WASHINGTON (11/12/15)--Federal regulators released a substantially revised management booklet Tuesday, part of the Federal Financial Institutions Examination Council’s (FFIEC) Information Technology Handbook.

According to the FFIEC, the management booklet is designed to outline the principles of sound governance, and more specifically, information technology (IT) governance. The booklet explains how IT risk management relates to enterprise-wide risk management and governance.

The updated examination procedures assist examiners in evaluating IT governance as part of overall governance in financial institutions; and IT risk management as part of enterprise-wide risk management in financial institutions.

Other changes include:

• Incorporation of cybersecurity concepts as part of information security;
   
• Incorporation of management-related concepts from other booklets of the IT Handbook; and
   
• Augmentation and further delineation of the stages of the IT risk management process, including risk identification, measurement, mitigation, monitoring and reporting.

Other Resources

CUNA Strategic Services & TraceSecurity