Corporate Compliance
The purpose of this paper is to outline a plan to implement enterprise risk management for my organization. The plan for Santa Ana Federal Credit Union’s risk management assessment will focus on one of its identified major weaknesses, which is vendor contract management. It will be intended as a policy that will mandate the thorough assessment of its current vendors and their contracts. Currently, the credit union does not have such a policy or procedure in place.
Introduction
Santa Ana Federal Credit Union or SAFCU is obligated to its members and employees to protect and ensure, to the best of its abilities, that the information and assets entrusted to the credit union are secure and properly safeguarded. As the credit union expands the products and services offered to members, the credit union is increasingly reliant on third party service providers. The selection of every new vendor poses a degree of risk to its members’ privacy, information, and assets. As a consequence, the credit union is obligated to perform sufficient due diligence when it selects a vendor and to monitor third party vendors on a regular basis.
General Objectives
The establishment of a Vendor Oversight Program is designed to:
• Establish vendor selection guidelines as proposed by the National Credit Union Administration (NCUA) in their letter number 01-CU-20 and part 748 of the NCUA Rules and Regulations (Dollar, 2001, 2).
• Ensure the privacy and security of the credit union and its members’ information assets.
• Establish policies and procedures for the annual review of existing vendor relationships.
Program Responsibility
The board of directors assigns oversight for this p ...