Regulation Nation: Risky Business
This regulatory body oversees banks like Commerce Bank and ensures they operate safely and soundly.
Who is the Federal Reserve Bank? (or Who is the state of Missouri?)
This document is sent by a vendor requesting payment for goods or services provided.
What is an invoice?
This regulation requires financial institutions to protect customer data and disclose how it is shared.
What is the Gramm-Leach-Bliley Act (GLBA)?
This ITIL process is used to restore normal service operation as quickly as possible after a disruption.
What is incident management?
This process involves comparing an organization’s performance metrics against industry peers or best-in-class companies.
What is benchmarking?
This type of risk arises when a bank cannot meet its short-term obligations due to insufficient liquid assets.
What is liquidity risk?
This occurs when a company receives an invoice that has already been paid or submitted more than once.
What is a duplicate payment?
This IT audit focus area ensures only authorized users can access systems and data.
What is access management (or identity and access management)?
This classification is used for the most severe incidents that impact a large number of users or critical business services.
What is a major incident?
This quadrant-based Gartner tool evaluates vendors based on “Ability to Execute” and “Completeness of Vision.”
What is the Gartner Magic Quadrant?
This risk is the potential for loss due to failed internal processes, people, systems, or external events.
What is operational risk?
This type of control helps prevent unauthorized payments by requiring multiple levels of approval before an invoice is processed.
What is a segregation of duties (SoD) control?
This is what auditors look for when testing whether a process actually works as intended.
What is control effectiveness?
This is the first step in the incident lifecycle where a ticket is created and logged into the system.
What is incident logging (or ticket creation)?
This type of model is used to assess how advanced a process, capability, or function is compared to defined stages of maturity.
What is a maturity model (or capability maturity model)?
This type of risk relates to the potential for loss resulting from inadequate or failed IT systems, cybersecurity incidents, or technology disruptions impacting banking operations.
What is technology risk (or information technology risk)?
This system automatically routes invoices for coding, approval, and payment processing, reducing manual intervention in Accounts Payable workflows.
What is an Accounts Payable automation or workflow system (AP automation tool)?
This is the process of checking transactions back to original source documents for accuracy and completeness.
What is reconciliation?
This ITIL process focuses on identifying and eliminating the underlying cause of recurring incidents.
What is problem management?
This benchmarking approach compares internal processes or systems across different business units within the same organization.
What is internal benchmarking?
This framework is commonly used in banks to identify, assess, monitor, and report key risks across the enterprise.
What is the Enterprise Risk Management (ERM) framework?
This technology control detects unusual patterns in invoice activity—such as repeated amounts, duplicate vendors, or off-cycle payments—to flag potential fraud or errors.
What is an anomaly detection or continuous monitoring control?
This type of control is built into systems and automatically prevents or detects errors.
What is an automated control?
This system is commonly used to track, prioritize, and manage incidents, problems, and service requests in ITIL-based environments.
What is an IT Service Management (ITSM) tool (e.g., FreshWorks)?
This benchmarking metric measures the percentage of time a system, application, or service is available and operational compared to total expected uptime.
What is system availability (or uptime percentage)?