Download presentation
Presentation is loading. Please wait.
Published byCorey Gyles Merritt Modified over 8 years ago
1
RISK ASSESSMENTS
2
WHY PERFORM A RISK ASSESSMENT
3
Fulfills Requirements Empowers management to make informed strategic decisions Identifies areas where controls are needed BENEFITS
4
REQUIRED RISK ASSESSMENTS
5
Can be required for almost any major area of credit union operations The following are specifically mentioned in regulation or guidance: BSA OFAC Customer/Member Identification Program IT/Information Security ID Theft Red Flag Vendor Management Disaster Recovery/Business Continuity Online Banking (multi-factor authentication) Remote Deposit Capture REQUIRED RISK ASSESSMENTS
6
MAKING INFORMED DECISIONS
7
Risk can never be entirely eliminated. Management must determine appetite for risk Using risk assessments will help credit unions continue to provide meaningful products and services to members while including necessary safeguards Common risks for small credit unions Snakes Silos Sinkholes MAKING INFORMED DECISIONS
8
Risk assessments help you identify unintended consequences SNAKES
9
Risk assessments help you determine vulnerabilities created when one person has control over vital systems or has all the expertise/knowledge in the credit union SILOS
10
SINKHOLES Risk assessment help you prepare for the unexpected
11
OUTCOME OF A RISK ASSESSMENT
12
Reject the plan Accept the plan Accept the plan and minimize risk with controls OUTCOME OF A RISK ASSESSMENT
13
PERFORMING A RISK ASSESSMENT
14
Uncomplicated process for an uncomplicated institution Risks are probably already well known Control measures are probably already in place or easy to implement Follow an easy four step process: Identify risk/risk area Determine the overall degree of risk Identify areas of concern Decide on precautions (controls) BASIC RULES
15
What areas of an operation are vulnerable or what could go wrong? Use risk assessment guidance Ask others Past experiences IDENTIFY THE RISK AREA
16
How likely is it that a specific area could cause problems? How likely is it that a specific event could come to pass? EVALUATE THE DEGREE OF RISK
17
Zero risk? What/who might be harmed and why? For each risk, be clear about who/what might be harmed; it will help identify the best way of managing the risk. IDENTIFY AREAS OF CONCERN
18
“Reasonable and practicable” “SMART” controls DECIDE ON CONTROLS
19
Systems Monitoring Accountability Response Training “SMART” CONTROLS
20
FINAL THOUGHTS
21
Record your findings and implement them Develop procedures Review your risk assessment and update if necessary FINAL THOUGHTS
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.