Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Business Continuity and Compliance Working Together Kristy Justice, AVP WaMu Card Services 08/19/2008.

Similar presentations

Presentation on theme: "1 Business Continuity and Compliance Working Together Kristy Justice, AVP WaMu Card Services 08/19/2008."— Presentation transcript:

1 1 Business Continuity and Compliance Working Together Kristy Justice, AVP WaMu Card Services 08/19/2008

2 2 Business Continuity and Compliance: Working Together Agenda Business Continuity Compliance: Looking at SOX and Basel II Cobit 4.0 Framework Working Together

3 3 Business Continuity

4 4 What is Business Continuity Planning? Business Continuity establishes the basis for financial institutions to recover and resume business processes when operations have been disrupted unexpectedly. Business Operations Technology Testing Communication Strategies

5 5 Business Continuity Why is it Important? Financial institutions play a critical role in the overall economy. The assurance that disruptions in services are minimized will foster confidence in the overall financial system and trust from the public. Additionally, Business Continuity Planning allows financial institutions to be prepared for the unexpected, and allow them to minimize potential financial losses, while continuing to service customers and financial markets.

6 6 Business Continuity Business Continuity process comprises of four steps: Business Impact Analysis Risk Assessment Risk Management Risk Monitoring and Testing

7 7 Business Continuity The first step of Business Continuity ( BIA) is: Identify and prioritize all business processes or functions Identify the potential impact of the business disruption Identify Legal and Regulatory requirements, if any

8 8 Business Continuity Step two Risk Assessment looks at: Evaluating the Business Impact (from step 1) Analyzing threats based upon the impact to the institution Prioritizing potential disruptions Performing a Gap Analysis

9 9 Business Continuity Risk Management, the third step, focuses on: Development, Implementation, and Maintenance of a BCP Plan. This includes the consideration of:  BIA and Risk Assessment from previous steps  Written and specific to conditions to implement and steps to take during implementation  Proper Management of the plan, if supported by third party  Focused on the impact of various threats  Effectiveness in minimizing service disruptions

10 10 Business Continuity The forth step, Risk monitoring and testing, ensures the viability of the BCP through: Incorporation of BIA and Risk Assessment into testing Roles and responsibilities assignment for implementation of testing Completion of BCP tests Evaluation and assessment of the test program and results Revision of the BCP plan, if necessary

11 11 Compliance: Looking at SOX and Basel II

12 12 Compliance: SOX and Basel II What is SOX? Drafted by Senator Paul Sarbanes and Congressman Michael Oxley, the Sarbanes Oxley Act was signed into law on July 30, 2002 by President Bush. It was enacted largely in response to a number of major corporate and accounting scandals such as Enron and MCI WorldCom, and applies to publicly traded companies and Auditors of such companies. SOX requires an annual evaluation of internal controls and procedures for financial reporting in perpetuity.

13 13 Compliance: SOX and Basel II SOX Responsibilities The scope of SOX responsibilities include:  At least annual assessment and review of controls which include, but are not limited to, controls related to the prevention, identification, and detection of fraud.  The CEO is ultimately responsible and should assume “ownership” of the control system. However, everyone in the organization has some responsibility for internal controls. Our efforts directly impact the reporting by our Management

14 14 Compliance: SOX and Basel II What is Basel? The Basel Committee was established by the central- bank Governors of the Group of Ten countries at the end of 1974 and meets regularly four times a year. In 1988, the Committee decided to introduce a capital measurement system commonly referred to as the Basel Capital Accord. This system provided for the implementation of a credit risk measurement framework with a minimum capital standard of 8% by end-1992

15 15 Compliance: SOX and Basel II The Basel II Framework, issued on July 4, 2006 is intended to be a comprehensive version and promote a more forward-looking approach to capital supervision, one that encourages banks to identify the risks they may face, today and in the future, and to develop or improve their ability to manage those risks. Categories include: Risk Scenario Analysis and Inventory Loss Data Risk Control Self Assessment Economic Capital Reporting

16 16 Cobit 4.0 Framework

17 17 Cobit 4.0 Framework A Cobit Framework was established in support of Management’s realization of the significance that information can have to the success of an Enterprise, the expectation of a heightened understanding of operations, and the assurance of successful management so that the Enterprise can: Achieve its objectives Be resilient to learn and adapt Judiciously manage risks Recognize opportunities and act upon them

18 18 Cobit Framework This governance and control framework serves a variety of internal and external stakeholders and meets the objectives of: Business focus to align Business and Technology objectives Process oriented, with a specific structure Be consistent with best practices and standards Use a common language generally understandable by all stakeholders Help meet regulatory requirements

19 19 Cobit 4.0 Framework The Cobit Framework is comprised of:  Plan and Organize  Acquire and Implement  Deliver and Support  Monitor and Evaluate Each of these categories has a list of Detailed Control Objectives specific to that category. These objectives provide a framework for Enterprises to ensure they are compliant with regulatory policies and standards, including SOX, Basel II, and BCP.

20 20 Cobit 4.0 Framework Within Cobit 4.0, Deliver and Support, there is an entire section DS4 that identifies controls specific to continuity. They include objectives such as:  DS4.1 IT Continuity Framework  DS4.2 Continuity Plans  DS4.5 Testing of Continuity Plans These objectives are directly in line with the goals of Business Continuity.

21 21 Working Together

22 22 Working Together SOX Basel II BCP Business Continuity, SOX, and Basel II are intertwined

23 23 Working Together – Common Threads Within BCP, SOX, and Basel II programs, there are common threads:  Process identification and prioritization  Risk assessment and evaluation  Control identification and Gap Analysis  Testing  Remediation, when necessary

24 24 Working Together Process Identification and Prioritization  What are each of your Business process This includes Business and Technology processes  Which processes are key or critical to continue “Business as Usual” Which processes have a direct impact to your financials (General Ledger) Which processes are the key operational processes to support your customers or stakeholders

25 25 Working Together Risk Assessment and Evaluation For each of the processes deemed critical, what are your risks?  Operational, Resource, Financial, Data What is your level of risk?  High, Moderate, or Low Level of Risk  Management understanding and approval of processes and risks, and necessary efforts associated with identified risks.

26 26 Working Together Control Identification and Gap Analysis For each risk identified as a High Risk, what are the controls in place?  How strong are these controls? Are there any gaps within the process that do not control the risk?  Does Management understand and approve gaps, or do they need to be addressed?

27 27 Working Together Testing and Remediation Perform testing to ensure controls in place are working as expected. Report test results to Management Remediate weaknesses or Failures  Were there any failures during testing?  Were the controls identified as weak during testing, and did not meet the objectives?

28 28 Working Together Although the reasons for each program may be different, the Enterprise objectives and activities that are set out for Business Continuity, SOX, and Basel are the same : To ensure controls are in place that meet regulatory requirements Reduce and mitigate risk, whether it is financial, operational, or reputation Reduce the impact to internal or external stakeholders

29 29 Working Together Think about the synergy of your compliance programs and consider: Are there redundancies within any of your Programs? Can resources be more aligned to work more closely together? Where can efforts be consolidated to be more efficient and cost effective, yet still meet the needs of your Enterprise and regulatory requirements?

Download ppt "1 Business Continuity and Compliance Working Together Kristy Justice, AVP WaMu Card Services 08/19/2008."

Similar presentations

Ads by Google