Ask the Guru – Page 2 – Compliance Guru • FFIEC Guidance

Role of the Information Security Officer

Get a Copy

Managing Risk with Vendor Management

White Paper

Assess your Cybersecurity Readiness

Take Quiz

By Tom Hinkel | In Ask the Guru

Ask the Guru: The Vendor Report of Examination (ROE)

Hey Guru Where in the handbook does it state the Bank should request exam reports on vendors from their regulatory body? Although there is no formal FFIEC written requirement for obtaining the service provider’s regulatory examination report (report of examination, or ROE), it is mentioned as a best practice in the FFIEC 2012 TSP Handbook: […]

By Tom Hinkel | In Ask the Guru, From the Field

Ask the Guru: The IT Audit “Scope”

Hey Guru Our examiner is asking about the “scope” of our IT audits. What is she referring to, and how do we define a reasonable scope? Audit results are one of the first things examiners want to see, and the “scope” of the audit is very important to examiners. In fact, the term is used […]

By Tom Hinkel | In Ask the Guru, From the Field

Ask the Guru: Vendor vs. Service Provider

Hey GuruI recently had an FDIC examiner tell me that we needed to make a better distinction between a vendor and a service provider. His point seemed to be that by lumping them together in our vendor management program we were “over-analyzing” them. He suggested that we should be focused instead only on those few […]