STRONG POLICIES AND INTERNAL CONTROLS – SAFEGUARDING YOUR RESOURCES, AND YOUR REPUTATION

Maria Falvo

Chief Operating Officer

American Savings Foundation

Bradley P. Lusk, CPA

Managing Partner

Sisterson & Co. LLP

Deborah Shinbein, Esq.

Certified Information Privacy Professional

Data Law Group, P.C.

Scholars Say Promised Money Didn't ComeDecember 08, 2013|

By MATTHEW KAUFFMAN And VANESSA DE LA TORRE, Hartford Courant

Background article on this story.

Best Practices • Establish an independent audit committee.• Conduct an annual audit. Remember – auditor should

report to audit committee, not to staff. • Respond to all audit findings and recommendations. • Conduct a formal annual review of top management.• Adopt and review policies and procedures. Decide which

should receive annual board approval. • Regularly communicate policies and procedures to staff

through an employee handbook, regular staff meetings. • Provide regular education to board related to governance,

compliance, policies and procedures. • Perform a risk management review.

New Challenges in a Digital Age

Data in many formats and locations

Laws vary from state to state

Policies needed for protection from liability (and compliance)

• Website terms of use – and other online concerns

• Privacy / use of personal information policy

• Data security policies (WISP, AUP, BYOD, more)

• Data retention/destruction policy

• Breach preparation/response policy

New Challenges in a Digital Age (Cont.)

Data security tips:

• Oversee third party providers:

• Screen carefully – 3rd party certifications, due diligence

• Contracts - include security requirements, audits, warranties, indemnification,

breach response, termination provisions, and more

• Encrypt data in transit and at rest; SSL when appropriate

• Implement access controls, strong passwords

• Test your security measures (tech penetration, human errors)

• Update antivirus, system patches, etc. regularly

• Back-up frequently, specify approved use of cloud providers

• Don’t collect more than needed or keep longer than necessary

Our experience – what works • Work with your auditor to get the most out of your annual

audit. Together, look for opportunities to strengthen controls.

• Make sure annual review of policies is not simply pro forma.

• Document, review, update and follow procedures for all key activities.

• Consider additional challenges for a small staff.

• Never be satisfied. Test your assumptions.

Contact information

Maria Falvo

Chief Operating Officer

American Savings Foundation

185 Main Street

New Britain, CT 06051

mfalvo@asfdn.org

 

860.827.2556 phone

860.832.4582 fax

Bradley P. Lusk, CPA

Managing PartnerSisterson & Co. LLP 310 Grant Street

Suite 2100Pittsburgh, PA 15219 bplusk@sisterson.com

 

Phone: 412.281.2025Fax: 412.338.4597

 

Deborah Shinbein, Esq.

Data Law Group, P.C.

3700 Quebec Street

Denver, CO 80207-1639

Deb@DataLawGroup.com

 

Phone: 303.997.1325

Fax: 303.796.7203