IT Examiner School

Events Requiring Management’s Action/Attention (continued)

• An enterprise-wide governance focus or project • Key management change - new CIO, CTO, CFO, COO, and/or CEO • Audit engagement or consultant assessment that uncovers significant issues • A new business strategy or priority

FFIEC IT Service Provider Examinations • ROEs are generated and are available for: • State Banking Departments (get from CSBS, FDIC, FRB, or NCUA) • Insured Financial Institutions (only if an active client) • Only primary federal regulator can release them to FIs (banks and CUs) • States don’t have authority to release these ROEs to financial entities • For FIs, they only get the Open Section and no IT Ratings • SBDs get full copy of ROE