®
R. Kinney Williams
Yennik, Inc. |
FFIEC IT
Audits
The Independent Bankers
Association of Texas presented me the
2020 President's Award.
The reward is for 57 years of dictated service to the banking industry
as a bank examiner, banker, and independent FFIEC/GLBA IT security
auditor.
Press release.
I want to express my sincere gratitude to IBAT and community bankers
everywhere for this outstanding recognition.
|
Yennik, Inc., performs FFIEC information security-technology (IT) /Architecture,
Infrastructure, and Operations (AIO)*
audits for federally insured community banks and credit unions across the
country. About
our Company.
As a former bank examiner with over 40 years IT audit experience, we bring
an examiner's perspective to the information technology audit. In addition,
we use our computer auditing
experience
to determine with reasonable assurance the safe and secure operation of
the computer and Internet activities.
The IT audit follows the examination procedures outlined in the Federal
Financial Institutions Examination Council Information Technology
Examination Handbook to ensure
compliance with the
Gramm-Leach-Bliley Act Section 501 (b).
* As of the June 30, 2021 the FFIEC "Operations" booklet was replaced by the
“Architecture, Infrastructure, and Operations” (AIO) booklet, which you can
find at
https://ithandbook.ffiec.gov/it-booklets/architecture,-infrastructure,-and-operations.aspx. |
|
The scope of the IT audits are based on examination
procedures outlined in the Federal Financial Institutions Examination
Council (FFIEC) Information Technology Examination Handbook, which
includes Information Security (IS) and Architecture, Infrastructure, and
Operations (AIO). Where
applicable, we referenced various information systems/technology
guidelines issued by the OCC, FDIC, and FRB. We also reference the
Control Objectives for Information and Related Technology (CobiT)
published by the Information Systems Audit and Control Foundation, which
is an international open standard of good practices for IT governance,
security, and control.
The IT audit includes completing the FFIEC workpapers for Community
Financial Institution IT Examination Workprogram, Fedline Examination
Procedures, Information Security questionnaire, FRB Gramm-Leach-Bliley
Act 501(b) questionnaire, Information Systems Technology Procedural
Testing reports, and other applicable IT auditing questionnaires.
|
|
The scope of the information systems-technology audit
covers:
- Senior management involvement, review
applicable minutes
- Network, workstation, Internet,
disaster recovery, and other IT security policies
-
Gramm-Leach-Bliley Act Section 501 (b)
-
Overall security procedures
- Segregation of IT duties
- Internal quality and integrity controls
- Data communication security
- User identification authorization
- User level of accessibility
- Restricted transactions
- Activity and exception reports
- Backup procedures
- Other operational security controls
- Insurance coverage
- Network security, which includes the
Internet
- Internal auditing procedures
- Contingency planning and disaster
recovery
- Internet security procedures
- Vendor due diligence
- Fedline Advantage security
- Internet banking controls and
procedures
- Telephone banking
- Internal procedures and controls around
your core banking system, whether internal or external processing
- Remote capture operations
- FFIEC Cybersecurity Assessment
At no additional cost and when
applicable, the IT audit includes the following IT security tests:
1. External VISTA
penetration-vulnerability study
2. Domain server security settings
3. Virtual machine/guest security settings
4. Workstation security setting
5. Network user access
6. Core application access
7. Network topology security analysis
8. Systems security features and controls
9. Sampling for unauthorized software
10. Outsourcing/cloud activities
11. Social Engineering Assessment
12 VoIP Review
If you need any of the following auditing services and for a
discounted additional fee, we can perform the following during the IT
audit:
- Internal network penetration-vulnerability test. If you
need an internal vulnerability audit, you will find more
information about the internal-VISTA penetration study at
http://www.internetbankingaudits.com/intrusion_internal_index.htm.
- ACH audit in accordance with the ACH Rules (published by the
National Automated Clearing House Association). The audit will
include completing the ACH Audit Questionnaire with your
personnel.
-
Web site audit of the institution’s informational web site and
Internet banking.
The scope includes the FFIEC "Guidance on Electronic
Financial Services and Consumer Compliance." You will find more
information about web site audits at
http://www.bankwebsiteaudits.com/.
We are
members of the
Information Systems Audit and Control Association, the
Society of Financial Examiners,
the Institute of Internal Auditors,
and the
Association of Credit Union Internal Auditors.
We follow the code of ethics and auditing standards of these
organizations.
If you are seeking an information
technology audit from an examiner's perspective, please contact Kinney
Williams at Office 806-535-8300 or send an email to
examiner@yennik.com.
Experience
(Over 50 years in banking and bank auditing experience that includes
21 years as a bank examiner)
About our Company.
|
|