-
The IT Strategic Plan – Why, Who, & How
One of the most common examination findings recently (particularly with the FDIC) has been the lack of an IT Strategic Plan. I’m not sure why the focus lately (perhaps the shift from the CAMELS “A” to the “M”?), but the concept is certainly not new. The regulatory mandate for it is found in the 2004…
-
The Control Self-Assessment (CSA)
If there was a process that was mentioned 43 times in 7 of the 12 FFIEC IT Examination Handbooks, (including 12 times in the Information Security Handbook alone!), would you consider implementing it? How about if it virtually assured better audits and examinations? OK, you’re interested, but the last thing you need is to implement…
-
IT Composite Ratings: 1 vs. 2
In a recent survey conducted with our customers, we asked them to tell us (anonymously) what their FDIC IT composite scores were after their last IT examination, and whether those scores increased (got worse), or decreased (got better). The average score was 1.8 on the 5 point scale. Of course the results could be attributed…
-
Management of IT reflects overall management
(This is an extract from an article written for Bank Technology News. The full article is here.) One of the reasons compelling the shift towards increased focus on IT is found in the only non-financial element in the CAMELS ratings: management…
-
The Pendulum Swings in 2011?
I’ll be posting my list of audit and examination trends for 2011 soon, but this article by me on a similar topic was just published in Bank Technology News.
-
CAMELS ratings and regulatory reform
The ability of management to respond to changing circumstances, and to address the risks that may arise from changing business conditions, has become an area of increased examiner scrutiny in the wake of recent large financial institution failures. Accordingly, the “Management” component is given special consideration when assigning a CAMELS composite rating. What are the…
