OverallcommentsTPRSSmallTeamThirdParty RiskSummaryHIPAAOCCBulletin2013-29FISBankConfidentialDataBlank2/14/2019BusinessProcessTiersVicePresidentCoupaIf 1.01AND 1.17areapplicableErnstandYoungRiskCouncilFalse3months2020YesAnnualReportDelegationSSAE18,ModeratelyLowBCTier@bokf.comFormerlycritical1,069Analysisbased on thenature of theengagement1bVRCFDRemediationTrackerReportUpon acompletedFinancialCrimesreviewVRC1'sEvaluationQueue3/26/2019100ValueAddedResellerPushthroughassignedprogramsOCC,OneCongaCubaThird PartyProviderManagementStandardVRC1 –VRO –VRC2, 5HighestInherentRisk ofComplianceAnNDAImpacts customersbroadly enough tothreaten marketshare Review the fileposted in the VMOSharePoint siteNoFinancialCrimesHighest RiskRating of allactiveRelationshipsAnyTierHighBCAnyoneRegulatoryperspectiveincluded inannual criticalreportingThird PartyProviderManagementPolicyExemptJune14calendardaysOFACHitNon-USHeadquartersor Non-USOperationsMonthlyRegenerateFacilitiesMaintenance3DaysAccess@WorkRequest21calendardaysSRMSupplierNameChangeCommitteeIneffective5.01A completedMaterialityAssessmentCriticals and“WhollyOutsourcedDepartment”sRiskRatinglatenoticelog-noreply@spfarm.bok.com1,340DecemberSharedSLAsOverallcommentsTPRSSmallTeamThirdParty RiskSummaryHIPAAOCCBulletin2013-29FISBankConfidentialDataBlank2/14/2019BusinessProcessTiersVicePresidentCoupaIf 1.01AND 1.17areapplicableErnstandYoungRiskCouncilFalse3months2020YesAnnualReportDelegationSSAE18,ModeratelyLowBCTier@bokf.comFormerlycritical1,069Analysisbased on thenature of theengagement1bVRCFDRemediationTrackerReportUpon acompletedFinancialCrimesreviewVRC1'sEvaluationQueue3/26/2019100ValueAddedResellerPushthroughassignedprogramsOCC,OneCongaCubaThird PartyProviderManagementStandardVRC1 –VRO –VRC2, 5HighestInherentRisk ofComplianceAnNDAImpacts customersbroadly enough tothreaten marketshare Review the fileposted in the VMOSharePoint siteNoFinancialCrimesHighest RiskRating of allactiveRelationshipsAnyTierHighBCAnyoneRegulatoryperspectiveincluded inannual criticalreportingThird PartyProviderManagementPolicyExemptJune14calendardaysOFACHitNon-USHeadquartersor Non-USOperationsMonthlyRegenerateFacilitiesMaintenance3DaysAccess@WorkRequest21calendardaysSRMSupplierNameChangeCommitteeIneffective5.01A completedMaterialityAssessmentCriticals and“WhollyOutsourcedDepartment”sRiskRatinglatenoticelog-noreply@spfarm.bok.com1,340DecemberSharedSLAs

VMeOw - Call List

(Print) Use this randomly generated list as your call list when playing the game. There is no need to say the BINGO column name. Place some kind of mark (like an X, a checkmark, a dot, tally mark, etc) on each cell as you announce it, to keep track. You can also cut out each item, place them in a bag and pull words from the bag.


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
  1. Overall comments
  2. TPRS Small Team
  3. Third Party Risk Summary
  4. HIPAA
  5. OCC Bulletin 2013-29
  6. FIS
  7. Bank Confidential Data
  8. Blank
  9. 2/14/2019
  10. Business Process Tiers
  11. Vice President
  12. Coupa
  13. If 1.01 AND 1.17 are applicable
  14. Ernst and Young
  15. Risk Council
  16. False
  17. 3 months
  18. 2020
  19. Yes
  20. Annual Report
  21. Delegation
  22. SSAE18, Moderately Low
  23. BCTier@bokf.com
  24. Formerly critical
  25. 1,069
  26. Analysis based on the nature of the engagement
  27. 1b
  28. VRC
  29. FD Remediation Tracker Report
  30. Upon a completed Financial Crimes review
  31. VRC1's Evaluation Queue
  32. 3/26/2019
  33. 100
  34. Value Added Reseller
  35. Push through assigned programs
  36. OCC, One
  37. Conga
  38. Cuba
  39. Third Party Provider Management Standard
  40. VRC1 – VRO – VRC2, 5
  41. Highest Inherent Risk of Compliance
  42. An NDA
  43. Impacts customers broadly enough to threaten market share Review the file posted in the VMO SharePoint site
  44. No
  45. Financial Crimes
  46. Highest Risk Rating of all active Relationships
  47. Any Tier
  48. High
  49. BC
  50. Anyone
  51. Regulatory perspective included in annual critical reporting
  52. Third Party Provider Management Policy
  53. Exempt
  54. June
  55. 14 calendar days
  56. OFAC Hit
  57. Non-US Headquarters or Non-US Operations
  58. Monthly
  59. Regenerate
  60. Facilities Maintenance
  61. 3 Days
  62. Access@Work Request
  63. 21 calendar days
  64. SRM
  65. Supplier Name Change Committee
  66. Ineffective
  67. 5.01
  68. A completed Materiality Assessment
  69. Criticals and “Wholly Outsourced Department”s
  70. Risk Rating
  71. latenoticelog-noreply@ spfarm.bok.com
  72. 1,340
  73. December
  74. Shared SLAs