Sound IT management is critical to the performance and success of a financial institution. An institution capable of aligning its IT activities to support its business strategies adds value to its organization and positions itself for sustained success. The board of directors and executive management should understand and take responsibility for IT management as a critical component of their overall strategic planning and corporate governance efforts.” — FFIEC Information Technology Examination Handbook, Executive Summary.

In risk-based IT Auditing, auditors and examiners interview management team members to determine the effectiveness of the overall IT Governance Program. This series of videos will put your management team on the same page, help them understanding how your risk assessment plugs into the overall bank risk management program, and expose your team to the role that you as an Information Security Officer must play in helping your bank maximize the effectiveness of information and technology.

In recent conferences examiners have discussed how they want to interview bank management team members and if the management team has a high-level knowledge of the information security program and can speak intelligently about the risk exposure of information and technology, then they will consider the bank's recent audit findings, review checklist items, and quickly conclude the examination!

Workshop Resources: This program provides a review of information technology risk and security issues. Program participants watch a 2 hour 24 minute video webcast in 4 parts, supplemented by an engaging slide presentation.

Expected Audience: The program is designed for senior and mid-level management in all areas of the bank. Compliance personnel and auditor also benefit from this program.

---

Speaker: Dan Hadaway, is a founder of Infotex, a technology risk management company located in Kokomo, IN. His first experience with managing the IT governance process came in 1984. Prior to founding Infotex in 2000, Dan’s experience involved overseeing software development projects, e-commerce application development, and many network installation projects. He wrote his first Acceptable Use Policy in 1986, and conducted his first Information Technology risk assessment in 1989.

Dan works extensively with banks on information technology policy issues, engaging on projects ranging from gap analysis to IT Audits to developing a full policy set for denovo banks. He tailors his consulting to any size bank, working on simple user-level policies with banks as small as one location to providing management-level regulatory compliance training for Fortune 500 companies. His primary strength is the use of risk management fundamentals to help banks determine where they need to be on the compliance spectrum. In addition, Dan has helped develop risk management programs and processes for banks as large as 2.5 billion and as small as 26 million in assets.

---

 

---