IT Audit Services
Regulatory attention continues to focus on the quality and scope of IT audits, and the qualifications of those performing the reviews. DD&F provides the necessary knowledge, scope and expertise to identity, address, and resolve information technology risk while meeting the necessary regulatory requirements. Our reviews include, but are not limited to, an assessment of management oversight activities, information security practices, business continuity planning, vendor management practices, electronic banking activities, and general IT operations.
DD&F provides internal and external vulnerability assessments that are designed to detect technical vulnerabilities that could result in unauthorized access to the network and to confidential or sensitive data. Our professionals can detect these weaknesses and assist your institution in taking corrective actions in a cost-effective manner.
Over the last few years, the importance of information security in the banking industry has skyrocketed due to regulatory requirements and increasing threats to the integrity, security and confidentiality of customer information. DD&F can bolster your IT security by performing customer information security and identity theft risk assessments, and helping develop and review your bank’s programs, policies and procedures in accordance with FFIEC requirements.
Regulatory agencies have increasingly emphasized the importance of business continuity in their exams. Establishing an effective, functional business continuity program is no easy task, though. It can be a time-consuming, frustrating and daunting task for bank personnel.
Our business continuity program meets the requirements as described in the FFIEC IT Examination Handbook: Business Continuity Planning Booklet and includes a business impact analysis, disaster risk assessment, emergency response plan, pandemic plan, bank-wide business and disaster recovery plan, and contingency plans for specific bank departments. In addition, we can help facilitate tabletop testing of the completed plan and deliver a report detailing the results of the test with action items to be completed.