newsletter q4
DESCRIPTION
Protecht Advisory Newsletter for Q4 2010TRANSCRIPT
REGULAR FEATURES
• OP RISK LOSSES REPORTED IN THE MEDIA
• QUIZ CORNER
• IN THE SPOTLIGHT
QUARTERLY SERVICES CHECKLIST
• NATURAL DISASTER RISK ASSESSMENT
• APS 310 PREPARATION
• RISK TRAINING SCHEDULE
FEATURED ARTICLE
• AUSTRALIAN PRUDENTIAL STANDARD 310 - HOW ARE YOU COPING?
focus
PROTECHT
Quarterly Newsletter - Vol.4
Protecht is helping a number of Authorised Deposit-taking
Institutions (ADIs) to improve their prudential assurance processes
as a result of the more stringent APS 310 requirements. This comes
in the form of analysis of all prudential requirements and the
provision of a prudential compliance library for clients to select
questions to attest to on a periodic basis thereby assuring prudential
obligations are met.
For those who are regulated by the Australian
Prudential Regulation Authority (APRA),
the changes to APS 310 Audit and Related
Matters, made by APRA in 2009 have
now well and truly kicked in. Some
ADIs in Australia may have received a
qualified audit opinion for their
prudential audits last year. This
article looks at the key changes to
APS 310 and what ADIs should do to
ensure a higher level of compliance with Prudential
requirements.
So how exactly did APS 310 change? In a nutshell your external
auditors are required to carry out a wider scope audit as well as
provide a higher level of audit assurance over your prudential
responsibilities.
The key changes for your auditors are:
• A reasonable assurance is now required over APRA reporting
forms where data is sourced from accounting records. Limited
assurance is still required for information sourced from non-
accounting records, as was previously the case.
• The auditors need to review, and form an opinion on, the
adequacy of controls over your compliance with all prudential
requirements and your controls over the reliability of data in
the reporting forms.
• The auditor needs to provide limited assurance that you have
complied with all relevant prudential requirements.
These changes have in turn led to an
increased demand on ADIs
to put in place adequate
processes and systems to
document and demonstrate
compliance with prudential
requirements. So what
should an ADI do in order to
provide adequate control and
assurance over compliance
with prudential standards and
the accuracy of prudential returns?
We believe the following processes are ideally required:
• Document and analyse all requirements of the APS
standards, guidance notes, reporting standards, APRA
letters and your banking authority identifying where any
requirement exists.
• Create attestation questions for each requirement for
assignment to, and sign off by, an “owner”.
• Identify, map and document controls over reliability of
data in all prudential forms and over compliance with all
prudential requirements. Continued on Page 3...
A focus on Financial Institutions...
Australian Prudential Standard 310 – How are you coping?
PROTECHT
focus
REGULAR FEATURES
• OP RISK LOSSES REPORTED IN THE MEDIA
• QUIZ CORNER
• IN THE SPOTLIGHT
QUARTERLY SERVICES CHECKLIST
• NATURAL DISASTER RISK ASSESSMENT
• APS 310 PREPARATION
• RISK TRAINING SCHEDULE
FEATURED ARTICLE
• AUSTRALIAN PRUDENTIAL STANDARD 310 - HOW ARE YOU COPING?
Australian Defence Credit Union, established in 1959, is a financial co-operative for members of the Australian Defence Force, civilian employees of the Department of Defence, Defence contractors and their families. However other people are welcome to join.
To contact ADCU call To contact ADCU call To contact ADCU call To contact ADCU call 1300 13 23 28 1300 13 23 28 1300 13 23 28 1300 13 23 28 or visit them at or visit them at or visit them at or visit them at www.adcu.com.auwww.adcu.com.auwww.adcu.com.auwww.adcu.com.au
Operational Risk Losses this quarter…..
- A pregnant woman slipped at a shopping centre in Sydney after another customer reported a spillage. In awarding $750,000 in damages, The Court noted that a staff member had twice been told of the spill, but the employee "totally forgot" about it.
- A communications company recently came under fire after it sent out 220,000 letters that contained account information belonging to customers. The company admitted breaching customer privacy.
- A Business Management organisation has been ordered to pay $1.3bn in damages over a case of admitted copyright infringement in the US. After a four-year legal battle the rival had claimed that it was owed at least $1.7bn, or what it said it would have charged the organisation for a license to use the software legally. The German company, on the other hand, had argued that the damages should be limited to the value it had got out of its actual use of the software, which it described as negligible.
- Two former stockbrokers have been fined a total of £100,000 and banned from working in the financial services industry after the City regulator found that they used insider information to encourage clients to buy shares in an AIM traded stock.
- Australian Bank customers have been hit by a technical glitch that has affected transactions including pay and other deposits. The bank would not say how many of its 11.5 million customers were hit by the glitch.
- A former bank executive has been arrested for allegedly accepting a $US50m kickback in the 2006 sale of a large stake in a company’s holding rights. The Executive was in charge of managing the sale of the bank's stake to a London-based buyout group, but prosecutors say he led the bank to sell it "without evaluation of its current value" which, in turn, earned him "two consultancy contracts totalling $50 million."
10 Questions with:
Jen Jurss - Compliance Manager,
Australian Defence Credit Union
1) If you could change your name, what would you change it to?
A surname much easier to spell.
2) When younger, what did you want to be when you grew up?
A best selling author, magazine editor or a fighter pilot after an
obsession with Top Gun.
3) Do you have any hidden talents?
I can catch surfworms by hand and am a pretty good pool player.
4) Name one thing that not many people know about you?
I have been in a country music video on CMC - a group of friends
and I were at a week long party in the middle of NT on a property
and the singer asked if we could be in the film clip for his new
country music tune.
5) If you could invite any 5 people in the world for dinner, who would
they be?
Barack Obama, Hugh Jackman, Marieke Hardy to talk books,
Florence from Florence + the Machine and Keith Urban for post
dinner sing-along's and a fab sushi chef to do the cooking.
6) Do you follow any sports? If so what and which team do you
support?
I really enjoy watching live rugby union – I back the Wallabies,
the Reds and the local Eastern Suburbs team my friend captains.
7) Dream holiday destination?
Currently agonising over where to visit next – either France for
the culture and macaroons, the Deep South of US for the chicken
fried steak and antebellum houses, or Mexico for the beaches,
burritos and tequilas. Decisions, decisions, decisions...
8) If you won lotto, what would you spend it on?
I would plan some mind-blowing travel adventures, and invest the
rest to become a property mogul.
9) What is the craziest thing you have ever done?
Skydiving in WA, it was such fun I am dying to do it again! Oh
and eaten roast crocodile – for the record, it is like a tough piece
of chicken.
10) Name the top 3 things in your must do list?
1. Climb the pyramids in Egypt 2. Master a yoga handstand 3.
Learn a foreign language.
Quarterly Services Checklist
MUTUALS ADIs - APS 310
Is your company aware of the implications of APS 310?
Have you decided how you are going to map your controls against the relevant prudential standards?
Protecht is now able to supply a comprehensive list of attestations based on the APRA standards which will allow you to provide
APRA with a comprehensive response to the requirements of APS 310.
For details of the attestation library now available for WORMS, contact David Bergmark ([email protected]) .
NATURAL DISASTER RISK ASSESSMENT
Given the heart breaking and tragic recent events across the country, ask if you have included the risks associated with natural disasters
in your self assessments and updated for any findings from the events?
Are you adequately testing controls? Has your DRP and BCP been tested lately?
RISK TRAINING
If you have hired new staff recently have they been given adequate risk training?
How long has it been since employees were updated on risk management techniques?
Protecht has released a new schedule of training courses for you to attend at www.protecht.com.au/training. Hurry they are filling fast.
If you prefer not to travel to Sydney then let us know as we may be able to plan a visit to a location nearer to you.
For all your training needs contact David Tattam ([email protected]).
Australian Prudential Standard 310 – How are you coping?
Continued from page 1
• Assess and document the adequacy of the identified controls.
• Obtain periodic attestation sign off from the owners of the key
controls
• Formally record any identified prudential breaches or reporting errors
The implementation of a robust framework to achieve the above requires a
reasonable effort and investment arising from:
• Analysis and documentation of the various requirements for each
prudential standard
• Implementing a process of compliance attestation over the
requirements and key controls
• Carrying out a regular assessment of prudential controls
If you wish to know more about how Protecht can help you, please contact David Tattam at [email protected]. For a set of attestations which will provide assurance in your compliance with APRA Standards then please contact David Bergmark at [email protected] Protecht, in conjunction with AMInstitute, is launching a course on Proactive Management of Corporate & Banking Licensing Responsibilities aimed at Mutual ADIs. Further details can be found at www.aminstitute.org.au
Twitter: Protecht_Risk
Contact Protecht Advisory:
Head Office
Suite 2, Level 3, 230 Clarence Street
Sydney NSW 2000 Australia
Phone: +61 (2) 8005 1265
Fax: +61 (2) 9283 0430
Email: [email protected]
www.protecht.com.au
Quiz Corner
Concepts and theory around these questions can be found in Protecht’s elearning solution. There are a number of risk based modules
now available. The content is suitable for all employees as a means to introduce them to risk management theory. Check out the
elearning link on our website under the Training menu item for more information.
Answers: Best, False, False
Final Thought:
“Often the difference between a successful person and a failure is not one has better abilities or ideas,
but the courage that one has to bet on one’s ideas, to take a calculated risk—and to act.”
Andre Malraux— French Historian, Novelist and Statesman, 1901-1976
Upcoming Training:
• Introduction to Risk Management—3rd March
• Enterprise Risk Management for Corporate’s - 23rd & 24th March
• Operational Risk Management for Financial Institutions' - 16th & 17th March