IT General Controls Audit

Our Process and Approach

Maize & Blue Consulting, LLC performs IT General Controls Audits to assess compliance with the Interagency Guidelines Establishing Information Security Standards and to evaluate the effectiveness of internal controls over safeguarding sensitive customer and company information.

Audit Program

The following references were used to develop the audit program for this IT General Controls audit:

 

  • FFIEC IT Handbooks
  • Interagency Guidelines Establishing Information Security Standards
  • FDIC Financial Institution Letters (FILs)
  • FFIEC Interagency Guidance
  • Payment Card Industry (PCI) Data Security Standard
  • ISO 27001 Information Security Management System requirements
  • Other related information technology and information security standards

 

3D illustration of cyber online security with high-tech padlock

Audit Scope

The objective of the IT General Controls Audit is to assess compliance with the information security requirements of the Interagency Guidelines Establishing Information Security Standards

 

  • Information Security Program
  • Information Security Program Risk Assessments
  • Information Technology Administration/Strategic Planning
  • Information Security Awareness/Training
  • Information Technology Audit/Independent Review Program
  • Vendor Management/Service Provider Oversight
  • Cybersecurity/Incident Response Program
 
Follow up on findings/recommendations from the prior IT General Controls Audit and Regulatory IT Examination.

Technical Controls Review

As a part of the IT Generals Controls Audit, Maize & Blue Consulting, LLC also evaluates the existence and effectiveness of internal controls over the Information Security Program and related information technology processes as they relate to the protection of the security, confidentiality, and integrity of sensitive customer information. Listed below are the additional control areas to be reviewed in the audit:

  • Administration & Security – Core Processing System
  • Administration & Security – Active Directory
  • Hardware & Software Management
  • Malware Protection – Workstations, Servers, Email, Gateway
  • Physical Security Program & Networking Equipment Security
  • Mobile Device & Removable Media Security
  • IT Project Management/Systems Change Management
  • Firewall Administration & Systems Logging/Monitoring
  • Wireless & Remote Access Security
  • IT Infrastructure
  • Remote Deposit/Merchant Capture Security
  • Backup/Replication & Media Management
  • Disaster Recovery/Business Continuity Planning
  • Website & Social Media Administration
  • Administration & Security – Electronic Banking
  • ACH & Wire Transfer Security
 
Futuristic Digital Defense: A Holographic Representation of Cybe

Get Started On Your Personalized Plan

Contact Maize & Blue

Maize & Blue Consulting, LLC   |   Sioux Falls, SD   |   Phone: 605.261.1615   |   Contact Us

© 2023 – Maize & Blue Consulting, LLC – All Rights Reserved

Home

Cybersecurity Services

Client Testimonials

Privacy Policy