I’m not sure if this is being used across the board for all OTS exams, or just regionally, but the new pre-examination form (officially called PERK, or Preliminary Examination Response Kit) is significantly more comprehensive than before. It’s 10 pages in length, and has the following 11 categories:
- Audit (11 questions)
- Management (8 questions)
- Development & Acquisition (14 questions)
- Outsourcing (7 questions)
- Operations (8 questions)
- Business Continuity Planning (6 questions)
- Information Security (20 questions)
- EBanking (12 questions)
- Remote Deposit Capture (20 questions)
- Wholesale Payment Systems (8 questions)
- Retail Payment Systems (14 questions)
If these categories look familiar, they should…they are the 12 FFIEC IT Examination Handbooks, plus RDC (less Supervision of Technology Service Providers). All the OTS has done is take the Handbooks, and extract a few questions from Appendix A (Examination Procedures) of each one.
The institution that received this new exam questionnaire format is about $1B in size, and it could be that it’s only being used for larger institutions. But given that I had previously predicted an overall increase in the level of IT scrutiny, it may also be the start of the trend.
What OTS institutions can do in the meantime is become familiar with the Tier I Examination Procedures in the back of all of the IT Examination Handbooks. Prepare by using them as your own pre-exam checklist (see this). Are you seeing more detailed examination questionnaires? Let me know!