New Handbook Released for FFIEC IT Exam

By John Hock, CPA, CISA, CITP, SOC – Manager, IT Advisory and Security Group

Recently, the Federal Financial Institutions Examination Council (FFIEC) issued a new booklet in the FFIEC Information Technology Examination Handbook series. The new booklet titled “Architecture, Infrastructure, and Operations” will replace the “Operations” booklet originally issued in July 2004.

This new booklet, double in size from its 2004 predecessor, provides expanded guidance to help financial institution examiners assess the risk profile and adequacy of an entity’s information technology architecture, infrastructure and operations. It discusses specifics related to the interconnectedness among an entity’s assets, processes and third-party service providers, as well as the principles, processes, potential threats and examination procedures to help examiners assess whether a financial entity’s management adequately addresses risks and complies with applicable laws and regulations.

Many concepts, although not new, were expanded on in the new booklet including hardware and software inventories, environmental controls, roles and responsibilities for the Board, senior management and IT operations management. It also addresses some new concepts or processes, such as:

• The role of Chief Architect and their responsibility for IT architecture
• The role of Chief Data Officer and their responsibility for enterprise-wide governance and use of information or data.
• Evolving technologies, such as cloud computing, zero trust architecture, internet of things, artificial intelligence and more.

Need IT Help?

Doeren Mayhew is well positioned to help your financial institution with all things IT. Taking a business-oriented approach, our IT Advisory and Security Group can assist in creating a strong foundation of controls to manage your institution’s IT risks and demanding IT compliance through a menu of services, tailorable to your organization’s needs. Contact us today to learn more.