By Bruce H. Nearon

The new Federal Financial Institution Examination Council (FFIEC) Information Security IT Examination Handbook (“Handbook”) provides the latest thinking and best practices on which financial institutions are regulated and examined against. The FFIEC is a formal interagency body empowered to prescribe uniform principles, standards and report forms for the federal examination of financial institutions by the Board of Governors of the Federal Reserve System (FRB), the Federal Deposit Insurance Corporation (FDIC), the National Credit Union Administration (NCUA), the Office of the Comptroller of the Currency (OCC), and the Office of Thrift Supervision (OTS). The FFIEC also is empowered to make recommendations to promote uniformity in the supervision of financial institutions. FFIEC issuances and guidelines have frequently served as a reference for some of the leading technology risk and data security publications and studies.

The Handbook’s primary objective is to provide direction to regulatory examiners and auditors in assessing the quantity of risk and the effectiveness of the institutions’ risk management processes, and to determine the institutions’ compliance with specified technology-related regulations. Specifically, the Handbook addresses security measures that should be considered by the financial institutions to ensure system reliability, confidentiality, integrity and availability.

Participate in a high-level overview of the Handbook by attending the July 17 continuing professional education (CPE) evening presentation organized by the New York State Society of CPAs’ Technology Assurance Committee.
Key Handbook topics that will be addressed during the seminar include:

•  Information security risk assessment
• Information security strategy
• Security controls implementation
• Security testing
• Monitoring and updating
• Examination procedures
• Emerging technologies and practices
• Compliance challenges and strategies

Date: Thursday, July 17
Time: 5:30 p.m. to 6:00 p.m.: registration, networking, free sandwiches and soft drinks; 6:00 p.m. to 8:30 p.m.: CPE session

Presenters: Kenneth C. Brancik, CISA; Federal Reserve Bank of New York
Joel Lanz, CPA, CISA, CISSP, CFE; Joel Lanz, CPA, P.C.

Location: NYSSCPA headquarters, 530 Fifth Ave. (between 44th and 45th streets), fifth floor, New York City

About the Presenters

Kenneth C. Brancik has worked in technology assurance for approximately 17 years. He is a senior bank examiner for the Federal Reserve Bank of New York, where he is involved in understanding the risks and controls over emerging technologies as they impact the banking industry. Mr. Brancik is a specialist in the area of cybersecurity. His prior employers include Citigroup, where he was a vice president/manager within the audit and risk review department; PricewaterhouseCoopers LLP Assurance & Business Advisory Service, where he was a manager, and Merrill Lynch & Company, where he was a corporate technology auditor. Additionally, Mr. Brancik worked for more than 11 years as a federal bank regulator within the OCC, within their New York office.

He currently is a doctoral student at Pace University’s Computer Science Department, where he is studying software engineering and the impact of emerging technologies on technology and software development. He has a master’s degree in management systems from New York University. Mr. Brancik graduated from Columbia University’s Computer Technology and Application program, where he completed the Analysis and Design of Information Systems program. He can be reached at Ken.Brancik@ny.frb.org.

Joel Lanz is a frequent contributor to professional journals and is a speaker at industry conferences. He is the founder and principal of a niche CPA technology assurance and advisory practice. Mr. Lanz’s 21 years of professional experience include serving as a technology risk consulting partner with Arthur Andersen, vice president with Chase Manhattan Bank, manager in the management consultant services division of Price Waterhouse, and senior IT auditor for two financial services companies. He also is an adjunct faculty member at Pace University’s Graduate School of Computer Science and Information Systems.

Mr. Lanz is a member of the NYSS-CPA’s Technology Assurance Committee. He holds a bachelor’s in business administration in public accounting from Pace University and a master’s in business administration in information systems, also from Pace. You can visit his website at www.itriskmgt.com or contact him directly at jlanz@itriskmgt.com.

Additional Information

This NYSSCPA/Foundation for Accounting Education CPE evening technical session is $45 for NYSSCPA members and $50 for nonmembers to qualify for three hours of CPE credit. A $25 additional walk-in fee will be charged to those who register at the door.

At the session you will get the chance to network with the profession’s and the industry’s IT leaders. Advance registration is recommended because seating is limited.

For additional information, contact Gary E. Carpenter at 315-487-4567 or gcarpenter-cit@worldnet.att.net or Bruce H. Nearon at 973-403-6955 or bnearon@jhcohn.com.

For more information on the Technology Assurance Committee, visit www.nysscpa.org, click on the Find Committees tab on the left-hand side of the page and then scroll down to the Technology Assurance Committee link.

Registration

To register: contact FAE at 212-719-8383 or 800-537-3635 or visit the Society’s website at www.nysscpa.org (you will need your Society member number to register). Go to the Technology Assurance Committee homepage and select “7/17/03-The New FFIEC Information Security IT Examination Handbook” located under the Evening Technical Session banner.

Acknowledgments

J.H. Cohn LLP and Carpenter Information Technologies, Inc., helped provide the funding and resources for the continental breakfast, marketing and publicity, and administration of this event.