Compliance Guru • FFIEC Guidance
  • Ask the Guru
  • The Guru Speaks
  • About
  • Ask the Guru
  • The Guru Speaks
  • About
The Compliance Guru Pictogram

Are You Ready for the New BCM Handbook?

Take the Quiz

Moving Beyond the ACET: Next Steps

Get a Copy

Role of the Information Security Officer

Get a Copy

By Tom Hinkel  |  In Ask the Guru, From the Field

Ask the Guru: The IT Audit “Scope”

Hey Guru Our examiner is asking about the “scope” of our IT audits. What is she referring to, and how do we define a reasonable scope? Audit results are one of the first things examiners want to see, and the “scope” of the audit is very important to examiners.  In fact, the term is used […]

Read Post 2
By Tom Hinkel  |  In From the Field

The Problem with PEN Tests

This is a true story, the names have been changed to protect the guilty. Al Akazam (not his real name) is an IT consultant with a solid background in
Read the rest of the article

Read Post 3
By Tom Hinkel  |  In From the Field

Bank Directors and Officers targeted in 2011

The final numbers are in for 2011, and it was a record year for Director and Officer (D&O) lawsuits by the FDIC.  In 2011 alone, 264 defendants were named in FDIC lawsuits.  To put that in perspective, that’s more than twice the number sued in the previous 2 years combined.  Some of the most frequently […]

Read Post 0
By Tom Hinkel  |  In From the Field

Access Rights a frequent finding

In reviewing recent audit and examination findings, the issue of access rights and permissions is coming up with increasing regularity.  Making sure that end-users have no more access rights than absolutely necessary to do their job is one of the best information security controls.  According to the FFIEC, formal access rights administration for users consists […]

Read Post 1
By Tom Hinkel  |  In From the Field

Audits vs. Examinations

As I speak with those in financial institutions responsible for responding to audit and examination requests, I find that there is considerable confusion over the differences between the two.  And some of this confusion is understandable…there is certainly some overlap between them, but there are also considerable differences in the nature and scope of each […]

Read Post 0
By Tom Hinkel  |  In From the Field

Using Technology to Drive Compliance

In the past year to year and a half, nearly all of the IT examination findings I’ve seen have in the broad category of “documentation”, or more specifically, lack thereof.  In other words, policies and procedures were satisfactory, but documentation was either non-existent, or insufficient, to demonstrate that actual practices followed policy and procedure. To […]

Read Post 0
By Tom Hinkel  |  In From the Field

The Control Self-Assessment (CSA)

If there was a process that was mentioned 43 times in 7 of the 12 FFIEC IT Examination Handbooks, (including 12 times in the Information Security Handbook alone!), would you consider implementing it?  How about if it virtually assured better audits and examinations?  OK, you’re interested, but the last thing you need is to implement […]

Read Post 8
By Tom Hinkel  |  In From the Field

IT Composite Ratings: 1 vs. 2

In a recent survey conducted with our customers, we asked them to tell us (anonymously) what their FDIC IT composite scores were after their last IT examination, and whether those scores increased (got worse), or decreased (got better).  The average score was 1.8 on the 5 point scale.  Of course the results could be attributed […]

Read Post 1
By Tom Hinkel  |  In Hot Topics

Auditor rotation – pro and con

The practice of periodically changing, or rotating, your external auditor has been a topic of interest with our customers lately, and there are two schools of thought on this. The pro-rotation side takes the position that a different set of eyes…

Read Post 0
By Tom Hinkel  |  In Hot Topics

Top 5 Compliance Trends for 2011 – Part 2

A recent survey of auditors and examiners asked:

During the past year, in which category would you say MOST of your IT audit/exam findings occurred?

Read Post 0
By Tom Hinkel  |  In Hot Topics

Top 5 Compliance Trends for 2011 – Part 1

I recently looked back at 2010, and the predictions I made a year ago.  This post begins a series of the top regulatory compliance trends for the current year.  I’m going to focus on the top 5, and my sources for these are the following: Recent audit and examination experience from our customers Recently released […]

Read Post 1
Newer
12
Older

Join Our Community

Browse Posts

  • Ask the Guru
  • Ask the ISO
  • From the Field
  • Hot Topics
  • Reading Between the Lines
  • Resources

Copyright ©2021 Compliance Guru®.
All Rights Reserved.

Powered by Safe Systems. Privacy Policy

Stay up to date with these pandemic resources for community banking.See COVID-19 Resources
+