2023 IT Examiner School

Summary Comment - Cybersecurity (Cybersecurity assessment comment should be included in the Report of Examination) C.1. After completing the cybersecurity-related examination procedures contained in the Core Modules, summarize the adequacy of the institution’s cybersecurity preparedness, including risk identification processes and mitigating controls. Click here to enter comment

Strong ☐

Satisfactory ☐

Less than satisfactory ☐

Deficient ☐

Critically deficient ☐

End of Workpaper.

Institution Name: Click here to enter institution name Cert# Click here to enter cert number

Information Technology Risk Examination

Preparer: Click here to enter preparer Start Date: Click here to select a start date

Management: Expanded Analysis

Expanded Analysis Decision Factors

This section provides additional examination procedures for IT products and services not specifically addressed in the Core Modules or that may need additional analysis. Expanded Decision Factors – Management E.M.1. The adequacy of controls over cloud computing. ▼ Procedures #1-2 Click here to enter comment Strong ☐ Satisfactory ☐ Less than satisfactory ☐ Deficient ☐ Critically deficient ☐ E.M.2. The adequacy of involvement in service provider user groups . ▼ Procedure #3 Click here to enter comment Strong ☐ Satisfactory ☐ Less than satisfactory ☐ Deficient ☐ Critically deficient ☐ E.M.3. Oversight of critical service providers’ information security programs . ▼ Procedure #4 Click here to enter comment Strong ☐ Satisfactory ☐ Less than satisfactory ☐ Deficient ☐ Critically deficient ☐ E.M.4. The adequacy of controls over managed security service providers . ▼ Procedure #5 Click here to enter comment Strong ☐ Satisfactory ☐ Less than satisfactory ☐ Deficient ☐ Critically deficient ☐