FFIEC outlines IT governance in revised booklet

NOV. 10, 2015 -- Principles of sound information technology governance are outlined in a revised Management booklet by the Federal Financial Institutions Examination Council (FFIEC), released today.

The Council stated in a release that the booklet – which is part of the FFIEC Information Technology Examination Handbook (IT Handbook) and covers sound governance and includes exam procedures – has been substantially revised. The booklet, the Council stated, explains how IT risk management relates to enterprise-wide risk management and governance.

The release stated that the updated examination procedures assist examiners in evaluating:

  • IT governance as part of overall governance in financial institutions.
  • IT risk management as part of  enterprise-wide risk management in financial institutions.

Other relevant changes include:

•             Incorporation of cybersecurity concepts as part of information security.
•             Incorporation of management-related concepts from other booklets of the IT Handbook.
•             Augmentation and further delineation of the stages of the IT risk management process, including risk identification, measurement, mitigation, monitoring, and reporting.

FFIEC IT Handbook

News Story Archive