Information Technology Examiner Guidance Issued

All companies rely heavily on technology to carry on business in today's world. This is especially true for financial services companies that are trying to reach more customers with more products, more efficiently. The Office of Thrift Supervision issued RB-37-15, Information Technology Risks and Controls, in Apr 2006 as part of the management section of the examination handbook. The handbook section is intended to present examination guidance for assessing IT risks in the comprehensive examinations for institutions that do not undergo a separate IT examination. Initially, examiners will review the IT environment, determine the risks, evaluate management's oversight activities, including technology audit work, and assess the strength of the control activities. Another area examiners will look at is the audit and independent review of the IT area. The audit function provides a framework for assessing the effectiveness of the risk management practices. The guidance is a good overview of all of the elements that are involved in the IT examination process.