viclarity user group february 14
TRANSCRIPT
![Page 1: ViClarity User Group February 14](https://reader034.vdocuments.us/reader034/viewer/2022050907/55a626ab1a28ab8e7c8b4575/html5/thumbnails/1.jpg)
Credit Union User Group
Portlaoise Heritage Hotel13 February 2013
![Page 2: ViClarity User Group February 14](https://reader034.vdocuments.us/reader034/viewer/2022050907/55a626ab1a28ab8e7c8b4575/html5/thumbnails/2.jpg)
Introductionso Finbarr McCarthy – Independent Consultant
o Ogie Sheehy – Founder / CEO of ViClarity
o Paul Griffin – Commercial Director
o Tom Faraday – Business Development Manager
o Tracy Fitzgerald – Marketing & Product Specialist
![Page 3: ViClarity User Group February 14](https://reader034.vdocuments.us/reader034/viewer/2022050907/55a626ab1a28ab8e7c8b4575/html5/thumbnails/3.jpg)
Agenda 10.00 – Introduction 10.10 – “The relationship between Risk, Governance and Audit” Finbarr McCarthy10.30 - Workshop – Focus Groups 11.45 - Tea/Coffee12.00 - System Training12.30 - General discussion12.55 – Close1.00 - Lunch
![Page 4: ViClarity User Group February 14](https://reader034.vdocuments.us/reader034/viewer/2022050907/55a626ab1a28ab8e7c8b4575/html5/thumbnails/4.jpg)
FINBARR MCCARTHY
Risk, Governance & AuditThe relationship
![Page 5: ViClarity User Group February 14](https://reader034.vdocuments.us/reader034/viewer/2022050907/55a626ab1a28ab8e7c8b4575/html5/thumbnails/5.jpg)
Overview
Steps1. What risks do you have in your credit union?
1. Identify them2. Record what you are doing3. Is it enough?
2. Are the board satisfied?Y You are ready to monitor N You need to improve what you are doing
Y completed = you are ready to monitor1. Step 3
1. Monitor2. Review 3. Improve
![Page 6: ViClarity User Group February 14](https://reader034.vdocuments.us/reader034/viewer/2022050907/55a626ab1a28ab8e7c8b4575/html5/thumbnails/6.jpg)
Risk Identification
What risks are you exposed to? Outline actual risks “There is a risk that …….
The lending policy is out of date Unauthorised people can approve a loan
Take care Be systematic & use external research
Otherwise you may miss things
![Page 7: ViClarity User Group February 14](https://reader034.vdocuments.us/reader034/viewer/2022050907/55a626ab1a28ab8e7c8b4575/html5/thumbnails/7.jpg)
Control Documentation
Risk What is done
Assigned to Monitored by
Evidence
Lending policy is out of date
Annual review Manager Credit Committee
Policy register
Unauthorised person approving loan
User rights defined (only loan officer can approve loanPassword protected
Manager or IT person
Credit CommitteeTechnology committee
Job description,System specificationLog of password changes
![Page 8: ViClarity User Group February 14](https://reader034.vdocuments.us/reader034/viewer/2022050907/55a626ab1a28ab8e7c8b4575/html5/thumbnails/8.jpg)
Are you doing enough?
Rate what you are doing Effective ?
Is it done every year? How are changes in regulation/legislation linked How is it evidenced & stored
Gaps? Regulations not identified quickly enough Evidence is weak
Recommendations? Annual Calendar Monthly practice checking for legislative/regulatory changes Stored electronically in pdf format
![Page 9: ViClarity User Group February 14](https://reader034.vdocuments.us/reader034/viewer/2022050907/55a626ab1a28ab8e7c8b4575/html5/thumbnails/9.jpg)
Unauthorised Access
Rate what you are doing Effective ?
Is the system tested so that user privileges are documented and tested Are passwords strong enough
At least 6 characters long Mixture of letters, numbers, special characters Changed every 90 days
Gaps? Passwords are not strong enough Passwords don’t change frequently enough
Recommendations? Increase password strength and change every 90 days
![Page 10: ViClarity User Group February 14](https://reader034.vdocuments.us/reader034/viewer/2022050907/55a626ab1a28ab8e7c8b4575/html5/thumbnails/10.jpg)
Risk RegisterResidual risk within board appetite for risk
Are the board satisfied with current practices
Risk within tolerance
ViClarity & control
questions
Risk Mitigation
Programme
Y
N
When completed then needs to be monitored
![Page 11: ViClarity User Group February 14](https://reader034.vdocuments.us/reader034/viewer/2022050907/55a626ab1a28ab8e7c8b4575/html5/thumbnails/11.jpg)
RMP
Risk Issue Outcome Sought
Actions Deadline
Lending policy is out of date
Not checking and updating Policy between annual reviews
Formal process to keep policy current
Develop, approve and implement process
June 30th 2014
![Page 12: ViClarity User Group February 14](https://reader034.vdocuments.us/reader034/viewer/2022050907/55a626ab1a28ab8e7c8b4575/html5/thumbnails/12.jpg)
Within Tolerance Outside Tolerance
Monitor adherence to controls Viclarity
Monitor progress of RMP Outside Viclarity Similar to managing implementation
of Strategic Plan
Governance & RMO
![Page 13: ViClarity User Group February 14](https://reader034.vdocuments.us/reader034/viewer/2022050907/55a626ab1a28ab8e7c8b4575/html5/thumbnails/13.jpg)
Compliance Effectiveness
Internal Audit review practice and make findings.
If within tolerance Yes
Continue monitoring (viclarity) No
RMP
Audit
Are staff/volunteers following the practice Yes
Continue monitoring (viclarity) No
Review assessment & if inside tolerance Yes – Viclarity No - RMP
![Page 14: ViClarity User Group February 14](https://reader034.vdocuments.us/reader034/viewer/2022050907/55a626ab1a28ab8e7c8b4575/html5/thumbnails/14.jpg)
Review
RMO Identify, document and assess what is currently done in the cu to manage specific
risksBoard/Risk Committee
Set tolerance/appetite for riskRMO
If controls are ok with respect to tolerance then monitor If controls are not ok then must be improved RMP
Audit Review compliance/effectiveness & make recommendations RMO with management create RMP if required
![Page 15: ViClarity User Group February 14](https://reader034.vdocuments.us/reader034/viewer/2022050907/55a626ab1a28ab8e7c8b4575/html5/thumbnails/15.jpg)
Focus Group Breakout
![Page 16: ViClarity User Group February 14](https://reader034.vdocuments.us/reader034/viewer/2022050907/55a626ab1a28ab8e7c8b4575/html5/thumbnails/16.jpg)
Focus Group Objectives1. Review of Controls for Deletions2. Review of Controls for Additions3. Sub Levels of Verification
![Page 17: ViClarity User Group February 14](https://reader034.vdocuments.us/reader034/viewer/2022050907/55a626ab1a28ab8e7c8b4575/html5/thumbnails/17.jpg)
Tea & Coffee Break
![Page 18: ViClarity User Group February 14](https://reader034.vdocuments.us/reader034/viewer/2022050907/55a626ab1a28ab8e7c8b4575/html5/thumbnails/18.jpg)
System training1. Adding/Editing Controls2. Interpretation of data3. How to create reports
![Page 19: ViClarity User Group February 14](https://reader034.vdocuments.us/reader034/viewer/2022050907/55a626ab1a28ab8e7c8b4575/html5/thumbnails/19.jpg)
www.viclarity.com
Thank You
![Page 20: ViClarity User Group February 14](https://reader034.vdocuments.us/reader034/viewer/2022050907/55a626ab1a28ab8e7c8b4575/html5/thumbnails/20.jpg)
Lunch