IT Audit Services
The quality and scope of IT audits, as well as the qualifications of those performing reviews are consistently evaluated for adequacy by examiners. DD&F provides the necessary knowledge, scope and expertise to identity, address, and resolve information technology risk while meeting the necessary regulatory requirements. Our reviews include, but are not limited to, an assessment of management oversight activities, information security practices, business continuity planning, vendor management practices, electronic banking activities, and general IT operations.
DD&F provides internal and external vulnerability assessments that are designed to detect technical vulnerabilities that could result in unauthorized access to the network and access to confidential or sensitive data. Our professionals can identify such weaknesses and assist your institution with corrective efforts in a cost effective manner.
The importance of information security in the banking industry has grown tremendously over the last several years due to regulatory requirements and the increasing threats to the integrity, security and confidentiality of customer information. DD&F can provide resources such as customer information security and identity theft risk assessments, as well as development and review of your bank’s programs, policies and procedures to meet FFIEC requirements.
Regulatory agencies have increasingly emphasized the importance of business continuity in their exams; however, the establishment of an effective and functional business continuity program can be a time-consuming, frustrating and daunting task for bank personnel.
Our program meets the requirements as described in the FFIEC IT Examination Handbook: Business Continuity Planning Booklet and includes a business impact analysis, a disaster risk assessment, an emergency response plan, a pandemic plan, bank wide business and disaster recovery plan and contingency plans for specific bank departments. In addition, we can help facilitate tabletop testing of the completed plan and deliver a report detailing the results of the test with action items to be completed.