FFIEC News

Compliance Spectrum Integrates FFIEC Examination Checklists in its Flagship Compliance Product

(Jan 28, 2008)-- Compliance Spectrum, provider of IT governance, risk, and compliance (GRC) solutions announced an expansion of Spectra, its flagship compliance product, to include more sophisticated risk management capabilities and enhanced real-time reporting.

This new risk assessment and analysis capabilities provides senior management, compliance professionals and auditors a quick and easy method to identify and resolve the highest areas of risk, and to estimate the associated cost to remediate the risk. Risk levels are tracked over time and are fully integrated into Spectra's policy, audit and task management capabilities and real-time dashboards.

Spectra calculates a "risk rating" based on the criteria of "business impact", "probability of occurrence" and the "estimated cost to remedy". A new set of reports have been included to provide management guidance based on any or all of the three risk rating criteria. To assist management with better insight and decision making, a new OLAP analytics capability has been included that enables drill-down and ad-hoc analysis of objectives/controls with respect to risk.

"The addition of these advanced risk management and reporting features allow our customers to integrate risk management into their compliance and governance lifecycle programs. Risk assessment and analysis is critical to financial markets and is rapidly becoming a fundamental requirement for other markets", said Colleen Murphy, Vice President of Development, and Compliance Spectrum.

Also new to Spectra is the addition of the Federal Financial Institution Examination Council (FFIEC) examination checklists. These include:

FFIEC Audit - A well-planned, properly structured audit program is essential to evaluate risk management practices, internal control systems, and compliance with corporate policies concerning IT-related risks at institutions of every size and complexity. Effective audit programs are risk-focused, promote sound IT controls, ensure the timely resolution of audit deficiencies, and inform the board of directors of the effectiveness of risk management practices. An effective IT audit function may also reduce the time examiners spend reviewing areas of the institution during examinations. Ideally, the audit program would consist of a full-time, continuous program of internal audit coupled with a well-planned external auditing program.

FFIEC BC - Business continuity planning is the process whereby financial institutions ensure the maintenance or recovery of operations, including services to customers, when confronted with adverse events such as natural disasters, technological failures, human error, or terrorism. The objectives of a business continuity plan (BCP) are to minimize financial loss to the institution; continue to serve customers and financial market participants; and mitigate the negative effects disruptions can have on an institution's strategic plans, reputation, operations, liquidity, credit quality, market position, and ability to remain in compliance with applicable laws and regulations. Changing business processes and new threat scenarios require financial institutions to maintain updated and viable BCPs.

FFIEC Information Security - Information security is the process by which an organization protects and secures its systems, media, and facilities that process and maintains information vital to its operations. On a broad scale, the financial institution industry has a primary role in protecting the nation's financial services infrastructure. The security of the industry's systems and information is essential to its safety and soundness and to the privacy of customer financial information. These security programs must have strong board and senior management level support, integration of security activities and controls throughout the organization's business processes, and clear accountability for carrying out security responsibilities. This checklist provides guidance to examiners and organizations on assessing the level of security risks to the organization and evaluating the adequacy of the organization's risk management.

These three checklists, as published by the FFIEC, are fundamental to a sound compliance and risk management program for financial organizations. These FFIEC checklists can be purchased stand alone or integrated into a compliance lifecycle program automated by Spectra.

Share or bookmarklet this web page at: