M & M Consulting reviews information technology controls for its clients using our risk-based audit approach. Our audit procedures include an evaluation of the following:

• The adequacy of Board and senior management oversight
• The institution's information technology policies and procedures
• Information security administration
• Authentication and access controls
• Network security
• Host security
• Data security
• The use of encryption
• Equipment security (e.g. mainframe, servers, routers, switches, communications hardware, workstations, laptops, handhelds, etc.)
• Physical security
• Personnel security
• Application security
• Vendor management oversight
• Software development and acquisition
• Business continuity planning
• Firewall management
• Intrusion detection and incident response procedures

Other IT related audits/projects offered by M & M include vulnerability analysis, penetration testing, Internet banking, wire transfers, automated teller machine processing, automated clearinghouse processing, telephone banking and other stand-alone systems. These may be added for a reasonable cost, depending on the institution's needs and present coverage.

To contact us:
Phone: 207-650-4665
Email: Audit@mmconsulting.info