IT Examiner School, Seaside, CA

InTREx Examination Resources

Complete the following procedures at each examination. The resources listed below are not intended to be all inclusive, and additional guidance may exist.

Resources

▪ FFIEC IT Examination Handbook – Management ▪ FFIEC IT Examination Handbook – Outsourcing Technology Services ▪ Interagency Guidelines Establishing Standards for Safety and Soundness ▪ Interagency Guidelines Establishing Information Security Standards ▪ Examination Documentation (ED) Module – Third-Party Risk ▪ FIL-52-2006 Foreign-Based Third-Party Service Providers Guidance on Managing Risk in These Outsourcing Relationships ▪ SR 13-19 Guidance on Managing Outsourcing Risk

Preliminary Review

Review items relating to Management, such as:

▪ The committees, names, and titles of the individual(s) responsible for managing IT and information security ▪ Board and IT-related committee minutes ▪ IT-related policies ▪ IT-related risk assessments, including cybersecurity ▪ Business and IT organization charts ▪ IT job descriptions ▪ Qualifications of key IT employees ▪ IT-related audits ▪ Insurance policies ▪ Strategic plans ▪ Succession plans ▪ IT budgets

InTREx Management Decision Factors

In formation T echnology R isk Ex amination

Institution Name: Click here to enter institution name

Cert# Click here to enter cert number

Preparer: Click here to enter preparer name

Management

Start Date: Click here to select start date

Core Analysis Decision Factors

Note: refer to the applicable FFIEC IT Examination Handbooks if additional analysis is necessary to complete this module.

Decision Factors – Management

M.1. The level and quality of oversight and support of IT activities by the Board of Directors and management. Refer to Core Analysis Procedures #1-3 .

Click here to enter comment

Strong ☐

Satisfactory ☐

Less than satisfactory ☐

Deficient ☐

Critically deficient ☐

Made with FlippingBook - Online catalogs