Regulatory Compliance Services

three images reading best practice

IT Audit for Banks and Credit Unions

CSI IT Audit provides a comprehensive review and analysis of all the major information technology areas recommended by the Federal Financial Institutions Examination Council (FFIEC). Our IT security audit identifies and provides recommendations for mitigating the current and foreseeable risks threatening your systems and the consumer data housed on them.

To protect your customers’ and members' nonpublic personal information and ensure cybersecurity preparedness, you’re required to meet Gramm-Leach-Bliley Act (GLBA) requirements. Part of meeting those requirements is maintaining a thorough understanding of your IT systems.

How to Stay Compliant Using an IT Security Audit

To meet GLBA compliance requirements and FFIEC compliance rules, your financial institution must:

  • Understand how consumer data is stored, accessed and maintained on your IT systems
  • Identify and assess all current and foreseeable risks to your IT systems and the data stored on them
  • Design and implement a risk management plan to mitigate those risks
  • Test the components of the plan and adjust as needed

Performing a bank IT audit helps your institution implement these best practices by researching your specific regulatory compliance needs, performing an on-site evaluation and providing you with an audit report you can use to improve your bank's IT security program.

3-Stage Information Security Audit for FFIEC IT Examination Handbook Rules

CSI's consultants execute three key stages guided by the FFIEC’s IT Examination Handbook when performing a banking IT audit:

  • Research
    Preliminary research to build trust with key personnel and gain sound understanding of your IT systems.
  • On-Site Analysis
    An on-site IT system audit to:
    • Evaluate your IT systems and related procedures
    • Perform comprehensive network vulnerability, patch management and hardware and software inventory scans
    • Review your IT and information security policies and procedures and business continuity planning (BCP) documentation 
    • Assess your controls related to your networks, communications, wire transfers, computer usage, application management, environmental security, vendor oversight, access management, physical security, digital banking and wireless access
    • Conduct a social engineering exercise
    • Provide a risk-based report of observations with recommendations  
  • Audit Report
    A robust bank security audit report puts your institution on the right path for GLBA compliance. This report includes a summary of findings for senior management and your board, illustrations to provide additional analysis and detailed observations from the audit and any additional recommendations.

With CSI's IT audits, you get access to our expert consultants, as well as the sophisticated technology they use to assess your information technology systems. Contact CSI today to find out how you can strengthen your GLBA compliance with a bank IT audit.