Pub. 9 2018 Issue 1

www.wvbankers.org 10 West Virginia Banker I ntroduction. A few years ago, we published an article regarding information technology trends in the financial institution industry. The article was a result of questions we received during seminars, speaking engagements and conducting various client engagements. In some cases, the question resulted from a financial institution while addressing issues with implementing a new product or service. Regardless of the reason, we are encouraged whenever questions are brought to our attention. A proactive approach to addressing potential infor- mation technology issues can be very beneficial to a financial institution. We thought it would be a good time to provide an updated communication on a few of the latest hot buttons affecting the financial institution’s industry and best practices to consider. This article focus- es on a few of the challenges, or issues, we have seen or have read about impacting various financial institutions. In addition to the challenges identified, we have listed compensating controls that could be implemented to assist in addressing the specific chal- lenge or issue. Please note the items listed are not an all-inclusive list. Logical Access. This item was listed in our prior communication a few years back but since logical access controls are critical to the protection of customer data, we thought it would be important to list it again. When utilizing a computer system to process significant transactions, it is important that the logical access assigned to financial institution personnel promotes for an adequate segregation of duties. In many cases, employees may not have the authority to process certain transactions per policy but the logical access assigned to them grants them that authority. In these cases, the financial institution would have a segregation of duties issue resulting from the logical access assigned to their personnel. The inappropriate access assigned can occur for several reasons. In some cases, an employee may have new job duties and responsibilities resulting from a promotion but the logical access assigned was not changed in accordance with the change resulting from the promotion. In other cases, an employee may have the same primary responsibili- ties but has experienced subtle changes that result in inappropriate logical access assigned. We have By Chris Joseph, Arnett Carbis Toothman LLP Information Technology Common Issues and Questions