IT Examiner School eBook

Internal Use Only

MATCH THE REGULATION TO THE INSTITUTION

A. Non-Depository

1. Appendix B, including Supplement, to Part 364

B. Credit Unions

2. Appendices A & B to 12 CFR 748

C. State Banks (FRB)

3. 16 CFR Part 314

D. Banks (FDIC)

4. Appendix D-2, including Supplement, to Part 208

Internal Use Only

Examination Approach Examples: Depository Institutions

Type of Entity

IT Exam Approaches/Rating Systems

Information Technology Risk Examination (InTREx) ; UFIRS/CAMELS, FFIEC Uniform Rating System for IT (URSIT); CAMEL, where “M” includes a review of information systems

Banks

Credit Unions

Trust Companies

FFIEC Uniform Interagency Trust Rating System (UITRS)

Foreign Banking Organizations & Bank Holding Companies

FRB, States; ROCA Rating System – where “O” is operational controls