Compliance Guru • FFIEC Guidance
  • Ask the Guru
  • Upcoming Events
  • About
  • Ask the Guru
  • Upcoming Events
  • About
The Compliance Guru Pictogram

Role of the Information Security Officer

Get a Copy

Managing Risk with Vendor Management

White Paper

Assess your Cybersecurity Readiness

Take Quiz

By Tom Hinkel  |  In Ask the Guru, From the Field

Ask the Guru: The IT Audit “Scope”

Hey Guru Our examiner is asking about the “scope” of our IT audits. What is she referring to, and how do we define a reasonable scope? Audit results are one of the first things examiners want to see, and the “scope” of the audit is very important to examiners.  In fact, the term is used […]

Read Post 2
By Tom Hinkel  |  In From the Field

The Problem with PEN Tests

This is a true story, the names have been changed to protect the guilty. Al Akazam (not his real name) is an IT consultant with a solid background in
Read the rest of the article

Read Post 3
By Tom Hinkel  |  In From the Field

Bank Directors and Officers targeted in 2011

The final numbers are in for 2011, and it was a record year for Director and Officer (D&O) lawsuits by the FDIC.  In 2011 alone, 264 defendants were named in FDIC lawsuits.  To put that in perspective, that’s more than twice the number sued in the previous 2 years combined.  Some of the most frequently […]

Read Post 0
By Tom Hinkel  |  In From the Field

Access Rights a frequent finding

In reviewing recent audit and examination findings, the issue of access rights and permissions is coming up with increasing regularity.  Making sure that end-users have no more access rights than absolutely necessary to do their job is one of the best information security controls.  According to the FFIEC, formal access rights administration for users consists […]

Read Post 1
By Tom Hinkel  |  In From the Field

Audits vs. Examinations

As I speak with those in financial institutions responsible for responding to audit and examination requests, I find that there is considerable confusion over the differences between the two.  And some of this confusion is understandable…there is certainly some overlap between them, but there are also considerable differences in the nature and scope of each […]

Read Post 0
By Tom Hinkel  |  In From the Field

Using Technology to Drive Compliance

In the past year to year and a half, nearly all of the IT examination findings I’ve seen have in the broad category of “documentation”, or more specifically, lack thereof.  In other words, policies and procedures were satisfactory, but documentation was either non-existent, or insufficient, to demonstrate that actual practices followed policy and procedure. To […]

Read Post 0
By Tom Hinkel  |  In From the Field

The Control Self-Assessment (CSA)

If there was a process that was mentioned 43 times in 7 of the 12 FFIEC IT Examination Handbooks, (including 12 times in the Information Security Handbook alone!), would you consider implementing it?  How about if it virtually assured better audits and examinations?  OK, you’re interested, but the last thing you need is to implement […]

Read Post 8
By Tom Hinkel  |  In From the Field

IT Composite Ratings: 1 vs. 2

In a recent survey conducted with our customers, we asked them to tell us (anonymously) what their FDIC IT composite scores were after their last IT examination, and whether those scores increased (got worse), or decreased (got better).  The average score was 1.8 on the 5 point scale.  Of course the results could be attributed […]

Read Post 1
By Tom Hinkel  |  In Hot Topics

Auditor rotation – pro and con

The practice of periodically changing, or rotating, your external auditor has been a topic of interest with our customers lately, and there are two schools of thought on this. The pro-rotation side takes the position that a different set of eyes…

Read Post 0
By Tom Hinkel  |  In Hot Topics

Top 5 Compliance Trends for 2011 – Part 2

A recent survey of auditors and examiners asked:

During the past year, in which category would you say MOST of your IT audit/exam findings occurred?

Read Post 0
Newer
12
Older

Join Our Community

Browse Posts

  • Ask the Guru
  • Ask the ISO
  • From the Field
  • Hot Topics
  • Resources

Copyright © Compliance Guru®. All Rights Reserved.

Powered by Safe Systems. Privacy Policy