…at least in Georgia. The most recent Georgia State IT examinations are using a carbon copy of the FDIC 12/07 pre-examination IT questionnaire. If your primary federal regulator is the FDIC, this makes filling out the State questionnaire much easier. If not however, you’ll want to familiarize yourself with the format.
There are 5 parts to the questionnaire:
- Risk Assessment
- Operations Security and Risk Management
- Audit/Independent Review Program
- Disaster Recovery and Business Continuity Management
- either…
- Vendor Management and Service Provider Management (newer version), or
- Gramm-Leach-Bliley Act/FDIC Rules and Regulations – 12 CFR Part 364 Appendix B (older version)
Also, we’ve definitely seen increased State examiner activity in general. I’ve seen more State exam questionnaires this month than I’ve seen in the past 4 months.
UPDATE: Add the State of Maryland to this list, with Vendor Management as Part 5.
Pingback: The 5 trickiest FDIC IT examination questions (part 1). : FFIEC Guru
[…] Provider Oversight”. I’ll use this because it is the most recent, and as I posted previously, some State Banking regulators have started adopting it as […]
Pingback: FDIC and State examiners teaming up : FFIEC Guru
[…] wrote a similar post earlier, but it now seems that perhaps the reason the State of Georgia has adopted the FDIC IT Examination […]