A booklet updating principles and practices that examiners review to assess a bank or other entity for managing development, acquisition, and maintenance (DA&M) of information technology was released Thursday by the umbrella group for federal financial institution regulators.
The Federal Financial Institutions Examination Council (FFIEC) said the booklet also helps examiners determine whether management adequately addresses risks related to DA&M and delivery of critical financial products and services.
According to the Federal Deposit Insurance Corp. (FDIC), which issued a financial institution letter (FIL-60-2024) about the update, the booklet “focuses on enterprise-wide, process-oriented approaches that relate to the development of information technology (IT) systems and components within the overall enterprise and business structure, acquisition of IT systems and components, and maintenance of IT systems and components to provide ongoing value for customers.”
“The industry principles and frameworks included provide examiners with a durable means to assess development, acquisition, and maintenance,” the FDIC added. “The booklet issuance does not impose new requirements on examined entities.”
Updated FFIEC IT Examination Handbook – Development, Acquisition, and Maintenance Booklet