R. Kinney Williams & Associates®
R. Kinney Williams
Yennik, Inc.

FFIEC IT Security Audits

The Independent Bankers Association of Texas awarded me (R. Kinney Williams) the 2020 President's Award for 57 years of dictated service to the banking industry as a bank examiner, banker, and independent bank auditor. I want to express my sincere gratitude to IBAT and community bankers for this outstanding recognition. Thanks.


Yennik, Inc., performs virtual and onsite information security-technology (IT) FFIEC audits for federally insured financial institutions.  The IT audits are available nationwide as well as onsite at banks in Texas, Oklahoma, New Mexico, and Colorado.

As a former bank examiner with over 40 years IT audit experience, we bring an examiner's perspective to the information technology audit.  In addition, we use our computer auditing experience to determine with reasonable assurance the safe and secure operation of the computer and Internet activities.  

The IT audit follows the examination procedures outlined in the Federal Financial Institutions Examination Council Information Technology Examination Handbook to ensure compliance with the Gramm-Leach-Bliley Act Section 501 (b).  

CoBit Audit Guidelines


The scope of the IT audits are based on examination procedures outlined in the Federal Financial Institutions Examination Council (FFIEC) Information Technology Examination Handbook. Where applicable, we referenced various information systems/technology guidelines issued by the OCC, FDIC, and FRB.  We also reference the Control Objectives for Information and Related Technology (CobiT) published by the Information Systems Audit and Control Foundation, which is an international open standard of good practices for IT governance, security, and control.

The IT audit includes completing the FFIEC workpapers for Community Financial Institution IT Examination Workprogram, Fedline Examination Procedures, Information Security questionnaire, FRB Gramm-Leach-Bliley Act 501(b) questionnaire, Information Systems Technology Procedural Testing reports, and other applicable IT auditing questionnaires.

FDIC Electronic Banking Guidelines

The scope of the informati
  1. Senior management involvement, review applicable minutes
  2. Network, workstation, Internet, disaster recovery, and other IT security policies
  3. Gramm-Leach-Bliley Act Section 501 (b)
  4. Overall security procedures
  5. Cloud operations and security
  6. Segregation of IT duties 
  7. Internal quality and integrity controls
  8. Data communication security
  9. User identification authorization
  10. User level of accessibility
  11. Restricted transactions
  12. Activity and exception reports
  13. Backup procedures
  14. Other operational security controls
  15. Insurance coverage
  16. Network security, which includes the Internet
  17. Internal auditing procedures
  18. Business Continuity Management – backup media testing
  19. Internet security procedures
  20. Vendor/cloud due diligence
  21. Fedline Advantage security
  22. IT Risk assessments
  23. Internet banking controls and procedures
  24. Telephone banking 
  25. Remote capture operations
  26. Internal procedures and controls around your core banking system, whether internal or external processing
  27. FFIEC Cybersecurity Assessment
  28. Architecture, Infrastructure, and Operations

At no additional cost and when applicable, the IT audit includes the following IT security tests:

  1. External VISTA cybersecurity penetration test (http://www.internetbankingaudits.com/external_testing.htm)
  2. Domain server security settings
  3. Virtual machine/guest security settings
  4. Workstation security setting
  5. Network user access
  6. Core application access
  7. Network topology security analysis
  8. Systems security features and controls
  9. Sampling for unauthorized software
  10. Social Engineering Assessment
  11. Outsourcing/cloud activities
  12. VoIP review
  13. Branch evaluation

If you need any of the following auditing services and for a discounted additional fee, we can perform the following during the IT audit:

  1. Internal network penetration-vulnerability test.  If you need an internal vulnerability audit, you will find more information about the internal-VISTA penetration study at http://www.internetbankingaudits.com/intrusion_internal_index.htm
  2. ACH audit in accordance with the ACH Rules (published by the National Automated Clearing House Association).  The audit will include completing the ACH Audit Questionnaire with your personnel.
  3. Web site audit of the institution’s informational web site and Internet banking.  The scope includes the FFIEC "Guidance on Electronic Financial Services and Consumer Compliance."  You will find more information about web site audits at http://www.bankwebsiteaudits.com/.

We are members of the Information Systems Audit and Control Association, the Society of Financial Examiners, the Institute of Internal Auditors, and the Association of Credit Union Internal Auditors.  We follow the code of ethics and auditing standards of these organizations.

If you are seeking an information technology audit from an examiner's perspective, please contact Kinney Williams at Office 806-535-8300 or send an email to examiner@yennik.com

Experience
(Over 50 years in banking and bank auditing experience that  includes 21 years as a bank examiner)

 

Yennik, Inc. Company Information
 4409 101st. Street, Lubbock, Texas 79424
806-535-8300; examiner@yennik.com

Yennik, Inc. - R. Kinney Williams®

All rights reserved; Our logo R. Kinney Williams & Associates is registered with the United States Patent and Trademark Office.
Terms and Conditions, Privacy Statement, © Copyright 1980 - 2023  Yennik, Incorporated