IT Examiner School eBook May 2025

Procedure 2 Evaluate the adequacy of controls for item processing functions, including check imaging. Consider the following:  Controls over teller/branch imaging  Security over the capture, storage, and transmission of images (e.g. back office conversion, accounts receivable conversion, mobile banking) Click here to enter comments Control Test Verify that scanned items are destroyed in a manner and within the timeframe outlined in institution policy. Enter Control Test notes here, if performed Decision Factor 2 Strong ☐ Satisfactory ☐ Less than satisfactory ☐ Deficient ☐ Critically deficient ☐ The adequacy of resilience, continuity, and response capabilities to safeguard personnel, customers, and products and services. Procedure 3 Determine whether the board and senior management periodically review and approve the following:  BCM responsibility and accountability  BCM resource allocation  Alignment of business strategy and risk appetite  Business continuity risks and adopting policies and plans to manage events  Business continuity exercise/test strategy  Business continuity training strategy  Business continuity operating/performance results, including exercise/test results  Resolution plan(s) for identified weaknesses Click here to enter comments Click here to enter comments

Baseline Cybersecurity Statements Check if not met (x)  A formal backup and recovery plan exists for all critical business lines