IT Examiner School eBook May 2025

Institution Name: Click here to enter institution name Cert# Choose an item.

Information Technology Risk Examination

Preparer: Click here to enter preparer name Start Date: Click here to select a start date

Support and Delivery

Core Analysis

Complete the following procedures at each examination. The resources listed below are not intended to be all inclusive, and additional guidance may exist. Resources  FFIEC IT Examination Handbook – Operations, Information Security, and Business Continuity Management booklets  Interagency Guidelines Establishing Standards for Safety and Soundness  nteragency Guidelines Establishing Information Security Standards  Interagency Statement on Pandemic Planning  FFIEC Guidance on Authentication in an Internet Banking Environment (2005 and 2011)  Review items relating to internal or external IT audits, such as:  Prior examination reports and workpapers  Pre-examination memoranda and file correspondence  Operations-related policies  Network topology  Cybersecurity self-assessments  Internal and external IT audit reports  Board and committee minutes related to IT  Information Technology Profile  Business continuity management plan  Network vulnerability assessments/penetration tests  Regulatory reports (e.g., TSP reports) Note: refer to the FFIEC IT Examination Handbook - Audit if additional analysis is necessary to complete this module. Preliminary Review