Confirmed users
569
edits
CA/Quantifying Value: Difference between revisions
→Whether the Applicant has a Good Compliance Management Program: Numbering
| Line 52: | Line 52: | ||
# How robust is the applicant’s compliance and risk management program? | # How robust is the applicant’s compliance and risk management program? | ||
# What evidence can the applicant provide to demonstrate that it has a good compliance program in place? How long has such program been operational? On what compliance framework is it based? | # What evidence can the applicant provide to demonstrate that it has a good compliance program in place? How long has such program been operational? On what compliance framework is it based? | ||
# How familiar is the applicant with the annual risk assessment required by section 5 of the Baseline Requirements? (Note that it requires 1. the identification of foreseeable internal and external threats; 2. an assessment of the likelihood and potential damage of these threats; and 3. an assessment of the sufficiency of the policies, procedures, information systems, technology, and other arrangements that the CA has in place to counter such threats.) | # How familiar is the applicant with the annual risk assessment required by section 5 of the Baseline Requirements? (Note that it requires 1. the identification of foreseeable internal and external threats; 2. an assessment of the likelihood and potential damage of these threats; and 3. an assessment of the sufficiency of the policies, procedures, information systems, technology, and other arrangements that the CA has in place to counter such threats.) | ||
# How does the applicant exercise care when deciding to take on risks? What are applicant’s processes for mitigating or accepting risks? | # How does the applicant exercise care when deciding to take on risks? What are applicant’s processes for mitigating or accepting risks? | ||