Financial Reporting Controls Integrity (FDICIA / SOX / COSO)
Banks with assets in excess of $1 billion as well as SEC-registered banks reaching a certain market capitalization level are subject to FDICIA and/or SOX financial reporting controls rules. Best-practice methodology is now guided by COSO 2013 (Committee of Sponsoring Organizations).
Over the five past years, The Navis Group has assisted 40+ institutions that are either reaching the relevant compliance threshold(s) or those institutions that are moving “old-school” approaches forward to best-practice compliance. Interestingly, in the latter case, we have found that banks had largely over scoped and therefore over tested the old FDICIA matrices, adding unnecessarily to the audit department’s schedule or budget.
We have developed an Excel-based approach, meeting the financial statement component synchronization recommended as part of the COSO methodology. Additionally, we have created a Word-based narrative that addresses COSO’s 17 principles and 87 focus points. Our approach now largely represents ”consensus” based on the number of institutions and external audit firms contributing to the effort.
We are also assisting institutions with enhancing the COSO 1-5 aspects of corporate governance, integrity, and tone-from-the-top via updates of the Ethics Policy, training initiatives and bank-wide communications relative to ethics and integrity.
Strategic Planning – Management / Board Retreats
Strategic planning is an integral component of an institution’s planning, direction and growth. The Navis Group regularly facilitates strategic planning sessions / retreats with a unique focus on organizational planning. Our "7-Year-Horizon" has helped management teams and boards get past the myopia of the traditional 3-year plan.
We work with client institutions to guide the pre-planning process, facilitate a board retreat and strategic planning session, and assist with the writing of the plan and its many components, demographics, metrics, financials, goals and objectives.
Enterprise Risk Strategies
Enterprise risk management (ERM) is an evolving challenge for a methodical, disciplined and holistic approach to all-things-risk within a financial institution. This discipline still lacks much in the way of formal regulatory guidance, even though ERM has been identified as a key focus of the regulatory agencies.
The Navis Group is one of the early pioneers in this area, having worked with many institutions on a myriad of ERM issues and approaches. Our work aims to help clients to make ERM an efficient value-adding effort.
Projects have included organizational architecture decisions; i.e. risk’s “place” in the orgchart. We have also assisted with risk committee charters, risk appetite statements, committee composition and meeting content, as well as board and management education. In one instance, we served as interim CRO while the Risk Department built out, and in many instances, we are a regular contributor to client risk committee meetings.
Board-level Audit/Risk Committee – Internal Audit Outsourcing
Over the past few years, many institutions have moved to add risk tasks to the Audit Committee’s menu. Additionally, many banks have also “retired” the internal audit function in favor of an outsourced model. We have assisted with committee charters and facilitated the outsourcing decision for Board Audit Committees.
Back-office Efficiency Studies
Our financial reporting controls work often leads to efficiency analysis projects. We have been involved with detailed analysis of deposit operations, loan operations, e-commerce operations, retail operations and audit/risk department complexities.
Business Continuity Planning and Testing
Over the years, our “signature” service offering has turned out to be business continuity planning, even as the demand for BCP assistance has been a bit “tidal” as regulators ebb and flow on their prioritization.
Our work includes plans and testing, having conducted annual tabletop tests with many of our clients, using our scripted disaster-du-jour. In 2011, we were shutting everyone’s electricity off, and in 2012, we started burning everyone’s ops center down. 2013 and 2014 brought terrorist “events” and a re-visit of the pandemic issue. In 2015, cyber breach was front and center. Stephen King would be proud!
Our work has also extended to Association-sponsored full-day, full-immersion exercises with many veteran “survivors” of hurricanes, ice-storms and cyber-attacks having attended multiple sessions.
Interim Officer - Executive Search
Interestingly, our risk and systems work has occasionally placed one of us in a position to fill a gap, or bridge a transition when personnel exit an institution, leaving key officer-level positions vacant. In past years, we have served as interim CFO or Controller, CRO, and CIO, “filling the seat” and assisting with the executive search, interview, vetting, hire, and transition.
©2019 The Navis Group