This section of NCUA's web site provides examination resources for IT. Although the primary audience for these resources is examiners, credit unions may also find this information useful when planning, implementing and evaluating IT initiatives.
Resources titles that are links to the resources appearing on the NCUA and FFIEC websites will highlight when you move your mouse over them.
Examiners Guide - The Examiner's Guide sets out guidance for an examiner on NCUA's examination and supervision of credit unions. The primary goal is to ensure the overall safety and soundness of the credit union system via a risk-focused examination and supervision program. Chapter 6 provides guidance on information systems and technology.
AIRES IT Exam Questionnaires - NCUA has updated its IT examination questionnaires to facilitate an increased risk focused review of a credit union’s information technology environment. The updated IT questionnaire workbook consists of two tiers: Tier I questionnaires focuses on the highest priority review areas, including electronic banking, while Tier II questionnaires are designed to address more technical network, security, and related technology issues. The new IT questionnaires now include a second workbook with two questionnaires for generalist examiners to review credit union information security programs, electronic banking security, and website compliance. Please note that most questions include comments to provide additional context or terminology for better comprehension.
The Federal Financial Institutions Examination Council (FFIEC) is composed of the five federal financial regulators: Board of Governors of the Federal Reserve System, Federal Deposit Insurance Corporation, National Credit Union Administration, the Office of the Comptroller of the Currency and the Office of Thrift Supervision.
FFIEC Information Technology ( IT) Examination Handbook - The FFIEC Information Technology Examination Handbook is comprised of individual booklets. These booklets represent a series of updates to the existing 1996 FFIEC Information Systems Examination Handbook. They address significant changes in the financial institution technology since 1996.They incorporate changes in technology-related risks and controls and follow a risk-based approach to evaluating risk management practices. The booklets provide valuable information to both examiners and financial institution management.
As completed, booklets are made available in electronic format for on-line viewing and downloading (including file formats suitable for printing) from the above link. Hardcopies are not available for ordering.
If you have questions or comments about the information provided on these IT pages, please send them to the NCUA Office of Examination and Insurance.