Skip to content
  • Home
  • Recent
  • Tags
  • Popular
  • Groups
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

What is Audit's role in regulatory remediation activities?

Scheduled Pinned Locked Moved Regulatory Compliance
lines of defenceinternal auditregulatory remediationregulatory compliance
3 Posts 1 Posters 1 Views
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • U Offline
    U Offline
    User 909
    wrote last edited by
    #1

    RiskBowl,

    We're looking for insights/ observations on what Audit’s role should be in regulatory remediation activities (e.g., MRA quality review and closure). I would say that Audit’s role should be more process/ compliance focused, reviewing both 1LOD/ 2LOD activities – but would appreciate further insights and specificity

    We're remediating a large number of modeling/ assumption-heavy findings, and interested in understanding how to define Audit’s role clearly (without blurring the LODs)

    Thanks

    U 2 Replies Last reply
    0
    • U Offline
      U Offline
      User 909
      replied to User 909 last edited by
      #2

      Audit will indeed have to “sign off” on the remediation before the regulator will consider closing the finding. The key question then is what does sign-off mean? What it does not mean is that Audit has to validate an assumption or calibration (and thereby assume the role of 2nd line/model validation teams).

      Instead, Audit has to ensure that there are well defined processes that it can say will reasonably ensure a sufficient level of review and challenge by second line, and that the first line remediation approach is sound and keeping with the regulatory findings, regulations and expectations. Of course, Audit will also be expected to not just confirm that such processes and procedures exist, but they have been duly executed to a standard that Audit is comfortable with.

      To the extent data is a significant component of your remediation, Audit is now expected to confirm that controls are in place along the data path to ensure quality is maintained and that they have done some independent testing of those controls

      1 Reply Last reply
      0
      • U Offline
        U Offline
        User 909
        replied to User 909 last edited by
        #3

        For our Fed remediation plan for Sanctions, Audit was key part of the remediation plan. We submitted a full Audit “TOM” including resource model, training, risk assessment, audit testing program, and senior mgmt. reporting. There was also a layered sign off for smaller vs. golden milestones, where Audit got involved to provide design assurance vs. operational effectiveness.

        1 Reply Last reply
        0

        Terms of Use Privacy Notice Cookie Notice Manage Cookies
        • Login

        • First post
          Last post
        0
        • Home
        • Recent
        • Tags
        • Popular
        • Groups