Skip to content
BOL Conferences
Thread Options
#90610 - 06/23/03 04:40 PM Enterprise Risk Management and Internal Control
Risk Officer Offline
100 Club
Joined: Apr 2001
Posts: 205
Dallas
I am developing an Access-based central database to track risk and internal control issues. This will be used to track internal control issues for FDICIA, Sarbanes Oxley, etc., and to monitor risks on an enterprise basis. The structure will be based on COSO's Internal Control - Integrated Framework and their upcoming Risk Management Framework (while I do have a life, I am anxiously awaiting COSO's draft Risk Management Framework to be published on 7/15...some would call me sick).

For those of you that fall under FDICIA and / or SOX, and for others that want to comment, how detailed are you going with your tracking and documentation. I am trying to track macro (entity level) risks / controls such as credit, IRR, liquidity, transaction, information security, technology, etc.; risks / controls by department; and risks / controls by process (i.e. wire transfer, loan payments, etc.).

Is anyone else going to this depth? If not, how are you tracking risks and controls? If you are, or would like to, is anyone interested in collaborating on this subject?
_________________________
My opinions are just that...my opinions.

Return to Top
Audit
#90611 - 06/23/03 06:59 PM Re: Enterprise Risk Management and Internal Control
Kathleen O. Blanchard Offline

10K Club
Kathleen O. Blanchard
Joined: Dec 2000
Posts: 21,293
I am taking the same approach as you. I am interested in discussing, collaborating. You can private message me and we can get in touch!
_________________________
Kathleen O. Blanchard, CRCM "Kaybee"
HMDA/CRA Training/Consulting/Mapping
The HMDA Academy
www.kaybeescomplianceinsights.com

Return to Top
#90612 - 06/23/03 10:24 PM Re: Enterprise Risk Management and Internal Control
Michelle D Offline
Gold Star
Michelle D
Joined: Oct 2001
Posts: 313
Terminator Country
I would also be interested. We already have the documentation, I did that when I first started. We look at risks really well in silos, but not so well on an enterprise basis. I have each of the silos well documented in terms of identified risks, controls and then a risk rating (probability x impact), but I'm always looking to improve my process. My risk assessments are currently word documents.
_________________________
The opinions are mine and do not necessarily reflect those of my employer.

Return to Top
#90613 - 06/27/03 03:33 PM Re: Enterprise Risk Management and Internal Control
RMO Offline
Member
RMO
Joined: Sep 2001
Posts: 90
I too am looking for a good system to monitor all of the risk factors discussed. I would appreciate information on how to assess operational risk. Is their a point system that can be devised? Of course it would need to be tailored to the specific insitution. I am also interested in how other organizations are setting up their risk management departments, functions, reporting etc. Thanks

Return to Top
#90614 - 07/09/03 08:24 PM Re: Enterprise Risk Management and Internal Control
sjanus Offline
New Poster
sjanus
Joined: Jul 2003
Posts: 1
I am also interested in learning about formation the risk management function since I have just been given this responsibility. We are also going to fall under FDICIA at the end of the year which we need to plan for. Can anyone offer their assistance on a risk management or a FDICIA framework?

Return to Top
#90615 - 07/09/03 09:47 PM Re: Enterprise Risk Management and Internal Control
Risk Officer Offline
100 Club
Joined: Apr 2001
Posts: 205
Dallas
I sent you a Private Message regarding a group of us that are going to collaborate on this issue. Since that was your first post I didn't know if you know about PMs (check under "My Home."
_________________________
My opinions are just that...my opinions.

Return to Top
#90616 - 09/21/03 03:28 AM Re: Enterprise Risk Management and Internal Control
Ken Proctor Offline
New Poster
Joined: Sep 2003
Posts: 6
Happy to share and Access database I created for this purpose. Would appreciate your feedback on it. E-mail me and I'll send you a copy.

Return to Top
#90617 - 01/25/04 03:08 PM Re: Enterprise Risk Management and Internal Control
Anonymous
Unregistered

This is my first time visiting this site. I work for a small correspondent bank. Our auditor performs a risk assessment as Compliance Officer, I am asked to define risks for each business line and integrate that into to the overall RA. I am interested in what you have done and if you have it defined for say Finance, Investments, Loans, Operations, Credit Cards, etc. Thanks

Return to Top

Moderator:  Andy_Z