Practical Guidance
Time-saving Solutions
Knowledgeable Insights

IT Auditing for Financial Institutions

Select a format

Book :+ Folio exe file
ISBN: 9780769878294
In Stock
eBook :epub
ISBN: 9780769879710
In Stock
Best value
eBook :mobi
ISBN: 9780769879710
In Stock
Best value
Downloadable Content :exe
Not sold separately
ISBN: 9780769878294
In Stock
International Order Inquiry

Product details

View a sample of this title using the ReadNow feature

Today’s financial institutions have significant investments in technology that demand close scrutiny by management. Regulators recommend external IT reviews every year, with continuous internal IT audit coverage and greater scrutiny of network security — regardless of whether the systems are in-house or outsourced.

IT Auditing for Financial Institutions was written for the IT auditor as well as for the IT auditee, the individual or group that must prepare for the IT audit. Knowing what the IT auditor or examiner will be expecting gives financial institution management the opportunity to better manage IT risk and establish the necessary internal controls, policies, procedures, systems, and processes that contribute to a safe and sound operation.

It is preferable to address areas of IT risk before the IT auditor or examiner brings the risk to management’s attention through audit and exam findings. Such a proactive approach can be a sign of engaged management and a well-run operation. Having the other team’s playbook before the big game can help you develop your own winning game plan. Consider this book that playbook. This is not to say that auditors and examiners should be viewed as opponents. Quite the opposite is true. Contrary to popular belief, auditors and examiners do not “get paid by the finding” nor do they enjoy auditing or examining a poorly managed operation.Subscribers will receive a downloadable file containing editable forms. Chapters 4A, 6C, and 6D reprint material that appears in Internal Audit Procedures Handbook and Risk-Based Auditing for Financial Institutions, also by Gary Deutsch.

Subscribers will receive access to a downloadable file containing editable forms.

Editable Documents

The publication subscription includes downloadable files delivered through the LexisNexis® Store download center. The downloadable files include the following features:

•  The entire publication is provided in a Folio infobase, offering a robust search engine and the ability to jump from one search match to the next through the entire publication. The Table of Contents for the entire publication can be viewed side-by-side with the text.

•  Editable Microsoft® Word files are included in the Folio infobase and can be downloaded and customized. The Word files are fully Formatted and will be updated to reflect changes made in corresponding text sections of the publication. Word files are provided for a variety of documents, including exhibits, Checklists, sample policies, sample Procedures, sample audits, Questionnaires, and model Forms.

This publication includes editable Word files for the following documents:

No.                        Title
1.2                         Sample 1: IT Audit Schedule
1.3                         Sample 2: IT Audit Schedule
1.5                         Request for Information
1.6                         Internal Control Questionnaire
1.7                         Data Center Internal Control Questionnaire
1.8                         IT Audit Workprogram
1.8A                      IT Audit Checklist
1.8B                      Network Vulnerability Assessment Checklist
1.9                         Systems and Information Inventory
1.10                       Information Asset Classification
1.11                       Possible Threats
1.12                       Input Sheet with Asset Classification
1.13                       Information Security Risk Assessment Input Model with Asset Classification
1.16                       Risk Matrix
1.15                       Information Security Risk Assessment Summary
1.18                       Risk Mitigation Action Plan
3.4                         Data Center Invoice Audit, Core Processing Services Worksheet
3.5                         Web Site and Internet Banking Features Checklist
3.6                         Web Site Hosting Security Workprogram
3.7                         Internet Banking System Questionnaire/Workprogram
3.8                         Auditing Bill Pay: Bill Payment System Questionnaire/Workprogram
3.9                         Imaging System Questionnaire
3.10                       Document Imaging System Features Checklist
4.1                         Sample Network Security Review Workprogram
4.1A                       Network Vulnerability Assessment Workprogram
4.2                         Sample Vulnerability Assessment Test
4.3                         As/400 Operations Internal Audit Workprogram
4.4                         Sun Solaris Security Workprogram
4.5                         Change Management Form
4.6                         VPN Security Implementation Checklist
6C.11.01                Exhibit 6C.1 – Information Technology Audit Checklist
6C.20.01                Exhibit 6C.2 – Sample Audit Committee Charter
6C.20.02                Exhibit 6C.3 – Sample Internal Audit Charter
6C.20.03                Exhibit 6C.4 – Risk Management Action Plan Worksheet
6C.20.04                Exhibit 6C.5 – Outsourcing Responsibilities Checklist
6C.36.01                Exhibit 6C.6 – Sample Audit-Planning Questionnaire
6C.36.02                Exhibit 6C.7 – Sample Memos
6C.36.03                Exhibit 6C.8 – Sample Audit Plan Template
6C.36.04                Exhibit 6C.9 – Time Report Worksheet
6C.47.01                Exhibit 6C.10 – Pre-Audit Self-Assessment Questionnaire
6C.63.01                Exhibit 6C.11 – Sample Charter for an Audit Committee Authority
6C.63.02                Exhibit 6C.12 – Questions To Be Considered In Evaluating An Internal Control Structure Within A Financial Institution
6C.63.03                Exhibit 6C.13 – Checklist For Internal Controls
6A.01.1                   Acceptable-Use Policy for Secured Systems
6A.02.1                   Asset Management Policy
6A.03.1                   Blackberry Policy
6A.04.1                   Blogging Policy
6A.05.1                   Business Continuity Planning Policy
6A.06.1                   Cell Phone Policy
6A.07.1                  Disposal of Information Policy
6A.08.1                   Electronic Banking Policy
6A.09.1                   Email Usage Policy
6A.10.1                   Firewall Administration Policy
6A.11.1                   Hardware and Software Standards Policy
6A.12.1                   Information Security Program Policy
6A.13.1                   Internet Banking Policy
6A.14.1                   Internet Usage Policy
6A.15.1                   Intrusion Response Policy
6A.16.1                   IT Steering Committee Policy
6A.17.1                   Laptop Policy
6A.18.1                   Network Administration Policy
6A.19.1                   Pandemic Influenza Policy
6A.20.1                   Patch Management Policy
6A.21.1                   PDA Policy
6A.22.1                   Physical Security Policy
6A.23.1                   Remote Access Policy
6A.24.1                   Security Administration Policy
6A.25.1                   Security Awareness Training Policy
6A.26.1                  Software Management and Licensing Policy
6A.27.1                   Spam Policy
6A.28.1                   Spyware Policy
6A.29.1                   System Access/Change Management Form
6A.30.1                   Systems Backup Policy
6A.31.1                   User ID and Password Standards Policy
6A.32.1                   Virus Protection Policy
6A.33.1                   VPN Security Considerations Policy
6A.34.1                   Wireless Network Security Policy

Authors / Contributors

Table of Contents

Chapter 1: Planning the IT Audit

Chapter 2: The IT Environment

Chapter 3: IT Audit Areas

Chapter 3A: IT Auditing and Fraud Detection and Prevention

Chapter 4: Network and Internet Security

Chapter 5: Case Studies

Chapter 6: Business Continuity Planning

Chapter 6A: Model Policies

Chapter 6B: Integrating Operations and Staff in Mergers and Acquisitions

Chapter 7: IT Audit Guidance

Chapter 8: Business Continuity Planning Guidance

Chapter 9: Intrusion Response Procedures

Chapter 10: E-Banking Guidance

Chapter 11: Information Security Guidance

Chapter 12: Supervision of Technology Service Providers Guidance

Chapter 13: Retail Payment Systems Guidance

Chapter 14: Development and Acquisition Guidance

Chapter 15: Management Guidance

Chapter 16: Outsourcing Technology Services Guidance

Chapter 17: Operations Guidance

Chapter 18: Wholesale Payment Systems Guidance