URSIT Introduction and Overview
URSIT is an acronym for the “Uniform Rating System for Information Technology” and was established in 1978 and later revised in 1999. On March 6, 2019, the FFIEC published a policy statement rescinding the 1993 Policy Statement on the Uniform Core Report of Examination (ROE) and issued a standard princpal-based approach for all examination reports issued by the FRB, FDIC, OCC, NCUA, CFPB, and state authorities. While advances in technology were stated as a reason for the rescission, no specific guidance was issued by the FFIEC regarding IT evaluations in the ROE going forward.
Relying on frequent formal and informal communication with the respective regulatory entities, NETBankAudit has ascertained that the ROE’s have revitalized the somewhat dormant URSIT format established on January 20, 1999 (Federal Register Volume 64, Number 12). This analysis also includes a canvassing of clients from March to present (65 IT/Cybersecurity audits and assessments performed at financial institutions located in 19 states and regulated by the FRB, FDIC, OCC, or NCUA).
Six Part Series of PDF Whitepapers by our President, David Hart in regards to URSIT. Click on the link below to open the whitepaper(s).
URSIT – NETBankAudit Whitepaper