A composite rating of 1 is assigned. Financial institutions and service providers rated composite “1” exhibit strong performance in every respect and generally have components rated 1 or 2. Weaknesses in information technology (IT) are minor in nature and are easily corrected during the normal course of business. Risk management processes provide a comprehensive program to identify and monitor risk relative to the size, complexity, and risk profile of the entity. Strategic plans are well defined and fully integrated throughout the organization. This allows management to quickly adapt to changing market, business, and technology needs of the entity. Management identifies weaknesses promptly and takes appropriate corrective action to resolve audit and regulatory concerns. The financial condition of the service provider is strong and overall performance shows no cause for supervisory concern.
This IT examination included a review of network data and physical security practices, electronic payment systems, IT-related audits, and disaster recovery planning activities using IT-MERIT examination procedures. These procedures include an assessment of management’s efforts to comply with Interagency Guidelines Establishing Standards for Safeguarding Customer Information (Guidelines) set forth in Part 364, Appendix B, of the FDIC Rules and Regulations.
Summary of Findings
The bank’s overall IT performance is strong. Management has worked to address recommendations made at previous examinations, and has adopted policies to cover each area of computer operations in the bank. The Board has also created an IT Steering Committee that reviews the performance and controls of the bank’s computer center and service providers. In addition, the bank is in substantial compliance with all requirements contained in the Guidelines. However, better documentation of the Board’s annual review of the Information Security Program could be achieved by formally including a copy of the presentation in the official Board packet.
Chairman Ratzlaff stated that these presentations would be made a part of the Board’s official records in the future.
Meetings with Management
The findings of this IT review were discussed in detail during the examination with Information Technology Manager William Robbins and President Lincoln. An overview of these findings was also presented to the bank’s Board of Directors at its meeting on September 18, 2004.