1. The CompuNet Team Advantage
Our auditing services provide an independent review by experts within the technology industry. CNI is staffed with fully certified cabling engineers, A+ certified service technicians, Microsoft Certified Systems Engineers (MCSE), and Certified Novell Engineers (CNE) and Administrators (CNA). In addition, our auditors have many years of experience in the technology and computer industry managing virtually every level of sophisticated computer networks, from stand-alone PCs to Local Area Networks (LAN) to Wide Area Networks (WAN) to Mainframe operations. Our expertise covers all areas of EDP/IS Management, including management oversight, processing controls, backup procedures, disaster recovery planning and testing, contingency planning, Y2K program management, computer security and equipment/software control.
2. Scope of Audit
The rapid growth of information systems technologies has caused significant changes in the way that financial institutions process data and information. EDP and IS controls need to be reviewed by independent auditors that are capable of understanding IS technologies and the impact these systems have on providing efficient, secure service to all customers. The CNI team can provide an in-depth technology review that is not normally offered by traditional auditing firms.
In addition, CompuNet's auditors are members of the Information Systems Audit and Control Association (ISACA) and the Computer Security Institute (CSI). Both organizations are recognized global leaders in IT governance, security, control and assurance.
CNI auditors use many references, along with their vast experience, to review EDP/IS functions. The primary source for EDP auditing in banks is the IS Examiner's Handbook developed by the Federal Financial Institutions Examination Council (FFIEC). This interagency guide contains an exhaustive overview of information systems concepts, practices, examples of sound IS controls, and the checklists and questionnaires used by bank examiners to conduct EDP exams on financial institutions and independent service bureaus. CNI's audit will prepare a bank to meet the strict FFIEC guidelines, while providing expert solutions for any weaknesses or potential problems areas that are discovered.
3. Areas Covered During Audit
CNI will use a combination of questionnaires and interviews, along with a review of system logs, printouts and other documentation, to audit the following areas of your bank's EDP and IS operations:
4. Audit Schedule/Itinerary
- Management of IS Operations
- Equipment, software and organization
- User department controls over data processed by IS departments
- Program and procedural documentation review
- EDP Policy Manuals
- EDP Plans
- IS Strategic Plans
- Processing controls
- Backup and Recovery procedures
- Disaster Recovery procedures
- Policies and Procedures
- Internal Controls
- External threat analysis (basic)
- Contingency planning
- System Administration practices
- End-User computing policies and practices
- Policies and Procedures
- Training Program
- E-Mail usage
- Internet usage
- Software usage
- Adherence to policies and standards
- Internet Banking Operations (if offered to bank's customers)
- Third-Party Vendor Review
- Contracts & Agreements
- Procedures & Support Levels
CNI provides the entire EDP audit in an initial review, which varies in length based on the size and complexity of the computing environment. A typical audit will take 3 to 5 days of on-site time, plus additional research and evaluation time needed to prepare the final formal report to the board. During the review, CompuNet will visit all of the offices of your bank and perform a 100% hands-on audit of all computer servers and workstations to verify controls and policies are in place and are functioning properly. In addition to the initial review, CompuNet's EDP Audits include a follow-up visit in six months to check on items opened up during the initial review. This follow-up visit will also include an in-depth, semi-annual security review and provide a formal status update report to assist IS Managers in monitoring the progress of completing any tasks related to any formal findings and observations opened during the initial audit visit.
5. Report of Findings and Recommendations
CNI will prepare and submit advance copies of questionnaires to the customer that will be used to expedite the on-site time required to complete the audit. CNI uses a combination of advance surveys/questionnaires, interviews during the visit of key EDP/IS personnel, review of system reports, and actual hands-on research to evaluate the various EDP and IS functions.
Upon completion of on-site reviews and analysis of advanced surveys, questionnaires and other documentation, CNI will prepare a formal report, detailing the findings and recommendations for each of the audited areas. This report can serve as a blueprint for your technical staff to follow to ensure accurate, secure and reliable computer operations are in place.
» Call today for more details: 478-738-9849 or Toll Free 1-800-872-5203 «