Presentation is loading. Please wait.

Presentation is loading. Please wait.

Ongoing Monitoring Programs. Contents Monitoring Program Basics Monitoring Program Mechanics.

Published byBaldric Griffin Modified over 8 years ago

Similar presentations

Presentation on theme: "Ongoing Monitoring Programs. Contents Monitoring Program Basics Monitoring Program Mechanics."— Presentation transcript:

1 Ongoing Monitoring Programs

2 Contents Monitoring Program Basics Monitoring Program Mechanics

3 Monitoring Program Basics Key component of Vendor Resilience program: o This is the set of compensating controls that support a firm’s policy o Each firm’s program will be unique for its needs o It will be one of the areas that will be reviewed by auditors and regulators regularly o Needs to be consistently applied for all third-parties across the firm using a repeatable process o The firm will need to retain documentation to support the monitoring program which are also going to be reviewed by auditors and regulators as part of their controls reviews.

4 Monitoring Program Mechanics Each firm will need to look at their Vendor Portfolio as well as the risk groups that would be involved in reviews in order to develop their monitoring program o No two firms will have the same program but they do share common components o Risk groups can include BCP/DR, Insurance, Credit, Information Security, Technology Operations, etc. Program design will need to factor in the needs of the risk groups in order to create a repeatable assessment process. o Ideally, the program should leverage the work and artifacts collected in the initial third-party assessment that were performed as part of onboarding. Spend the time to walk through the process with test cases and adjust accordingly before rolling it out.

5 Monitoring Program Mechanics A key component that drives how a third party is monitored is their aggregate risk to the firm o Please refer to the Third Party Risk Categorization document under the due diligence folder for more information on Risk Assessment o Critical/Important third-parties should be reviewed annually, with the remaining third-parties at least bi-annually As part of the monitoring program, the aggregate risk should be re-evaluated to ensure that any changes in the firm’s relationship with each third-party are reflected in their rating o If services were added or dropped, the value of a contract has changed, etc.

6 Monitoring Program Mechanics If a firm is completely new to this or aren’t sure what to do, find a like firm who has a program and see if they’ll consider doing a best practices information sharing session. o There are also specialized consultants in this area that you can contract with An automated workflow/rules based process is recommended to standardize the reviews o Can be done internally using tools such as SharePoint, Lotus NOTES or can be externally hosted with a number of vendors in this space. Putting this process in place will require the investment of people’s time and should be treated as a full project with a plan, deliverables and a project manager.

7 Monitoring Program Mechanics The program should be evaluated on an annual basis to ensure that it meets the needs of the firm and adjust accordingly An administrative function will be needed to oversee the execution of the program to ensure things don’t fall through the cracks. Many firms use their Vendor Management Offices for this Reporting and risk identification/remediation tracking is key! Firms need to spend a lot of time in this area.

Download ppt "Ongoing Monitoring Programs. Contents Monitoring Program Basics Monitoring Program Mechanics."

Similar presentations

Staff Council Presentation You and Your PSD “Position Source Document” Human Resources Eduardo Salaz Associate Vice President and Chief Human Resources.

Staff Council Presentation You and Your PSD “Position Source Document” Human Resources Eduardo Salaz Associate Vice President and Chief Human Resources.
Web Portal Governance Roles and Responsibilities.

Web Portal Governance Roles and Responsibilities.
QUALITY ASSURANCE AND IMPROVEMENT PROGRAM (QAIP)

QUALITY ASSURANCE AND IMPROVEMENT PROGRAM (QAIP)
U.Va.’s IT Security Risk Management Program (ITS-RM) April 2004 LSP Conference Brian Davis OIT, Security and Policy.

U.Va.’s IT Security Risk Management Program (ITS-RM) April 2004 LSP Conference Brian Davis OIT, Security and Policy.
Welcome! Internal Auditing CHAPTER 1. Definition Internal auditing is an independent, objective, assurance and consulting activity designed to add value.

Welcome! Internal Auditing CHAPTER 1. Definition Internal auditing is an independent, objective, assurance and consulting activity designed to add value.
Performing a Fiduciary Review of Trust Administration FIRMA April 2009 Independent Fiduciary Services ® Independent Fiduciary Services, Inc.  805 15 th.

Performing a Fiduciary Review of Trust Administration FIRMA April 2009 Independent Fiduciary Services ® Independent Fiduciary Services, Inc.  th.
Security Controls – What Works

Security Controls – What Works
Developing a Records & Information Retention & Disposition Program:

Developing a Records & Information Retention & Disposition Program:
IT Strategic Planning Project – Hamilton Campus FY2005.

IT Strategic Planning Project – Hamilton Campus FY2005.
Coordinating Center Overview November 18, 2010 SPECIAL DIABETES PROGRAM FOR INDIANS Healthy Heart Project Initiative: Year 1 Meeting 1.

Coordinating Center Overview November 18, 2010 SPECIAL DIABETES PROGRAM FOR INDIANS Healthy Heart Project Initiative: Year 1 Meeting 1.
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
Quality evaluation and improvement for Internal Audit

Quality evaluation and improvement for Internal Audit
Internal Control and Internal Audit

Internal Control and Internal Audit
3rd Party Risk Categorization Process

3rd Party Risk Categorization Process
© 2012 McGladrey LLP. All Rights Reserved.© 2014 McGladrey LLP. All Rights Reserved. © 2012 McGladrey LLP. All Rights Reserved. © 2013 McGladrey LLP. All.

© 2012 McGladrey LLP. All Rights Reserved.© 2014 McGladrey LLP. All Rights Reserved. © 2012 McGladrey LLP. All Rights Reserved. © 2013 McGladrey LLP. All.
Copyright © 2014 Lender Performance Group, LLC. All rights reserved. Managing risks associated with third-party relationships, in other words Vendor Management.

Copyright © 2014 Lender Performance Group, LLC. All rights reserved. Managing risks associated with third-party relationships, in other words Vendor Management.
Outsourcing Policy & Procedures An Overview for Staff Prepared by MSM Compliance Services Pty Ltd.

Outsourcing Policy & Procedures An Overview for Staff Prepared by MSM Compliance Services Pty Ltd.
Effort Reporting: A Departmental Approach to Meeting Audit Requirements Dianne Valdez, MBA, CIA, CISA, CCSA Enrique Valdez Jr., MBA.

Effort Reporting: A Departmental Approach to Meeting Audit Requirements Dianne Valdez, MBA, CIA, CISA, CCSA Enrique Valdez Jr., MBA.
E XAMINATION AND E NFORCEMENT I SSUES : B EYOND T HE P ILLARS The AMLA Third Annual Full Day BSA/AML Conference October 4, 2013 Presented by: John M. Geiringer.

E XAMINATION AND E NFORCEMENT I SSUES : B EYOND T HE P ILLARS The AMLA Third Annual Full Day BSA/AML Conference October 4, 2013 Presented by: John M. Geiringer.
Chapter 11.  The board is ultimately responsible for risk management  Oversee strategic risks, operational risks, and financial risks  Many federal.

Chapter 11.  The board is ultimately responsible for risk management  Oversee strategic risks, operational risks, and financial risks  Many federal.

Similar presentations

Ads by Google