Click to return to BOL home page
Banker Store Read A Reg BOL Insiders Career Connect Learning Connect Bankers Information Network

Search BankersOnline
using Google









Alphabet Soup


Banker Store

Bankers Info Ntwk


Career Connect

Learning Connect

Guru Central


Ask a Guru

Bankers Threads

Contact Us

Give Us Feedback


About Our Sponsors

About Us

Red Flag Assessment Testing

BOL user "Rizzo" was preparing for the Red Flags rules and created a Red Flags risk assessment testing document that she has shared here. Rizzo participated in BOL Learning Connect webinars about the new Red Flag rules and developed this workbook based on what she learned. The file, "Red Flags Testing Menu - rfworksheet", is a component of the larger "Red Flags Assessment Testing Workbook - rftestmenu", and is provided here individually, and is blank. The "Red Flags Assessment Testing Workbook" contains the Risk Assessment Matrix and Red Flags Testing Menu.

The process charts were used for each covered product. The bank marked different ways the product could be obtained, accessed, identified possible threats and then listed controls that were in place addressing the red flags. The matrix is a summary page of the process charts.

The bank rated risks from 1-5 starting with selecting what the impact would be to the bank. From there, what is the inherent likelihood that breach would happen, yielding the inherent risk. For example:
  • Impact = 5,
  • Inherent Likelihood = 4
  • (5x4) yields an inherent risk a 20.
  • Residual likelihood (taking controls into consideration) = 3,
  • times the impact (5)
  • provides a residual risk of 15.
Rizzo's Board approved an acceptable rating of 10 for each product (yours may vary), so if the residual risk was more than that, it gets placed on a watch list, or the bank tries to figure out how to lower the score to an acceptable level. The "Red Flags Assessment Testing Workbook" has sample data included in it. You will have to delete and replace the sample data with your own assessments and may edit the products as well.

The bank then tested the controls and this is where the testing menu comes in to play (the smaller component file "Red Flags Testing Menu"). The bank then reviews the controls listed in the risk assessment to address each Red Flag and marks the worksheet to show if the Red Flag is indeed addressed (all 3 parts: Detection, Mitigation and Response). If it was addressed, the location of the coverage from policies and procedures is listed. If not, comments were made in the Gap Analysis column and the responsible party for that product was instructed to correct the deficiency.

Here are the two files, one in two formats (right click to save the files to your drive): 09-08-08

Access other Banker Tools on

Privacy Policy    Disclaimer   Recommend This Site !   Contact Us

BankersOnline is a free service made possible by the generous support of our advertisers and sponsors. Advertisers and sponsors are not responsible for site content. Please help us keep BankersOnline FREE to all banking professionals. Support our advertisers and sponsors by clicking through to learn more about their products and services.