Regulatory Reality:

regulations


March 23, 2012  3:24 PM

GRC presents a broad spectrum; is it too broad?



Posted by: David Schneier
assessment, Audit, compliance, GRC, HIPAA, PCI, regulations, regulatory, Regulatory Compliance, risk, risk assessment, SOX

In early 2004 I co-authored my first Sarbanes-Oxley (SOX) controls framework for a client.  Just about the entire thing required manual testing that, if everything worked as planned would require a full-time resource to support.  About thirty seconds after submitting the framework draft to the...

March 6, 2012  6:00 PM

My bank card was compromised.



Posted by: David Schneier
breach, compliance, data breach, data security, GLBA, PCI, regulations, regulatory, Regulatory Compliance, Security

Two weeks ago, about two hours before departing on a long weekend trip to welcome back baseball in Florida I received an email from my bank indicating that there's been suspicious activity on my Visa check card and that it's been suspended.  Considering that under normal conditions I think my...


February 3, 2012  5:58 PM

Governance, risk and compliance – related but not the same.



Posted by: David Schneier
Audit, auditor, compliance, controls, exam, examiner, FFICE, GLBA, governance, GRC, internal controls, NCUA, regulations, regulatory, Regulatory Compliance, risk

I was sitting in a meeting this week listening to a group of very bright people talking about an initiative centered on installing a software solution and I realized something rather disturbing; somewhere along the way in our industry governance, risk and compliance has started melting together and...


January 8, 2012  9:27 PM

Maintaining compliance is often the Missing Link.



Posted by: David Schneier
assess, assessment, Audit, compliance, exam, examination, examiner, FDIC, GLBA, NCUA, regulations, regulatory, Regulatory Compliance, risk, risk assess, risk assessment

I've been in the solutions selling business on and off for about a decade but exclusively so over these past four years.  Up until becoming a partner in my current practice I pretty much was always only involved in helping sell the solution and usually implementing it before moving on.  Seldom...


December 5, 2011  11:54 PM

The trouble with GRC.



Posted by: David Schneier
assessments, Audit, compliance, governance, GRC, regulations, regulatory, Regulatory Compliance, regulatory guidance, risk, risk assessments

I love GRC, at least the concept.  I've gotten way more than my fair share of print time expounding on its many virtues and how it continues to make inroads into so many organizations.  It's the next and necessary step in the evolution of audit and compliance, a fact (yes, fact) of which I'm...


November 18, 2011  12:22 PM

Why vendor management is a big GLBA deal.



Posted by: David Schneier
assessment, Audit, compliance, FDIC, Federal Reserve Bank, FRB, GLBA, NCUA, OCC, OTC, regulations, regulatory, Regulatory Compliance, risk, risk assessment, vendor, Vendor Management, vendor risk, vendor risk rating

I don't think I'm due to post about vendor management again at least until January 2012 (I try to limit topics to twice a year) but I've had something kicking around my head for a few days now and it needs a proper vetting. Does anyone know why vendor management is such a big issue for banking...


October 3, 2011  10:39 PM

Dodd-Frank Section 165(d) : Is this really what was needed?



Posted by: David Schneier
bcp, business continuity, business continuity plan, compliance, Dodd-Frank, FDIC, GLBA, NCUA, regulations, regulatory, Regulatory Compliance, too big too fail

Ever since Dodd-Frank legislation first started rolling down the turnpike towards the banking industry I've been reading and listening to all manner of rhetoric about how none of it's going to solve any problems, that it's going to impede the business of banking and force money to be deposited and...


August 28, 2011  3:17 PM

Will Hurricane Irene reveal your BCP’s strengths or weaknesses?



Posted by: David Schneier
Audit, auditor, bcp, business continuity, business continuity plan, compliance, disaster, disaster recovery, DR, exam, examiner, GLBA, NCUA, regulations, regulatory, Regulatory Compliance

I'm violating my own standards by using such an easy topic to blog about but it's too big to ignore.  With the increasing insanity being inspired by 2011's first true hurricane I'd be remiss if I didn't at least explore the impact this is going to have on the business community. I just heard...


August 15, 2011  8:45 PM

NCUA vs. Wall Street: Who’s going to win?



Posted by: David Schneier
cdo, compliance, foreclosure, NCUA, regulations, regulatory, Regulatory Compliance

I had the good fortune to rediscover a recent favorite book while driving to a client engagement last week.  It was the audio version of Michael Lewis’s “The Big Short”.  I had first listened to it last year and thought at the time it was about as good a...


June 3, 2011  3:18 PM

What does the “E” stand for in ERM?



Posted by: David Schneier
assess, assessment, Audit, compliance, enterprise risk, enterprise risk management, ERM, GLBA, NCUA, regulations, regulatory, Regulatory Compliance, risk management

Last week while attending a banking conference I found myself in a conversation about Enterprise Risk Management (ERM).   I had made the comment that I was tired of constantly hearing different definitions of what the discipline is and how it should be applied.  It’s the...


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: