IT General Controls Review (ITGCR)

At PKM, we believe an IT audit should not only fulfill your regulatory requirements, but also improve your control environment and ultimately provide management with the insight to make better decisions.

Our Information Technology General Control’s Review (also known as an IT audit) is based on the Federal Financial Institutions Examination Council’s (FFIEC) IT handbooks, which were specifically crafted with financial institutions in mind. PKM has more than 20 years of experience performing IT audits for our financial institution clients – carrying out over 30 separate engagements every year. That said, we bring a deep understanding of the industry and how it has evolved over the years, especially as it relates to systems and information technology. We stay current on industry trends and emerging regulations so that our team has a solid understanding of the challenges our clients face every day. Our clients appreciate that we work together with them to find the ‘right sized’ approach to their business when preparing the scope of our audits and focus on risk-based recommendations that take into account the unique size and complexity of their organization.

For those that may be less familiar with IT audits, it is a review typically performed annually and includes areas that encompass core security principles as noted by the FFIEC’s IT handbooks, including the latest guidance such as the Information Technology Risk Examination (InTREx).

When looking at these areas we consider the overall governance, controls in place (automated, configurable, and manual), risk, and monitoring in all of the audit procedures. At the end of the audit, we provide a report that includes a list of actionable recommendations in order to easily communicate to the Board and examiners where you stand. We strive to provide our clients with reasonable, controls-based recommendations, based on industry best practices as well as the FFIEC guidance. Often times, we also present these reports to the Board or Audit Committee on behalf of our clients.

For more information on the PKM IT audit approach, or to schedule a consultation, please contact Systems Partner Mike Morris at or 404-420-5669.