Presentation is loading. Please wait.

Presentation is loading. Please wait.

Compliance System Validation - An Audit Based Approach December 2012 Uday Gulvadi, CPA, CIA, CISA, CAMS Director - Internal Audit, Risk and Compliance.

Published byMarjory Rice Modified over 9 years ago

Similar presentations

Presentation on theme: "Compliance System Validation - An Audit Based Approach December 2012 Uday Gulvadi, CPA, CIA, CISA, CAMS Director - Internal Audit, Risk and Compliance."— Presentation transcript:

1 Compliance System Validation - An Audit Based Approach December 2012 Uday Gulvadi, CPA, CIA, CISA, CAMS Director - Internal Audit, Risk and Compliance Mahesh Viswanathan, CAMS Sr. Vice President

2 Wide range of service providers and skills Inconsistent quality of the assessment and deliverables Often independent contractors are used resulting in lost continuity year to year Lacking consistent standards of performance Findings frequently not tied to risk and potential impact Level of independence is not always clear Current Challenges 2

3 System Validation Independent Assessment System Review System Verification System Audit Independent Review Terminology 3

4 Boards and management are recognizing both o Need to perform independent validations of systems and o Lack of consistent high quality “audit based” assessments in the past Critical role of technology in BSA/AML Compliance program Increased scrutiny by regulators Mitigate the probability and impact of critical risk events Avoid severe regulatory penalties and reputational risk Need for an Audit Based Approach 4

5 Required by FFIEC BSA Examination Manual: o “A periodic review of the effectiveness of the suspicious activity monitoring systems (manual, automated, or a combination) used for BSA/AML compliance.” o Evaluate the system’s methodology for establishing and applying expected activity or filtering criteria o Evaluate the system’s ability to generate monitoring reports (Cases/alerts) o Determines whether the system filtering criteria are risk based & reasonable. o Validate the auditor’s reports and work papers to determine whether the bank’s independent testing is comprehensive, accurate, adequate, and timely. Need for Audit Based Approach 5

6 Independent & Objective Systematic, Disciplined approach Assess conformance to regulations, policies & procedures Assess the culture of compliance Identify control weaknesses and remedial measures Follow up on action taken 6 What is an Audit based approach?

7 Knowledge of regulatory expectations Risk Based approach Understandin g of the “red flags” unique to the business Distinguish regulatory violations and best practices. Internal or Third-Party Credentials and Experience Appropriate, robust report, work papers 7 Essential Requirements for Audit Based approach Audit Compliance Technology

8 Planning and Scoping Assessment Validation Report Follow up Review 8 Audit based approach phases

9 Should be performed by qualified individuals within the FI or by a qualified third party Should be performed annually or should match the frequency of Risk Assessment Should consider the alignment of BSA AML System with Risk Assessment including o Customers o Geographies o Lines of Business o Products and Services Independent Validation - Components 9

10 Independent Validations - Coverage Typical Coverage Data Mapping, Interfaces and Reconciliations Risk Model Customer Due Diligence and EDD Profile configurations AML Monitoring rules – Thresholds, Effectiveness & Efficiency Audit Trails Case Management Match Level Management Sanctions Filtering Rules – Thresholds, Effectiveness & Efficiency Batch, Real Time and Incremental Filtering Business and Functional Requirements User Acceptance Testing Application Security and administration 10

11 Assessing the functionality of rules and that the data supports rule processing o Logic is not always transparent o Flaws in logic processing o Too many false positives Validating all required SWIFT Messages are being scanned Inconsistent thresholds on rules/scenarios leading to incorrect or no alerts Absence of data or poor data quality providing incorrect customer risk classification Technical Challenges 11

12 Staff and Management Implements BSA/AML Compliance Monitors Independent Audit Assesses independently 12 Organization’s Roles & Responsibilities

13 Identify high risk services, products and clients Consider results of recent audit and regulatory examinations Resolution of past remediatio n items Well- organized work papers evidencing assessment Document clear linkages between risk and assessment program 13 Keys to an Effective Validation

14 Audit based Performance Standards Consistent with professional practice standards Audit procedures and testing commensurate with risk Quality Assurance reviews Build on knowledge of best practices Continuous improvements methodology Confidentiality and Security protocols Specialized analytical tools 14

15 Assessment Report o Key observations o Associated risks and potential impact o Recommendations for risk remediation Significant Items Management Action Plan o Living document with significant findings o Management responses o Remedial action plan with “Ownership” and due dates Test Work Papers and Supporting Documentation Deliverables 15

16 Should integrate three essential skillsets: o Audit expertise o Compliance & regulatory knowledge o Strong technology and in-depth product knowledge Well defined structured process/framework that is adaptive Completely independent Continuity of permanent staff Professional Certifications – CPA, CIA, CAMS CCRP etc. Good customer references How to select a Third Party Vendor? 16

17 Internal Staff or Third-Party Credentials and Experience Knowledge of Regulatory Requirements Understands Your Institution Establishing Expectations 17 Essential qualifications AuditComplianceTechnology

18 18 Questions

Download ppt "Compliance System Validation - An Audit Based Approach December 2012 Uday Gulvadi, CPA, CIA, CISA, CAMS Director - Internal Audit, Risk and Compliance."

Similar presentations

. . . a step-by-step guide to world-class internal auditing

. . . a step-by-step guide to world-class internal auditing
PRESENTATION ON MONDAY 7 TH AUGUST, 2006 BY SUDHIR VARMA FCA; CIA(USA) FOR THE INSTITUTE OF INTERNAL AUDITORS – INDIA, DELHI CHAPTER.

PRESENTATION ON MONDAY 7 TH AUGUST, 2006 BY SUDHIR VARMA FCA; CIA(USA) FOR THE INSTITUTE OF INTERNAL AUDITORS – INDIA, DELHI CHAPTER.
Chapter 14 Fraud Risk Assessment.

Chapter 14 Fraud Risk Assessment.
Www.theiia.org Continuous Auditing Global Technology Auditing Guide 3 Twelfth Continuous Auditing and Reporting Symposium Rutgers Business School November.

Continuous Auditing Global Technology Auditing Guide 3 Twelfth Continuous Auditing and Reporting Symposium Rutgers Business School November.
Supervisory Committee Communications with Management and the Board

Supervisory Committee Communications with Management and the Board
QUALITY ASSURANCE AND IMPROVEMENT PROGRAM (QAIP)

QUALITY ASSURANCE AND IMPROVEMENT PROGRAM (QAIP)
I NDULGENC E There is no need for oversight or management direction. All staff members are superstars and act in the best interest of the company.

I NDULGENC E There is no need for oversight or management direction. All staff members are superstars and act in the best interest of the company.
Chapter 5 5-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Audit Guidance Using the Federal Information System Controls Audit Manual (FISCAM) to Achieve Audit Objectives in Financial and Performance Audits Mickie.

Audit Guidance Using the Federal Information System Controls Audit Manual (FISCAM) to Achieve Audit Objectives in Financial and Performance Audits Mickie.
Sarbanes-Oxley Compliance Process Automation

Sarbanes-Oxley Compliance Process Automation
Operational risk management Margaret Guerquin, FSA, FCIA Canadian Institute of Actuaries 2006 General Meeting Chicago Confidential © 2006 Swiss Re All.

Operational risk management Margaret Guerquin, FSA, FCIA Canadian Institute of Actuaries 2006 General Meeting Chicago Confidential © 2006 Swiss Re All.
Understanding the Client and General Planning

Understanding the Client and General Planning
Quality evaluation and improvement for Internal Audit

Quality evaluation and improvement for Internal Audit
Office of Inspector General (OIG) Internal Audit

Office of Inspector General (OIG) Internal Audit
Measuring the effectiveness of government IT systems Current ANAO initiatives to enhance IT Audit integration and support in delivering Audit outcomes.

Measuring the effectiveness of government IT systems Current ANAO initiatives to enhance IT Audit integration and support in delivering Audit outcomes.
Euseden INTERNAL AUDIT & ASSURANCE SERVICES.

Euseden INTERNAL AUDIT & ASSURANCE SERVICES.
SAFA- IFAC Regional SMP Forum

SAFA- IFAC Regional SMP Forum
Vendor Management Frequent regulatory findings:

Vendor Management Frequent regulatory findings:
Purpose of the Standards

Purpose of the Standards
Effort Reporting: A Departmental Approach to Meeting Audit Requirements Dianne Valdez, MBA, CIA, CISA, CCSA Enrique Valdez Jr., MBA.

Effort Reporting: A Departmental Approach to Meeting Audit Requirements Dianne Valdez, MBA, CIA, CISA, CCSA Enrique Valdez Jr., MBA.

Similar presentations

Ads by Google