Presentation is loading. Please wait.

Presentation is loading. Please wait.

Screening activities Mike E. Farrell James E. Bartlett and Ghislaine C.Y. Gillessen Munich, 21-22 January 2014.

Published byEugene Lamb Modified over 8 years ago

Similar presentations

Presentation on theme: "Screening activities Mike E. Farrell James E. Bartlett and Ghislaine C.Y. Gillessen Munich, 21-22 January 2014."— Presentation transcript:

1 Screening activities Mike E. Farrell James E. Bartlett and Ghislaine C.Y. Gillessen Munich, 21-22 January 2014

2 Agenda The challenge of timely screening Needs analysis Technology is part of the solution From tools to behavior Export Controls Maturity levels Business Partner on boarding 21-22 Jan 2014Full Circle Compliance2

3 Introduction Increased regulation and regulatory scrutiny Specific challenges include high volume and time-constraint Current screening solution meet needs? A new tool and related selection procedure? 21-22 Jan 2014Full Circle Compliance3

4 The challenge of timely screening In the following slides some considerations are given with regard to the initial needs analysis phase Next some thoughts are given with regard to embedding the solution as part of the overall ICP 21-22 Jan 2014Full Circle Compliance4 Needs analysis Selection criteria Long list Request for Information Response evaluation Short list

5 Needs analysis (1) Define specific requirements for the screening solution, including amongst other on the following aspects: Screening capabilities, such as on e.g. end-user, involved parties, related parties, final destination, end-use and product, including relative level of importance (H/M/L). Overview of lists to be scanned against (denied persons list, unverified list etc) including related importance rating, in line with global and local requirements. Also assess supplier’s related updating capabilities requirements. Level of accuracy (good practice >95%) and upper limit for false positive percentages (good practice<1%). Availability level (>99,9%), support structure (24x7), helpdesk capabilities, response time, performance and other service level requirements. 21-22 Jan 2014Full Circle Compliance5

6 Needs analysis (2) Real-time integration capabilities with relevant software Language capabilities (German, English and local) Architecture, platform flexibility and language support, such as unicode or c++ depending on ICT situation Normalization, intelligent adjustable matching algorithms Integrated workflow, notification and escalation model based on configurable threshold Ability to reflect organizational model Pricing and fee structure Implementation and operational burden calculated 21-22 Jan 2014Full Circle Compliance6

7 Needs analysis (3) Single sign-on capability, security, roles and responsibilities Audit trail, documentation generation, data security and record retention Ability to deal with “good guys” list User friendliness Ease of deployment, including organizational load and tuning set-up time Functional and technical specifications, development methodology Track record and client endorsements SAS 70 certification or similar 21-22 Jan 2014Full Circle Compliance7

8 Technology is part of the solution Needs have to be defined and aligned with overall ICP The needs analysis is the first step of the selection process Complex needs require a combination of technical and procedural solutions Technical solution to be assessed in conjunction with procedural impact 21-22 Jan 2014Full Circle Compliance8 Analyse as-is process Target operating model Gap analysis Transformation plan and implement Training Roll-out and monitor RequirementsTechnology selectionDesignBuildTestSupport Procedural aspects Technological aspects

9 From tools to behavior 21-22 Jan 2014Full Circle Compliance9 2. Risk Assessment and Gap Analysis Carry out detailed risk assessment to identify areas of highest risk and perform gap analysis 4. Design & Development of Framework Development of export controls compliance framework to address risks and gaps 6. Sustainable Compliance Framework Reporting and Monitoring Continuous improvement Embed values & behaviours 3. Detailed Review of Risk Detailed risk- based review of existing export controls framework Leadership commitment and “tone from the top” 5. Remediation and Implementation Design and build controls Implement and Test Values and Behaviours Driven Approach 1. Regulatory requirements Analysis Analyze regulatory requirements

10 From tools to behaviour 21-22 Jan 2014Full Circle Compliance10 Confidential reporting arrangements Compliance organization PreventDetectRespond Policies & guidelines 1 Risk assessment & mitigating controls 2 Training & communications Business partner due diligence 3 5 Finance organization 7 Human Resources organization 8 Internal Audit organization 9 6 4 Continuous improvement

11 ICP 21-22 Jan 2014Full Circle Compliance11 The path to get ‘Best Value’ ECMS maturity levels “Best Value” NET COST Integrated internal controls with real time monitoring by management and continuous improvement. Phase 5 Optimized Standardized controls with periodic testing for effective design and operation with reporting to management. Phase 4 Monitored Phase 3 Standardized Control activities are designed, in place, adequately documented and communicated to employees. Control activities are designed and in place, but are not adequately documented. There are no formal training or communication of control activities. Unpredictable environment where control activities are not designed or in place. Phase 2 Informal Phase1 Initial / ad hoc

12 Business Partner on boarding 21-22 Jan 2014Full Circle Compliance12 Business Partner Data ERP systemsVendor master Approvals & Contracting / Contract amendments Identify, Consolidate, and De-Duplicate Business Partners Risk Assessment Risk Analysis & Rating Business Partner Risk Classification Segmented into Low, Medium & High Risk CRM systems Perform Due Diligence Incident response and remediation Auditing Continuous Reassessment Reporting / Monitoring Control environment and tone at the top Governance, executive sponsorship, compliance enforcement Training, polices and change management Technology, tools and information management Standardize or systematize using third party databases, industry specific factors, questionnaires, etc. Screening is part of the overall business partner on boarding process

13 Prevent, Detect and Remediate 21-22 Jan 2014Full Circle Compliance13 Not for further distribution without the permission of Full Circle Compliance Contact Details Michael E. Farrell mefarrell@fullcirclecompliance.eu +31625000225 Ghislaine C.Y. Gillessen ghislaine.gillessen@fullcirclecompliance.eu +31612708422 James.E. Bartlett III Jebartlett@fullcirclecompliance.us

Download ppt "Screening activities Mike E. Farrell James E. Bartlett and Ghislaine C.Y. Gillessen Munich, 21-22 January 2014."

Similar presentations

Audit Considerations for your 11i implementation Richard Byrom Oracle Applications Consultant UKOUG November 2004.

Audit Considerations for your 11i implementation Richard Byrom Oracle Applications Consultant UKOUG November 2004.
EMS Checklist (ISO model)

EMS Checklist (ISO model)
Program Management Office (PMO) Design

Program Management Office (PMO) Design
Data Warehouse External Data Loads Initiation Certification April 22, 2009 Project Certification Committee April 22, 2009 1.

Data Warehouse External Data Loads Initiation Certification April 22, 2009 Project Certification Committee April 22,
Data Warehouse External Data Loads Implementation Certification May 27, 2009 Project Certification Committee May 27, 2009 1.

Data Warehouse External Data Loads Implementation Certification May 27, 2009 Project Certification Committee May 27,
Internal Control–Integrated Framework

Internal Control–Integrated Framework
State of Indiana Business One Stop (BOS) Program Roadmap Updated June 6, 2013 RFI ATTACHMENT D.

State of Indiana Business One Stop (BOS) Program Roadmap Updated June 6, 2013 RFI ATTACHMENT D.
Course: e-Governance Project Lifecycle Day 1

Course: e-Governance Project Lifecycle Day 1
© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.
IT Governance Infocom India Presentation December 6, 2006.

IT Governance Infocom India Presentation December 6, 2006.
Dr. Julian Lo Consulting Director ITIL v3 Expert

Dr. Julian Lo Consulting Director ITIL v3 Expert
© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Privacy Management for a Global Enterprise.

© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Privacy Management for a Global Enterprise.
Security Controls – What Works

Security Controls – What Works
Audit considerations for your 11i implementation Richard Byrom Oracle Applications Consultant EOUG October 2003.

Audit considerations for your 11i implementation Richard Byrom Oracle Applications Consultant EOUG October 2003.
Pertemuan 11-12 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.

Pertemuan Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.
Business Transformation Health Check

Business Transformation Health Check
Global Business Transformation Master (GBTM) Certification

Global Business Transformation Master (GBTM) Certification
ITIL: Why Your IT Organization Should Care Service Support

ITIL: Why Your IT Organization Should Care Service Support
Session 3 – Information Security Policies

Session 3 – Information Security Policies
Click to add text © 2010 IBM Corporation OpenPages Solution Overview Mark Dinning Principal Solutions Consultant.

Click to add text © 2010 IBM Corporation OpenPages Solution Overview Mark Dinning Principal Solutions Consultant.

Similar presentations

Ads by Google