IT Examiner School eBook

2

Management

Resources

• FFIEC IT Examination Handbook – Management

• FFIEC IT Examination Handbook – Outsourcing Technology Services

• Interagency Guidelines Establishing Standards for Safety and Soundness

• Interagency Guidelines Establishing Information Security Standards

• Interagency Guidelines on Identity Theft Detection, Prevention, and Mitigation

• Examination Documentation (ED) Module – Third-Party Risk

• FIL-52-2006 Foreign-Based Third-Party Service Providers Guidance on Managing Risk in These Outsourcing Relationships

• SR 13-19 Guidance on Managing Outsourcing Risk

Preliminary Review

Review items relating to Management, such as:

• The committees, names, and titles of the individual(s) responsible for managing IT and information security

• Board and IT-related committee minutes

• IT-related policies

• IT-related risk assessments, including cybersecurity

• Business and IT organization charts

• IT job descriptions

• Qualifications of key IT employees

• IT-related audits

• Insurance policies

• Strategic plans

• Succession plans

• IT budgets

Decision Factors

1. The level and quality of oversight and support of IT activities by the Board of Directors and management.

InTREx Mapping

6

Tandem, LLC | Copyright © 2024

Confidential - Internal Use Only