1 Business Continuity and Compliance Working Together Kristy Justice, AVP WaMu Card Services 08/19/2008.

Slides:

Advertisements

Similar presentations

Organizational Governance

Advertisements

The Compliance & Risk Functions In Credit Unions What Supervisors need to know? Michael Mullen ILCU Learning Advisor.

IT Control Objectives for Sarbanes-Oxley Presented by Doug Moore, Jefferson Wells International and Christine Chaney, Continental Airlines.

Chapter 14 Fraud Risk Assessment.

Chapter 10 Accounting Information Systems and Internal Controls

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Managed Funds Association’s Sound Practices for Hedge Fund Managers 2009 Edition.

1 Risk-Focused Surveillance Framework Enterprise Risk Management Symposium Chicago, Illinois April 26, 2004 Terri Vaughan, Iowa Insurance Commissioner.

1 The critical challenge facing banks and regulators under Basel II: improving risk management through implementation of Pillar 2 Simon Topping Hong Kong.

“High Performing Financial Institutions and the Keys to Success in an Uncertain Environment”

Presented by Muhamad Abrar Bahaman W. Fatimatul Akmar Md. Hassan

Introduction to Enterprise Risk Management (ERM)

ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.

Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.

1 Sarbanes-Oxley Section 404 June 29,  SOX 404 Background 3  SOX 404 Goals 4  SOX 404 Requirements 5  SOX 404 Assertions 6  SOX 404 Compliance.

Business Crisis and Continuity Management (BCCM) Class Session

Under the Microscope Business Officers Meeting March 7, 2006 Presented by Randy Van Dyke Internal Control.

Operational risk management Margaret Guerquin, FSA, FCIA Canadian Institute of Actuaries 2006 General Meeting Chicago Confidential © 2006 Swiss Re All.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Internal Control Concepts A Guide for Deans, Directors, and Department Chairs.

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

TEMPUS ME-TEMPUS-JPHES

Expanded Version of COSO a presentation by Steve Wadleigh Expanded Version of COSO a presentation by Steve Wadleigh Standards for Internal Control in the.

18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.

Purpose of the Standards

CORPORATE RISK MANAGEMENT & INSURANCE BY R P BLAH D.G.M. INCHARGE THE ORIENTAL INSURANCE COMPANY LIMITED REGIONAL OFFICE BHUBANESWAR.

“The Impact of Sarbanes Oxley, An Evolving Best Practice” Ellen C. Wolf Senior Vice President & Chief Financial Officer American Water National Association.

Information Systems Controls for System Reliability -Information Security-

PAINTING THE FULL PICTURE

Internal Auditing and Outsourcing

The Basel Committee’s Approach

WHERE WE ARE 22 member associations in 20 countries Over 4300 individual members who are responsible for risk management and/or insurance in their organisations.

Audits & Assessments: What are the Differences and How Do We Learn from the Results? Brown Bag March 12, 2009 Sal Rubano – Director, Office of the Vice.

Chapter 3 Internal Controls.

Vijay V Vijayakumar.  SOX Act  Difference between IT Management and IT Governance  Internal Controls  Frameworks for Implementing SOX  COSO - Committee.

Implementation Issues of Sarbanes-Oxley CASE Presentation September 23, 2004 By Denise Farnan.

Chapter 5 Internal Control over Financial Reporting

Scandals (in the public and private sector)  Enron  Worldcom  Livent  Nortel  HRDC  Sponsorship Scandal.

1 Today’s Presentation Sarbanes Oxley and Financial Reporting An NSTAR Perspective.

2010 Virginia RIMS and PRIMA Conference October 5, 2010 Business Impact Analysis: The Road Map to Managing Risks.

An Integrated Control Framework & Control Objectives for Information Technology – An IT Governance Framework COSO and COBIT 4.0.

1 Information Technology (IT) Auditing & Control Instructor: Dr. Princely Ifinedo Cape Breton University (CBU)

Private & Confidential1 (SIA) 13 Enterprise Risk Management The Standard should be read in the conjunction with the "Preface to the Standards on Internal.

Conducting Compliance Assessments and Building Internal Controls In Pharmaceutical R&D Third Annual Medical Research Summit – Session 2.01 Michael Swiatocha.

ISO 9001:2008 to ISO 9001:2015 Summary of Changes

Bank Audit. Internal Audit Internal audit is an independent, objective assurance activity and can give valuable insight in providing assurance that major.

Risk Management & Corporate Governance 1. What is Risk?  Risk arises from uncertainty; but all uncertainties do not carry risk.  Possibility of an unfavorable.

Where Do We Go From Here: Risk Management after the Financial Meltdown Kevin McCabe Wells Fargo Audit Services EVP & Chief Auditor FIRMA 24 th National.

Internal Controls Christina Urias Managing Director – International Regulatory Affairs NAIC.

Presented to Managers. INTERNAL CONTROLS are the integration of the activities, plans, attitudes, policies and efforts of the people of an organization.

TREASURY REGULATIONS’ CHANGES AND POTENTIAL IMPACT

Credit risk in banks - importance of appraisal and monitoring PRESENTED BY : KRATI VERMA (09bshyd0390)

Kathy Corbiere Service Delivery and Performance Commission

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Control and Security Frameworks Chapter Three Prepared by: Raval, Fichadia Raval Fichadia John Wiley & Sons, Inc

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Deck 5 Accounting Information Systems Romney and Steinbart Linda Batch February 2012.

Dolly Dhamodiwala CEO, Business Beacon Management Consultants

CBIZ RISK & ADVISORY SERVICES BUSINESS CONTINUITY PLANNING Developing a Readiness Strategy that Mitigates Risk and is Actionable and Easy to Implement.

Copyright © Houghton Mifflin Company. All rights reserved.8-1 Chapter 8 Developing an Effective Ethics Program.

Organizations of all types and sizes face a range of risks that can affect the achievement of their objectives. Organization's activities Strategic initiatives.

Company LOGO Chapter4 Internal control systems. Internal control  It is any action taken by management to enhance the likelihood that established objectives.

1 Internal Audit’s Role in Enterprise Risk Management March 22, 2016 Chris Kalafatis, Manager, Risk Advisory Services.

1 Vereniging van Compliance Officers The Compliance Function in Banks Amsterdam, 10 June 2004 Marc Pickeur CBFA CBFA.

Lecture 5 Control and AIS Copyright © 2012 Pearson Education 7-1.

COBIT. The Control Objectives for Information and related Technology (COBIT) A set of best practices (framework) for information technology (IT) management.

Accountability and Internal Controls – Best Practices

An overview of Internal Controls Structure & Mechanism

Presentation transcript:

1 Business Continuity and Compliance Working Together Kristy Justice, AVP WaMu Card Services 08/19/2008

2 Business Continuity and Compliance: Working Together Agenda Business Continuity Compliance: Looking at SOX and Basel II Cobit 4.0 Framework Working Together

3 Business Continuity

4 What is Business Continuity Planning? Business Continuity establishes the basis for financial institutions to recover and resume business processes when operations have been disrupted unexpectedly. Business Operations Technology Testing Communication Strategies

5 Business Continuity Why is it Important? Financial institutions play a critical role in the overall economy. The assurance that disruptions in services are minimized will foster confidence in the overall financial system and trust from the public. Additionally, Business Continuity Planning allows financial institutions to be prepared for the unexpected, and allow them to minimize potential financial losses, while continuing to service customers and financial markets.

6 Business Continuity Business Continuity process comprises of four steps: Business Impact Analysis Risk Assessment Risk Management Risk Monitoring and Testing

7 Business Continuity The first step of Business Continuity ( BIA) is: Identify and prioritize all business processes or functions Identify the potential impact of the business disruption Identify Legal and Regulatory requirements, if any

8 Business Continuity Step two Risk Assessment looks at: Evaluating the Business Impact (from step 1) Analyzing threats based upon the impact to the institution Prioritizing potential disruptions Performing a Gap Analysis

9 Business Continuity Risk Management, the third step, focuses on: Development, Implementation, and Maintenance of a BCP Plan. This includes the consideration of:  BIA and Risk Assessment from previous steps  Written and specific to conditions to implement and steps to take during implementation  Proper Management of the plan, if supported by third party  Focused on the impact of various threats  Effectiveness in minimizing service disruptions

10 Business Continuity The forth step, Risk monitoring and testing, ensures the viability of the BCP through: Incorporation of BIA and Risk Assessment into testing Roles and responsibilities assignment for implementation of testing Completion of BCP tests Evaluation and assessment of the test program and results Revision of the BCP plan, if necessary

11 Compliance: Looking at SOX and Basel II

12 Compliance: SOX and Basel II What is SOX? Drafted by Senator Paul Sarbanes and Congressman Michael Oxley, the Sarbanes Oxley Act was signed into law on July 30, 2002 by President Bush. It was enacted largely in response to a number of major corporate and accounting scandals such as Enron and MCI WorldCom, and applies to publicly traded companies and Auditors of such companies. SOX requires an annual evaluation of internal controls and procedures for financial reporting in perpetuity.

13 Compliance: SOX and Basel II SOX Responsibilities The scope of SOX responsibilities include:  At least annual assessment and review of controls which include, but are not limited to, controls related to the prevention, identification, and detection of fraud.  The CEO is ultimately responsible and should assume “ownership” of the control system. However, everyone in the organization has some responsibility for internal controls. Our efforts directly impact the reporting by our Management

14 Compliance: SOX and Basel II What is Basel? The Basel Committee was established by the central- bank Governors of the Group of Ten countries at the end of 1974 and meets regularly four times a year. In 1988, the Committee decided to introduce a capital measurement system commonly referred to as the Basel Capital Accord. This system provided for the implementation of a credit risk measurement framework with a minimum capital standard of 8% by end-1992

15 Compliance: SOX and Basel II The Basel II Framework, issued on July 4, 2006 is intended to be a comprehensive version and promote a more forward-looking approach to capital supervision, one that encourages banks to identify the risks they may face, today and in the future, and to develop or improve their ability to manage those risks. Categories include: Risk Scenario Analysis and Inventory Loss Data Risk Control Self Assessment Economic Capital Reporting

16 Cobit 4.0 Framework

17 Cobit 4.0 Framework A Cobit Framework was established in support of Management’s realization of the significance that information can have to the success of an Enterprise, the expectation of a heightened understanding of operations, and the assurance of successful management so that the Enterprise can: Achieve its objectives Be resilient to learn and adapt Judiciously manage risks Recognize opportunities and act upon them

18 Cobit Framework This governance and control framework serves a variety of internal and external stakeholders and meets the objectives of: Business focus to align Business and Technology objectives Process oriented, with a specific structure Be consistent with best practices and standards Use a common language generally understandable by all stakeholders Help meet regulatory requirements

19 Cobit 4.0 Framework The Cobit Framework is comprised of:  Plan and Organize  Acquire and Implement  Deliver and Support  Monitor and Evaluate Each of these categories has a list of Detailed Control Objectives specific to that category. These objectives provide a framework for Enterprises to ensure they are compliant with regulatory policies and standards, including SOX, Basel II, and BCP.

20 Cobit 4.0 Framework Within Cobit 4.0, Deliver and Support, there is an entire section DS4 that identifies controls specific to continuity. They include objectives such as:  DS4.1 IT Continuity Framework  DS4.2 Continuity Plans  DS4.5 Testing of Continuity Plans These objectives are directly in line with the goals of Business Continuity.

21 Working Together

22 Working Together SOX Basel II BCP Business Continuity, SOX, and Basel II are intertwined

23 Working Together – Common Threads Within BCP, SOX, and Basel II programs, there are common threads:  Process identification and prioritization  Risk assessment and evaluation  Control identification and Gap Analysis  Testing  Remediation, when necessary

24 Working Together Process Identification and Prioritization  What are each of your Business process This includes Business and Technology processes  Which processes are key or critical to continue “Business as Usual” Which processes have a direct impact to your financials (General Ledger) Which processes are the key operational processes to support your customers or stakeholders

25 Working Together Risk Assessment and Evaluation For each of the processes deemed critical, what are your risks?  Operational, Resource, Financial, Data What is your level of risk?  High, Moderate, or Low Level of Risk  Management understanding and approval of processes and risks, and necessary efforts associated with identified risks.

26 Working Together Control Identification and Gap Analysis For each risk identified as a High Risk, what are the controls in place?  How strong are these controls? Are there any gaps within the process that do not control the risk?  Does Management understand and approve gaps, or do they need to be addressed?

27 Working Together Testing and Remediation Perform testing to ensure controls in place are working as expected. Report test results to Management Remediate weaknesses or Failures  Were there any failures during testing?  Were the controls identified as weak during testing, and did not meet the objectives?

28 Working Together Although the reasons for each program may be different, the Enterprise objectives and activities that are set out for Business Continuity, SOX, and Basel are the same : To ensure controls are in place that meet regulatory requirements Reduce and mitigate risk, whether it is financial, operational, or reputation Reduce the impact to internal or external stakeholders

29 Working Together Think about the synergy of your compliance programs and consider: Are there redundancies within any of your Programs? Can resources be more aligned to work more closely together? Where can efforts be consolidated to be more efficient and cost effective, yet still meet the needs of your Enterprise and regulatory requirements?