Financial Institution Services
Solutions for Community Banks
Information Systems Review
Romney & Associates has been providing quality Information Systems Reviews for financial institutions for many years. Our time-proven approach to the review process culminates in a comprehensive written assessment of your institution's readiness for regulatory examination. Not only do we bring areas of concern to your attention (while you still have time to take action), we document everything you're doing right.
Our reviews are conducted in accordance with the latest guidelines established in the FDICís Information Technology (IT) General Work Program (Financial Institution Letter dated October 9, 2002 (FIL-118-2002)). The IT General Work Program has been developed to improve efficiencies by consolidating several existing technology-related work programs and eliminating redundant review areas (and saving you money!).
This program is well suited to community banks where low to moderate technology risks are exhibited by current examination ratings of ď1Ē or ď2.Ē
Review procedures for assessing your information technology will be performed by experienced personnel holding the industryís most respected professional certifications (Microsoft Certified Systems Engineer). The scope of work will include review and evaluation of the areas listed below. In each area we will document our findings and bring to your attention items that do not satisfy recommendations outlined in the IT General Work Program.
Auditing: We review the timing and effectiveness of your ongoing IT audits and assess management response to prior examinations including corrective action and timelines for completion.
Management: We review the organizational structure, resources, control policies and procedures and assess their adequacy to foster effective information support. We address the quality of management supervision of the data processing activity, including management's administrative process.
IT Policies: We review and assess the effectiveness of the organizationís written IT policies and procedures including Information Security Program or other security plans, policies and procedures.
Vendor Management: We review and evaluate the institutionís vendor oversight program. We will determine the extent of outsourcing and responsibility for managing service provider relationships.
Best Practices: We review and evaluate the institutionís separation of duties and responsibilities. We determine the level of adherence to accepted procedures regarding the handling of computer output and negotiable items. We evaluate the systemís capacity and performance monitoring processes.
Data and Physical Security: We review compliance with established policy and procedures for protecting data and facilities that process and maintain the institution's vital information.
Disaster Recovery Planning / Business Continuity Planning: We review and evaluate whether senior management has instituted a current and workable corporate contingency planning process throughout the institution.
For more information about any of these services, please contact:
ROMNEY & ASSOCIATES
1516 W. Riverside
Spokane, WA 99201
(509) 455-8173 Tel
(509) 455-5442 Fax