Virtual IT Audit

Audit Icon

Although completing an IT Audit 100% remotely may be a new idea your organization is considering, SBS has successfully conducted Virtual IT Audits for years. A Virtual IT Audit follows the identical process of an onsite audit and requires the same evidence, documentation, and scope. Our audit team has developed the technology, infrastructure, and experience to deliver a 100% remote offering that matches the quality of service that our clients have come to expect from an SBS audit with increased efficiency.

The SBS IT Audit is risk-based and tailored to the size and complexity of each individual organization, providing a personalized experience from start to finish. It is based on industry best practices and features the following:

Virtual and onsite options available.
Reviews for compliance and adequacy.
Focuses on how management determines the organization's cybersecurity risk exposure and how the risk is controlled or mitigated.
Considers FFIEC Work Programs and current regulatory guidance (FDIC FILs, OCC Bulletins, and Federal Reserve SR Letters) for financial institutions, as well as other industry best-practices (NIST Cybersecurity Framework, NIST 800-53, NIST 800-171, CIS Top 20 Critical Security Controls, etc.)
Covers governance, network cybersecurity, risk management, virtualization, ATM operations, identity theft/red flags, asset management, emergency preparedness, vendor management, electronic banking, and wireless networks
Identifies areas of greatest IT risk exposure to the institution in order to focus audit resources.
Promotes the confidentiality, integrity, and availability of information systems.
Determines the effectiveness of management’s planning and oversight of IT activities.
Evaluates the adequacy of operating processes and internal controls.
Determines the adequacy of enterprise-wide compliance efforts related to IT policies and internal control procedures.
Recommends appropriate corrective action to address deficient internal controls. In many cases, we will provide management with examples or instructions to help resolve the recommendation.
Comes with access to the TRAC™ Action Tracking module to automate your remediation action plan.
Provides an easy-to-read, management-ready report that outlines findings and provides recommendations to mitigate risks found, as well as suggestions to improve and mature your Information Security Program.

"We have done remote IT Audits with SBS CyberSecurity for the last few years. They were extremely thorough and we were happy with how they were conducted."
Citizens Bank, MO

"Since the start of your COVID induced travel ban, SBS has performed a number of virtual services for our institution, vulnerability assessment, penetration test, IT audit, and continued with weekly consultant calls. Not once have I noticed a disruption in services, weekly consultant calls are still made, reports have been delivery timely and the Virtual IT Audit went incredibly smooth! "
Sara - Banker in Nebraska

✔ COMMON QUESTIONS

We have found there are three common areas to consider when conducting a Virtual IT Audit to ensure an efficient and successful engagement.

Communication

+ Can the IT auditor communicate effectively if the service is performed virtually?:

Communication is important for all services; however, in a Virtual IT Audit, communication is absolutely vital to the value that the organization gets from the engagement.

A Virtual IT Audit from SBS utilizes several different communication channels such as online meetings (with screen sharing and conference call capabilities), video conferencing (when available), email, information sharing portals such as TRAC™, phone calls, and text messages to ensure the quality of the process. Communication expectations are always set up front with your auditor.

Availability

+ What about the availability of the auditor vs. our in-house staff? How does that work?:

When an auditor is onsite it is easy to get access to your team for interviews, questions, and concerns. When the Auditor is virtual, it’s even more important that the auditor gets access to the staff and information needed to conduct the audit.

With an SBS Virtual IT Audit, a schedule is created for the duration of the audit that encompasses the topics and ISP components to be reviewed, interview times for your staff members, regular check-ins with your team, and a formal Exit Meeting to discuss findings and recommendations.

Physical Security

+ What about physical security checks? How can you validate physical security controls if you’re not onsite?:

Physical security is a very important component in an information security program and needs to be addressed even in a Virtual IT Audit.

With an SBS Virtual IT Audit, physical security is reviewed and assessed through the use of video or photos of each physical control to ensure the completeness of the audit. If you have the ability to turn on a webcam and walk us around your physical premises virtually, that’s the preferred option. If not, your IT auditor will talk you through taking pictures of specific physical security checks and areas to get a good understanding of the controls you have in place.

Upcoming Webinars

Hacker Hour: External Penetration Testing

Webinar: CAT vs. IT Risk Assessment: What's the difference and why are they both important?

{Webinar} Using Your BIA and Data Flow Diagrams to Understand Risk

Breaking Barriers: Women in Cybersecurity Roundtable

✔ COMMON QUESTIONS

Communication

Availability

Physical Security

Upcoming Webinars

Recent Posts