IT General Controls Audit

Our Process and Approach

Maize & Blue Consulting, LLC performs IT General Controls Audits to assess compliance with the FFIEC’s Interagency Guidelines Establishing Information Security Standards and to evaluate the effectiveness of internal controls over safeguarding sensitive information assets.

Audit Program

The audit program for this IT General Controls Audit was developed using various resources, including:

  • FFIEC IT Handbooks
  • FFIEC Interagency Guidelines Establishing Information Security Standards
  • Additional FFIEC Interagency Guidelines applicable to cybersecurity
  • NIST Cybersecurity Framework
  • Cyber Risk Institute (CRI) Profile
  • FDIC Financial Institution Letters (FILs)
  • PCI Data Security Standard
  • Center for Internet Security (CIS) Critical Security Controls
  • ISO 27001 Information Security Management System requirements
  • Other related cybersecurity standards and resources
3D illustration of cyber online security with high-tech padlock

Audit Scope

The objective of the IT General Controls Audit is to assess compliance with the information security requirements of the FFIEC’s Interagency Guidelines Establishing Information Security Standards.

 

  • Information Security Program
  • Information Security Program Risk Assessments
  • Information Technology Administration/Strategic Planning
  • Information Security Awareness/Training
  • Information Technology Audit/Independent Review Program
  • Vendor Management/Service Provider Oversight
  • Cybersecurity/Incident Response Program
 
Follow up on findings/recommendations from the prior IT General Controls Audit and Regulatory IT Examination.

Technical Controls Review

As a part of the IT Generals Controls Audit, Maize & Blue Consulting, LLC also evaluates the existence and effectiveness of internal controls over the Information Security Program and related cybersecurity controls as they relate to the protection of the security, confidentiality, and integrity of sensitive information assets.

 

Listed below are the additional control areas to be reviewed in the audit:

  • Security & Access Management – Critical Systems
  • Hardware & Software Management
  • Malware Protection – Workstations, Servers, Email, Gateway
  • Physical Security Program & Networking Equipment Security
  • Mobile Device & Removable Media Security
  • IT Project Management/Systems Change Management
  • Firewall Administration & Systems Logging/Monitoring
  • Wireless & Remote Access Security
  • IT Infrastructure
  • Backup/Replication & Media Management
  • Disaster Recovery/Business Continuity Planning
  • Website & Social Media Administration
  • Administration & Security – Electronic Banking
  • Remote Deposit/Merchant Capture Security
  • ACH & Wire Transfer Security
  • Artificial Intelligence
  • Administration & Security – Core Processing System
  • Administration & Security – Active Directory
  • Hardware & Software Management
  • Malware Protection – Workstations, Servers, Email, Gateway
  • Physical Security Program & Networking Equipment Security
  • Mobile Device & Removable Media Security
  • IT Project Management/Systems Change Management
  • Firewall Administration & Systems Logging/Monitoring
  • Wireless & Remote Access Security
  • IT Infrastructure
  • Remote Deposit/Merchant Capture Security
  • Backup/Replication & Media Management
  • Disaster Recovery/Business Continuity Planning
  • Website & Social Media Administration
  • Administration & Security – Electronic Banking
  • ACH & Wire Transfer Security
 
Futuristic Digital Defense: A Holographic Representation of Cybe

Get Started On Your Personalized Plan

Contact Maize & Blue