Tag: Audit

  • The Control Self-Assessment (CSA)

    If there was a process that was mentioned 43 times in 7 of the 12 FFIEC IT Examination Handbooks, (including 12 times in the Information Security Handbook alone!), would you consider implementing it?  How about if it virtually assured better audits and examinations?  OK, you’re interested, but the last thing you need is to implement…

  • IT Composite Ratings: 1 vs. 2

    In a recent survey conducted with our customers, we asked them to tell us (anonymously) what their FDIC IT composite scores were after their last IT examination, and whether those scores increased (got worse), or decreased (got better).  The average score was 1.8 on the 5 point scale.  Of course the results could be attributed…

  • Auditor rotation – pro and con

    The practice of periodically changing, or rotating, your external auditor has been a topic of interest with our customers lately, and there are two schools of thought on this. The pro-rotation side takes the position that a different set of eyes…

  • Top 5 Compliance Trends for 2011 – Part 2

    A recent survey of auditors and examiners asked: During the past year, in which category would you say MOST of your IT audit/exam findings occurred?

  • Top 5 Compliance Trends for 2011 – Part 1

    I recently looked back at 2010, and the predictions I made a year ago.  This post begins a series of the top regulatory compliance trends for the current year.  I’m going to focus on the top 5, and my sources for these are the following: Recent audit and examination experience from our customers Recently released…

  • Looking back – 2010 compliance hits & misses

    Every year about this time, I’m asked to look ahead to the upcoming year and prognosticate on regulatory compliance trends.  I  intend to do just that in a future post, but today I wanted to do something very few other prognosticators do…look back at last years’ predictions and see which ones hit and which missed…