IT Examiner School, Providence, RI

Additional Procedures

 Expanded Modules

• Available for Management and S&D • Provide additional procedures for IT products/services not covered in Core or that may need additional analysis  Supplemental Workprograms (ED Modules/FFIEC IT Handbook) • ED Modules available for a variety of areas (EFT, Mobile Banking, Merchant Acquiring, etc.) • FFIEC IT Handbook provides in-depth procedures • FDIC Risk Advisories and Technical Examination Aids provide guidance • Should be completed to assess specific products not covered in the Core or Expanded Modules, or areas of higher complexity that require more in-depth review

FEDERAL DEPOSIT INSURANCE CORPORATION

Control Testing

 Control Tests • Core Modules identify potential control tests • Control tests are marked with • Use discretion in determining which tests to perform • Not all control tests need to be performed, and conversely, examiners can do own control tests • If a control test was performed, the results should be noted in the comments to that procedure • May leverage control testing performed by internal and external auditors • Sufficient testing should be performed to validate the effectiveness of controls

FEDERAL DEPOSIT INSURANCE CORPORATION