FFIEC outlines IT governance in revised booklet
NOV. 10, 2015 -- Principles of sound information technology governance are outlined in a revised Management booklet by the Federal Financial Institutions Examination Council (FFIEC), released today.
The Council stated in a release that the booklet – which is part of the FFIEC Information Technology Examination Handbook (IT Handbook) and covers sound governance and includes exam procedures – has been substantially revised. The booklet, the Council stated, explains how IT risk management relates to enterprise-wide risk management and governance.
The release stated that the updated examination procedures assist examiners in evaluating:
- IT governance as part of overall governance in financial institutions.
- IT risk management as part of enterprise-wide risk management in financial institutions.
Other relevant changes include:
• Incorporation of cybersecurity concepts as part of information security.
• Incorporation of management-related concepts from other booklets of the IT Handbook.
• Augmentation and further delineation of the stages of the IT risk management process, including risk identification, measurement, mitigation, monitoring, and reporting.
FFIEC IT Handbook