NETBankAudit follows FFIEC guidelines for outsourcing internal audit functions
We function as an extension of your internal audit function as defined by IIA standards. Our primary methodology is COBIT (Control Objectives for Information Technology) published by the Information Systems Audit and Control Association. Other methodologies/standards are employed based on engagement requirements and include COSO, SOX, FDICIA, and SANS. Each methodology, standard, or statue is tailored to the organization’s size and complexity as well as compliance requirement (e.g. FFIEC, HIPPA). Our compliance audit engagements rely heavily on examination guidance and procedures while leveraging ACAMS and CRCM designations.
The following internal auditing services can be offered as bundled outsourced services, individual outsourced services or as supplemental services to existing internal audit programs:
Information Technology (IT) Audit(s)
As with all of our audit services, the components of our IT Audit Suite can be delivered bundled or as individual supplements to your existing internal audit program (rent an expert).
- General Controls – includes:
- IT Governance
- IT Management
- IT Operations
- IT Security
- IT SOX Controls
- FDICIA Controls
- Information Security/GLBA
- Cybersecurity Controls Evaluation
- SANS Critical Controls Testing
- Core Processing System
- Mainframe/Midrange
- Application
- Networking Technology
- General Network Administration, Operations, and Security
Server, Router, Switch Configuration - Infrastructure and Virtualization
- Cloud Computing
- Active Directory
- General Network Administration, Operations, and Security
Within these areas, evaluations are structured based on operational criticality and security risks. Specifically, the audit encompasses the following systems and/or applications:
- Core data processing (mainframe computer, application software, and related services)
- Network (internal/external connectivity and related hardware, software, and related services including virtualization, cloud, etc.)
- Item processing/proof (hardware, software, and services related to item capture, processing, and reconcilement/balancing)
- Internet banking (hardware, software, and services facilitating customer access to account information)
- Mobile banking (hardware, software, and services facilitating customer access to account information)
- Telephone banking (hardware, software, and services facilitating customer access to account information)
- ATM, debit, and credit cards (hardware, software, and services facilitating customer access to account information)
- Wire transfer and ACH (hardware, software, and services facilitating customer access to account information)
- Web based applications (various web-based systems facilitating bank employee access to human resources, accounting, lending, and marketing functions)