• What Are Vendor Risk Reviews? - A vendor risk review (a.k.a risk assessment) helps you understand the risks that exist when using a vendor’s product or service. Performing a risk review is especially critical when the vendor will be handling a core business function, will have access to customer data, or will be interacting with your customers. Vendor risk reviews are...
    Read More
  • Starting A Vendor Management Office - 4 Steps to Getting Started with a VMO Starting a Vendor Management Office (VMO) within a company can be quite challenging. The key is to determine the breadth and depth of services that the VMO will provide the company. With any successful implementation you need a project plan that defines the vision and mission of...
    Read More
  • Don’t Confuse a Control Risk Assessment with Enterprise Risk Assessment - Don’t Confuse a Control Risk Assessment with an Enterprise Risk Assessment In managing the internal audit function, the institution’s Audit Committee is responsible for commissioning a Control (or “Auditor’s”) Risk Assessment, developing audit plans and the overseeing the execution of the audit program. A Control Risk Assessment documents the internal auditor’s or outsourced audit service provider’s...
    Read More
  • Risk Rating Impact - Example: Impact Rating System Rating 1 – Fully Controlled: Factors such as cost, time, delivery, quality and security are virtually not affected. Little or no exposure to dollar losses, compliance issues, customer complaints, capital decay, insufficient liquidity or reputational damage. Value-at-Risk (VaR) is slight and well within the bank’s stated risk appetite. Risk events will not...
    Read More
  • Risk Rating Probability - Example: Probability Rating System Rating 1 – Optimal: Threats and vulnerabilities have been identified and control processes are aligned with strategic plans, cost-benefit analyses and corporate governance objectives. Fully leveraged technologies, personnel and processes minimize the probability of an adverse event or condition and operational, compliance, financial and reporting objectives are always met. The likelihood of...
    Read More
  • Audit Scope and Frequency - Audit Scope and Frequency Typically, the schedule of audit is cyclical. In reviewing the annual plan, the auditor should determine the appropriateness of the institution’s audit cycle. Audit planning and scheduling is also based upon the outcomes of risk assessments performed at least once annually on the listed Subjects. Generally, when residual risk is equal...
    Read More
  • Risk Narratives - Risk Narratives are expected from regulators and examiners.  They are the “show me” vs “tell me” aspect of how your FI came to reach ints understadning of risk in a particular area.  Its critical to ensure that this narrative is socialized from Board to Baseline Staff.  In essence, How did we reach this conclusion and...
    Read More
  • Risk Management System - Risk Management Systems: Risk Management Systems[1] should accomplish the following:   Identify Risk – To properly identify risks, the Board and management must recognize and understand existing risks or risks that may arise from new business initiatives. Risk identification should be a continuing process, and risks should be understood at the transaction (or individual) level...
    Read More
  • Silos of Risk - Silos of Risk Compliance (Legal) Risk. Compliance risk is the current and prospective risk to earnings or capital arising from violations of, or nonconformance with, laws, rules, regulations, prescribed practices, internal policies and procedures or ethical standards. Compliance risk also arises in situations where the laws or rules governing certain bank products or activities of...
    Read More
  • Common Risk Terms - Risk Universe: The full range of risks which could impact, either positively or negatively, on the bank’s capabilities. Risk Capacity: The amount and type of risk the bank is able to support in pursuit of its business objectives. Risk Target: The optimal level of risk the bank wants to take in pursuit of a specific...
    Read More