IT Audit

Be prepared for your next regulatory exam

Regulated financial institutions across the country trust Accume Partners' team of veteran IT auditors to prepare them for annual federal and state IT compliance examinations. Our certified auditors have personal experience overseeing Information Security Programs and IT systems and networks at community banks; we understand the financial services environment from the inside.

Methodology

Accume Partners has a proven risk-based auditing methodology. Guided by GLBA requirements, the FFIEC IT Examination Handbook, NIST's cybersecurity framework and experience over hundreds of engagements, we conduct testing based upon a risk assessment to ensure focus on the high risk areas.

This methodology takes into consideration the specific environment and risk culture at each client.  We address the business goals of data confidentiality, integrity and availability.  In addition to satisfying regulatory compliance goals, our reviews and deliverables provide a clear view into whether IS controls and technical systems are operating effectively to safeguard information assets.

IT Audit for FFIEC / GLBA

Determine your Financial Institution's level of compliance with the specified controls required by FFIEC and GLBA. This Assessment provides an information systems security controls compliance review in accordance with the FFIEC Information Systems Handbook and the Interagency Guidelines for the Safeguarding of Customer Information, pursuant to sections 501 and 505(b) of the GLBA.

IT Controls Review

Determine how effectively information systems controls are operating to safeguard data confidentiality, integrity and availability.  The IT general controls audit includes a review of all key components of the IS Program:  Vendor Management; Business Continuity, Disaster Recovery & Incident Response; Core Operations; E-Banking; Retail Payment Systems; Risk Assessment.

Typical IT Systems Testing

  • External network vulnerability / penetration testing
  • Internal network vulnerability testing
  • Internal network patch audit
  • Social Engineering

Advanced IT Audit Testing

  • Reconnaissance & public information review
  • Wireless network security testing
  • Virtualized environment testing
  • Web application vulnerability assessments (Unauthenticated & Authenticated)