IT General Controls Review

PKM’s General Controls Review (also referred to as an IT Audit by the regulators) is specifically designed for regulated financial institutions and combines the requirements of general computer controls with the requirements of the Federal Financial Information Examination Counsel (FFIEC). While there is a technical aspect to the service, it is primarily focused on testing management’s oversight of the IT area and its responsibilities under various regulatory rules.

During a general controls review, PKM’s certified IT auditors gauge the level of controls present in an organization’s information systems environment. The three main control areas tested include organizational controls, infrastructure/environmental controls and physical controls.

Organizational Controls

The organizational structure of the IT environment plays an important role in the security of your information systems. The PKM IT professionals assess this and the administrative structure of your IT function, including the existence of policies and procedures for day-to-day operations and the availability of and skill level of your IT staff.

Infrastructure/Environmental Controls

Our review of your data center or information processing facility takes into consideration everything from the adequacy of your air conditioning and temperature control systems (temperature, humidity), power supply (uninterruptible power supplies, generators) and smoke detectors/fire suppression systems, to the cleanliness of your environment, protection from floods and water seepage and tidiness of your electrical and network cables.

Physical and Logical Controls

While much of your IT system can be monitored and controlled remotely, some actions can only be performed via physical access to the technology environment. We assess your ability to enclose all servers in a secure location protected by suitable locked doors and access devices.