Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Business Continuity and Compliance Working Together Kristy Justice, AVP WaMu Card Services 08/19/2008.

Published byAmy Barton Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Business Continuity and Compliance Working Together Kristy Justice, AVP WaMu Card Services 08/19/2008."— Presentation transcript:

1 1 Business Continuity and Compliance Working Together Kristy Justice, AVP WaMu Card Services 08/19/2008

2 2 Business Continuity and Compliance: Working Together Agenda Business Continuity Compliance: Looking at SOX and Basel II Cobit 4.0 Framework Working Together

3 3 Business Continuity

4 4 What is Business Continuity Planning? Business Continuity establishes the basis for financial institutions to recover and resume business processes when operations have been disrupted unexpectedly. Business Operations Technology Testing Communication Strategies

5 5 Business Continuity Why is it Important? Financial institutions play a critical role in the overall economy. The assurance that disruptions in services are minimized will foster confidence in the overall financial system and trust from the public. Additionally, Business Continuity Planning allows financial institutions to be prepared for the unexpected, and allow them to minimize potential financial losses, while continuing to service customers and financial markets.

6 6 Business Continuity Business Continuity process comprises of four steps: Business Impact Analysis Risk Assessment Risk Management Risk Monitoring and Testing

7 7 Business Continuity The first step of Business Continuity ( BIA) is: Identify and prioritize all business processes or functions Identify the potential impact of the business disruption Identify Legal and Regulatory requirements, if any

8 8 Business Continuity Step two Risk Assessment looks at: Evaluating the Business Impact (from step 1) Analyzing threats based upon the impact to the institution Prioritizing potential disruptions Performing a Gap Analysis

9 9 Business Continuity Risk Management, the third step, focuses on: Development, Implementation, and Maintenance of a BCP Plan. This includes the consideration of:  BIA and Risk Assessment from previous steps  Written and specific to conditions to implement and steps to take during implementation  Proper Management of the plan, if supported by third party  Focused on the impact of various threats  Effectiveness in minimizing service disruptions

10 10 Business Continuity The forth step, Risk monitoring and testing, ensures the viability of the BCP through: Incorporation of BIA and Risk Assessment into testing Roles and responsibilities assignment for implementation of testing Completion of BCP tests Evaluation and assessment of the test program and results Revision of the BCP plan, if necessary

11 11 Compliance: Looking at SOX and Basel II

12 12 Compliance: SOX and Basel II What is SOX? Drafted by Senator Paul Sarbanes and Congressman Michael Oxley, the Sarbanes Oxley Act was signed into law on July 30, 2002 by President Bush. It was enacted largely in response to a number of major corporate and accounting scandals such as Enron and MCI WorldCom, and applies to publicly traded companies and Auditors of such companies. SOX requires an annual evaluation of internal controls and procedures for financial reporting in perpetuity.

13 13 Compliance: SOX and Basel II SOX Responsibilities The scope of SOX responsibilities include:  At least annual assessment and review of controls which include, but are not limited to, controls related to the prevention, identification, and detection of fraud.  The CEO is ultimately responsible and should assume “ownership” of the control system. However, everyone in the organization has some responsibility for internal controls. Our efforts directly impact the reporting by our Management

14 14 Compliance: SOX and Basel II What is Basel? The Basel Committee was established by the central- bank Governors of the Group of Ten countries at the end of 1974 and meets regularly four times a year. In 1988, the Committee decided to introduce a capital measurement system commonly referred to as the Basel Capital Accord. This system provided for the implementation of a credit risk measurement framework with a minimum capital standard of 8% by end-1992

15 15 Compliance: SOX and Basel II The Basel II Framework, issued on July 4, 2006 is intended to be a comprehensive version and promote a more forward-looking approach to capital supervision, one that encourages banks to identify the risks they may face, today and in the future, and to develop or improve their ability to manage those risks. Categories include: Risk Scenario Analysis and Inventory Loss Data Risk Control Self Assessment Economic Capital Reporting

16 16 Cobit 4.0 Framework

17 17 Cobit 4.0 Framework A Cobit Framework was established in support of Management’s realization of the significance that information can have to the success of an Enterprise, the expectation of a heightened understanding of operations, and the assurance of successful management so that the Enterprise can: Achieve its objectives Be resilient to learn and adapt Judiciously manage risks Recognize opportunities and act upon them

18 18 Cobit Framework This governance and control framework serves a variety of internal and external stakeholders and meets the objectives of: Business focus to align Business and Technology objectives Process oriented, with a specific structure Be consistent with best practices and standards Use a common language generally understandable by all stakeholders Help meet regulatory requirements

19 19 Cobit 4.0 Framework The Cobit Framework is comprised of:  Plan and Organize  Acquire and Implement  Deliver and Support  Monitor and Evaluate Each of these categories has a list of Detailed Control Objectives specific to that category. These objectives provide a framework for Enterprises to ensure they are compliant with regulatory policies and standards, including SOX, Basel II, and BCP.

20 20 Cobit 4.0 Framework Within Cobit 4.0, Deliver and Support, there is an entire section DS4 that identifies controls specific to continuity. They include objectives such as:  DS4.1 IT Continuity Framework  DS4.2 Continuity Plans  DS4.5 Testing of Continuity Plans These objectives are directly in line with the goals of Business Continuity.

21 21 Working Together

22 22 Working Together SOX Basel II BCP Business Continuity, SOX, and Basel II are intertwined

23 23 Working Together – Common Threads Within BCP, SOX, and Basel II programs, there are common threads:  Process identification and prioritization  Risk assessment and evaluation  Control identification and Gap Analysis  Testing  Remediation, when necessary

24 24 Working Together Process Identification and Prioritization  What are each of your Business process This includes Business and Technology processes  Which processes are key or critical to continue “Business as Usual” Which processes have a direct impact to your financials (General Ledger) Which processes are the key operational processes to support your customers or stakeholders

25 25 Working Together Risk Assessment and Evaluation For each of the processes deemed critical, what are your risks?  Operational, Resource, Financial, Data What is your level of risk?  High, Moderate, or Low Level of Risk  Management understanding and approval of processes and risks, and necessary efforts associated with identified risks.

26 26 Working Together Control Identification and Gap Analysis For each risk identified as a High Risk, what are the controls in place?  How strong are these controls? Are there any gaps within the process that do not control the risk?  Does Management understand and approve gaps, or do they need to be addressed?

27 27 Working Together Testing and Remediation Perform testing to ensure controls in place are working as expected. Report test results to Management Remediate weaknesses or Failures  Were there any failures during testing?  Were the controls identified as weak during testing, and did not meet the objectives?

28 28 Working Together Although the reasons for each program may be different, the Enterprise objectives and activities that are set out for Business Continuity, SOX, and Basel are the same : To ensure controls are in place that meet regulatory requirements Reduce and mitigate risk, whether it is financial, operational, or reputation Reduce the impact to internal or external stakeholders

29 29 Working Together Think about the synergy of your compliance programs and consider: Are there redundancies within any of your Programs? Can resources be more aligned to work more closely together? Where can efforts be consolidated to be more efficient and cost effective, yet still meet the needs of your Enterprise and regulatory requirements?

Download ppt "1 Business Continuity and Compliance Working Together Kristy Justice, AVP WaMu Card Services 08/19/2008."

Similar presentations

Organizational Governance

Organizational Governance
The Compliance & Risk Functions In Credit Unions What Supervisors need to know? Michael Mullen ILCU Learning Advisor.

The Compliance & Risk Functions In Credit Unions What Supervisors need to know? Michael Mullen ILCU Learning Advisor.
IT Control Objectives for Sarbanes-Oxley Presented by Doug Moore, Jefferson Wells International and Christine Chaney, Continental Airlines.

IT Control Objectives for Sarbanes-Oxley Presented by Doug Moore, Jefferson Wells International and Christine Chaney, Continental Airlines.
Chapter 14 Fraud Risk Assessment.

Chapter 14 Fraud Risk Assessment.
Chapter 10 Accounting Information Systems and Internal Controls

Chapter 10 Accounting Information Systems and Internal Controls
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Managed Funds Association’s Sound Practices for Hedge Fund Managers 2009 Edition.

Managed Funds Association’s Sound Practices for Hedge Fund Managers 2009 Edition.
1 Risk-Focused Surveillance Framework Enterprise Risk Management Symposium Chicago, Illinois April 26, 2004 Terri Vaughan, Iowa Insurance Commissioner.

1 Risk-Focused Surveillance Framework Enterprise Risk Management Symposium Chicago, Illinois April 26, 2004 Terri Vaughan, Iowa Insurance Commissioner.
1 The critical challenge facing banks and regulators under Basel II: improving risk management through implementation of Pillar 2 Simon Topping Hong Kong.

1 The critical challenge facing banks and regulators under Basel II: improving risk management through implementation of Pillar 2 Simon Topping Hong Kong.
“High Performing Financial Institutions and the Keys to Success in an Uncertain Environment”

“High Performing Financial Institutions and the Keys to Success in an Uncertain Environment”
Presented by Muhamad Abrar Bahaman 1000400 W. Fatimatul Akmar Md. Hassan 1000407.

Presented by Muhamad Abrar Bahaman W. Fatimatul Akmar Md. Hassan
Introduction to Enterprise Risk Management (ERM)

Introduction to Enterprise Risk Management (ERM)
ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.

ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.
Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.

Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.
1 Sarbanes-Oxley Section 404 June 29, 2005. 2  SOX 404 Background 3  SOX 404 Goals 4  SOX 404 Requirements 5  SOX 404 Assertions 6  SOX 404 Compliance.

1 Sarbanes-Oxley Section 404 June 29,  SOX 404 Background 3  SOX 404 Goals 4  SOX 404 Requirements 5  SOX 404 Assertions 6  SOX 404 Compliance.
Business Crisis and Continuity Management (BCCM) Class Session 3 3 - 1.

Business Crisis and Continuity Management (BCCM) Class Session
Under the Microscope Business Officers Meeting March 7, 2006 Presented by Randy Van Dyke Internal Control.

Under the Microscope Business Officers Meeting March 7, 2006 Presented by Randy Van Dyke Internal Control.
Operational risk management Margaret Guerquin, FSA, FCIA Canadian Institute of Actuaries 2006 General Meeting Chicago Confidential © 2006 Swiss Re All.

Operational risk management Margaret Guerquin, FSA, FCIA Canadian Institute of Actuaries 2006 General Meeting Chicago Confidential © 2006 Swiss Re All.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Internal Control Concepts A Guide for Deans, Directors, and Department Chairs.

Internal Control Concepts A Guide for Deans, Directors, and Department Chairs.

Similar presentations

Ads by Google