A federal credit union is a certain credit union whose supervision is under the National Credit Union Association. Credit unions responsibility is to hold deposits, ensure issuance os checks and ATM cards and offer loans. They are non-profit institutions therefore they don’t pay taxes, therefore, charge loans under low-interest rates.
Risk Assessment is undertaking an evaluation of certain threats that may have an impact on financial institutions. After federal credit union merged with several state credit unions in is exposed to certain risks that must be assessed to know how to overcome them. They have to undertake a risk assessment on these three cities which are Seattle, Los Angeles and Atlanta. Each credit union to be able to provide the best services to their clients they have to comply with certain regulations to reduce expenses and be able to mitigate risk to benefit and earn profits. When undertaking risk assessment you have to comply with the following key elements which are:
- Ensure review of all products and necessary services; arrange by a program to ensure it is time-saving.
- Construct a risk assessment matrix to be able to assess every risk and ensure risk ratings are assigned correctly. This will help to avoid penalties and unnecessary investigations.
- All materials associated with risk assessment must be effective and accurate.
- Citations should be up to date to help in compliance of all regulations.
- Requirements checklist, all-important regulations and a review process are still helpful.
The following is an example of a risk assessment matrix in Los Angeles:
After undertaking a risk assessment on the federal credit unions on the three different regions, I was able to come up with a risk assessment overview:
Risk Assessment Overview
| Risk Name | Current Value | Risk Level |
| 1. Users and computers | ||
User accounts inactive | 15% ( 3 of 30 ) | High ( 1%-100% ) |
Computer accounts inactive | 25% (5 of 20 ) | High ( 3%-100% ) |
Computer accounts disabled | 0% ( 0 of 40 ) | Low ( 0 ) |
User accounts with certain persons that are not required | 0 | Low ( 0 ) |
User accounts that have passwords that never expire | 4 | Medium ( 1-4 ) |
| 2. Permissions | ||
User accounts that have permissions in administrative | 25% ( 5 of 30 ) | High ( 3%-100% ) |
Empty security groups | 15% ( 6 of 40 ) | High ( 3%-100% ) |
Administrative groups | 10% ( 3 of 50 ) | High ( 2%-100% ) |
| 3. Data | ||
Files names that contain certain sensitive data | 3 | High ( 2-unlimited ) |
Folders that are share and accessible to everyone | 15% ( 1520 of 14326 ) | High ( 5%-100% ) |
The risk mitigation plan is a certain process through which risk is reduced and therefore minimizing the occurrence of any bad incident. To ensure that your credit union is fully protected you have to ensure that all top risks are addressed properly throughout without hesitation. To be able to create a risk mitigation pan in our federal credit union we have to have a Logic Manager that will ensure that we can have connection throughout the union by ensuring there are link of controls to risks, procedures, policies and mostly ensure that their effectiveness is well tracked.
To undertake the preparation of our risk mitigation plan first we should undergo certain steps:
- Identification of all gaps that are in your program of risk management which ensures that there is a connection of existing work to avoid any gaps to ensure the protection of your organization
- Ensure that the right metrics are monitored whereby you can use ERM to inform a strategy to be able to avoid risk events.
- Risk assessment tools should be explored well to be able to understand how Logic Manager assessment tools and identification of risk can be used to gather information across different functions.
- Identify risk in credit union using the ERM program
- Assess risk using a risk management system in a uniform.
- Certain mitigation activities should be created, procedures and controls should all be created to cover those areas that they are needed most.
Risk mitigation plan
Risk Category External
| Risk name | likelihood | Impact | Risk score | Risk treatment |
| Certain changes in domestic rules, statutes and regulations. | Most likely | serious | 52 | transfer |
| Severe competition from new and existing credit unions | Highly likely | high | 70 | Transfer |
| Certain fluctuations in the financial markets like interest rates | Most likely | Major | 80 | Transfer |
Risk Category People
| Risk name | likelihood | Impact | Risk score | Risk treatment |
| Errors due to misperformance | Very likely | Serious | 64 | Transfer |
| Assets misappropriation | Very likely | Very high | 71 | Transfer |
| Non-compliance with policies willingly | Likely | High | Transfer
| |
| Both man and women equal athletic opportunity | Likely | High | Transfer | |
| Confidential information misuse | Most likely | Major | Transfer | |
| Bomb threat | Highly likely | High | 69 | Accept |
| Ineffective communications | Highly likely | High | 71 | Accept |
| Collisions with suppliers and employees | Very likely | High | Transfer |
Laws, treaties and conditions that apply in federal credit unions are the following:
- Federal credit unions communicate through electronic communication mostly through their website and emails. Clients agree to all their requirements and conditions electronically and in case of legal requirements those communications should be in writing
- Copyright whereby every content in federal credit union sites such as images, audios and text are under international copyright protection.
- Any trademark that is owned by federal credit union subsidiaries and appears on the site are owned by their respective owners only.
- License and site access whereby federal credit union only allows you to access their site but not to modify it or make some personal use of it.
- Your membership account should only be accessed by you, therefore, you are responsible for your account and password.
- Under federal credit union site clients may submit comments, information and questions so far the content being submitted is not illegal.
- The applicable law is that after you visit federal credit union site you agree to the laws of Los Angeles, Seattle and Atlanta.
- In case of any dispute relating to federal credit union products or services, you ensure submission of confidential arbitration to Los Angeles, Seattle and Atlanta.
Business Impact Analysis is used to help in the prediction of the outcomes of disrupting a certain business function and therefore it tries to gather and process all the information that will be required to come up with recovery strategies. After federal credit union merged with state credit unions certain data collection procedures were undertaken to be able to come up with a business impact policy. Which are;
- Distribution of surveys
- Arranging meetings with individual departmental managers.
- Gathering certain groups of managers in the same room for a workshop.
- Asking the right people for BIA information whereby you start from top management to bottom.
- While asking questions pot boxes on every question to avoid misinterpretation.
- Ask questions in the right way by ensuring that you frame them in a way everybody can understand.
- After that, we go to an analysis phase whereby you analyze your information in terms
of quality and quantity.
Business Impact Analysis
| Financial impacts | Expenses increasing Loss of income Contractual penalties Market share loss Delay in sales |
| Impacts due to Infrastructure | Construction delay Damage on machinery Building damage Restrictions on accessing certain facilities |
| Intangible impacts | Staff morale is lost Customer satisfaction decreases Some negative reputation on business |
| Strategic impacts | A decrease in resources needed for innovation Less focus on any innovation in the business New business initiatives delay |
| Impacts of law | In compliance with regulations Breach of contracts Breach of warranties |
| Impacts due to resources | Corruption Interruption in supply chain Failure to come to work |
| Impacts due to quality and safety | The capability of maintaining the desired qualities of products and services Damage on the environment |
Business continuity planning is a plan that ensures that credit union continues to run even after some interruptions like natural disasters and power failure. We ensure that our federal credit union continues to run by using a CU Recover software program. We shall apply this process :
This process includes:
- Business Impact Analysis by using credit union report data.
- Assessment of risk to detect all threats towards the organization.
- Recovery plans per each department to help them in creating plans.
- Key contact development whereby resources are pulled from all over the organization in one central place.
- Management plans in terms of crisis.
- CU Recover Website whereby this is after the whole plan has been developed and undergone approval therefore it is loaded in the CU Recover platform.
- Maintenance and monitoring of the CU Recover website to ensure is up to date
- Development of Recovery Team to be able to identify possible backups for each recovery team
- The response of an incident whereby CU Recover has incident response portals to be able to handle any event that comes up.
- Notification for Crisis Management to be able to communicate with members and staff in an outage.
Disaster Recovery Planning is used to identify any potential risks, needs requiring to sustain business and any future financial impacts. According to the outcome of analysis undertaken, all departments will be able to focus on those areas that need more training, more planning and documentation. There is certainly important information that you have to gather:
- Possibility of that process to be performed manually.
- What is the time frame of the impact of that failure to credit union?
- Recovery Time Objective which is the time when all application will be recovered in case of an outage.
- Recovery Point Objective which is the maximum amount of data loss a credit union can undergo in case of an event.
Disaster Recovery Planning
How to form a disaster recovery planning
Critical Areas Credit Union need to focus on and ensure improvement in their performance are the following;
Mostly credit union need to focus on technology since is developing daily. They should ensure that the following things are considered on their technology agenda:
- Ensure development of E-Branch. This is online branches that supply all products and services that are provided in physical branches.
- They should offer options. Credit unions should not move with technology that is working for newer members and forget the old technology that was working comfortably for those long term members.
- Make sure credit unions utilize web 2.0 and beyond because people are adjusting with changes in the internet therefore credit unions should still adjust.