-
Examination Experience Survey – preliminary results
Although the survey is still open, I wanted to discuss one particular trend that I find interesting. (If you’ve already participated, thank you! Please pass the link on to a colleague at another institution. If you haven’t had a chance to fill it out, please do so. The survey will remain open until 8/19). One…
-
BCP plans continue to draw criticism
In a recent FDIC IT Examination, the examiner made the following criticism of the institutions’ DR/BCP: “Business continuity planing should focus on all critical business functions that need to be recovered to resume operations. Continuity planing for technology alone should no longer be the primary focus of a BCP, but rather viewed as one critical…
-
Audits vs. Examinations
As I speak with those in financial institutions responsible for responding to audit and examination requests, I find that there is considerable confusion over the differences between the two. And some of this confusion is understandable…there is certainly some overlap between them, but there are also considerable differences in the nature and scope of each…
-
Using Technology to Drive Compliance
In the past year to year and a half, nearly all of the IT examination findings I’ve seen have in the broad category of “documentation”, or more specifically, lack thereof. In other words, policies and procedures were satisfactory, but documentation was either non-existent, or insufficient, to demonstrate that actual practices followed policy and procedure. To…