University of Maryland Robert H. Smith School of Business

Slides:

Advertisements

Similar presentations

Corporate Governance Reform Professor Blanaid Clarke Trinity College Dublin Law Reform Commission Annual Conference 11th December 2012.

Advertisements

Chapter 10 Accounting Information Systems and Internal Controls

CIOassist Technologies Your CIO on Demand… Business Continuity Planning Our Offering CIOassist Technologies (

1 ZIXCORP The BYOD Tug-of-War: Security versus Privacy Neil Farquharson January, 2015.

REGULATIONS Dr. Andy Wu BCIS 4630 Fundamentals of IT Security.

Greg Shaw How do we turn private sector preparedness into an investment rather than a cost of doing.

Operational risk management Margaret Guerquin, FSA, FCIA Canadian Institute of Actuaries 2006 General Meeting Chicago Confidential © 2006 Swiss Re All.

Directors’ College 2007 Protecting Your Customers’ Privacy A Directors’ Guide to GLBA By David Abbott, FDIC IT Examiner.

First Practice - Information Security Management System Implementation and ISO Certification.

Corporate Ethics Compliance *

Guidance for Managing Third-Party Risk Chicago Region Regulatory Conference Call December 8, 2010.

“The Impact of Sarbanes Oxley, An Evolving Best Practice” Ellen C. Wolf Senior Vice President & Chief Financial Officer American Water National Association.

1 Business Continuity and Compliance Working Together Kristy Justice, AVP WaMu Card Services 08/19/2008.

1 ZIXCORP The Criticality of Security Dena Bauckman Director Product Management April 2015.

Chapter 4 Internal Controls McGraw-Hill/Irwin

© Copyright 2012 Pearson Education. All Rights Reserved. Chapter 10 Fraud & Internal Control ACCOUNTING INFORMATION SYSTEMS The Crossroads of Accounting.

U.S. Financial Regulations

Section 12-2-Regulatory Agencies and Laws.   These agencies make or enforce rules and regulations  Agencies provide oversight or supervision of activities.

Governance of the Treasury Function CIPFA Scottish Treasury Management Forum Alan George, Regional Director 23rd February 2012.

BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.

Enterprise Risk Management (ERM) ABN AMRO Business Unit North America (BU NA) Overview for ERM Committee April 11, 2007.

Presentation to Senior Management MiFID for Senior Managers Introduction These slides introduce the big changes for senior management from MiFID.

Insurance Institute for Business & Home Safety Even if the worst happens, be prepared to stay.

COSO: Current ERM Challenges and Our Responses RIMS 2012 Annual Conference April 17, 2012 by David Landsittel COSO Chairman.

Copyright T. Rowe Price. All rights reserved 1 Ms. Deborah D. Seidel of T. Rowe Price Financial Services Vice President and Manager of Compliance.

CDS Operational Risk Management - October 28, 2005 Existing Methodologies for Operational Risk Mitigation - CDS’s ERM Program ACSDA Seminar - October 26.

Corporate Governance at CDS Ian A. Gilhooley President and CEO.

1 Today’s Presentation Sarbanes Oxley and Financial Reporting An NSTAR Perspective.

Supervision of Information Security and Technology Risk Barbara Yelcich, Federal Reserve Bank of New York Presentation to the World Bank September 10,

New Identity Theft Rules Rodney J. Petersen, J.D. Government Relations Officer Security Task Force Coordinator EDUCAUSE.

Enterprise AML Program Assessment

© Dr. John T. Whiting All Rights Reserved Slide 1 Achieving Compliance with GBLA & Other Laws and Regulations Impacting.

FleetBoston Financial HIPAA Privacy Compliance Agnes Bundy Scanlan Managing Director and Chief Privacy Officer FleetBoston Financial.

Hosted By Mike Gallagher October 2015 Risk Management And Compliance.

Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.

PD 8 OSFI Capital Update Stuart Wason Senior Director Actuarial Division OSFI CIA Appointed Actuary Seminar September 18, 2009.

Internal/External Audit Corporate Governance part 5.

Legal Jeopardy: Whose Risk Is It?. SPEAKERS Jason Straight Chief Privacy Officer and Senior Vice President Cyber Risk Solutions at UnitedLex Patrick Manzo.

Albany Bank Corporation Security Incident Management Program.

Internal Audit & Internal Controls Companies Act 2013.

Cyber Risk Management Solutions Fall 2015 Thomas Compliance Associates, Inc

Chapter 3: Business Continuity Planning. Planning for Business Continuity Assess risks to business processes Minimize impact from disruptions Maintain.

Business Continuity Disaster Planning

CYBERSECURITY: RISK AND LIABILITY March 2, 2016 Joshua A. Mooney Co-chair-Cyber Law and Data Protection White and Williams LLP (215)

Risk Management Bill Ferguson, Ray Farmer, Tim Morris, Marty Wingate Insurance Summit

CBIZ RISK & ADVISORY SERVICES BUSINESS CONTINUITY PLANNING Developing a Readiness Strategy that Mitigates Risk and is Actionable and Easy to Implement.

Business Continuity Planning 101

Cyber Insurance Risk Transfer Alternatives Heather Soronen - Operations Director Rocky Mountain Insurance Information Association.

Business Continuity and Disaster Recovery

JMFIP Financial Management Conference

Cyber Insurance Risk Transfer Alternatives

THINK DIFFERENT. THINK SUCCESS.

Southern Insurance Agency Business Continuity Management Services

Information Security Program

Chris Lintern Co-operative Financial Services

Business Continuity Planning

ENTERPRISE RISK MANAGEMENT IN THE CASE OF THE FINANCIAL SERVICE SECTOR

BUSINESS CONTINUITY BY HUI ZHENG.

Business Continuity / Recovery

Chapter 4 Internal Controls McGraw-Hill/Irwin

Business Continuity Plan Training

Optimizing Your Regulatory Compliance Program

IS4680 Security Auditing for Compliance

John Carlson Senior Director, BITS

WesPay, as a Direct Member of NACHA – The Electronic Payments Association and through its affiliation with the Electronic Check Clearing House Organization.

Cyber Security in a Risk Management Framework

An Executive Summary: The Issue the Profile Addresses, Its Development as a Solution, Its Benefits, and Support The Issue: Domestic and international regulatory.

Institute for Building Technology and Safety

Regulatory 101 Elizabeth Hammond and Patrick Brennan NC Office of the Commissioner of Banks August 1, 2019.

Presentation transcript:

University of Maryland Robert H. Smith School of Business Presenter: Lorie Alioto, Wells Fargo Insurance Services Inc. April 10, 2015

Successful BCP Planning and Risk Management Lorie Alioto, CBCP Wells Fargo Insurance BCP National Practice

Agenda Why do we plan? 5 Success Factors for BCP Risk Aggregation

Why do we plan?

Why do we plan? Prevent Loss of employees Loss of customers Loss of reputation Loss of revenue Regulatory and legal penalties

Financial Institutions Regulations FFIEC Federal Financial Institutions Examination Council BCP Booklet FFIEC Federal Financial Institutions IT Examination Booklet FINRA 4370 OCC Bulletin 2003-14 – Interagency Paper on Sound Practices to Strengthen the Resilience of the U.S. Financial System

Financial Institutions Regulatory Agencies Office of the Comptroller of the Currency (OCC) Federal Reserve Bank (FRB) Security and Exchange Commission (SEC)

Our organization has a documented BCP Are we all set?

Success Factor # 1 Business ownership and engagement

Business Ownership and Engagement Everybody wants to pass the BCP buck Who is responsible? Functional management level Quality of plans

Business Ownership and Engagement Does anyone in the company know we have a BCP? Make BCP cool

Success Factor # 2 Training and Testing

Training and Testing Do recovery members know what to do? Annual training is critical Table top exercises

Training and Testing If you want to assess a BCP program at a company what documentation besides the BCP plan itself would you ask to see?

Training and Testing If we test our Business Continuity Plan are we recoverable?

Training and Testing How do you as an organization define a successful BCP or DR test?

Training and Testing What if the test was not successful?

Success Factor # 3 Integration of business and technology recovery

Integration of business and technology recovery When does business require technology to be recovered?

Integration of business and technology recovery What is technology recovery capability? Comparison of business need and technology capability

Success Factor # 4 BCP Risk Management

BCP Risk Management What is Risk? Possibility of harm or loss

BCP Risk Management BCP Risks Identification Mitigation or Acceptance When and how will the risk be mitigated? How much risk is the business accepting?

BCP Risk Management Do all identified risks have to be mitigated? Explain your reasoning

Example

Loan processing function Financial Impact: 1 million loss daily Customer Impact: 1,000 external customers will be very unhappy Legal/Regulatory: XYZ regulation Function must resume within 1 day

Technology Risk Loan Processing function relies on: Application A - RTO 3 days If Application A fails function cannot be resumed for 3 days Are you going to mitigate this risk?

Cost to mitigate risk 7 million dollars to upgrade the BCP technology environment for Application A to provide a 1 day Recovery Time Objective

Risk Management Risk appetite Document risk and reasoning for acceptance

Success factor # 5 Reporting

Reporting Who should we report to?

Reporting Who should we report to? Senior Executives Board of Directors Business Lines Responsible for BCP

Reporting What should we report on?

Reporting What should we report on? BCP State of affairs Are we recoverable?

Reporting What should we report on? Business and technology BCP risk Business and technology risks Accepted Mitigated

Reporting How do we measure recoverability? Successful simulations Documented BCP plans with implemented strategies Appropriate level of risk acceptance

Reporting How do we prove to Executive Management that we are recoverable?

Reporting Where will we get the data from? How will we get the data?

Risk Aggregation BCP Risk Vendor Management Risk Information Security Risk Operational Risk Compliance Risk Fraud Risk Payment Systems Risk Capital Risk Privacy Risk Records Management Risk Financial Crime Risk

Risk Aggregation Challenge for all organizations Enterprise wide Risk definition and identification Report on all risks

Thank you! Lorie Alioto 414.397.5984 Lorie.alioto@wellsfargo.com