IT Examiner School eBook May 2025

2

Management

Resources

• FFIEC IT Examination Handbook – Management

• FFIEC IT Examination Handbook – Outsourcing Technology Services

• Interagency Guidelines Establishing Standards for Safety and Soundness

• Interagency Guidelines Establishing Information Security Standards

• Interagency Guidelines on Identity Theft Detection, Prevention, and Mitigation

• Examination Documentation (ED) Module – Third-Party Risk

• FIL-52-2006 Foreign-Based Third-Party Service Providers Guidance on Managing Risk in These Outsourcing Relationships

• SR 13-19 Guidance on Managing Outsourcing Risk

Preliminary Review

Review items relating to Management, such as:

• The committees, names, and titles of the individual(s) responsible for managing IT and information security

Board and IT-related committee minutes

•

IT-related policies

•

• IT-related risk assessments, including cybersecurity

Business and IT organization charts

•

IT job descriptions

•

Qualifications of key IT employees

•

IT-related audits

•

Insurance policies

•

Strategic plans

•

Succession plans

•

IT budgets

•

Decision Factors

1. The level and quality of oversight and support of IT activities by the Board of Directors and management.

InTREx Mapping

6

Tandem, LLC | Copyright © 2024

Confidential - Internal Use Only