- Michael Dickson
- Director of Information Technology Services
- (614) 947-5259
Our IT Audit professionals have more than 20 years of experience working with financial institutions. Our team members have earned regional and national recognition for their specialized Information Technology focus and service to the accounting profession, and regularly participate in IT strategy and compliance discussions with credit union management. The IT audit team is seamlessly integrated into our integrated financial services audit methodology and their expertise is invaluable in identifying business, technology, and financial misstatement risks that are invaluable to the efficiency and effectiveness of our audits.
Cyber Security Risk Assessment & Three Year Audit Plan
The Risk Assessment will include threats to systems, facilities, and data. Management will assist in the identification and prioritization of risks, and GBQ will recommend a Three Year Audit Plan for addressing the risks.
IT General Controls Review with Audit Tracking
This includes evaluating IT controls in accordance with guidelines established by FFIEC and ODFI and includes the evaluation of controls in the following areas:
GLBA Compliance Review
This review will include assessing compliance with the “safeguard rule” under the Gramm-Leach-Bliley Act (GLBA) including:
Review Business Continuity / Disaster Recovery Plans
GBQ will review existing documented Business Continuity/Disaster Recovery Plan elements and provide our observations and recommendations on the included or missing plan elements.
Network Vulnerability & Penetration Security Assessments
GBQ offers optional external, internal, wireless, and social engineering assessments targeted at specific technology assets. A specific fee quote will be provided depending upon the number of servers/devices/applications/locations to be included in the assessments.
Wireless Security Assessments
GBQ will look at access point configurations and placement, broadcast signal patterns, network segmentation for visitors, and management practices for multiple access points.
Social Engineering Assessments
The assessments include attempts to gain access to systems or data by phishing, solicitation, e-mail, or by physical access to sensitive areas.