Magazine article Mortgage Banking

Risk Management Comes Center Stage-How Safe Is Your ASP? (Executive Essay)

Magazine article Mortgage Banking

Risk Management Comes Center Stage-How Safe Is Your ASP? (Executive Essay)

Article excerpt

IN THE POST-9/11 WORLD, RISK management has taken on new meaning and new importance--in society, in international relations and in business, too.

A sometimes-nebulous term, risk management has been pushed to center-stage, as companies deal not only with the new risks of terrorism, but also with continuing transactional risks relating to violations of privacy, unauthorized computer use, surreptitious computer entry (hacking), loss of transactional data and computer fraud (not to mention the risk of being sued in our litigious society for allowing any of these situations to happen).

These transactional risks have been intensified by the exponential expansion and use of the Internet. Tremendous amounts of proprietary transactional information--some of it highly confidential--now routinely swirl around in cyberspace. In many cases, this information is protected only by a firewall and something called secure sockets layer (SSL) encryption.

Wide use of the Internet obligates those who process confidential or proprietary data for others (like mortgage bankers) to minimize transaction risks, particularly since bankers act as a fiduciary--one who serves in a position of trust to ensure that certain transactional risks do not occur. These risks, whether you use an application service provider (ASP), like GHR Systems, or an in-house system to process data, must be minimized.

How you approach reducing that risk is your choice. If in-house staff has been assigned to test your Internet sites and protect communications from unauthorized entry, they are staff members not focused on producing or servicing more loans (in other words, generating revenue). Often the better choice, then, may be to use an ASP to perform these computer functions. Call this a "win-win" situation, because you reduce costs by moving program and hardware administration to the ASP, and you place network responsibilities in the hands of an organization that is in the business of handling network infrastructure.

SAS 70, two types

An important caution to those shopping for an ASP is avoiding one with weak control procedures. To avoid making this error, rely on a "Good Housekeeping Seal of Approval," otherwise known in the business as a Statement on Auditing Standards (SAS) No. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed


An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.