Financial Institutions

Cybersecurity and IT Review Services

Helping financial institutions safeguard data and cultivate a culture of risk awareness.

New technologies continue to change how financial institutions connect and serve information to customers. As a result, risk management is significantly more critical for safeguarding customer information against cyber threats. 

Wipfli has certified experts and experienced professionals who understand financial institutions. They can provide thorough testing and detailed process evaluation of physical, technical, and administrative information system controls.

Wipfli offers the following services:

  • IT examination services
  • IT risk assessment services
  • IT general controls review
  • Internal and perimeter vulnerability scanning
  • Penetration testing
  • Service Organizational Controls (SOC 1 and 2) Reporting
  • Social engineering including pretext calling and e-mail spoofing
  • Technology management
  • Cybersecurity assessments

The scope of testing procedures is based on FFIEC and interagency guidance. Professionals work with client staff and outsourced technology vendors to cultivate a culture of risk awareness customized to each institution’s size and complexity.

Featured Thought Leader

Durward J. Ferland, Jr., CISA, CISM, CRISC

Durward has extensive knowledge of System and Controls (SOC) auditing and the Control Objectives for Information and Related Technology (COBIT). Leveraging over 18 years of IT experience, he also regularly performs IT audits, IT general control reviews, and readiness assessments for organizations across many industries.

Mark Scholl

Mark Scholl specializes in all aspects of technology services for the firm and has nearly 30 years of experience. Mark has been providing consulting services such as perimeter intrusion testing, information security vulnerability assessments, disaster recovery planning, network design and support, IT training, and many other technology services.

Next-gen cybersecurity: AI-driven managed detection and response