Tom Hinkel, Director of Compliance
NetComply IT systems reports, combined with a self-assessment environment where the reports can be reviewed and documented (like the IT Committee), form the basis for a very powerful toolset to achieving higher URSIT scores. The URSIT (Uniform Rating System for Information Technology) ratings have been used by federal examiners for all IT examinations of financial institutions as well as technology service providers since 1978. They were revised in 1999 to bring them more in line with the CAMELS ratings. Similar to CAMELS, they also use a 5 point scale, with 1 being the highest or best score, and 5 being the lowest or worst. Most institutions want to score either a “1” or a “2”, as anything below that brings additional regulatory scrutiny.
There are four components to the ratings:
- Development and Acquisition
- Support and Delivery
Each component is rated individually, and then together with the others in a composite. Notice what the Management component has to say about the subject of IT systems reports (taken in order from weakest to strongest compliance):
5. “IT systems do not produce management reports that are accurate, timely, or relevant.”
4. “IT systems do not routinely provide management with accurate, consistent, and reliable reports, thus contributing to ineffective performance monitoring and/or flawed decision-making.”
3. “IT systems provide requested reports to management, but periodic problems with accuracy, consistency and timeliness lessen the reliability and usefulness of reports and may adversely affect decision making and performance monitoring.”
2. “IT systems provide quality reports to management which serve as a basis for major decisions and a tool for performance planning and monitoring. Isolated or temporary problems with timeliness, accuracy or consistency of reports may exist.”
1. “IT systems provide accurate, timely reports to management. These reports serve as the basis of major decisions and as an effective performance-monitoring tool.”
I have written and spoken before about the importance of the “management” element, and how I believe we’ll continue to see increased regulatory scrutiny of this going forward. Clearly the regulators consider accurate, consistent, and timely IT reporting critical to effective management. And since higher URSIT scores contribute to higher CAMELS scores, everyone from your examiners to your Board of Directors and shareholders will see the benefits.