IT Examiner School

Management Module Conclusions (continued)

The IT Examination Program is a management- focused approach • Do not focus solely on technical issues • Assess management’s actions in relation to the technical issues • Assess how well management is carrying out its responsibilities regarding planning, directing, organizing & controlling the risks related to IT

Regulatory Guidance- Management

 FFIEC IT Handbook: Management  FFIEC IT Handbook: Outsourcing Technology Services

 Interagency Guidelines Establishing Standards for Safety & Soundness  Interagency Guidelines Establishing Information Security Standards  Interagency Guidelines on Identity Theft Detection, Prevention & Mitigation  FDIC FIL-44-2008: Guidance on Managing Third-Party Risk  FRB SR 13-19/ CA 13-21: Guidance on Managing Outsourcing Risk