Audit & Assurance
Remediation of FRB Risk Assessment MRA
Subject matter expert to audit and assurance teams evaluating organization risk assessments to remediate Federal Reserve Board MRAs for multi-national, U.S.- and Asia-based institution.
Provided risk assessment subject matter expertise to audit and assurance professionals to evaluate risk and control self-assessment (RCSA) and compliance risk assessment (CRA) programs in response to Matters Requiring Attention (MRA) directives issued by the Federal Reserve Board (FRB) to separate, large, U.S.- and Asia-based multinational financial institutions. The core objectives were to assess and validate the institutions’ RCSA and CRA methodologies and processes in response to previously identified issues and observations.
The team led an assurance validation of the risk scoring calculation methodology of one institution’s RCSA program as it moved to automate its processes. We assisted with RCSA business requirements, ensured the scoring results calculated as expected under various scenarios, and helped ensure any implementation issues were timely resolved. The engagement provided sound validation of the scoring methodologies and calculations, helped the firm develop and enhance its RCSA data governance, and enabled the firm to more seamlessly transition to an automated tool.
We also led an internal audit of the design and operating effectiveness of a firm’s newly implemented CRA framework and processes in response to previous remediation commitments. Based on our deep understanding of CRA regulatory expectations and industry best practices, the team identified various observations and recommended areas for improvement related to the firm’s CRA scoping approach, scoring and aggregation methodologies, documentation, workflow, QA/QC, reporting, results analyses, risk treatment, and governance and oversight, as well as areas for further integration with other compliance and risk processes. The project positioned the firm to incorporate best-in-class enhancements to its CRA program, further integrate and automate processes and reporting, efficiently scale the program in response to future maturation and change, and confidently meet its previous regulatory commitments.
We were also specifically selected to provide the deep subject matter expertise necessary for a firm’s internal audit team to review and challenge the design and implementation plans and perform an interim assessment of the firm’s new RCSA and CRA program target operating model. The internal audit team relied on and incorporated our best-practice QC design challenges and feedback on all aspects of the assessment programs, including vendor tools and technologies, templates, mapping, ratings criteria, scoring and aggregation methodologies, and governance and oversight, as well as recommendations for how the assessments could be better operationalized, sustained, and further aligned, leveraged, linked, and integrated with one another and other risk and compliance programs and capabilities. We also formulated the test scripts for internal audit to perform future design effectiveness validations of both programs. Throughout the engagement, we provided the industry perspective and feedback necessary to achieve success in both the operationalization of the firm’s risk assessment programs and internal audit’s evaluation of their ongoing effectiveness.
For each of these engagements, our audit and assurance client stakeholders trusted the team’s specific industry perspective and deep understanding of RCSA and CRA design, methodology, and integration and automation capabilities. In each case, our critical feedback was incorporated to uplift best-in-class risk assessment programs employing the most appropriate methodologies, tools, and technologies to meet dynamic business requirements and regulatory expectations.