Presentation is loading. Please wait.

Presentation is loading. Please wait.

STRONG POLICIES AND INTERNAL CONTROLS – SAFEGUARDING YOUR RESOURCES, AND YOUR REPUTATION Maria Falvo Chief Operating Officer American Savings Foundation.

Published byShana Jenkins Modified over 8 years ago

Similar presentations

Presentation on theme: "STRONG POLICIES AND INTERNAL CONTROLS – SAFEGUARDING YOUR RESOURCES, AND YOUR REPUTATION Maria Falvo Chief Operating Officer American Savings Foundation."— Presentation transcript:

1 STRONG POLICIES AND INTERNAL CONTROLS – SAFEGUARDING YOUR RESOURCES, AND YOUR REPUTATION Maria Falvo Chief Operating Officer American Savings Foundation Bradley P. Lusk, CPA Managing Partner Sisterson & Co. LLP Deborah Shinbein, Esq. Certified Information Privacy Professional Data Law Group, P.C.

2 Scholars Say Promised Money Didn't Come December 08, 2013| By MATTHEW KAUFFMAN And VANESSA DE LA TORRE, Hartford Courant Background article Background article on this story.

3

4 Best Practices Establish an independent audit committee. Conduct an annual audit. Remember – auditor should report to audit committee, not to staff. Respond to all audit findings and recommendations. Conduct a formal annual review of top management. Adopt and review policies and procedures. Decide which should receive annual board approval. Regularly communicate policies and procedures to staff through an employee handbook, regular staff meetings. Provide regular education to board related to governance, compliance, policies and procedures. Perform a risk management review.

5 New Challenges in a Digital Age Data in many formats and locations Laws vary from state to state Policies needed for protection from liability (and compliance) Website terms of use – and other online concerns Privacy / use of personal information policy Data security policies (WISP, AUP, BYOD, more) Data retention/destruction policy Breach preparation/response policy

6 New Challenges in a Digital Age (Cont.) Data security tips: Oversee third party providers: Screen carefully – 3 rd party certifications, due diligence Contracts - include security requirements, audits, warranties, indemnification, breach response, termination provisions, and more Encrypt data in transit and at rest; SSL when appropriate Implement access controls, strong passwords Test your security measures (tech penetration, human errors) Update antivirus, system patches, etc. regularly Back-up frequently, specify approved use of cloud providers Don’t collect more than needed or keep longer than necessary

7 Our experience – what works Work with your auditor to get the most out of your annual audit. Together, look for opportunities to strengthen controls. Make sure annual review of policies is not simply pro forma. Document, review, update and follow procedures for all key activities. Consider additional challenges for a small staff. Never be satisfied. Test your assumptions.

8 Contact information Maria Falvo Chief Operating Officer American Savings Foundation 185 Main Street New Britain, CT 06051 mfalvo@asfdn.org 860.827.2556 phone 860.832.4582 fax Bradley P. Lusk, CPA Managing Partner Sisterson & Co. LLP 310 Grant Street Suite 2100 Pittsburgh, PA 15219 bplusk@sisterson.com Phone: 412.281.2025 Fax: 412.338.4597 Deborah Shinbein, Esq. Data Law Group, P.C. 3700 Quebec Street Denver, CO 80207-1639 Deb@DataLawGroup.co m Phone: 303.997.1325 Fax: 303.796.7203

Download ppt "STRONG POLICIES AND INTERNAL CONTROLS – SAFEGUARDING YOUR RESOURCES, AND YOUR REPUTATION Maria Falvo Chief Operating Officer American Savings Foundation."

Similar presentations

Data Privacy and Security in the Cloud Presented by Robert J. Scott Managing Partner Scott & Scott, LLP www.ScottandScottllp.com.

Data Privacy and Security in the Cloud Presented by Robert J. Scott Managing Partner Scott & Scott, LLP
Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.

Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.
Environmental Management System Implementation

Environmental Management System Implementation
Child Safeguarding Standards

Child Safeguarding Standards
Safeguarding Data to Ensure Effective Data Use Paige Kowalski |Director| State Policy & Advocacy July 2014.

Safeguarding Data to Ensure Effective Data Use Paige Kowalski |Director| State Policy & Advocacy July 2014.
Internal Controls What Are They And Why Should I Care? 1.

Internal Controls What Are They And Why Should I Care? 1.
Key Changes to HIPAA from the Stimulus Bill (ARRA) Children’s Health System Department Leadership Meeting October 28, 2009 Kathleen Street Privacy Officer/Risk.

Key Changes to HIPAA from the Stimulus Bill (ARRA) Children’s Health System Department Leadership Meeting October 28, 2009 Kathleen Street Privacy Officer/Risk.
Forming Your HIPAA Compliance Plan PRESENTED BY. Daniel B. Brown, Esq. Healthcare Attorney Taylor English Duma LLP Jason Karn Director Training and IT.

Forming Your HIPAA Compliance Plan PRESENTED BY. Daniel B. Brown, Esq. Healthcare Attorney Taylor English Duma LLP Jason Karn Director Training and IT.
Navigating Compliance Requirements DCM 6.2 Regs and Codes linford & co llp.

Navigating Compliance Requirements DCM 6.2 Regs and Codes linford & co llp.
Karen D. Smith, Esq. Partner Bricker & Eckler LLP 100 S. Third Street Columbus, OH 43215 (614) 227-2313.

Karen D. Smith, Esq. Partner Bricker & Eckler LLP 100 S. Third Street Columbus, OH (614)
Identity Theft & Data Security Concerns Are You Meeting Your Obligations to Protect Customer Information? Finance & Administration Roundtable February.

Identity Theft & Data Security Concerns Are You Meeting Your Obligations to Protect Customer Information? Finance & Administration Roundtable February.
1 HIT Standards Committee Privacy and Security Workgroup: Recommendations Dixie Baker, SAIC Steven Findlay, Consumers Union August 20, 2009.

1 HIT Standards Committee Privacy and Security Workgroup: Recommendations Dixie Baker, SAIC Steven Findlay, Consumers Union August 20, 2009.
The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer.

The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
Welcome! Internal Auditing CHAPTER 1. Definition Internal auditing is an independent, objective, assurance and consulting activity designed to add value.

Welcome! Internal Auditing CHAPTER 1. Definition Internal auditing is an independent, objective, assurance and consulting activity designed to add value.
Risk Management for Jail Medical Programs By: Bliss McKnight, Inc.®

Risk Management for Jail Medical Programs By: Bliss McKnight, Inc.®
Security Controls – What Works

Security Controls – What Works
Information Security Policies and Standards

Information Security Policies and Standards
Developing a Records & Information Retention & Disposition Program:

Developing a Records & Information Retention & Disposition Program:
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

Similar presentations

Ads by Google