RISK BASED INTERNAL AUDITING
|
|
- Solomon Hines
- 7 years ago
- Views:
Transcription
1 IMPLEMENTATION of RISK BASED INTERNAL AUDITING Inawaty Suwardi Head of Internal Audit IKATAN AKUNTAN INDONESIA "Towards a Greater Transparency and Accountability" Jakarta, November 2006
2 Current Definition of Internal Auditing An independent, objective assurance and consulting activity designed to add value and improve an organization s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes RBIA - Kongres X IAI
3 Risk Based Internal Auditing Risk Based Internal Auditing is an approach that can help to meet those requirements The Standards for the Professional Practice of Internal Auditing and the associated Practice Advisories emphasize adopting a Risk-based approach to internal auditing RBIA - Kongres X IAI
4 PERFORMANCE STANDARDS 2010.A1 The internal audit activity s plan of engagements should be based on a risk assessment, undertaken at least annually A1 Based on the results of the risk assessment, the internal audit activity should evaluate the adequacy and effectiveness of controls encompassing the organization s governance, operations, and information systems A1 When planning the engagement, the internal auditor should identify and assess risks relevant to the activity under review. The engagement objectives should reflect the results of the risk assessment. RBIA - Kongres X IAI
5 Objectives of Risk Based Internal Auditing To provide independent assurance to the board, that: The risk management processes are operating as intended These risk management processes are of sound design The responses to risks are both adequate and effective in reducing those risks to a level acceptable to the board A sound framework of controls is in place to sufficiently mitigate those risks RBIA - Kongres X IAI
6 The Practice of RBIA The key starting point is to determine that appropriate objectives have been set to determine whether the business has an adequate process for identifying, assessing and managing the risks that impact on the achievement of these objectives RBIA - Kongres X IAI
7 The Practice of RBIA. The extent to which internal audit needs to undertake its own risk assessment depends upon the risk management maturity within an organization RBIA - Kongres X IAI
8 Risk Maturity Risk Naïve Risk Aware Risk Defined Risk Managed Risk Enabled The Practice of RBIA. Risk Management Continuum Source : IIA UK/Ireland Key Characteristics No formal approach developed for risk management Scattered silo based Approach to risk management Strategy and policies in place and communicated Risk Appetite defined Enterprise wide approach To risk management Developed and communicated Risk management and Internal control fully embedded Into the operations Internal Audit Approach Promote risk management and rely on audit risk assessment Promote enterprise wide Approach to risk management and rely on audit risk assessment Facilitate risk management/liaise with risk management and use management assessment of risk when appropriate Audit risk management processes and use management assessment of risk as appropriate Audit risk management processes and use management assessment of risks as appropriate RBIA - Kongres X IAI
9 The Practice of RBIA The end result of each audit assignment should be to give assurance that risks are being managed to an acceptable level (as determined by risk appetite) or to facilitate and/or agree improvements as necessary RBIA - Kongres X IAI
10 RISK BASED INTERNAL AUDITING How We Do It in
11 Functional Activitis BANK RISK PROFILE Credit Risk Market Risk Liquidity Risk Inherent Risk Operational Risk Legal Risk Reputation Risk Strategic Risk Compliance Risk Composit Risk Credit Low Low Low Low Low Low Low Low Treasury & Investment Moderate Low Low Low Low Low Moderate Low Low Operational & Services Low Low Low Low Low Low Trade Finance & Bank guarantee Low Low Low low Low Low Low Funding Low low Low Low Low IT & MIS Low Low low Low Low HRM low Low Low Low Low Aggregate Inherent Risk Moderate Low Low Low Low Low Low Low Low RISK CONTROL SYSTEM Board and senior management Oversight Strong Strong Strong Strong Strong Strong Strong Strong Strong Policies, Procedures & Limit Acceptable Strong Strong Acceptable Strong Strong Strong Strong Strong Risk Assessment, measurement & MIS Acceptable Strong Strong Acceptable Strong Strong Strong Strong Strong Internal control Strong Strong Strong Acceptable Strong Strong Strong Strong Strong Agregate Risk Control System Strong Strong Strong Acceptable Strong Strong Strong Strong Strong Composit Risk Moderate Low Low Low Low Low Low Low RISK RATING Low Prepared by Risk Management Unit, validated by Internal Audit, submitted quarterly to BI RBIA - Kongres X IAI
12 Risk Profile. Components The eight types of Risk 1. Credit Risk 2. Market Risk 3. Liquidity Risk 4. Operational Risk 5. Legal Risk 6. Reputation Risk 7. Strategic Risk 8. Compliance Risk Four Elements of Risk Control System 1. Board & Senior Management Oversight 2. Policies, procedures and Limit structure 3. Risk measurement, monitoring & management reporting system 4. Internal Control RBIA - Kongres X IAI
13 RISK BASED AUDIT APPROACH in BCA Annual Audit Planning (Macro Risk Assessment) Individual Engagement Planning (Micro Risk Assessment) Performing Risk-Focused auditing Rating the Risk Control System RBIA - Kongres X IAI
14 MACRO RISK ASSESSMENT Identification, measurement and prioritization of audit areas Is used to create the annual audit plan Helps to allocate audit resources to the most important aspects of the enterprise RBIA - Kongres X IAI
15 Macro Risk Assessment Process 1. Define the Audit Universe 2. Assess each of the auditable unit/area with respect to: Level of the inherent risks in each of the eight inherent risks by business activity (liaise with Risk Management Unit) Previous audit rating & time lapsed since last audit 3. Develop the Annual Audit Plan based on the Ranked Audit Universe 4. Seek for approval from the President Director and Board of Commissioner RBIA - Kongres X IAI
16 Macro Risk Assessment Process Audit Universe Auditable Unit Head Office Regional Office 23 Business & Supporting functions / units 12 Regional Offices Branches 118 Main Branches 665 Sub Branches Subsidiary Companies 3 Subsidiaries RBIA - Kongres X IAI
17 Micro Risk Assessment The primary focus of RBIA is to provide reasonable assurance to the Board and Top management about the adequacy and effectiveness of the risk management and control framework in the bank s operation While examining the effectiveness of control framework, the RBIA should report on proper recording and reporting of major exceptions and excesses. Transaction testing would continue to remain an essential aspect of RBIA The extent of transaction testing will have to be determined based on the risk assessment The Micro Risk Assessment is done at the planning stage of an individual audit engagement RBIA - Kongres X IAI
18 MICRO RISK ASSESSMENT RISK PROFILE MATRIX RISK CONTROL SYSTEMS STRONG ACCEPTABLE WEAK HIGH Moderate to high aggregate risk Limited review High aggregate risk Limited Review High aggregate risk Full-scope Review required INHERENT BUSINESS RISK MODERATE Low to moderate aggregate risk Limited review Moderate aggregate risk Limited review Moderate to high aggregate risk Full scope review required LOW Low Aggregate risk Low aggregate risk Low to moderate aggregate risk No review required No review Required Limited review RBIA - Kongres X IAI
19 OVERVIEW MICRO RISK BASED AUDIT APPROACH AUDIT PLANNING FIELDWORK REPORTING Risk Assessment Audit Program / Tools Assessment of Internal Control, Risk Mgt, Corporate Governance AUDIT RATING Risk Identification Risk Measurement Prioritization Preliminary Fieldwork Procedures Design (Adequacy) Application (Effectiveness) Risk Profile RISK PROFILE MATRIX ( Audit focus ) RISK CONTROL ASSESSMENT TOOLS OBSERVATIOS/ FINDINGS ( Residual risk) Audit Report RBIA - Kongres X IAI
20 RISK FOCUSED EXAMINATION Identification of inherent business risks in various activities undertaken by business activities Evaluation of the effectiveness of the control systems for the monitoring of the inherent risks of the business activities Assign Risk Based Rating to the Control System RBIA - Kongres X IAI
21 Risk Based Rating Finding/ Observation Risk Scenario Generation Control Risk Ranking & Score Risk Control Rating Breach of Key Control 8 types of risk If it s operational risk, refer to Loss Event type classificati on (Basel) Impact : L2,L1,M,H1,H2 Likelihood : L2,L1,M,H1,H2 Extreme, High, Moderate, Low Score: 1,2,3,4,5,6,8, 9, 10,12,15,16,20, 25 Very strong, strong, acceptable, weak, Very weak Rating : 1-10 RBIA - Kongres X IAI
22 Loss Event type classification Event Type Internal Fraud External Fraud Employment Practices and workplace safety Clients, Products & Business Practices Categories Unauthorized activity Theft & Fraud Theft and Fraud Systems Security Employee Relations Safe Environment Diversity & discrimination Suitability, Disclosure & Fiduciary Improper Business or Market Practices Product Flaws Activity Examples Transaction not reported, Trans type unauthorized, Mismarking of position Fraud/credit fraud/worthless deposits, Theft/extortion /embezzlement/ robbery Misappropriation of assets, Malicious destruction of assets Forgery, Check kiting, smuggling, Bribes/ kickbacks, etc Theft/ Robbery, Forgery, check kiting Hacking damage, theft of information Compensation, benefit, termination issues. Organized labour activity General liability. Employee health & safety rule events. Workers compensation All discrimination types Fiduciary breaches/guidelines violations Suitability/disclosure issues (KYC etc) Retail consumer disclosure violations Breach of privacy, Aggressive sales, lender liability, etc Antitrust, improper trade/market practices Market manipulation, insider trading, etc Product defects, model errors Selection, Sponsorship & Exposure Advisory activities Failure to investigate client per guidelines Exceeding client exposure limits Disputes over performance of advisory activities RBIA - Kongres X IAI
23 Loss Event type classification Event Type Damage to Physical assets Business Disruption and system failures Execution, Delivery & process management Categories Disasters and other events Systems Transaction Capture, Execution & Maintenance Monitoring & reporting Customer Intake and Documentation Customer/Client Account management Trade Counterparties Vendors & Suppliers Activity Examples Natural Disaster losses Human losses from external sources (terrorism, vandalism) Hardware Software Telecommunications Utility outage/disruptions Miscommunication Data entry, maintenance or loading error Missed deadline or responsibility Collateral management failure etc Failed mandatory reporting obligation Inaccurate external report (loss incurred) Client permissions/disclaimers missing Legal documents missing / incomplete Unapproved access given to accounts Incorrect client records (loss incurred) Negligent loss or damage of client assets Non client counterparty misperformance Misc. non client counterparty disputes Outsourcing Vendor disputes RBIA - Kongres X IAI
24 Example of Scenario Generation Case : Consumer loan processing Observation The weakest step among the processing flow is registration of collateral because it has no system support, no standardized documents There has been one error recorded (but no financial loss) in the last 5 years Operation volume is approximately new loan /year with the average amount of Rp 1 billion Generated Scenario Risk Factor : Processing Risk Loss Event : Transaction capture, Execution & maintenance Description of scenario: Due to an insufficient system support and complicated documents, a staff forgets to register the collateral of loan. As a result, the bank cannot reimburse the loan from the collateral Loss Severity : Rp 3 billion (considering the analysis of loan amount distribution) Loss Frequency : once in 5 years (considering the analysis of historical loss frequency) Scenarios are generated based on the result of the qualitative assessment. Factors such as the identified control weakness, internal loss experience, business environment, and relevant industry loss experiences, are taken into consideration in generating the scenario RBIA - Kongres X IAI
25 Generated Scenario Mapping to Control Risk Ranking & Score Matrix Impact : Moderate (M) Likelihood : Unlikely (L1) Score 6 = MODERATE Mapping to Table of Risk Control Rating Moderate Impact & Low 1 Likelihood (score = 6) Risk Control rating for the process is 5 = ACCEPTABLE RBIA - Kongres X IAI
26 CONTROL RISK RANKING & SCORE Almost Certain H2 Moderate 5 High 10 Extreme 15 Extreme 20 Extreme 25 Likely H1 Moderate 4 High 8 High 12 Extreme 16 Extreme 20 Likelihood Possibl M Unlikely L1 Low 3 Low 2 Moderate 6 Low 4 High 9 Moderate 6 Extreme 12 High 8 Extreme 15 Extreme 10 Rare Low Low Moderate High High L Low Minor Moderat Major Critical L2 L1 M H1 H2 Impact RBIA - Kongres X IAI
27 RISK CONTROL RATING Control Risk Extreme Low Control Risk Rating Risk Control Ranking Score Impact Likelihood System (RCS) Low 1 Low 2 Low2 1 Very Strong Low 2 Low 2 Low1 1 Very Strong Low 2 Low 1 Low2 1 Very Strong Low 3 Low 2 Moderate 2 Strong Low 4 Low 1 Low 1 2 Strong Moderate 3 Moderate Low 2 3 Acceptable Moderate 4 Low 2 High1 3 Acceptable Moderate 5 Low 2 High 2 4 Acceptable Moderate 6 Low 1 Moderate 5 Acceptable Moderate 6 Moderate Low1 5 Acceptable High 4 High 1 Low 2 6 Weak High 5 High 2 Low 2 6 Weak High 8 High 1 Low1 7 Weak High 8 Low 1 High1 7 Weak High 9 Moderate Moderate 8 Weak High 10 Low 1 High 2 9 Weak High 12 Moderate High1 9 Weak Extreme 10 High 2 Low 1 10 Very Weak Extreme 12 High 1 Moderate 10 Very Weak Extreme 15 Moderate High2 10 Very Weak Extreme 15 High 2 Moderate 10 Very Weak Extreme 16 High 1 High1 10 Very Weak Extreme 20 High 1 High2 10 Very Weak Extreme 20 High 2 High1 10 Very Weak Extreme 25 High 2 High2 10 Very Weak Control Effectiveness Very Weak Very Strong RBIA - Kongres X IAI
28 RISK CONTROL RATING Example: Consumer Loan Description Risk Control Rating RISK CONTROL RATING Credit Market Liquidity Operation legal Reputation Strategic Compliance Control Environment 2 Strong Strong Strong Strong Risk Assessment 5 Acceptable Acceptable Strong Control Activities 6 Acceptable Acceptable Acceptable Information & Communication 5 Acceptable Strong Acceptable Monitoring 2 Strong Strong Risk Control System 4 Acceptable RBIA - Kongres X IAI
29 RISK PROFILE Example: Consumer Loan DESCRIPTION COMPOSITE RISK CONTROL Credit Market Liquidity Operation Legal Reputation Strategic Compliance INHERENT RISK Moderate Moderate n/a n/a Moderate low Low low Low RISK CONTROL SYSTEM Acceptable Acceptable n/a n/a Acceptable Strong Strong Strong acceptable RESIDUAL RISK Moderate Moderate n/a n/a Moderate low low low low RBIA - Kongres X IAI
30 RBIA - Kongres X IAI
How To Manage Operational Risk
BOM/BSD 14/February 2005 BANK OF MAURITIUS Guideline on Operational Risk Management and Capital Adequacy Determination February 2005 Revised April 2008 Table of Contents Page INTRODUCTION...3 DEFINITION
More informationOperational Risk Management Policy
Operational Risk Management Policy Operational Risk Definition A bank, including a development bank, is influenced by the developments of the external environment in which it is called to operate, as well
More informationOperational Risk Management Concept Paper
Concept Paper 2/23 PART A Overview... 3 1. Introduction... 3 2. Policy objectives... 3 3. Applicability... 3 4. Legal provisions... 4 5. Effective date... 4 6. Interpretation... 4 7. Related legal instruments
More informationSound Practices for the Management of Operational Risk
1 Sound Practices for the Management of Operational Risk Authority 1.1 Section 316 (4) of the International Business Corporations Act (IBC Act) requires the Commission to take any necessary action required
More informationModelling operational risk in Banking and Insurance using @RISK Palisade EMEA 2012 Risk Conference London
Modelling operational risk in Banking and Insurance using @RISK Palisade EMEA 2012 Risk Conference London Dr Madhu Acharyya Lecturer in Risk Management Bournemouth University macharyya@bournemouth.ac.uk
More informationRESERVE BANK OF VANUATU OPERATIONAL RISK MANAGEMENT
RESERVE BANK OF VANUATU DOMESTIC BANK PRUDENTIAL GUIDELINE NO 12 OPERATIONAL RISK MANAGEMENT 1. This Guideline outlines a set of principles that provide a framework for the effective management of operational
More informationOperational risk in Basel II and Solvency II
Operational risk in Basel II and Solvency II John Thirlwell Royal Docks Business School, University of East London 14 October 2010 Operational risk and Basel II Defining operational risk Capital for operational
More informationAn operational risk management framework for managing agencies
An operational risk management framework for managing agencies John Thirlwell Director, Operational Risk Research Forum Lloyd s Risk Forum, 28 May 2004 Operational risk and its evolution Regulators and
More informationGUIDELINES FOR THE MANAGEMENT OF OPERATIONAL RISK
SUPERVISORY AND REGULATORY GUIDELINES: PU-0412 Operational Risk 25 th November, 2013 GUIDELINES FOR THE MANAGEMENT OF OPERATIONAL RISK 1. INTRODUCTION 1.1. The Central Bank of The Bahamas ( the Central
More informationDEVELOPING A KRI PROGRAM: GUIDANCE FOR THE OPERATIONAL RISK MANAGER SEPTEMBER 2004. Mayowa BabatolaMayowa BabatolaBITS 2004 September 2
DEVELOPING A KRI PROGRAM: GUIDANCE FOR THE OPERATIONAL RISK MANAGER SEPTEMBER 2004 Mayowa BabatolaMayowa BabatolaBITS 2004 September 2 DEVELOPING A KRI PROGRAM: GUIDANCE FOR THE OPERATIONAL RISK MANAGER
More informationRisk Management Toolkit
Risk Management Toolkit Contents Section 1 Introduction 3 Section 2 Risk definition and language 7 Section 3 Risk appetite 33 Section 4 Risk governance, roles and responsibilities 51 Section 5 Risk policy
More informationOCC 98-3 OCC BULLETIN
To: Chief Executive Officers and Chief Information Officers of all National Banks, General Managers of Federal Branches and Agencies, Deputy Comptrollers, Department and Division Heads, and Examining Personnel
More informationREGULATION 9 ON OPERATIONAL RISK MANAGEMENT. Article 1 Purpose and Scope
Pursuant to Article 35, paragraph 1.1 of the Law No. 03/L-209 on Central Bank of the Republic of Kosovo (Official Gazette of the Republic of Kosovo, No.77 / 16 August 2010), Article 20 paragraph 1.3 and
More informationOperational Risk. Operational Risk Policy
Operational Risk Operational risk can be defined as a risk arising from direct or indirect loss to the bank. The causes of loss can be associated with inadequate or failed internal process, people and
More informationOperational Risk An Enterprise Risk Management Presentation
Operational Risk An Enterprise Risk Management Presentation Margaret Tiller Sherwood FCAS, ASA, MAAA, FCA, CPCU, ARM, ERMP, CERA President Tiller Consulting Group, Inc. Session Number: TBR4 Operational
More informationRISK BASED AUDITING: A VALUE ADD PROPOSITION. Participant Guide
RISK BASED AUDITING: A VALUE ADD PROPOSITION Participant Guide About This Course About This Course Adding Value for Risk-based Auditing Seminar Description In this seminar, we will focus on: The foundation
More informationInformation Technology Risk
Information Technology Risk Joint World Bank/Federal Reserve System Seminar for Senior Bank Supervisors from Emerging Economies Adrienne Haden & Mike Wallas Board of Governors of the Federal Reserve System
More informationOperational Risk Management in Insurance Companies
Operational Risk Management in Insurance Companies John Thirlwell Director, Operational Risk Research Forum City & Financial, London, 2 November 2004 The context: What does operational risk really mean?
More informationOperational Risk Scenario Analysis. 17/03/2010 Michał Sapiński michal.sapinski@statconsulting.com.pl
Operational Risk Scenario Analysis 17/03/2010 Michał Sapiński michal.sapinski@statconsulting.com.pl www.statconsulting.com.pl Copyright by StatConsulting Sp. z o.o. 2010 Operational Risk Tail Events Copyright
More informationGUIDELINES ON CORPORATE GOVERNANCE FOR LABUAN BANKS
GUIDELINES ON CORPORATE GOVERNANCE FOR LABUAN BANKS 1.0 Introduction 1.1 Good corporate governance practice improves safety and soundness through effective risk management and creates the ability to execute
More informationGUIDANCE NOTE ON MANAGEMENT OF OPERATIONAL RISK
GUIDANCE NOTE ON MANAGEMENT OF OPERATIONAL RISK RESERVE BANK OF INDIA DEPARTMENT OF BANKING OPERATIONS AND DEVELOPMENT CENTRAL OFFICE MUMBAI INDEX GUIDANCE NOTE ON OPERATIONAL RISK MANAGEMENT 1 Executive
More informationCredit Union Liability with Third-Party Processors
World Council of Credit Unions Annual Conference Credit Union Liability with Third-Party Processors Andrew (Andy) Poprawa CEO, Deposit Insurance Corporation of Ontario Canada 1 Credit Union Liability with
More informationImplementing an AMA for Operational Risk
Implementing an AMA for Operational Risk Perspectives on the Use Test Joseph A. Sabatini May 20, 2005 Agenda Overview of JPMC s AMA Framework Description of JPMC s Capital Model Applying Use Test Criteria
More informationAdopted by the Board of Directors on 23 April 2015 with entry into force as of 24 April 2015. OPERATIONAL RISK MANAGEMENT POLICY
Adopted by the Board of Directors on 23 April 2015 with entry into force as of 24 April 2015. OPERATIONAL RISK MANAGEMENT POLICY 1 Contents 1 Purpose... 3 2 Definition of operational risk and general approach...
More informationThe PNC Financial Services Group, Inc. Business Continuity Program
The PNC Financial Services Group, Inc. Business Continuity Program 1 Content Overview A. Introduction Page 3 B. Governance Model Page 4 C. Program Components Page 4 Business Impact Analysis (BIA) Page
More informationBoard of Directors Meeting 12/04/2010. Operational Risk Management Charter
Board of Directors Meeting 12/04/2010 Document approved Operational Risk Management Charter Table of contents A. INTRODUCTION...3 I. Background...3 II. Purpose and Scope...3 III. Definitions...3 B. GOVERNANCE...4
More informationGUIDANCE FOR MANAGING THIRD-PARTY RISK
GUIDANCE FOR MANAGING THIRD-PARTY RISK Introduction An institution s board of directors and senior management are ultimately responsible for managing activities conducted through third-party relationships,
More informationAudit, Risk Management and Compliance Committee Charter
Audit, Risk Management and Compliance Committee Charter Woolworths Limited Adopted by the Board on 27 August 2013 page 1 1 Introduction This Charter sets out the responsibilities, structure and composition
More informationSupervisory Guidance on Operational Risk Advanced Measurement Approaches for Regulatory Capital
Supervisory Guidance on Operational Risk Advanced Measurement Approaches for Regulatory Capital Draft Date: July 2, 2003 Table of Contents I. Purpose II. Background III. Definitions IV. Banking Activities
More informationEnterprise Risk Management (ERM) & Compliance
Enterprise Risk Management (ERM) & Compliance Mid Atlantic Regional Meeting, May 1, 2015 Society of Corporate Compliance and Ethics Jason Lunday, consultant Compliance Opportunities in ERM Increase compliance
More informationSaxo Capital Markets CY Limited
Saxo Capital Markets CY Limited DISCLOSURES IN ACCORDANCE WITH THE REGULATION FOR THE CAPITAL REQUIREMENTS OF INVESTMENT FIRMS FOR THE YEAR ENDED 31 DECEMBER 2014 MAY 2015 CONTENTS 1. GENERAL INFORMATION
More informationBERMUDA MONETARY AUTHORITY
BERMUDA MONETARY AUTHORITY INSURANCE DEPARTMENT GUIDANCE NOTE # 17 COMMERCIAL INSURER RISK ASSESSMENT Commercial Insurer Risk Assessment Page 1 of 17 Introduction 1. The ( the Authority ) is introducing
More informationSample Financial institution Risk Management Policy 2011
Sample Financial institution Risk Management Policy 2011 1 Contents Risk Management Program...2 Internal Control and Risk Management Diagram... 2 General Control Environment... 2 Specific Internal Control
More informationEnterprise Risk Management Process Improvement. Secure Banking Solutions, LLC
Enterprise Risk Management Process Improvement 2 Contact Information Contact Information Chad Knutson Senior Information Security Consultant CISSP, CISA, CRISC Phone: 605-480-3366 chad.knutson@protectmybank.com
More informationCapital Market Services UK Limited Pillar 3 Disclosure
February 2013 Capital Market Services UK Limited Pillar 3 Disclosure Contents 1.0 Overview 2.0 Frequency and location of disclosure 3.0 Verification 4.0 Scope of application 5.1 Risk Management objectives
More informationTO: Chief Executive Officers of National Banks, Federal Branches and Data-Processing Centers, Department and Division Heads, and Examining Personnel
AL 2000 12 O OCC ADVISORY LETTER Comptroller of the Currency Administrator of National Banks Subject: Risk Management of Outsourcing Technology Services TO: Chief Executive Officers of National Banks,
More informationYEARENDED31DECEMBER2013 RISKMANAGEMENTDISCLOSURES
RISKMANAGEMENTDISCLOSURES 2015 YEARENDED31DECEMBER2013 ACCORDINGTOCHAPTER7(PAR.34-38)OFPARTCANDANNEXXIOFTHECYPRUSSECURITIES ANDEXCHANGECOMMISSIONDIRECTIVEDI144-2007-05FORTHECAPITALREQUIREMENTSOF INVESTMENTFIRMS
More informationBank of America NA Dublin Branch Market Discipline. Basel II - Disclosures
Bank of America NA Dublin Branch Market Discipline Basel II - Disclosures Disclosure 1 - Scope of application The Basel II disclosures contained herein relate to Bank of America, NA Dublin Branch herein
More informationB o a r d of Governors of the Federal Reserve System. Supplemental Policy Statement on the. Internal Audit Function and Its Outsourcing
B o a r d of Governors of the Federal Reserve System Supplemental Policy Statement on the Internal Audit Function and Its Outsourcing January 23, 2013 P U R P O S E This policy statement is being issued
More informationAs of July 1, 2013. Risk Management and Administration
Risk Management Risk Control The ORIX Group allocates management resources by taking into account Group-wide risk preference based on management strategies and the strategy of individual business units.
More informationPart A OVERVIEW...1. 1. Introduction...1. 2. Applicability...2. 3. Legal Provision...2. Part B SOUND DATA MANAGEMENT AND MIS PRACTICES...
Part A OVERVIEW...1 1. Introduction...1 2. Applicability...2 3. Legal Provision...2 Part B SOUND DATA MANAGEMENT AND MIS PRACTICES...3 4. Guiding Principles...3 Part C IMPLEMENTATION...13 5. Implementation
More informationFINDING THE RISK IN RISK ASSESSMENTS NYSICA JULY 26, 2012. Presented by: Ken Shulman Internal Audit Director, New York State Insurance Fund
FINDING THE RISK IN RISK ASSESSMENTS NYSICA JULY 26, 2012 Presented by: Ken Shulman Internal Audit Director, New York State Insurance Fund There are different risk assessments prepared: Annual risk assessment
More informationReport on Internal Control
Annex to letter from the General Secretary of the Autorité de contrôle prudentiel to the Director General of the French Association of Credit Institutions and Investment Firms Report on Internal Control
More informationPursuing Compliance with the FFIEC Guidance Risk Assessment 101 KPMG RISK ADVISORY SERVICES
Pursuing Compliance with the FFIEC Guidance Risk Assessment 101 KPMG RISK ADVISORY SERVICES Contents PART I An Increasing Threat: Identity Theft The FFIEC Response Risk Assessment Fundamentals The FFIEC
More informationInformation Technology Risks
Information Technology Risks Heidi Richards Board 1 Overview Supervision of IT Risks Internet Banking: What s Different? Information Technology Risks Financial Operational Compliance Supervisory Approaches
More informationDirect Line Insurance Group plc (the Company ) Board Risk Committee (the Committee ) Terms of Reference
Direct Line Insurance Group plc (the Company ) Board Risk Committee (the Committee ) Terms of Reference Chair An Independent Non-Executive Director In the absence of the Committee Chairman and an appointed
More informationShepway District Council Risk Management Policy
Shepway District Council Risk Management Policy Contents Section 1 Risk Management Policy... 3 1. Updates and amendments... 3 2. Definition... 3 3. Policy statement... 3 4. Objectives... 3 Section 2 Risk
More informationPractice Note. 23Revised. October 2009 AUDITING COMPLEX FINANCIAL INSTRUMENTS INTERIM GUIDANCE
October 2009 Practice Note 23Revised AUDITING COMPLEX FINANCIAL INSTRUMENTS INTERIM GUIDANCE The Auditing Practices Board (APB), which is part of the Financial Reporting Council (FRC), prepares for use
More informationPART I - PRELIMINARY...1 Objective...1 Applicability...2 Legal and Regulatory Provision...2
PART I - PRELIMINARY...1 Objective...1 Applicability...2 Legal and Regulatory Provision...2 PART II POLICY REQUIREMENTS...3 Investment and Risk Management Policy...3 Monitoring and Control...5 Roles of
More informationThe University of British Columbia Board of Governors
The University of British Columbia Board of Governors Policy No.: 111 Approval Date: June 2008 Last Revision: [2013] Responsible Executive: President Title: Internal Audit, Investigations, and Financial
More informationAPPENDIX A NCUA S CAMEL RATING SYSTEM (CAMEL) 1
APPENDIX A NCUA S CAMEL RATING SYSTEM (CAMEL) 1 The CAMEL rating system is based upon an evaluation of five critical elements of a credit union's operations: Capital Adequacy, Asset Quality, Management,
More informationPolicy 10.105: Enterprise Risk Management Policy
Name: Responsibility: Complements: Enterprise Risk Management Framework Coordinator, Enterprise Risk Management Policy 10.105: Enterprise Risk Management Policy Date: November 2006 Revision Date(s): January
More informationMISSION VALUES. The guide has been printed by:
www.cudgc.sk.ca MISSION We instill public confidence in Saskatchewan credit unions by guaranteeing deposits. As the primary prudential and solvency regulator, we promote responsible governance by credit
More informationGUIDELINES FOR THE MANAGEMENT OF OPERATIONAL RISK FOR CREDIT UNIONS
SUPERVISORY AND REGULATORY GUIDELINES Guidelines Issued: 22 December 2015 GUIDELINES FOR THE MANAGEMENT OF OPERATIONAL RISK FOR CREDIT UNIONS 1. INTRODUCTION 1.1 The Central Bank of The Bahamas ( the Central
More informationPOSTA SHQIPTARE. Regulations for "OPERATIONAL RISK MANAGEMENT. Chapter I GENERAL ARTICLE 1. Object. Article 2 Legal Basis
POSTA SHQIPTARE Regulations for "OPERATIONAL RISK MANAGEMENT Chapter I GENERAL ARTICLE 1 Object Object of this regulation is to define the requirements and rules for operational risk management in banking
More informationStatement of Guidance: Outsourcing All Regulated Entities
Statement of Guidance: Outsourcing All Regulated Entities 1. STATEMENT OF OBJECTIVES 1.1. 1.2. 1.3. 1.4. This Statement of Guidance ( Guidance ) is intended to provide guidance to regulated entities on
More informationGuidance Note: Stress Testing Class 2 Credit Unions. November, 2013. Ce document est également disponible en français
Guidance Note: Stress Testing Class 2 Credit Unions November, 2013 Ce document est également disponible en français This Guidance Note is for use by all Class 2 credit unions with assets in excess of $1
More informationNational Check Payments Certification. Fraud, Risk, and Risk Mitigation Part II. Copyright 2015 by the Electronic Check Clearing House Organization
NCP 2016 Exam Cycle Core Training Series Session 11 National Check Payments Certification Fraud, Risk, and Risk Mitigation Part II Copyright 2015 by the Electronic Check Clearing House Organization NOTICES
More informationIAPP Global Privacy Summit 2014 The SEC and Cybersecurity: What Every Publicly Traded Company Must Know
IAPP Global Privacy Summit 2014 The SEC and Cybersecurity: What Every Publicly Traded Company Must Know Moderator: Elaine Wolff, Partner Corporate Finance and Securities Practice, Jenner & Block Mary Ellen
More informationIssue 1.0. UoG/ILS/IS 001. Information Security and Assurance Policy. Information Security and Compliance Manager
Document Reference Number Date Title Author Owning Department Version Approval Date Review Date Approving Body UoG/ILS/IS 001 January 2016 Information Security and Assurance Policy Information Security
More informationCapital Requirements Directive Pillar 3 Disclosure. December 2015
Capital Requirements Directive Pillar 3 Disclosure December 2015 1. Background The purpose of this document is to outline the Pillar 3 disclosures for BlueBay Asset Management LLP ( BlueBay ). BlueBay
More informationThe Use of Spreadsheets: Considerations for Section 404 of the Sarbanes-Oxley Act*
The Use of Spreadsheets: Considerations for Section 404 of the Sarbanes-Oxley Act* July 2004 *connectedthinking The Use of Spreadsheets: Considerations for Section 404 of the Sarbanes-Oxley Act Introduction
More informationGUIDANCE NOTE FOR DEPOSIT-TAKERS. Operational Risk Management. March 2012
GUIDANCE NOTE FOR DEPOSIT-TAKERS Operational Risk Management March 2012 Version 1.0 Contents Page No 1 Introduction 2 2 Overview 3 Operational risk - fundamental principles and governance 3 Fundamental
More informationBasel II: Operational Risk Implementation based on Risk Framework
Systems Ltd General Kiselov 31 BG-9002 Varna Tel. +359 52 612 367 Fax +359 52 612 371 email office@eurorisksystems.com WEB: www.eurorisksystems.com Basel II: Operational Risk Implementation based on Risk
More informationCRISC Glossary. Scope Note: Risk: Can also refer to the verification of the correctness of a piece of data
CRISC Glossary Term Access control Access rights Application controls Asset Authentication The processes, rules and deployment mechanisms that control access to information systems, resources and physical
More informationInternal Control Systems and Maintenance of Accounting and Other Records for Interactive Gaming & Interactive Wagering Corporations (IGIWC)
Internal Control Systems and Maintenance of Accounting and Other Records for Interactive Gaming & Interactive Wagering Corporations (IGIWC) 1 Introduction 1.1 Section 316 (4) of the International Business
More informationDivision of Insurance Internal Control Questionnaire For the period July 1, 2013 through June 30, 2014
Official Audit Report Issued March 6, 2015 Internal Control Questionnaire For the period July 1, 2013 through June 30, 2014 State House Room 230 Boston, MA 02133 auditor@sao.state.ma.us www.mass.gov/auditor
More informationshareplc: Pillar 3 Disclosures CONTENTS Oxford House Oxford Road Aylesbury Buckinghamshire HP21 8SZ phone 01296 41 41 41 visit www.shareplc.
Pillar 3 Disclosures 3 March 2015 Based on Financial Data as at 31 December 2014 CONTENTS 1.0 Introduction 3 2.0 Risk Appetite 5 3.0 Risk management objectives and processes 6 4.0 Risk categories and exposures
More informationAdvisory Guidelines of the Financial Supervisory Authority. Requirements regarding the arrangement of operational risk management
Advisory Guidelines of the Financial Supervisory Authority Requirements regarding the arrangement of operational risk management These Advisory Guidelines have established by resolution no. 63 of the Management
More informationINTERNATIONAL STANDARD ON AUDITING (UK AND IRELAND) 240 THE AUDITOR S RESPONSIBILITY TO CONSIDER FRAUD IN AN AUDIT OF FINANCIAL STATEMENTS CONTENTS
INTERNATIONAL STANDARD ON AUDITING (UK AND IRELAND) 240 THE AUDITOR S RESPONSIBILITY TO CONSIDER FRAUD IN AN AUDIT OF FINANCIAL STATEMENTS CONTENTS Paragraphs Introduction... 1-3 Characteristics of Fraud...
More informationCharles Schwab Bank. 2015 Annual Dodd-Frank Act Stress Test Disclosure
Charles Schwab Bank 2015 Annual Dodd-Frank Act Stress Test Disclosure June 2015 I. Dodd-Frank Act Stress Test Results A. About Charles Schwab Bank Charles Schwab Bank (the Bank) is a wholly-owned subsidiary
More informationSCHOOL OF FINANCE AND ECONOMICS
SCHOOL OF FINANCE AND ECONOMICS UTS:BUSINESS WORKING PAPER NO. 141 MAY, 2005 A Test of the Strategic Effect of Basel II Operational Risk Requirements on Banks Carolyn Currie ISSN: 1036-7373 http://www.business.uts.edu.au/finance/
More informationTable of Contents... 1. Chapter 1 Introduction... 5. 1.1 Goals & Objectives... 5 1.2 Required Review... 5 1.3 Applicability...
... 1 Chapter 1 Introduction... 5 1.1 Goals & Objectives... 5 1.2 Required Review... 5 1.3 Applicability... 5 Chapter 2 Company Culture... 6 Chapter 3 Risk Management Governance... 7 3.1 Board of Directors...
More informationMorgan Stanley. Policy for the Management of Third Party Residential Mortgage Servicing Providers
Morgan Stanley Policy for the Management of Third Party Residential Mortgage Servicing Providers Title Policy for the Management of Third Party Residential Mortgage Servicing Providers Effective Date Owner
More informationHow To Understand The Role Of An Internal Audit
Top Ten Issues facing Internal Auditing in the Future The IIA Dallas Chapter April 6, 2006 Presented by: David A. Richards, CIA, CPA President The Institute of Internal Auditors drichards@theiia.org 1
More informationOperational Risk Publication Date: May 2015. 1. Operational Risk... 3
OPERATIONAL RISK Contents 1. Operational Risk... 3 1.1 Legislation... 3 1.2 Guidance... 3 1.3 Risk management process... 4 1.4 Risk register... 7 1.5 EBA Guidelines on the Security of Internet Payments...
More informationCHAPTER 7 PLANNING THE AUDIT: IDENTIFYING AND RESPONDING TO THE RISKS OF MATERIAL MISSTATEMENT
A U D I T I N G A RISK-BASED APPROACH TO CONDUCTING A QUALITY AUDIT 9 th Edition Karla M. Johnstone Audrey A. Gramling Larry E. Rittenberg CHAPTER 7 PLANNING THE AUDIT: IDENTIFYING AND RESPONDING TO THE
More informationBasel Committee on Banking Supervision
Basel Committee on Banking Supervision Liquidity coverage ratio disclosure standards January 2014 (rev. March 2014) This publication is available on the BIS website (www.bis.org). Bank for International
More informationISO/IEC 27002:2013 WHITEPAPER. When Recognition Matters
When Recognition Matters WHITEPAPER ISO/IEC 27002:2013 INFORMATION TECHNOLOGY - SECURITY TECHNIQUES CODE OF PRACTICE FOR INFORMATION SECURITY CONTROLS www.pecb.com CONTENT 3 4 5 6 6 7 7 7 7 8 8 8 9 9 9
More informationAnalyzing Risks in Healthcare. February 12, 2014
Analyzing s in Healthcare February 12, 2014 1 Content What is Enterprise Management (ERM) ERM Benefits ERM Standards / ISO 31000:2009 ERM Process Register ERM Governance Model s Q&A 2 What is Enterprise
More informationPeriodic risk assessment by internal audit
Periodic risk assessment by internal audit I Introduction The Good Practice Internal Audit Manual Template, developed by the Internal Audit CoP of Pempal, defines the importance and the impact that an
More informationTABLE OF CONTENTS INTRODUCTION... 1
TABLE OF CONTENTS INTRODUCTION... 1 Overview...1 Coordination with GLBA Section 501(b)...2 Security Objectives...2 Regulatory Guidance, Resources, and Standards...3 SECURITY PROCESS... 4 Overview...4 Governance...5
More informationRISK MANAGEMENT STRATEGY
RISK MANAGEMENT STRATEGY 1 Introduction The purpose of this document is to outline a which facilitates the effective recognition and management of risks facing the University. The Combined Code on Corporate
More informationState Farm Bank, F.S.B.
State Farm Bank, F.S.B. 2015 Annual Stress Test Disclosure Dodd-Frank Act Company Run Stress Test Results Supervisory Severely Adverse Scenario June 25, 2015 1 Regulatory Requirement The 2015 Annual Stress
More informationApplication Security in the Software Development Lifecycle
Application Security in the Software Development Lifecycle Issues, Challenges and Solutions www.quotium.com 1/15 Table of Contents EXECUTIVE SUMMARY... 3 INTRODUCTION... 4 IMPACT OF SECURITY BREACHES TO
More informationInternal Audit Quality Assessment. Presented To: World Intellectual Property Organization
Internal Audit Quality Assessment Presented To: World Intellectual Property Organization April 2014 Table of Contents List of Acronyms 3 Page Executive Summary Opinion as to Conformance to the Standards,
More informationStudent Assessment Administrative Review Phase 1
Internal Audit Student Assessment Administrative Review Phase 1 Issue Date: March 2015 Report Number: FY2015-02 Executive Summary AUDIT OF: Student Assessment DATE: Fieldwork performed January 2015 February
More informationIntegration of Risk Management and Internal Audit. Chartered Institute of Management Accountants, New Zealand
Integration of Risk Management and Internal Audit Chartered Institute of Management Accountants, New Zealand Contents Understanding the three lines of defense governance model What is Risk? Risk Management
More informationENTERPRISE RISK MANAGEMENT POLICY
ENTERPRISE RISK MANAGEMENT POLICY TITLE OF POLICY POLICY OWNER POLICY CHAMPION DOCUMENT HISTORY: Policy Title Status Enterprise Risk Management Policy (current, revised, no change, redundant) Approving
More informationRisk Management and Internal Audit Specialized Training Course Audit Risk Assessment Methodology
Risk Management and Internal Audit Specialized Training Course Audit Risk Assessment Methodology May 20, 2015 Internal FR 2 Risk and Risk Assessment Defined Risk Institute of Internal Auditors (IIA) The
More informationCapital G Bank Limited. Interim Pillar 3 Disclosures 30th June, 2012
Capital G Bank Limited Interim Pillar 3 Disclosures 30th June, 2012 CONTENTS 1. CAUTIONARY STATEMENTS....1 2. INTRODUCTION...2 2.1 Background...2 2.2 Basis of Disclosure...3 2.3 Media and Location...3
More informationGuidelines for Financial Institutions Outsourcing of Business Activities, Functions, and Processes Date: July 2004
Guidelines for Financial Institutions Outsourcing of Business Activities, Functions, and Processes Date: July 2004 1. INTRODUCTION Financial institutions outsource business activities, functions and processes
More informationOperational Risk Management Table of Contents
Operational Management Table of Contents SECTION 1 Operational The Definition of Operational Drivers of Operational Management Governance Culture and Awareness Policies and Procedures SECTION 2 Operational
More informationOperational Risk Management Program Version 1.0 October 2013
Introduction This module applies to Fannie Mae and Freddie Mac (collectively, the Enterprises), the Federal Home Loan Banks (FHLBanks), and the Office of Finance, (which for purposes of this module are
More informationGUIDELINES ON RISK MANAGEMENT AND INTERNAL CONTROLS FOR INSURANCE AND REINSURANCE COMPANIES
20 th February, 2013 To Insurance Companies Reinsurance Companies GUIDELINES ON RISK MANAGEMENT AND INTERNAL CONTROLS FOR INSURANCE AND REINSURANCE COMPANIES These guidelines on Risk Management and Internal
More informationEASY FOREX TRADING LTD DISCLOSURE AND MARKET DISCIPLINE IN ACCORDANCE WITH CAPITAL ADEQUACY AND THE REQUIREMENTS ON RISK MANAGEMENT
EASY FOREX TRADING LTD DISCLOSURE AND MARKET DISCIPLINE IN ACCORDANCE WITH CAPITAL ADEQUACY AND THE REQUIREMENTS ON RISK MANAGEMENT 31 st December 2012 Introduction For the purposes of Directive DI144-2007-05
More informationINTERNAL AUDITING S ROLE IN SECTIONS 302 AND 404
INTERNAL AUDITING S ROLE IN SECTIONS 302 AND 404 OF THE U.S. SARBANES-OXLEY ACT OF 2002 May 26, 2004 Copyright 2004 by, 247 Maitland Avenue, Altamonte Springs, Florida, 32701-4201, USA Internal Auditing
More informationRisk Management. Risk Management Overview. Credit Risk
Risk Management Risk Management Overview Risk management is a cornerstone of prudent banking practice. A strong enterprise-wide risk management culture provides the foundation for the Bank s risk management
More informationThe PNC Financial Services Group, Inc. Business Continuity Program
The PNC Financial Services Group, Inc. Business Continuity Program subsidiaries) 1 Content Overview A. Introduction Page 3 B. Governance Model Page 4 C. Program Components Page 4 Business Impact Analysis
More informationAfDB New Procurement Policy: Training Program for the Bank s Procurement Staff. Risk-based design of Procurement Arrangements - Introduction
11 AfDB New Procurement Policy: Training Program for the Bank s Procurement Staff Risk-based design of Procurement Arrangements - Introduction 2 Bank's new Approach to Procurement New Vision of the Procurement
More information