R. Kinney Williams & Associates®
R. Kinney Williams
Yennik, Inc.

Information Systems-
Technology Audits

R. Kinney Williams, Yennik, Inc., performs on site information security-technology (IT) audits for
financial institutions located in western Texas, eastern New Mexico, and western Oklahoma.  Depending upon the institution's size, the IT audit will take about one or two weeks at the financial institution.

As a former bank examiner with over 35 years IT audit experience, we bring an examiner's perspective to the information technology audit.  In addition, we use our computer auditing experience to determine with reasonable assurance the safe and secure operation of the computer and Internet activities.  

The IT audit follows the examination procedures outlined in the Federal Financial Institutions Examination Council Information Technology Examination Handbook to ensure compliance with the Gramm-Leach-Bliley Act Section 501 (b).  

CoBit Audit Guidelines

The scope of the IT audits are based on examination procedures outlined in the Federal Financial Institutions Examination Council (FFIEC) Information Technology Examination Handbook. Where applicable, we referenced various information systems/technology guidelines issued by the OCC, FDIC, and FRB.  We also reference the Control Objectives for Information and Related Technology (CobiT) published by the Information Systems Audit and Control Foundation, which is an international open standard of good practices for IT governance, security, and control.

The IT audit includes completing the FFIEC workpapers for Community Financial Institution IT Examination Workprogram, Fedline Examination Procedures, Information Security questionnaire, FRB Gramm-Leach-Bliley Act 501(b) questionnaire, Information Systems Technology Procedural Testing reports, and other applicable IT auditing questionnaires.

FDIC Electronic Banking Guidelines

The scope of the information systems-technology audit covers:
  1. Senior management involvement, review applicable minutes
  2. Network, workstation, Internet, disaster recovery, and other IT security policies
  3. Gramm-Leach-Bliley Act Section 501 (b)
  4. Overall security procedures
  5. Segregation of IT duties 
  6. Internal quality and integrity controls
  7. Data communication security
  8. User identification authorization
  9. User level of accessibility
  10. Restricted transactions
  11. Activity and exception reports
  12. Backup procedures
  13. Other operational security controls
  14. Insurance coverage
  15. Network security, which includes the Internet
  16. Internal auditing procedures
  17. Contingency planning and disaster recovery
  18. Internet security procedures
  19. Vendor due diligence
  20. Fedline Advantage security
  21. Internet banking controls and procedures
  22. Telephone banking
  23. Internal procedures and controls around your core banking system, whether internal or external processing

At no additional cost and when applicable, the IT audit includes the following IT security tests:

1. External VISTA penetration-vulnerability study
2. Domain server security settings
3. Virtual machine/guest security settings
4. Workstation security setting
5. Network user access
6. Core application access
7. Network topology security analysis
8. Systems security features and controls
9. Sampling for unauthorized software
10. Outsourcing/cloud activities

If you need any of the following auditing services and for a discounted additional fee, we can perform the following during the IT audit:

  1. Internal network penetration-vulnerability test.  If you need an internal vulnerability audit, you will find more information about the internal-VISTA penetration study at http://www.internetbankingaudits.com/intrusion_internal_index.htm
  2. ACH audit in accordance with the ACH Rules (published by the National Automated Clearing House Association).  The audit will include completing the ACH Audit Questionnaire with your personnel.
  3. Web site audit of the institution’s informational web site and Internet banking.  The scope includes the FFIEC "Guidance on Electronic Financial Services and Consumer Compliance."  You will find more information about web site audits at http://www.bankwebsiteaudits.com/.

We are members of the Information Systems Audit and Control Association, the Society of Financial Examiners, the Institute of Internal Auditors, and the Association of Credit Union Internal Auditors.  We follow the code of ethics and auditing standards of these organizations.

If you are seeking an information technology audit from an examiner's perspective, please contact Kinney Williams at Office 806-798-7119 or send an email to examiner@yennik.com

(Over 40 years in banking and bank auditing experience that  includes 21 years as a bank examiner)


Back Button

Yennik, Inc.


Company Information
Yennik, Inc.
4409 101st Street
Lubbock, Texas 79424
Office 806-798-7119

Please visit our other auditing sites:
The Community Banker - Bank FFIEC & ADA Web Site Audits
Credit Union FFIEC & ADA Web Site Audits - Bank Auditing Services
Medical Records Security
US Banks on the Internet  
US Credit Unions on the Internet
Penetration-Vulnerability Testing

 All rights reserved; Our logo Yennik, Inc. is registered with the United States Patent and Trademark Office.
Terms and Conditions, Privacy Statement, © Copyright Yennik, Incorporated

We are Americans and will never be defeated.