264 Cheese Spring Road
Wilton, CT 06897
Office: (203) 834-1218
Cell: (203) 858-5344
E Mail alanknapp@.att.net
Mr. Knapp has over twenty years of professional services experience performing audits for financial institutions. He has directly worked with and assisted his clients evaluate IT controls, SOX compliance perform IT audits and review financial systems and processes.
Independent GRC – GRC, IT and SOX Auditor: Knapp Associates
1. Perform IT audit review designed in accordance with the work program set forth in the Federal Financial Institution Examination Council's (FFIEC) Information Systems Examination Handbook, the NCUA Rules and Regulations, Part 748, Appendixes A & B, as well as NIST800-53. Using the following methodology:
• Interviews with personnel
• Direct observation of activities and conditions
• Testing of applications, as required
2. Review of data access passwords and security controls to ensure that data remains available to those who are authorized to use it and denied to others, not just in the course of transactions but also during archive storage and even after disposal. Also review Log and Patch Management policies & procedures to ensure internal controls are being implemented.
3. Perform Inclusion Risk Assessment defined in OCC Bulletin, Customer Information Protection defined in 12 CFR 30 Appendix B & GLBA FDIC 501(b) and Service Organizations applying SAS No 70 & OCC Bulletins 2001-47 & 2000-12.
4. Perform internal control review in accordance with section 404 of the Sarbanes-Oxley Act. Review financial transactions and spreadsheets to ensure that they effective and efficient, and are properly recorded reported and authorized. Collect eventual matter, create a narrative, process walk through flowcharts, validated the COSO component of the control activity, with specific examples that reinforce that a particular control is working as stated. Assign the appropriate COBIT number to each Internal Control Evidence Template
• Document critical processes that affect the priority financial reporting element
• Evaluate the effectiveness of the controls design
• Validate/test that the controls are operating effectively
5. Assess the quality of risk & the effectiveness of a company’s risk management processes using NIST800-53.