1 / 8

Strong policies and internal controls – safeguarding your resources, and your reputation

Strong policies and internal controls – safeguarding your resources, and your reputation. Maria Falvo Chief Operating Officer American Savings Foundation. Bradley P. Lusk, CPA Managing Partner Sisterson & Co. LLP. Deborah Shinbein, Esq. Certified Information Privacy Professional

Download Presentation

Strong policies and internal controls – safeguarding your resources, and your reputation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Strong policies and internal controls – safeguarding your resources, and your reputation Maria Falvo Chief Operating Officer American Savings Foundation Bradley P. Lusk, CPA Managing Partner Sisterson & Co. LLP Deborah Shinbein, Esq. Certified Information Privacy Professional Data Law Group, P.C.

  2. Scholars Say Promised Money Didn't Come December 08, 2013| By MATTHEW KAUFFMAN And VANESSA DE LA TORRE, Hartford Courant Background article on this story.

  3. Best Practices • Establish an independent audit committee. • Conduct an annual audit. Remember – auditor should report to audit committee, not to staff. • Respond to all audit findings and recommendations. • Conduct a formal annual review of top management. • Adopt and review policies and procedures. Decide which should receive annual board approval. • Regularly communicate policies and procedures to staff through an employee handbook, regular staff meetings. • Provide regular education to board related to governance, compliance, policies and procedures. • Perform a risk management review.

  4. New Challenges in a Digital Age Data in many formats and locations Laws vary from state to state Policies needed for protection from liability (and compliance) • Website terms of use – and other online concerns • Privacy / use of personal information policy • Data security policies (WISP, AUP, BYOD, more) • Data retention/destruction policy • Breach preparation/response policy

  5. New Challenges in a Digital Age (Cont.) Data security tips: • Oversee third party providers: • Screen carefully – 3rd party certifications, due diligence • Contracts - include security requirements, audits, warranties, indemnification, breach response, termination provisions, and more • Encrypt data in transit and at rest; SSL when appropriate • Implement access controls, strong passwords • Test your security measures (tech penetration, human errors) • Update antivirus, system patches, etc. regularly • Back-up frequently, specify approved use of cloud providers • Don’t collect more than needed or keep longer than necessary

  6. Our experience – what works • Work with your auditor to get the most out of your annual audit. Together, look for opportunities to strengthen controls. • Make sure annual review of policies is not simply pro forma. • Document, review, update and follow procedures for all key activities. • Consider additional challenges for a small staff. • Never be satisfied. Test your assumptions.

  7. Contact information Maria Falvo Chief Operating Officer American Savings Foundation 185 Main Street New Britain, CT 06051 mfalvo@asfdn.org 860.827.2556 phone 860.832.4582 fax Bradley P. Lusk, CPA Managing PartnerSisterson & Co. LLP310 Grant Street Suite 2100Pittsburgh, PA 15219 bplusk@sisterson.com Phone: 412.281.2025Fax: 412.338.4597 Deborah Shinbein, Esq. Data Law Group, P.C. 3700 Quebec Street Denver, CO 80207-1639 Deb@DataLawGroup.com Phone: 303.997.1325 Fax: 303.796.7203

More Related