WASHINGTON—Members of the Federal Financial Institutions Examination Council Tuesday issued a revised Management booklet, which is part of the FFIEC Information Technology Examination Handbook.
The Management booklet (IT Handbook), including the examination procedures, has been substantially revised, the agencies said in a joint release. The booklet outlines the principles of sound governance and information technology governance and explains how IT risk management relates to enterprise-wide risk management and governance.
The FFIEC stated that the updated examination procedures assist examiners in evaluating the following areas:
- IT governance as part of overall governance in financial institutions.
- IT risk management as part of enterprise-wide risk management in financial institutions.
Other relevant changes include:
- Incorporation of cybersecurity concepts as part of information security.
- Incorporation of management-related concepts from other booklets of the IT Handbook.
- Augmentation and further delineation of the stages of the IT risk management process, including risk identification, measurement, mitigation, monitoring, and reporting.
The IT Handbook is available at http://ithandbook.ffiec.gov/it-booklets/management.aspx.
FFIEC members are the NCUA, FDIC OCC, Federal Reserve and the CFPB.