Regulatory Reality:

auditor

1

March 6, 2013  5:19 PM

Security Standards: What’s in a name?



Posted by: David Schneier
assess, assessment, assessments, Audit, auditor, audits, CISO, community bank, control, controls, credit union, credit unions, data security, framework, information security, information security office, infrastructure, ISO, risk assess, risk assessment, risk assessments, risk management, risk-based

I had an interesting phone call recently with someone in a CISO-type position.  They were looking for a consultant to help them keep a seat warm working with information security risk assessments and were hoping to find a resource with practical experience using the NIST 800-53 standard.  It was...

October 22, 2012  2:09 PM

Are banks unfairly scrutinized?



Posted by: David Schneier
ACH, assess, assessment, assessments, Audit, auditor, audits, banking, banks, business, CISA, CISO, community bank, compliance, credit unions, CU, exam, examination, examinations, examiner, examiners, exams, FFIEC, financial institutions, general controls, GLBA, identify theft, identity theft, information security, information security office, Information Technology General Controls, internal audit, internal controls, ITGC, NPPI, observations, oversight, personally identifiable informaiton, PII, privacy, risk assess, risk assessment, risk assessments, risk management, risk-based, risks

A few years back when I first cut over to working somewhat exclusively with financial institutions I memorized an elevator speech that still somewhat defines who I am and what I do professionally.  Part of the speech pointed out that my firm helped "banks and credit unions meet regulatory...


August 8, 2012  6:21 PM

Metrics Reporting: Are pretty colors always pretty accurate?



Posted by: David Schneier
Audit, auditor, audits, bank, banking, banks, Board, Board of Directors, BoD, business, community bank, compliance, control, controls, exam, examination, examinations, examiner, examiners, exams, financial institutions, fraud, governance, regulation, regulations, regulations audit, regulatory, regulatory guidance, SOX

I have an odd relationship with management reporting.  I know it's a necessity and quite often see clear value in what's packaged for senior management and board review.  But a significant piece of the reporting content comes in the form of metrics and, well, whenever I hear the term it conjures...


February 3, 2012  5:58 PM

Governance, risk and compliance – related but not the same.



Posted by: David Schneier
Audit, auditor, compliance, controls, exam, examiner, FFICE, GLBA, governance, GRC, internal controls, NCUA, regulations, regulatory, Regulatory Compliance, risk

I was sitting in a meeting this week listening to a group of very bright people talking about an initiative centered on installing a software solution and I realized something rather disturbing; somewhere along the way in our industry governance, risk and compliance has started melting together and...


August 28, 2011  3:17 PM

Will Hurricane Irene reveal your BCP’s strengths or weaknesses?



Posted by: David Schneier
Audit, auditor, bcp, business continuity, business continuity plan, compliance, disaster, disaster recovery, DR, exam, examiner, GLBA, NCUA, regulations, regulatory, Regulatory Compliance

I'm violating my own standards by using such an easy topic to blog about but it's too big to ignore.  With the increasing insanity being inspired by 2011's first true hurricane I'd be remiss if I didn't at least explore the impact this is going to have on the business community. I just heard...


1

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: