September 21, 2012 3:44 PM
Posted by: David Schneier
assess,
assessment,
assessments,
Audit,
bank,
banking,
CISO,
CISSP,
compliance,
compliance officer,
compliant,
credit union,
credit unions,
CU,
disaster,
disaster recovery,
DR,
enterprise risk,
enterprise risk management,
ERM,
exam,
examination,
examinations,
examiner,
examiners,
exams,
framework,
governance,
GRC,
guidance,
information security,
information security office,
infrastructure,
ISO,
oversight,
policy,
procedure,
regulation,
regulations,
regulations audit,
regulatory,
regulatory guidance,
risk assess,
risk assessment,
risk assessments,
risk management,
risk-based,
risks,
technologyAbout a decade ago a family member chastised me for having an auto repair shop do my oil changes for me. She (yeah, you’re reading that right – “she”) pointed out how ridiculously easy it was to drain the old oil, replace it with the new stuff and check a wide variety of fluid levels,...
August 8, 2012 6:21 PM
Posted by: David Schneier
Audit,
auditor,
audits,
bank,
banking,
banks,
Board,
Board of Directors,
BoD,
business,
community bank,
compliance,
control,
controls,
exam,
examination,
examinations,
examiner,
examiners,
exams,
financial institutions,
fraud,
governance,
regulation,
regulations,
regulations audit,
regulatory,
regulatory guidance,
SOXI have an odd relationship with management reporting. I know it's a necessity and quite often see clear value in what's packaged for senior management and board review. But a significant piece of the reporting content comes in the form of metrics and, well, whenever I hear the term it conjures...
July 21, 2012 8:25 PM
Posted by: David Schneier
Add new tag,
assess,
assessment,
assessments,
bank,
banking,
banking crisis,
banks,
community bank,
compliance,
compliance officer,
compliant,
control,
credit,
credit card,
data security,
Dodd-Frank,
economy,
enterprise risk,
enterprise risk management,
ERM,
exam,
examination,
examinations,
examiner,
examiners,
exams,
Federal Reserve Bank,
FFIEC,
financial,
financial institutions,
framework,
information security office,
lending,
LinkedIn,
mortgage,
NCUA,
NCUA Sheila Bair,
NPPI,
observations,
oversight,
personally identifiable informaiton,
PII,
policy,
privacy,
procedure,
regulation,
regulations,
regulations audit,
regulatory,
regulatory guidance,
risk assess,
risk assessment,
risk assessments,
risk management,
risk-based,
risks,
security PII,
Sheila Bair,
social security numbers,
technology,
third party management,
third party oversight,
vendor,
Vendor Management,
vendor risk,
vendor risk assessmentI was an unabashed fan of Sheila Bair and made no secret of that fact. She was a breath of fresh air in a line of work where everything is stale and always at least a little boring. Not that Martin Gruenberg is any less effective running the FDIC, he's just a whole lot less interesting to pay...
December 5, 2011 11:54 PM
Posted by: David Schneier
assessments,
Audit,
compliance,
governance,
GRC,
regulations,
regulatory,
Regulatory Compliance,
regulatory guidance,
risk,
risk assessmentsI love GRC, at least the concept. I've gotten way more than my fair share of print time expounding on its many virtues and how it continues to make inroads into so many organizations. It's the next and necessary step in the evolution of audit and compliance, a fact (yes, fact) of which I'm...
June 24, 2011 2:43 PM
Posted by: David Schneier
cloud,
compliance,
compliant,
FDIC,
FFIEC,
guidance,
NCUA,
PCI,
regulatory,
Regulatory Compliance,
regulatory guidanceOh how the times have changed. Once upon a time I was part of a group of peers who waited for new album releases, camped out over night for concert tickets and once even waited on line for the annual release of Strat-O-Matic's baseball set (perhaps the nerdiest thing I've ever done). And all of...
0 Comments
RSS Feed
Email a friend
