Dawnya, we started by identifying our covered products, which was basically all of our accounts.
So, we split out all checking, all savings, consumer term, consumer LOC, com'l term, com'l LOC, etc...
For each type of product we identified how each product could be opened, then accessed, addressed threats to these products (i.e. phishing, forgeries, fake info). After that we said ok! What is the probability that anything would happen on a scale of 1-5 and what would be the impact on a scale of 1-5.
Then we looked at the controls we have in place that would address the red flags to get our residual likelihood and impact.
Our Board approved what would be an acceptable rating and we verified that instructions were in our procedures to cover the red flags.
That is what we will build our program from.
BOL recently did 2 webinars on the red flags that were very helpful. Check out Learning Connect!
_________________________
Take responsibility for your life.