ZuoTi.Pro
Question

In this global age of information, suggest which threats are posed to the principles of confidentiality...

In this global age of information, suggest which threats are posed to the principles of confidentiality and privacy, related to the offshore outsourcing of various information systems functions.

Provide support for your rationale. Determine who should be held liable for any breaches that occur, and indicate the course(s) of action that should be taken.

business   accounting   
0 0
Add a comment Improve this question Transcribed image text
Next > < Previous
Sort answers by oldest

Homework Answers

Answer #1

A financial institutions service provider risk management program should be risk focused and provide oversight and controls commensurate with the level of risk presented by the outsourcing arrangements in which the financial institution is engaged. It should focus on outsourced activities that have a substantial impact on a financial institutions financial condition; are critical to the institutions ongoing operations; involve sensitive customer information or new bank products or services; or pose material compliance risk. The depth and formality of the service provider risk management program will depend on the criticality, complexity. and number of material business activities being outsourced. Effective programs usually include the following core elements Risk assessments Due diligence and selection of service providers; Contract provisions and considerations Incentive compensation review; Oversight and monitoring of service providers; and Business continuity and contingency plans. Acti Go to Outsourcing undesirable functions versus the ones that provide the greatest competitive advantage Making the decision to outsource without complete infomation on internal costs and processes Not considering the impact of outsourcing on other functions and ignoring areas of risk such as environmental and regulatory factors; Failure to understand human relations and employment law requirements for an outsourcing initiative: Announcing outsourcing before sufficient details have been finalized, creating morale issues; andd Lack of risk analysis and risk assessment planning. Not clearly defining goals and objectives before starting the outsourcing process; Not establishing an including costs, service, and value adds; Outsourcing in the international market without international operations experience: tive intenal baseline against which providers are mea baseline . · Inadequate business-case development for the outsourcing decision; Outsourcing selection is the process of finding and evaluating potential outsourcing partners Not including enough resources to effectively manage the vendor selection process: Lack of a proper internal skill set to effectively manage the selection process Not understanding or leveraging the benefits that a Request for Information (RFI) can have in narowing the potential provider field before entering the Request for Proposal (RFP) process Not casting ones net widely enough for potential providers of the service, and thus missing good candidates; Not involving a variety of perspectives in the selection process; Using poorly developed and documented service or product specifications Inaccurate costing of assets that will be transferred to the service provider; Not doing business and financial due diligence on potential providers; Insufficient knowledge of service provider capacity limitations; and Making the selection process a personal, rather than a commercial, decision. Outsourcing Implementation Risks Outsourcing implementation is where the relationship between outsourcing partners is defined d established Not establishing an outsourcing relationship that has sufficient flexibility to deal with business fluctuations Activate W Go to Settings* Initiating an agreement with a service provider that limits flexibility in the future; * Having an unrealistic timeline for any of the steps of the outsource process, ncludıng start-up; Poor implementation planning with respect to timing of transition to service provider and demands on the organization; Underestimating the time required to negotiate a service agreement; * Not fully definng an employee transition plan; * Not getting the operational issues resolved in the service agreement before moving into the legal aspects of the agreement; Inadequate planning concerning information systems and interfacing with the service provider; Insufficient technology development before implementation; and * Not training the provider on critical elements of the company product line or on service expectationsutsourcing management is the monitoring and evolution of the ongoing relationshi 1. Not considering the full impact of an outsourcing agreement on a companys financial condition; 2. Lack of internal communication; 3. Lack of incentives for provider continuous improvement; 4. Not establishing multiple touch points between the company and the provider; 5. Lack of a contingency plan for major disruptions at the service provider; 6. Not putting a full communication plan into effect, including escalation processes, regularly scheduled meetings, review periods, and employee communication; 7. Doing a poorjob of managing expectations around the go-live; 8. Expecting too much from a provider in the early months after go-live; 9. Neglecting to flex the relationship as outsourcing requirements evolve and 10. Lack of a formal lessons learned roundtable on outsourcing in general, and specifically, in established relationships Future Trends in Outsourcin The Supply Chain Consortium will examine more of the risks of outsourcing within specific levels of the supply chain in the future. Already, the consortium has administered surveys to its member companies on the outsourcing of transportation and distribution center (DC) operations Among the findings Activ. Customer satisfaction needs to be improved in the process of DC outsourcing. This cain be done by making outsourcing a core competency Making outsourcing a core competency will also foster a good relationship between companies and their outsourcing providers . When considering transportation outsourcing, customer service is important, with an emphasis on keeping the cost of services low Complete a detailed evaluation before making the decision to outsource transportation; this includes evaluating internal expertise . The use of service providers to perform operational functions presents various risks to financial institutions. Some risks are inherent to the outsourced activity itself, whereas others are introduced with the involvement of a service provider. If not managed effectively, the use of service providers may expose financial institutions to risks that can result in regulatory action, financial loss, litigation, and loss of reputation. Financial institutions should consider the following risks before entering into and while managing outsourcing arrangements Activate Go to Sett トCompliance risks arise when the services, products, or activities of a service provider fail toReputational risks arise when actions or poor performance of a service provider causes the public to form a negative opinion about a financial institution. Country risks arise when a financial institution engages a foreign-based service provider, exposing the institution to possible economic, social, and political conditions and events from the country where the provider is located. Operational risks arise when a service provider exposes a financial institution to losses due to inadequate or failed internal processes or systems or from external events and human error Legal risks arise when a service provider exposes a financial institution to legal expenses and possible lawsuits. should be held liable for any breaches that occur The use of service providers does not relieve a financial institutions board of directors and senior management of their responsibility to ensure that outsourced activities are conducted in a safe-and-sound manner and in compliance with applicable laws and regulations. Policies governing the use of service providers should be established and approved by the board of directors, or an executive committee of the board. These policies should establish a service provider risk management program that addresses risk assessments and due diligence, standards for contract provisions and considerations, ongoing monitoring of service providers, and business continuity and contingency planning. Senior management is responsible for ensuring that board- approved policies for the use of service providers are appropriately executed. This includes overseeing the development and implementation of an appropriate risk management and reporting framework that includes elements described in this guidance Senior management is also responsible for regularly reporting to the board of directors on adherence to policies governing outsourcing arrangements. of action that should be taken to mitigate the risks- A financial institutions service provider risk management program should be risk focused and provide oversight and controls commensurate with the level of risk presented by the outsourcing arrangements in which the financial institution is engaged. It should focus on outsourced activities that have a substantial impact on a financial institutions financial condition; are critical to Activate Go to Setiof action that should be taken to mitigate the risks- A financial institutions service provider risk management program should be risk focused and provide oversight and controls commensurate with the level of risk presented by the outsourcing arrangements in which the financial institution is engaged. It should focus on outsourced activities that have a substantial impact on a financial institutions financial condition; are critical to the institutions ongoing operations; involve sensitive customer information or new bank products or services; or pose material compliance risk. The depth and formality of the service provider risk management program will depend on the criticality, complexity, and number of material business activities being outsourced. Acommunity banking organization may have critical business activities being outsourced, but the number may be few and to highly reputable service providers. Therefore, the risk management program may be simpler and use less elements and considerations. For those financial institutions that may use hundreds or thousands of service providers for numerous business activities that have material risk, the financial institution may find that they need to use many more elements and considerations of a service provider risk management program to manage the higher level of risk and reliance on service providers. While the activities necessary to implement an effective service provider risk management program can vary based on the scope and nature of a financial institutions outsourced activities, effective programs usually include the following core elements: B. Due diligence and selection of service providers; ntract provisions and considerations; D. Incentive compensation review; E. Oversight and monitoring of service providers; and F. Business continuity and contingency pl Activate

0 0
Add a comment
Know the answer?
Add Answer to:
In this global age of information, suggest which threats are posed to the principles of confidentiality...
Your Answer:

Post as a guest

Your Name:

What's your source?

Earn Coins

Coins can be redeemed for fabulous gifts.

Log In

Sign Up

Not the answer you're looking for? Ask your own homework help question. Our experts will answer your question WITHIN MINUTES for Free.
Similar Homework Help Questions

  • Securing Data" Please respond to the following: In this global age of information, suggest which threats...

    Securing Data" Please respond to the following: In this global age of information, suggest which threats are posed to the principles of confidentiality and privacy, related to offshore outsourcing of various information systems functions. Provide support for your rationale. Determine who should be held liable for any breaches that occur, and indicate the course(s) of action that should be taken.

  • n the Ohio case Biddle v. Warren General Hospital, a number of patients brought a lawsuit...

    n the Ohio case Biddle v. Warren General Hospital, a number of patients brought a lawsuit against Warren General Hospital and a law firm, alleging the hospital unlawfully disclosed patients’ confidential medical information so that the law firm could search for potential Supplemental Security Income (SSI) eligibility for the payment of the patients’ unpaid medical bills. The Supreme Court of Ohio, through the opinion of Justice Resnick, held that (1.) an independent tort exists for the unauthorized, unprivileged disclosure to...

  • Title: Partners Health Care Systems (PHS): Transforming Health Care Services Delivery through Information Management According to...

    Title: Partners Health Care Systems (PHS): Transforming Health Care Services Delivery through Information Management According to government sources, U.S. expenditures on health care in 2009 reached nearly $2.4 trillion dollars ($2.7 trillion by the end of 2010).[1] Despite this vaunting national level of expenditure on medical treatment, death rates due to preventable errors in the delivery of health services rose to approximately 98,000 deaths in 2009.[2] To address the dual challenges of cost control and quality improvement, some have argued...

  • Examining the Importance of Data Governance in Healthcare By Shannon Fuller, MBA HEALTHCARE HAS ALWAYS focused...

    Examining the Importance of Data Governance in Healthcare By Shannon Fuller, MBA HEALTHCARE HAS ALWAYS focused on managing information from application to application, instead of looking at information holistically and defining it holistically. The industry's shift of focus onto analytics—whether it's for predictive analytics or modeling for improved readmission rates—puts the focus back on foundational data. Ihat's what is needed for things like population health, which is increasingly important in healthcare. Patient data isn't held or uséd solely in electronic...

  • Zara Organizational Structure Structure relates to a skeletal framework of activities and process...

    Zara Organizational Structure Structure relates to a skeletal framework of activities and processes in an organisation and specifies the roles of these in achieving goals and objectives of the organisation. According to (Mullins, 2009), a good structure is highly important due to the fact that decisions on structure are primary strategic decisions which can make or break an organisation. One important aspect of a good structure is the human element. Organisation structure should be designed so as to encourage employees...

  • Risk management in Information Security today Everyday information security professionals are bombarded with marketing messages around...

    Risk management in Information Security today Everyday information security professionals are bombarded with marketing messages around risk and threat management, fostering an environment in which objectives seem clear: manage risk, manage threat, stop attacks, identify attackers. These objectives aren't wrong, but they are fundamentally misleading.In this session we'll examine the state of the information security industry in order to understand how the current climate fails to address the true needs of the business. We'll use those lessons as a foundation...

  • TRUE/FALSE QUESTIONS:  Foundations of Information Security and Assurance 1. There is a problem anticipating and testing for...

    TRUE/FALSE QUESTIONS:  Foundations of Information Security and Assurance 1. There is a problem anticipating and testing for all potential types of non-standard inputs that might be exploited by an attacker to subvert a program. 2. Without suitable synchronization of accesses it is possible that values may be corrupted, or changes lost, due to over-lapping access, use, and replacement of shared values. 3. The biggest change of the nature in Windows XP SP2 was to change all anonymous remote procedure call (RPC)...

  • Read the case study, Prairie Regional Medical Center. In 500 words or less, list four quality...

    Read the case study, Prairie Regional Medical Center. In 500 words or less, list four quality and patient safety concerns/issues related to case study situation. For each concern/issue listed, provide a supporting rationale as to why the concern/issue negatively impacts patient safety and quality. Finally, identify one HRM practice for each concern/issue that Prairie Regional Medical Center should implement organization wide. You should consider all HRM practices explores and evaluated throughout the course when developing your response. on Accreditation of...

  • Please read the attached case: Navistar International and prepare answers to the following four questions In...

    Please read the attached case: Navistar International and prepare answers to the following four questions In a bizarre twist to a bizarre story, on October 22, 2013, Deloitte agreed to pay a $2 million penalty to settle civil charges—brought by the PCAOB—that the firm violated federal audit rules by allowing its former partner to continue participating in the firm’s public company audit practice, even though he had been suspended over other rule violations. The former partner, Christopher Anderson, settled with...

  • Aflac Insurance Company InformatIon: Aflac is a Fortune 500 insurance company founded in 1955 by three...

    Aflac Insurance Company InformatIon: Aflac is a Fortune 500 insurance company founded in 1955 by three brothers, John, Paul and Bill Amos. Today, Aflac employs more than 4,500 people and has more than 71,000 licensed independent agents throughout the United States and Japan. The following is an excerpt from the New York Stock Exchange business summary. “Aflac Incorporated is a general business holding company and acts as a management company, overseeing the operations of its subsidiaries by providing management services...

ADVERTISEMENT
Free Homework Help App
Download From Google Play
Scan Your Homework
to Get Instant Free Answers
Need Online Homework Help?
Ask a Question
Get Answers For Free
Most questions answered within 3 hours.
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT