IT General Controls Review
Systems Services
- SSAE 16 Resource Center
- SAS 70 Resource Center
- Risk Management Assessment
- SOX 404 IT Controls
- Outsourced Information Technology Internal Auditor
- IT General Controls Review
- Network Vulnerability Assessment
- Agreed-Upon Procedures Engagements
- Auditing Application Controls
- Audit Support for IT General & Application Controls
- Penetration Testing
- TR-39 (formerly TG-3) ATM Audit
- IT Infrastructure
PKM’s General Controls Review (also referred to as an IT Audit by the regulators) is specifically designed for regulated financial institutions and combines the requirements of general computer controls with the requirements of the Federal Financial Institutions Examination Council (FFIEC). While there is a technical aspect to the service, it is primarily focused on testing management’s oversight of the IT area and its responsibilities under various regulatory rules.
This is a consulting service that includes audit/examination
procedures from the FFIEC IT Examination handbook
as well as best practices to community financial
institutions. It results in a written report describing
the procedures performed and resulting findings.
During a general controls review, PKM’s certified
IT auditors gauge the level of controls present
in an organization’s information systems environment.
The three main control areas tested include organizational
controls, nfrastructure/environmental controls
and physical controls.
Organizational Controls
The organizational structure of the IT environment plays an important role in the security of your information systems. The PKM IT professionals assess this and the administrative structure of your IT function, including the existence of policies and procedures for day-to-day operations and the availability of and skill level of your IT staff.
Infrastructure/Environmental Controls
Our review of your data center or information processing facility takes into consideration everything from the adequacy of your air conditioning and temperature control systems (temperature, humidity), power supply (uninterruptible power supplies, generators) and smoke detectors/fire suppression systems, to the cleanliness of your environment, protection from floods and water seepage and tidiness of your electrical and network cables.
Physical and Logical Controls
While much of your IT system can be monitored and controlled remotely, some actions can only be performed via physical access to the technology environment. We assess your ability to enclose all servers in a secure location protected by suitable locked doors and access devices.
| About
Us | People | Services
| Industries | Careers
| Site Map | Home |
Events |
Contact Us |
Copyright 2011. All rights reserved. Secure
Document Transfer or Secure Payment Processing
