Preparing for & Conducting a FFIEC IT Audit in 2015
Information technology is a key function of any financial institution and one that is highly scrutinized. Gain basic knowledge of how to properly plan for and conduct a FFIEC IT audit in today's changing, challenging and highly regulated environment.

Information technology is a key function of any financial institution and one that is highly scrutinized by regulatory agencies in the areas of IT general controls, information privacy and cybersecurity. This webinar provides basic knowledge of how to properly plan for and conduct a FFIEC IT audit within today’s ever-changing and challenging threat landscape.

The program begins with an overview of risk assessments and audit planning and work through the critical elements of each required audit units/segments. The discussion also addresses recent FFIEC cybersecurity guidance and what this means to your risk assessment and audit planning processes. The program wraps up with a discussion of how to report these audits to senior management, the audit committee, as well as the board of directors.


  • Technology risk and cybersecurity assessments
  • Internal IT audit planning, expectations, scope and approach
    • Retesting prior issues
    • Business continuity
    • Development and acquisition
    • E-Banking: internet banking, mobile banking
    • Information Security
      • Cybersecurity overview
      • Recent breach information and breach vectors
      • Logical access
      • Penetration testing
      • Information security assessment
    • Management
    • Operations
    • Outsourcing technology services/vendor management guidance
    • Retail payment services/remote deposit and branch capture
    • Wholesale payment systems
  • Internal audit execution from fieldwork through exit meeting, reporting and follow up


Chief audit executives, internal auditors, internal IT auditors, CIOs, ISOs, IT personnel and financial and operations management.


James E. Stempak, CDP, is a Principal in Crowe Horwath LLP’s Risk Consulting Practice. He has over 30 years of experience in providing internal audit, risk management and process consulting services. Jim is the service delivery leader for Crowe’s Texas practice and focuses on technology risk management.

Christopher Wilkinson, CISSP, CRISC, is Crowe Horwath’s Senior Manager overseeing penetration assessments for Crowe’s Risk Practice, which performs security assessment services for over 300 clients annually. Christopher currently manages enterprise security assessments in the areas of penetration testing, IT/network security, IT forensics, business continuity planning, and information security strategy.

Michael Fisk, CISA, is a Manager with Crowe Horwath LLP’s Risk Consulting Practice. Michael has over 10 years of experience in providing external and internal audit, as well as risk management services. He currently manages IT general control reviews, internal audit, service organization control (SOC) and Sarbanes-Oxley Section 404 engagements.

Credit Information

Institute of Certified Bankers: Visit http://www.icbmembers.org/login.aspx for instructions regarding self-reporting. Estimated credits: 2 hours/session


Live Webinar:

Member price: $275.00 | Non member price $550.00

On-Demand Webinar

Member price: $295.00 | Non member price $560.00


Online: Visit the CBA Webinar Catalog

Mail: Click here and mail completed form with check payable to ConferenceEdge to: (Mail at least 10 days prior to event)

1516 Xavier St., Ste 500, Denver, CO 80204

Phone: Call ConferenceEdge at (877) 988-7526 (credit card payments only)

Please Note:

  • Preferred Payment Method: Online
  • Please register online or by phone when paying with a credit card
  • Payment Must Accompany Registration – Invoices are Not Provided

Register online up to day of event. Earlier registration allows time to check your computer for an optimal experience.