1. Emerging Audit and Internal Control Issues
AIBA Compliance Seminar
June 13, 2013
Regina A. Stone, Deputy Superintendent

2. Business Continuity and Disaster Recovery Resolution Planning (tips)
Agenda
Business Continuity and Disaster Recovery
Resolution Planning (tips)
Common Examination Findings
For Discussion Purposes Only

3. Business Continuity and Disaster Recovery

4. Emergency plan should include, but not be limited to:
BCP/DR
Emergency plan should include, but not be limited to:
Protection of Personnel
Continuity of Management
Reconstruction of Essential Records
Alternate Operating Headquarters
For Discussion Purposes Only

5. Designate an Emergency Security Officer
Plan
Written (in detail)
Designate an Emergency Security Officer
Provide for Training of Personnel, and
Be tested annually, if not semi-annually using a table-top exercise. Such test should be observed by internal audit.
For Discussion Purposes Only

6. Protection of Staff should include:
Accounting for health and safety of staff
Identification of critical staff for resuming business
A communication plan, and
Staging of critical staff for business continuity.
For Discussion Purposes Only

7. Record and Asset Protection
Record and Asset protection should include:
Financial record backed-up daily and stored off-site
Activation of back-up site procedures
Back-up site on a different power grid; and
Full testing of plan, including readability of back-up tapes/disks; and computer access levels for staff.
For Discussion Purposes Only

8. Internal Audit and Resolution Planning

9. Internal Audit Risk Matrix basis vs. Legal Entity basis
Interconnected risk
Interdependence risk
Being able to “unplug” a business unit from the organization
Pre- and Post reviews of organizational changes
For Discussion Purposes Only

10. Due From/To Management Position Management
Due From/To Position
Due From/To Management Position Management
Business Strategy
Volume and Level of position
Volatility of the position
Exit strategy
Contingent Funding Plan (today)
For Discussion Purposes Only

11. Common Examination Findings

12. Common Examination Findings
Control Functions:
Independent Credit Review Function
Quality Assurance within internal audit and compliance
Better oversight over collateral
Local risk management over counterparty, credit, market, liquidity risks,
Including local stress-testing
Audit Specific
Comprehensive set of key risk indicators and risk assessment = Covering all aspects of the institution
Document the audit sampling rationale
Timely audit reports + audit of disaster recovery tests
For Discussion Purposes Only

13. For Discussion Purposes Only