Projects > Banking & Compliance
1.FFIEC Compliance Audit:
This audit was to conduct a review of a Bank, with asset size of $140 million. This review took four days onsite at the bank to review their existing policies and procedures as it relates to the specific requirements of the FFIEC regulations. After the exit interview, Aporia team prepared a Preliminary IS Review Report. This report showed that the Bank lacked some of the required privacy policies and lacked Board approval of their Security and Privacy Policies. Once the client reviewed and accepted the findings they prepared the Management Responses. Upon receiving the Bank’s responses, Aporia prepared and submitted the Final IS Review Report.
2.GLBA compliance Audit:
This audit was of a bank with asset size of $300 million. The review of their existing policies and procedures as it relates to protecting the privacy of its customers took four days onsite at the bank. After the exit interview, Aporia team prepared a Preliminary GLBA Review Report. This report showed minor findings that the bank was able to address by enforcing the existing procedures. Once the client reviewed and accepted the findings, they prepared the Management Responses. Upon receiving the Bank’s responses, Aporia prepared the Final Report.
3. FFIEC GLBA Compliance Audit:
One of our client, a $290 million asset size bank has an external IT Audit performed annually. The review of their existing policies and procedures as it relates to the specific requirements of the FFIEC and the GLBA privacy regulations took five days onsite at the bank. After the exit interview, we prepared a Preliminary IS Review Report. This report showed that the Bank lacked some of the required privacy policies and notes of their IT Steering Committee meetings. Once the client reviewed and accepted the findings, the Bank prepared the Management Responses. Upon receiving their responses, Aporia prepared the Final Report.
4. FFIEC GLBA and Network Assessment:
This engagement included a review to address all the IT compliance requirements for a Bank with asset size of $300 million. This review of the Bank’s existing policies and procedures as it relates to the specific requirements of the FFIEC and the GLBA privacy regulations took five days onsite at the bank. The network assessment involved performing a vulnerability assessment on all the internal and external IP hosts. After the exit interview, Aporia team prepared a Preliminary IS Review Summary Report. FFIEC GLBA section showed that the Bank needed to update some of the required privacy policies, lacked notes of their IT Steering Committee meetings and needed to have Security Awareness Training. The summarized network section listed all the vulnerabilities found, rank them by severity, and then describe how to remediate the risk. Once the client reviewed and accepted the findings, they prepared the Management Responses. Upon receiving their responses Aporia prepared and submitted the Final IS Review Summary Report along with a Detailed Technical Report of the Network findings.
5. “Pen Test”:
For a Bank, Aporia conducted an External Vulnerability Assessment to assess all external network and internet risks and potential network and security problems of the Bank’s network. Aporia conducted this assessment utilizing third party software and manual investigations. This was done to determine what anyone outside the bank could find and do. The report provided both a summary (for management) and a detailed listing (for their IT team) of all the vulnerabilities found, rank them by severity, and then recommendations on how to remediate the risk.
6. SOX IT Controls:
We assisted a publicly listed bank with asset size of $800 million with their SOX activities. Our focus was to support the internal auditor with the Bank’s IT Controls. Aporia team prepared Narratives, Workflows, Risk Control Matrixes, Test of Design and Test of Effectiveness. This assistance was performed onsite at the bank and took less than five weeks.
