Deknatel Seddon & Associates specializes in operational risk assessment and risk management for financial institutions and financial services companies.  We perform a wide range of risk assessments including Information Technology risk assessment, online/E-banking risk assessment, and Privacy/Gramm Leach Bliley Act (GLBA) risk assessment.  We also conduct enterprise risk assessments and risk assessments related to state-by-state data breach laws, Identity Theft Red Flags, ACH for Originating and Receiving Depository Financial Institutions, Fair Lending, and Bank Secrecy Act/Anti-Money Laundering (BSA/AML) and Office of Foreign Asset Control (OFAC) regulations. 

We assess a financial institution's inherent risk based on customer and transaction volumes and projections, actual loss statistics, and data from industry surveys.  We assess the extent of a financial institution's controls using regulatory guidance, network and association rules, and industry publications and surveys on good control practices.

Risks and Threats Controls Assessment Incident Analysis

Operational risk is inherent in doing business and, while cyber threats may be today's most popular topic, threats come in all shapes and sizes. 

A risk inventory and a well-defined risk scoring system applied consistently across the financial institution shows what threats are most relevant to the organization. 

Click here to view a slide show on Risks and Threats that takes a "measure to manage" approach to operational risk.

Controls reduce the probability of an incident occurring, or the impact of one when it does occur, or both.  They come in all shapes and sizes too.

We have developed data gathering and controls assessment tools that cover the many controls involved in managing operational risk. 

Click here to view a sample Controls Assessment questionnaire that includes questions about online / e-banking controls.

Financial institutions have started collecting incident data on a consistent, formal, enterprise-wide, basis in the last few years.  But reporting based on monthly incident counts and annual averages can create a comfort zone in the financial institution that become interpreted as an acceptable level of risk.   

We conduct more in depth data analysis to look for trends, distributions, and correlations that can identify new threats, complex attacks, and potential extreme events.

 

Click here to view a slide show about Incident Analysis that includes an example of a ten-year statistical simulation based on actual check fraud data.