Skip to main content
OCC Flag

An official website of the United States government

OCC Bulletin 2015-44 | November 10, 2015

FFIEC Information Technology Examination Handbook: Revised Management Booklet


Chief Executive Officers of All National Banks, Federal Branches and Agencies, and Federal Savings Associations; Technology Service Providers; Department and Division Heads; All Examining Personnel; and Other Interested Parties


The Federal Financial Institutions Examination Council (FFIEC) has revised the “Management” booklet of the FFIEC Information Technology Examination Handbook (IT Handbook). The “Management” booklet is one of 11 that make up the IT Handbook. The revised “Management” booklet provides guidance to examiners and outlines the principles of governance and risk management as they relate to IT.

Note for Community Banks

This guidance applies to all national banks and federal savings associations (collectively, banks). Community banks should implement effective IT governance and adopt IT risk management practices commensurate with the level of risk and complexity of their IT operations.


The “Management” booklet outlines the principles of sound governance and, more specifically, information technology (IT) governance. The booklet explains how IT risk management (ITRM) relates to enterprise-wide risk management and governance. The updated examination procedures in the booklet assist examiners in evaluating the following:

  • IT governance as part of overall governance in financial institutions.
  • ITRM as part of enterprise-wide risk management in financial institutions.

Other relevant changes include:

  • Incorporation of cybersecurity concepts as part of information security.
  • Incorporation of management-related concepts from other booklets of the IT Handbook.
  • Augmentation and further delineation of the stages of the IT risk management process, including risk identification, measurement, mitigation, monitoring, and reporting.

Further Information

Contact Kevin Greenfield, Director, Bank Information Technology, at (202) 649-6340.


Bethany A. Dugan
Deputy Comptroller for Operational Risk

Related Link