REGULAR FEATURES

• OP RISK LOSSES REPORTED IN THE MEDIA

• QUIZ CORNER

• IN THE SPOTLIGHT

QUARTERLY SERVICES CHECKLIST

• NATURAL DISASTER RISK ASSESSMENT

• APS 310 PREPARATION

• RISK TRAINING SCHEDULE

FEATURED ARTICLE

• AUSTRALIAN PRUDENTIAL STANDARD 310 - HOW ARE YOU COPING?

focus

PROTECHT

Quarterly Newsletter - Vol.4

Protecht is helping a number of Authorised Deposit-taking

Institutions (ADIs) to improve their prudential assurance processes

as a result of the more stringent APS 310 requirements. This comes

in the form of analysis of all prudential requirements and the

provision of a prudential compliance library for clients to select

questions to attest to on a periodic basis thereby assuring prudential

obligations are met.

For those who are regulated by the Australian

Prudential Regulation Authority (APRA),

the changes to APS 310 Audit and Related

Matters, made by APRA in 2009 have

now well and truly kicked in. Some

ADIs in Australia may have received a

qualified audit opinion for their

prudential audits last year. This

article looks at the key changes to

APS 310 and what ADIs should do to

ensure a higher level of compliance with Prudential

requirements.

So how exactly did APS 310 change? In a nutshell your external

auditors are required to carry out a wider scope audit as well as

provide a higher level of audit assurance over your prudential

responsibilities.

The key changes for your auditors are:

• A reasonable assurance is now required over APRA reporting

forms where data is sourced from accounting records. Limited

assurance is still required for information sourced from non-

accounting records, as was previously the case.

• The auditors need to review, and form an opinion on, the

adequacy of controls over your compliance with all prudential

requirements and your controls over the reliability of data in

the reporting forms.

• The auditor needs to provide limited assurance that you have

complied with all relevant prudential requirements.

These changes have in turn led to an

increased demand on ADIs

to put in place adequate

processes and systems to

document and demonstrate

compliance with prudential

requirements. So what

should an ADI do in order to

provide adequate control and

assurance over compliance

with prudential standards and

the accuracy of prudential returns?

We believe the following processes are ideally required:

• Document and analyse all requirements of the APS

standards, guidance notes, reporting standards, APRA

letters and your banking authority identifying where any

requirement exists.

• Create attestation questions for each requirement for

assignment to, and sign off by, an “owner”.

• Identify, map and document controls over reliability of

data in all prudential forms and over compliance with all

prudential requirements. Continued on Page 3...

A focus on Financial Institutions...

Australian Prudential Standard 310 – How are you coping?

PROTECHT

focus

REGULAR FEATURES

• OP RISK LOSSES REPORTED IN THE MEDIA

• QUIZ CORNER

• IN THE SPOTLIGHT

QUARTERLY SERVICES CHECKLIST

• NATURAL DISASTER RISK ASSESSMENT

• APS 310 PREPARATION

• RISK TRAINING SCHEDULE

FEATURED ARTICLE

• AUSTRALIAN PRUDENTIAL STANDARD 310 - HOW ARE YOU COPING?

Australian Defence Credit Union, established in 1959, is a financial co-operative for members of the Australian Defence Force, civilian employees of the Department of Defence, Defence contractors and their families. However other people are welcome to join.

To contact ADCU call To contact ADCU call To contact ADCU call To contact ADCU call 1300 13 23 28 1300 13 23 28 1300 13 23 28 1300 13 23 28 or visit them at or visit them at or visit them at or visit them at www.adcu.com.auwww.adcu.com.auwww.adcu.com.auwww.adcu.com.au

Operational Risk Losses this quarter…..

- A pregnant woman slipped at a shopping centre in Sydney after another customer reported a spillage. In awarding $750,000 in damages, The Court noted that a staff member had twice been told of the spill, but the employee "totally forgot" about it.

- A communications company recently came under fire after it sent out 220,000 letters that contained account information belonging to customers. The company admitted breaching customer privacy.

- A Business Management organisation has been ordered to pay $1.3bn in damages over a case of admitted copyright infringement in the US. After a four-year legal battle the rival had claimed that it was owed at least $1.7bn, or what it said it would have charged the organisation for a license to use the software legally. The German company, on the other hand, had argued that the damages should be limited to the value it had got out of its actual use of the software, which it described as negligible.

- Two former stockbrokers have been fined a total of £100,000 and banned from working in the financial services industry after the City regulator found that they used insider information to encourage clients to buy shares in an AIM traded stock.

- Australian Bank customers have been hit by a technical glitch that has affected transactions including pay and other deposits. The bank would not say how many of its 11.5 million customers were hit by the glitch.

- A former bank executive has been arrested for allegedly accepting a $US50m kickback in the 2006 sale of a large stake in a company’s holding rights. The Executive was in charge of managing the sale of the bank's stake to a London-based buyout group, but prosecutors say he led the bank to sell it "without evaluation of its current value" which, in turn, earned him "two consultancy contracts totalling $50 million."

10 Questions with:

Jen Jurss - Compliance Manager,

Australian Defence Credit Union

1) If you could change your name, what would you change it to?

A surname much easier to spell.

2) When younger, what did you want to be when you grew up?

A best selling author, magazine editor or a fighter pilot after an

obsession with Top Gun.

3) Do you have any hidden talents?

I can catch surfworms by hand and am a pretty good pool player.

4) Name one thing that not many people know about you?

I have been in a country music video on CMC - a group of friends

and I were at a week long party in the middle of NT on a property

and the singer asked if we could be in the film clip for his new

country music tune.

5) If you could invite any 5 people in the world for dinner, who would

they be?

Barack Obama, Hugh Jackman, Marieke Hardy to talk books,

Florence from Florence + the Machine and Keith Urban for post

dinner sing-along's and a fab sushi chef to do the cooking.

6) Do you follow any sports? If so what and which team do you

support?

I really enjoy watching live rugby union – I back the Wallabies,

the Reds and the local Eastern Suburbs team my friend captains.

7) Dream holiday destination?

Currently agonising over where to visit next – either France for

the culture and macaroons, the Deep South of US for the chicken

fried steak and antebellum houses, or Mexico for the beaches,

burritos and tequilas. Decisions, decisions, decisions...

8) If you won lotto, what would you spend it on?

I would plan some mind-blowing travel adventures, and invest the

rest to become a property mogul.

9) What is the craziest thing you have ever done?

Skydiving in WA, it was such fun I am dying to do it again! Oh

and eaten roast crocodile – for the record, it is like a tough piece

of chicken.

10) Name the top 3 things in your must do list?

1. Climb the pyramids in Egypt 2. Master a yoga handstand 3.

Learn a foreign language.

Quarterly Services Checklist

MUTUALS ADIs - APS 310

Is your company aware of the implications of APS 310?

Have you decided how you are going to map your controls against the relevant prudential standards?

Protecht is now able to supply a comprehensive list of attestations based on the APRA standards which will allow you to provide

APRA with a comprehensive response to the requirements of APS 310.

For details of the attestation library now available for WORMS, contact David Bergmark (david.bergmark@protecht.net) .

NATURAL DISASTER RISK ASSESSMENT

Given the heart breaking and tragic recent events across the country, ask if you have included the risks associated with natural disasters

in your self assessments and updated for any findings from the events?

Are you adequately testing controls? Has your DRP and BCP been tested lately?

RISK TRAINING

If you have hired new staff recently have they been given adequate risk training?

How long has it been since employees were updated on risk management techniques?

Protecht has released a new schedule of training courses for you to attend at www.protecht.com.au/training. Hurry they are filling fast.

If you prefer not to travel to Sydney then let us know as we may be able to plan a visit to a location nearer to you.

For all your training needs contact David Tattam (david.tattam@protecht.net).

Australian Prudential Standard 310 – How are you coping?

Continued from page 1

• Assess and document the adequacy of the identified controls.

• Obtain periodic attestation sign off from the owners of the key

controls

• Formally record any identified prudential breaches or reporting errors

The implementation of a robust framework to achieve the above requires a

reasonable effort and investment arising from:

• Analysis and documentation of the various requirements for each

prudential standard

• Implementing a process of compliance attestation over the

requirements and key controls

• Carrying out a regular assessment of prudential controls

If you wish to know more about how Protecht can help you, please contact David Tattam at david.tattam@protecht.net. For a set of attestations which will provide assurance in your compliance with APRA Standards then please contact David Bergmark at david.bergmark@protecht.net Protecht, in conjunction with AMInstitute, is launching a course on Proactive Management of Corporate & Banking Licensing Responsibilities aimed at Mutual ADIs. Further details can be found at www.aminstitute.org.au

Twitter: Protecht_Risk

Contact Protecht Advisory:

Head Office

Suite 2, Level 3, 230 Clarence Street

Sydney NSW 2000 Australia

Phone: +61 (2) 8005 1265

Fax: +61 (2) 9283 0430

Email: claire.bird@protecht.net

www.protecht.com.au

Quiz Corner

Concepts and theory around these questions can be found in Protecht’s elearning solution. There are a number of risk based modules

now available. The content is suitable for all employees as a means to introduce them to risk management theory. Check out the

elearning link on our website under the Training menu item for more information.

Answers: Best, False, False

Final Thought:

“Often the difference between a successful person and a failure is not one has better abilities or ideas,

but the courage that one has to bet on one’s ideas, to take a calculated risk—and to act.”

Andre Malraux— French Historian, Novelist and Statesman, 1901-1976

Upcoming Training:

• Introduction to Risk Management—3rd March

• Enterprise Risk Management for Corporate’s - 23rd & 24th March

• Operational Risk Management for Financial Institutions' - 16th & 17th March