Skip to content
GeoDataVision
Learn More - Click Here!

Thread Options
#1178179 - 05/07/09 05:37 PM FDIC Examination - Disaster Recovery
Cale_N_Oats Offline
Platinum Poster
Cale_N_Oats
Joined: Aug 2008
Posts: 742
Southern Illinois
Is the FDIC emphasizing more on Disaster Recovery during examinations more? My CEO is freaking out cus he went to a conference and some guy told him they were.
Last edited by Ken_Pegasus; 07/30/09 12:01 PM.
_________________________
Serenity Now!!!

Return to Top
Disaster Recovery
#1178713 - 05/08/09 04:20 AM Re: FDIC Examination Cale_N_Oats
rlcarey Offline
10K Club
rlcarey
Joined: Jul 2001
Posts: 79,935
Galveston, TX
Can you say Swine Flu or Hurricane Ike or wild fires in CA???
_________________________
The opinions expressed here should not be construed to be those of my employer: PPDocs.com

Return to Top
#1181810 - 05/12/09 08:08 PM Re: FDIC Examination rlcarey
Cale_N_Oats Offline
Platinum Poster
Cale_N_Oats
Joined: Aug 2008
Posts: 742
Southern Illinois
No hurricane damage or wild fires likely where i live, i guess what i was asking is if anyone has been through an FDIC exam recently where Disaster Recovery was emphasized more than in past exams?
_________________________
Serenity Now!!!

Return to Top
#1182180 - 05/13/09 02:01 PM Re: FDIC Examination Cale_N_Oats
blvsinangels Offline
Gold Star
Joined: Aug 2003
Posts: 372
We just finished an FDIC exam and I would have to answer yes to your question. Make sure you have a plan in place, a risk assessment done and that your plan has been tested. Make sure your policy and assessment are board approved and that your IT committee or other board approved committee is aware of your plan and the results of your testing.

Return to Top
#1183711 - 05/14/09 05:49 PM Re: FDIC Examination blvsinangels
#Just Jay Online
10K Club
#Just Jay
Joined: Oct 2006
Posts: 14,390
Cheeseheadland
In the last 10 months, S&S and Compliance exams... neither group said boo about DR.
_________________________
I don't repeat gossip, so listen closely...

Return to Top
#1183723 - 05/14/09 05:56 PM Re: FDIC Examination #Just Jay
rlcarey Offline
10K Club
rlcarey
Joined: Jul 2001
Posts: 79,935
Galveston, TX
"In the last 10 months, S&S and Compliance exams... neither group said boo about DR."

That is because it is part of the IT exam.
_________________________
The opinions expressed here should not be construed to be those of my employer: PPDocs.com

Return to Top
#1188863 - 05/21/09 09:24 PM Re: FDIC Examination rlcarey
bcook Offline
New Poster
bcook
Joined: Jan 2009
Posts: 24
Missouri
Yes, DR/BR is a hot topic with most examining bodies right now.

We are making sure our audit clients have a Business Impact Analysis, Risk Assessment, Pandemic Plan (as part of DR plan), and that they address alternative sources of cash.
_________________________
“Life is tough, but it's tougher when you're stupid.”
-John Wayne

Return to Top
#1224502 - 07/30/09 11:57 AM Re: FDIC Examination Cale_N_Oats
Elwood P. Dowd Offline
10K Club
Elwood P. Dowd
Joined: Aug 2001
Posts: 21,939
Next to Harvey
Quote:
No hurricane damage or wild fires likely where i live...


The western portion of our state, just across the river from where you are, suffered an incredible ice storm in January. Two days later I had to call 30 banks in that area. Only 4 of them answered the phone. Their contingency plans got a real test. Some were proud. Some were embarrassed.

The value of thoughtful testing was summed up by the banker who told me about their new state of the art back up branch (complete with diesel generator) that seamlessly absorbed all bank operations. The only exception being the fact that their was no water pressure and the modern commodes did not have tanks that could be filled manually. They could not flush the toilets.

Think about everything...
_________________________
In this world you must be oh so smart or oh so pleasant. Well, for years I was smart. I recommend pleasant.

Return to Top
#1224780 - 07/30/09 03:20 PM Re: FDIC Examination Elwood P. Dowd
P*Q Offline

Power Poster
P*Q
Joined: May 2001
Posts: 8,458
Somewhere
Just make sure you're testing your plan, fully!

Return to Top
#1231108 - 08/11/09 07:22 PM Re: FDIC Examination P*Q
Tryin-2-Comply Offline
100 Club
Joined: Apr 2003
Posts: 202
Hills of TN
Our S&S and compliance exam also ended in the last 8 months - which included IT - nothing mentioned.

Return to Top
#1231281 - 08/12/09 12:17 AM Re: FDIC Examination Tryin-2-Comply
Curious Offline
New Poster
Joined: May 2004
Posts: 10
Definitely Disaster Recovery Plan (DRP) and Business Continuity Plan (BCP) are getting increasing attention from examiners.
Make sure your BCP is in place, is supported by a Business Impact Analysis (BIA), the plan has all the elements (including pandemic flu preparedness/response), it has been approved by the board, appropriate dissemination of the BCP/training of staff has been done, the DRP has been tested and results documented and shared with senior management.

Return to Top
#1231348 - 08/12/09 12:52 PM Re: FDIC Examination Curious
HappyGilmore Offline
10K Club
Joined: Jun 2004
Posts: 19,581
Pulling people out of the ditc...
Every OCC exam we have focuses on this. We test annually, and living in hurricane central, we have had to deploy it on more than 1 occassion. We also notify the OCC when we have deployed for contingency purposes - it is a courtesy move on our part but it lets them make a "note" in our file that not only have we tested but deployed and worked.
_________________________
Providing alternative truths since the invention of time

Return to Top
#1244361 - 09/03/09 02:30 PM Re: FDIC Examination HappyGilmore
Computerman Offline
New Poster
Computerman
Joined: Dec 2006
Posts: 7
I recommend making sure the testing you do is correlated to the results of your Business Impact Analysis. For example, if wire transfers are a critical function at your institution, make sure you test those recovery plans accordingly. The days of just testing your core system are over. . .

Return to Top
#1278283 - 11/02/09 03:37 PM Re: FDIC Examination Computerman
Susan Orr Offline
New Poster
Joined: Aug 2008
Posts: 13
Illinois
Whether or not your BCP is being looked at will most likely depend on the region, the agency, and the examination. Reviewing the BCP is a key part of the IT examination and the responses I am getting from many institutions across the country is it was a main focus, I am also seeing more criticisms in examination reports. But again, like with any other area - it is going to depend on the agency and the examiners focus and will very likely be all over the board. Better to be prepared than risk not having a comprehensive plan in place that includes a good BIA and testing plan. The two areas I see cited the most.
_________________________
Susan Orr, CISA CRP CISM
susan@susanorrconsulting.com
630.499.0276

Return to Top

Moderator:  Dana Turner