Tag: FFIEC

  • The Control Self-Assessment (CSA)

    If there was a process that was mentioned 43 times in 7 of the 12 FFIEC IT Examination Handbooks, (including 12 times in the Information Security Handbook alone!), would you consider implementing it?  How about if it virtually assured better audits and examinations?  OK, you’re interested, but the last thing you need is to implement…

  • The RSA breach, and 5 things you should do

    For those of us already waiting for the latest update on guidance from the FFIEC on Internet Authentication, the news of the recent RSA SecurID breach complicates things a bit. One-time password (OTP) hardware devices (tokens…

  • AICPA finalizes SAS 70 replacement

    I wrote about this here as well, but it’s now official:  The AICPA has clarified the SAS 70 replacement reports.  They are actually officially being referred to as “Service Organization Control Reports (formerly SAS 70 reports)”. The new SOC reports provide a framework for auditors to examine controls and to help senior management understand the…

  • Management of IT reflects overall management

    (This is an extract from an article written for Bank Technology News. The full article is here.) One of the reasons compelling the shift towards increased focus on IT is found in the only non-financial element in the CAMELS ratings: management…

  • Top 5 Compliance Trends for 2011 – Part 4

    According to the FFIEC IT Examination Management Handbook, many institutions choose to delegate responsibility for monitoring IT activities to an IT Steering Committee.  I also addressed this here.  One of the most important roles of the IT Steering Committee is to ensure that the IT strategy is aligned with the overall business strategy.  And the…

  • FFIEC to issue updated authentication guidance?

    I’ve been hearing this rumor for a while now, but we may actually be seeing something new from the FFIEC soon. Gartner is the latest to suggest