IT Compliance Checks

Increasingly comprehensive and complex compliance requirements for information processing equate to huge strains in terms of organization and management for banks. Both determining relevant operating requirements and their implementation pose major challenges for banks on a regular basis. Modern compliance organizations bundle these requirements to map them efficiently. At the same time, they fulfill management's demand for timeliness and transparency in the form of a reporting system, while meeting internal and external auditors' requirements for comprehensible and unalterable documentation at the same time.

A localization report from SKS is a useful tool in our compliance check that can help identify the potential risks and consequences that may result from a range of individual approaches.

We use a proven and standardized approach:

Two dimensions are defined prior to carrying out our compliance check:

a) According to request type

The focal points of our compliance check are modular in structure and can cover the following requirements, for example:

  • Banking law requirements for IT (BAIT)
  • Minimum risk management requiremetns (MA Risk)
  • IDW standards, e.g., 
    • Final examination for the use of information technologies (IDW PS 330)
    • Principles of Orderly Accounting for the Use of Information Technology (IDW RS FAIT 1)
    • Audit of the internal control system at the service company for functions outsourced to the service company (IDW PS 951)
  • IT-Grundschutz, Federal Office for Information Security (BSI)
  • ISO norms, e.g.:
    • ISO 27001 Information Security Management System (ISMS) 
    • ISO 27005 Guidance on IT risk analysis and risk management in the IT area
    • ISO 20000  Information technology – Service management information technology 

b) According to priorities within the compliance organization 

The components of the compliance organization can also be prioritized in the analysis or viewed as a whole, e.g:  

  • IT organization 
  • IT processes
    • IT-supported business processes
    • Incident management & workflows
    • Authorization management, SoD
    • Change management
    • IT operations, backup & recovery
    • outsourced IT processes and- systems
  • IT applications
  • IT infrastructure
  • IT controls assessment as a test of effectiveness and/or test of design
  • IT controll documentation and documentation systems
  • IT General controls and IT-supported business processes (IT Application Controls)

 

We have the extensive experience in the implementation, optimization and testing of IT processes, controls and organizations it takes to help you find the optimal solution to suit your individual needs as an organization.