I have a spreadsheet of policies I track to ensure they are presented to Board annually, but I want to include all of the Programs and Risk Assessments we're required to have so I can ensure they are annually presented to Board. So far, I have come up with the following:
CIP Program & Risk Assessment
BSA Program & Risk Assessment
ID Theft Prevention Program & Risk Assessment
Information Security Program & Risk Assessment
Are there any other regulatory required Programs or Assessments I am missing - or those that are 'highly recommended'?
Also, I am toying with the idea of tracking when annual reports have to be made to the Board (i.e. IT Officer's, Privacy, Security, etc.) Does anyone currently do this, and do you think it should be left to the responsibility of the individual responsible or a nice reminder from Compliance that their annual report to Board is due next month? Input much appreciated!
_________________________
My opinion is free: sometimes you get what you pay for; sometimes you get lucky.