Presentation is loading. Please wait.

Presentation is loading. Please wait.

Risk Management Software Solutions Encierro Solutions.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Risk Management Software Solutions Encierro Solutions."— Presentation transcript:

1 Risk Management Software Solutions Encierro Solutions

2 2 Challenge  Bank operations pose the greatest risk to bank failure and is the subject of increasing regulation  The challenge to a bank is to provide comprehensive, integrated, easy to use tools to department managers to capture their knowledge and enlist their support for improving the safety and soundness of operations  Goal is to move an organization’s approach from compliance to operations risk management

3 3 Maturity Model  Where is your organization on the maturity spectrum?  Where do you want your organization to be?  How can IT lead the way, involve others, without bearing all the responsibility and cost?

4 4 Maturity Categories  Level 1: Ad-hoc process, disjointed, no management of data, task force oriented, done before regulators arrive, annually, only done to comply, no special software  Level 2: Ad-hoc process, defined roles, disparate electronic documents, reviewed by management, annually, only done to comply  Level 3: Process is understood, roles are defined, documentation is distributed across the organization, need to improve efficiency is recognized, still only done to comply  Level 4: Process is understood and efficiency is a central focus, data management is critical, roles are honed, management regularly reviews analysis and reports (at least quarterly), operations risk responsibilities are understood by each department manager  Level 5: Organization uses an integrated approach to managing the many regulations, capturing data once, analyzing once, leveraging multiple times, in a distributed use, centrally managed system. The system is a useful tool to each department manager. Management views risk management reports weekly. New regulations do not pose major burden.

5 5 FFIEC IT Handbooks   How do you plan to comply with all these guidelines? How can you leverage them for operational efficiency and soundness? How do you deal with so many overlapping topics? – –AuditAudit – –ManagementManagement – –Business Continuity PlanningBusiness Continuity Planning – –OperationsOperations – –Development and AcquisitionDevelopment and Acquisition – –Outsourcing Technology ServicesOutsourcing Technology Services – –E-BankingE-Banking – –Retail Payment SystemsRetail Payment Systems – –FedLineFedLine – –Supervision of Technology Service ProvidersSupervision of Technology Service Providers – –Information SecurityInformation Security – –Wholesale Payment SystemsWholesale Payment Systems

6 6Matador Third Parties Information Systems Business Processes / Functions Key Entities Management Integrity Confidentiaiity Availability Threats Controls Risk … Key Topics Bus Cont Planning Info Sec Risk Mgmt FFIEC Guidelines Supervision of Tech Serv Provider Operations ………

7 7 Topic: Availability Summary Most Detail Information Security RM Business Continuity Planning E-banking, Wholesale Payment Technology Service Providers Think it through once, document it once, use it many times

8 8 Topic: Controls Information Security RM Business Continuity Planning Human and Process Tasks 60% 20% Analysis and documentation effort

9 9 Matador’s Information System Information Systems – power Business Functions ( Criticality, Sensitivity, Risk, Mitigation ) ( Info Sec RM, Bus Cont Plan, Internal Controls, … ) Software Hardware Service Providers Physical Records Facilities Threats, Vulnerabilities, Controls, Probability, Impact, Risk, Mitigation

10 10 Matador Product Architecture Information Security Risk Management Third Party Risk Management Business Continuity Risk Management Internal Controls Risk Management

11 11 Focus by module Business Process Business Sub-Process(es) Business Function Business Sub-Function(s) Business Tasks Business Continuity Information Security Internal Controls

12 12 Matador  Matador helps banks achieve Level 5 efficiencies by focusing on three key entities –Information Systems –Business Process / Business Functions / Business Tasks –Third Parties  In the process of evaluating these, topics such as Information Security, Management, Operations, Fedline, etc. are considered, minimizing the effort, maximizing the results, moving the organization from compliance to operations risk management

13 13 Backup

14 14 Matador’s Business Process Hierarchy Business Processes – inter-departmental activities ( Bus Cont Plan, Internal Controls ) Business Function – intra-departmental activities ( Bus Cont Plan, Internal Controls, Info Sec Risk Mgmt ) Business Task – intra-departmental activities ( Internal Controls )

15 15 Who are We?  Encierro is an Operations Risk Management software company for banks  Encierro offers software modules for –Information Security Risk Management –Third Party Risk Management –Business Continuity Planning –Internal Controls Risk Management

16 16 What We Do  Encierro Solutions provides software and services appropriate for banks of various sizes –For small banks  Pre-scripted policies, procedures, and risk analysis for common bank assets  Cost effective approach  Easy to use –For mid-sized banks  Scalable, comprehensive, flexible system  Enterprise wide  Easy to use  Highly efficient and cost-effective

17 17 Our Software – The Matador System  A formal risk management system that enables banks to: –Create risk assessment and risk mitigation plans utilizing pre-scripted policy and Information Security analysis of commonly found bank entities  Information Systems  Software/Hardware  Facilities/Physical Records  Service Providers –Implement a risk management program that is integrated into a bank’s operations –Meet the demanding requirements of the regulators, management, and customers –Demonstrate a MERIT worthy risk management system

18 18 MERIT FIL-13-2004 February 4, 2004 MAXIMUM EFFICIENCY, RISK-FOCUSED, INSTITUTION TARGETED (MERIT) EXAMINATIONS TO: CHIEF EXECUTIVE OFFICER TO: CHIEF EXECUTIVE OFFICER SUBJECT: Expanded Use of FDIC's Streamlined Examination Program Called "MERIT" - Maximum Efficiency, Risk-Focused, Institution Targeted Examinations The Federal Deposit Insurance Corporation (FDIC) has expanded the use of its streamlined examination program begun in April 2002. The "MERIT" program - for Maximum Efficiency, Risk- Focused, Institution Targeted Examinations - applied to banks that met basic eligibility criteria, which included having total assets of $250 million or less and satisfactory regulatory ratings. Under the expanded MERIT program, well-rated banks with total assets of $1 billion or less will now be eligible. The Federal Deposit Insurance Corporation (FDIC) has expanded the use of its streamlined examination program begun in April 2002. The "MERIT" program - for Maximum Efficiency, Risk- Focused, Institution Targeted Examinations - applied to banks that met basic eligibility criteria, which included having total assets of $250 million or less and satisfactory regulatory ratings. Under the expanded MERIT program, well-rated banks with total assets of $1 billion or less will now be eligible. MERIT Examination Procedures During a MERIT examination, the examiners will use procedures that focus on determining the adequacy of an insured depository institution's internal control systems, and that focus on reviewing the internal and external audit programs. Examiners will devote significant attention to an overall assessment of the institution's risk-management processes. They will review an institution's lower-risk activities primarily through discussions with management and by monitoring the activities through various off-site analytical programs.

19 19 Why a Formal Risk Management System?  Regulators are placing a greater emphasis on a formal, comprehensive operations risk management program –The ability to manage and the ability to demonstrate easily how to manage ongoing operational risk is more important than annual risk assessment results –Regulations require program to be comprehensive, continuous, integrated, collaborative, involved, timely, historical, testable, and repeatable  Proof of a formal system assures those who are ultimately responsible, the Board and Senior Management, that a safe and sound system is operational in the bank  Proof of a formal system reduces a bank’s legal and compliance liability if a threat is successful

20 20 Why the Matador System?  It provides pre-scripted analysis of typical bank Information Assets that can be easily customized by department managers –Easy to use –Saves time –Cost effective  It is the only tool on the market that enables banks to implement a formal risk management program that is integrated into a bank’s operations  It is the only tool that addresses all Information Security areas: –IT, facilities, records, information systems, and third party service providers  It is has been discussed with banking regulatory agencies

21 21 Matador Meets the Regulatory Requirements of a Formal System  The Matador system is: –Comprehensive – covers the full spectrum of information security issues –Continuous – respond to new threats quickly –Integrated – part of the decision making process –Collaborative – involves all departments –Involved – requires critical thinking –Timely – responds effectively to events –Historical – shows trends, enables drilling –Testable – works in real world situations –Repeatable – procedure that can be followed by all  Matador system provides assurance –Provides confidence and knowledge that the bank is implementing best practices to protect bank and customer data and information systems

22 22  A web-based, relational database driven software system  Leads the bank through the risk management process –Step 1. Information Security Risk Management Program definition –Step 2. Information Asset / Entity definition –Step 3. Personnel Assignments –Step 4. Risk Assessment –Step 5. Risk Mitigation Planning –Step 6. Reporting  Is available with additional modules for –Third Party Risk Management –Business Continuity Features of the Matador System

23 23 Customer Comments: Enterprise Bank & Trust “Encierro’s Matador system for Information Security Risk Management has enabled us to implement a well-thought out approach in a formal way with a flexible software system that can grow and change as our bank grows. Providing us an end-to-end solution, covering the information security concerns from the development of an Information Security program, to the risk management of software, hardware, physical records, service providers, facilities and information systems, the Matador system enables us to get the departmental managers across the company involved in managing risk, while enabling us to meet the regulatory compliance needs of the bank. Having a system that is a true management tool, above and beyond a way to be compliant, is important for the bank to operate in a safe and sound manner.” Steve Irish, CIO and Executive VP for Enterprise Bank. EBTC is a community bank headquartered in Lowell, MA with approximately $800M in assets.

24 24 Contact Us For more information view:  Our corporate website at: –www.encierro.biz www.encierro.biz  Matador information at: –http://www.encierro.biz/infosecurity/matadorannounce.doc http://www.encierro.biz/infosecurity/matadorannounce.doc –http://www.encierro.biz/infosecurity/matadordescription.doc http://www.encierro.biz/infosecurity/matadordescription.doc  Information Security related documents at: –http://www.encierro.biz/infosecurity/formalapproach.doc http://www.encierro.biz/infosecurity/formalapproach.doc  Or email us at: –encierrosolutions@yahoo.com encierrosolutions@yahoo.com

Download ppt "Risk Management Software Solutions Encierro Solutions."

Similar presentations

1 K P M G L L P A D V I S O R Y Changes in the IT Audit Profession Stephen G. Hasty, Jr. National Partner in Charge IT Advisory Savannah, GA January 4,

1 K P M G L L P A D V I S O R Y Changes in the IT Audit Profession Stephen G. Hasty, Jr. National Partner in Charge IT Advisory Savannah, GA January 4,
Regulatory Track FFIEC Central Data Repository: Adding Value to the Data Supply Chain Alan Deaton, Federal Deposit Insurance Corporation June 25, 2009.

Regulatory Track FFIEC Central Data Repository: Adding Value to the Data Supply Chain Alan Deaton, Federal Deposit Insurance Corporation June 25, 2009.
S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,

S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,
A Brief Overview of Emergency Management Office of Emergency Management April 2006 Prepared By: The Spartanburg County Office of Emergency Management.

A Brief Overview of Emergency Management Office of Emergency Management April 2006 Prepared By: The Spartanburg County Office of Emergency Management.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.
It’s Time to Talk About Risk and Control

It’s Time to Talk About Risk and Control
Auditing Corporate Information Security John R. Robles Tuesday, November 1, 2005 Tel: 787-647-396.

Auditing Corporate Information Security John R. Robles Tuesday, November 1, Tel:
AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.

AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.
Security Controls – What Works

Security Controls – What Works
DELATUSH SYSTEMS, INC. Presents MB SECURE NETWORK MONITORING AND MANAGEMENT.

DELATUSH SYSTEMS, INC. Presents MB SECURE NETWORK MONITORING AND MANAGEMENT.
Www.lumension.com © Copyright 2008 - Lumension Security Lumension Security PatchLink Enterprise Reporting™ 6.4 Overview and What’s New.

© Copyright Lumension Security Lumension Security PatchLink Enterprise Reporting™ 6.4 Overview and What’s New.
Viewpoint Consulting – Committed to your success.

Viewpoint Consulting – Committed to your success.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
PwC Role of Internal Audit in Corporate Governance September 2010 Tumin Gültekin, Partner.

PwC Role of Internal Audit in Corporate Governance September 2010 Tumin Gültekin, Partner.
University of California New Business Architecture Project 2010 Jan00 meeting notes.doc April 15, 2004 Accelerating the New Business Architecture UC Employment.

University of California New Business Architecture Project 2010 Jan00 meeting notes.doc April 15, 2004 Accelerating the New Business Architecture UC Employment.
NAIC Review of ERM & Internal Controls David Altmaier Florida Office of Insurance Regulation.

NAIC Review of ERM & Internal Controls David Altmaier Florida Office of Insurance Regulation.
Risk Assessment Frameworks

Risk Assessment Frameworks
CRM Ahmed Khadr February 14, 2002 OISM 470 W. Agenda The CRM hype! What is CRM? A Definitive Definition The Five Views of CRM A CRM Brainstorm Let’s Talk.

CRM Ahmed Khadr February 14, 2002 OISM 470 W. Agenda The CRM hype! What is CRM? A Definitive Definition The Five Views of CRM A CRM Brainstorm Let’s Talk.
CORPORATE RISK MANAGEMENT & INSURANCE BY R P BLAH D.G.M. INCHARGE THE ORIENTAL INSURANCE COMPANY LIMITED REGIONAL OFFICE BHUBANESWAR.

CORPORATE RISK MANAGEMENT & INSURANCE BY R P BLAH D.G.M. INCHARGE THE ORIENTAL INSURANCE COMPANY LIMITED REGIONAL OFFICE BHUBANESWAR.
Systemise your compliance management Peter Scott Consulting www.peterscottconsult.co.uk.

Systemise your compliance management Peter Scott Consulting

Similar presentations

Ads by Google