IT Examiner School - Oct 2023

Internal Use Only

InTREx for the Management Component

27

Internal Use Only

InTREx Examination Resources Complete the following procedures at each examination. The resources listed below are not intended to be all inclusive, and additional guidance may exist.

Resources

 FFIEC IT Examination Handbook – Management  FFIEC IT Examination Handbook – Outsourcing Technology Services  Interagency Guidelines Establishing Standards for Safety and Soundness  Interagency Guidelines Establishing Information Security Standards  Examination Documentation (ED) Module – Third-Party Risk  FIL-52-2006 Foreign-Based Third-Party Service Providers Guidance on Managing Risk in These Outsourcing Relationships  SR 13-19 Guidance on Managing Outsourcing Risk Preliminary Review Review items relating to Management, such as:  The committees, names, and titles of the individual(s) responsible for managing IT and information securi  Board and IT-related committee minutes  IT-related policies  IT-related risk assessments, including cybersecurity  Business and IT organization charts  IT job descriptions  Qualifications of key IT employees

 IT-related audits  Insurance policies  Strategic plans  Succession plans  IT budgets

28