August 8, 2012 6:21 PM
Posted by: David Schneier
Audit,
auditor,
audits,
bank,
banking,
banks,
Board,
Board of Directors,
BoD,
business,
community bank,
compliance,
control,
controls,
exam,
examination,
examinations,
examiner,
examiners,
exams,
financial institutions,
fraud,
governance,
regulation,
regulations,
regulations audit,
regulatory,
regulatory guidance,
SOXI have an odd relationship with management reporting. I know it's a necessity and quite often see clear value in what's packaged for senior management and board review. But a significant piece of the reporting content comes in the form of metrics and, well, whenever I hear the term it conjures...
April 29, 2012 7:43 PM
Posted by: David Schneier
assessment,
assessments,
Audit,
compliance,
control,
control owners,
controls,
findings,
GLBA,
internal audit,
NCUA,
regulations,
regulatory,
Regulatory Compliance,
risk,
risk assessments,
risksMy first encounter with an auditor was back in the mid-90's while working as an application project manager for a Fortune 100 company. The group responsible for change management was going through an audit of their process and one of the changes that was selected for review happened to belong to...
February 3, 2012 5:58 PM
Posted by: David Schneier
Audit,
auditor,
compliance,
controls,
exam,
examiner,
FFICE,
GLBA,
governance,
GRC,
internal controls,
NCUA,
regulations,
regulatory,
Regulatory Compliance,
riskI was sitting in a meeting this week listening to a group of very bright people talking about an initiative centered on installing a software solution and I realized something rather disturbing; somewhere along the way in our industry governance, risk and compliance has started melting together and...
November 2, 2010 2:33 PM
Posted by: David Schneier
assessment,
Audit,
controls,
GLBA,
NCUA,
regulatory,
Regulatory Compliance,
risk assessmentI was in the midst of writing my weekly blog post focusing on threadbare thin compliance efforts when I was distracted by news of a potential terrorist incident. As you likely know by now, it appears that Al-Qaeda was either attempting to send explosive devices onto airplanes or was conducting a...
June 25, 2010 4:08 PM
Posted by: David Schneier
controls,
firewall,
firewalls,
hackers,
hacking,
information security,
regulatory,
Regulatory Compliance,
Security,
social network,
web filtersA week or so ago, I received an invitation from a professional friend of mine to connect via Facebook. He's someone whose brain I've picked time and again as he's one of the brightest information security people I've worked with but more importantly, he's also someone who I enjoy talking to, and...
April 23, 2010 10:14 PM
Posted by: David Schneier
assessment,
assessments,
Audit,
bcp,
business continuity planning,
controls,
framework,
general controls,
GLBA,
IT General Controls,
NCUA,
Regulatory Compliance,
Security,
security awareness,
Vendor ManagementI've often surprised people when it comes to conducting audit/assessment work or developing compliance programs. Generally speaking I'm a reasonable person who typically exhibits an abundance of flexibility in my day-to-day life. However when it comes to my career, I tend to be much more of a...
January 15, 2010 6:05 AM
Posted by: David Schneier
Audit,
controls,
evidence,
GLBA,
Regulatory Compliance,
riskA recent jobs survey released last week indicated that less than 50% of the work force is satisfied with their job. Me, I’m a lucky guy as I genuinely like what I do for a living. It’s funny in a way because over the first decade or so of my...
