Service Solutions
Accounting Outsourcing Assurance BKD Technologies Business Owner Succession Consulting Corporate Finance Forensics & Dispute
  Consulting Risk Management Tax WealthPlan
With expertise in…
Corporate Governance Solutions Information Security Services

Risk Management for Financial Institutions Brochure

Risk Management Brochure
Risk Management Request a call from a BKD advisor

Risk Assessments

Why Does My Organization Need a Risk Assessment?

A risk assessment is the foundation for a company’s information security program. Your information security program should protect the company’s most critical systems and data. A risk assessment identifies possible risks to the security of an organization’s information systems:
  • Loss of confidentiality of sensitive information
  • Lack of availability of critical data systems

For financial institutions, the Gramm-Leach-Bliley Act (GLBA) and the Federal Financial Institutions Examination Council’s (FFIEC) guidelines require a risk assessment to be performed. Other organizations may apply the risk assessment process as a component of SOX compliance or internal audit activities.

What Threats Should Be Considered?

There is no single list of threats that applies to all organizations. All reasonably foreseeable threats should be considered, and those are defined by factors such as the institution’s location and its technical environment. Threats are commonly categorized as one of the following:
  • Natural - tornado, earthquake, etc.
  • Human - accidental or intentional acts
  • Technical - equipment or communication failure

How Often Should Risks Be Assessed?

Risk assessment is an ongoing process. For example, risks should be assessed anytime a new server is installed or new controls are implemented. Ideally assessments should occur before changes are made.

Our Solution

BKD Risk Management Group uses a risk-assessment process based on guidelines from the National Institute of Standards and Technology’s (NIST) Risk Management Guide for Information Technology Systems and the Federal Financial Institutions Examination Council’s (FFIEC) Information Security Handbook. Assessment results are analytical reports that help you understand the risks to your organization’s information system.

Informed decisions can then be made about additional controls and system changes.

Request a call from a BKD advisor

For More Information

Contact your BKD advisor or:
Cindy Boyle, CPA, CFIRS, CIA
Partner
501.372.1040
CPAs and AdvisorsBeyond Your Numbers
Search
Search for Jobs Client Login Contact BKD
Service Solutions
About BKD   |  Locations   |  Service Solutions   |  Industry Solutions   |  Careers   |  Media Center
Home   |  Contact BKD