1. Learn How to Do a Risk Based Audit of IT Security

Learn How to Do a Risk Based Audit of IT Security

Event ID: 2141478
Date: Tuesday, January 14, 2020; 11 AM Central
Duration: Scheduled for 90 minutes including question and answer period.
Presenter(s): Gary Deutsch, CPA, president, BRT Publications, LLC
Credits: 1.5 NASBA (Management Services)

Learn How to Do a Risk Based Audit of IT Security

The Federal Financial Institutions Examination Council (FFIEC) recently issued a revised Information Security booklet, updating the council's Information Technology Examination Handbook. The update addresses how to:

  • Assess the level of security risks facing a financial institution's information systems
  • Assess the status of an information security programs integration into the institution's overall risk management program
  • Effectively identify, monitor and respond to cyber threats and incidents

According to the FFIEC, information security is a process that institutions have to follow. More specifically, institutions have to protect how their sensitive information is:

  • Created
  • Collected
  • Used
  • Disposed

Information security also requires having the appropriate hardware and infrastructure to store and transmit the information.

To comply with the FFIEC's guidance, institutions need to have a plan in place to demonstrate that they can effectively manage the confidentiality, integrity, and availability of sensitive information. Serious violations could result in a consent order since the regulators consider weaknesses to be a safety and soundness issue.

Management's plan has to address the risk of malicious and non-malicious actions that could adversely impact earnings, capital, or enterprise value. Of concern to the regulators is the potential for:

  • Disclosing sensitive information to unauthorized individuals
  • Increased exposure to misappropriation or theft of information or services
  • Attacks that could degrade services or even render them unavailable
  • Unchecked modification or destruction of systems or information
  • Records that are not timely, accurate, complete, or consistent Information security has become a mission critical obligation for financial institutions. Internal audit, as well as managers that are responsible for implementing security measures, need to conduct periodic audits to ensure compliance with FFIEC guidance.


During this important webinar, our speaker will discuss conducting audit procedures related to:

  • Assessing the adequacy of board and senior management support
  • Evaluating the integration of security activities and controls throughout the institution's business processes
  • Assessing the adequacy of accountability for carrying out security responsibilities
  • Determining the adequacy of cybersecurity measures
  • Evaluating the effectiveness of security controls
  • Evaluating the institution's ability to react appropriately to mitigate threats as technologies and business conditions evolve
  • Evaluating the enterprise risk management approach for integrating processes, people, and technology to maintain a risk profile consistent with the board's risk appetite
  • Determining the effectiveness of oversight and controls related to outsourced IT security functions

BankersWeb.com Quality Commitment

BankersWeb, a division of CareerLearning, wants you to be satisfied with your webinar. If this webinar does not meet your expectations, email us at service@bankersweb.com.