Financial Institution Services
Solutions for Community Banks
Examination Readiness
Information Systems Review
Romney & Associates has been providing quality Information Systems Reviews for
financial institutions for many years.
Our time-proven approach to the review process culminates in a
comprehensive written assessment of your institution's readiness for regulatory
examination. Not only do we bring areas of concern to your attention (while you
still have time to take action), we document everything you're doing right.
Our reviews are conducted in accordance with the latest guidelines established in the FDIC’s Information Technology (IT) General Work Program (Financial Institution Letter dated October 9, 2002 (FIL-118-2002)). The IT General Work Program has been developed to improve efficiencies by consolidating several existing technology-related work programs and eliminating redundant review areas (and saving you money!).
This program is well suited to community banks where low to moderate technology risks are exhibited by current examination ratings of “1” or “2.”
Review procedures for assessing your information technology will be performed by experienced personnel holding the industry’s most respected professional certifications (Microsoft Certified Systems Engineer). The scope of work will include review and evaluation of the areas listed below. In each area we will document our findings and bring to your attention items that do not satisfy recommendations outlined in the IT General Work Program.
Auditing: We review the timing and effectiveness of your ongoing IT audits and assess management response to prior examinations including corrective action and timelines for completion.
Management: We review the organizational structure, resources, control policies and procedures and assess their adequacy to foster effective information support. We address the quality of management supervision of the data processing activity, including management's administrative process.
IT Policies: We review and assess the effectiveness of the organization’s written IT policies and procedures including Information Security Program or other security plans, policies and procedures.
Vendor Management: We review and evaluate the institution’s vendor oversight program. We will determine the extent of outsourcing and responsibility for managing service provider relationships.
Best Practices: We review and evaluate the institution’s separation of duties and responsibilities. We determine the level of adherence to accepted procedures regarding the handling of computer output and negotiable items. We evaluate the system’s capacity and performance monitoring processes.
Data and Physical Security: We review compliance with established policy and procedures for protecting data and facilities that process and maintain the institution's vital information.
Disaster Recovery Planning / Business Continuity Planning: We review and evaluate whether senior management has instituted a current and workable corporate contingency planning process throughout the institution.
For more information about any of these services, please contact:
Email: bobromney@msn.com
ROMNEY & ASSOCIATES
1516 W. Riverside
Spokane, WA 99201
(509) 455-8173 Tel
(509) 455-5442 Fax