OTS Using New IT Examination Questionnaire


OTS Using New IT Examination Questionnaire

I’m not sure if this is being used across the board for all OTS exams, or just regionally, but the new pre-examination form (officially called PERK, or Preliminary Examination Response Kit) is significantly more comprehensive than before.  It’s 10 pages in length, and has the following 11 categories:

  • Audit (11 questions)
  • Management (8 questions)
  • Development & Acquisition (14 questions)
  • Outsourcing (7 questions)
  • Operations (8 questions)
  • Business Continuity Planning (6 questions)
  • Information Security (20 questions)
  • EBanking (12 questions)
  • Remote Deposit Capture (20 questions)
  • Wholesale Payment Systems (8 questions)
  • Retail Payment Systems (14 questions)

If these categories look familiar, they should…they are the 12 FFIEC IT Examination Handbooks, plus RDC (less Supervision of Technology Service Providers).   All the OTS has done is take the Handbooks, and extract a few questions from Appendix A (Examination Procedures) of each one.

The institution that received this new exam questionnaire format is about $1B in size, and it could be that it’s only being used for larger institutions.  But given that I had previously predicted an overall increase in the level of IT scrutiny, it may also be the start of the trend.

What OTS institutions can do in the meantime is become familiar with the Tier I Examination Procedures in the back of all of the IT Examination Handbooks.  Prepare by using them as your own pre-exam checklist (see this).  Are you seeing more detailed examination questionnaires?  Let me know!

Tom Hinkel
As author of the Compliance Guru website, Hinkel shares easy to digest information security tidbits with financial institutions across the country. With almost twenty years’ experience, Hinkel’s areas of expertise spans the entire spectrum of information technology. He is also the VP of Compliance Services at Safe Systems, a community banking tech company, where he ensures that their services incorporate the appropriate financial industry regulations and best practices.

Write a Comment