Company Information: National Bank Company (NBC), is a publicly traded company, founded in 1998. NBC is one of the world’s leading financial institutions, serving individual consumers, small and middle-market businesses and large corporations with a full range of banking, investing, asset management and other financial and risk management products and services. The company provides unmatched convenience in the United States, serving approximately 47 million consumer and small business relationships with approximately 4,700 retail financial centers, approximately 16,000 ATMs, and award-winning online banking with approximately 33 million active users and approximately 20 million mobile users. NBC is a global leader in wealth management, corporate and investment banking and trading across a broad range of asset classes, serving corporations, governments, institutions and individuals around the world. NBC offers industry-leading support to approximately 3 million small business owners through a suite of innovative, easy-to-use online products and services. The company serves clients through operations in all 50 states, the District of Columbia, the U.S. Virgin Islands, Puerto Rico and more than 35 countries.
Scope: The scope of this audit engagement is limited to the general and application controls as it relate to the Customer Lending Application (CLA).CLA is a web application used by NBC customers to apply for car and mortgage loans. The same application (CLA) is used by Bank tellers, and personal bankers to review loan applications. System administrators have access to the application in order to maintain the system.
a. Please update the COSO Finding Report Template by completing the “Evaluation Comment” column (COSO Finding Report Template is located on the USB at F:TemplateAssignement Templates and InstructionscommercialCOSOTest Plan or will be sent to you by email) by analyzing the evidence provided. Remember evaluation comment is the same as assessment result.
b. Please compile a list of evidence need for the following Processes: P07 Manage IT Human Resources (Starts on Page 88), A16 Manage Changes (Starts on Page 137), and DS4 Starts on Page 169) ensure continuous of Service. For this question use the “IT Assurance Guide” document provide to update the “Evidence Request List” document. (Both documents, “IT Assurance Guide” and “Evidence Request List” are located at F:TemplateAssignement Templates and InstructionsCommercialCOBIT).
C. Please update the “PCI- DSS Finding Report” template by completing the empty columns base on the evidence provided. Both the evidence and the “PCI-DSS Finding Report” are located on the USB at F:TemplateAssignement Templates and InstructionscommercialPCI or will be sent to you by email.
d. Please update the “ISO Security Assessment” Template by completing the “Comments/Evaluation Results” column (ISO Security Assessment Template is located on the USB at F:TemplateAssignement Templates and InstructionsCommercialISOTest Plan or will be sent to you by email) by analyzing the evidence provided.
e. For this assignment we will assume Smart Portal is a web application use to store ePHI. Please update the “HIPAA Finding Report” template by completing the “Review Note” column (HIPAA Finding Report Template is located on the USB at F:TemplateAssignement Templates and InstructionscommercialHIPAAHIPAA Finding Report or will be sent to you by email) by analyzing the evidence provided (Evidence is located on the USB at F:TemplateAssignement Templates and InstructionscommercialHIPAAEvidence or will be sent to you by email). In addition, fill the “Evidence” column of the “HIPAA Finding Report” template with the evidence you reviewed to come up with your Review Note. If no evidence was provided state “No evidence was provided”