-
The 5 trickiest FDIC IT examination questions (part 5).
In my last post, I asked you to weigh in on what question you wanted me to address in this final post of the series. This one came from a bank that was in the process of actually filling out the questionnaire, and it’s a good one. It’s found in the Vendor Management section: “Has…
-
Interview with head of FDIC IT examinations
In an interview with Don Saxinger at bankinfosecurity.com, the head of IT examiner oversight addresses vendor management. Here is my summary of that interview:
-
SSAE 16 replaces SAS 70 (…sort of) – UPDATE 2
In my last post I indicated that the AICPA would have additional guidance on this topic this fall. It appears that we may now have to wait until early 2011. According to this document from the AICPA, “The existing (AICPA Audit) guide is being overhauled and rewritten to reflect the requirements and guidance in SSAE…
-
The 5 trickiest FDIC IT examination questions (part 1).
…and how to answer them. Actually, answering them is the easy part, they all require a “Y”. Documenting the basis for your answer is a bit harder. Because each question really requires it’s own discussion, I will address each one in separate posts. Also, the questionnaire I will be referring to is the newer 12/07…
-
State regulators adopting FDIC pre-exam questionnaire… (Update)
…at least in Georgia. The most recent Georgia State IT examinations are using a carbon copy of the FDIC 12/07 pre-examination IT questionnaire. If your primary federal regulator is the FDIC, this makes filling out the State questionnaire much easier. If not however, you’ll want to familiarize yourself with the format. There are 5 parts…
-
The State of the (Credit) Union According to the NCUA Chairman
Last month, NCUA chairman Todd M. Harper delivered his “State of the (Credit) Union” during the 2023 Governmental Affairs Conference. Harper covered multiple areas of interest to credit unions including: But in this post, we’ll focus on 3 topics directly related to information security: cybersecurity risk, the need for centralized vendor authority, and Fintechs. The…