OUTSOURCING DUE DILIGENCE FORM
|
|
- Claud Wilkerson
- 8 years ago
- Views:
Transcription
1 OUTSOURCING DUE DILIGENCE FORM SERVICE TO BE OUTSOURCED 1. Type of service to be outsourced: Accounting/Finance: Compliance Consulting: Legal Services: Administrative Functions: Information Technology: Operations/Support Functions: Other: 2. Is this service essential to the operation of the Firm (i.e. transaction order entry; custody and prime brokerage; service designed to promote rapid recovery of operations etc.)? Yes No APPROPRIATENESS OF OUTSOURCING 1. Potential impact on Firm if service provider fails to perform: Financial Impact: High Medium Low N/A Reputational Impact: High Medium Low N/A Operational Impact: High Medium Low N/A Customer Service Impact: High Medium Low N/A Potential Losses to Customers: High Medium Low N/A Comply with Regulatory Requirements: High Medium Low N/A Costs to Firm: High Medium Low N/A Degree of Difficulty Replacing Service Provider: High Medium Low N/A 2. Is there an affiliation or other relationship between the Firm and the service provider? Yes No If yes, please describe the relationship and any potential conflicts of interest: 3. Is the service provider a regulated entity subject to independent supervision? Yes No If yes, name of regulator: SERVICE PROVIDER INFORMATION 1. General Information Firm Name: Firm Address: Contact Name(s): CRD # (if applicable): Phone: Fax: Website: Outsourcing Due Diligence Form 1
2 (PAGE 2) 2. Is the service provider owned/controlled by a Parent Co.? Yes Name: No 3. Personnel: Approximate # of employees: Does the service provide hire independent contractors? Yes No 4. Background Information: How many years has the service provider been in business? How many years has the service provider provided the outsourced function? Is the service provider known to the Firm or employees of the Firm? Yes No If yes, please name the individual(s) and describe any prior experience each had with the service provider: DUE DILIGENCE 1. What methods did the Firm use to verify the service provider s information? (Choose all that apply.) FINRA Public Disclosure Internet Research Entity Formation Documents SEC Public Disclosure Credit/Background Check Independent Research Form BD/ADV Media/News Reports Personal Referral Business Plan 10K RFP Policies and Procedures Manual(s) Personal Interviews Marketing Materials Financials Onsite Inspection Sales Materials Other: Does the firm maintain evidence of the above methods used to verify the service provider s information (i.e. copies of documents reviewed; notes from personal interviews and onsite inspections; printouts from public disclosure sites etc.)? Yes No If yes, please identify where this evidence is maintained: 2. Please list any other Firms that use this service (if contacted personally, identify the name of the contact and the result of the contact): 3. Please describe the background and experience of individuals who will be performing the services: 4. Based on your review of the information, has the service provider and/or its principals been subject to any regulatory, criminal or civil disciplinary issues? Yes No If yes, please describe: Outsourcing Due Diligence Form 2
3 5. Based on your review of the information, please describe the service provider s ability and capacity to perform the outsourced activities effectively, reliably, and to a high standard (include in your description relevant technical, financial, human resources, and/or other assets of the service provider): 6. Does the service provider have a business continuity plan? Yes No If yes, review a copy of the plan and comment on its adequacy: 7. Is privacy and protection of non-public information a factor in outsourcing? Yes No If yes, comment on the adequacy of the service provider s for safeguarding non-public information: 8. After reviewing the information, are there any questionable issues or potential conflicts of interest? Yes No If yes, please describe: CONTRACTS AND AGREEMENTS 1. Has (or will) the Firm entered into a written agreement with the service provider? Yes No If yes, please identify the relevant provisions and disclosures in the contract (choose all that apply). Provides for Firm and regulator access to records Firm and client confidentiality Limitations on service provider s ability to sub-contract Payment arrangements Defines responsibilities of all parties subject to contract Provide quality services measures Defines how responsibilities will be monitored Guarantees and indemnities Liability for unsatisfactory performance or other breach Information security provisions Requirement to maintain a disaster recovery plan Disclosure of breaches in security Time Commitment (Termination Date): Other relevant provision(s): 2. Was the written agreement reviewed by the Firm s legal counsel? Yes No N/A If yes, name of legal counsel: Date of Review: 3. Was the written agreement reviewed by the principal responsible for outsourcing functions? Yes No If yes, name of principal: Date of Review: Outsourcing Due Diligence Form 3
4 OVERSIGHT AND PERIODIC REVIEW 1. Who is responsible for the periodic oversight and review of the outsourced service? 2. Please identify the individual(s) who will monitor the outsourced service? 3. Please identify the tools that will be used to monitor the outsourced service: Service delivery reports prepared internally Service delivery reports supplied by the service provider Publicly available resources Performance levels established in written agreement Internal auditor Onsite inspection External auditor Attestations by service provider Other 4. Frequency of monitoring: Daily Weekly Monthly Quarterly Annually Other 5. If deficiencies are found, are there procedures in place to respond to such deficiencies (i.e. communicate with the service provider; terminate the contract)? Yes No DOCUMENTATION REVIEW AND APPROVAL 1. Individual(s) responsible for completing this due diligence review: a. b. c. Supervising Principal: I have reviewed the information contained in this Outsourcing Due Diligence Form and: The Firm has elected to use the service provider above. The Firm will not use the service provider above. Supervisor Signature Date Printed Name of Supervisor Outsourcing Due Diligence Form 4
5 Contact Information Initial Vendor Due Diligence & Checklist This questionnaire and checklist is intended to assist advisers in conducting due diligence when selecting a new service provider/vendor. Vendor should also complete the Initial Due Diligence Questionnaire, which requests information regarding data protection, insurance and references. Vendor Name: Phone: Contact Person: Description of services/products proposed: Company Information 1. Where is the vendor headquarters located? 2. Where are its local offices? 3. How many employees does the vendor have? 4. How long has the vendor been in business? 5. If the vendor is not independent, who owns the vendor's company? 6. Who are the vendor s typical clients? 7. How many clients does the vendor currently serve? 8. Who does the vendor consider to be its competitors? 9. How does the product/service stack up against the competition (list strengths and weaknesses)? 10. Other: Service/Product Offering 1. What is the name of the product/service? 2. How would you describe the product/service? 3. Are any enhancements for the product/service already in planning stages? 4. Describe initial and ongoing training, including any additional costs involved: 5. Who will be the main contact for questions/concerns? 2010 Advisor Solutions Group, Inc. Page 1 of 2 Revised July 2011
6 6. What is the background and experience of individuals who will be providing the product/ performing the service? References (refer to Initial Due Diligence Questionnaire) Company Name: Phone: Name & Title: Company Name: Phone: Name & Title: Is the service provider known to the Adviser or any employee(s) of the Adviser? Yes No If yes, describe any prior experience each person had with the service provider: Conduct Internet searches to determine whether adverse events, rumors, or other questionable items pertaining to the vendor are circulating. If such events are discovered, research as applicable. Contracts & Agreements Consider the following provisions and disclosures when reviewing a vendor s service contract/agreement: Ownership and access to records and data Defines responsibilities of all parities subject to contract Liability for unsatisfactory performance or other breach Time commitment (Termination Date) Payment structure Guarantees and indemnities Provisions for breaches in security of non-public information Provisions on service provider ability to sub-contract Defines how responsibilities will be monitored Confidentiality disclosure Defines specifics of deliverable and scope of service Information security provisions to safeguard nonpublic information Requirement to maintain a disaster recovery plan or business continuity plan Other relevant provisions/disclosures: Document Checklist Initial Due Diligence Questionnaire Proposal or Vendor Agreement SAS 70 / Internal Controls Report Disaster Recovery Plan Privacy / Security Policy Proof of Liability of Insurance Financial Records Other: General Review Completed by: Print Name Title Date 2010 Advisor Solutions Group, Inc. Page 2 of 2 Revised July 2011
7 Ongoing Vendor Due Diligence Evaluation This evaluation is intended to assist advisers with the ongoing oversight and review of outsourced services. This internal evaluation should be conducted by individual(s) at the firm who use or rely most on the services / products provided and reviewed by compliance, as needed. Vendor Name: Contact Person: Phone/ Description of services/products provided: Vendor Contact Information Vendor Checklist Use the following table to rate the firm s satisfaction with each item listed. List each score in the righthand column and calculate total score below. List relevant comments/observations below each item and discuss with vendor, as necessary. 1. Request and Review Vendor Due Diligence Questionnaire: ensure responses and documentation provided is appropriate and complete. SCORE 4 = Very Satisfied 3 = Satisfied 2 = Dissatisfied 1 = Very Dissatisfied 2. Service Agreement: ensure that the vendor is adhering to all terms of the written agreement and performing services under such agreement. 3. Competitiveness of Terms and Conditions: review service agreement and ensure all services/products outlined in the agreement are actually necessary and being used by the firm. 4. Competitiveness of Price: compare the price of services/product rendered to the current services preformed/products provided. Consider if obtaining price comparisons is necessary. This could be done by calling other vendors and/or searching the Internet to compare prices. 5. Expertise & Responsiveness of Sales/Technical Support Staff: consider interaction with vendor and their ability to respond to requests. 6. Ability to Meet Deadlines/Deliver Product or Service on Time: consider vendors ability to deliver product/service when promised. 7. Data Protection/Security Breaches: consider the manner in which client information is handled and protected. Review current safeguards and determine if they are effective Advisor Solutions Group, Inc. Page 1 of 2 Revised October 1, 2010
8 Vendor Checklist Use the following table to rate the firm s satisfaction with each item listed. List each score in the righthand column and calculate total score below. List relevant comments/observations below each item and discuss with vendor, as necessary. 8. Financial Stability: consider the vendor s 1) business model 2) # of clients compared to # of staff 3) staff turnover, as significant changes in these areas could be indicators of an unstable vendor. SCORE 4 = Very Satisfied 3 = Satisfied 2 = Dissatisfied 1 = Very Dissatisfied 9. Reputation of Company: conduct Internet searches such as a Google search to determine what rumors might be circulating regarding the vendor. If something turns up, research the finding. Ask other professionals in the industry about their knowledge or experience with vendor. Analysis: Total Score: Vendor performance meets or exceeds firm expectations; no further action necessary Vendor performance needs improvement; discuss areas of weakness with vendor Substantial improvement necessary; consult with vendor and/or replace or below Contracts & Agreements It is a best practice to periodically review a vendor s service contract/agreement to ensure all necessary provisions are addressed and relevant. Consider the following provisions and disclosures when reviewing a vendor s service contract/agreement: Ownership and access to records and data Defines responsibilities of all parities subject to contract Liability for unsatisfactory performance or other breach Time commitment (Termination Date) Payment arrangements Guarantees and indemnities Provisions for breaches in security of non-public information Provisions on service provider ability to sub-contract Defines how responsibilities will be monitored Confidentiality disclosure Defines specifics of deliverable and scope of service Information security provisions to safeguard non-public information Requirement to maintain a disaster recovery plan or business continuity plan Other relevant provisions/disclosures: Document Checklist Ongoing Due Diligence Questionnaire SAS 70 / Internal Controls Report Disaster Recovery Plan Privacy / Security Policy Proof of Liability of Insurance Financial Records Other: General Review Completed by: Print Name Title Date 2010 Advisor Solutions Group, Inc. Page 2 of 2 Revised October 1, 2010
9 Real Processes for Vendor Selection and Management Vendor Selection Seek out vendors offering compliance solutions. Poll other firms Materials from Meetings Attended Review Trade Group Web Sites Evaluate whether the product or service provides a comprehensive compliance solution. Identify regulatory requirements Identify business needs Identify technical requirements Create a business case How will product/service be delivered or supported? On-Site Delivery Web-based & Attachments Ask about technological infrastructure and get your IT department or resources involved. Programming language Version Releases How does the vendor support upgrades? (Include in Contract) Is product/service compatible with your current office systems? Take it for a test drive! Load your data into test environment or request it be incorporated in sales demo. o (Be sure to have a confidentiality agreement signed first!) Get familiar with functionality and assess the impact on your current workflows. Create test scenarios to address gaps in your current processes. Obtain an understanding of people, service teams, legal and organizational structure of vendor. How long has the vendor been in business? Office locations Outsourcing partners Open positions, recent new hires and departures Client base (i.e. how many, type, oldest and newest clients?)
10 Business Continuity Where is the vendor s recovery site? Does the plan rely primarily on remote access? How often is the plan tested? o Request results from most recent test. If not provided ask vendor to describe whether or not there were any issues and how they were resolved. Has BCP been activated in the last 12 months? Describe the event, duration and whether client s experienced any disruptions with product/service. Obtain references and speak with clients and users. Implementation Enlist an executive sponsor or endorsement from senior management. Create an implementation team get the right people involved and time commitment. Communicate goals, objectives and expectations. Establish weekly team meetings. Ask team members to provide status reports. Appoint a Project Manger to act as a liaison between vendor and implementation team. Create a Project Plan with key milestones and target dates. Document work flows and sources of data. Build in time for adequate testing. If possible, run new system in parallel with legacy system. Track implementation issues and make certain they are adequately resolved before go-live. If system is a critical business application, update your firm s business continuity plan. Update policies and procedures, marketing materials and client disclosures as necessary. Provide training to employees and compliance users. Involve Employees in development of procedures and forms usage Communicate release and benefits of new system. Relationship Management Post implementation approximately 3 to 6 months after go-live. Report issues to project team. Track issues and work with vendor to resolve to your satisfaction. Escalate issues of high risk to risk management team.
11 Weekly/Monthly meetings with vendor as needed. Conduct a due diligence visit with vendor. Meet at the vendor s office and visit with support teams and people who worked on your implementation. Prepare an agenda for the meeting -tell the vendor what you want to discuss and see. Maintain documentation of due diligence review. Request vendor s Code of Ethics, Business Continuity Plan, SSAE 16, Privacy Policy. Prepare a written report with your observations and recommendations. Participate in User conferences. Seek out users who have similar business needs and face similar challenges. Make recommendations for enhancements. Continually assess whether your business needs are met with your current compliance solution. Conduct Mock Audit to test effectiveness Are controls effective? Are there any known critical weaknesses? Is the vendor responsive? Follow developments related to vendor and competitors.
GUIDANCE FOR MANAGING THIRD-PARTY RISK
GUIDANCE FOR MANAGING THIRD-PARTY RISK Introduction An institution s board of directors and senior management are ultimately responsible for managing activities conducted through third-party relationships,
More informationPRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES
PRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES TECHNICAL COMMITTEE OF THE INTERNATIONAL ORGANIZATION OF SECURITIES COMMISSIONS FEBRUARY 2005 Preamble The IOSCO Technical Committee
More informationVendor Management Compliance Top 10 Things Regulators Expect
Vendor Management Compliance Top 10 Things Regulators Expect Paul M. Phillips, CFA Attorney, Adams and Reese Pamela T. Rodriguez, AAP, CIA, CISA EVP, Risk Management & Education, EastPay 2014 EastPay.
More informationRisk Management of Outsourced Technology Services. November 28, 2000
Risk Management of Outsourced Technology Services November 28, 2000 Purpose and Background This statement focuses on the risk management process of identifying, measuring, monitoring, and controlling the
More informationMorgan Stanley. Policy for the Management of Third Party Residential Mortgage Servicing Providers
Morgan Stanley Policy for the Management of Third Party Residential Mortgage Servicing Providers Title Policy for the Management of Third Party Residential Mortgage Servicing Providers Effective Date Owner
More informationCredit Union Liability with Third-Party Processors
World Council of Credit Unions Annual Conference Credit Union Liability with Third-Party Processors Andrew (Andy) Poprawa CEO, Deposit Insurance Corporation of Ontario Canada 1 Credit Union Liability with
More informationThe ADT Corporation. Audit Committee Charter. December 2014
The ADT Corporation Audit Committee Charter December 2014 1 TABLE OF CONTENTS Purpose... 3 Authority... 3 Composition... 3 Meetings... 3 Responsibilities... 4 Financial Statements... 4 External Audit...
More informationwww.pwc.com Third Party Risk Management 12 April 2012
www.pwc.com Third Party Risk Management 12 April 2012 Agenda 1. Introductions 2. Drivers of Increased Focus on Third Parties 3. Governance 4. Third Party Risks and Scope 5. Third Party Risk Profiling 6.
More informationPRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES
PRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES A CONSULTATION REPORT OF THE INTERNATIONAL ORGANIZATION OF SECURITIES COMMISSIONS STANDING COMMITTEE 3 ON MARKET INTERMEDIARIES
More informationMental Health Resources, Inc. Mental Health Resources, Inc. Corporate Compliance Plan Corporate Compliance Plan
Mental Health Resources, Inc. Mental Health Resources, Inc. Corporate Compliance Plan Corporate Compliance Plan Adopted: January 2, 2007 Revised by Board of Directors on September 4, 2007 Revised and Amended
More informationGUIDANCE NOTE ON OUTSOURCING
GN 14 GUIDANCE NOTE ON OUTSOURCING Office of the Commissioner of Insurance Contents Page I. Introduction.. 1 II. Application...... 1 III. Interpretation.... 2 IV. Legal and Regulatory Obligations... 3
More informationFinancial Services Guidance Note Outsourcing
Financial Services Guidance Note Issued: April 2005 Revised: August 2007 Table of Contents 1. Introduction... 3 1.1 Background... 3 1.2 Definitions... 3 2. Guiding Principles... 5 3. Key Risks of... 14
More informationDomain 1 The Process of Auditing Information Systems
Certified Information Systems Auditor (CISA ) Certification Course Description Our 5-day ISACA Certified Information Systems Auditor (CISA) training course equips information professionals with the knowledge
More informationCharter of the Audit Committee of the Board of Directors
Charter of the Audit Committee of the Board of Directors Dated as of April 27, 2015 1. Purpose The Audit Committee is a committee of the Board of Directors (the Board ) of Yamana Gold Inc. (the Company
More informationTO: Chief Executive Officers of National Banks, Federal Branches and Data-Processing Centers, Department and Division Heads, and Examining Personnel
AL 2000 12 O OCC ADVISORY LETTER Comptroller of the Currency Administrator of National Banks Subject: Risk Management of Outsourcing Technology Services TO: Chief Executive Officers of National Banks,
More informationIV(g) GI- Due Diligence for Vendors and Service Providers
IV(g) GI- Due Diligence for Vendors and Service Providers PANEL AGENDA Lisa Roth Keystone Capital Corporation Fred Shane Commonwealth Financial Network 1. Outsourcing Overview 2. Examples of Outsourced
More informationFINAL DOCUMENT. Guidelines for Regulatory Auditing of Quality Management Systems of Medical Device Manufacturers Part 1: General Requirements
GHTF/SG4/N28R4:2008 FINAL DOCUMENT Title: Guidelines for Regulatory Auditing of Quality Management Systems of Medical Device Manufacturers Authoring Group: GHTF Study Group 4 Endorsed by: The Global Harmonization
More informationVendor Management Compliance Top 10 Things Regulators Expect
Vendor Management Compliance Top 10 Things Regulators Expect Peter Davey, AAP VP & Director, Enterprise Payments, CapitalOne Pamela T. Rodriguez, AAP, CIA, CISA EVP, Risk Management & Education, EastPay
More informationHALOZYME THERAPEUTICS, INC. CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS ORGANIZATION AND MEMBERSHIP REQUIREMENTS
HALOZYME THERAPEUTICS, INC. CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS I. STATEMENT OF POLICY The Audit Committee (the Committee ) of the Board of Directors (the Board ) of Halozyme Therapeutics,
More informationVendor Management Best Practices
23 rd Annual and One Day Seminar Vendor Management Best Practices Catherine Bruder CPA, CITP, CISA, CISM, CTGA Michigan Texas Florida Insight. Oversight. Foresight. SM Doeren Mayhew Bruder 1 $100 billion
More information3 rd Party Vendor Risk Management
3 rd Party Vendor Risk Management Session 402 Tuesday, June 9, 2015 (11 to 12pm) Session Objectives The need for enhanced reporting on vendor risk management Current outsourcing environment Key risks faced
More informationGUIDANCE NOTE OUTSOURCING OF FUNCTIONS BY ENTITIES LICENSED UNDER THE PROTECTION OF INVESTORS (BAILIWICK OF GUERNSEY) LAW, 1987
GUIDANCE NOTE OUTSOURCING OF FUNCTIONS BY ENTITIES LICENSED UNDER THE PROTECTION OF INVESTORS (BAILIWICK OF GUERNSEY) LAW, 1987 CONTENTS Page 1. Introduction 3-4 2. The Commission s Policy 5 3. Outsourcing
More informationCorporate Governance. Document Request List Funds
Document Request List Funds Please provide documents noted below, as applicable, in English. For new funds or existing funds where requested documents are currently being developed, please provide draft
More informationManaging Outsourcing Arrangements
Guidance Note GGN 221.1 Managing Outsourcing Arrangements 1. This Guidance Note provides further detail on the requirements for managing material outsourcing arrangements (refer Prudential Standard GPS
More informationStatement of Guidance: Outsourcing All Regulated Entities
Statement of Guidance: Outsourcing All Regulated Entities 1. STATEMENT OF OBJECTIVES 1.1. 1.2. 1.3. 1.4. This Statement of Guidance ( Guidance ) is intended to provide guidance to regulated entities on
More informationPROPOSAL EXHIBIT B Questionnaire
PROPOSAL EXHIBIT B Questionnaire Please respond to each requirement below. The responses will be used to determine the finalists who will be invited to present their services in a formal interview. Items
More informationQUANTUM MATERIALS CORP. AUDIT COMMITTEE CHARTER
QUANTUM MATERIALS CORP. AUDIT COMMITTEE CHARTER Purpose The role of the Audit Committee is to oversee the accounting and financial reporting processes of the Company and the audits of the financial statements
More informationCOUPONS.COM INCORPORATED CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS
COUPONS.COM INCORPORATED CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS I. STATEMENT OF POLICY This Charter specifies the authority and scope of the responsibilities of the Audit Committee (the
More informationCompliance and Ethics at the Federal Reserve Bank of New York
Compliance and Ethics at the Federal Reserve Bank of New York Operational Risk and Internal Audit Course Marina Adams, Compliance Officer and AVP David K. Clune, Compliance and Ethics Officer Kevin White,
More informationGUIDELINE ON THE APPLICATION OF THE OUTSOURCING REQUIREMENTS UNDER THE FSA RULES IMPLEMENTING MIFID AND THE CRD IN THE UK
GUIDELINE ON THE APPLICATION OF THE OUTSOURCING REQUIREMENTS UNDER THE FSA RULES IMPLEMENTING MIFID AND THE CRD IN THE UK This Guideline does not purport to be a definitive guide, but is instead a non-exhaustive
More informationTHE GABELLI GLOBAL DEAL FUND (the Fund ) AUDIT COMMITTEE CHARTER I. ORGANIZATION AND QUALIFICATION OF COMMITTEE MEMBERS
THE GABELLI GLOBAL DEAL FUND (the Fund ) AUDIT COMMITTEE CHARTER I. ORGANIZATION AND QUALIFICATION OF COMMITTEE MEMBERS There shall be an audit committee (the Committee ) of the Board of Trustees (the
More informationNATIONAL AMERICAN UNIVERSITY HOLDINGS, INC.
NATIONAL AMERICAN UNIVERSITY HOLDINGS, INC. AUDIT COMMITTEE OF THE BOARD OF DIRECTORS CHARTER I. PURPOSE The primary function of the Audit Committee (the Committee ) of the Board of Directors (the Board
More informationFederal Bureau of Investigation s Integrity and Compliance Program
Evaluation and Inspection Division Federal Bureau of Investigation s Integrity and Compliance Program November 2011 I-2012-001 EXECUTIVE DIGEST In June 2007, the Federal Bureau of Investigation (FBI) established
More informationINTEGRATED SILICON SOLUTION, INC. CORPORATE GOVERNANCE PRINCIPLES. Effective January 9, 2015
INTEGRATED SILICON SOLUTION, INC. CORPORATE GOVERNANCE PRINCIPLES Effective January 9, 2015 These principles have been adopted by the Board of Directors (the "Board") of Integrated Silicon Solution, Inc.
More informationAny business relationship between a bank and another entity, by contract or otherwise
An Overview for Bank Directors Managing the Third Party Relationship Patrick Neuman Boardman & Clark LLP Madison, Wisconsin Any business relationship between a bank and another entity, by contract or otherwise
More informationSYNACOR, INC. AMENDED AND RESTATED AUDIT COMMITTEE CHARTER. As adopted by the Board of Directors on November 16, 2011
SYNACOR, INC. AMENDED AND RESTATED AUDIT COMMITTEE CHARTER As adopted by the Board of Directors on November 16, 2011 PURPOSE: This Charter sets forth the composition, authority and responsibilities of
More informationThird Party Security Guidelines. e-governance
for e-governance Draft DEPARTMENT OF ELECTRONICS AND INFORMATION TECHNOLOGY Ministry of Communication and Information Technology, Government of India. Document Control S/L Type of Information Document
More informationOUTSOURCING GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS, 2008
OUTSOURCING GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS, 2008 BANK OF TANZANIA PART I PRELIMINARY 1 These guidelines may be cited as the Outsourcing Guidelines for Banks and Financial Institutions,
More informationADV Part 2A Firm Brochure
ADV Part 2A Firm Brochure Alpha Asset Consulting LLC 191 University Boulevard #334 Denver, Colorado 80206 Phone: 303.321.3837 Fax: 303.484.6887 Email: info@alpha-llc.com Website: www.alpha-llc.com Brochure
More informationGAO. Government Auditing Standards: Implementation Tool
United States Government Accountability Office GAO By the Comptroller General of the United States December 2007 Government Auditing Standards: Implementation Tool Professional Requirements Tool for Use
More informationI S O I E C 2 7 0 0 2 2 0 1 3 I N F O R M A T I O N S E C U R I T Y A U D I T T O O L
15.1 ESTABLISH SECURITY AGREEMENTS WITH SUPPLIERS 15.1.1 EXPECT SUPPLIERS TO COMPLY WITH RISK MITIGATION AGREEMENTS Do you clarify the information security risks that exist whenever your suppliers have
More informationLANTHEUS HOLDINGS, INC. Foreign Corrupt Practices Act and Anti-Bribery Compliance Policy
LANTHEUS HOLDINGS, INC. Foreign Corrupt Practices Act and Anti-Bribery Compliance Policy 1. Introduction. Applicability. This Foreign Corrupt Practices Act and Anti-Bribery Compliance Policy (this Policy
More informationTHE ULTIMATE SOFTWARE GROUP, INC. AUDIT COMMITTEE OF THE BOARD OF DIRECTORS AMENDED AND RESTATED CHARTER
Adopted February 4, 2013 THE ULTIMATE SOFTWARE GROUP, INC. AUDIT COMMITTEE OF THE BOARD OF DIRECTORS AMENDED AND RESTATED CHARTER I. PURPOSE: The primary function of the Audit Committee (the Committee
More informationVendor Risk Management in the New Regulatory Environment. kpmg.com
Vendor Risk Management in the New Regulatory Environment kpmg.com Vendor Risk Management in the New Regulatory Environment 2 Vendor Risk Management in the New Regulatory Environment Background Regulators
More informationSECURITY AND EXTERNAL SERVICE PROVIDERS
SECURITY AND EXTERNAL SERVICE PROVIDERS How to ensure regulatory compliance and manage risks with Service Organization Control (SOC) Reports Jorge Rey, CISA, CISM, CGEIT Director, Information Security
More informationCUSTOMER SERVICE Operational KPIs
CUSTOMER SERVICE Operational KPIs Page 1 of 10 Table of Contents SECTION I: CUSTOMER SERVICE STAFFING, STRUCTURE AND LOCATION(S)... 3 A. ORGANIZATIONAL STRUCTURE... 3 B. STAFFING... 4 C. CALL CENTER MEMBERSHIP
More informationGENERAL MILLS, INC. AUDIT COMMITTEE CHARTER
GENERAL MILLS, INC. AUDIT COMMITTEE CHARTER Organization. The Audit Committee (the Committee ) of General Mills, Inc. (the Company ) is a standing committee of the Board of Directors. The Committee shall
More informationVENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium
1 VENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium 2 Agenda Introduction Vendor Management what is? Available Guidance Vendor Management
More informationSoftware as a Service: Guiding Principles
Software as a Service: Guiding Principles As the Office of Information Technology (OIT) works in partnership with colleges and business units across the University, its common goals are to: substantially
More informationThe Procter & Gamble Company Board of Directors Audit Committee Charter
The Procter & Gamble Company Board of Directors Audit Committee Charter I. Purposes. The Audit Committee (the Committee ) is appointed by the Board of Directors for the primary purposes of: A. Assisting
More informationFinTech Webinar Series: Vendor Management Principles
FinTech Webinar Series: Vendor Management Principles Evolving Best Practices of Bank Service Providers February 14, 2013 Speakers Russell Bruemmer Partner Eric Mogilnicki Partner Jeffrey Hydrick Special
More informationINSURANCE ACT 2008 CORPORATE GOVERNANCE CODE OF PRACTICE FOR REGULATED INSURANCE ENTITIES
SD 0880/10 INSURANCE ACT 2008 CORPORATE GOVERNANCE CODE OF PRACTICE FOR REGULATED INSURANCE ENTITIES Laid before Tynwald 16 November 2010 Coming into operation 1 October 2010 The Supervisor, after consulting
More informationProposed Principles to be addressed in APES GN 20 Outsourced Accounting Services
Proposed Principles to be addressed in APES GN 20 Outsourced Accounting Services Roles and Responsibilities The proposed Guidance Note 20 Outsourced Accounting Services (GN 20) will set out the various
More informationFERRARI N.V. AUDIT COMMITTEE CHARTER (Effective as of January 3, 2016)
FERRARI N.V. AUDIT COMMITTEE CHARTER (Effective as of January 3, 2016) For so long as shares of Ferrari N.V. (the Company ) are listed on the New York Stock Exchange ( NYSE ) and the rules of the NYSE
More informationOceaneering International, Inc. Audit Committee Charter
Oceaneering International, Inc. Audit Committee Charter Purpose The Audit Committee of the Board of Directors (the Committee ) is appointed by the Board of Directors (the Board ) to assist the Board in
More informationAudit, Business Risk and Compliance Committee Charter Pact Group Holdings Ltd (Company)
Audit, Business Risk and Compliance Committee Charter Pact Group Holdings Ltd (Company) ACN 145 989 644 Committee Charter 1 MEMBERSHIP OF THE COMMITTEE The Committee must consist of: only non-executive
More informationWhite Paper on Financial Institution Vendor Management
White Paper on Financial Institution Vendor Management Virtually every organization in the modern economy relies to some extent on third-party vendors that facilitate business operations in a wide variety
More informationBroker-Dealer and Investment Adviser Compliance Programs
Lori A. Richards Principal, PricewaterhouseCoopers Financial Services Regulatory Practice Broker-Dealer and Investment Adviser Compliance Programs Regulatory Requirements, Common Minimum Elements, Other
More informationCharter of the Compliance and Operational Risk Management Office (CORMO)
Charter of the Compliance and Operational Risk Management Office (CORMO) Compliance Risk Compliance risk is defined as the risk of legal sanctions, material financial loss, or loss to reputation the Bank
More informationNational Examination Risk Alert
National Examination Risk Alert By the Office of Compliance Inspections and Examinations 1 In this Alert: Topic: Observations related to the use of social media by registered investment advisers. Key Takeaways:
More informationNAPBS Background Verification Request for Proposal Guide
NAPBS Background Verification Request for Proposal Guide A Guide for Organizations to submit a Request for Proposal for Background Screening This Guide was developed for employers and other organizations,
More informationHow To Set Up A Committee To Check On Cit
CIT Group Inc. Charter of the Audit Committee of the Board of Directors Adopted: October 22, 2003 Last Amended: April 20, 2015 I. PURPOSE The purpose of the Committee is to assist the Board in fulfilling
More informationCHUGACH ELECTRIC ASSOCIATION, INC. Anchorage, Alaska REGULAR BOARD OF DIRECTORS MEETING AGENDA ITEM SUMMARY. July 23, 2009
CHUGACH ELECTRIC ASSOCIATION, INC. Anchorage, Alaska REGULAR BOARD OF DIRECTORS MEETING AGENDA ITEM SUMMARY July 23, 2009 ACTION REQUIRED AGENDA ITEM NO. XI.A. X Information Only Motion Resolution Executive
More informationMAGELLAN HEALTH SERVICES ORGANIZATION SITE - SITE REVIEW PACKET 2011. Behavioral Health Intervention Services (BHIS) ONLY
MAGELLAN HEALTH SERVICES ORGANIZATION SITE - SITE REVIEW PACKET 2011 Behavioral Health Intervention Services (BHIS) ONLY Proprietary: Magellan Health Services policies apply to all subsidiaries,including
More informationTABLE OF CONTENTS. University of Northern Colorado
TABLE OF CONTENTS University of Northern Colorado HIPAA Policies and Procedures Page # Development and Maintenance of HIPAA Policies and Procedures... 1 Procedures for Updating HIPAA Policies and Procedures...
More informationPASSUR AEROSPACE, INC (the "Company") AUDIT COMMITTEE CHARTER. The purpose of the Audit Committee (the Committee ) shall be as follows:
Purpose PASSUR AEROSPACE, INC (the "Company") AUDIT COMMITTEE CHARTER The purpose of the Audit Committee (the Committee ) shall be as follows: 11. To oversee the accounting and financial reporting processes
More informationCODE OF ETHICS FOR FINANCIAL PROFESSIONALS
CODE OF ETHICS FOR FINANCIAL PROFESSIONALS OWNER: Citi CFO CONTACT(S): CITI FINANCE ISSUE DATE: DECEMBER 24, 2004 REVISED DATE: APRIL 2014 Table of Contents 1 OVERVIEW 1 2 DIRECTIVE STATEMENT 2 3 DIRECTIVE
More informationSALESFORCE.COM, INC. CHARTER OF THE AUDIT AND FINANCE COMMITTEE OF THE BOARD OF DIRECTORS. (Revised September 11, 2012)
I. STATEMENT OF POLICY SALESFORCE.COM, INC. CHARTER OF THE AUDIT AND FINANCE COMMITTEE OF THE BOARD OF DIRECTORS (Revised September 11, 2012) This Charter specifies the scope of the responsibilities of
More information¼ããÀ ããè¾ã ¹ãÆãä ã¼ãîãä ã ããõà ãäìããä ã½ã¾ã ºããñ Ã
CIRCULAR CIR/MIRSD/24/2011 December 15, 2011 All intermediaries registered with SEBI Merchant Bankers/Registrars to An issue and Share Transfer Agents/Debenture Trustees/Bankers to An Issue/Underwriters/Credit
More informationNCUA LETTER TO CREDIT UNIONS
NCUA LETTER TO CREDIT UNIONS NATIONAL CREDIT UNION ADMINISTRATION 1775 Duke Street, Alexandria, VA DATE: July 2002 LETTER NO.: 02-CU-13 TO: Federally Insured Credit Unions SUBJ: Vendor Information Systems
More informationSPOTLIGHT ON. Advisors Recordkeeping Obligations
SPOTLIGHT ON Advisors Recordkeeping Obligations The contents of this Spotlight have been prepared for informational purposes only, and should not be construed as legal or compliance advice. Advisors have
More informationISMS Implementation Guide
atsec information security corporation 9130 Jollyville Road, Suite 260 Austin, TX 78759 Tel: 512-615-7300 Fax: 512-615-7301 www.atsec.com ISMS Implementation Guide atsec information security ISMS Implementation
More informationTOOLBOX. ABA Financial Privacy
ABA Financial Privacy TOOLBOX This tool will help ensure that privacy remains a core value in all corners of your institution. The success of your privacy program depends upon your board s and your management
More informationAre your business partners watching your back when you are watching your front?
Are your business partners watching your back when you are watching your front? Danny Shaw SE Practice Leader IT Risk Advisory Services Experis Thursday, October 4, 2012 1 Objectives: Organizations frequently
More informationOCC 98-3 OCC BULLETIN
To: Chief Executive Officers and Chief Information Officers of all National Banks, General Managers of Federal Branches and Agencies, Deputy Comptrollers, Department and Division Heads, and Examining Personnel
More informationNOTICE ON OUTSOURCING
CONSULTATION PAPER P018-2014 SEPTEMBER 2014 NOTICE ON OUTSOURCING PREFACE 1 MAS first issued the Guidelines on Outsourcing in 2004 1 ( Guidelines ) to promote sound risk management practices for the outsourcing
More informationInformation Systems and Technology
As public servants, it is our responsibility to use taxpayers dollars in the most effective and efficient way possible while adhering to laws and regulations governing those processes. There are many reasons
More informationFINRA Regulation of Broker-Dealer Due Diligence in Regulation D Offerings
FINRA Regulation of Broker-Dealer Due Diligence in Regulation D Offerings EDWARD G. ROSENBLATT, MCGUIREWOODS LLP, WITH PRACTICAL LAW CORPORATE & SECURITIES This Note discusses broker-dealers' affirmative
More informationFIRST CITIZENS BANCSHARES, INC. FIRST-CITIZENS BANK & TRUST COMPANY CHARTER OF THE JOINT AUDIT COMMITTEE
FIRST CITIZENS BANCSHARES, INC. FIRST-CITIZENS BANK & TRUST COMPANY CHARTER OF THE JOINT AUDIT COMMITTEE As amended, restated, and approved by the Boards of Directors on July 28, 2015 This Charter sets
More informationBENCHMARK ELECTRONICS, INC. Corporate Governance Guidelines for the Board of Directors (As amended May 7, 2014)
BENCHMARK ELECTRONICS, INC. Corporate Governance Guidelines for the Board of Directors (As amended May 7, 2014) INTRODUCTION The Board of Directors (the Board ) of Benchmark Electronics, Inc. (the Company
More informationFINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information
FINAL May 2005 Guideline on Security Systems for Safeguarding Customer Information Table of Contents 1 Introduction 1 1.1 Purpose of Guideline 1 2 Definitions 2 3 Internal Controls and Procedures 2 3.1
More informationManaging General Agents (MGAs) Guideline
Managing General Agents (MGAs) Guideline JUNE 2013 DRAFT FOR COMMENT BC AUTHORIZED LIFE INSURERS www.fic.gov.bc.ca PURPOSE This draft guideline outlines best practices that the Financial Institutions Commission
More informationADDENDUM #1 REQUEST FOR PROPOSALS 2015-151
ADDENDUM #1 REQUEST FOR PROPOSALS 2015-151 HIPAA/HITECH/OMNIBUS Act Compliance Consulting Services TO: FROM: CLOSING DATE: SUBJECT: All Potential Responders Angie Williams, RFP Coordinator September 24,
More informationSEATTLE GENETICS, INC. Charter of the Audit Committee of the Board of Directors
SEATTLE GENETICS, INC. Charter of the Audit Committee of the Board of Directors Purpose The purpose of the Audit Committee established by this charter will be to make such examinations as are necessary
More informationRequest for Quotation (RFQ) Property/Casualty Insurance
SECTION A GENERAL INFORMATION 1. Purpose Mesa County Public Library District (MCPLD) requests written quotations for coverages to be effective January 1, 2016. The selected firm will act as advisor, consultant
More informationBoard Charter. HCF Life Insurance Company Pty Ltd (ACN 001 831 250) (the Company )
Board Charter HCF Life Insurance Company Pty Ltd (ACN 001 831 250) (the Company ) Board approval date: 27 October 2015 Contents 1. Introduction and Purpose of this Charter...1 2. Role of the Board...1
More informationMEMORANDUM. 2015 Risk Assessment, 2015 Audit Plan, and 2014 Audit Plan
ORANGE COUNTY EMPLOYEES RETIREMENT SYSTEM MEMORANDUM DATE: January 21, 2015 TO: FROM: SUBJECT: s of the Audit Committee David James, Director of Internal Audit 2015 Risk Assessment, 2015 Audit Plan, and
More informationOECD GUIDELINES FOR PENSION FUND GOVERNANCE
OECD GUIDELINES FOR PENSION FUND GOVERNANCE These Guidelines were approved by the Working Party on Private Pensions on 5 June 2009. OECD GUIDELINES FOR PENSION FUND GOVERNANCE 1 I. GOVERNANCE STRUCTURE
More informationW. R. GRACE & CO. AUDIT COMMITTEE CHARTER
W. R. GRACE & CO. AUDIT COMMITTEE CHARTER I. Purpose. The purpose of the Audit Committee is to assist the Board of Directors in overseeing (1) the integrity of the Company s financial statements, (2) the
More informationCHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS OF INTERCONTINENTAL EXCHANGE, INC.
CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS OF INTERCONTINENTAL EXCHANGE, INC. I. PURPOSE The Audit Committee (the Committee ) of the Board of Directors (the Board ) of Intercontinental Exchange,
More informationQuestions to Ask Yourself
Preparing for an SEC Exam Questions to Ask Yourself General 1. Have we appointed someone to serve as the primary contact with the SEC staff (often this is performed by the CCO)? 2. Is senior management
More informationUnderstanding Vendor Risk And Analyzing the SSAE No. 16
Understanding Vendor Risk And Analyzing the SSAE No. 16 Accelerate your Credit Union s Performance June 19, 2014 AUSTIN, TEXAS www.cuaccelerator.com Agenda Vendor Management Key Outsourcing Risk Areas
More informationSunTrust Banks, Inc. Audit Committee of the Board of Directors Charter
SunTrust Banks, Inc. Audit Committee of the Board of Directors Charter PURPOSE The Audit Committee (the Committee ) is appointed by the Board of Directors (the Board ) of SunTrust Banks, Inc. (the Company
More informationThe Kroger Co. Board of Directors. Guidelines on Issues of Corporate Governance. (Rev. 5/11/15)
The Kroger Co. Board of Directors Guidelines on Issues of Corporate Governance (Rev. 5/11/15) THE KROGER CO. BOARD OF DIRECTORS GUIDELINES ON ISSUES OF CORPORATE GOVERNANCE The Kroger Co. Board of Directors
More informationSears Hometown and Outlet Stores, Inc. Audit Committee of the Board of Directors Charter
Sears Hometown and Outlet Stores, Inc. Audit Committee of the Board of Directors Charter Purpose The Audit Committee is appointed by the Board of Directors (the Board ) of Sears Hometown and Outlet Stores,
More informationCHARTER FOR THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS OF INTUITIVE SURGICAL, INC. Approved by the Board of Directors on February 9, 2007
CHARTER FOR THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS OF INTUITIVE SURGICAL, INC. Approved by the Board of Directors on February 9, 2007 I. Purpose The Audit Committee (the Committee ) of Intuitive
More informationOFFICE OF AUDITS & ADVISORY SERVICES SUNGARD TREASURY MANAGEMENT SYSTEM CONTRACT COMPLIANCE FINAL AUDIT REPORT
County of San Diego Auditor and Controller OFFICE OF AUDITS & ADVISORY SERVICES SUNGARD TREASURY MANAGEMENT SYSTEM CONTRACT COMPLIANCE FINAL AUDIT REPORT Chief of Audits: Juan R. Perez Senior Audit Manager:
More informationWebsite Development Agreements/Licensing of Website Content
Website Development Agreements/Licensing of Website Content By Helen H. Richardson Counsel, Zane Management, Inc. One Liberty Place (21 st Flr.) 1650 Market St. Philadelphia, PA 19103 (215)601-0833 Hhrlegal@aol.com
More informationAUDIT COMMITTEE CHARTER of the Audit Committee of SPANISH BROADCASTING SYSTEM, INC.
AUDIT COMMITTEE CHARTER of the Audit Committee of SPANISH BROADCASTING SYSTEM, INC. This Audit Committee Charter has been adopted by the Board of Directors (the Board ) of Spanish Broadcasting System,
More information