Skip to main content


How to Make the Most of Your Annual IT Audit

How to Make the Most of Your Annual IT Audit

When you hear the term “bank robber,” a leather-clad outlaw with a burlap bag in one hand and a pistol in the other likely comes to mind. However, modern bank robbers have evolved past Butch Cassidy and the Sundance Kid–style hold-ups. Instead of weapons and a get-away car, all they need is an understanding of computer network systems and a few stolen passwords to infiltrate a bank’s database and steal money.

According to the Herjavec Group’s 2019 Official Annual Cybercrime Report, cyberattacks on financial service institutions are on the rise, indicating that banks need to direct their security resources to testing their network systems on a more consistent basis. That’s where your annual IT audit comes into play, and why you should build a strong, year-round relationship with your IT auditing firm.

Unfortunately, IT audits are notoriously dreaded every year because of their high-effort requirements. But for all the ways they are inconvenient, correcting the network and process weaknesses revealed by an IT audit can protect customers, not to mention save a bank from reputational damage. For that reason, the partnership between a bank and its auditing partner can be a positive, beneficial one.

There are plenty of ways to take full advantage of your IT audit partner to both make your annual audit go smoothly and garner the most benefits for your institution. Here are a few tips:


✔ Understand that the IT auditing process is going to strengthen your business.

  • Know that if a negative practice within your bank is brought to your attention, addressing the concern will only HELP your business.
  • Approach the process with an open mind and a willingness to help your IT auditing partner accomplish the tasks at hand.

With the rise of online banking, a customer can change accounts quickly to nearly any other financial institution across the country, so prioritizing the protection of existing (and new) customer data couldn't be more important.


✔ Pick a partner who will ask tough questions.

When you look for an IT auditing partner, it may be tempting to settle for the cheapest or most convenient option. However, to ensure that the IT auditing process goes smoothly and successfully, it’s important to find a partner who will take the time to understand your bank and its individual needs. Your IT audit partner should actively be:

  • Having difficult conversations about what your organization is doing (or not doing) in the best possible way.
  • Taking the time to explain to the decision-makers at your institution how important cybersecurity is in today's environment.
  • Being an ongoing resource to provide answers to questions, suggestions for controls, or even additional services to help improve your security posture over time.


✔ Organize accordingly.

At the beginning of the IT auditing process, your partner should send you a list of the information they need from your institution regarding your network and systems. It’s a good idea to go ahead and compile the materials they will need before the process begins to help the first stages move quickly. The elements you will need include:

  • A list of your IT assets
  • Your organized paperwork
  • A clear description of your IT main concerns
  • If you have adopted new systems, applications, or hardware since your last audit, compile that information as well

At the end of the day, remember that regular IT audits are a necessary step for running a successful financial institution. Consumers are hyper-aware of data privacy concerns, and they will likely factor security and data protection into their banking decisions. So, prioritizing the protection of customer data could not be more important.


Written by: Jon Waldman
President of the SBS Institute
Executive Vice President IS Consulting - SBS CyberSecurity

SBS Resources: 

  • {Service} IT Audit: SBS has created a propriety risk-based audit approach based on relevant guidance and industry best practices. Our audit includes an easy-to-read, management-ready report that outlines findings and recommendations to improve and mature your Information Security Program. You also receive complimentary access to the TRAC™ Action Tracking module – a secure platform for report delivery and exchange of information that assists institutions in automating their recommendation tracking as well as assigns and tracks remediation tasks to other users. Learn More | Request a Quote


Related Certifications:

Join our growing community of financial service professionals showing their commitment to strong cybersecurity with a cyber-specific certification through the SBS Institute. Click here to view a full list of certifications.

Certified Banking Security Manager   

Hacker Hour webinars are a series of free webinars hosted by SBS CyberSecurity. Unlike paid webinars, Hacker Hours are aimed to meet on a monthly basis to discuss cybersecurity issues and trends in an open format. Attendees are encouraged to join the conversation and get their questions answered. SBS will also offer products and services to help financial institutions with these specific issues.

Posted: Friday, February 14, 2020
Categories: Blog