IT Audit & Security

FIPCO has established IT Services and partnerships to deliver world class solutions to our customers. We have the experience and expertise to deliver on an institution's number one priority, which is to better manage risk with a proactive Security Program. The Security Program’s audit and security activities are designed to cover critical aspects of business operation in the protection of enterprise IT infrastructure and the business computing environment.

  • Security controls must be both proactive and reactive in order to protect what can be predicted and react to what cannot.

"If it’s predictable, it’s preventable.”

and industry-wide;

“Security must become part of every organizations DNA.”

  • Audit is a management measure that checks the adequacy and effectiveness of controls. In general audit is preventative, but not proactive. Review of controls encourages due diligence of original control implementation and identifies missing preventative controls, but after implementation.

Both security and audit are necessary in an effective Security Program and have their place in the overall protection of any organization. Every institution’s Risk Profile must be used to determine how much security is reasonable; when to mitigate, when to transfer and when to accept risk.

It is quite clear that from an Information Technology perspective the Security Program must have two critical characteristics. Those characteristics are for IT security controls and audits to be:

Risk Based


Information technology advancements have changed the way our institutions transact business, how governments operate, and even impacted how national defense is ensured. Protection of essential business systems is critical and the efforts to protect them must be continuous. Malicious activity has had exponential growth to a point where in February 2008 it was identified that “half of the Internet use has something to do with hackers or is done with criminal intent”. (As reported by Ian Cook, security expert of Team Cymru Research). The threats today are highly targeted at specific individuals or organizations. They are from hackers, spies, corporate raiders, terrorists, professional criminals, and vandals. These groups have a vested interest and have established well defined objectives that will challenge technology for financial and political gain.

In spite of the greatly increasing amount of malicious activity from external activity; for most organizations the greatest threat still remains from internal sources. The incidents that result can lead to financial loss, loss of reputation, legal and regulatory or compliance issues and basic damages of an institution’s enterprise infrastructure and ability to process transactions.

FIPCO can assist with the effectiveness of your Security Program through state of the art industry standard Risk Assessment methodologies, reviewed by the FDIC and used in organizations large and small. Consider FIPCO for assistance in helping to maintain, expand and improve the controls your organization must have in place in order to ensure the safety and soundness of your business.

For more information on any of the FIPCO IT Services contact your FIPCO® account executive at 1-800/722-3498 (Ex. 254 or 258) or FIPCO Sales

"Sherry ~ I wanted to thank you so much for taking the time this afternoon to webex into our ARM product. I can’t even begin to tell you how relieved I was to know that we were on the right track. Thank you also for helping us make a few minor changes to the product set up. Thank you for your reassurance and time spent with us this afternoon. In case you haven’t heard it lately, you are awesome!"

- Lorrie Sonnentag, Citizens State Bank, Cadott

IT Threat Intelligence Briefings

Compliance Round Table Discussion

Join FIPCO and network with your peers on IT Threat issues in your bank. 

Click here for more details.

IT Security Newsbytes

Stay current between FIPCO IT Audit Round Table Discussions by subscribing to the IT Services InfoSecmsg e-publication! This FREE weekly update provides the latest on the information security landscape and its impact on your organization.

Register to receive this critical e-publication today!