IT Examiner School, Palm Springs, CA

D&A Rating (URSIT Component)

• Key factors: – Management’s/Board’s ability to identify and implement IT solutions – Ability to manage risk in hardware/software solutions – Project Management/Change Control – Appropriate independent testing, implementation and disposal practices – Technology solutions meet user/customer needs

Conclusion • Management needs to ensure all D&A activities have adequate policies and procedures • D&A activities need to be linked to the Vendor Management Program, especially where there is “heavy” vendor reliance • Any hardware and software changes should be appropriately reviewed, tested, and approved • IT Projects should follow industry/FFIEC standards • Customization should be appropriate/suitable