IT Risk Management

IT risk management and cybersecurity are vital for financial institutions and their clients. We will test your defensive systems to identify vulnerabilities and thwart threats before they arise.  Onsite or via our remote technology capabilities, we will evaluate, recommend and implement workable policies and procedures.

Our IT risk management solutions include reviews and assessments for:

  • Cybersecurity controls
  • Internal/external vulnerability
  • GLBA compliance
  • Disaster recovery
  • Business continuity
  • SOX audit, consulting and controls
  • SOC1, SOC2 and SOC3 engagements
  • VISA PCI PIN Security assessments
  • ATM and POS Security

What do you offer to address cybersecurity?

You need to be prepared for any risk threat to your institution’s controls—we can help with that in a variety of ways, including:

  • Inherent-risk profiling
  • Maturity-level designation
  • Threat intelligence/collaboration
  • External-dependency management
  • Cyber-incident management
  • Remediation recommendations

Cybersecurity Controls Review

Organizations are expected to evaluate their cybersecurity preparedness by evaluating their inherent Risk Profile and Cybersecurity Maturity level.  We will work with your organization to help identity an appropriate maturity level based on your unique Inherent risk profile. Following the FFIEC's Cybersecurity Assessment Tool, we will perform testing and make recommendations for the controls surrounding:

  • Cyber Risk Management & Oversight
  • Threat Intelligence & Collaboration
  • Cybersecurity Controls, External Dependency Management
  • Cyber Incident Management & Resilience 

We can include the Cybersecurity Controls Review with your annual Technology Controls Review. 

How can you help assess my FI’s vulnerabilities?

The potential for disclosure, misuse or destruction of your private customer information means assessment and protection is key.

  • Security-posture assessment
  • Vulnerability identification
  • Infrastructure evaluation
  • Social-engineering security
  • NIST-level external/internal assessment

How can I work with Fortner Bayens, P.C to manage disaster recovery?

Planning ahead is paramount to managing potential disaster recovery—we provide:

  • Business continuity planning
  • Catastrophic plan review
  • Comprehensive, stakeholder-driven crisis management

What can you offer by way of GLBA compliance?

You need a solid foundation to effectively manage risk in your institution—we navigate GLBA regulatory issues, offering:

  • Policy mapping
  • Controls/objectives assessment
  • Safeguard standardization
  • Compliance documentation

Why Fortner Bayens, P.C?

The Fortner Bayens experience is unmatched—here’s why:

  • Specialized expertise in the banking and finance industry
  • 20+ years average experience among shareholders
  • Ongoingone-to-one engagement
  • Consistency and accountability
  • No hidden charges—just sensible financial advice

GET TO KNOW Fortner Bayens, P.C

Have a specific question?

Contact our subject-matter expert, Keith Ferguson, and he will answer all your questions relating to IT risk management.


Explore other services we offer:

Audit Services

Audits designed exclusively for financial institutions—from directors’ exams to due diligence exams.


Tax Services

Investigation of your tax offerings—from regulatory compliance to planning to maximize savings.


Loan Review and Asset Management

Examination of your loan and asset portfolios—from cash-flow analysis to loan-grading verification.


Regulatory Compliance

Monitoring of your regulatory needs—from annual ACH reviews to BSA/AML model validation.


Keith A. Ferguson, CISA, CISSP, CRISC

Phone: 303.382.5205