IT Risk Assessment & Controls Audit

Community banks are required to comply with guidelines set forth by FFIEC, GLBA, FDIC, and other state-specific regulating bodies and private insurers. Our team of experts apply a National Institute of Standards and Technology assessment framework to banks like yours to comprehensively evaluate your risk environment for items that could lead to service interruption or the unwanted dissemination of sensitive information.

We utilize a range of risk management tools and provide services for community banks small and large by customizing an approach to the specific needs of each institution. We work with smaller institutions to perform an accelerated risk assessment while we perform a broader mix of services for larger community banks relative to their risk tolerance and exposure.

Since completing an IT Risk Assessment & Controls Audit is only the first step in managing a bank’s IT risk and state of compliance, we offer AutoPilot Managed IT Compliance on a fixed-fee subscription basis to ensure the institution is maintaining requirements long-term. Between our services in IT Risk Assessment & Controls Audit and AutoPilot Managed IT Compliance, enCompass offers the most comprehensive solution for evaluating and continuously managing community bank risk and compliance. 

Questions about IT Security?

Questions about Disaster Recovery?

Questions about Compliance?

Ask an IT Expert Now!

Contact Us Now!

Our Approach

Our team of experts apply a custom blend of services to assess the institution’s risk environment:

People – After identifying key staff, we complete a questionnaire and interview process that uncovers key processes, controls, policies and procedures that govern how technology is managed within the bank. This component can include physical security and social engineering aspects depending on the institution’s risk tolerance, exposure, and perceived risks. People are the most critical ingredient in managing risk. Policies, procedures, logs, and other documents are reviewed in detail.

Technology – Our team of IT engineers review documentation and then perform analysis and tests on network and infrastructure including: internal and external vulnerability scanning, firewall and logging review, server and PC review, data flows analysis, network penetration testing, and more to uncover potential threats.

Threat Analysis – Combining the People and Technology aspects of the assessment, threats are inventoried and prioritized.

Action Plan – An action plan is created using the prioritized threat inventory. An executive summary is provided for Board of Directors and other executive staff.