®
R. Kinney Williams
Yennik, Inc. |
FFIEC IT
Security Audits
The Independent Bankers Association of Texas awarded me (R. Kinney
Williams) the 2020 President's Award for 57 years of dictated service to
the banking industry as a bank examiner, banker, and independent bank
auditor. I want to express my sincere gratitude to IBAT and community
bankers for this outstanding recognition. Thanks. |
Yennik, Inc., performs virtual and onsite information security-technology
(IT) FFIEC audits for federally insured financial institutions. The IT
audits are available nationwide as well as onsite at banks in Texas,
Oklahoma, New Mexico, and Colorado.
As a former bank examiner with over 40 years IT audit experience, we bring an examiner's perspective to the
information technology audit. In addition, we use our computer
auditing experience
to determine with reasonable assurance the safe
and secure operation of the computer and Internet activities.
The IT audit follows the examination procedures
outlined in the Federal Financial Institutions Examination Council
Information Technology Examination Handbook to ensure compliance with the
Gramm-Leach-Bliley Act Section 501 (b). |
|
The scope of the IT audits are based on examination
procedures outlined in the Federal Financial Institutions Examination
Council (FFIEC) Information Technology Examination Handbook. Where
applicable, we referenced various information systems/technology
guidelines issued by the OCC, FDIC, and FRB. We also
reference the Control Objectives for Information and Related Technology
(CobiT) published by the Information Systems Audit and Control
Foundation, which is an international open standard of good practices
for IT governance, security, and control.
The IT audit includes completing the FFIEC workpapers for Community
Financial Institution IT Examination Workprogram, Fedline Examination
Procedures, Information Security questionnaire, FRB Gramm-Leach-Bliley
Act 501(b) questionnaire, Information Systems Technology Procedural
Testing reports, and other applicable IT auditing questionnaires.
|
|
The scope of the informati
- Senior management involvement, review applicable
minutes
- Network, workstation, Internet, disaster recovery,
and other IT security policies
- Gramm-Leach-Bliley Act Section 501 (b)
- Overall security procedures
- Cloud operations and security
- Segregation of IT duties
- Internal quality and integrity controls
- Data communication security
- User identification authorization
- User level of accessibility
- Restricted transactions
- Activity and exception reports
- Backup procedures
- Other operational security controls
- Insurance coverage
- Network security, which includes the Internet
- Internal auditing procedures
- Business Continuity Management – backup media
testing
- Internet security procedures
- Vendor/cloud due diligence
- Fedline Advantage security
- IT Risk assessments
- Internet banking controls and procedures
- Telephone banking
- Remote capture operations
- Internal procedures and controls around your core
banking system, whether internal or external processing
- FFIEC Cybersecurity Assessment
- Architecture, Infrastructure, and Operations
At no additional cost and when
applicable, the IT audit includes the following IT security tests:
- External VISTA cybersecurity penetration
test (http://www.internetbankingaudits.com/external_testing.htm)
- Domain server security settings
- Virtual machine/guest security settings
- Workstation security setting
- Network user access
- Core application access
- Network topology security analysis
- Systems security features and controls
- Sampling for unauthorized software
- Social Engineering Assessment
- Outsourcing/cloud activities
- VoIP review
- Branch evaluation
If you need any of the following auditing services and for a
discounted additional fee, we can perform the following during the IT
audit:
- Internal network penetration-vulnerability test. If
you need an internal vulnerability audit, you will find more information about
the internal-VISTA penetration study at http://www.internetbankingaudits.com/intrusion_internal_index.htm.
- ACH audit in accordance with the ACH Rules (published by the
National Automated Clearing House Association). The audit
will include completing the ACH Audit Questionnaire with your
personnel.
-
Web site audit of the institution’s informational web site and
Internet banking.
The scope includes the FFIEC "Guidance on Electronic
Financial Services and Consumer Compliance." You will find
more information about web site audits at
http://www.bankwebsiteaudits.com/.
We are
members of the Information
Systems Audit and Control Association, the Society of Financial
Examiners,
the Institute of Internal Auditors, and the Association
of Credit Union Internal Auditors.
We follow the code of ethics and auditing standards of these organizations.
If you are seeking an information technology audit from an examiner's
perspective, please contact Kinney Williams at
Office 806-535-8300 or send an email to examiner@yennik.com.
Experience
(Over 50 years in banking and bank auditing experience that includes 21 years as a bank
examiner)
|
Yennik, Inc. Company Information
4409 101st.
Street,
Lubbock, Texas 79424
806-535-8300; examiner@yennik.com
|