Solution Track 5. Managing Vendor Risk and Contingency Plans. March 26, Strategic BCP, Inc. All rights reserved. strategicbcp.
|
|
- Agatha Montgomery
- 6 years ago
- Views:
Transcription
1 Managing Vendor Risk and Contingency Plans Terence Lee Solution Track 5 March 26, 2017 Strategic BCP, Inc. All rights reserved. strategicbcp.com 1
2 Agenda: 60 Minutes Introduction What is Third Party Vendor Management GRC and 3rd Party Management How companies manage vendor risk today Vendor Risk & Contingency Management: VRCM Defining your VRCM Program Questions Strategic BCP, Inc. All rights reserved. strategicbcp.com 2
3 Take the Survey, Receive the Report! The Evolving State of Business Continuity and Vendor Management (sneak preview of results in this session) Strategic BCP, Inc. All rights reserved. strategicbcp.com 3
4 Introduction Terence Lee Strategic BCP, Inc. VP, GRC Strategy 10 years in governance, risk, and compliance with focus on IT risk and compliance 6+ years in BCM/DR Based in Providence, Rhode Island (hint: it s not an island) Strategic BCP, Inc. All rights reserved. strategicbcp.com 4
5 What IS it? Alphabet soup: (TPM) Third Party Management (VRM) Vendor Risk Management (VRCM) Vendor Risk & Contingency Management (SCRM) Supply Chain Risk Management VRM is often considered a subset of TPM VRM tends to focus just on the assessment of vendor risk TPM usually describes the entire vendor lifecycle, from Onboarding to Offboarding Strategic BCP, Inc. All rights reserved. strategicbcp.com 5
6 Defined Vendor risk management (VRM) is the process of ensuring that the use of service providers and IT suppliers does not create an unacceptable potential for business disruption or a negative impact on business performance. VRM technology supports enterprises that must assess, monitor and manage their risk exposure from third-party suppliers (TPSs) that provide IT products and services, or that have access to enterprise information. Source: Strategic BCP, Inc. All rights reserved. strategicbcp.com 6
7 From Chaos Strategic BCP, Inc. All rights reserved. strategicbcp.com 7
8 to Order (YOU ARE HERE) Strategic BCP, Inc. All rights reserved. strategicbcp.com 8
9 Who are Third Parties Anyway? IT Service Providers Distributors What is the number of critical vendors identified for your organization? (sneak preview results) Sub-contractors Consultants Suppliers Agents Strategic BCP, Inc. All rights reserved. strategicbcp.com 9
10 Lifecycle Vendor Identification Onboarding Segmentation Assessment Issues & Remediation Monitoring Offboarding Strategic BCP, Inc. All rights reserved. strategicbcp.com 10
11 The Core of Vendor Risk Management Vendor Identification Onboarding Segmentation Assessment Issues & Remediation Monitoring Offboarding Strategic BCP, Inc. All rights reserved. strategicbcp.com 11
12 Vendor Identification Vendor Identification Onboarding Segmentation Assessment Issues & Remediation Monitoring Offboarding Request to Assess Procurement, Relationship Owner, Legal, Compliance Current, Past, New Vendor Build/update their Profile Relationship Owner, Contracts, General Products and Services Strategic BCP, Inc. All rights reserved. strategicbcp.com 12
13 Onboarding Vendor Identification Onboarding Segmentation Assessment Issues & Remediation Monitoring Offboarding Complete profile and contract information Detailed product and service identification Financial and other public scoring information considered Strategic BCP, Inc. All rights reserved. strategicbcp.com 13
14 Segmentation Vendor Identification Onboarding Segmentation Assessment Issues & Remediation Monitoring Offboarding Financial commitment Information access/storage Criticality of products and services (align to your processes, products, services) Assigned a Tier Tier 1 = most critical vendor Score from segmentation should determine assessment need, and types Strategic BCP, Inc. All rights reserved. strategicbcp.com 14
15 Segmentation Vendor Identification Onboarding Segmentation Assessment Issues & Remediation Monitoring Offboarding Does your organization align vendor s products/services to the organization s functions/systems that use those products/services? (sneak preview results) Strategic BCP, Inc. All rights reserved. strategicbcp.com 15
16 Assessment Vendor Identification Onboarding Segmentation Assessment Issues & Remediation Monitoring Offboarding Different assessment types address different yet often overlapping needs Information Security: Practices, Policies, Certifications Physical Security: Locations, Countries HR Practices: Background Checks Business Continuity and DR Anti-money Laundering Foreign Corrupt Practices Act Shared Assessments SIG (The Sante Fe Group) Performed via Survey, Checklist, and/or onsite assessment Use external sources when applicable: Dow Jones Adverse Media, Rapid Ratings, D&B Financials, Clear Report, more Strategic BCP, Inc. All rights reserved. strategicbcp.com 16
17 Assessment (continued) Vendor Identification Onboarding Segmentation Assessment Issues & Remediation Monitoring Offboarding Are BCM/DR risks aligned to assessment questions Are risks aligned to your BCM/DR controls Did you develop your own, in the BCM program, or are you working with ERM, Compliance, Information Security Are your controls aligned to your authoritative documents (policies, best practices, and regulations) Strategic BCP, Inc. All rights reserved. strategicbcp.com 17
18 Issue Management & Remediation Vendor Identification Onboarding Segmentation Assessment Issues & Remediation Monitoring Offboarding Issues arise from the assessment and scoring process Issues are actioned and assigned to one or more individuals for remediation Actions are executed, evidence collected/attached as needed Issues and their actions are approved and closed accordingly Audit trail: important Strategic BCP, Inc. All rights reserved. strategicbcp.com 18
19 Monitoring: the Hard Part Vendor Identification Onboarding Segmentation Assessment Issues & Remediation Monitoring Offboarding Based on their criticality to your operational resilience Conduct assessments more frequently Update documentation Verify Controls Visit physical locations Monitor news sources Check financials regularly Measure SLA performance Confirm Policy review and attestation Report issues immediately Strategic BCP, Inc. All rights reserved. strategicbcp.com 19
20 Offboarding Vendor Identification Onboarding Segmentation Assessment Issues & Remediation Monitoring Offboarding Don t go away mad, just go away: contract termination Data collection, destruction, verification Contract requirements Actions taken, documents signed as required (legal) Strategic BCP, Inc. All rights reserved. strategicbcp.com 20
21 Revisiting the Risk Assessment Process Vendor Identification Onboarding Segmentation Assessment Issues & Remediation Monitoring Offboarding As the BCM/DR professional, do you identify and test Tier 1 Vendor recovery required for critical processes and assets in the event of a declaration, and can you ensure those actions will be successful? Do you: Conduct Contingency assessments of your Vendors Participate in your Vendor s exercises Let your clients participate in your exercises? Include your Vendor s in your exercises Identify alternative Vendors, and implement an alternative in your exercises Strategic BCP, Inc. All rights reserved. strategicbcp.com 21
22 VRCM Program Best Practices Vendor Identification Onboarding Segmentation Assessment Issues & Remediation Monitoring Offboarding As the BCM professional, understand Vendor SLA+Recovery required to recover critical processes in the event of a declaration and ensure those actions will be successful. Vendor Products and Services What are they? Who consumes them? How do they impact our recovery of processes and assets? Your operational resilience Do you know where the Vendor fits into your recovery plans? Have you tested recovery with the Vendor? What degree of confidence can you report to your leadership team that your can recover critical processes that include Vendors? Strategic BCP, Inc. All rights reserved. strategicbcp.com 22
23 VRCM Program Best Practices Vendor Identification Onboarding Segmentation Assessment Issues & Remediation Monitoring Offboarding Program participation can be challenging Why does getting a response from my vendors require a squad from the First Order?! Leverage your resources: Vendor relationship owners Super-users of Vendor products Project Managers of Vendor services Strategic BCP, Inc. All rights reserved. strategicbcp.com 23
24 The Evolving Role of the BCM Professional Does the scope of your BCM program include Vendor Risk and Recovery, Information Security, or just BCM/DR? (sneak preview results) Strategic BCP, Inc. All rights reserved. strategicbcp.com 24
25 VRCM Program Best Practices BCM/DR team is connected to the VRM team Risks and Controls are common across the company including BCM/DR Collaboration is key Vendor relationship owners are engaged and support the assessment process Vendors slow to respond to assessment requests get escalated Contract SLAs contain measurable requirements for BCM/DR Exercising with Tier 1 Vendors is difficult: resources, contract terms, and governance required But you need to do it Strategic BCP, Inc. All rights reserved. strategicbcp.com 25
26 Defining Your VRCM Program: Key Action Items 1. Program Oversight and Responsibility Ideal: create a Service Catalog to organize products and services Assign Vendor Relationship Owner: one belly-button, with an alternate 2. Capture the data: you are already describing Processes. Who are the vendors, and what products and services are critical? Line of business owners should know this and if they don t, interview one level down 3. Cross-reference Contract SLAs If the Line of business needs it, but the contract doesn t have an SLA for it <sigh> 4. Assess, Measure, Test, Verify Strategic BCP, Inc. All rights reserved. strategicbcp.com 26
27 The Focus of the BCM Professional Today Rank the priority of focus for your BCM program today (sneak preview results) Continuity of Critical Processes Recovery of Critical Applications Equal Focus on Processes & Apps Reducing Risk to the Company 4 Recovery from Cyber Incidents 5 Mitigating Third Party Risk 6 Building Better Plans 7 Doing Better BIAs 8 Getting Actionable Exercise Results 9 Integrating BCM w/other Applications 10 Strategic BCP, Inc. All rights reserved. strategicbcp.com 27
28 Take the Survey, Receive the Report! The Evolving State of Business Continuity and Vendor Management Report will be sent by April 30. Thanks for participating! Strategic BCP, Inc. All rights reserved. strategicbcp.com 28
29 VRCM Playbook: Download the Playbook: Strategic BCP, Inc. All rights reserved. strategicbcp.com 29
30 Thank You Product Demo s Mon/Tue 12:00-12:30 Coronado F Join us for Karaoke Tuesday 8pm! Come to booth 510/512 for Invitation Strategic BCP, Inc. All rights reserved. strategicbcp.com 30
Ensuring Organizational & Enterprise Resiliency with Third Parties
Ensuring Organizational & Enterprise Resiliency with Third Parties Geno Pandolfi Tuesday, May 17, 2016 Room 7&8 (1:30-2:15 PM) Session Review Objectives Approaches to Third Party Risk Management Core Concepts
More informationBC & RISK MANAGEMENT: CONVERGENCE IS REAL David Halford Forsythe Solutions Group Frank Perlmutter Strategic BCP
BC & RISK MANAGEMENT: CONVERGENCE IS REAL David Halford Forsythe Solutions Group Frank Perlmutter Strategic BCP WHY THE CONVERGENCE OF BUSINESS CONTINUITY & RISK MANAGEMENT? The convergence of BC and RM
More informationCertificate in Internal Audit IV
Certificate in Internal Audit IV The Senior Audit Role auditing key business activities Who should attend? Senior Auditors Audit Managers and those about to be appointed to that role Auditors that need
More informationThird Party Risk Management ( TPRM ) Transformation
Third Party Risk Management ( TPRM ) Transformation September 20, 2017 Internal use only An introduction to TPRM What is a Third Party relationship? A Third Party relationship is any business arrangement
More informationAdvanced Audit Techniques
Certificate in Internal Audit 4 Advanced Audit Techniques Who should attend? Senior Auditors Audit Managers and those about to be appointed to that role Auditors that need to audit projects, contracts
More informationHow to to transition to ISO One year on. Rob Acker Business Continuity Lead Assessor LRQA Ltd
How to to transition to ISO 22301... One year on Rob Acker Business Continuity Lead Assessor LRQA Ltd Agenda Structure of ISO22301 Detailed review a walk through. Section 4 understanding Section 5 leadership
More informationEffectively Communicating Enterprise-Wide Business Continuity to Senior Management and Stakeholders. October 7, 2014
Effectively Communicating Enterprise-Wide Business Continuity to Senior Management and Stakeholders October 7, 2014 Agenda Background Program Elements What Makes it Enterprise-wide Recommended Strategies
More informationThird-Party Risk: The Examiners are Coming!
Third-Party Risk: The Examiners are Coming! Brad Keller, Sr. Director, 3rd Party Strategy Prevalent Inc. Hosted by Compliance Week s assistant director of events & programs, Tsvetelina Gabin. 1 Agenda
More informationBusiness Continuity. Building a Program Fit for Purpose
Business Continuity. Building a Program Fit for Purpose Tim Janes. Director Fulcrum Risk Services Tuesday 2 September. 11.30-12.45 T Janes. BC SLIDES. RIMS Risk Forum Aust 2014 v1.0 Building a BC Program
More informationOversight by Board, Risk Management & Audit Committee (RMAC) and other committees. Second line of defense
47 In the business environment that we live in, doing nothing might be the biggest risk of all. At Cim, the Board plays a crucial role in risk oversight; it is bringing more diverse viewpoints into the
More informationVendor Management Risk Mitigation:
Vendor Management Risk Mitigation: The Importance of Having a Formalized Methodology Sun Life Financial Laura Williams AVP, Procurement Opus Sam Mele Vice President Sales sig.org/summit Case Study: Supplier
More informationRISK: The 4-Letter Word Your Mother Never Told You About. BravoSolution Mickey North Rizza VP Strategic Services.
RISK: The 4-Letter Word Your Mother Never Told You About BravoSolution Mickey North Rizza VP Strategic Services www.sig.org/eval RISK: The 4 Letter Word Your Mother Never Told You About Mickey North Rizza
More informationAgenda. Enterprise Risk Management Defined. The Intersection of Enterprise-wide Risk Management (ERM) and Business Continuity Management (BCM)
The Intersection of Enterprise-wide Risk (ERM) and Business Continuity (BCM) Marc Dominus 2005 Protiviti Inc. EOE Agenda Terminology and Process Introductions ERM Process Overview BCM Process Overview
More informationBusiness Continuity Framework
Business Continuity Framework A definition to the Components of Resiliency March, 1 Business Continuity Framework 1. INTRODUCTION... 3 2. PURPOSE... 3 3. THE FRAMEWORK... 4 4. STEERING COMMITTEE... 5 5.
More informationFlexibility of WRM and The Power of WRM. Bob Adderley
Flexibility of WRM and The Power of WRM Bob Adderley 1 Risk Management (GRCA) are the starting point but you can add on many other things including: Internal Audit Business Continuity Management Incident
More informationAssessing Your Risk Exposure Your Supplier s Risk can become your own
Assessing Your Risk Exposure Your Supplier s Risk can become your own Alisa Clemons, Supplier Performance - Team Lead Gladyne Wiley Lynch, Supplier Performance Lead MMOG/LE Analyst Make the Connection
More informationA Case Study: How Effective Risk Management Drives Global Supply Chain Optimization.
A Case Study: How Effective Risk Management Drives Global Supply Chain Optimization JLL Maureen Ehrenberg Executive Managing Director Hiperos Michele Flynn Founder & Vice Chairman DENVER FALL 2014 SU MMIT
More informationOctober WFE Response to the BoE-FCA-PRA Discussion Paper: Operational Resilience
October 2018 WFE Response to the BoE-FCA-PRA Discussion Paper: Operational Resilience Background The World Federation of Exchanges (WFE) is the global trade association for exchanges and clearing houses,
More informationA Guide to Business Continuity
A Guide to Business Continuity Getting Started Business Continuity Management is a process driven from the top of the organisation. The first stage has to be an acceptance by the Board or the Executive
More informationSticky BC How to create value and elevate your BC program in your organization
February 11 14, 2018 Gaylord Opryland Resort and Convention Center, Nashville #DRI2018 Sticky BC How to create value and elevate your BC program in your organization Ted Marquardt, Sungard AS ABCP, ACA,
More informationKey Questions for Your Functional Partners. Improving Cross-Functional Collaboration in Compliance Program Activities
Key Questions for Your Functional Partners Improving Cross-Functional Collaboration in Compliance Program Activities WHAT IT MEANS TO BE BUILT-IN This report will help integrate compliance and ethics programs
More informationVENDOR MANAGEMENT 101
VENDOR MANAGEMENT 101 Enterprise Risk Management Vendor Management Business Continuity IT GRC Internal Audit Regulatory Compliance Manager Introduction to Vendor Management About Your Presenter Andrea
More informationIntroduction to Business
ANALYSIS DESIGN IMPLEMENTATION Introduction to Business Continuity course This course is an introduction to the world of business continuity (BC). It is designed as a first step for newcomers to the subject
More informationAffirmX. New York Credit Union Association. AffirmX. Linda Bow, CUCE, CRCM Director of Compliance
New York Credit Union Association AffirmX Linda Bow, CUCE, CRCM Director of Compliance AffirmX AffirmX offers Compliance Solutions for all asset-size credit unions as well as a large variety of risk assessments,
More informationApplication Portfolio Management Why You Need IT. Your Guide: Mark Feher, Jen Scarlato
Application Portfolio Management Why You Need IT Your Guide: Mark Feher, Jen Scarlato Introductions 2 Take 5 Minutes Turn to a Person Near You Introduce Yourself Agenda 3 Introduction To APM Open Mic -
More informationGovernance Risk Awareness. Plans Procedures Facilities. Resilience Adaptability Culture
Exercise Checklists Governance Risk Awareness People Capability Skills Drills Tabletops Simulations Live exercises January 2015 Resilience Adaptability Culture Plans Procedures Facilities Response Mitigation
More informationStrategies to Mitigate the Cost of a Risky Third-Party Relationship
Strategies to Mitigate the Cost of a Risky Third-Party Relationship Experts on Panel Linda Tuck Chapman President, Ontala SIG: Sourcing Resource Center Chair, Thought Leaders Council Manu Gopeendran Senior
More informationVENDOR RISK MANAGEMENT FCC SERVICES
VENDOR RISK MANAGEMENT FCC SERVICES Introductions Chris Tait, CISA, CFSA, CCSK, CCSFP Principal, Financial Services Baker Tilly Russ Sommers, CPA, CISA Senior Manager, Financial Services Baker Tilly Agenda
More informationEfficiency First Program
Efficiency First Program Short-Term Impact; Long-Term Results Presented to: Discussion Points About AOTMP Your Telecom Environment The Efficiency First Framework Our Approach The Efficiency First Program
More informationNHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY
NHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY 1 AUTHOR/ APPROVAL DETAILS Document Author Written By: Phil Hartwell Authorised Signature Authorised By: Helen Shields Date: 06
More informationTop 5 Things to Transform your Business Continuity Program
Top 5 Things to Transform your Business Continuity Program John Liuzzi National Director of Business Continuity Southern Glazer s Wine & Spirits Tejas Katwala Co-Founder & CEO Continuity Logic 5 Transformative
More informationServiceNow Custom Training and Adoption
ServiceNow Custom Training and Adoption Overview... 3 Adoption Toolkit Deliverables... 3 Change Enablement Deliverables... 4 Custom Training Deliverables... 5 Custom Training Applications by Business Function...
More informationStarting a Vendor Assessment Program
Starting a Vendor Assessment Program Kevin Brandt, CBCP Agenda Why? Wait Really Why? Overview Policies and Procedures Implementation Work Effort Assessment Tips Special Case What About? Looking Forward
More informationBusiness Continuity vs. Operational Risk Management vs. Business Resiliency. Karen Dye Oakley, CBCP, MBCI
Business Continuity vs. Operational Risk Management vs. Business Resiliency Karen Dye Oakley, CBCP, MBCI www.karendyeconsulting.com Background Most recently with Sun Microsystems, Inc. Director, Global
More informationCompliance Risk Siemens
International In-house Counsel Journal Vol. 6, No. 24, Summer 2013, 1 Compliance Risk Assessment @ Siemens JAN HANSEN Head of Compliance Remediation & Risk Prevention, Siemens, Germany 1. Introduction
More informationAdministrative Response Business Continuity Internal Audit Report
Administrative Business Continuity Internal Audit Report Recommendation That the report of the CFO/General Manager, Asset and Financial Management Department, dated August 7, 2018, be received as information.
More informationMeet Our Presenter. Equipping You For Success: An ISO Certification Case Study
Equipping You For Success: An ISO 22301 Certification Case Study March 28, 2017 10:45 11:45 am Maureen Roskoski, Corporate Sustainability Officer, Facility Engineering Associates, PC Meet Our Presenter
More informationAdvanced Audit Techniques
Advanced Audit Techniques Who should attend? Senior Auditors Audit Managers and those about to be appointed to that role Auditors that need to audit technical or complex business areas Assurance professionals
More informationLeverage T echnology: Move Your Business Forward
Give me a lever long enough and a fulcrum on which to place it, and I shall move the world - Archimedes Copyright. Fulcrum Information Technology, Inc. Mitigate Risk of Losses, Waste and Fraud in your
More informationSESSION 304 Wednesday, November 2, 3:00 PM - 4:00 PM Track: Improving Service Management
SESSION 304 Wednesday, vember 2, 3:00 PM - 4:00 PM Track: Improving Service Management Improving Service Management Through Process Integration Troy White CEO,Heights Global Tech troy@heightsglobaltech.com
More informationBUSINESS CONTINUITY AND DISASTER RECOVERY PLANNING. Marci McCloskey, CISA, ABCP Toan Nguyen, CIA, ABCP
BUSINESS CONTINUITY AND DISASTER RECOVERY PLANNING Marci McCloskey, CISA, ABCP Toan Nguyen, CIA, ABCP SPEAKER INFORMATION Marci McCloskey, CISA, ABCP Oklahoma City, Oklahoma University of Oklahoma Stinnett:
More informationLI & FUNG LIMITED ANNUAL REPORT 2016
52 Our approach to risk management We maintain a sound and effective system of risk management and internal controls to support us in achieving high standards of corporate governance. Our approach to risk
More informationBUSINESS CONTINUITY AS A SERVICE
BUSINESS CONTINUITY AS A SERVICE CONFIDENCE IN CONTINUITY From the launch of the UK s first managed online backup services over 15 years ago, to our leading Disaster Recovery as a Service (featured in
More informationCiti Institutional Clients Group - Business Continuity Management
Citi Institutional Clients Group - Business Continuity Management Enterprise Risk Management Establishing a Risk Control-based Continuity Program, CBCP, CBCP Senior Vice President, Citi Institutional Clients
More information10/18/2018. London Governance, Risk, and Compliance
10/18/2018 Governance, Risk, and Compliance Contents Contents... 4 Applications and integrations supporting GRC workflow... 6 GRC terminology... 7 Domain separation in... 9 Policy and Compliance Management...11
More informationFirm Profile TURNING RISKS INTO OPPORTUNITIES
Firm Profile TURNING RISKS INTO OPPORTUNITIES You can measure opportunity with the same yardstick that measures the risk involved. They go together. Earl Nightingale TRUSTED ADVISORS RiSK Opportunities
More informationOutsourcing Transparency Evolution: Creating Value Across the Third-Party Extended Enterprise
Outsourcing Transparency Evolution: Creating Value Across the Third-Party Extended Enterprise @ComplianceWeek #CW2017 Release for answers to polling questions I understand that any data or information
More informationRSA. Archer Risk Intelligence Index
RSA Archer OVERVIEW In October 2015, RSA completed a global survey of almost 400 organizations to gather insight into current trends and perceptions regarding Risk Management. The survey utilized RSA s
More informationStrengthening Vendor Risk Management Program
Strengthening Vendor Risk Management Program ACUIA Region 5 Fall Meeting Portsmouth, N.H. October 2017 PKF O Connor Davies Risk Advisory Services Governance & Regulations Cyber-Security Risk Management
More informationIdentify and Manage Third Party Vendor Risks:
Identify and Manage Third Party Vendor Risks: Using Automation to Increase Visibility Westfield Group Brian Roche Chief Procurement Officer Opus Samuel Mele Vice President Sales sig.org/summit Identify
More informationBusiness Continuity Management Policy. Guidance
Management Guidance Document Type: Guidance Parent Policy: Management Policy Policy Owner: Chief Supt Department: Document Writer: Co-ordinator Effective Date: 12 th March 2015 Review Date: 12 th March
More informationMore Details and Registration at: sig.org/summits
PM Events AM Events 2018 Global Summit Rancho Mirage, CA Monday October 15 Tuesday October 16 Wednesday October 17 Thursday October 18 Yoga 6:00 to Registration Opens Delegate Breakfast 7:30 Featured Session
More informationHow to Build an Enterprise BC Program (That gets around the roadblocks)
February 11 14, 2018 Gaylord Opryland Resort and Convention Center, Nashville #DRI2018 How to Build an Enterprise BC Program (That gets around the roadblocks) Scott Baldwin, CBCP, MBCI VP, Strategic Product
More informationCity of Saskatoon Business Continuity Internal Audit Report
www.pwc.com/ca City of Saskatoon Business Continuity Internal Audit Report June 2018 Executive Summary The City of Saskatoon s (the City ) Strategic Risk Register identifies Business Continuity as a high
More informationIdentity and Access Management. Program Primer
Identity and Access Program Primer Executive Summary The role of identity in the modern enterprise has been steadily growing in importance over the last decade. As the enterprise technology stack continues
More informationIncident Management Framework. Part One: Overview and Policy. Final Draft. other plans. incident management framework. business as usual (BAU)
Final Draft Incident Management Framework Part One: Overview and Policy business as usual (BAU) incident management framework other plans Crisis Solutions 18 Hanover Square London, W1S 1HX Tel 0845 130
More informationEffects of GDPR and NY DFS on your Third Party Risk Management Program
Effects of GDPR and NY DFS on your Third Party Risk Management Program Please disable popup blocking software before viewing this webcast June 27, 2017 Grant Thornton LLP. All rights reserved. 1 CPE Reminders
More informationBuilding a Framework for Effective Third-Party Risk Management (TPRM)
Building a Framework for Effective Third-Party Risk Management (TPRM) GARP Webcast Series On24 Tech Tips Brenda Boultwood Christopher Thackray APRIL 2016 Make sure your speakers are on Hit F5 any time
More informationEffective Vendor Risk Management. April 21, Mario A. Mosse. This Training is Brought to you by ComplianceOnline. Presenter:
This Training is Brought to you by ComplianceOnline. Effective Vendor Risk Management Presenter: Mario A. Mosse April 21, 2017 This training session is sponsored by 2014 ComplianceOnline www.complianceonlie.com
More informationSession 608 Tuesday, October 22, 2:45 PM - 3:45 PM Track: Industry Insights
Session 608 Tuesday, October 22, 2:45 PM - 3:45 PM Track: Industry Insights Can Large Transformation Projects Work? Isabelle Baird Manager, Technology Consulting, PricewaterhouseCoopers LLP isabelle.baird@us.pwc.com
More informationEquipping You For Success
Equipping You For Success Maureen Roskoski, CFM, SFP, LEED AP O+M, Senior Professional Corporate Sustainability Officer Identify Benefits Implement System Engage Team Evaluate Performance Identify Benefits
More informationOptiv's Third- Party Risk Management Solution
Optiv's Third- Party Management Solution Third-Party Relationships Pose Overwhelming To Your Organization. Data Processing 641 Accounting Education 601 Payroll Processing Call Center 452 400 901 Healthcare
More informationCase Study Webinar: Vendor Risk Management at Global Lending Services
Case Study Webinar: Vendor Risk Management at Global Lending Services Al Palmer, SVP Compliance, Global Lending Services LLC (GLS) Melissa Brown, Compliance Manager, Global Lending Services LLC (GLS) John
More informationCertificate in Internal Audit 3. Advanced Audit Techniques
Certificate in Internal Audit 3 Advanced Audit Techniques Who should attend? Senior Auditors Audit Managers and those about to be appointed to that role Auditors that need to audit projects, contracts
More informationfalanx Cyber PCI-DSS: How can your organisation achieve and maintain compliance?
falanx Cyber PCI-DSS: How can your organisation achieve and maintain compliance? Contents What is PCI-DSS? 3 What type of organisation needs to be PCI-DSS compliant? 3 What do you need to achieve PCI-DSS
More information[RESTRICTED ACCESS: SECURITY] COMMONS EXECUTIVE COMMITTEE Update on business resilience capability and annual approval of Business Resilience Policy
EC2016.P.04 COMMONS EXECUTIVE COMMITTEE Update on business resilience capability and annual approval of Business Resilience Policy Paper from: David Leakey, Chair of the Business Resilience Group Paper
More informationPrepared Reviewed C.0 Issues Log C1.1 Assessment Process
Ref. Ares(2013)3769073-19/12/2013 AUDIT AUTHORITY Verification of the Managing Authority s compliance with article 125.4 c) regarding Fraud risk assessment and effective and proportionate anti-fraud measures
More informationAn Executive Guide to Third Party Management
An Executive Guide to SIG Global Summit October 14 16, 2014 Executive Summary Companies... should take a hard look at the agents conducting business on their behalf. Kara Brockmeyer, chief of the SEC Enforcement
More informationAppendix A - Service Provider RACI Model
Portfolio es: R A C / I P.1 Portfolio Strategy Centralized management of one or more portfolios (major programs), which includes identifying, prioritizing, authorizing, managing, and controlling projects,
More informationThe 13th Annual Continuity Insights Management Conference
The 13th Annual Continuity Insights Management Conference Presented by: Continuity Insights What Enterprise-Wide Business Continuity Really Means Communicating the value of BC to management and embedding
More informationAuditing the Corporate Business Continuity and Disaster Recover Plan
Auditing the Corporate Business Continuity and Disaster Recover Plan IIA 16 th Annual Conference Transforming Internal Audit to Drive Value Sarova Whitesands, Mombasa June 2018 International ), a Swiss
More informationCustomer Due Diligence A Risk Based Approach. Dr Tony Wicks Director of AML Solutions NICE Actimize
Customer Due Diligence A Risk Based Approach Dr Tony Wicks Director of AML Solutions NICE Actimize tony.wicks@actimize.com PLEASE NOTE that, to the extent that Actimize provides, in this presentation or
More informationBusiness Continuity Management for Singapore s Logistics Sector. By Singapore Business Federation and Singapore Logistics Association
Business Continuity Management for Singapore s Logistics Sector By Singapore Business Federation and Singapore Logistics Association Are You Ready? In today s highly connected business landscape, disruptions
More informationRole of Operational Risk in the Product Lifecycle Presented By: Chris Nestore, SVP Head of Operational Risk Management, TD Bank
Role of Operational Risk in the Product Lifecycle Presented By: Chris Nestore, SVP Head of Operational Risk Management, TD Bank Product Governance Overview Regulatory agencies have increased interest and
More informationGlobal Crises: What We Really Need to Do to Be Prepared. Day One / Session C5
Global Crises: What We Really Need to Do to Be Prepared Day One / Session C5 April 12, 2010 Clyde Berger Adam Chusid 0 Today s Objectives Present practical solutions for building a viable sustainable program
More informationBest Practices: Vendor Risk Questionnaires PROCESSUNITY WEBINAR SERIES
Best Practices: Vendor Risk Questionnaires PROCESSUNITY WEBINAR SERIES Today s Presenters Tom Garrubba Senior Director Shared Assessments Bryan Burnhart Head of Strategic Alliances ProcessUnity Ed Thomas
More informationFrom Insights to Action:
From Insights to Action: The Role of Financial Health Analytics in Building a More Resilient Supply Chain RapidRatings Nitin K. Walia Head of Ratings Operations From Insights to Action The Role of Financial
More informationCAPITA PLC POLICY PREVENTION OF MODERN SLAVERY STATEMENT PUBLIC. Classification Version 1
CAPITA PLC POLICY PREVENTION OF MODERN SLAVERY STATEMENT Classification Version 1 Date of Issue April 2017 CONTENTS 1 STATEMENT 1.1 PURPOSE... 3 1.2 SCOPE... 3 1.3 POLICY STATEMENT... 3 1.4 RESPONSIBILITIES...
More informationProtecting Information Assets - Unit #9 - Business Continuity and Disaster Recovery Planning. MIS 5206 Protecting Information Assets
Protecting Information Assets - Unit #9 - Business Continuity and Disaster Recovery Planning Agenda Contingency Planning (CP) IT Security Control Class and Family Business Continuity and Disaster Recovery
More informationPASS4TEST IT 인증시험덤프전문사이트
PASS4TEST IT 인증시험덤프전문사이트 http://www.pass4test.net 일년동안무료업데이트 Exam : ISO20KF Title : ISO / IEC 20000 Foundation Vendors : EXIN Version : DEMO Get Latest & Valid ISO20KF Exam's Question and Answers from
More information18 Business Continuity Management
18 Business Continuity Management Business Continuity is the strategic and tactical capability of the organisation to plan for and respond to incidents and business disruptions in order to continue business
More informationISO Business Continuity Management. Your implementation guide
ISO 22301 Business Continuity Management Your implementation guide Build a robust and resilient organization with ISO 22301 It s never been more important to protect your business from the unexpected.
More informationRight-sizing SOX Frameworks with Risk Management. Chris McClean Vice President, Research Director
Right-sizing SOX Frameworks with Risk Management Chris McClean Vice President, Research Director Presenters Chris McClean Vice President, Research Director Serving Security & Risk Professionals Forrester
More informationInside of a ring or out, ain t nothing wrong with going down. It s staying down that s wrong. Muhammad Ali
MANAGING OPERATIONAL RISK IN THE 21 ST CENTURY White Paper Series Inside of a ring or out, ain t nothing wrong with going down. It s staying down that s wrong. Muhammad Ali 2 In today s competitive and
More informationRisk and Compliance Services
Risk and Compliance Services Helping clients manage business and regulatory risks Introduction General background Protiviti (www.protiviti.com) is a global consulting firm that helps companies solve problems
More informationDisaster Preparedness & Your Supply Chain
Disaster Preparedness & Your Supply Chain Scott Teel, Agility Recovery Today s session will be recorded. Links to the archived recording will be emailed to all registrants automatically tomorrow. For copies
More informationEnabling a Comprehensive Platform for BCMP that integrates People, Process and Technology
Enabling a Comprehensive Platform for BCMP that integrates People, Process and Technology TM Overview Perpetuuiti provides an intelligent, end-to-end automated approach towards Business Continuity Planning
More informationLeading Change: Building Organisational Resilience. Jean D. Rowe, MBCI, CDCP May 1, 2017
Leading Change: Building Organisational Resilience Jean D. Rowe, MBCI, CDCP May 1, 2017 Jean.Rowe@ae.ey.com Agenda What is Organizational Resilience? Why Should You Care? Are You Prepared? What Do You
More informationAdvancing your BCP Program
BCP and DR Planning for Healthcare Organizations Advancing your BCP Program Agenda for Presentation Stick to the basics Know your crucial technology Get your clients input - BIA Obtaining senior management
More informationData maturity model for digital advertising
Data maturity model for digital advertising Prepared for: Introduction why develop a data maturity model? The past decade has seen companies in media, advertising, marketing and commerce rapidly transition
More informationRisk Management Strategy
Risk Management Strategy 2017-2019 Created by: Role Name Title Author / Editor Kevin McMahon Head of Risk Management & Resilience Lead Executive Margo McGurk Director of Finance & Performance Approved
More informationDefining and promoting excellence in the provision of mobile money services
SAFEGUARDING OF FUNDS DATA PRIVACY AML/CFT/FRAUD PREVENTION STAFF AND PARTNER MANAGEMENT CUSTOMER SERVICE TRANSPARENCY QUALITY OF OPERATIONS SECURITY OF SYSTEMS Defining and promoting excellence in the
More information15,500+ 5, , ,000. Bloomberg Corporate Profile. Real-time financial information. employees. 192 locations around the world
Bloomberg Corporate Profile Bloomberg, the global business and financial information and news leader, gives influential decision makers a critical edge by connecting them to a dynamic network of information,
More informationRisk and Compliance Services
Risk and Compliance Services Helping clients manage business and regulatory risks Internal Audit, Risk, Business & Technology Consulting Introduction General background Protiviti (www.protiviti.com) is
More informationREGULATORY HOT TOPICS FOR INTERNAL AUDITORS: EVALUATING THE USE OF AML TECHNOLOGY
REGULATORY HOT TOPICS FOR INTERNAL AUDITORS: EVALUATING THE USE OF AML TECHNOLOGY Shaheen Dil MANAGING DIRECTOR, PROTIVITI John Atkinson DIRECTOR, PROTIVITI Carl Hatfield DIRECTOR, PROTIVITI Chetan Shah
More informationOn the Alert: Incident Response Plan for Healthcare 111/13/2017
On the Alert: Incident Response Plan for Healthcare 111/13/2017 Presenter Introductions Nadia Fahim-Koster Managing Director, IT Risk Management Meditology Services Kevin Henry Senior Associate, IT Risk
More informationBusiness Continuity Management An Auditor s Perspective July 25, 2017
NASPL 2017 Professional Development Seminar Nashville, TN Business Continuity Management An Auditor s Perspective July 25, 2017 Presented by Mark Caiazzo, Principal Agenda Business Continuity Process BCM
More informationGuidance on Arrangements to Support Operational Continuity in Resolution
Guidance on Arrangements to Support Operational Continuity in Resolution 18 August 2016 ii Table of Contents 1. Introduction... 5 2. The concept of operational continuity... 7 Critical shared services
More informationEvolving Core Tasks for Improved Internal Audit Performance. Copyright 2018 AuditBoard Inc. 1
Evolving Core Tasks for Improved Internal Audit Performance Copyright 2018 AuditBoard Inc. 1 Introductions Built by experienced auditors, AuditBoard allows enterprises to collaborate, manage, analyze and
More informationRisk Advisory Services Developing your organisation s governance for competitive advantage
Advisory Services Developing your organisation s governance for competitive advantage The Deloitte Advisory Platform of Services can help you to govern your strategic plan to guide your operations measure
More information