IT Examiner School, Seaside, CA

Wire Transfer/ACH Audits

• These services are critical to many financial entities

• Usually included in with ITGC audit – Particularly in small to medium community banks, CUs, and MTs

• Can be a separate audit – Could occur in financial entities with significant wire/ACH activity (all sizes) – Usually in large community financial entities

Vulnerability Assessment vs Penetration Tests

High-level comparison:

• Vulnerability Assessments- identify where facilities or networks are at risk

• Penetration Tests- subject a network(s) to “real life” cyber events internally and externally

Both should be performed, at least, annually.

Note: Some audit firms refer to the above as internal and external network. *Refer to the scope of the test.