|Subject:||FCA Examination Manual Update|
|Date of Memorandum:||02/22/2005|
|Expiration Date:|| |
|Signed By:||McKenzie, Thomas|
|FCA Contact Person:||Rodney, Eric|
|List of Attachments:|
February 22, 2005
To: The Chief Executive Officer
All Farm Credit System Institutions
From: Thomas G. McKenzie, Director
Office of Examination
Subject: FCA Examination ManualUpdate
Farm Credit Administration’s (FCA) Examination Manual section entitled “Information Technology” is available for your use and can be downloaded from our Web site. A printed version of this update will not be provided with this Informational Memorandum.
The Information Technology (IT) section contains the baseline expectations used by FCA examiners to examine information systems and technology operations in all Farm Credit System (FCS) institutions. The section provides the basis for a consistent approach to the examination and supervision of Farm Credit banks, associations, and service corporations. It also provides all FCS institutions with the baseline expectations for general controls.
The IT section is new to the FCA Examination Manual. The examination of information technology is another component of the examination function and is an area of enterprise risk that deserves your attention. You should view IT risks as one of the specific areas of an examination and the overall examination process. The IT section is divided into several modules representing broad categories of IT functions. The modules are as follows:
Each module is comprised of the following parts: Introduction, Examination Objectives, Examination Procedures, and Essential Practice Statements.
- Technology Service Provider and Receiver
- The introduction provides background information and guidance.
- The examination objectives determine if the board and management have established and maintained effective processes for the IT function as a part of the institutions’ overall internal control environment.
- The examination procedures employed by FCA examiners are based on the criticality and complexity of the business functions present at the institution.
- The essential practice statements describe the baseline expectations for an institution’s involvement in specific IT functions. The statements are written for the use of all examiners and FCS institutions, and are based on regulatory guidance and industry best practices. References to FCA Regulations and other guidance, the Federal Financial Institutions Examination Council IT Examination Handbook, International Organization for Standardization ISO/IEC 17799, and additional industry guidance are included for each essential practice statement, where available.
We anticipate the IT modules will be updated as the FCS and the technology industry change, as institution involvement in information technology increases in criticality and complexity, and as the examination process evolves to address new risks and changes in laws and regulations.
The IT modules can be viewed via our Web site (www.fca.gov) on the Web page titled “Resources for the FCS”
(www.fca.gov/Resources for FCS.htm). There you will find PDF documents for each module. The PDF documents have active links to various references and can be viewed using Adobe Reader. We encourage you to download these PDF documents to your PC and print hard copies for future reference and use by your staff.
If you have any questions about this memorandum, please contact Eric Rodney, Office of Examination, at (703) 883-4451 (e-mail address firstname.lastname@example.org).