STRONG POLICIES AND INTERNAL CONTROLS – SAFEGUARDING YOUR RESOURCES, AND YOUR REPUTATION Maria Falvo Chief Operating Officer American Savings Foundation.

Slides:

Advertisements

Similar presentations

Data Privacy and Security in the Cloud Presented by Robert J. Scott Managing Partner Scott & Scott, LLP

Advertisements

Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.

Environmental Management System Implementation

Child Safeguarding Standards

Safeguarding Data to Ensure Effective Data Use Paige Kowalski |Director| State Policy & Advocacy July 2014.

Internal Controls What Are They And Why Should I Care? 1.

Key Changes to HIPAA from the Stimulus Bill (ARRA) Children’s Health System Department Leadership Meeting October 28, 2009 Kathleen Street Privacy Officer/Risk.

Forming Your HIPAA Compliance Plan PRESENTED BY. Daniel B. Brown, Esq. Healthcare Attorney Taylor English Duma LLP Jason Karn Director Training and IT.

Navigating Compliance Requirements DCM 6.2 Regs and Codes linford & co llp.

Karen D. Smith, Esq. Partner Bricker & Eckler LLP 100 S. Third Street Columbus, OH (614)

Identity Theft & Data Security Concerns Are You Meeting Your Obligations to Protect Customer Information? Finance & Administration Roundtable February.

1 HIT Standards Committee Privacy and Security Workgroup: Recommendations Dixie Baker, SAIC Steven Findlay, Consumers Union August 20, 2009.

The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Welcome! Internal Auditing CHAPTER 1. Definition Internal auditing is an independent, objective, assurance and consulting activity designed to add value.

Risk Management for Jail Medical Programs By: Bliss McKnight, Inc.®

Security Controls – What Works

Information Security Policies and Standards

Developing a Records & Information Retention & Disposition Program:

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

Beyond HIPAA, Protecting Data Key Points from the HIPAA Security Rule.

ASPEC Internal Auditor Training Version

National Smartcard Project Work Package 8 – Security Issues Report.

HCCA HIPAA Readiness Survey Results Jody Noon Principal Deloitte & Touche Portland, OR November, 2002 John Steiner Esq. Chief Compliance Officer Cleveland.

LAW SEMINARS INTERNATIONAL New Developments in Internet Marketing & Selling November 13 & 14, 2006 San Francisco, California Moderator : Maureen A. Young.

Introduction to the Data Security and Confidentiality Guidelines for HIV, Viral Hepatitis, Sexually Transmitted Disease, and Tuberculosis Programs CSTE.

AN INTERACTIVE DISCUSSION OF LIABILITY EXPOSURES FACING NON-PROFIT ORGANIZATIONS FEBRUARY 4, 2010.

2005 MASFAA CONFERENCE CHARLESTON, WEST VIRGINIA Ginny D’Angelo Vice President of Student Loans Commerce Bank Diane Lambart Fleming Associate Director.

Implementing and Auditing Ethics Programs

Finance and Governance Workshop Data Protection and Information Management 10 June 2014.

Transitioning to the COSO 2013 Update.  Released on May 14, 2013  Designed to build upon the foundation of the 1992 Framework  Will supersede the 1992.

CORPORATE COMPLIANCE Tim Timmons Vice President Compliance and Regulatory Services Health Future, LLC.

Where’s the Money Going? 10 Things You Should Know about Internal Controls and Fraud Donna S. Brown, CPA Bob Powell, CPA November 12, 2010.

Best Practices for Protecting Data. Section Overview Mobile Computing Devices Technical Procedures Data Access and Permissions Verbal Communication Paper.

Roles and Responsibilities

Implementing and Auditing Ethics Programs

Part 6 – Special Legal Rights and Relationships Chapter 35 – Privacy Law Prepared by Michael Bozzo, Mohawk College © 2015 McGraw-Hill Ryerson Limited 34-1.

Digital Citizenship Barbara Brown, Chief Technology Officer Jody Rentfro, Emerging Technologies Specialist.

Instructional & Information Technology Services Fall, Activities and Updates Teresa Macklin Information Security Officer Information Security.

1 Contracts — Ten Steps to a Better Contract American Chamber of Commerce Executives Presented by George E. Constantine, III, Esq. Venable LLP Washington,

Greater Toronto Hockey League The Implementation of PIPEDA and Amateur Sports – A Case Study.

LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.

FleetBoston Financial HIPAA Privacy Compliance Agnes Bundy Scanlan Managing Director and Chief Privacy Officer FleetBoston Financial.

ASPEC Quality Representative Internal Auditor Training Version

The Government Recordkeeping Survey 2008 Natalie Dewson, Senior Advisor, Government Recordkeeping Programme, Archives New Zealand.

Data Governance 101. Agenda  Purpose  Presentation (Elijah J. Bell) Data Governance Data Policy Security Privacy Contracts  FERPA—The Law  Q & A.

Is HIPAA Ready for the EHR? Practical and Legal Considerations of the Interoperable Electronic Health Record Barry S. Herrin, CHE, Esq. Smith Moore LLP.

Board Room Basics PaLA Annual Conference 2015

Internal Audit Considerations for Cybersecurity Risks Posed by Vendors October th, 2015 Chicago IIA Chapter’s 2 nd Annual IIA Chicago IT Hacking.

Online Educational Services. Section Overview Contracts Click-Wrap Agreements Best Practices.

1 PARCC Data Privacy & Security Policy December 2013.

HIPAA Security John Parmigiani Director HIPAA Compliance Services CTG HealthCare Solutions, Inc.

Chapter 8 Auditing in an E-commerce Environment

Visibility. Intelligence. response Information Security: Risk Management or Business Enablement? Mike Childs Vice President Rook Security.

Organizing a Privacy Program: Administrative Infrastructure and Reporting Relationships Presented by: Samuel P. Jenkins, Director Defense Privacy Office.

Privacy Information for Advisors. Agenda PIPEDA Advisor Required Privacy Program Our MGA Privacy Program Recommendations for Advisors.

Guide to State Audits Tennessee Comptroller of the Treasury Deborah V. Loveless, CPA Director, Division of State Audit.

The Important Correlation Between Data Collection and Strong Privacy Protection: How Data Can Help Every Child Graduate Prepared For Success.

GREENBERG TRAURIG, LLP ATTORNEYS AT LAW ©2010. All rights reserved. LEGAL CONSIDERATIONS FOR ADVISER OUTSOURCING ARRANGEMENTS Contact: Arthur.

Internal Audit Section. Authorized in Section , Florida Statutes Section , Florida Statutes (F.S.), authorizes the Inspector General to review.

Board Financial Oversight Governing Board Online Training Module.

HOW TO AVOID COMMON DATA BREACH PITFALLS IAPP Privacy Academy 2014.

Moving to BYOD Gary Audin 1.

Michael Wright • Chief Security Officer • Tech Lock

Accountability & Structured Privacy Management

Warren Binford, Willamette U. College of Law

Pequea Valley School District

Confidentiality Agreement

Privacy and Cyber Security for Payroll Pros: A Global Perspective

GDPR success: Evidencing outcomes

Presentation transcript:

STRONG POLICIES AND INTERNAL CONTROLS – SAFEGUARDING YOUR RESOURCES, AND YOUR REPUTATION Maria Falvo Chief Operating Officer American Savings Foundation Bradley P. Lusk, CPA Managing Partner Sisterson & Co. LLP Deborah Shinbein, Esq. Certified Information Privacy Professional Data Law Group, P.C.

Scholars Say Promised Money Didn't Come December 08, 2013| By MATTHEW KAUFFMAN And VANESSA DE LA TORRE, Hartford Courant Background article Background article on this story.

Best Practices Establish an independent audit committee. Conduct an annual audit. Remember – auditor should report to audit committee, not to staff. Respond to all audit findings and recommendations. Conduct a formal annual review of top management. Adopt and review policies and procedures. Decide which should receive annual board approval. Regularly communicate policies and procedures to staff through an employee handbook, regular staff meetings. Provide regular education to board related to governance, compliance, policies and procedures. Perform a risk management review.

New Challenges in a Digital Age Data in many formats and locations Laws vary from state to state Policies needed for protection from liability (and compliance) Website terms of use – and other online concerns Privacy / use of personal information policy Data security policies (WISP, AUP, BYOD, more) Data retention/destruction policy Breach preparation/response policy

New Challenges in a Digital Age (Cont.) Data security tips: Oversee third party providers: Screen carefully – 3 rd party certifications, due diligence Contracts - include security requirements, audits, warranties, indemnification, breach response, termination provisions, and more Encrypt data in transit and at rest; SSL when appropriate Implement access controls, strong passwords Test your security measures (tech penetration, human errors) Update antivirus, system patches, etc. regularly Back-up frequently, specify approved use of cloud providers Don’t collect more than needed or keep longer than necessary

Our experience – what works Work with your auditor to get the most out of your annual audit. Together, look for opportunities to strengthen controls. Make sure annual review of policies is not simply pro forma. Document, review, update and follow procedures for all key activities. Consider additional challenges for a small staff. Never be satisfied. Test your assumptions.

Contact information Maria Falvo Chief Operating Officer American Savings Foundation 185 Main Street New Britain, CT phone fax Bradley P. Lusk, CPA Managing Partner Sisterson & Co. LLP 310 Grant Street Suite 2100 Pittsburgh, PA Phone: Fax: Deborah Shinbein, Esq. Data Law Group, P.C Quebec Street Denver, CO m Phone: Fax: