Although the specific requirements and burdens of the almost 250 regulations and more than 2000 pages in the Dodd-Frank Act are yet to…
I recently ran across an excellent post on this topic regarding the fact that even though Reg. E does not currently regard corporate and municipal accounts the same as consumer accounts, they do, in fact, pose the same risk to the financial institution. As the original post on Krebs’ site points out, why should the […]
I wrote a similar post earlier, but it now seems that perhaps the reason the State of Georgia has adopted the FDIC IT Examination Questionnaire is that the FDIC has been showing up on-site with the State examiners. I’ve gotten reports that this is happening with increasing frequency, and not just in Georgia. My advice […]
I’ve written about the 6/15/2011 phase-out of the SAS 70 report in favor of the SSAE 16 series (SOC 1, SOC 2, SOC3) here and here. The AICPA isn’t expected to update their audit guide until sometime early next year, but financial institutions are anxious to get the FFIEC to comment, as the SAS 70 […]
In an interview with Don Saxinger at bankinfosecurity.com, the head of IT examiner oversight addresses vendor management. Here is my summary of that interview:
In my last post I indicated that the AICPA would have additional guidance on this topic this fall. It appears that we may now have to wait until early 2011. According to this document from the AICPA, “The existing (AICPA Audit) guide is being overhauled and rewritten to reflect the requirements and guidance in SSAE […]
The FDIC issued FIL-56-2010 today, addressing risk posed by sensitive information stored on certain electronic devices (copy machines, fax machines and printers) that utilize internal storage, and how institutions should mitigate that risk. This guidance only covers those devices that have internal storage, such as a hard drive or flash memory, but according to some […]
The Credit Union National Association (CUNA) is soliciting comments from it’s members regarding their recent NCUA examination experiences.
“We have heard from credit unions a lot over the last few months that many are finding their examiners and exams to have been a lot more difficult…
Starting next year (or this year for Type II engagements that extend beyond 6/11), the traditional SAS 70 is being phased out in favor of the SSAE 16. The biggest difference is that the “A” no longer stand for “Audit”, but “Attestation”: Management of the service provider asserts that controls relative to security, availability, integrity, confidentiality and privacy are both adequate and effective, and the auditor attests to the assertion.
The head of the World Health Organization (WHO) today declared the H1N1 influenza pandemic over, saying worldwide flu activity has returned to typical seasonal patterns and many people have immunity to the virus. WHO Director-General Margaret Chan said “The H1N1 virus has largely run its course.” This likely means that you are unlikely to encounter […]