Data Governance for Financial Institutions
|
|
- Primrose Casey
- 8 years ago
- Views:
Transcription
1 August 2013 Data Governance for Financial Institutions Regulatory Compliance Requires More Than Just Technology A White Paper by Raj Chaudhary, Michael Del Giudice, Tapan P. Shah, and Christopher J. Sifter Audit Tax Advisory Risk Performance
2 Financial institutions today face changing regulatory requirements. They also have new ways of generating data and regularly add new data sources. As a result, they typically encounter a variety of data quality, accessibility, and security challenges. Although regulatory requirements drive many of these concerns and technology is an important part of the solution, focusing on compliance and software alone will not address the issue adequately. Banks and other financial institutions need a comprehensive data governance structure and a well-planned and wellexecuted strategy for implementing it.
3 Data Governance for Financial Institutions: Regulatory Compliance Requires More Than Just Technology As banks and other financial institutions work to comply with today s rapidly changing regulatory requirements, the limitations of their existing data management processes and systems become more and more apparent. While the initial reaction to this situation is to focus on technology solutions, software alone cannot overcome the shortcomings and achieve the needed results. In addition to implementing new systems and processes, a financial institution must take action on the foundational element of how its data is managed and governed. Effective data governance the collection, management, protection, and delivery of data requires an enterprisewide commitment that addresses the institution s organizational structure, management systems, and process controls in addition to specific technology tools and solutions. With proper planning and careful execution, a data governance initiative can help management to move beyond focusing on compliance alone and to begin opening new opportunities for operational improvements that add genuine, long-term value to the entire organization. Trends The need for effective data governance is driven by the following current trends: Complex and evolving regulatory requirements New uses and business requirements for existing data New demands stemming from changes in banking technology Risk, security, and privacy concerns Each of these trends has significant effects on how financial institutions approach their data governance. Complex and Evolving Regulatory Requirements Among the many new regulatory compliance challenges, those stemming from the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank) have probably attracted the most widespread attention. Dodd-Frank introduced several new regulatory agencies, each with its own new set of priorities, standards, and enforcement mechanisms that directly affect how institutions access, manage, and report data. For example, Dodd-Frank established the Office of Financial Research (OFR) to identify not only the potential risk of institutional failure but also the effect such a failure would have on the industry as a whole and the broader economy. This significant departure from regulators traditional role requires the collection of additional data in order to track many complex counterparty relationships among various institutions. At a more fundamental level, the Federal Reserve s Comprehensive Capital Analysis and Review (CCAR) stress tests are imposing further data management demands on a growing number of institutions. In some cases, banks are required to report historical data going back several years in order to identify patterns and trends. This requirement adds another layer of complexity to the data management and accessibility challenges. 3
4 Crowe Horwath LLP In addition to these new demands, banks must also remain focused on compliance with other data-intensive reporting requirements, including those related to antimoney-laundering (AML) regulations, the Bank Secrecy Act (BSA), and the USA PATRIOT Act. As with Dodd-Frank, effective BSA/AML compliance depends not only on robust IT system capabilities but, to a greater degree, on sound data management. 1 The global regulatory standards on bank capital adequacy and liquidity agreed to by the members of the Basel Committee on Banking Supervision commonly referred to as Basel III also present data-related challenges. In this regard, the U.S. Office of the Comptroller of the Currency and the Federal Reserve System recently adopted a final rule that revises their key regulatory capital definitions and establishes new capital requirements and leverage ratios. In order to comply with these new requirements, banks management teams must be able to quickly access and analyze large amounts of accurate IT-generated data from both internal and third-party sources. New Uses and Business Requirements for Existing Data As institutions upgrade their data management capabilities to meet various regulatory requirements, flexibility and quick response are priorities. In addition, however, many institutions now recognize that their data management strategies are also falling short in terms of accuracy, reliability, and security. The investment required to make data and information systems more effective can be sizable, leading many executives to look for ways of getting additional benefits from the investment. The goal is to turn the compliance effort, which is viewed as a cost center, into an initiative that produces additional benefits to the organization. As a result, banks and other institutions are finding new ways to use the large amounts of data that reside in their systems to monitor organization performance, improve customer service, or target their marketing efforts more precisely, for example. Customer segmentation, customer relationship management, direct marketing, and product pricing decisions often benefit from the ability to access and analyze data in new ways. This expanded use of data complicates the data management strategy, however, as management now requires more granular detail, greater accessibility, new storage platforms capable of handling big data, and more powerful and responsive analytics systems. At the same time, organic growth and renewed merger and acquisition (M&A) activity add further complexity, as formerly disparate systems must be integrated. 4
5 Data Governance for Financial Institutions: Regulatory Compliance Requires More Than Just Technology Management teams are growing more reliant on the ability to immediately access and quickly sort through massive amounts of data to find the information they need. New Demands Stemming From Changes in Banking Technology Another complicating factor in financial institution data management is the array of new products and services expected by today s consumers. Mobile and online banking technology, social networking applications, and expansion into new geographic markets make it necessary to deploy increasingly broad and sophisticated technology solutions. Institutions also must collect and manage additional data attributes to meet regulatory compliance requirements for these new products and services. On a broader scale, data management in general is also changing rapidly. For example, in the past storage capacity was typically a limiting factor. Today, however, storage is considerably less costly, and network capacity and bandwidth are significantly more robust. Moreover, greatly expanded storage is only one aspect of the changing data management picture. Equally dramatic advances are being made that streamline access, simplify complex data issues, and control the magnitude of the overall effort through the application of well-chosen technology. These changes have important implications for data governance. For example, to keep storage costs under control, early data-capture strategies focused on identifying and storing only the information essential to carrying out a transaction. Now, with data storage costs dramatically lower, the goal is to capture and maintain as much information as possible about a transaction. The challenges that grow out of this shift in approach relate primarily to questions of access and speed, with management teams growing more reliant on the ability to immediately access and quickly sort through massive amounts of data to find the information they need. Risk, Security, and Privacy Concerns Data security and the privacy of personal financial information are also areas of significant regulatory concern. Compliance with the notification requirements and other policies required by the Gramm-Leach-Bliley Act are directly affected by a financial institution s data management systems. State and international privacy and security requirements also apply to many institutions. Privacy and data security also matter from a customer relations and marketing perspective. Identity theft and the protection of personal information are of increasing concern to consumers of financial services. To support the higher standards expected by customers and regulators alike, an institution s data governance structure must directly address the quality, integrity, and accessibility of data. 5
6 Crowe Horwath LLP Gaps Most institutions recognize the need for improving data access, quality, and security. Many also recognize that they have important data shortcomings, such as concerns about data quality, accuracy, access, or availability. What they are missing, however, is a clear strategy for addressing these concerns. While the initial reaction to data issues is to seek a technology solution, in most instances simply installing additional software will do little to address the underlying cause of the problem. Another common reaction appointing a task force and assigning responsibility for fixing data problems often leads to less than satisfactory results if it is not accompanied by a well-structured and carefully considered strategy to provide direction to the effort. Without a clear data governance structure, every new regulation or compliance requirement prompts a one-off reaction in the form of a specific new data management project. The result is a significant duplication of effort, since each new project must begin from the bottom and move upward. In many instances, the same data issues are addressed by several compliance projects often simultaneously as various task forces rush to meet their individual compliance deadlines. Beyond the immediate waste and duplication this approach causes, even greater data issues will arise in the future because the various pieced-together solutions remain disconnected from each other and from the institution s overall data management strategy. Eventually, the numerous one-off solutions lead to a situation in which the institution houses many individual, disparate sources of data with no clear, single, reliable source of critical information or source of truth. Moreover, as each new tool or software solution is layered on top of existing system elements, the data system grows increasingly complex, cumbersome, and difficult to manage. 6
7 Data Governance for Financial Institutions: Regulatory Compliance Requires More Than Just Technology Challenges When designing, developing, and implementing comprehensive data governance structures, financial institutions can expect to encounter a number of recurring challenges, including the following: Changing regulatory requirements. One critical area of uncertainty is the question of how far back institutions might be required to search as they compile historical data and transactional histories. To comply with the new data requirements, banks often find it necessary to hire temporary workers to manually transcribe, digitize, or reformat historical data that has been stored in paper files, as image files, or in outdated electronic formats. Data quality. Data quality is always a concern for the users of institutional information, who must make sure they have the right data, that it is recorded consistently, and that it is error-free. This challenge is complicated in many instances by the fact that the original source of critical data may be a third party, operating under a completely different set of data quality criteria. Another data quality concern is that it is sometimes difficult to identify who within the bank is responsible for data quality improvement initiatives. A large number of stakeholders, with ambiguous data-related roles and responsibilities. Those with an interest in a financial institution s data governance structure include not only the IT and compliance departments but also the various lines of business, many of which might have conflicting priorities. In addition, there is often a lack of clarity about the differing responsibilities of the data owners that is, the business or systems personnel who are responsible for entering and maintaining certain data and the data stewards, who are responsible for the movement, management, and standardization of the data. 7
8 Crowe Horwath LLP Lack of trust and confidence on the part of data users. One direct result of data quality problems is a lack of confidence in the accuracy and availability of data on the part of the business users who need information to perform their duties. This matters because the typical response to this lack of confidence is for individuals to develop their own minisystems that give them access to information when they need it a practice that opens a variety of new issues. Eventually, these freestanding data sources and single-user spreadsheets become primary sources but because they are outside the organization s data governance structure, they are not kept current by any automated processes, are not widely accessible, are backed up sporadically, and are usually extremely vulnerable to security breaches. Data silos and multiple sources of data. One of the most common data-related challenges banks face is a lack of integration among the various data systems and subsystems. As noted, information that is compiled for regulatory and compliance purposes can often be valuable for marketing and strategic planning purposes as well. But with the data stored in disconnected systems, departments with common interests often duplicate each other s efforts while producing information that is consistent in neither quality nor format throughout the entire organization. Staffs are often stretched thin, with critical resources focused on day-to-day operations. As a result, long-term data projects often are postponed repeatedly, with every new regulatory requirement or operational challenge necessarily taking precedence. System integration challenges. Introducing new data management capabilities into existing systems often poses system integration challenges. These challenges become increasingly difficult to address as legacy systems age and new systems grow more complex. This issue is often exacerbated by M&A activities, which introduce even more diversity into the organization s IT universe. Tactical, reactionary data projects. Financial institution staffs are often stretched thin, with critical resources focused primarily on the day-to-day operation of the business. As a result, long-term data projects often are postponed repeatedly, with every new regulatory requirement or unexpected operational challenge necessarily taking precedence. 8
9 Data Governance for Financial Institutions: Regulatory Compliance Requires More Than Just Technology Solutions Just as there is no universally accepted definition of the term data governance, there is also no single, one-size-fits-all approach to developing and implementing effective data governance in financial institutions. However, based on experience with various financial institutions, we can offer some fundamental observations. It is helpful to visualize the data governance structure as a comprehensive framework that rests on four pillars: the collection, management, protection, and delivery of critical data. These four components form the foundation for an effective data governance approach. 1. Collection Quality and Standards The first step to implementing data governance is establishing enterprisewide standards for the way various pieces of data are collected, entered, and stored in the financial institution s systems. Typical questions to be answered include: What standards should we have in place for data collection? Which data should be collected through a list of predefined fields rather than with free-form text? How do we make sure data is collected in one field only rather than collecting the same thing in numerous places, which allows inconsistencies to enter the system? How do we assure the quality of data that is collected? One particularly challenging question is: How do we make sure the same information is always entered into the system in the same way? For example, the data governance structure should define how city, state, and country names are entered and make sure that abbreviations or numerical codes are used consistently throughout the enterprise. The institution could be exposed to higher levels of risk if counterparty relationships are not recognized because of seemingly minor inconsistencies in spelling, abbreviations, or coding. This occurrence leads to institutions deploying fuzzy matching rules, which bring their own systematic and operational issues. Documentation is critical to this phase. Not only must the data governance structure document how data was sourced and collected, it also must document why and in what format the data was collected. 2. Management Integration, Architecture, and Systems The management element of data governance addresses the questions of who owns the data, who is accountable for maintaining it, and how is the data going to be integrated or used? As noted before, there is often confusion about the roles of data owners the people who enter, retrieve, and use the data and the roles of data stewards or custodians the people responsible for moving, cleaning, and standardizing the data. Data stewards are not necessarily accountable for making sure the data being managed serves business needs, but they are the ones responsible for solving data-related technical problems. 9
10 Crowe Horwath LLP The organizational structure, roles, review, and oversight responsibilities of the various personnel involved are defined during the management phase of data governance, and so are the process and technology elements that is, the policies, procedures, and management processes used to define controls of the business system along with the software tools and systems used to manage the data. Here again, documentation and standardization are essential. 3. Protection Identification, Classification, and Access Control It is important to recognize that data privacy and security are not solely the responsibility of the IT department. Although IT plays a major role in helping to develop, select, and implement appropriate solutions, all stakeholders share responsibility for the overall success of the effort. To defend against the various threats and comply with the growing body of state and federal laws and regulations, every financial institution needs to develop an enterprisewide data privacy-protection program, and it must accomplish four specific goals: Identify and document what data the organization has and where it is stored. Classify the data based on its sensitivity. Protect the data by defining control standards for data at various stages of its use. Respond in the event of a security breach. Prioritization is critical in this part of the data governance effort. An effective program will focus on protecting the highest-value information, particularly customer-identifiable information such as customer names and taxpayer identification numbers, as opposed to low-risk data fields. One data protection trend in recent years is a shift in thinking about the nature of security threats. In many instances, financial institutions have evolved from a breach avoidance mindset to a breach protection approach. In other words, rather than relying on security protocols to safeguard the entire data structure against any sort of intrusion, many organizations now assume the worst: They recognize that their data security protections will eventually be breached and implement controls to minimize the likelihood that an attacker will be able to extract data once inside the organization. 4. Delivery Reporting, Analytics, and Aggregation Finally, the data governance structure must define how data is dispersed and delivered to the appropriate users. This includes defining how data is extracted from the system and entered into the various reports that must be filed for compliance, and how data is disseminated to provide inputs into performance dashboards and other reporting systems. 10
11 Data Governance for Financial Institutions: Regulatory Compliance Requires More Than Just Technology Key components of this element include integrating and creating reports and analytics in other words, taking data that has been cleansed and aggregating it for use elsewhere. The various integrations, reports, websites, portals, and dashboards must be documented in detail, with their specific input requirements spelled out accurately, so that data users will have confidence in both the quality of the data and their ability to access it. This is essential in order to avoid the temptation to develop individual, stand-alone databases that are outside the data structure and control of the financial institution. It is also important to note that data reporting goes beyond providing access to data to the decision makers who use the information. The reporting component must also address those who are responsible for maintaining data quality and the overall health of the data governance process. In many instances, the ultimate users of data and those responsible for data quality and governance represent two distinct parts of the organization; the reporting system must address all of the relevant audiences. Conclusion A comprehensive and effective data management strategy, which defines how data is sourced and made available throughout the organization, can be of great value. It enables a financial institution to respond to new regulatory requests in the context of a controlled and efficiently managed initiative. But the benefits of effective data governance extend beyond regulatory compliance alone. Strong data governance results in reliable access to accurate data, which improves business intelligence and supports customer retention and new business opportunities. In addition to streamlining the collection, management, protection, and delivery of data for regulatory and reporting purposes, an effective data governance initiative can play a vital role in a financial institution s performance improvement as well as its strategic planning. Reliable access to accurate data also results in better business intelligence, helping to retain existing customers and support new business opportunities. By using data to spur operational improvements and enhance strategic initiatives, a financial institution can begin to recoup some of the costs it incurs in data management. 11
12 1 For a more detailed discussion of regulatory compliance and the associated data requirements, see the other white papers in this series: Gregory B. Hahn and Tapan P. Shah, Using IT to Respond to Regulatory Challenges: How Financial Institutions Can Use Technology to Go Beyond Compliance, September 2012, and Brookton N. Behm, Gregory W. LeMond, and Tapan P. Shah, AML System Design and Implementation: Aligning Regulatory, Business, and Technological Requirements, February 2013, Contact Information Raj Chaudhary, CGEIT, CRISC, is a principal with Crowe Horwath LLP in the Chicago office. He can be reached at or raj.chaudhary@crowehorwath.com. Mike Del Giudice, CISSP, CRISC, is with Crowe in the Chicago office. He can be reached at or mike.delgiudice@crowehorwath.com. Tapan Shah, CAMS, PMP, is with Crowe in the Chicago office. He can be reached at or tapan.shah@crowehorwath.com. Chris Sifter, PMP, is with Crowe in the Chicago office. He can be reached at or chris.sifter@crowehorwath.com. When printed by Crowe Horwath LLP, this piece is printed on Mohawk Color Copy Premium, which is manufactured entirely with Green-e certified wind-generated electricity. Crowe Horwath LLP is an independent member of Crowe Horwath International, a Swiss verein. Each member firm of Crowe Horwath International is a separate and independent legal entity. Crowe Horwath LLP and its affiliates are not responsible or liable for any acts or omissions of Crowe Horwath International or any other member of Crowe Horwath International and specifically disclaim any and all responsibility or liability for acts or omissions of Crowe Horwath International or any other Crowe Horwath International member. Accountancy services in Kansas and North Carolina are rendered by Crowe Chizek LLP, which is not a member of Crowe Horwath International. This material is for informational purposes only and should not be construed as financial or legal advice. Please seek guidance specific to your organization from qualified advisers in your jurisdiction Crowe Horwath LLP RISK13904
Effective Model Risk Management for Financial Institutions: The Six Critical Components
January 2013 Effective Model Risk Management for Financial Institutions: The Six Critical Components A White Paper by Brookton N. Behm, John A. Epperson, and Arjun Kalra Audit Tax Advisory Risk Performance
More informationEffective AML Model Risk Management for Financial Institutions: The Six Critical Components
August 2012 Effective AML Model Risk Management for Financial Institutions: The Six Critical Components A White Paper by John A. Epperson, Arjun Kalra, and Brookton N. Behm Audit Tax Advisory Risk Performance
More informationWhat s Next for Stress Testing: Expect Surprises, Less Heroic Effort
September 2015 What s Next for Stress Testing: Expect Surprises, Less Heroic Effort By Oleg A. Blokhin, Jack A. Gregory, and David W. Keever As more and more banks are subject to Dodd-Frank Act stress-testing
More informationThe Importance of Credit Data Management
October 2015 Credit Data Management Looking Beyond DFAST, Basel III, and CECL By Oleg A. Blokhin, Jack A. Gregory, and David W. Keever Audit Tax Advisory Risk Performance An array of new and evolving regulatory
More informationTop 20 IT Risks for the Healthcare Industry and How to Mitigate Them
Top 20 IT Risks for the Healthcare Industry and How to Mitigate Them By Raj Chaudhary, CRISC, CGEIT, and Robert L. Malarkey, CISSP, CISA Moving into 2015, the healthcare industry continues to undergo dramatic
More informationA New Decade, a New Internal Audit Model
A New Decade, a New Internal Audit Model The Unique Alternative to the Big Four As businesses in these uncertain times try to do more with less, the internal audit function is no exception. A new internal
More informationInternal Audit Leads the Way to Performance Improvement
April 2011 Internal Audit Leads the Way to Performance Improvement A White Paper by Patrick D. Warren, James Hannan, and Craig P. Youngberg Audit Tax Advisory Risk Performance The Unique Alternative to
More informationInsurance Industry Expertise
Insurance Industry Expertise Delivered With High-Level Attention and Service Audit Tax Advisory Risk Performance The Unique Alternative to the Big Four For more than 50 years, clients in all sectors of
More informationCrowe Automotive Accelerator for Microsoft Dynamics AX
Crowe Automotive Accelerator for Microsoft Dynamics AX Full ERP Functionality for Automotive Industry Suppliers Audit Tax Advisory Risk Performance The Unique Alternative to the Big Four Crowe Horwath
More informationThird-Party Risk Management for Life Sciences Companies
April 2016 Third-Party Risk Management for Life Sciences Companies Five Leading Practices for Data Protection By Mindy Herman, PMP, and Michael Lucas, CISSP Audit Tax Advisory Risk Performance Crowe Horwath
More informationLeveraging Your ERP System to Enhance Internal Controls
July 2015 Leveraging Your ERP System to Enhance Internal Controls Public Sector Entities By Melinda J. DeCorte, CPA, CFE, CGFM, and Jeanne M. Owings, Principal Audit Tax Advisory Risk Performance Even
More informationSocial Media Risk Assessment. The Unique Alternative to the Big Four
Social Media Risk Assessment The Unique Alternative to the Big Four Overview of Social Media Agenda Why Use Social Media? Recent Guidance Executing a Social Media Risk Assessment 2013 Crowe Horwath LLP
More informationRaj Chaudhary, PE, CGEIT Partner, Crowe Horwath LLP. Chris Reffkin, CISSP Manager, Crowe Horwath LLP www.crowehorwath.com/hipaa
HIPAA/HITECH Security and Privacy A Practical Approach Presented by: Raj Chaudhary, PE, CGEIT Partner, Crowe Horwath LLP Chris Reffkin, CISSP Manager, Crowe Horwath LLP www.crowehorwath.com/hipaa Learning
More informationOCC 98-3 OCC BULLETIN
To: Chief Executive Officers and Chief Information Officers of all National Banks, General Managers of Federal Branches and Agencies, Deputy Comptrollers, Department and Division Heads, and Examining Personnel
More informationCISM (Certified Information Security Manager) Document version: 6.28.11
CISM (Certified Information Security Manager) Document version: 6.28.11 Important Note About CISM PDF techexams CISM PDF is a comprehensive compilation of questions and answers that have been developed
More informationHow To Manage Risk With Sas
SOLUTION OVERVIEW SAS Solutions for Enterprise Risk Management A holistic view of risk of risk and exposures for better risk management Overview The principal goal of any financial institution is to generate
More informationLeveraging a Maturity Model to Achieve Proactive Compliance
Leveraging a Maturity Model to Achieve Proactive Compliance White Paper: Proactive Compliance Leveraging a Maturity Model to Achieve Proactive Compliance Contents Introduction............................................................................................
More informationViewpoint ediscovery Services
Xerox Legal Services Viewpoint ediscovery Platform Technical Brief Viewpoint ediscovery Services Viewpoint by Xerox delivers a flexible approach to ediscovery designed to help you manage your litigation,
More informationIntegrating GRC with Performance Management Demands Enterprise Solutions
As published in the April n May n June 2008 issue of Integrating GRC with Performance Demands Enterprise Solutions by Lee Dittmar, Principal, Deloitte Consulting LLP and Peter Vogel, Senior Manager, Deloitte
More informationFrom Information Management to Information Governance: The New Paradigm
From Information Management to Information Governance: The New Paradigm By: Laurie Fischer Overview The explosive growth of information presents management challenges to every organization today. Retaining
More informationHealthcare Data Management
Healthcare Data Management Expanding Insight, Increasing Efficiency, Improving Care WHITE PAPER This document contains Confidential, Proprietary and Trade Secret Information ( Confidential Information
More informationPoint of View: FINANCIAL SERVICES DELIVERING BUSINESS VALUE THROUGH ENTERPRISE DATA MANAGEMENT
Point of View: FINANCIAL SERVICES DELIVERING BUSINESS VALUE THROUGH ENTERPRISE DATA MANAGEMENT THROUGH ENTERPRISE DATA MANAGEMENT IN THIS POINT OF VIEW: PAGE INTRODUCTION: A NEW PATH TO DATA ACCURACY AND
More informationThe Informatica Solution for Improper Payments
The Informatica Solution for Improper Payments Reducing Improper Payments and Improving Fiscal Accountability for Government Agencies WHITE PAPER This document contains Confidential, Proprietary and Trade
More informationSub S Issues & Opportunities Bank Holding Company Association Spring Seminar May 4, 2015
Sub S Issues & Opportunities Bank Holding Company Association Spring Seminar May 4, 2015 Kevin Powers Partner, Crowe Horwath LLP Dub Sutherland Partner, Kennedy Sutherland LLP The information provided
More informationThe Five Critical Attributes of Effective Cybersecurity Risk Management
July 2015 The Five Critical Attributes of Effective Cybersecurity Risk Management A White Paper by Raj Chaudhary and Jared Hamilton Audit Tax Advisory Risk Performance The size, complexity, and everevolving
More informationWhitepaper Data Governance Roadmap for IT Executives Valeh Nazemoff
Whitepaper Data Governance Roadmap for IT Executives Valeh Nazemoff The Challenge IT Executives are challenged with issues around data, compliancy, regulation and making confident decisions on their business
More informationInformation Security Governance:
Information Security Governance: Designing and Implementing Security Effectively 2 nd Athens International Forum on Security 15 16 Jan 2009 Anestis Demopoulos, CISA, CISSP, CIA President of ISACA Athens
More informationPart A OVERVIEW...1. 1. Introduction...1. 2. Applicability...2. 3. Legal Provision...2. Part B SOUND DATA MANAGEMENT AND MIS PRACTICES...
Part A OVERVIEW...1 1. Introduction...1 2. Applicability...2 3. Legal Provision...2 Part B SOUND DATA MANAGEMENT AND MIS PRACTICES...3 4. Guiding Principles...3 Part C IMPLEMENTATION...13 5. Implementation
More informationNew PCI Standards Enhance Security of Cardholder Data
December 2013 New PCI Standards Enhance Security of Cardholder Data By Angela K. Hipsher, CISA, QSA, Jeff A. Palgon, CPA, CISSP, QSA, and Craig D. Sullivan, CPA, CISA, QSA Payment cards a favorite target
More informationManagement Update: The Cornerstones of Business Intelligence Excellence
G00120819 T. Friedman, B. Hostmann Article 5 May 2004 Management Update: The Cornerstones of Business Intelligence Excellence Business value is the measure of success of a business intelligence (BI) initiative.
More informationTHE UH OH MOMENT. Financial Services Enterprises Focus on Governance, Transparency and Supply Chain Risk
THE UH OH MOMENT Financial Services Enterprises Focus on Governance, Transparency and Supply Chain Risk By Lois Coatney, Chuck Walker and Joseph Yacura, ISG Directors www.isg-one.com INTRODUCTION A top
More informationGoodbye, SAS 70! Hello, SSAE 16!
Goodbye, SAS 70! Hello, SSAE 16! A Session to Provide Insight on the New Standard and What Service Providers and End-Users Need to Know January 3, 2012 Agenda Introduction Background on what was SAS 70
More informationNew Regulations and Mortgage Document Management: What it Means for Mortgage Servicers
New Regulations and Mortgage Document Management: What it Means for Mortgage Servicers CT Representation Services New Regulations and Mortgage Document Management: What it Means for Mortgage Servicers
More informationBuild an effective data integration strategy to drive innovation
IBM Software Thought Leadership White Paper September 2010 Build an effective data integration strategy to drive innovation Five questions business leaders must ask 2 Build an effective data integration
More informationDEVELOPING AN EFFECTIVE INTERNAL AUDIT TECHNOLOGY STRATEGY
DEVELOPING AN EFFECTIVE INTERNAL AUDIT TECHNOLOGY STRATEGY SEPTEMBER 2012 DISCLAIMER Copyright 2012 by The Institute of Internal Auditors (IIA) located at 247 Maitland Ave., Altamonte Springs, Fla., 32701,
More informationQuestion: 1 Which of the following should be the FIRST step in developing an information security plan?
1 ISACA - CISM Certified Information Security Manager Exam Set: 1, INFORMATION SECURITY GOVERNANCE Question: 1 Which of the following should be the FIRST step in developing an information security plan?
More informationThe concrete impacts of BCBS principles on data value chains
The concrete impacts of BCBS principles on data value chains Jean-Pierre Maissin Partner Technology & Enterprise Application Deloitte Jean-Philippe Peters Partner Governance, Risk & Compliance Deloitte
More informationthe evolving governance Model for CYBERSECURITY RISK By Gary owen, Director, Promontory Financial Group
the evolving governance Model for CYBERSECURITY RISK By Gary owen, Director, Promontory Financial Group 54 Banking PersPective Quarter 2, 2014 Responsibility for the oversight of information security and
More informationHow To Create A Healthcare Data Management For Providers Solution From An Informatica Data Management Solution
White Paper Healthcare Data Management for Providers Expanding Insight, Increasing Efficiency, Improving Care This document contains Confidential, Proprietary and Trade Secret Information ( Confidential
More informationAn Oracle White Paper November 2011. Financial Crime and Compliance Management: Convergence of Compliance Risk and Financial Crime
An Oracle White Paper November 2011 Financial Crime and Compliance Management: Convergence of Compliance Risk and Financial Crime Disclaimer The following is intended to outline our general product direction.
More informationWhite Paper. An Overview of the Kalido Data Governance Director Operationalizing Data Governance Programs Through Data Policy Management
White Paper An Overview of the Kalido Data Governance Director Operationalizing Data Governance Programs Through Data Policy Management Managing Data as an Enterprise Asset By setting up a structure of
More informationSpecifically Engineered for High-Tech Companies
Crowe Risk Consulting Services Specifically Engineered for High-Tech Companies Audit Tax Advisory Risk Performance Technology companies face an array of risks, many of which are unique to the high-tech
More informationCreating a Business Intelligence Competency Center to Accelerate Healthcare Performance Improvement
Creating a Business Intelligence Competency Center to Accelerate Healthcare Performance Improvement Bruce Eckert, National Practice Director, Advisory Group Ramesh Sakiri, Executive Consultant, Healthcare
More informationINTELLIGENCE AND HOMELAND DEFENSE INSIGHT
I N D U S T R Y INTELLIGENCE AND HOMELAND DEFENSE INSIGHT INTELLIGENCE AND HOMELAND DEFENSE CHALLENGES The Intelligence Community (IC) needs the right information, in real time, to make critical decisions.
More informationCyber Governance Preparing for the Inevitable Perimeter Breach
SAP Brief SAP Extensions SAP Regulation Management by Greenlight, Cyber Governance Edition Objectives Cyber Governance Preparing for the Inevitable Perimeter Breach Augment your preventive cybersecurity
More informationLeveraging data analytics and continuous auditing processes for improved audit planning, effectiveness, and efficiency. kpmg.com
Leveraging data analytics and continuous auditing processes for improved audit planning, effectiveness, and efficiency kpmg.com Leveraging data analytics and continuous auditing processes 1 Executive
More informationThe following is intended to outline our general product direction. It is intended for informational purposes only, and may not be incorporated into
The following is intended to outline our general product direction. It is intended for informational purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any
More informationSAP ERP FINANCIALS ENABLING FINANCIAL EXCELLENCE. SAP Solution Overview SAP Business Suite
SAP Solution Overview SAP Business Suite SAP ERP FINANCIALS ENABLING FINANCIAL EXCELLENCE ESSENTIAL ENTERPRISE BUSINESS STRATEGY PROVIDING A SOLID FOUNDATION FOR ENTERPRISE FINANCIAL MANAGEMENT 2 Even
More informationNSW Data & Information Custodianship Policy. June 2013 v1.0
NSW Data & Information Custodianship Policy June 2013 v1.0 CONTENTS 1. PURPOSE... 4 2. INTRODUCTION... 4 2.1 Information Management Framework... 4 2.2 Data and information custodianship... 4 2.3 Terms...
More informationAddressing IT governance, risk and compliance (GRC) to meet regulatory requirements and reduce operational risk in financial services organizations
White Paper September 2009 Addressing IT governance, risk and compliance (GRC) to meet regulatory requirements and reduce operational risk in financial services organizations Page 2 Contents 2 Executive
More informationRole of Analytics in Infrastructure Management
Role of Analytics in Infrastructure Management Contents Overview...3 Consolidation versus Rationalization...5 Charting a Course for Gaining an Understanding...6 Visibility into Your Storage Infrastructure...7
More informationFortune 500 Medical Devices Company Addresses Unique Device Identification
Fortune 500 Medical Devices Company Addresses Unique Device Identification New FDA regulation was driver for new data governance and technology strategies that could be leveraged for enterprise-wide benefit
More informationEnabling Data Quality
Enabling Data Quality Establishing Master Data Management (MDM) using Business Architecture supported by Information Architecture & Application Architecture (SOA) to enable Data Quality. 1 Background &
More informationBank Secrecy Act Anti-Money Laundering Examination Manual
Bank Secrecy Act Anti-Money Laundering Examination Manual Core Overview - Customer Identification Program Assess the bank's compliance with the statutory and regulatory requirements for the Customer Identification
More informationMIPRO s Business Intelligence Manifesto: Six Requirements for an Effective BI Deployment
MIPRO s Business Intelligence Manifesto: Six Requirements for an Effective BI Deployment Contents Executive Summary Requirement #1: Execute Dashboards Effectively Requirement #2: Understand the BI Maturity
More informationNorth Highland Data and Analytics. Data Governance Considerations for Big Data Analytics
North Highland and Analytics Governance Considerations for Big Analytics Agenda Traditional BI/Analytics vs. Big Analytics Types of Requiring Governance Key Considerations Information Framework Organizational
More informationCFPB Consumer Laws and Regulations
General Principles and Introduction Supervised entities within the scope of CFPB s supervision and enforcement authority include both depository institutions and non-depository consumer financial services
More informationAmerica s New Cybersecurity Framework: Help or New Source of Exposure?
America s New Cybersecurity Framework: Help or New Source of Exposure? BY BEHNAM DAYANIM, RYAN NIER & ELIZABETH DORSI March 2014 Data theft is on the rise, and the federal government is concerned. In 2013
More informationThe Risk Management Framework: Building a Secure and Regulatory Compliant Trading Architecture
The Risk Management Framework: Building a Secure and Regulatory Compliant Trading Architecture Introduction Enterprise architectures in financial institutions are traditionally built around functional
More informationResilient and Sustainable Supply Chain September 30 th 2015. The Unique Alternative to the Big Four
Resilient and Sustainable Supply Chain September 30 th 2015 The Unique Alternative to the Big Four Resilient and Sustainable Supply Chain Welcome The presentation will begin promptly at noon Eastern. Audio:
More informationElegantJ BI. White Paper. Considering the Alternatives Business Intelligence Solutions vs. Spreadsheets
ElegantJ BI White Paper Considering the Alternatives Integrated Business Intelligence and Reporting for Performance Management, Operational Business Intelligence and Data Management www.elegantjbi.com
More informationHP SOA Systinet software
HP SOA Systinet software Govern the Lifecycle of SOA-based Applications Complete Lifecycle Governance: Accelerate application modernization and gain IT agility through more rapid and consistent SOA adoption
More informationPulling it all together: Integrated Solutions for Governance, Risk and Compliance
Customer Practice Profile Pulling it all together: Integrated Solutions for Governance, Risk and Compliance The business case for a new enterprise approach to GRC Integrated solutions for Governance, Risk
More informationIs It Time to Centralize Your Accounting Office?
December 2014 Is It Time to Centralize Your Accounting Office? Back-Office Consolidation Can Help Auto Dealers Manage Multiple Locations Jodi Kippe, CPA, and Kara Perkins, CPA Many dealers face the issue
More informationAn Oracle White Paper October 2009. An Integrated Approach to Fighting Financial Crime: Leveraging Investments in AML and Fraud Solutions
An Oracle White Paper October 2009 An Integrated Approach to Fighting Financial Crime: Leveraging Investments in AML and Fraud Solutions Executive Overview Today s complex financial crime schemes pose
More informationCONNECTING DATA WITH BUSINESS
CONNECTING DATA WITH BUSINESS Big Data and Data Science consulting Business Value through Data Knowledge Synergic Partners is a specialized Big Data, Data Science and Data Engineering consultancy firm
More informationTransforming risk management into a competitive advantage kpmg.com
INSURANCE RISK MANAGEMENT ADVISORY SOLUTIONS Transforming risk management into a competitive advantage kpmg.com 2 Transforming risk management into a competitive advantage Assessing risk. Building value.
More informationHow To Create An Insight Analysis For Cyber Security
IBM i2 Enterprise Insight Analysis for Cyber Analysis Protect your organization with cyber intelligence Highlights Quickly identify threats, threat actors and hidden connections with multidimensional analytics
More informationOutperform Financial Objectives and Enable Regulatory Compliance
SAP Brief Analytics s from SAP SAP s for Enterprise Performance Management Objectives Outperform Financial Objectives and Enable Regulatory Compliance Drive better decisions and streamline the close-to-disclose
More informationBOARD OF GOVERNORS FEDERAL RESERVE SYSTEM
BOARD OF GOVERNORS OF THE FEDERAL RESERVE SYSTEM WASHINGTON, D.C. 20551 DIVISION OF BANKING SUPERVISION AND REGULATION DIVISION OF CONSUMER AND COMMUNITY AFFAIRS SR 12-17 CA 12-14 December 17, 2012 TO
More informationSarbanes-Oxley: Beyond. Using compliance requirements to boost business performance. An RIS White Paper Sponsored by:
Beyond Sarbanes-Oxley: Using compliance requirements to boost business performance The business regulatory environment in the United States has changed. Public companies have new obligations to report
More informationCyberprivacy and Cybersecurity for Health Data
Experience the commitment Cyberprivacy and Cybersecurity for Health Data Building confidence in health systems Providing better health care quality at lower cost will be the key aim of all health economies
More informationbuilding a business case for governance, risk and compliance
building a business case for governance, risk and compliance contents introduction...3 assurance: THe last major business function To be integrated...3 current state of grc: THe challenges... 4 building
More informationThe promise and pitfalls of cyber insurance January 2016
www.pwc.com/us/insurance The promise and pitfalls of cyber insurance January 2016 2 top issues The promise and pitfalls of cyber insurance Cyber insurance is a potentially huge but still largely untapped
More informationCA Service Desk Manager
PRODUCT BRIEF: CA SERVICE DESK MANAGER CA Service Desk Manager CA SERVICE DESK MANAGER IS A VERSATILE, COMPREHENSIVE IT SUPPORT SOLUTION THAT HELPS YOU BUILD SUPERIOR INCIDENT AND PROBLEM MANAGEMENT PROCESSES
More informationBridging The Gap: Solving the Challenge of Compliance & Data Governance
Bridging The Gap: Solving the Challenge of Compliance & Data Governance Banks are struggling to keep up with the data demands of regulators. New global regulations require Bank Compliance groups to provide
More informationTeradata and Protegrity High-Value Protection for High-Value Data
Teradata and Protegrity High-Value Protection for High-Value Data 03.16 EB7178 DATA SECURITY Table of Contents 2 Data-Centric Security: Providing High-Value Protection for High-Value Data 3 Visibility:
More informationSolving data residency and privacy compliance challenges Delivering business agility, regulatory compliance and risk reduction
Solving data residency and privacy compliance challenges Delivering business agility, regulatory compliance and risk reduction Introduction In today s dynamic business environment, corporation s intangible
More informationThe PNC Financial Services Group, Inc. Business Continuity Program
The PNC Financial Services Group, Inc. Business Continuity Program 1 Content Overview A. Introduction Page 3 B. Governance Model Page 4 C. Program Components Page 4 Business Impact Analysis (BIA) Page
More informationDriving Business Value. A closer look at ERP consolidations and upgrades
IT advisory SERVICES Driving Business Value A closer look at ERP consolidations and upgrades KPMG LLP Meaningful business decisions that help accomplish business goals and growth objectives may call for
More informationTRACK BEYOND THE RACK MANAGING IT ASSETS ACROSS THE ENTERPRISE
TRACK BEYOND THE RACK ITAM Track Beyond the Rack The current buzz around ITAM (IT Asset Management) has solely focused on assets residing in the data center. However ITAM is more then servers and racks.
More informationState of Minnesota. Enterprise Security Strategic Plan. Fiscal Years 2009 2013
State of Minnesota Enterprise Security Strategic Plan Fiscal Years 2009 2013 Jointly Prepared By: Office of Enterprise Technology - Enterprise Security Office Members of the Information Security Council
More informationAvoiding the Top 5 Vulnerability Management Mistakes
WHITE PAPER Avoiding the Top 5 Vulnerability Management Mistakes The New Rules of Vulnerability Management Table of Contents Introduction 3 We ve entered an unprecedented era 3 Mistake 1: Disjointed Vulnerability
More informationManaging Utility Capital Projects Using Enterprise Project Portfolio Management Solutions
An Oracle White Paper January 2012 Managing Utility Capital Projects Using Enterprise Project Portfolio Management Solutions Executive Overview Utility executives worldwide face a precarious balancing
More informationData Quality for BASEL II
Data Quality for BASEL II Meeting the demand for transparent, correct and repeatable data process controls Harte-Hanks Trillium Software www.trilliumsoftware.com Corporate Headquarters + 1 (978) 436-8900
More informationLowering E-Discovery Costs Through Enterprise Records and Retention Management. An Oracle White Paper March 2007
Lowering E-Discovery Costs Through Enterprise Records and Retention Management An Oracle White Paper March 2007 Lowering E-Discovery Costs Through Enterprise Records and Retention Management Exponential
More informationWhite Paper Achieving PCI Data Security Standard Compliance through Security Information Management. White Paper / PCI
White Paper Achieving PCI Data Security Standard Compliance through Security Information Management White Paper / PCI Contents Executive Summary... 1 Introduction: Brief Overview of PCI...1 The PCI Challenge:
More informationManaging Workflow Tracking in Discovery Efforts How a proactive solution can help you
Managing Workflow Tracking in Discovery Efforts How a proactive solution can help you As used in this document, Deloitte means Deloitte Financial Advisory Services LLP, which provides forensic, dispute,
More informationAn Oracle White Paper January 2010. Access Certification: Addressing & Building on a Critical Security Control
An Oracle White Paper January 2010 Access Certification: Addressing & Building on a Critical Security Control Disclaimer The following is intended to outline our general product direction. It is intended
More informationCA HalvesThe Cost Of Testing IT Controls For Sarbanes-Oxley Compliance With Unified Processes.
TECHNOLOGY BRIEF: REDUCING COST AND COMPLEXITY WITH GLOBAL GOVERNANCE CONTROLS CA HalvesThe Cost Of Testing IT Controls For Sarbanes-Oxley Compliance With Unified Processes. Table of Contents Executive
More informationDEMONSTRATING THE ROI FOR SIEM
DEMONSTRATING THE ROI FOR SIEM Tales from the Trenches HP Enterprise Security Business Whitepaper Introduction Security professionals sometimes struggle to demonstrate the return on investment for new
More informationHaving Trouble Explaining and Predicting Net Revenue?
Having Trouble Explaining and Predicting Net Revenue? Crowe Revenue Cycle Analytics Audit Tax Advisory Risk Performance The Crowe Revenue Cycle Analytics Solution As shown below in use by hundreds of hospitals
More informationSolving Key Management Problems in Lotus Notes/Domino Environments
Solving Key Management Problems in Lotus Notes/Domino Environments An Osterman Research White Paper sponsored by Published April 2007 sponsored by Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington
More informationMoving Forward with IT Governance and COBIT
Moving Forward with IT Governance and COBIT Los Angeles ISACA COBIT User Group Tuesday 27, March 2007 IT GRC Questions from the CIO Today s discussion focuses on the typical challenges facing the CIO around
More informationHow To Manage Third Party Relationship Risk
November 2011 Managing Third-Party Relationship Risk A Crowe Horwath LLP White Paper by Gregg Anderson, R. Michael Varney, Patrick D. Warren, Jill M. Czerwinski, and Eric G. Andolina Audit Tax Advisory
More information