Posted by Mr. Idrees Rafiq, Jr., AVP IT Consulting, Credit Union Resources, Inc on 11/18/2015

Credit Unions are more dependent than ever on information technology to conduct business, and the trend is not declining. The complexity and reliance on third party resources is also increasing, resulting in the amplified cyber threats. As a consequence, it is imperative that the board of directors and managers remain “in the know” of cyber security at their credit unions.

The FFIEC stated, “Today’s financial institutions are critically dependent on IT to conduct business operation. This dependence, coupled with increasing sector interconnectedness and rapidly evolving cyber threats, reinforces the need for engagement by the board of directors and senior management.”

The following is an excerpt from the FFIEC IT Examination Handbook Management November 2015 giving guidance:

The board of directors sets the tone and direction for an institution’s use of IT. The board should approve the IT strategic plan, information security program, and other IT-related policies. To carry out their responsibilities, board members should understand IT activities and risks.

The board or a board committee should perform the following:

• Review and approve an IT strategic plan that aligns with the overall business strategy and includes an information security strategy to protect the institution from ongoing and emerging threats, including those related to cybersecurity5

• Promote effective IT governance.

• Oversee processes for approving the institution’s third-party providers, including the third parties’ financial condition, business resilience, and IT security posture.

• Oversee and receive updates on major IT projects, IT budgets, IT priorities, and overall IT performance. The board of directors may need to approve critical projects and activities, such as expanding the institution’s product line to include mobile financial services.

• Oversee the adequacy and allocation of IT resources for funding and personnel.

• Approve policies to escalate and report significant security incidents to the board of directors, steering committee, government agencies, and law enforcement, as appropriate.

• Hold management accountable for identifying, measuring, and mitigating IT risks.

• Provide for independent, comprehensive, and effective audit coverage of IT controls.

The board may delegate the design, implementation, and monitoring of specific IT activities to management or a committee (e.g., IT steering committee). An IT steering committee4 generally comprises senior management and staff from the IT department and other business units. Committee members do not have to be department heads, but members should understand IT policies, standards, and procedures (collectively, policies). Each member should have the authority to make and be held accountable for decisions within their respective business units. If the institution has a formal risk management function, risk management staff should participate in an advisory capacity.

The steering committee typically is responsible for reporting to the board on the status of IT activities. The reports enable the board to make decisions without having to be involved in routine activities. While the board may delegate the design, implementation, and monitoring of certain IT activities to the steering committee, the board remains responsible for overseeing IT activities and should provide a credible challenge6 to management. The steering committee is typically responsible for strategic IT planning, oversight of IT performance, and aligning IT with business needs. The steering committee should have a charter that defines its responsibilities.

The steering committee should receive appropriate information from IT, lines of business, and external sources. Additionally, it should coordinate and monitor the institution’s IT resources. The steering committee should review and determine the adequacy of the institution’s training, including cybersecurity training, for staff. The steering committee should also document meeting minutes and decisions and inform the board of directors of the committee’s activities.

My tip to the board of directors and the management is to work with their IT Department and/or vendors to determine a baseline security standard. This can be accomplished by reviewing the available reports and identifying anomalies that will invoke your incident response procedures.

Categories: Education & Training, Technology Consulting & Compliance
Posted by Vickey Morris, SCMS, CCUE, CUDE, VP Marketing, Cornerstone Credit Union League on 11/17/2015

Today’s post is by guest author David Bach.  David will be the Opening Keynote Speaker at the 2016 Foundation FOCUS Summit in March.


NEVER WIRE money to strangers!

It's so obvious to say this, but I just got involved and fortunately "caught" the most elaborate scam before we were taken.

I was reached out to supposedly by Hillsong Church to do a speech in Cape Town, South Africa for an event called Alive Again Seminar for 2500 people October 9,10,11. (What's amazing, is how they even matched the amount of people at my last event with the speaking request).

The scammers negotiated back and forth with our team on the speakers fees, sent us contracts, reserved rooms at a hotel (Westin Hyatt: whom confirmed a room request had been made).

The only thing they needed BEFORE they could wire our speaker fee was my work permit for South Africa. They referred us to their person that handled the permits to expedite it as the event was in October.

So far most of this is not of this is out of the norm.

UNTIL...drum roll please...

"We will need a WESTERN UNION WIRE TRANSFER for $895 (they even broke out the permit fee and the VAT tax portion)". Could you please pay that first....


We then did the obvious and reached out to directly to Hillsong to confirm whether or not this request was real. We did that the old fashion way, picked up the phone and called them.

They immediately informed us that it was a "scam" and this has been going on for sometime. They could not have been nicer and were so apologetic even though they had nothing to do with it.


To any other of my friends, if you hear from a PASTOR ANDRE OLIVER, its a scam (or do what we did and reach out to the Church directly).

AMAZING, the length people will go to scam you out of your money.

Moral NEVER, NEVER wire money to anyone you don't know.


Maybe this will save someone else from being scammed.

And now I REALLY WANT TO COME TO SOUTH AFRICA, do real speeches and visit the amazing country. My wife and I were so excited to visit Cape Town for our first time. Now we need to go make that happen...for real. Any South Africa friends out there?



Categories: Education & Training, Sales & Service
Posted by Mr. Doug Foister, Director of Research, Cornerstone Credit Union League on 11/16/2015

The “turnover generation” – that’s what Millennials (ages 15 – 35) have been labeled because they will hold 15-16 jobs during their careers. With the average cost of turnover being 21% of every employee’s annual salary, Millennials’ job changes are costing businesses literally billions of dollars. It’s been estimated that Microsoft’s turnover cost alone is $681 million.

Considering this kind of expense, it’s understandable that companies are concerned with how to keep Millennials in the workplace. In an effort to slow down the “turnover generation,” a recent study sought to confirm what Generation Y desires and expects in their jobs. In a broad stroke description, the study found (reassuringly) that Millennials share many of the values with respect to significant life choices as their counterparts in the Baby Boom generation. At the same time, unlike Baby Boomers, Millennials tend to believe they lack support at work in terms of mentorship, purpose and self-expression.

To quote from the study, “Formal mentorship programs have sprung up in a number of Fortune 500 companies as part of their onboarding process, so it’s no surprise that Millennials want mentoring as part of their job.” Whether accurate or not, these finding suggest that failing to provide mentoring for young workers can increase turnover.

As for purpose, the study found that Baby Boomers are 67% more interested in making more money than doing good, while Millennials weighed making money equally with “doing good.” Conclusion: Millennials are more likely to stay if they believe their jobs have a greater social purpose.

Finally, the study revealed that Millennials value self-expression up to eight times more than do Baby Boomers. The authors of the study propose that “Today’s workplace (like Millennials themselves) is about customization, individuality and choice” in aspects such as dress codes and personalizing one’s work area.

In my opinion, studies as I have just described should be taken with a grain of salt. I try to be cautious of stereotyping with respect to generational differences, as well as of falling into the snare of current cultural thinking on these issues. At the same time, it’s undeniable that Millennials have certain desires and expectations related to work that are unique to their generation, and how companies respond to this reality can have a significant effect on the tremendously costly matter of employee turnover.


We hope you have enjoyed this look at the issue of employee turnover. Detailed data on turnover among Cornerstone credit unions, as well as information on a full range of credit union salaries and benefits, is provided in the 2015 Cornerstone Compensation Survey report. To obtain this report, please contact Doug Foister at 800.442.5762, EXT 6477 or

Categories: Research
Page 1 of 120 (358 items)
Subscribe to the Blog

Categories & Archives
Category Filter

Author Filter




Connect: FacebookTwitter©  Credit Union Resources, Inc. All rights reserved.


Contact Us
4455 LBJ Freeway
Suite 1100
Dallas, Texas 75244-5998
Phone: (469) 385-6400
Toll Free: (800) 442-5762
Online Form