Reporting

 View Only

  • 1.  What to report to boards?

    This message was posted by a user wishing to remain anonymous
    Posted 02-01-2021 04:04 PM
    This message was posted by a user wishing to remain anonymous

    We are really struggling with reporting. We are supposed to report to an Enterprise Risk Management board (internal management) and the Risk Committee of the Board (Director level), and we're just having trouble discerning what is truly meaningful and beneficial. What type of information do you typically report at your institution and how often is that reporting taking place? Any help is GREATLY appreciated!


  • 2.  RE: What to report to boards?

    Posted 02-01-2021 04:14 PM
    Seeing your request, I saw a AICPA PDF document you might want to review:

    https://www.aicpa.org/InterestAreas/BusinessIndustryAndGovernment/Resources/ERM/DownloadableDocuments/ERM-reporting-key-risk-2015.pdf

    It recommended the discussion of each risk category including:
    1. key regulatory
    2. business performance
    3. competitive/direct/retail programs
    4. legal
    5. portfolio/innovation

    For third party reporting, please review the recent Venminder survey so look for their whitepaper, and a replay of the presentation by Nicole.
    It frames a lot of questions about whether the CS / IT Controls are being looked at from right angle, are risk-based, etc.

    The whitepaper title was  "State of Third-Party Risk Management 2021 Whitepaper"


    Original Message


  • 3.  RE: What to report to boards?

    Posted 02-01-2021 04:19 PM
    FYI - this search criteria helped,  "enterprise risk management board presentation -inurl pdf"
    Improved to more recent ones by setting time to last year
    Original Message


  • 4.  RE: What to report to boards?

    Posted 08-06-2021 05:16 AM
     Hello everyone,

    Hope you all are doing well! I handle Third party risk management in a Bank which is part of a Procurement dept..We have been asked to provide KPIs & KRIs for TPRM to the Board.Any suggestions on simple KPIs/KRIs to begin with will be very helpful.Thanks in advance!
    Original Message


  • 5.  RE: What to report to boards?

    Posted 08-06-2021 06:19 PM
      |   view attached
    I report to the board annually during the same month that our Vendor Management Program/Policy is reviewed. I've attached a sample of what I report to our board. Keep in mind we are a single branch, small town bank. Last year my program was audited. We were told to add a couple forms to our review, but other than that we passed just fine.

    I do also report monthly as the BSA/AML Officer. If we have any vendor problems or outages I include those issues in that monthly board report.


    Original Message


  • 6.  RE: What to report to boards?

    This message was posted by a user wishing to remain anonymous
    Posted 08-09-2021 04:54 PM
    This message was posted by a user wishing to remain anonymous

    Monthly, we report:

    • Total Vendor counts by Tier (based on risk/criticality), Cloud, On-Prem, and Foreign
    • The vendor name, tier, etc. for any new and/or terminated vendors since last report
    • Vendors on our watch list, due to performance issues, financial stability concerns, etc.
    • Vendors currently under consideration or in the initial vendor review process
    • Vendors past due for their periodic review – the Board wants assurance that we're keeping up with periodic reviews

    Annually, we provide a complete list of all vendors, sorted by Tier, but also showing Cloud, On-Prem, and Foreign

    Senior management and vendor owners also receive a monthly report showing all vendor services whose contracts are coming due for autorenewal in the next 120 days.

     


    Original Message