Archive Page 2

KPMG Releases Internal Audit of the Future

KPMG has released a whitepaper which leverages the insights and perspectives shared at a forum which brought together nine internal audit directors from leading financial institutions including Barclays, BMO Financial, Goldman Sachs, Credit Suisse, Bank of Nova Scotia, Morgan Stanley, Lloyds TSB, RBS and provided the opportunity for the group to identify key business drivers for change in today’s global financial services marketplace.

Key discussion points were around:
– Integrated Assurance Model
– Continuous Auditing and Technology
– Internal Audit’s Role
– Balancing Stakeholder Expectations
– Risk-Based Approach
– The Right People

The whitepaper here also highlights key action steps for Internal Audits to take to help meet expectations in 2010 and beyond.


FSA releases report on data security for FS

FSA releases report on protection of consumer data within Financial Services industry. This review was carried out by FCID (Financial Crime and Intelligence Division) of FSA – In summary, it highlights the need for improvement in current practices deployed in the financial services industry for protecting consumer data. It also highlights and acknowledges a few good practices currently in place.

Main findings were around following themes:
– Governance
– Training and Awareness
– Staff recruitment and vetting
– Controls
– Physical Security
– Disposing of customer data
– Managing third-party suppliers; and
– Internal audit and compliance.

Click here for detailed report

2008 Data Breach Investigations Report

Some really exciting statistics reported by Verizon Business RISK team.

It is worth to note the fact that although percentage-wise the insider data breaches are 18% compared to the external 73%, later in the report is is mentioned that impact of an insider breach is relatively a lot higher than of an external breach.  Summary is below:

Who is behind data breaches?
73% resulted from external sources 
18% were caused by insiders
39% implicated business partners
30% involved multiple parties

How do breaches occur?
62% were attributed to a significant error 
59% resulted from hacking and intrusions  
31% incorporated malicious code
22% exploited a vulnerability
15% were due to physical threats

What commonalities exist?
66%  involved data the victim did not know was on the system
75%  of breaches were not discovered by the victim 
83%  of attacks were not highly difficult
85%  of breaches were the result of opportunistic attacks
87%  were considered avoidable through reasonable controls

You can find the report here

Goldman Sachs releases – Vietnam: The Next Asian Tiger in the Making

Goldman Sachs released this paper re Vietnam’s economic growth story and potential. Primarily driven by productivity increase, along with capital accumulation and labor input increases.

Risks relating to Vietnam’s economic growth are also covered in detail. This paper can be downloaded here

It’s Dubai, Mumbai, Shanghai or bye-bye

Emerging markets with their liquidity-laden coffers and a knack of investments are becoming attractive destinations for skilled financial services professionals and investors. In particular it is Middle East with Dubai, India and South Asia with Mumbai and East Asia with Shanghai.

These markets and their SWF’s are also answering prayers with their bailout packages, resulting in increased stakes in the ever-so-global financial & capital markets.

See a few links below:

On the move: Lack of deals alters poaching season
Bankers in London and New York are being told to relocate
Wall Street 2007 – Shanghai, Dubai, Mumbai or Goodbye 

$7.5 billion trading scandal – is this the end of it?

Apparently not, FSA is urging banks to improve their controls, while a simple advice but barely followed. SocGen is a prime example. Although, other entity level and manual controls failed as well, but it was the technology that made it possible in the first place (based on the SocGen’s official statement released sometime earlier)

See here for further on this.

Technology Risk in Banking Context

Interesting article by Cynthia hosted by Bankersonline, it discusses technology/IT risk in banking context to a certain extent. However, it will not be much to expect some reference to the capital requirement regulation and how it acts as a board level motivation to take technology/IT risks management more seriously.  More on it here