FFIEC Technology Audits

by admin

The Garland Group uses the specific guidelines set forth by the FFIEC. Below are brief descriptions of each of the twelve FFIEC handbooks The Garland Group will cover for your Information Technology Audit. It will offer some insight about what each booklet consists of and what we will be doing to ensure your financial institution is in compliance. Click here to download an example of our controls review worksheet.


The FFIEC Audit Booklet provides direction concerning the proper implementation and function of a Financial Institution’s IT Audit program. In addition to defining the roles of IT Auditors, the booklet also describes the responsibilities of management and the Board of Directors. The Garland Group will take into account these guidelines as well as the institution’s size, complexity and overall risk profile when performing this and other evaluations.

Read More Details

Business Continuity Planning

Effective business continuity planning establishes the basis for financial institutions to maintain and recover business processes when operations have been disrupted unexpectedly. Reviewing a financial institution’s BCP is an established part of examinations performed by the FFIEC member agencies. However, new business practices, changes in technology, and increased terrorism concerns, have focused even greater attention on the need for effective business continuity planning and have altered the benchmarks of an effective plan. In most cases, recovery time objectives are now much shorter than they were even a few years ago, and for some institutions recovery time objectives are based on hours and even minutes.

Read More Details

Development and Acquisition

Development and Acquisition is defined as “an organization’s ability to identify, acquire, install, and maintain appropriate information technology systems.” The process includes the internal development of software applications or systems and the purchase of hardware, software, or services from third parties.

Read More Details


The E-Banking guidelines help identify the risks associated with electronic banking (e-banking) activities. The review primarily covers e-banking risks from the perspective of the services or products provided to customers.

Read More Details


The Fedline – FED Advantage guidelines address the risks, risk management practices, and mitigating controls necessary to establish and maintain an appropriate operating environment for the FedLine – FED Advantage Funds Transfer (FT) application. The Garland Group will review these and any other 3rd party funds transfer software settings and controls.

Read More Details

Information Security

Information is one of a financial institution’s most important assets. Protection of information assets is necessary to establish and maintain trust between the financial institution and its customers. The Garland Group will provide guidance to examiners and organizations on determining the level of security risks to the organization and evaluating the adequacy of the organization’s risk management.

Read More Details


Effective IT management in financial institutions maximizes the benefits from technology and supports enterprise-wide goals and objectives. The Garland Group will use the Management guidelines to assist in evaluating a financial institution’s risk management and processes to ensure effective information technology (IT) management.

Read More Details


The Operations guidelines address IT operations in the context of tactical management and daily delivery of technology to capture, transmit, process, and store the information assets and support the business processes of the institution.

Read More Details


The Garland Group will use the Outsourcing guidance and examination procedures to assist examiners and bankers in evaluating a financial institution’s risk management processes to establish, manage, and monitor IT outsourcing relationships.

Read More Details

Retail Payment Systems

Retail Payment Systems procedures provide guidance to examiners, financial institutions, and technology service providers (TSP) on identifying and controlling information technology (IT)-related risks associated with retail payment systems and related banking activities. The Garland Group will adjust the procedures, as appropriate, for the scope of the examination and the risk profile of the institution.

Read More Details

Technology Service Providers

Technology Service Providers procedures primarily governs the supervision of technology service providers (TSPs) and briefly summarizes the Federal Financial Institutions Examination Council (FFIEC) member agencies’ (agencies) expectations of financial institutions in the oversight and management of their TSP relationships.

Read More Details

Wholesale Payment Systems

The Wholesale Payment Systems section provides guidance to examiners and financial institution management regarding the risks and risk-management practices when originating and transmitting large-value payments. In addition to describing the information technology risks and controls, the procedures also describes certain credit and liquidity risks that may be present when conducting wholesale payment services.

Read More Details


Our report will summarize the scope of our work and include our findings and recommendations concerning the above procedures and results of our assessment of MIS general controls. We will recommend specific changes for your consideration in order to strengthen any controls, as believed necessary considering the associated cost and benefit relationships to the extent practical. If desired by your management, we will also be available to provide additional consulting services to address any finding or recommendations noted.