Payments Risk Management Controls (2) Flashcards
Risk Mitigation
Process of reducing risks through the introduction of specific controls and risk transfer.
Business Continuity Plan (BCP)
A comprehensive written plan to maintain or resume business in the event of a disruption.
Business Impact Analysis (BIA)
Process of identifying the potential impact of uncontrolled, non-specific events on an institution’s business processes.
Business Continuity Strategy
Comprehensive strategies to recover, resume and maintain all critical business functions.
Tabletop Exercise/Structured Walk-Through Test
Testing method ensures critical personnel from all areas are familiar with the business continuity plan (BCP) and may be used as an effective training tool.
Walk-Through Drill/Simulation Test
Testing method used to apply a specific event scenario to the business continuity plan (BCP).
Functional Drill/Parallel Test
Testing method involves actual mobilization of personnel to other sites attempting to establish communications and perform actual recovery processing as outlined in the business continuity plan (BCP).
Full-Interruption/Full-Scale Test
Testing method involves a simulated real-life emergency and all or portions of the business continuity plan (BCP) are implemented by processing data/transactions using back-up media at the recovery site.
(1) Business Impact Analysis; (2) Risk assessment; (3) Risk management; (4) Risk monitoring and testing
Name the four steps included in business continuity planning (BCP).
Business Impact Analysis
Step in the BCP process that identifies the potential impact of uncontrolled, non-specific events on an institution’s business processes.
Risk Assessment
Step in the BCP process that evaluates business processes and BIA assumptions using various threat scenarios.
Control Self-Assessment
A technique used to internally assess the effectiveness of risk management and control processes.
Incident Response Plan
A plan that defines the action steps, involved resources and communication strategy upon identification of a threat or potential threat event, such as a breach in security protocol, power or telecommunications outage, severe weather or workplace violence.
Exposure Limits
A method used to mitigate credit risk, also required by the ACH Rules
At least annually
Frequency in which a business continuity plan should be reviewed by internal or external auditors.