Services

NETBankAudit can work in coordination with your existing audit department or as a complete outsourced solution to your audit or assessment needs. In addition, NETBankAudit can bundle any or all of the following services into an integrated solution for our clients depending upon your institution's internal audit needs. Below is a listing of our standard services and descriptions of each.

Internal Audits

  1. Information Technology (IT) Audit
    2. (Close Window)

    Information Technology (IT) Audit

    NETBankAudit provides risk based IT audits rooted in COBIT methodology. COBIT audit methodology was developed specifically for IT audits and is the industry standard. NETBankAudit utilizes GLBA, FFIEC, SOX (where applicable) guidelines and our extensive community financial institutional experience in developing our GLBA/FFIEC compliant risk based audit objectives and scope. NETBankAudit can also help your institution develop an IT Audit Risk Assessment process to serve as the foundation of a risk based audit plan. In addition, our industry leading internal and external vulnerability and penetration technical testing is included in the IT audit unless otherwise specified.
  2. Sarbanes-Oxley (SOX) IT Audit
    (Close Window)

    Sarbanes-Oxley (SOX) IT Audit

    http://www.sarbanes-oxley.com
    NETBankAudit offers COBIT/FFIEC-compliant SOX Section 404 IT Audit services to complement our General Controls Review (GCR) IT Audit service or as a standalone service. SOX Section 404 is focused on the controls, including the security and change management controls, around the financial accounting systems and processes. A SOX IT Audit review can be used as a driver for broader risk management objectives to improve security and maintain consistent security processes, controls and infrastructure. The change management component of the review encompasses relevant SOX application/system, employee, vendor, and process changes. Utilizing a client-provided Internal Control Matrix for IT, developed in collaboration with you, NETBankAudit can provide a customized approach to addressing your institution's SOX IT Audit requirements.
  3. Operational Audits
    • ACH Audit (NACHA Compliance)
      (Close Window)

      ACH Audit (NACHA Compliance)

      The objective of the ACH audit is to confirm that the community financial institution's policies, procedures, and operating controls are consistent with the requirements outlined in ACH rules, regulatory requirements, and industry best practices. The audit will be performed based on the guidelines and instructions for ACH Audit as defined in the 2009 ACH Workprogram published by Mid-Atlantic Payments Association (MACHA). A written report, separate from the IT Audit, is prepared that contains detailed findings and assessments based on the analysis, review, and testing performed. The report will document the tests that were conducted to evaluate specific controls and their effectiveness. It will also describe those areas where management should be aware of identified control weaknesses within the ACH function.
    • Internet Banking (Transaction Level) Audit
      (Close Window)

      Internet Banking (Transaction Level) Audit

      NETBankAudit performs audits of the compliance and operational controls over the Internet Banking functions. Internet banking is governed by FFIEC and certain Consumer Affairs Regulations. Our evaluation consists of observation, inspection, and interviews with relevant staff members at the community financial institution, as well as a review of supporting documentation. The objective of the audit is to confirm that the community financial institution's policies, procedures, and operating controls are consistent with the requirements outlined in regulatory statutes and guidance as well as industry best practices.
    • Wire Transfer (Transaction Level) Audit
      (Close Window)

      Wire Transfer (Transaction Level) Audit

      NETBankAudit performs audits of the Wire Transfer function and associated controls. Wire transfer is governed by regulatory statutes and FFIEC guidance. Our evaluation consists of observation, inspection, transaction testing, and interviews with relevant staff members at the community financial institution, as well as a review of supporting documentation. The objective of the audit is to confirm that the community financial institution's policies, procedures, and operating controls are consistent with the requirements outlined in regulatory statutes and guidance as well as industry best practices.
    • Item Processing (Transaction Level) Audit
      (Close Window)

      Item Processing (Transaction Level) Audit

      NETBankAudit performs audits of the Item Processing (including Remote Deposit Capture if applicable) function and associated controls. Item Processing is governed by the Check 21 Act, Regulation CC, Regulation J, and FFIEC guidance. Our evaluation will consist of observation, inspection, transaction testing, and interviews with relevant staff members at the community financial institution, as well as a review of supporting documentation. The audit covers ten specific control which are applied to internally and externally deployed systems including other forms of electronic item processing systems (e.g., mobile banking and automated clearing house [ACH] check conversions).
  4. Bank Secrecy Act (BSA) Audit
    (Close Window)

    Bank Secrecy Act (BSA) Audit

    NETBankAudit conducts an objective independent evaluation of the written BSA/AML compliance program and performs testing for specific compliance with the BSA, and evaluates pertinent management information systems (MIS). The audit is risk-based and evaluates the quality of risk management for all banking operations, departments, and subsidiaries. Our risk-based approach varies depending on the bank's size, complexity, scope of activities, risk profile, quality of control functions, geographic diversity, and use of technology. Although the frequency and depth of each activity's audit will vary according to associated risks, all of the bank's activities will receive appropriate coverage. The primary goal of risk-based audits is to enable the board of directors and auditors to use the bank's risk profile to focus the audit scope on the areas of greatest concern. Our verification testing is also designed to assist the board of directors and management in identifying areas of weakness or opportunities for improvement.
  5. Regulatory Compliance Audits
    (Close Window)

    Regulatory Compliance Audits

    An effective regulatory compliance program starts with an evaluation of the compliance risks specific to a community financial institution's operations and structure. NETBankAudit has the information technology and regulatory compliance professionals who can assist our clients with audits, assessments and even development of all applicable compliance programs including Fair Lending, CRA, HMDA BSA/AML, as well as Loan & Deposit Compliance (see individual descriptions for more information). We can also provide compliance committee consulting and advice including examination preparation and assistance
    • Fair Lending Audit
      (Close Window)

      Fair Lending Audit

      The methodology for the Fair Lending audit process is based on actual Fair Lending laws and regulations as well as the FFIEC Consumer Compliance Handbook. Further, the institution's specific risk factors determine the actual audit framework that will be utilized during the engagement. The scope of the audit includes a review of all relevant lending policies, procedures, and practices to insure compliance with Regulation B (Equal Credit Opportunity Act), Regulation C (Home Mortgage Disclosure Act - HMDA), the Fair Housing Act (FHA), and Unfair or Deceptive Acts or Practices (Regulation AA). Subsequently, the institution's Fair Lending internal control structure is tested to ensure that the implemented policies, procedures, and practices are sufficiently employed.
    • CRA Audit
      (Close Window)

      CRA Audit

      Our evaluation of the Community Reinvestment Act (CRA) includes an analysis of the institution's performance under the applicable lending, investment, and service tests within each delineated assessment area. Technical compliance (i.e. reporting requirements) will also be evaluated. The objective of the audit is to confirm compliance with CRA as well as satisfactory performance. Our evaluation of the Community Reinvestment Act (CRA) includes an analysis of the institution's performance under the applicable lending, investment, and service tests within each delineated assessment area. Technical compliance (i.e. reporting requirements) of CRA and HMDA will also be evaluated. The objective of the audit is to confirm compliance with CRA as well as satisfactory performance.
    • Loan and Deposit Compliance Audit
      (Close Window)

      Loan and Deposit Compliance Audit

      NETBankAudit provides Loan and Deposit Compliance Audit engagements by highly experienced and qualified personnel with Certified Regulatory Compliance Manager (CRCM) or equivalent applicable certifications. The purpose of these audits is to determine the organization's adherence to all lending and deposit compliance related acts and/or regulatory guidance, including but not limited to Lending related guidance such as: Reg. Z, RESPA, HUD, PMI, Reg. H., Reg. M, and deposit compliance such as: Reg. DD, Reg. CC, Reg. E, Reg. Q & D. The audit methodology employed will be based on the Compliance Handbook, and the scope includes both portfolio level and loan level review complete with performance and mitigation guidance where applicable.

Internal Assessments

  1. GLBA IT Controls (Review) Assessment
    (Close Window)

    GLBA IT Controls (Review) Assessment

    NETBankAudit provides a risk based IT controls assessment service based in COBIT methodology, which covers the same scope as an IT Audit; however, because it is an assessment, we do not provide work papers, but a written evaluation of each control area. NETBankAudit utilizes GLBA, FFIEC, SOX (where applicable) guidelines and our extensive community financial institutional experience in developing our GLBA/FFIEC compliant risk based controls objectives and scope. In addition, our IT controls assessment includes our industry leading internal and external vulnerability and penetration technical testing unless otherwise specified.
  2. GLBA Information Security Risk Assessment
    (Close Window)

    GLBA Information Security Risk Assessment

    NETBankAudit provides a GLBA/FFIEC compliant enterprise-wide Information Security Risk Assessment service designed to provide your institution with all the tools necessary to develop and maintain a robust program. This service is tailored to meet the yearly GLBA regulatory requirement of a management-owned risk assessment. As such, this service is a collaboration between NETBankAudit and the customer where we mentor you through this engagement and leave you with something you can understand and continue to use for years to come. Our proven process is based on an approach outlined in the National Institute of Standards and Technology's (NIST) Special Publication 800-30, industry best practice and our 7 years of experience supporting the community financial institutions market. The process has also been tailored to meet the regulatory requirements for a risk assessment, as outlined in the Interagency Standards for Safeguarding Customer Information and the FFIEC Information Security Booklet and where applicable, NCUA Information System and Technology (IS&T) Program as revised and outlined in Credit Union Letter No. 06-CU-10. We provide the tools and training while conducting a thorough analysis of the control areas identified in the Information Security Risk Assessment. As with the other assessment services, this engagement includes our industry leading internal and external vulnerability and penetration technical testing, unless otherwise specified. Not just shelfware, our Risk Assessment methodology will give management a tool to assist them in managing the ever changing technical and regulatory environment.
  3. Information Security Program Vulnerability Assessment
    (Close Window)

    Information Security Program Vulnerability Assessment

    NETBankAudit provides an (IT) internal and external vulnerability assessment to our community financial clients. Although limited to IT, this vulnerability assessment employs the same strict adherence to methodology as defined in our GLBA Information Security Risk Assessment. We include both internal and external vulnerability technical testing and also a complete evaluation and gap analysis of your existing Information Security Program (policies and procedures) and the existing Information Security Risk Assessment process. NETBankAudit can customize this engagement to include or exclude internal or external testing as a part of the scope.
  4. Security Awareness (Social Engineering) Training and Assessment
    (Close Window)

    Security Awareness (Social Engineering) Training and Assessment

    NETBankAudit provides Security Awareness Assessments customized to our client's specific needs and objectives.. We believe that awareness, knowledge and training are the keys to protecting against social engineering and identity theft We are able to provide our clients custom Security Awareness presentations for their employees to increase knowledge of both potential social engineering attacks and awareness of client's existing policies and procedures for handling social engineering incidences. NETBankAudit is able to deliver these presentations either in person or over the web to reach client employees on location (branches). We also follow up with specific social engineering testing (e.g. onsite physical testing or external "phishing", "phone" or "baiting" attacks) to verify employee awareness.
  5. Business Continuity and Disaster Recovery Plan
    (Close Window)

    Business Continuity and Disaster Recovery Plan

    Regulatory requirements and industry best practices for business continuity and disaster recovery planning have changed materially in recent years. As a result, many banks' existing plans have new gaps to fill, in addition to keeping pace with the changes that have occurred in the institution's business plan, physical environment, and information systems infrastructure. NETBankAudit will work with your community financial institution to develop a Business Continuity and Disaster Recovery Plan that is scalable and addresses a broad range of disruption scenarios. The plan will deal with the entire organization and incorporate information and resources in both physical and electronic form. Provisions for crisis management, communication, testing, training, and the involvement of third parties will also be included in the plan. This service is a collaboration between NETBankAudit and the customer where we mentor you through this engagement and leave you with something you can understand and continue to use for years to come.

Vulnerability (Testing) Assessments

  1. Information Technology (IT) Technical Vulnerability Assessment
    (Close Window)

    Information Technology (IT) Technical Vulnerability Assessment

    NETBankAudit offers independent technical vulnerability testing for our community banking clients. This engagement includes both remote external vulnerability and penetration technical testing and onsite internal vulnerability testing (trusted and/or un-trusted) along with an onsite physical security review of your information security. This is the same technical testing provided in our IT Audit and Risk Assessment services. NETBankAudit adheres to strict industry standard methodologies such as NIST and ISO in the construction of our assessment methodology and have extensive experience in delivering for FFIEC and GLBA based regulatory review. Our engineers are highly trained and skilled in their fields with CISA, CISSP and CISM certifications. In addition, our technical assessments are guided by our experience and knowledge in GLBA and FFIEC objectives and guidelines.
    • Remote Information Technology (IT) Technical Vulnerability Assessment
      (Close Window)

      Remote Information Technology (IT) Technical Vulnerability Assessment

      NETBankAudit offers independent remote technical vulnerability testing for our community banking clients. This includes both internal and external vulnerability and penetration technical testing without the physical security review as offered in the onsite version, saving the cost of a face-to-face visit. Our engineers will work with your in house staff to coordinate the use of our equipment and tools to accomplish the testing without the cost of travel. This is the same technical testing provided in our other IT audit and vulnerability assessment services.
  2. External Vulnerability Assessment (External Pen Test)
    (Close Window)

    External Vulnerability Assessment (External Pen Test)

    NETBankAudit also offers standalone and independent external technical vulnerability assessments for our community banking clients. This is the same external technical pen testing provided in our IT Audit and Risk Assessment services. It provides not only the external vulnerability and pen testing but also an extensive public discovery process in which the engineer uses a combination of manual and automated searching techniques to identify potentially harmful public information pertaining to the financial institution. Such information may include configuration errors, accidental/unintentional posting of sensitive or internal information, Trojan/Viruses/Spyware which has targeted the institution, malicious sites, and phishing attacks. Again, we adhere to strict industry standard methodologies such as NIST and ISO in the construction of our external pen testing methodology. Our engineers are highly trained and skilled in their fields with CISA, CISSP and CISM certifications. In addition, our technical assessments are guided by our experience and knowledge of GLBA and FFIEC objectives and guidelines. External pen test engagements can also include social engineering tests such as "phishing", "phone engineering" and "baiting".
  3. Social Engineering Vulnerability Testing
    (Close Window)

    Social Engineering Vulnerability Testing

    NETBankAudit provides social engineering vulnerability testing customized to our client's specific needs and objectives and designed to verify training effectiveness. NETBankAudit is uniquely qualified to provide social engineering testing through its understanding of community financial institutions, information security standards, and our investment in the qualified engineers, auditors and tools needed to be professional and effective in our engagements. We are able to customize both onsite testing such as person-to-person testing at predetermined locations and/or external testing including but not limited to "phishing attacks", "phone" attacks and "baiting attacks" to verify employee awareness.

NETBankAudit understands that protecting your customers' information is protecting your business!