Agencies

Anti-Money Laundering

Business Continuity & Disaster Recovery

Compliance

Emerging Technology

Governance and Standards

Identity Theft

Leadership Management

Physical Security

Risk Management

Training & Education

Webinar Calendar

Vendor Directory

Content Library

Products

Events

About Us

Resources

Information Technology Risk Management Program (IT-RMP) Examination Procedures

< Back

The banking regulatory agencies examine banking practices, including Information Technology, at the banking institutions they oversee on periodic basis. In this presentation, you will hear about the basic tenants behind the Information Technology (IT) examinations conducted by the Federal Deposit Insurance Corporation using Information Technology Risk Management Program (IT-RMP). The previous process for examination procedures focused on broad-based technology and control reviews. However, the examinations based on the IT-RMP framework place considerable emphasis on the information security program content and the overall program management. It also takes into account assurances obtained through audit, testing and independent reviews.

The examination procedures based on the IT Risk Management Program apply to all FDIC-supervised institutions, regardless of size, technical complexity or prior examination rating.

An important component of IT-RMP framework is the IT Examination Officer’s Questionnaire. This questionnaire must be completed and signed by an officer of the institution and returned to the FDIC examiner-in-charge prior to onsite activities.

During this presentation, we will address how the preliminary information gathered via Officer’s Questionnaire is applied – i) in choosing appropriate workprograms suitable for the institution being examined and ii) in identifying the necessary examiner IT skill and experience necessary for conducting each exam. This presentation will prepare the attendees in responding to the pre-examination IT Questionnaire in the most appropriate and accurate manner.

Based on the preliminary information provided by an institution on the technology in use and the applicable practices, and the information available on the previous examinations, bank examiners develop an initial scope for each IT exam. However, examiners have considerable discretion to expand or contract the scope once onsite, and to utilize any agency-specific or FFIEC approved work program targeting specific technologies or functions (wire transfer systems, ACH, etc).

During the course of this presentation, the attendees will gain an understanding of how the regulatory examinations are based on the concepts and guidance provided by the regulatory agencies, information provided in FFIEC IT Examination Handbook and the industry best practices.

> Register for this webinar