Regulatory Reality:

control

1

March 6, 2013  5:19 PM

Security Standards: What’s in a name?



Posted by: David Schneier
assess, assessment, assessments, Audit, auditor, audits, CISO, community bank, control, controls, credit union, credit unions, data security, framework, information security, information security office, infrastructure, ISO, risk assess, risk assessment, risk assessments, risk management, risk-based

I had an interesting phone call recently with someone in a CISO-type position.  They were looking for a consultant to help them keep a seat warm working with information security risk assessments and were hoping to find a resource with practical experience using the NIST 800-53 standard.  It was...

August 8, 2012  6:21 PM

Metrics Reporting: Are pretty colors always pretty accurate?



Posted by: David Schneier
Audit, auditor, audits, bank, banking, banks, Board, Board of Directors, BoD, business, community bank, compliance, control, controls, exam, examination, examinations, examiner, examiners, exams, financial institutions, fraud, governance, regulation, regulations, regulations audit, regulatory, regulatory guidance, SOX

I have an odd relationship with management reporting.  I know it's a necessity and quite often see clear value in what's packaged for senior management and board review.  But a significant piece of the reporting content comes in the form of metrics and, well, whenever I hear the term it conjures...


July 21, 2012  8:25 PM

CFPB: Filling the regulatory void left by Sheila Bair



Posted by: David Schneier
Add new tag, assess, assessment, assessments, bank, banking, banking crisis, banks, community bank, compliance, compliance officer, compliant, control, credit, credit card, data security, Dodd-Frank, economy, enterprise risk, enterprise risk management, ERM, exam, examination, examinations, examiner, examiners, exams, Federal Reserve Bank, FFIEC, financial, financial institutions, framework, information security office, lending, LinkedIn, mortgage, NCUA, NCUA Sheila Bair, NPPI, observations, oversight, personally identifiable informaiton, PII, policy, privacy, procedure, regulation, regulations, regulations audit, regulatory, regulatory guidance, risk assess, risk assessment, risk assessments, risk management, risk-based, risks, security PII, Sheila Bair, social security numbers, technology, third party management, third party oversight, vendor, Vendor Management, vendor risk, vendor risk assessment

I was an unabashed fan of Sheila Bair and made no secret of that fact.  She was a breath of fresh air in a line of work where everything is stale and always at least a little boring.  Not that Martin Gruenberg is any less effective running the FDIC, he's just a whole lot less interesting to pay...


July 6, 2012  3:18 AM

Risk: The core issue behind regulatory requirements



Posted by: David Schneier
assess, assessment, assessments, Audit, audits, bank, banking, banks, compliance, compliant, control, credit union, credit unions, CU, enterprise risk, enterprise risk management, ERM, exam, examination, examinations, examiner, exams, FDIC, Federal Reserve Bank, FFIEC, financial institutions, framework, FRB, general controls, GLBA, governance, GRC, guidance, information security, information security office, infrastructure, NCUA, PII, policy, procedure, regulation, regulations, regulations audit, risk assessment, risk assessments, Risk IT, risk management, risk rating, risk-based, risks, threats, vendor, Vendor Management, vendor risk, vendor risk assessment

There's a joke of sorts within my personal circle of family and friends regarding what it is that I do these days.  Ask me and I'll tell you that I'm a regulatory compliance expert who advises financial institutions on how to comply with the myriad rules and regulations governing information...


April 29, 2012  7:43 PM

Internal Audit: Whose side are they on anyway?



Posted by: David Schneier
assessment, assessments, Audit, compliance, control, control owners, controls, findings, GLBA, internal audit, NCUA, regulations, regulatory, Regulatory Compliance, risk, risk assessments, risks

My first encounter with an auditor was back in the mid-90's while working as an application project manager for a Fortune 100 company.  The group responsible for change management was going through an audit of their process and one of the changes that was selected for review happened to belong to...


1

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: