Search

Examination Experience Survey – preliminary results

Posted by on August 9, 2011 · Leave a Comment 

Although the survey is still open, I wanted to discuss one particular trend that I find interesting.  (If you’ve already participated, thank you!  Please pass the link on to a …
Read the rest of the article

Filed under From the Field · Tagged with , , ,

FDIC Institutions getting more UIGEA (Reg GG) findings – UPDATE 2

Posted by on July 27, 2011 · Leave a Comment 

Updated 12/5/2011 to add examination procedures*. 
Updated again 2/13/2012 to emphasize policy requirements.

We first saw this trend back in July 2011, and continue to see it, so I’m calling …
Read the rest of the article

Filed under From the Field · Tagged with , , , , ,

BCP plans continue to draw criticism

Posted by on July 21, 2011 · Leave a Comment 

In a recent FDIC IT Examination, the examiner made the following criticism of the institutions’ DR/BCP:

“Business continuity planing should focus on all critical business functions that need to be
Read the rest of the article

Filed under From the Field · Tagged with , , , , ,

Audits vs. Examinations

Posted by on June 27, 2011 · Leave a Comment 

As I speak with those in financial institutions responsible for responding to audit and examination requests, I find that there is considerable confusion over the differences between the two.  And …
Read the rest of the article

Filed under From the Field · Tagged with , , ,

SAR Filings – Computer Intrusion vs. Identity Theft

Posted by on June 7, 2011 · Leave a Comment 

The Financial Crimes Enforcement Network (FinCEN) publishes a statistical summary and review of all suspicious activity report (SAR) filings a couple of times per year.  The latest one …
Read the rest of the article

Filed under From the Field · Tagged with , , ,

The IT Strategic Plan – Why, Who, & How

Posted by on May 17, 2011 · Leave a Comment 

One of the most common examination findings recently (particularly with the FDIC) has been the lack of an IT Strategic Plan.  I’m not sure why the focus lately (perhaps the …
Read the rest of the article

Filed under From the Field · Tagged with , , , , ,

Using Technology to Drive Compliance

Posted by on May 11, 2011 · Leave a Comment 

In the past year to year and a half, nearly all of the IT examination findings I’ve seen have in the broad category of “documentation”, or more specifically, lack thereof.  …
Read the rest of the article

Filed under From the Field · Tagged with , , ,

“Concentration of duties”

Posted by on April 8, 2011 · Leave a Comment 

It is not unusual for a community financial institution with limited personnel to have the Information Security Officer (ISO) act as a backup network administrator.  In fact, this is a …
Read the rest of the article

Filed under From the Field · Tagged with , , ,

The Control Self-Assessment (CSA)

Posted by on April 4, 2011 · 8 Comments 

If there was a process that was mentioned 43 times in 7 of the 12 FFIEC IT Examination Handbooks, (including 12 times in the Information Security Handbook alone!), would you …
Read the rest of the article

Filed under From the Field · Tagged with , , , , , ,

IT Composite Ratings: 1 vs. 2

Posted by on March 23, 2011 · 1 Comment 

In a recent survey conducted with our customers, we asked them to tell us (anonymously) what their FDIC IT composite scores were after their last IT examination, and whether those …
Read the rest of the article

Filed under From the Field · Tagged with , , , , ,