2023 IT Examiner School

Internal Use Only

M.3. The adequacy of, and conformance with, internal policies and controls addressing IT operations and risks significant business activities. Refer to Core Analysis Procedure #5. Click here to enter comment Strong ☐ Satisfactory ☐ Less than satisfactory ☐ Deficient ☐ Critically deficient ☒

Internal Use Only

M.4. The level of awareness of and compliance with laws and regulations. Refer to Core Analysis Procedures 11. Click here to enter comment Strong ☐ Satisfactory ☐ Less than satisfactory ☐ Deficient ☐ Critically deficient ☐ M.5. The level of planning for management succession. Refer to Core Analysis Procedure #12 .

Click here to enter comment Strong ☐

Satisfactory ☐

Less than satisfactory ☐

Deficient ☐

Critically deficient ☐

M.6. The adequacy of contracts and management's ability to monitor relationships with third-party servicers. R to Core Analysis Procedure #13 . Click here to enter comment Strong ☐ Satisfactory ☐ Less than satisfactory ☐ Deficient ☐ Critically deficient ☐ M.7. The adequacy of risk assessment processes to identify, measure, monitor, and control risks. Refer to Core Analysis Procedures #14-16 . Click here to enter comment Strong ☐ Satisfactory ☐ Less than satisfactory ☐ Deficient ☐ Critically deficient ☐