Thank you to everyone that attended all of the webinar’s on Tuesday, October 30. As promised, Patrick has provided the PowerPoints used during the presentations.
9.01 IT Risk Management – A Quantitative Approach While I encourage credit unions to look at and use numbers when making decisions, relying on numbers alone is a mistake. For example, if a new vendor offers the same functionality at a lower price, numbers would dictate making that move. However, maybe a board member has personal experience with the vendor and service is terrible. That might alone be a good reason not to switch.
9.02 Records and Information Management There is a huge industry around records and information management, and it is easy to get caught up in retention schedules, technologies, etc. I recommend keeping the focus on the litigation hold aspect: when will you issue a litigation hold and what are the processes for carrying it out.
9.03 Using a Control Framework for IT Audits A good idea is to look at the certifications of your examiners. If you see CISA and CISSP, then they are ISACA. CIA is IIA. That will give you an idea on their expectations and what their methodologies will be when they come in to examine your credit union.
9.04 Responding to an IT Audit – Engagement Protocols and Interview Tips Protocols are all about balance – the credit union controls the process but in return provides transparency and responsiveness.