External IT Audits

Our External IT Audit takes place in three phases. The first of which is a thorough review of bank documentation to ensure compliance with regulations and industry best-practices for reporting. The second phase takes place in an interview setting with various members of the bank to assess the scope of day-to-day operations in an effort to identify any possible risks associated with bank procedures. The final phase is a physical assessment of the bank itself and any affiliated locations to uncover any flaws in layout or security that could potentially expose the bank or bank customers to harm. While it ultimately depends upon the size and complexity of the institution, this is generally a three-day process.

 

Our External IT Audit is based largely on the FFIEC IT Handbook as well as ISO 27001 & 27002, Microsoft Best Practices, NIST SP 800-53 & 800-88, Financial Institution Letters, industry standards, and professional experience.