SANS Top 20

By: Bryan T. Newlin, CPA.CITP, CISA “How do we compare against similar companies?” “Are we protected against cyber threats?” “What additional controls can we add to improve our IT security?” These questions are incredibly common during our Audit Committee meetings presentations. I love answering them because they demonstrate the Board’s interest in learning more about… Read more »

Investing in Dinner Parties and IT

By: Laura A. Combs, CISSP Recently, while preparing for an extended family dinner, I found myself doing what I routinely do during the prep phase for that type of thing. That would be talking myself out of going way overboard in order to ensure all contingencies are accounted for and that everyone has a phenomenal… Read more »

Focusing on Project Management

The Risk Advisory Services team has been consulting with our financial auditor colleagues in 2016, or what we in the biz call “busy season”, or sometimes “the big show”. As a result, we’ve had the opportunity to discuss the results of regulatory exams for many banks all over the region, allowing us to gauge current… Read more »

Getting Outside of Your Comfort Zone

Call it a rite of passage. Call it the school of hard knocks. Some may call it hazing. But whatever you call it, every brand new auditor experiences it — Their  first interview with a client, asking questions and having no idea what they mean to someone with decades more experience and volumes more knowledge… Read more »

Post Storm Review

Let’s use last week’s snow as the backdrop for this week’s discussion on a post-disaster evaluation. While it was an impact on us, it wasn’t really a disaster but it can show some good points to discuss. I will use my personal preparations and experiences here. Let’s start with preparation. I live outside of Ashland, VA… Read more »

Post Storm Review

Let’s use last week’s snow as the backdrop for this week’s discussion on a post-disaster evaluation. While it was an impact on us, it wasn’t really a disaster but it can show some good points to discuss. I will use my personal preparations and experiences here. Let’s start with preparation. I live outside of Ashland, VA… Read more »

Disaster Strikes!

The forecaster said last night that we will likely see major accumulations on Friday. What should you plan for? From what I can tell, the average American’s disaster plan for snow is to go and buy as much bread and milk the store has in stock. But we need a better plan for work. The… Read more »

Do You Have any IT Resolutions?

It is a new year and a great time to kick bad habits and start anew. Most of us make resolutions with good intent but lose the focus by February to continue. This year, let us think about IT resolutions! Have you made any IT Resolutions? By: R. Curtis Thompson, CPA.CITP, CISA When you hear… Read more »

Cybersecurity and What You Can Do To Prepare, Part Three

To summarize where are, we have talked about identifying your assets and your risks. The next step is to begin using this information in a logical way. The risk assessment component will be used to develop your Risk Management Strategy. Management must establish their risk tolerances in order to evaluate the how they will approach… Read more »

Cybersecurity and What You Can Do To Prepare, Part Two

We have gone through the process of identifying the assets in our network. Now we have to risk rate them. Many of you have plenty of experience in Risk Assessments so this may be a refresher for you. The purpose of a risk assessment is to prioritize the use of limited resources in order to… Read more »