Regulatory Reality:

ITGC

1

October 30, 2012  3:09 PM

Hurricane Sandy: An epic storm and the ultimate DR test



Posted by: David Schneier
Audit, audits, backup, bank, bank closing, bank closings, banking, banks, BIA, business, business continuity, business continuity plan, business impact analysis, community bank, disaster recovery, DR, examiners, internal audit, internal controls, ITGC, NCUA, pandemic, Pandemic Planning, policy, procedure, risk assess, risk assessment, risk assessments, risk management, risks

I've written similar posts in that past where I start off by apologizing for appearing opportunistic when leveraging a significant news event to generate site content.  However when considering roughly one-third of all my clients are dealing with Hurricane Sandy this represents a rare chance to...

October 22, 2012  2:09 PM

Are banks unfairly scrutinized?



Posted by: David Schneier
ACH, assess, assessment, assessments, Audit, auditor, audits, banking, banks, business, CISA, CISO, community bank, compliance, credit unions, CU, exam, examination, examinations, examiner, examiners, exams, FFIEC, financial institutions, general controls, GLBA, identify theft, identity theft, information security, information security office, Information Technology General Controls, internal audit, internal controls, ITGC, NPPI, observations, oversight, personally identifiable informaiton, PII, privacy, risk assess, risk assessment, risk assessments, risk management, risk-based, risks

A few years back when I first cut over to working somewhat exclusively with financial institutions I memorized an elevator speech that still somewhat defines who I am and what I do professionally.  Part of the speech pointed out that my firm helped "banks and credit unions meet regulatory...


March 14, 2010  3:59 AM

Muddy waters: Governance, risk and compliance



Posted by: David Schneier
assessment, Audit, framework, GLBA, GRC, IT General Controls, ITGC, Regulatory Compliance, risk, risk management

I had an email exchange with a colleague last week in which GRC (governance, risk and compliance as a unified methodology) was central to the discussion.  She felt that there's been a blurring of the lines in how people view GRC versus ERM (enterprise risk management) as disciplines and wanted to...


February 12, 2010  11:38 PM

IT audit reports: Why you can’t handle the truth



Posted by: David Schneier
Audit, corruption, fraud, GLBA, Information Technology General Controls, infrastructure, IT, IT General Controls, ITGC, NCUA, Regulatory Compliance

I was reading the local newspaper this morning and was surprised to find a front page story ripped from the headlines of my professional life (ironic, I know). Right there on the front page of today's News and Observer was a story about how a recent audit claimed corruption at a local college...


September 1, 2009  3:29 PM

IT audits versus reviews



Posted by: David Schneier
Audit, compliance, general controls, GLBA, governance, GRC, IT, ITGC, NCUA, Regulatory Compliance, risk, risk assessment

I had mentioned in my last post a recent conversation with my partner regarding a proposed IT general controls (ITGC) audit. My primary role in our practice is to head up regulatory compliance services which includes audits, assessments and program development; my...


1

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: