Regulators update examiner handbook assessing IT practices
The Federal Financial Institutions Examination Council (FFIEC) has issued a new booklet to help examiners assess information technology practices.
The “Development, Acquisition, and Maintenance” booklet:
- Provides examiners with fundamental examination expectations regarding entities’ development and acquisition planning and execution, governance and risk management, and maintenance and change management practices;
- Discusses the interconnectedness of entities and third-party service providers to help examiners assess whether management adequately addresses risks and complies with applicable laws and regulations;
- Reflects the changing technological environment and increasing need for security and resilience; and
- Highlights the importance of providing examiners with current information regarding safety and soundness, consumer protection, and provision of secure and resilient business services to customers.
It replaces the “Development and Acquisition” booklet issued in April 2004.