利用业务架构进行风险与合规管理.pdf

《利用业务架构进行风险与合规管理.pdf》由会员分享，可在线阅读，更多相关《利用业务架构进行风险与合规管理.pdf（17页珍藏版）》请在三个皮匠报告上搜索。

1、1Benjamin SenecalBenjamin SenecalDirector,Business ArchitectureDirector,Business ArchitectureUSAA Federal Savings BankUSAA Federal Savings BankLeveraging Business Architecture for Leveraging Business Architecture for Risk and Compliance ManagementRisk and Compliance ManagementMarch 19,2025Mary Sipic

2、hMary SipichLead Business ArchitectLead Business ArchitectUSAA Federal Savings BankUSAA Federal Savings Bank2AgendaTraditional Risk Management in BankingLeveraging a Business Architecture FrameworkUsing Business Architecture for Analyzing Issues and Architecting SolutionsWhere We Are in Our Journey3

3、Traditional Risk ManagementRisk Profile Risk Assessments(RA)Risk and Control Self-Assessments(RCSA)Business Management(e.g.Process,Risk,and Control Inventory)Identify risk and operational issues at a granular process level Aggregation of risks across the Lines of Business4Content ModelSource:Based o

4、n the TOGAF Content Framework and Enterprise Metamodel,The TOGAF Standard,10thEditionInformation SystemsDataApplicationBusiness OperationsBusiness InformationBusiness ServicesContractsProductsProcessesEventsControlsFunctionsOrganization UnitsActorsRolesOperational risk assessments based on processes

5、,risks,and controlsExpanded focus to include third party,data,and application risks using processes as the focal point1.Initial Focus2.Expanded Focus5Process-Based ApproachRisk with no controlRiskControlRisk 1No control identifiedRisk 2Control 2Risk 3Control 3Risk 4Control 4Risk 5Control 5Risk 6Cont

6、rol 6Legend:RiskControlSystem6Numerous Processes Across Product Lines and BUs260 level 3 processes1000 level 4 processes7Challenges with the Process-Based ApproachGranular,Functional,ProcessesDuplication of risks and controlsBlind spots on strategic,data,and tech risksSiloed risk assessments by orgT