With the SAS 70 phasing out on 6/15, financial institutions have a dual challenge; determining the best report to request, and evaluating the report they are provided. To assist with this challenge, I’ve created two documents. The first, or Step 1, is a SOC Selection Flowchart, which is available here. This will assist in determining […]
In preparation for an upcoming class on Audits & Examinations, I created an searchable index of all FFIEC IT Examination Handbooks. Out of curiosity, I ran frequency counts for some key terms across all 12 booklets. Some of the results are pretty much expected, some are a little more surprising: Term Frequency of Occurrence […]
The ability of management to respond to changing circumstances, and to address the risks that may arise from changing business conditions, has become an area of increased examiner scrutiny in the wake of recent large financial institution failures. Accordingly, the “Management” component is given special consideration when assigning a CAMELS composite rating. What are the […]
The Council is a formal inter-agency body empowered to prescribe uniform principles, standards, and report forms for the federal examination of financial institutions by the Board of Governors of the Federal Reserve System (FRB), the Federal Deposit Insurance Corporation (FDIC), the National Credit Union Administration (NCUA), the Office of the Comptroller of the Currency (OCC), […]
A complete listing of ALL FFIEC Tier I and Tier II examination procedures in one place, courtesy of the BITS Shared Assessments project. Very handy!
This whitepaper talks about the recent FFIEC guidance on Retail Payment Systems.
Watch this educational webinar presented by the Compliance Guru and Attus.
There are twelve booklets in the FFIEC IT Examination Handbook series, and ten of them make reference to the importance of managing third-party relationships. Today, the vast majority of financial institutions outsource at least one business function, and almost 50% of institutions outsource at least one critical business function. Among community financial institutions, the percentages […]
If it’s been done correctly, your business continuity program has been developed to support your Banks’ strategic plan. The capabilities of your hardware and software have been carefully selected to coincide with the needs of your target market. Your financial projections are based on your ability to successfully penetrate your target market, and your DR […]
The effective management of critical vendors is an essential risk control. The FFIEC mentions this several times in their Examination Handbooks, most recently in the “Information Security” Handbook from July, 2006. Although most financial institutions are accustomed to approaching this from their own perspective, i.e. from the serviced side, this white paper will take a […]