How creating a Part 504 gap assessment is like personal budgeting

In our last blog, “How you can make planning a 504 project like planning a vacation” we focused on the importance of project setup, defining a clear plan for the journey to April 15th, 2018, and keeping yourself accountable along the way. So how do we get ready for 504? I like to compare it to budgeting for an upcoming vacation. It’s not as fun as the vacation, but it makes the vacation so much more enjoyable knowing that I can afford it (and I won’t be broke when I get home).

When I build a budget, I start by identifying all the categories of expenses I have. It’s easier for me to visualize my expenses when they are categorized, as opposed to a long list of numbers. When I approach a 504 project, I like to do the same kind of categorization, which helps me better understand what needs to be done.

One way to do this is to perform a gap assessment to compare the current state Transaction Monitoring and Filtering programs against the Part 504 requirements. Start by breaking down the 504 rule into its component parts and assess whether the program is currently in compliance with each component. For those areas in compliance, make sure they can be substantiated with supporting documentation.   

If there are any compliance gaps or areas where the supporting documentation does not exist or is inadequate, take the time to fully document the issue (including the areas impacted, the cause, owners, etc.) to make it easier to understand the full scope of the issue. This process is painful and, in some cases, it can be alarming. For example, when I was doing my personal budget, I came to the shocking realization that I was spending $60 a week on coffee (that’s almost $3,000 per year!). This was one area for me that I needed to work to bring back into compliance. Companies also tend to have the same realization when they find areas out of compliance. However, since it’s a necessary step and can’t be overlooked, they are always pleased that they took the time to do things right.

In addition to the gap assessment, there needs to be an independent review over the entire Transaction Monitoring and Filtering programs. Note: as mentioned in blog 1 “Are you onboard the 504 train?” this can be performed by Internal Audit or an external third party depending on required expertise and knowledge.

Once I realized how much I was spending on coffee (and other random things that I probably didn’t need), it was time to put a plan in place to change my spending behavior. Similarly, remediation plans need to be put into place for any identified compliance gaps. Make sure the remediation plan is clearly documented, which helps to not only hold parties accountable, but also allows them to easily track progress (the New York Department of Financial Services (NY DFS) will also be tracking progress, so this is a very important step).

Companies tend to be concerned that if they have gaps requiring remediation that they won’t be able to certify. Most gaps won’t prevent certification, but there if there are severe gaps, then additional work may be required in order to certify. Either way, if there are identified gaps then there will be work to do as the NY DFS will still be looking for evidence of remediation.

Just because I found a lot of unnecessary expenses in my budget, it didn’t mean I couldn’t take that well-deserved vacation. It just meant that I had a little more work to do in order to make it happen. The same applies to 504 – a little work now will make things much easier (and enjoyable) in the future.


 Click here to learn more about Regulatory Compliance


What to Expect When You’re Selecting an ERP
CECL Modeling: In-House or 3rd Party? Choose Wisely
Related Posts
How Does the FSSCC Cybersecurity Profile Support CISOs?
How Does the FSSCC Cybersecurity Profile Support CISOs?
Benefits and Uses of the FSSCC Cybersecurity Profile
Benefits and Uses of the FSSCC Cybersecurity Profile
The End of PPP: 5 Changes to Consider
The End of PPP: 5 Changes to Consider