The OCC recently consolidated older guidance into an updated focus on corporate and risk governance. Times have changed, and now examiners will be taking a close look at board and management authority and responsibilities for governing the institution’s structure, operations, and risks. Specifically, examiners will focus on how the board and management are dealing with enterprise risk management. Are they managing the institution’s risks enterprise-wide and in a comprehensive, integrated manner? Are they communicating an appropriate risk culture and risk appetite as part of their risk governance framework? Does their risk governance framework align with the institution’s strategic, capital, and operational plans?
To carry out this updated guidance, the OCC, and possibly the other federal regulatory agencies, will be looking to the effectiveness of certain institution employees to identify and act to prevent risks from adversely impacting safety and soundness. First, they will be expecting those employees who routinely interface with customers to be well prepared to defend against risks that the board and management have identified in their governance program. Next, examiners will evaluate the efforts of designated risk managers who are responsible for identifying risks and communicating and training others to do the same. Finally, the examiners will evaluate the effectiveness of the internal audit function to identify needed improvements to policies, procedures and internal controls that the board and management have designed to defend against risks that could threaten the institution’s safety and soundness.
Please join our expert, Gary Deutsch, as he guides you through conducting a risk-based audit of your institution’s corporate and risk governance program.
WHAT YOU’LL LEARN
During this important webinar, our speaker will discuss conducting audit procedures related to:
- Assessing the adequacy of board and senior management support
- Evaluating the integration of security activities and controls throughout the institution’s business processes
- Assessing the adequacy of accountability for carrying out security responsibilities
- Determining the adequacy of cybersecurity measures
- Evaluating the effectiveness of security controls
- Evaluating the institution’s ability to react appropriately to mitigate threats as technologies and business conditions evolve
- Evaluating the enterprise risk management approach for integrating processes, people, and technology to maintain a risk profile consistent with the board’s risk appetite
- Determining the effectiveness of oversight and controls related to outsourced IT security functions
YOUR CONFERENCE LEADER
Your conference leader for "Conducting a Risk-based Audit of Corporate and Risk Governance Processes” is Gary Deutsch, president, BRT Publications LLC. Mr. Deutsch is a licensed CPA in Maryland and has a B.A. in accounting and an MBA in finance from Loyola University Maryland. He has also achieved the Certified Management Accountant, Certified Internal Auditor and Certified Bank Auditor designations. Mr. Deutsch is the founder and president of BRT Publications LLC. Mr. Deutsch has trained thousands of financial institution professionals in all aspects of risk management and has written numerous books in the U.S. and Europe on topics such as credit risk, internal audit and compliance with Generally Accepted Accounting Principles. Mr. Deutsch has extensive risk management and internal audit experience through his association with financial institutions of all sizes as well as through his role leading the KPMG financial institution consulting practice in the Mid-Atlantic region.