Ongoing Monitoring Programs. Contents Monitoring Program Basics Monitoring Program Mechanics.

Slides:

Advertisements

Similar presentations

Staff Council Presentation You and Your PSD “Position Source Document” Human Resources Eduardo Salaz Associate Vice President and Chief Human Resources.

Advertisements

Web Portal Governance Roles and Responsibilities.

QUALITY ASSURANCE AND IMPROVEMENT PROGRAM (QAIP)

U.Va.’s IT Security Risk Management Program (ITS-RM) April 2004 LSP Conference Brian Davis OIT, Security and Policy.

Welcome! Internal Auditing CHAPTER 1. Definition Internal auditing is an independent, objective, assurance and consulting activity designed to add value.

Performing a Fiduciary Review of Trust Administration FIRMA April 2009 Independent Fiduciary Services ® Independent Fiduciary Services, Inc.  th.

Security Controls – What Works

Developing a Records & Information Retention & Disposition Program:

IT Strategic Planning Project – Hamilton Campus FY2005.

Coordinating Center Overview November 18, 2010 SPECIAL DIABETES PROGRAM FOR INDIANS Healthy Heart Project Initiative: Year 1 Meeting 1.

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

Quality evaluation and improvement for Internal Audit

Internal Control and Internal Audit

3rd Party Risk Categorization Process

© 2012 McGladrey LLP. All Rights Reserved.© 2014 McGladrey LLP. All Rights Reserved. © 2012 McGladrey LLP. All Rights Reserved. © 2013 McGladrey LLP. All.

Copyright © 2014 Lender Performance Group, LLC. All rights reserved. Managing risks associated with third-party relationships, in other words Vendor Management.

Outsourcing Policy & Procedures An Overview for Staff Prepared by MSM Compliance Services Pty Ltd.

Effort Reporting: A Departmental Approach to Meeting Audit Requirements Dianne Valdez, MBA, CIA, CISA, CCSA Enrique Valdez Jr., MBA.

E XAMINATION AND E NFORCEMENT I SSUES : B EYOND T HE P ILLARS The AMLA Third Annual Full Day BSA/AML Conference October 4, 2013 Presented by: John M. Geiringer.

Chapter 11.  The board is ultimately responsible for risk management  Oversee strategic risks, operational risks, and financial risks  Many federal.

Basel Accord IITRANSITIONSERVICES Business Integration Support FCM Management Limited Paris New York Toronto.

Vendor Risk: Effective Management is Essential

Welcome to the Minnesota SharePoint User Group. Introductions / Overview Project Tracking / Management / Collaboration via SharePoint Multiple Audiences.

Learning with a Purpose: Learning Management Systems Patti Holub, Director District Initiatives and Special Projects Miguel Guhlin, Director Instructional.

Compliance System Validation - An Audit Based Approach December 2012 Uday Gulvadi, CPA, CIA, CISA, CAMS Director - Internal Audit, Risk and Compliance.

Presenting The Broker-Dealer Certification Tool The Compliance Department Inc. Broker Dealer Compliance Consultants Compliance SCORE Powered by Keane BRMS.

Managing Third Party Risk In a world fraught w/Risk Trust In the Cloud How are you Protecting Customer Data? February 26, 2014 Case Study Vincent Campitelli.

Implementing and Auditing Ethics Programs

Planning, Doing, Reviewing. To provide quality and professional services through training and technical assistance to its customers, thereby producing.

Maximizing Captive Value Through Teamwork. Speakers: Irena Kaler, Executive Director/CAO, RWJ Health Network Insurance Services Ken Rand, Managing Director,

What is a Business Analyst? A Business Analyst is someone who works as a liaison among stakeholders in order to elicit, analyze, communicate and validate.

Oversight of the ERISA Fiduciary April 9, 2008 J. David Thompson Bank of New York Mellon Corporation.

1 Reduction to our parliamentary appropriations Our challenge doesn’t end there.

Manage Your Risk Utilizing Collaborative Partnerships to analyze, simplify, compare & strategize.

Setting Standards for Outsourcing Vivienne Sullivan

IT Governance: COBIT, ISO17799 & ITIL. Introduction COBIT ITIL ISO17799Others.

FleetBoston Financial HIPAA Privacy Compliance Agnes Bundy Scanlan Managing Director and Chief Privacy Officer FleetBoston Financial.

Balance Between Audit/Compliance and Risk Management- Best Practices FIRMA 21 st National Training Conference Julia Fredricks, U.S. Chief Compliance Officer.

How to deal with the implications of New Regulation 28 Magda Wierzycka CEO SYGNIA ASSET MANAGEMENT.

Third-Party Oversight Strategies. Oversight Strategies Obtain executive sponsorship for the program and report status of reviews and issues to them and.

Fiduciary Responsibility. What is a Fiduciary? Has control of retirement funds and/or investment options in a 401(k) Plan; Gives investment advice; or.

Internal Audit Considerations for Cybersecurity Risks Posed by Vendors October th, 2015 Chicago IIA Chapter’s 2 nd Annual IIA Chicago IT Hacking.

MF Policy Compliance Review Rural Bankers Association of the Philippines- Microenterprise Access to Banking Services (RBAP-MABS) Supervisors Training Course.

Crown copyright: State Services Commission, March Information for New Members of Crown Entity Boards Information for New Members of Crown Entity.

Internal Control Systems

Vendor Management from a Vendor’s Perspective. Agenda Regulatory Updates and Trends Examiner Trends Technology and Solution Trends Common Issues and Misconceptions.

Community School Sponsor Evaluation Advisory Panel Final Recommendations.

Tax Administration Diagnostic Assessment Tool MODULE 11 “POA 9: ACCOUNTABILITY AND TRANSPARENCY”

Project Management Processes for a Project

FIRMA National Risk Management Training Conference – Orlando, FL Wednesday April 9, 2008 Third Party / SAS 70 Reports A Regulatory and Standards Update.

CO – CART Project Status Protocol Revision Subcommittee Update 08/17/2006.

BSBPMG501A Manage Project Integrative Processes Manage Project Integrative Processes Project Integration Processes – Part 2 Diploma of Project Management.

Fiduciary Responsibilities of the District. Fiduciary Duties of District Board Members One of the main responsibilities of board members is to maintain.

RE-AIM Framework. RE-AIM: A Framework for Health Promotion Planning, Implementation and Evaluation Are we reaching the intended audience? Is the program.

Internal Audit Quality Assessment Guide

QUALITY CONTROL CAIRO 12 – 14 April One of the key characteristics is the degree of independence under which post- clearance audits are carried.

Washington State Auditor’s Office Third Party Receipting Presented to Washington Public Ports Association June 2016 Peg Bodin, CISA.

1 The Top Ten Tools Every Subcontract Manager Needs Breakout Session # A15 Name: Jim W. Kirlin Date: July 30, 2012 Time: 11:15 a.m. – 12:30 p.m.

Key to an Effective Red Book Shop JUAN R PEREZ, CHIEF OF AUDITS COUNTY OF SAN DIEGO MARCH 9, 2016.

SUNY Maritime Internal Control Program. New York State Internal Control Act of 1987 Establish and maintain guidelines for a system of internal controls.

What Is Vendor Management And Why Is It Important To You?

Investment Outsourcing

The Five Secrets of Project Scheduling A PMO Approach

Today’s Agenda The importance of a conversation

Microsoft SAM Managed Service Program

Payment Card Industry Data Security Compliance

Board of Directors Roles and Responsibilities

SharePoint Online Authentication Patterns

Microsoft SAM Managed Service Program

Anatomy of a Common Cyber Attack

Presentation transcript:

Ongoing Monitoring Programs

Contents Monitoring Program Basics Monitoring Program Mechanics

Monitoring Program Basics Key component of Vendor Resilience program: o This is the set of compensating controls that support a firm’s policy o Each firm’s program will be unique for its needs o It will be one of the areas that will be reviewed by auditors and regulators regularly o Needs to be consistently applied for all third-parties across the firm using a repeatable process o The firm will need to retain documentation to support the monitoring program which are also going to be reviewed by auditors and regulators as part of their controls reviews.

Monitoring Program Mechanics Each firm will need to look at their Vendor Portfolio as well as the risk groups that would be involved in reviews in order to develop their monitoring program o No two firms will have the same program but they do share common components o Risk groups can include BCP/DR, Insurance, Credit, Information Security, Technology Operations, etc. Program design will need to factor in the needs of the risk groups in order to create a repeatable assessment process. o Ideally, the program should leverage the work and artifacts collected in the initial third-party assessment that were performed as part of onboarding. Spend the time to walk through the process with test cases and adjust accordingly before rolling it out.

Monitoring Program Mechanics A key component that drives how a third party is monitored is their aggregate risk to the firm o Please refer to the Third Party Risk Categorization document under the due diligence folder for more information on Risk Assessment o Critical/Important third-parties should be reviewed annually, with the remaining third-parties at least bi-annually As part of the monitoring program, the aggregate risk should be re-evaluated to ensure that any changes in the firm’s relationship with each third-party are reflected in their rating o If services were added or dropped, the value of a contract has changed, etc.

Monitoring Program Mechanics If a firm is completely new to this or aren’t sure what to do, find a like firm who has a program and see if they’ll consider doing a best practices information sharing session. o There are also specialized consultants in this area that you can contract with An automated workflow/rules based process is recommended to standardize the reviews o Can be done internally using tools such as SharePoint, Lotus NOTES or can be externally hosted with a number of vendors in this space. Putting this process in place will require the investment of people’s time and should be treated as a full project with a plan, deliverables and a project manager.

Monitoring Program Mechanics The program should be evaluated on an annual basis to ensure that it meets the needs of the firm and adjust accordingly An administrative function will be needed to oversee the execution of the program to ensure things don’t fall through the cracks. Many firms use their Vendor Management Offices for this Reporting and risk identification/remediation tracking is key! Firms need to spend a lot of time in this area.