IT Examiner School, Seaside, CA
InTREx Examination Resources
Complete the following procedures at each examination. The resources listed below are not intended to be all inclusive, and additional guidance may exist.
Resources
▪ FFIEC IT Examination Handbook – Management ▪ FFIEC IT Examination Handbook – Outsourcing Technology Services ▪ Interagency Guidelines Establishing Standards for Safety and Soundness ▪ Interagency Guidelines Establishing Information Security Standards ▪ Examination Documentation (ED) Module – Third-Party Risk ▪ FIL-52-2006 Foreign-Based Third-Party Service Providers Guidance on Managing Risk in These Outsourcing Relationships ▪ SR 13-19 Guidance on Managing Outsourcing Risk
Preliminary Review
Review items relating to Management, such as:
▪ The committees, names, and titles of the individual(s) responsible for managing IT and information security ▪ Board and IT-related committee minutes ▪ IT-related policies ▪ IT-related risk assessments, including cybersecurity ▪ Business and IT organization charts ▪ IT job descriptions ▪ Qualifications of key IT employees ▪ IT-related audits ▪ Insurance policies ▪ Strategic plans ▪ Succession plans ▪ IT budgets
InTREx Management Decision Factors
In formation T echnology R isk Ex amination
Institution Name: Click here to enter institution name
Cert# Click here to enter cert number
Preparer: Click here to enter preparer name
Management
Start Date: Click here to select start date
Core Analysis Decision Factors
Note: refer to the applicable FFIEC IT Examination Handbooks if additional analysis is necessary to complete this module.
Decision Factors – Management
M.1. The level and quality of oversight and support of IT activities by the Board of Directors and management. Refer to Core Analysis Procedures #1-3 .
Click here to enter comment
Strong ☐
Satisfactory ☐
Less than satisfactory ☐
Deficient ☐
Critically deficient ☐
Made with FlippingBook - Online catalogs