FFIEC & GLBA Based Technology Audit
Breathe easy. Your business will be protected.
The truth is that FFIEC and GLBA technology audits are technically very similar between providers; it’s having the right guide that makes all the difference. To us, security is much more than checking some boxes. If you’re going for the bare minimum to ensure compliance, you’ll find a more suitable partner elsewhere. Our client partners want to be more than compliant. They want to be secure.
Here's some detail of our scope:
Internal Controls Review and Risk Assessment
-
Interview key data processing personnel.
-
Review selected documentation and other documented controls.
-
Observe operations activity and the control environment.
-
Review security procedures and physical safeguards.
-
Define and report overall risk in the Technology area.
Risk-Based Testing Approach
-
Setting a baseline risk which will be based on the complexity of Information Systems.
-
The applicability of each MIS general control objective to the environment at the Client.
-
The relative effectiveness of existing controls that support the objectives.
-
The presence of compensating internal controls.
-
The relative cost/benefit of various control alternatives.
Client Responsibilities
-
Assigning a primary contact.
-
Providing the names and contact information for personnel within your organization that are pertinent to the goals of this engagement.
-
Acknowledging the request for Work Papers or other relevant information within a 24 hour period during normal business hours. This is not saying that the request needs to be satisfied in this time frame. But communication does need to be in progress so that the time frame for the actual resolution of the issue can be made known to all involved parties.
-
Participation of appropriate personnel within your organization in an escalation process in the case that necessary information has not been made available in an acceptable timeframe or a findings resolution has not been resolved in the necessary time frame.
Vala Secure uses the specific guidelines set forth by the FFIEC and CobiT as a baseline to evaluate risk. Below are brief descriptions of each of the twelve FFIEC handbooks Vala Secure will cover for your Information Technology Audit. Each section provided in the our final reports will contain supplements and cross-mappings to applicable CobiT control objectives. This will provide insight about what each booklet consists of and what Vala Secure will be doing to ensure Client is in compliance.

-
We’ve got your back. Although technology audits are highly technical and specific, we’re doing much more than checking off some boxes. When you work with Vala Secure, it’s personal. We’re here to protect not only your company and its employees or customers. We’ve got your back too. We’ll guide you on your path toward #ValaSecure.
-
We’ve seen it all. Okay, maybe we haven’t seen everything, but we have seen a LOT. Highly regulated industries like banking and healthcare lean on us for thorough, professional, annual audits. Organizations know they can count on us when an urgent, immediate need arises. Whatever your goal, we’re here to help.
- We speak human. You’re really great at your job. We’re pretty great at ours. But at no time will a member of this team talk down to you or otherwise make you feel uncomfortable during this process. We love our jobs and we love our clients.
This is what we know. This is what we do.
There is a lot of jargon in this industry. You shouldn’t have to learn our jargon in order to understand how technology audits affect your business. With Vala Secure, we’ll explain everything to you in real English, so that you not only understand what we found, but are a part of the solution.
Our audits are highly customized based on your organization and industry. We’ll ensure you’re prepared for exams from external auditors.
Technology audits include testing and reviewing hundreds of items in your organization. No stone is left unturned. You’ll understand what we’re doing and what your technology audit results mean for your business. Then, we’ll review our recommendations and game plan, so that you understand exactly what to do next.
Depending on your specific needs, we can even take care of the next steps, so that you don’t have to worry about a thing.