Information Security Audit for Banks: Assessing Technology Risks

Authors: Regulatory Compliance Associates, Inc. (REGCOM)
Format/Frequency: Looseleaf with CD/Twice per year
Price: $525

Look Inside This Book!*
*Requires Adobe Acrobat Reader

Your bank’s information is one of its most vital assets, and you know how critical it is to protect and secure that information and the facilities that process and maintain it. And now that the regulators have imposed specific compliance and audit requirements for customer identification programs and information security, you need to be sure you’ve established adequate controls on your bank’s information system and network.

What’s more, with the specific independent auditor requirements under the Sarbanes-Oxley Act, the best way you can minimize risk in an increasingly operational-focused regulatory environment is by self-auditing your information system and network. Sheshunoff’s Information Security Audit for Banks: Assessing Technology Risks is the only reference created just to help you with this vital process.

This insightful and timely resource provides guidance for writing recommendations on designing information security systems, outsourcing information security for support, and upgrading existing security systems. And with a CD included, you will be able to customize the resources to your own needs.

Information Security Audit for Banks addresses all your security audit questions, including:

What are the basics that must be in place to protect internal information resources, including customer information?
What minimum risk considerations should the management team address?
What types of potential risk areas do regulatory agencies focus on when conducting onsite regulatory examinations?

Build an Audit Program, or Beef Up Your Existing Procedures

If you are a seasoned information security auditor, you will find insights and guidance in Information Security Audit for Banks to supplement your existing information security audit program. Our expert authors have approached this topic from a risk-assessment perspective, relying in part on information risk assessments, and also in part on audit risk assessments.

If you are newer to the task of auditing information security, you will find a wealth of guidance on:

Information security audit and the important evaluations of systems and controls, including details regarding the basic objectives
Planning the information security audit
Factors affecting the designing and implementation of a dynamic information security audit program
Weighing and/or measuring business considerations that affect the information security audit process
Sample information security audit policy and general procedures
Sample information security audit questionnaires to information security related controls and processes
Significant regulatory implications pertaining to information security audits
Reminders on unique systems issues
Underscoring the importance of information risk assessment(s)
Sample information security audit programs for specific areas
Sample information security systems overviews
Examination of an institution’s information security controls by external third parties, particularly federal financial institution regulatory examiners

Expert Authors Give You Field-Tested Solutions

Our authors, Regulatory Compliance Associates, Inc. (REGCOM), combine their insights on recent regulatory agency issuances on information security with current research on technology and a wealth of hands-on experiences gained in their work with hundreds of financial institutions. REGCOM is one of Sheshunoff’s most popular authors and is headed by Jerry Miller, a former OCC field examiner and member of the OCC Regional/District management team. After his work in the public sector, where he still maintains a network of strong insider contacts, Mr. Miller served as practice leader for KPMG Peat Marwick’s Financial Institutions Regulatory Compliance Consulting Practice group.

REGCOM’s professionals all have regulatory examination experience and a policy or procedural decision-making background. The staff members focus specifically on one or more regulatory area affecting financial institutions, and write and lecture extensively on their specialties. They are the authors of Sheshunoff’s Bank Policies, Procedures, and Internal Audit services, among other titles.

Stay On Top of Your Information Security Audit Requirements

This manual is the most authoritative guidance available for assessing technology risks. Click above to order now, and ensure your institution will better manage these rapidly changing issues where others falter.