FFIEC
Information Technology
Examination Handbook
Master Table of Contents
Table of Contents Listed by Booklets
Table of Contents Listed by Topics
Booklets
Audit
Business Continuity Planning
Development and Acquisition
E-Banking
Information Security
Management
Operations
Outsourcing Technology Services
Retail Payment Systems
Supervision of Technology Service Providers
INTRODUCTION
RISK-BASED SUPERVISION
Risk Assessment
Uniform Rating System for Information Technology
Risk Management
Audit and Internal Control
Supervisory Strategies
Objectives
Work Plans
Activities
SUPERVISORY PROCESS
FFIEC Work Products
Frequency of IT Examinations
Examination Responsibilities
Examination Planning
Examination Scope
Request Information
Entrance Meeting
Work Papers
Exit Conference
Board Meeting
FFIEC IT Report of Examination
Report Distribution
MULTI-REGIONAL DATA PROCESSING SERVICER PROGRAM
Responsibilities of Agency-In-Charge (AIC)
Risk Ranking OF MDPS Examinations
General Procedures
Pre-Examination Procedures
MDPS Examiner-in-Charge Responsibilities
Scope of Examination
Supervisory Timeline
Presentation of Findings and Recommendations
Work Papers and Workprograms
Regular Off-site Reviews
Report Preparation and Distribution
Report Preparation
Rating
Recommendations
Distribution
SHARED APPLICATION SOFTWARE REVIEWS
Purpose of the SASR Program
Objectives of the SASR Program
Responsibility
Program Administration
APPENDIX A: EXAMINATION PLANNING PROCEDURES
APPENDIX B: EXAMINATION PRIORITY RANKING SHEET
APPENDIX C: REPORT OF EXAMINATION
APPENDIX D: UNIFORM RATING SYSTEM FOR INFORMATION TECHNOLOGY
Wholesale Payment Systems
Home
IT Booklets
Glossary
Presentations
Resources
