While compliance reigns supreme as the boogey man of the banking industry, compliance glitches are often indicative of ineffective operational risk procedures.  As one bank director put it in the Ernst andYoung publication, Top and Emerging Risksfor Global Banking, “ I have never seen a compliance issue that didn’t comefrom an operational error.”

Donald Saxinger, senior examination specialist at the FDIC in a telephone briefing given to the ABA in December of 2012, revealed that “Inadequate vendor management was cited as a causal factor in 46% of the examination[s] that had their IT rating downgraded in 2012.” This telephone briefing was titled “Vendor Management: Unlocking the Value beyondRegulatory Compliance.” Mr. Saxinger stated that poor vendor management may not be the only issue, but it is frequently cited as a factor in the downgrade.

An internal audit function is a regulatory requirement for publicly traded companies, banks and other financial institutions.  Some companies without this mandate voluntarily opt to have an internal audit function (IAF), because of the increased value this function can provide via management control and credibility with investors and creditors.  An IAF can be done internally or outsourced to a third party. In smaller companies, management can oversee this function.