Below is the 2015 Enterprise Risk Management agenda for your review. To the right (under resources) are PDF copies of the PowerPoint presentations from the program. An email has been sent to the registered attendees with the password to open the documents.  

If you have any questions, please contact Corbett Cutts at ccutts@calbankers.com. 

***2015 Agenda***

Agenda

8:30 – Welcome & Introductions

8:30 – ERM 2.0: A forward Looking Approach That Adds Strategic Value
Michael Guglielmo, Managing Director, Darling Consulting
Enterprise Risk Management (ERM) is a rapidly evolving art and science that, in addition to helping organizations effectively integrate and enhance financial and operational risk assessment and management, can contribute significantly to financial and operational performance improvement. During this session, participants will learn how well-designed capital planning and stress testing processes used by bank ALCOs can be integrated with traditional ERM approaches to create a more comprehensive framework that includes forward-looking risk assessment that can be leveraged to quantify risks and their potential impact on capital. Armed with this 360° perspective, stakeholders can tactically assess the financial impact of risks and evaluate the risk/return tradeoffs of taking action versus staying the course. Looking at ways this framework can ultimately be used to identify and capitalize on organizational strengths and opportunities will also be explored.

9:30 - Vendor Management: Keeping Pace With the Complexity of Today’s Needs
Randy Marsicano, CISA, CRISC Professional Services Manager, WolfPACSolutions
Can we confidently say the quality of risk management over our vendors is keeping pace with the level and complexity of those relationships?  We continue to increase the number and complexity of relationships with both foreign and domestic third parties, but many vendor management programs have not kept pace with the changes.   Have we included all third parties in the program, are the right internal people involved and are they doing the right things, and have we updated our vendor management program with the latest threats such as Cybersecurity?  The session will review the tips and tools of an effective vendor management program, as well as provide a real life insights into good (and not so good) vendor management practices and how to integrate the program into your strategic planning process.  

10:30 – Networking Break

10:45 - Cyber Security Threats Today
Fred Johnson, Director, Security & Private Services, McGladrey, LLP
Bank’s networks and applications are complex entities that control, and require, significant financial commitments. Any threats that could interrupt these environments puts those organizations at risk. Traditional IT audits can help to address and mitigate financial, operational and compliance risks often faced by the banking industry, but these efforts often do not incorporate robust security assessments beyond the myriad, but basic, general testing or minimal standards required by examiners. As has been demonstrated numerous times, sometimes in spectacular fashion (most recently in the Sony breach), modern attack methods are designed to bypass many of the mechanisms organizations still rely on to protect their environment. This presentation will identify risks within the banking industry with a focus on how IT risk and security is currently being handled within ‘the real world’. Attendees will be presented with examples of the most common attacks that are used to breach companies over the past 18 months, a peak into the underground market where attackers are making money from the breach and an overview of the latest security programs and tools that can help defend and protect the network.  The session will be broken into various modules covering subjects such as malware, social engineering, web applications, mobile devices, and advanced security controls.

11:45 – Lunch

12:45 – Beyond Risk Assessment: How to Integrate Your Business Strategy with Your Enterprise Risk Management Program
Randy Marsicano, CISA, CRISC Professional Services Manager, WolfPACSolutions

Risk assessment is agreeably the foundation for an effective enterprise risk management program. Once you have it completed, how do you know what’s next? You have plenty of risk indicators that you report on but which ones are the right ones? Which ones are key risk indicators?

When reviewed by senior management and the board, your risk assessment provides insight into your institution’s Risk DNA. Using this you can better monitor the health and welfare of the Bank and ensure alignment with the strategic plan. A lack of focus on high and moderate risks can be expensive and not measuring the right activities could cause you to be late in identifying threats that could pose significant financial harm.

In this presentation we will show you how to decode the DNA and glean meaning from the risk indicators. Using the bank’s risk heat map, we’ll teach you how to ensure alignment with highest risk threats, how to discern meaning from what the indicators are showing, and determine what else you should be talking about.

1:45 – Networking Break

2:00 - Designing, Communicating, and Sustaining a Risk Culture
Walt Mix, Managing Director and Financial Services Group Leader, Berkeley Research Group, and David Abshier, Managing Director, Berkeley Research Group

3:00 – Regulator Panel: FDIC & OCC
FDIC: Robert Long, Senior Examination Specialist, Federal Deposit Insurance Corporation, San Francisco Regional Office
OCC: Anita Likens, National Bank Examiner, Office of the Comptroller of the Currency
Moderated by Michael D. Cohn, Director, WolfPAC Solutions, this interactive panel discussion will allow bankers to hear from the regulators as it relates to: 

• Examination Topics and ERM programs
• Expectations for different sized banks (risk appetite, Key Risk Indicators (KRIs))
• Audit program integration
• The role of the CRO for the larger bank / need for the CRO for a smaller bank

4:30pm – Adjourn