-
The IT Steering Committee – Should or Must?
At a recent user group meeting of one of the major core vendors for community banks, I asked the question ‘how many of you use an IT or Tech Steering Committee?’. I was expecting a vast majority of hands to go up, but only about half did. This was surprising to me, given that: The…
-
5 Key Elements of Risk Management
As a financial institution, it sometimes seems that everything you do requires a risk assessment. Information security, disaster recovery, ID theft, remote deposit capture, outsourcing, in fact the term “risk assessment” appears 215 times in the FFIEC IT Examination Handbooks. But a risk assessment is only one step of a five step risk management process…and…
-
Thankful for…Appendix A?!
When you were a kid, you hated the “pop quiz” right? But if the teacher allowed you to use your notes and textbooks, you felt like you at least had a fighting chance. I’ve taken both proctored and “open book” certification exams, and I’ve always felt that open-book exams more accurately reflected how most of…
-
Dodd-Frank and regulatory compliance
In an excellent article by Lori Moore of ATTUS Technologies, she states that there are multiple reasons why bank examiners may be ramping up scrutiny: “Examiners who may already be on the defensive in regard to criticism about their actions prior to the fall 2008. Examiners who now have the Dodd-Frank Act on their side,…
-
DR Plans – Compliant or Recoverable?
When addressing the issue of your disaster recovery plan, the ultimate goal is both. But if you’re faced with limited resources (time, personnel, and money), and need to decide whether you’ll conduct a test or re-write your existing plan, what should you do? A successful test demonstrates that you can recover if you have to. …
-
SSAE 16 replaces SAS 70 (…sort of) – UPDATE 2
In my last post I indicated that the AICPA would have additional guidance on this topic this fall. It appears that we may now have to wait until early 2011. According to this document from the AICPA, “The existing (AICPA Audit) guide is being overhauled and rewritten to reflect the requirements and guidance in SSAE…
