IT Examiner School eBook May 2025

The risk assessment is updated to address new technologies, products, services, and connections before deployment. Click here to enter comment 14. Evaluate the risk monitoring reports provided to the Board and/or senior management. Consider the following:  Major IT projects  Security incidents, including cyber incidents  System availability and capacity  Network security, including firewalls and intrusion detection/prevention  Patch management Decision Factor 7 ▲ Control Test Review a sample of risk monitoring reports to ensure comprehensive and timely reporting.

Click here to enter comment

15. Evaluate management’s process for determining the adequacy of IT insurance policies. Consider the following:  Employee fidelity  IT equipment and facilities  Media reconstruction  E-banking

 Electronic funds transfer  Business interruptions  Errors and omissions  Extra expenses, including backup site expenses

Decision Factor 7 ▲

Control Test Review insurance policies to ensure coverage of IT activities.

Click here to enter comment

Supplemental Workprograms ( as applicable)

Outsourcing / Vendor Management / Third-Party Risk Note: Basic outsourcing concepts are addressed in the Management, Support and Delivery, and Development and Acquisition Modules. If expanded examination procedures are warranted, refer to the Expanded Management Module. Also available are the Third-Party Risk Examination Documentation (ED) Module, the FFIEC IT Examination Handbook - Outsourcing Technology Services, and FIL-3-2012 Revised Payment Processor Relationships Guidance. Coordinate with examination efforts in the areas of risk management, BSA, and consumer protection. If additional procedures are used, enter a summary of findings below. Click here to enter comment