see and when do they see it? 5. Obtaining documentation but doing nothing more 6. Not anticipating exit/transition costs in contract negotiations 7. Not having the VM Program reviewed/audited on a recurring basis
57 COMMON PITFALLS (CONT.) 8. Insufficient reference checks &/or not calling references 9. No risk ratings and/or outdated ratings 10. Not reviewing third party promotional (advertising) materials, as it represents your institution and/or contractually limiting use of your name / logo 11. Inadequate staff training & organizational communication 12. Out of synch with regulatory issuances and expectations 13. Not understanding business case for having a VM program
58 COMMON PITFALLS (CONT.) 14. Decentralization of contracts where are they? 15. Accepting automatically renewable clauses in contracts 16. Allowing contracts to renew automatically and unintentionally 17. Decentralized purchase / acquisition process 18. Relying on the wrong SOC report
59 BEST PRACTICES New Vendor Form AP will not set-up a new vendor until: Business Owner signs off Business Owner s superior signs off Vendor Management team signs off
60 BEST PRACTICES (CONT.) Vendor Monitoring / Performance Review Form Annual Process Dated? Business Owner Signoff? Meeting Service Level Agreements? Site Visit? Customer Complaints Reviewed?
61 BEST PRACTICES (CONT.) ANNUAL SUMMARY SHEET Vendor Manager Signoff Risk Rating Affirmed / Changed Financial Analysis Complete? Risk Trend Noted Annual monitoring sufficient? Implementation / Testing of User Considerations Complete IT Security Involved?
62 BEST PRACTICES SOFTWARE Software / Vendors Can We Outsource Vendor Management? Can the vendor manager-manager monitor itself? Software Vendor / Functionality Repository of documents Risk Assessment / Risk Rating Functionality Tickler Alerts / Contract Renewals Financial Analysis Security / Audited
63 BEST PRACTICES (CONT.) Vendor Manager Qualifications / Experience People person + detail oriented Audit / exam administration Project management Contract administration Compliance Risk assessment Appreciates the value of documentation IT background Financial statement analysis
64 VENDOR CRITICALITY Risk Considerations Possession of or access to member data (physical or logical) Direct contact with members IT infrastructure / provides critical application(s) Loan underwriting Compliance services
65 VENDOR CRITICALITY (CONT.) Other Issues What s a manageable number? Critical Total vendors tracked How many risk ratings? Can I safely ignore non-critical vendors?
66 WHAT S IN YOUR AUDIT PROGRAM? Vendor Management Program Review Policies & Procedures Risk Assessment / Risk Ranking Methodology Sample High Risk (Critical Vendors) Assess due diligence performed Review contracts Assess annual monitoring Financial statement analysis SOC report / Client Considerations implemented Sample Terminated Critical Vendors Top 30 payees? Are they tracked in the VM Program? Board / Supervisory Reporting Adequacy and Frequency
67 PULLING IT ALL TOGETHER INTERNAL STAKEHOLDERS Board & Supervisory Committee CFO Insurance Procurement Credit Analysis Accounts Payable Legal Compliance Internal Audit Contract Administration ERM + Vendor Manager + Software BCP IT Security Project Management Business Owners
68
69 Ken Glascock
70
Vendor Management Challenges and Expectations An Open Discussion April 13, 2017
1 Practical solutions driving tangible results Vendor Management Challenges and Expectations An Open Discussion April 13, 2017 Agenda Common Themes Discussion Expectations Overcoming Obstacles Common Comments
More informationEffective Vendor Risk Management. April 21, Mario A. Mosse. This Training is Brought to you by ComplianceOnline. Presenter:
This Training is Brought to you by ComplianceOnline. Effective Vendor Risk Management Presenter: Mario A. Mosse April 21, 2017 This training session is sponsored by 2014 ComplianceOnline www.complianceonlie.com
More informationVENDOR MANAGEMENT 101
VENDOR MANAGEMENT 101 Enterprise Risk Management Vendor Management Business Continuity IT GRC Internal Audit Regulatory Compliance Manager Introduction to Vendor Management About Your Presenter Andrea
More informationHot Topics in Third Party Management. April 5, 2018 MEMBER OF ALLINIAL GLOBAL, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS
Hot Topics in Third Party Management April 5, 2018 MEMBER OF ALLINIAL GLOBAL, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2018 Wolf & Company, P.C. Before we get started Today s presentation slides can
More informationStrengthening Vendor Risk Management Program
Strengthening Vendor Risk Management Program ACUIA Region 5 Fall Meeting Portsmouth, N.H. October 2017 PKF O Connor Davies Risk Advisory Services Governance & Regulations Cyber-Security Risk Management
More informationVENDOR RISK MANAGEMENT FCC SERVICES
VENDOR RISK MANAGEMENT FCC SERVICES Introductions Chris Tait, CISA, CFSA, CCSK, CCSFP Principal, Financial Services Baker Tilly Russ Sommers, CPA, CISA Senior Manager, Financial Services Baker Tilly Agenda
More informationVendor Management 101
Vendor Management 101 January 18, 2018 Presented by Branan Cooper Chief Risk Officer at Venminder branan.cooper@venminder.com (502) 909-0325 Session Agenda Vendor risk management why it s required today
More informationSelf Assessment Workbook
Self Assessment Workbook Corporate Governance Audit Committee January 2018 Ce document est aussi disponible en français. Applicability The Self Assessment Workbook: Corporate Governance Audit Committee
More informationDIVIDE BY JEFFREY NAIMON & MOORARI SHAH
DIVIDE & Conquer CFPB Intensifies Focus on Third-Party Vendors, Launches Direct Supervision Program Focused on Mortgage Industry BY JEFFREY NAIMON & MOORARI SHAH Jeffrey Naimon Moorari Shah The Consumer
More informationIT Service Delivery And Support Week Seven: SLA. IT Auditing and Cyber Security Fall 2016 Instructor: Liang Yao
IT Service Delivery And Support Week Seven: SLA IT Auditing and Cyber Security Fall 2016 Instructor: Liang Yao 1 Outsourcing Drivers Outsourced IT Works Outsourced IT Activity Samples Top Three Outsourcing
More informationBest Practices for Establishing a Cost-Effective Internal Audit Function. Article by Heidi Wier June 2016
Best Practices for Establishing a Cost-Effective Internal Audit Function Article by Heidi Wier June 2016 Best Practices for Establishing a COST-EFFECTIVE INTERNAL AUDIT FUNCTION BY HEIDI WIER The heightened
More informationThe Role of the VMO in Regulatory Compliance Planning, Due Diligence and Contract Negotiation
: The Role of the VMO in Regulatory Compliance Planning, Due Diligence and Contract Negotiation David England, Director, ISG ISG WHITE PAPER 2017 Information Services Group, Inc. All Rights Reserved EXECUTIVE
More informationNavigating the Intersection of Vendor Management and Business Continuity
Navigating the Intersection of Vendor Management and Business Continuity MICHAEL BERMAN, J.D. Table of Contents Why are we here? Business Continuity and Vendor Management Primary Intersection BCP Each
More informationGuidance Note: Corporate Governance - Board of Directors. January Ce document est aussi disponible en français.
Guidance Note: Corporate Governance - Board of Directors January 2018 Ce document est aussi disponible en français. Applicability The Guidance Note: Corporate Governance - Board of Directors (the Guidance
More informationFinancial Institutions Consulting. Quality service. Personal attention.
Financial Institutions Consulting Quality service. Personal attention. Why Weaver? With more than 65 years of experience and a commitment to our financial institution clients, Weaver is established as
More informationGuidance Note: Corporate Governance - Audit Committee. March Ce document est aussi disponible en français.
Guidance Note: Corporate Governance - Audit Committee March 2015 Ce document est aussi disponible en français. Applicability The Guidance Note: Corporate Governance Audit Committee (the Guidance Note )
More informationGuidance Note: Corporate Governance - Audit Committee. January Ce document est aussi disponible en français.
Guidance Note: Corporate Governance - Audit Committee January 2018 Ce document est aussi disponible en français. Applicability The Guidance Note: Corporate Governance Audit Committee (the Guidance Note
More informationRisk Assessment - Balancing Risk While Enhancing Controls
Risk Assessment - Balancing Risk While Enhancing Controls cliftonlarsonallen.com Session Objectives Define risk and risk assessment. Execution of assessment and approach Impact on controls and future state
More informationSelf Assessment Workbook
Self Assessment Workbook Corporate Governance - Board of Directors March 2015 Ce document est aussi disponible en français. Deposit Insurance Corporation of Ontario Applicability The Self Assessment Workbook:
More informationVendor Management from an Auditor s Perspective
Vendor Management from an Auditor s Perspective Mike Morris Partner mmorris@pkm.com (404) 420-5669 Mary Beth Marchione Systems Manager mmarchione@pkm.com (404) 548-2825 April 25, 2017 Session Agenda Understand
More informationREGULATORY HOT TOPIC Third Party IT Vendor Management
REGULATORY HOT TOPIC Third Party IT Vendor Management 1 Todays Outsourced Technology Services Core Processing Internet Banking Mobile Banking Managed Security Services Managed Data Center Services And
More informationCFPB Compliance Management Review
General Principles and Introduction Supervised entities within the scope of CFPB s supervision and enforcement authority include both depository institutions and non-depository consumer financial services
More informationCorporate Governance Management tool. Executing On Corporate Governance
Corporate Governance Management tool Executing On Corporate Governance Corporate Governance continues to be rated HIGH on the Regulatory priority for safety and soundness 2 Corporate Governance Guidance...
More information2016 Focus Groups CFO Strategies Roundtable
2016 Focus Groups CFO Strategies Roundtable Wednesday, March 23, 2016 9:00am 12:00pm Today s Agenda Audits and Examinations 45 minutes Let s hear from each other and talk about what s new from CU*Answers
More informationFinal May Corporate Governance Guideline
Final May 2006 Corporate Governance Guideline Table of Contents 1. INTRODUCTION 1 2. PURPOSES OF GUIDELINE 1 3. APPLICATION AND SCOPE 2 4. DEFINITIONS OF KEY TERMS 2 5. FRAMEWORK USED BY CENTRAL BANK TO
More informationVendor Management Table of Contents. Table of Contents. Equity Loans
Table of Contents Table of Contents Table of Contents... 1 Chapter 1 Introduction... 5 1.1 Goals & Objectives... 5 1.2 Required Review... 5 1.3 Applicability... 5 Chapter 2 Monitoring and Quality Control...
More informationSTRATEGIES FOR EFFECTIVELY WORKING WITH THIRD-PARTIES. September 2017
STRATEGIES FOR EFFECTIVELY WORKING WITH THIRD-PARTIES September 2017 Your presenters Nancy Aubrey Partner Boston, MA Nancy.aubrey@rsmus.com Rick Shriner Principal McLean, VA Rick.shriner@rsmus.com 2 Agenda
More informationIT Risk Management: IT Audit
IT Risk Management: IT Audit Agenda Purpose of Presentation Define Purpose of IT Audit Coverage Identify Scope of IT Audit/Risk Based Audit Describe Roles and Responsibilities Identify Supervisory Expectations
More informationInternal Control Questionnaire and Assessment
Bureau of Financial Monitoring and Accountability Florida Department of Economic Opportunity September 15, 2016 107 East Madison Street Caldwell Building Tallahassee, Florida 32399 www.floridajobs.org
More informationSocial Media Policy Manual Table of Contents [Sample Client] Table of Contents. Sample
Table of Contents Table of Contents TABLE OF CONTENTS... 1 CHAPTER 1 INTRODUCTION... 3 1.1 GOALS AND OBJECTIVES... 3 1.2 REQUIRED REVIEW... 3 1.3 APPLICABILITY... 3 1.4 ROLES AND RESPONSIBILITIES... 4
More informationRisk Assessment. Consumer Risk Assessment. Using the Risk Assessment Template
Consumer CFPB s process is designed to evaluate on a consistent basis the extent of risk to consumers arising from the activities of a particular supervised entity and to identify the sources of that risk.
More informationVENDORINSIGHTU P D A T E
VENDORINSIGHTU P D A T E November 12, 2013 COMPLIANCE VendorInsight is the industry-leading solution for financial institutions offering the most features and capabilities for vendor risk monitoring. Ask
More informationTransparency in the Workforce System Establishing Firewalls & Internal Controls
Transparency in the Workforce System Establishing Firewalls & Internal Controls Presented by the Today s Objectives Define internal controls Identify components of an internal control structure Discuss
More informationInternational Standard on Auditing (Ireland) 402 Audit Considerations Relating to an Entity using a Service Organisation
International Standard on Auditing (Ireland) 402 Audit Considerations Relating to an Entity using a Service Organisation MISSION To contribute to Ireland having a strong regulatory environment in which
More informationMALIN CORPORATION PLC CORPORATE GOVERNANCE GUIDELINES. Adopted on 3 March 2015 and Amended on 26 May 2015
MALIN CORPORATION PLC CORPORATE GOVERNANCE GUIDELINES Adopted on 3 March 2015 and Amended on 26 May 2015 The following Corporate Governance Guidelines (the "Guidelines") and Schedule of Matters reserved
More informationSA 402(REVISED) AUDIT CONSIDERATIONS RELATING TO AN ENTITY USING
Part I : Engagement and Quality Control Standards I.271 SA 402(REVISED) AUDIT CONSIDERATIONS RELATING TO AN ENTITY USING A SERVICE ORGANISATION (EFFECTIVE FOR ALL AUDITS RELATING TO ACCOUNTING PERIODS
More informationInternal Control Questionnaire and Assessment
Bureau of Financial Monitoring and Accountability Florida Department of Economic Opportunity September 30, 2017 107 East Madison Street Caldwell Building Tallahassee, Florida 32399 www.floridajobs.org
More informationEffects of Changes in Attest Standards on SOC 1 Examinations
Executive Summary Subservice organizations, management s assertion responsibilities and other items are addressed in Statement on Standards for Attestation Engagements (SSAE) No. 18, Attestation Standards:
More informationCFPB Examination Procedures
Compliance Management Review General Principles and Introduction Institutions within the scope of the CFPB s supervision and enforcement authority include both depository institutions and non-depository
More informationAn Examination of an Entity s Internal Control Over Financial Reporting That Is Integrated With an Audit of Its Financial Statements
ASB Meeting July 30 August 1, 2013 Agenda Item 3B AT Section 501 An Examination of an Entity s Internal Control Over Financial Reporting That Is Integrated With an Audit of Its Financial Statements Source:
More informationCrowe Consumer Compliance Consulting Services
Crowe Consumer Compliance Consulting Services How Well Is Your Organization Managing Regulatory Risk in Consumer Banking and Financial Services? Audit / Tax / Advisory / Risk / Performance Smart decisions.
More informationEnsuring Organizational & Enterprise Resiliency with Third Parties
Ensuring Organizational & Enterprise Resiliency with Third Parties Geno Pandolfi Tuesday, May 17, 2016 Room 7&8 (1:30-2:15 PM) Session Review Objectives Approaches to Third Party Risk Management Core Concepts
More informationOFFICE OF FINANCIAL INSTITUTIONS
OFFICE OF FINANCIAL INSTITUTIONS OFI BULLETIN BL-01-2005 (B,SB,SL) February 1, 2005 TO: FROM: SUBJECT: THE CHAIRMAN OF THE AUDIT COMMITTEE AND CHIEF EXECUTIVE OFFICER/MANAGER OF ALL BANKS AND THRIFTS SIDNEY
More informationInternal Audit s Role in Third Party Risk Management (TPRM)
www.pwc.com Internal Audit s Role in Third (TPRM) Jon Pastore, Nick Fullmer Third (TPRM) Framework What is Third? Third Party risk management is focused on understanding and managing risks associated with
More informationWHAT DO WE LEASE? CONDUCTING AN ENTERPRISE-WIDE CENSUS. THE TEN PLACES TO LOOK TO FIND ALL OF YOUR LEASES
WHAT DO WE LEASE? CONDUCTING AN ENTERPRISE-WIDE CENSUS THE TEN PLACES TO LOOK TO FIND ALL OF YOUR LEASES How to Conduct an Enterprise-Wide Lease Census 2 WHAT DO WE LEASE? Since the publication of the
More informationRisk-Focused Examinations
Risk-Focused Examinations Session 704 IASA 86 TH ANNUAL EDUCATIONAL CONFERENCE & BUSINESS SHOW Understanding the Examination Process In order to be able to maximize examination efficiency and have examiners
More informationSTEPS FOR EFFECTIVE MANAGEMENT OF VENDOR AND SUPPLIER CYBERSECURITY RISKS. April 25, 2018 In-House Counsel Conference
STEPS FOR EFFECTIVE MANAGEMENT OF VENDOR AND SUPPLIER CYBERSECURITY RISKS April 25, 2018 In-House Counsel Conference Presenters: Daniela Ivancikova, Assistant General Counsel, University of Delaware Evan
More informationGuidelines of Corporate Governance
Guidelines of Corporate Governance December 2017 The Board of Directors (the Board ) of Radian Group Inc. ( Radian or the Company ) has established guidelines for corporate governance based on an assessment
More informationInternational Standards for the Professional Practice of Internal Auditing (Standards)
INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS) Attribute Standards 1000 Purpose, Authority, and Responsibility The purpose, authority, and responsibility of the
More informationThe CFPB Examination Process
The CFPB Examination Process Eric J. Mogilnicki Valerie M. Song Wilmer Cutler Pickering Hale and Dorr LLP Copyright 2013 All rights reserved. Prepared on February 5, 2013 I. Overview A. B. C. D. CFPB Examination
More informationAUDIT COMMITTEE HANDBOOK
AUDIT COMMITTEE HANDBOOK 2016 Ce document est également disponible en français Deposit Insurance Corporation of Ontario Page 1 Contents INTRODUCTION... 3 ORGANIZATION OF THE AUDIT COMMITTEE... 5 AUDIT
More informationIT EXAMS TOP 5 CITATIONS. Top 5 citations LOUISIANA BANKERS ASSOCIATION TECHNOLOGY CONFERENCE Policy and Risk Assessment 2.
IT EXAMS LOUISIANA BANKERS ASSOCIATION TECHNOLOGY CONFERENCE 2015 @TrainaCPA TOP 5 CITATIONS Top 5 citations 1. Policy and Risk Assessment 2. ACH/CATO 3. Disaster planning 4. Audit 5. Oversight 1. POLICY
More informationBSA Risk Assessments and Transaction Monitoring Systems: Partners in Crime Prevention and Detection
BSA Risk Assessments and Transaction Monitoring Systems: Partners in Crime Prevention and Detection Presented by Lynn English Lafayette Federal Credit Union Key Takeaways After this webinar, participants
More informationGovernment Auditing Standards
United States Government Accountability Office GAO By the Comptroller General of the United States August 2011 Government Auditing Standards 2011 Internet Version CONTENTS CHAPTER 1... 1 GOVERNMENT AUDITING:
More informationFDICIA Reporting for Financial Institutions. Reporting Changes Under Part 363 and SAS 130
FDICIA Reporting for Financial Institutions Reporting Changes Under Part 363 and SAS 130 CONTENTS 02 INTRODUCTION REQUIREMENTS BY TIER 03 03 Management Assessment 04 05 03 Independent Auditors FILING DEADLINES
More informationInternational Standards for the Professional Practice of Internal Auditing (Standards)
Attribute Standards 1000 Purpose, Authority, and Responsibility The purpose, authority, and responsibility of the internal audit activity must be formally defined in an internal audit charter, consistent
More informationWork Plan Updated March 3, 2014
Work Plan Updated March 3, 2014 Office of Inspector General Work Plan Updated March 3, 2014 Board of Governors of the Federal Reserve System Consumer Financial Protection Bureau Overview The Work Plan
More informationTable of Contents. Chapter 1...1
Table of Contents Chapter 1...1 The Compliance Officer...1 Overview...2 The Compliance Officer...2 What is Compliance Risk?...3 NCUA s Defined Risk Categories... 3 Skills of a Compliance Officer...6 Identifying
More informationTHE IMPORTANCE OF DEVELOPING A SOCIAL MEDIA COMPLIANCE POLICY
THE IMPORTANCE OF DEVELOPING A POLICY Why Your Financial Institution Needs to Have a Proactive Policy in Place BY OPTIMAL BLUE e-series of 7 WHITE PAPER THE IMPORTANCE OF DEVELOPING A POLICY Why Your Financial
More informationCommunity Bankers Conference
3rd Annual Regional and Community Bankers Conference The Federal Reserve Bank of Boston Disclaimer NEVER WRONG DON T COMPLETELY RELY UPON Recent Developments in Audit Practice SOX, FDICIA 112, Other Robert
More informationSOC Reports: What are they and what should you do with them? berrydunn.com GAIN CONTROL
SOC Reports: What are they and what should you do with them? berrydunn.com GAIN CONTROL AGENDA SOC REPORTS OVERVIEW RELEVANT SECTIONS TO REVIEW SOC REVIEW CHECKLIST 2 SOC REPORTS OVERVIEW 3 SOC REPORTS
More informationInternal and External Audits Table of Contents
Internal and External Audits Table of Contents Appendixes...108 A: Statutory and Regulatory Requirements...108 B: Part 363 Annual Report Worksheet...119 C: Part 363 Periodic Report Worksheet...122 D: OCC
More informationFormat and organization of GAGAS Auditor preparation of financials is a significant threat to independence 3 party arrangements in government State
The Yellow Book = GAGAS GAGAS = Generally Accepted Government Auditing Standards Overlay of Generally Accepted Auditing Standards (GAAS) issued by the Auditing Standards Board GAGAS contains the framework
More informationIAASB Main Agenda (September 2004) Page Agenda Item PROPOSED REVISED INTERNATIONAL STANDARD ON AUDITING 540
IAASB Main Agenda (September 2004) Page 2004 1651 Agenda Item 4-A PROPOSED REVISED INTERNATIONAL STANDARD ON AUDITING 540 AUDITING ACCOUNTING ESTIMATES AND RELATED DISCLOSURES (EXCLUDING THOSE INVOLVING
More informationGUIDANCE NOTE FOR DEPOSIT TAKERS (Class 1(1) and Class 1(2))
GUIDANCE NOTE FOR DEPOSIT TAKERS (Class 1(1) and Class 1(2)) Operational Risk Management MARCH 2017 STATUS OF GUIDANCE The Isle of Man Financial Services Authority ( the Authority ) issues guidance for
More informationAUDIT COMMITTEE CHARTER AS AMENDED AS OF MAY 6, 2015
AUDIT COMMITTEE CHARTER AS AMENDED AS OF MAY 6, 2015 This Audit Committee Charter ("Charter") was originally adopted by the Board of Directors (the "Board") of Kate Spade & Company (the "Company") at its
More informationIs Your Credit Union at Risk? Five Key Due Diligence Questions to Ask Your Vendors
Is Your Credit Union at Risk? Five Key Due Diligence Questions to Ask Your Vendors About Vanessa Stanfield Vanessa Stanfield Client Program Director, Vendor Management vstanfield@affiniongroup.com Vanessa
More informationStatement on February 2014 Auditing Standards 128. Using the Work of Internal Auditors
Statement on February 2014 Auditing Standards 128 Issued by the Auditing Standards Board Using the Work of Internal Auditors (Supersedes Statement on Auditing Standards [SAS] No. 65, The Auditor's Consideration
More informationAustralian Financial Markets Association. Principles relating to product approval - retail structured financial products
Australian Financial Markets Association Principles relating to product approval - retail structured financial products October 2012 Copyright in this publication is owned by the Australian Financial Markets
More informationConsumer Financial Protection Bureau Independent Audit of Selected Operations and Budget
Consumer Financial Protection Bureau Independent Audit of Selected Operations and Budget March 26, 2018 KPMG LLP Suite 12000 1801 K Street, NW Washington, DC 20006 Table of Contents EXECUTIVE SUMMARY...
More informationIn Control: Getting Familiar with the New COSO Guidelines. CSMFO Monterey, California February 18, 2015
In Control: Getting Familiar with the New COSO Guidelines CSMFO Monterey, California February 18, 2015 1 Background on COSO Part 1 2 Development of a comprehensive framework of internal control Internal
More informationThe Who, What, and Why of Service Organization Control (SOC) Engagements. Presentation to: 2nd Annual 'I Heart Audit' Conference
The Who, What, and Why of Service Organization Control (SOC) Engagements Presentation to: 2nd Annual 'I Heart Audit' Conference February 24, 2016 Agenda What is SOC? Who needs SOC? Types of SOC Engagements
More informationMARIANNE E. ROCHE ATTORNEY AT LAW
CORPORATE GOVERNANCE FOR FINANCIAL INSTITUTION DIRECTORS Prepared and presented by: MARIANNE E. ROCHE ATTORNEY AT LAW SILVER, FREEDMAN & TAFF, L.L.P. DIRECT DIAL NUMBER 3299 K STREET, N.W., SUITE 100 (202)
More informationFINANCIAL INSTITUTIONS AUDIT COMMITTEE GUIDE FOR FINANCIAL INSTITUTIONS
FINANCIAL INSTITUTIONS AUDIT COMMITTEE GUIDE FOR FINANCIAL INSTITUTIONS Dear clients and friends of the firm, Corporate governance is a significant area of focus for stakeholders of financial institutions.
More informationCatching Fraud During a Recession Through Superior Internal Controls. FICPA s 25 th Annual Accounting Show. J. Stephen Nouss September 29, 2010
Catching Fraud During a Recession Through Superior Internal Controls FICPA s 25 th Annual Accounting Show J. Stephen Nouss September 29, 2010 1 Session Objectives Fraud Facts (2008 Association of Certified
More informationApplication: All licensed institutions and supervisory personnel
Title: SR-1 Strategic Risk Management Date: FINAL Purpose: To set out the approach which the NBRM will adopt in the supervision of licensed institutions strategic risk, and to provide guidance to licensed
More information1.3.1 The responsibilities of the Parent Board include, but are not limited to, the following 1 :
POLICY: CORPORATE GOVERNANCE APPROVED BY: Board of Directors APPROVAL DATE: 13 February, 2018 EFFECTIVE DATE: 13 February, 2018 PREVIOUS UPDATES: 27 February, 2017, 25 July, 2016, 19 February, 2016, 27
More informationNTGA Compliance & Operational Manager Due Diligence Process
NORTHERN TRUST 2010 PROGRAM SOLUTIONS CONFERENCE Investment Solutions in an Uncertain World: WHAT S NEXT? NTGA Compliance & Operational Manager Due Diligence Process Allison K. Fraser VP & Sr. Compliance
More informationTypes of Systems Audit & Relevance. Presented By: Prasad Pendse, CISA
Types of Systems Audit & Relevance Presented By: Prasad Pendse, CISA Agenda Systems Audit Categories & Types of Systems Audit, Relevance IT & Application Audits Security Audits Process Audits Advantages
More informationAuditing for Effective Training
Maleka Ali M. Ali 2013 Director of Consulting & Education Page 0 Banker s Toolbox Auditing for Effective Training I. INTRODUCTION Banking organizations must develop, implement, and maintain effective AML
More informationAUDIT UNDP COUNTRY OFFICE KUWAIT. Report No Issue Date: 20 May 2014
UNITED NATIONS DEVELOPMENT PROGRAMME AUDIT OF UNDP COUNTRY OFFICE IN KUWAIT Report No. 1265 Issue Date: 20 May 2014 Table of Contents Executive Summary i I. About the Office 1 II. Audit results 1 A. Governance
More informationThe Basics of Internal Controls & Segregation of Duties
The Basics of Internal Controls & Segregation of Duties Presented by: Kevin L. Pegish, CPA Senior Audit Manager Northwest Region klpegish@ohioauditor.gov Internal Controls, we will discuss the following:
More information(Effective for audits of financial statements for periods ending on or after December 15, 2013) CONTENTS
INTERNATIONAL STANDARD ON AUDITING 315 (REVISED) IDENTIFYING AND ASSESSING THE RISKS OF MATERIAL MISSTATEMENT THROUGH UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT Introduction (Effective for audits of
More informationMinistry of Finance Comptroller General Victoria, BC
Ministry of Finance Comptroller General Victoria, BC Provide your strong leadership, financial aptitude, and communication skills to this integral role in the executive team The Ministry of Finance plays
More informationOversight of external auditors by the audit committee
Oversight of external auditors by the audit committee MCCG Intended Outcome 8.0 There is an effective and independent Audit Committee. The board is able to objectively review the Audit Committee s findings
More informationJob Family Matrix. Core Duties Core Duties Core Duties
Job Family Matrix Job Function: Finance Job Family: Banking - Professional Job Family Summary: Perform or manage a wide range of banking activities while ensuring compliance in various functions which
More informationAudit and Risk Committee Charter
Audit and Risk Committee Charter Purpose The Audit and Risk Committee ( Committee ) has been established as a committee of the board of directors ( Board ) of Trustpower Limited (the Company ) to assist
More informationFRIENDSHIP HOUSE JOB DESCRIPTION. Full Time: Monday - Friday 9AM-6PM, Weekends and evenings as needed
FRIENDSHIP HOUSE JOB DESCRIPTION Position: Supervisor: Working Schedule: Employment Status: Chief Financial Officer Executive Director Full Time: Monday - Friday 9AM-6PM, Weekends and evenings as needed
More informationACING YOUR REMOTE DEPOSIT CAPTURE AUDIT:
ACING YOUR REMOTE DEPOSIT CAPTURE AUDIT: LESSONS FROM BANKERS WHO HAVE BEEN THERE AND DONE THAT! COMPLIANCE STARTS AT THE TOP Many banks are becoming savvy about how to ace their audits after experiencing
More informationMicrosoft Cloud Agreement Financial Services Amendment
Microsoft Cloud Agreement Financial Services Amendment This Financial Services Amendment ( Amendment ) is entered into between Customer and the Microsoft Affiliate who are parties to the Microsoft Cloud
More informationIn 1992, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) issued a
Checkpoint Contents Accounting, Audit & Corporate Finance Library Editorial Materials Audit and Attest Internal Control Communications Chapter 1 INTRODUCTION AND OVERVIEW 100 Background 100 Background
More informationFamily Office and Concierge Services
Family Office and Concierge Services our service promise... listening, communicating and responding Table of Contents Why Outsource? Finance Management and Accounting Services About Us Additional Grassi
More informationCODE OF ETHICS/CONDUCT
CODE OF ETHICS/CONDUCT This Code of Ethics/Conduct ( Code ) covers a wide range of business practices and procedures. It does not cover every possible issue that may arise, but rather provides information
More informationOPERATIONAL RISK MANAGEMENT MODULE
OPERATIONAL RISK MANAGEMENT MODULE MODULE OM Operational Risk Management Table of Contents OM-A OM-B OM-1 OM-2 OM-3 OM-4 Date Last Changed Introduction OM-A.1 Purpose 01/2012 OM-A.2 [This Chapter was deleted
More informationExtended Enterprise Risk Management
Extended Enterprise Risk Management Driving performance through the extended enterprise October 2015 A network within a network The Extended Enterprise is the concept that an organization does not operate
More informationChiyoda Corporation Corporate Governance Policy (Revised on June 23, 2016)
[Translation] Chiyoda Corporation Corporate Governance Policy (Revised on June 23, 2016) This policy sets forth the basic views and basic guideline of Chiyoda Corporation (hereinafter the Company ) with
More informationCorporate Governance Statement
- 2017 OVERVIEW The Board is responsible for the overall corporate governance of the Company, including establishing and monitoring key performance goals. It is committed to attaining standards of corporate
More informationCorporate Governance Statement John Bridgeman Limited
Corporate Governance Statement John Bridgeman Limited 1 Definition In this document: ASX Board Chair CFO Company Secretary Corporations Act Director means ASX Limited ACN 008 624 691 or the securities
More informationFirm Profile TURNING RISKS INTO OPPORTUNITIES
Firm Profile TURNING RISKS INTO OPPORTUNITIES You can measure opportunity with the same yardstick that measures the risk involved. They go together. Earl Nightingale TRUSTED ADVISORS RiSK Opportunities
More informationSRI LANKA AUDITING STANDARD 315 (REVISED)
SRI LANKA AUDITING STANDARD 315 (REVISED) IDENTIFYING AND ASSESSING THE RISKS OF MATERIAL MISSTATEMENT THROUGH UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT (Effective for audits of financial statements
More information