-
5 Keys to Understanding a SOC 2 Report
Although I have written about these relatively new reports frequently, and for some time now, it still remains a topic of great interest to financial institutions. Fully 20% of all searches on this site over the past 6 months include the terms “SOC” or “SOC 2”, or “SAS 70”. Some of this increased interest comes…
-
The single most important vendor management control
Pop quiz…according to the FFIEC Handbook on Outsourcing Technology Services… “The ________ is the single most important control in the outsourcing process”: Initial due diligence process Review of third-party audit reports Contract Risk Assessment Vendor’s financial stability I’ve written before about the importance of the third-party review in the ongoing vendor management process (and how…
-
Top Topics for 2011
With every one else doing their end-of-the-year top ten lists, I thought I might join in and see what topics were most popular with visitors to the Compliance Guru site in 2011. There were a total of almost 24,000 page views, and here are the 5 most popular blog posts with view counts: AICPA…
-
2012 Compliance Trends, Part 2 – Vendor Management
In my first post in this series I discussed training (employee and customer) as a good candidate for increased regulatory scrutiny in 2012. Although these posts are in no particular order, I had initially intended to list “Management” as the next trend. However a comment made to me by a banker at a recent conference…
-
SOC Report Selection & Evaluation Aids
With the SAS 70 phasing out on 6/15, financial institutions have a dual challenge; determining the best report to request, and evaluating the report they are provided. To assist with this challenge, I’ve created two documents. The first, or Step 1, is a SOC Selection Flowchart, which is available here. This will assist in determining…
-
Top 5 Compliance Trends for 2011 – Part 3
What do Social Media, Cloud Computing, Virtualization, Data Vaulting, Mobile Banking, and Core Services have in common? For most community financial institutions, all these products or technologies involve outsourcing, either wholly or in part. When it comes to offering the latest products and services, outsourcing allows even the smallest institution to compete with the largest. …