Financial Regulators Release Revised Management Booklet
By Anna DeSimone
November 10, 2015 the Federal Financial Institutions Examination Council (FFIEC) members issued a revised Management booklet, which is part of the FFIEC Information Technology Examination Handbook (IT Handbook).
The Management booklet, including the examination procedures, has been substantially revised. The booklet outlines the principles of sound governance and, more specifically, information technology (IT) governance. The booklet explains how IT risk management relates to enterprise-wide risk management and governance.
The updated examination procedures assist examiners in evaluating the following areas:
- IT governance as part of overall governance in financial institutions.
- IT risk management as part of enterprise-wide risk management in financial institutions.
Other relevant changes include:
- Incorporation of cybersecurity concepts as part of information security.
- Incorporation of management-related concepts from other booklets of the IT Handbook.
- Augmentation and further delineation of the stages of the IT risk management process, including risk identification, measurement, mitigation, monitoring, and reporting.
About the Author
Anna DeSimone is President and Founder of Bankers Advisory and Principal of CliftonLarsonAllen LLP. She can be reached at
Anna DeSimone founded Bankers Advisory in 1986 and is a nationally recognized authority in residential mortgage lending. She has received numerous industry awards and has authored more than 40 best practices guides and hundreds of articles.
Comments are closed.