• Transitioning to the 2013 COSO Framework

    Since the Committee of Sponsoring Organizations (COSO) issued its Internal Control — Integrated Framework (2013 Framework) in May 2013, many organizations have implemented the new framework to comply with the initial December 15, 2014 transition deadline. The 2013 Framework requires management to assess whether 17 principles are present and functioning, which is a change from the previous framework. Further, the 2013 Framework includes points of focus, which are important characteristics of the 17 principles and assist management with determining whether controls are properly present and functioning.
  • Banking brief: Vendor risk management increasingly complex

    The heightened complexity of vendor risk management for US banks was evident at a conference sponsored by Marcus Evans in Chicago on June 3-4. Need for resources, maintaining oversight, and how organizations are managing the process internally were all hot topics of conversation.
  • Insurance regulators zeroing in on cybersecurity

    Recent activity by regulators shows an increased focus on cybersecurity in the insurance industry. The National Association of Insurance Commissioners (NAIC) has published its Principles for Effective Cybersecurity Insurance Regulatory Guidance. In addition, the New York Department of Financial Services (NY DFS) recently released guidance for New York insurance organizations with their Report on Cybersecurity in the Insurance Sector.
  • What insurance organizations can do now to prepare for state regulatory cybersecurity initiatives

    Within the last several months, two significant insurance organizations have announced greater involvement in initiatives to reduce cybersecurity risk throughout the insurance industry. The New York State Department of Financial Services (NY DFS) released the results of its survey on cybersecurity practices and the National Association of Insurance Commissioners (NAIC) recently adopted a set of cybersecurity regulatory principles.