Tag: Examination

  • “Concentration of duties”

    It is not unusual for a community financial institution with limited personnel to have the Information Security Officer (ISO) act as a backup network administrator.  In fact, this is a relatively common practice in an environment where key personnel will typically wear several hats.  And there are practical reasons for this; the ISO is typically…

  • The Control Self-Assessment (CSA)

    If there was a process that was mentioned 43 times in 7 of the 12 FFIEC IT Examination Handbooks, (including 12 times in the Information Security Handbook alone!), would you consider implementing it?  How about if it virtually assured better audits and examinations?  OK, you’re interested, but the last thing you need is to implement…

  • IT Composite Ratings: 1 vs. 2

    In a recent survey conducted with our customers, we asked them to tell us (anonymously) what their FDIC IT composite scores were after their last IT examination, and whether those scores increased (got worse), or decreased (got better).  The average score was 1.8 on the 5 point scale.  Of course the results could be attributed…

  • FDIC issues new FIL…

    …and pretty much confirms what most of us already knew; regulatory scrutiny has increased across the board.  FIL-13-2011 entitled “Reminder on FDIC Examination Findings” was just released March 1st, and in spite of the title,  is not so much a reminder but a response.  Here is the one-line summary: “Recently, the FDIC has received some…

  • Management of IT reflects overall management

    (This is an extract from an article written for Bank Technology News. The full article is here.) One of the reasons compelling the shift towards increased focus on IT is found in the only non-financial element in the CAMELS ratings: management…

  • Top 5 Compliance Trends for 2011 – Part 4

    According to the FFIEC IT Examination Management Handbook, many institutions choose to delegate responsibility for monitoring IT activities to an IT Steering Committee.  I also addressed this here.  One of the most important roles of the IT Steering Committee is to ensure that the IT strategy is aligned with the overall business strategy.  And the…