8
STRONG POLICIES AND INTERNAL CONTROLS – SAFEGUARDING YOUR RESOURCES, AND YOUR REPUTATION Maria Falvo Chief Operating Officer American Savings Foundation Bradley P. Lusk, CPA Managing Partner Sisterson & Co. LLP Deborah Shinbein, Esq. Certified Information Privacy Professional Data Law Group, P.C.

STRONG POLICIES AND INTERNAL CONTROLS – SAFEGUARDING YOUR RESOURCES, AND YOUR REPUTATION Maria Falvo Chief Operating Officer American Savings Foundation

Embed Size (px)

Citation preview

Page 1: STRONG POLICIES AND INTERNAL CONTROLS – SAFEGUARDING YOUR RESOURCES, AND YOUR REPUTATION Maria Falvo Chief Operating Officer American Savings Foundation

STRONG POLICIES AND INTERNAL CONTROLS – SAFEGUARDING YOUR RESOURCES, AND YOUR REPUTATION

Maria Falvo

Chief Operating Officer

American Savings Foundation

Bradley P. Lusk, CPA

Managing Partner

Sisterson & Co. LLP

Deborah Shinbein, Esq.

Certified Information Privacy Professional

Data Law Group, P.C.

Page 3: STRONG POLICIES AND INTERNAL CONTROLS – SAFEGUARDING YOUR RESOURCES, AND YOUR REPUTATION Maria Falvo Chief Operating Officer American Savings Foundation
Page 4: STRONG POLICIES AND INTERNAL CONTROLS – SAFEGUARDING YOUR RESOURCES, AND YOUR REPUTATION Maria Falvo Chief Operating Officer American Savings Foundation

Best Practices • Establish an independent audit committee.• Conduct an annual audit. Remember – auditor should

report to audit committee, not to staff. • Respond to all audit findings and recommendations. • Conduct a formal annual review of top management.• Adopt and review policies and procedures. Decide which

should receive annual board approval. • Regularly communicate policies and procedures to staff

through an employee handbook, regular staff meetings. • Provide regular education to board related to governance,

compliance, policies and procedures. • Perform a risk management review.

Page 5: STRONG POLICIES AND INTERNAL CONTROLS – SAFEGUARDING YOUR RESOURCES, AND YOUR REPUTATION Maria Falvo Chief Operating Officer American Savings Foundation

New Challenges in a Digital Age

Data in many formats and locations

Laws vary from state to state

Policies needed for protection from liability (and compliance)

• Website terms of use – and other online concerns

• Privacy / use of personal information policy

• Data security policies (WISP, AUP, BYOD, more)

• Data retention/destruction policy

• Breach preparation/response policy

Page 6: STRONG POLICIES AND INTERNAL CONTROLS – SAFEGUARDING YOUR RESOURCES, AND YOUR REPUTATION Maria Falvo Chief Operating Officer American Savings Foundation

New Challenges in a Digital Age (Cont.)

Data security tips:

• Oversee third party providers:

• Screen carefully – 3rd party certifications, due diligence

• Contracts - include security requirements, audits, warranties, indemnification,

breach response, termination provisions, and more

• Encrypt data in transit and at rest; SSL when appropriate

• Implement access controls, strong passwords

• Test your security measures (tech penetration, human errors)

• Update antivirus, system patches, etc. regularly

• Back-up frequently, specify approved use of cloud providers

• Don’t collect more than needed or keep longer than necessary

Page 7: STRONG POLICIES AND INTERNAL CONTROLS – SAFEGUARDING YOUR RESOURCES, AND YOUR REPUTATION Maria Falvo Chief Operating Officer American Savings Foundation

Our experience – what works • Work with your auditor to get the most out of your annual

audit. Together, look for opportunities to strengthen controls.

• Make sure annual review of policies is not simply pro forma.

• Document, review, update and follow procedures for all key activities.

• Consider additional challenges for a small staff.

• Never be satisfied. Test your assumptions.

Page 8: STRONG POLICIES AND INTERNAL CONTROLS – SAFEGUARDING YOUR RESOURCES, AND YOUR REPUTATION Maria Falvo Chief Operating Officer American Savings Foundation

Contact information

Maria Falvo

Chief Operating Officer

American Savings Foundation

185 Main Street

New Britain, CT 06051

[email protected]

 

860.827.2556 phone

860.832.4582 fax

Bradley P. Lusk, CPA

Managing PartnerSisterson & Co. LLP 310 Grant Street

Suite 2100Pittsburgh, PA 15219 [email protected]

 

Phone: 412.281.2025Fax: 412.338.4597

 

Deborah Shinbein, Esq.

Data Law Group, P.C.

3700 Quebec Street

Denver, CO 80207-1639

[email protected]

 

Phone: 303.997.1325

Fax: 303.796.7203