Comprehensive IT Audits

Comprehensive assessment of your unique risks and validation of key controls.



Though we customize each proposal, the scope of the IT Audit typically includes:

  • Technology planning and implementation processes
  • Board and senior management controls
  • Regulatory exams and management responses
  • Information technology practices and procedures
  • General and specific IT control environments
  • Application controls
  • Technology acquisition and implementation processes
  • Business continuity planning
  • Vendor management practices

In addition to reviewing policies, procedures, and practices related to each of these areas, we will perform appropriate tests of key procedures, and internal control attributes to ensure their operational effectiveness.

The report of our IT Audit will include maturity ratings of the major IT governance elements, as defined in COBIT, and an overall rating and audit opinion of the IT function.

Key Features:

  • Based on COBIT 5, COSO 13 and NIST audit and security standards
  • We don’t use junior auditors. All of our auditors have spent 20+ years in audit, security, and banking
  • Can be bundled with our vendor management and information security services to provide comprehensive services to bank and credit union CIOs, CTOs and Information Security Officers

Learn More About Our IT Audit Services

Schedule a time to talk with one of our IT Auditors

or, if you’re ready, request a custom proposal.

Talk to an IT AuditorRequest a Proposal


So, What Makes Us Different?


We don’t use proprietary audit models which makes it difficult on your internal audit function or future auditors. Instead we use the well-documented and proven COBIT audit model.


Because we also provide credit union and bank vendor management solutions as well as vendor evaluation, implementation and utilization consulting, we know the operations and technology challenges unique to each of your unique vendors.


We don’t sell disaster recovery services so our plans and tests are not limited to data recovery. Because of this we can help both with disaster recovery plans and/or business continuity plans.