IT General Controls Audit
Home / Cybersecurity Services / IT General Control Audit
Our Process and Approach
Maize & Blue Consulting, LLC performs IT General Controls Audits to assess compliance with the Interagency Guidelines Establishing Information Security Standards and to evaluate the effectiveness of internal controls over safeguarding sensitive customer and company information.
Audit Program
The following references were used to develop the audit program for this IT General Controls audit:
- FFIEC IT Handbooks
- Interagency Guidelines Establishing Information Security Standards
- FDIC Financial Institution Letters (FILs)
- FFIEC Interagency Guidance
- Payment Card Industry (PCI) Data Security Standard
- ISO 27001 Information Security Management System requirements
- Other related information technology and information security standards
Audit Scope
The objective of the IT General Controls Audit is to assess compliance with the information security requirements of the Interagency Guidelines Establishing Information Security Standards
- Information Security Program
- Information Security Program Risk Assessments
- Information Technology Administration/Strategic Planning
- Information Security Awareness/Training
- Information Technology Audit/Independent Review Program
- Vendor Management/Service Provider Oversight
- Cybersecurity/Incident Response Program
Technical Controls Review
As a part of the IT Generals Controls Audit, Maize & Blue Consulting, LLC also evaluates the existence and effectiveness of internal controls over the Information Security Program and related information technology processes as they relate to the protection of the security, confidentiality, and integrity of sensitive customer information. Listed below are the additional control areas to be reviewed in the audit:
- Administration & Security – Core Processing System
- Administration & Security – Active Directory
- Hardware & Software Management
- Malware Protection – Workstations, Servers, Email, Gateway
- Physical Security Program & Networking Equipment Security
- Mobile Device & Removable Media Security
- IT Project Management/Systems Change Management
- Firewall Administration & Systems Logging/Monitoring
- Wireless & Remote Access Security
- IT Infrastructure
- Remote Deposit/Merchant Capture Security
- Backup/Replication & Media Management
- Disaster Recovery/Business Continuity Planning
- Website & Social Media Administration
- Administration & Security – Electronic Banking
- ACH & Wire Transfer Security