Outsourced Internal Audit and Risk Management

Partner with NETBankAudit to reduce the stress and uncertainty of today’s cybersecurity challenges and regulatory complexities.

REQUEST FOR PROPOSAL
View Services
800
+
Organizations Assisted
23
+
Years of Superior Success
38
States Represented
Clients
$25 million to
$30 billion

WHO WE ARE

Cybersecurity and Regulatory Compliance Experts

NETBankAudit was formed in 2000 by a team of IT executives and former regulatory officers. Convinced that advancements in information technology would significantly affect the future of financial services, particularly in the movement of money and data through electronic channels, the team resolved to help organizations adjust to this ever-changing, very complex environment.  The key to managing the benefits and challenges of this developing trend would be the institution’s ability to oversee and control the information technology environment.  Accordingly, NETBankAudit positioned itself to partner with institutions by working as an extension of their internal audit function or management self-assessments efforts.
Note: We do not subcontract.  All engagements are staffed internally with senior-level, certified personnel

View All Associates
Ken Barlow, CEO

Ken Barlow, CEO founded NETBankAudit with extensive IT and financial industry background. Prior to NETBankAudit, Ken led development of the first online interactive financial system for NASA HQ and identified the need for quality information security in financial institutions.

Principal Partner
Ken Barlow
CEO
David Hart, CISA, CFE, CRISC

David Hart, CISA, CFE, CRISC has been a partner for over 15 years, overseeing product and service delivery. Prior to NETBankAudit, David gained 15+ years experience as a bank examiner and internal auditor for Federal Reserve.

President, Partner
David Hart
CISA, CFE, CRISC
Cynthia Bonnette, CISA

Cynthia Bonnette, CISA led development of IT Audit and InfoSec Risk Assessment Programs. Prior to NETBankAudit, Cynthia was an FDIC senior bank examiner and Assistant Director of Bank Technology Group, authoring regulatory guidance.

Executive Director IS Audit and Assessment Partner
Cynthia Bonnette
CISA
Melissa Morrell, CMA, CBCA

Melissa Morrell, CMA, CBCA has been CFO & COO for 15+ years, managing finances, HR, and internal systems. Prior to NETBankAudit, Melissa gained experience in financial planning and management information systems.

CFO & COO Limited Partner
Melissa Morrell
CMA, CBCA
Mike Ford, CISA, CISSP, MCSE

Mike Ford, CISA, CISSP, MCSE specializes in bank information security with 15+ years experience. Prior to NETBankAudit, Mike was a Federal Reserve Bank examiner and bank IT manager in Community Banking and Health Care Industries.

Executive Vice President of Audit Services
Mike Ford
CISA, CISSP, MCSE
Mark Lohman, CISSP, CISA, CISM, CRISC, CDPSE, C|EH, MCITP

Mark Lohman, CISSP, CISA, CISM, CRISC, CDPSE, C\|EH, MCITP serves as EVP/CIO focusing on vulnerability assessment and penetration testing. Prior to NETBankAudit, Mark spent 20+ years in security, network design, and project management.

Executive Vice President/CIO
Mark Lohman
CISSP, CISA, CISM, CRISC, CDPSE, C|EH, MCITP
Alan Alai, CISA, CDPSE

Alan Alai, CISA, CDPSE brings 17+ years experience in IT practices and auditing. Prior to NETBankAudit, Alan worked as a Senior IT Audit Manager and developed expertise in internal controls for IT organizations and financial applications.

Director of Audit Services
Alan Alai
CISA, CDPSE
Joanne Bennett, CAMS, CAFP

Joanne Bennett, CAMS, CAFP contributes 30+ years of banking operations, compliance, and audit experience. Prior to NETBankAudit, Joanne held positions as BSA/AML Compliance Officer and Internal Control Consultant at various community banks.

Director of Compliance Services
Joanne Bennett
CAMS, CAFP
Harold B. Garrett Jr., CPA, CIA, CISA

Harold B. Garrett, Jr., CPA, CIA, CISA brings 25+ years of financial services experience. Prior to NETBankAudit, Harold served as Chief Executive Audit Officer for community banks, mortgage and trust companies, managing risk management functions.

Director of Audit Services
Harold B. Garrett Jr.
CPA, CIA, CISA
Chris Poteat, CISA, CISM

Chris Poteat, CISA, CISM offers 16+ years in IT practices and auditing. Prior to NETBankAudit, Chris worked with a regional accounting firm as a Senior IT Audit Manager, focusing on financial institutions and healthcare companies.

Director of Audit Services
Chris Poteat
CISA, CISM
Dennis Rowan, CISA

Dennis Rowan, CISA contributes 30+ years of enterprise technology audit experience. Prior to NETBankAudit, Dennis led a team of IT Auditors at Capital One, conducting audits on various banking applications and systems.

Director of Audit Services
Dennis Rowan
CISA
Chris Shields, CISA, CISM, CGEIT, CRISC, CDPSE, CAP, SSCP, CAMS

Chris Shields, CISA, CISM, CGEIT, CRISC, CDPSE, CAP, SSCP, CAMS brings 25+ years of experience in IT auditing, risk management, and Model Validations. Prior to NETBankAudit, Chris ensured operational and security compliance for various government agencies and audited community-based financial institutions across the United States.

Director of Audit Services
Chris Shields
CISA, CISM, CGEIT, CRISC, CDPSE, CAP, SSCP, CAMS
Joseph Spoolstra, CISSP

Joseph Spoolstra, CISSP serves as Director of Testing Services with 15+ years of experience in the financial services industry. Prior to NETBankAudit, Joseph supported clients with data analytics and reporting solutions for audit, risk, and technical testing products.

Director of Testing Services
Joseph Spoolstra
CISSP
Michael Young, CISA, CISSP, MCSE: Security

Michael Young, CISA, CISSP, MCSE: Security brings over 35 years of experience in Information Technology, with the last 20 focused on Information Security Management. Prior to NETBankAudit, Mike was the Director of Technology for a community bank in Florida and Information Security Engineer for a major US Airline.

Director of Audit Services
Michael Young
CISA, CISSP, MCSE: Security
Patrick Cowen, CPA, CISA, CIA

Patrick Cowen, CPA, CISA, CIA has worked in internal auditing since 2010 and in IT Auditing since 2014. Prior to NETBankAudit, Patrick spent the bulk of his career in banking at the branch level and is active in AGA, serving on national committees and as a board member.

Senior IT Auditor
Patrick Cowen
CPA, CISA, CIA
Vince DeHart, CISA, CISSP, CRISC, CGRC

Vince DeHart, CISA, CISSP, CRISC, CGRC brings over 15 years of experience in auditing with a background in information technology. Prior to NETBankAudit, Vince held roles in management, security, support, and application development within various sectors including financial services and government.

Senior IT Auditor
Vince DeHart
CISA, CISSP, CRISC, CGRC
Robert Jenkins, CISA, CISSP

Robert Jenkins, CISA, CISSP brings over 20 years of experience as an IT auditor and FRB bank examiner. Prior to NETBankAudit, Robert provided IT audit services to banks, law firms, and healthcare providers using ISACA/COBIT audit methodology.

Senior Auditor
Robert Jenkins
CISA, CISSP
Deborah King, CISA, CISSP, MCSA, CAFP

Deborah King, CISA, CISSP, MCSA, CAFP contributes over 30 years of experience in the community banking industry. Prior to NETBankAudit, Deborah held positions including Information Security Officer, Security Officer, and IT Manager.

Senior Auditor
Deborah King
CISA, CISSP, MCSA, CAFP
Richard Lee, CISA

Richard Lee, CISA offers 17 years of audit experience. Prior to NETBankAudit, Rick worked for the Federal Home Loan Bank of Boston as a Senior Information Systems Auditor, conducting COBIT-based audits and performing SOX testing.

Senior Auditor
Richard Lee
CISA
Heraa Mirza, CRCM, CAMS

Heraa Mirza, CRCM, CAMS has over 8 years of experience in banking within Compliance, Operations, Security and Audit. Prior to NETBankAudit, she held positions in community banking with responsibilities for BSA/AML compliance and team management.

Senior Auditor
Heraa Mirza
CRCM, CAMS
Tyrone Parker

Tyrone Parker brings over seven years of experience in the financial services industry. Prior to NETBankAudit, Tyrone's experience included AML Fraud Investigation, Audit, Regulatory Compliance, Operations, and Project Management.

Associate Auditor
Tyrone Parker
Luis Reyes, CISA

Luis Reyes, CISA contributes over 25 years of audit, consulting, and managing experience in the financial services industry and government sector. Prior to NETBankAudit, Luis served as an Information Security Officer for a $1.3 billion financial institution.

Senior IT Auditor
Luis Reyes
CISA
Glen Sexton, CISA, CRISC

Glen Sexton, CISA, CRISC brings over 20 years of experience in IT audits within the financial services, energy, and government sectors. Prior to NETBankAudit, Glen managed the audit process for a national financial industry core processing service and software provider.

Senior IT Auditor
Glen Sexton
CISA, CRISC
Matthew Gregory, CISSP

Matthew Gregory, CISSP contributes over 20 years of experience in telecommunications services and network infrastructure. Prior to NETBankAudit, Matt's background included WAN, MPLS, VoIP, wireless, and traditional analog networks.

Systems Security Engineer
Matthew Gregory
CISSP
Deno Plumley, CISSP

Deno Plumley, CISSP brings over 20 years of experience in IT support and management. Prior to NETBankAudit, Deno provided outsourced support services for small to medium sized businesses, acting as the CIO.

Systems Security Engineer
Deno Plumley
CISSP
Tyler Sells

Tyler Sells offers 6+ years of experience serving the financial services industry and 8 years of general IT support. Prior to NETBankAudit, he worked at a regional community bank as a network engineer implementing and creating technical solutions.

Senior Systems Engineer
Tyler Sells
Joe Sharp, CISSP

Joe Sharp, CISSP brings over 18 years of experience serving the financial services industry. Prior to NETBankAudit, Joseph worked at a regional community bank in both IT and Cybersecurity roles.

Systems Security Engineer
Joe Sharp
CISSP
Jamie Johnson

Jamie Johnson contributes ten years of banking experience. Prior to NETBankAudit, Jamie held positions of vault teller, assistant manager, and relationship banker at various banking and credit union industries.

Senior Relationship Manager
Jamie Johnson
Brian Lange

Brian Lange began his financial career in investment services and has served in various community banking leadership capacities over the past two decades. Prior to NETBankAudit, Brian focused on branch management and relationship development.

Senior Relationship Manager
Brian Lange
Ingo Schrodel

Ingo Schrodel brings 15 years of experience in the financial services industry. Prior to NETBankAudit, Ingo worked for large, complex financial institutions in a leadership capacity, managing high-value clients, branch administration, operations, and compliance.

Senior Relationship Manager
Ingo Schrodel

What WE DO

Outsourced Internal Audit Services

NETBankAudit offers comprehensive internal audit services, seamlessly integrating with existing programs to ensure thorough evaluations and compliance. Our FFIEC-aligned services extend your internal audit function, following IIA standards and employing the COBIT framework for wholistic assessments. With over 250 institutions under contract, we tailor our approach to each client's unique circumstances, needs, and budget constraints.

Request RFP
Learn more

Our foundation rests with understanding and addressing complex technology and regulatory environments and providing our clients with clear and usable gap analysis between industry best practices, regulatory guidelines, and the client’s internal controls. 

  • IT Audits: Evaluation of general IT controls, regulatory compliance, cybersecurity, core processing systems, networking technology
  • Operational Audits: Audit of key financial operations such as loans and deposits, branch administration, digital banking, wire transfer, ACH, and item processing
  • BSA/AML/CFT/OFAC Audits: Compliance reviews, risk assessments, model validations, transaction monitoring system analysis, team training and vendor evaluations.
  • Consumer Compliance Audits: Regulatory audits for fair lending, loan compliance, deposit compliance, privacy protection, and the Community Reinvestment Act.

Comprehensive Risk Assessment Services

NETBankAudit delivers tailored risk assessment services to institutions, identifying and evaluating potential risks across operational and regulatory domains. Utilizing industry frameworks such as NIST and FFIEC, we provide actionable insights to enhance risk mitigation strategies and ensure regulatory compliance. These risk assessments are often combined with audits and testing to increase effectiveness and efficiency.

Request RFP
Learn more
  • Enterprise-wide Risk Management (ERM) assessment
  • GLBA 501(b)Information Security Risk Assessments
  • Cybersecurity Controls Evaluation and CAT Facilitation
  • Ransomware Assessment
  • IT and Operational Risk Assessments
  • Internet Banking, Wire/ACH, RDC Risk Assessments
  • Business Continuity Risk Assessment and Business Impact Assessment (BIA)
  • BSA/AML/CFT/OFAC Risk Assessments
  • Fair Lending and Consumer Compliance Risk Assessments
  • Vendor Management Risk Assessments
  • Social Media Risk Assessment

Advanced Vulnerability and Penetration Testing

NETBankAudit conducts thorough vulnerability and penetration testing, simulating cyber-attacks to identify security weaknesses and improve defenses. Over 95% of our audits and risk assessments are supported with various forms of testing.  We utilize NIST and FFIEC guidance, going beyond standard open-source testing with best-in-class tools.

Request RFP
Learn more
  • External and Internal Network Vulnerability Assessments with Penetration Testing
  • Cyber-Scenario and Wireless Testing
  • Firewall, Router, and Server Configuration Audits
  • VPN Penetration Test
  • Active Directory and Password Audits
  • Dark Web Search
  • Microsoft 365 Security Assessment
  • Microsoft Azure Security Assessment
  • Google Workspace Assessment
  • Google Cloud Security Assessment
  • AWS Security Assessment
  • Website Security Review
  • Cloud Security Control Review
  • End point compromise test
  • User Elevation Test
  • Black Box Testing
  • Tabletop Test Facilitation

Our testing tools are top-in-class and provide a variety of options, please inquire.

Social Engineering Testing Services

NETBankAudit’s social engineering testing services simulate realistic attack scenarios, such as phishing and pre-text calling, to evaluate the security awareness of employees in financial institutions. These tests help identify vulnerabilities in human factors and improve overall security practices.

Request RFP
Learn more
  • Email Phishing and Pre-text Calling simulations
  • Onsite visits and Branch Audits
  • Assessment of employee training effectiveness
  • Identification of awareness gaps and security weaknesses
  • Recommendations for improved security protocols
  • Support for continuous security awareness training
  • Analysis of response times and incident handling
  • Reporting on security culture and awareness levels
  • Recommendations for advanced security training
  • Internal and External Network Vulnerability Assessment (i.e. Penetration Testing)
  • Customized training programs based on test results

Our Value-add Management Consulting Strategy

Our consulting is specifically tailored to your requirements or conducted in an internal audit liaison capacity, often at no additional cost. We are very proud of our value-add strategy.  We add value primarily because every auditor is senior/executive level and has practical banking and/or regulatory experience in addition to certified auditing experience.  This allows our auditors better perspective as actual former practitioners and/or examiners.  All auditors have a true passion to help their clients.

Ask The Expert
Learn more

Some of our recent consulting engagements included:

  • Policy, Procedure, Standard frameworks using NIST and CIS
  • Cybersecurity Controls Assessments
  • Business Continuity Planning / BIA and Incident Response
  • Project Management and System Conversions
  • Ransomware Assessments
  • Patch Management
  • Active Directory and Configuration Management
  • Examination Prep using URSIT
  • BSA/AML/OFAC Compliance, Risk Assessment, and MIS Verification & Filter Optimization
  • Consumer Compliance - Fair Lending, CRA, Loans, Deposits, Privacy, Other
  • Vendor Management, Due Diligence, and Ongoing Monitoring
  • Examination Trends, Issues, and Hot Topics

Who We Serve

Banks, Credit Unions, Mortgage Companies, Credit Associations, Investment & Trust Services

With over 20 years of experience, NETBankAudit guides various financial institutions through technical and regulatory complexities. We provide tailored solutions for banks, credit unions, and farm credit associations, addressing unique circumstances, regulatory needs and budget constraints. Our in-house expertise in security engineering and regulatory environments enables us to identify gaps and deliver clear, actionable guidelines and controls.

Inquire Further
Ask Question

Our offerings include but are not limited to:

  • IT General Controls, Governance, Management, Operations, and Security Audits utilizing COBIT, NIST, FFIEC, SOX, FDICIA
  • Internal and External Network Vulnerability and Penetration Testing
  • Social Engineering Testing
  • System, Application, and Device Specific Testing and Auditing
  • Core Security Review
  • Operational Audits – Internet Banking, ACH/Wire, Fedline Assurance, Item Processing, etc.
  • BSA/AML/CFT/OFAC Compliance Audits and Model Validations
  • Consumer Compliance Audits and Fair Lending Reviews
  • Safety & Soundness Audits (ALM / IRR / Liquidity and ALLL) and CECL Model Validations
  • Internal Audit Evaluations
  • Risk Assessment Facilitations

Executive Services for Technology Providers

Technology Service Providers are subject to regulatory oversight by the FFIEC agencies given the associated risks that they pose. Accordingly, NETBankAudit offers specialized services for technology service providers, focusing on audit, cybersecurity, business continuity, and regulatory compliance.

Inquire Further
Ask Question

Our offerings include but are not limited to:

  • FFIEC and URSIT Compliant IT General Controls Auditing
  • System, Application, and Device Specific Testing and Auditing
  • Internal and External Network Vulnerability and Penetration Testing
  • Social Engineering Testing
  • Multi-Regional Data Processing Servicers (MDPS) Exam Consulting
  • Technology Service Provider (TSP) Regulatory Consulting
  • ERM and Individual Risk Assessments
  • Model Validations
  • Policy, Procedure, and Standard Framework Consulting
  • Business Continuity and Incident Response Consulting
  • Cyber/Information Security and Ransomware Assessments

Cybersecurity Best Practices for Insurance Companies

Let NETBankAudit utilize its 20+ years of audit, assessment, and testing experience to help your organization meet industry best practices while achieving regulatory compliance.

Inquire Further
Ask Question

Our offerings include but are not limited to:

  • Internal and External Network Vulnerability and Penetration Testing
  • Wireless, VPN, and Social Engineering Testing
  • Dark Web Searches
  • Cybersecurity and Ransomware Assessments
  • Business Continuity and Incident Response Testing and Planning
  • Regulatory Compliance
  • IT / Operational Audits
    • Firewall, Router, and Server Configurations
    • Cloud Security
    • Password and Active Directory
    • Customer Information

Robust IT and Cybersecurity Services for Legal Firms

NETBankAudit offers specialized services to legal practices, focusing on safeguarding confidential and client data while ensuring compliance with regulatory standards.

Inquire Further
Ask Question

Our offerings include but are not limited to:

  • Internal and External Network Vulnerability and Penetration Testing
  • Wireless, VPN, Social Engineering Testing
  • Firewall, Router, and Server Configuration Audits
  • Microsoft 365 and Active Directory Auditing
  • Cloud Security Reviews and Dark Web Searches
  • Business Continuity and Incident Response Assessments
  • Cyber / Information Security and Ransomware Assessments

Ensuring HIPAA Compliance and Data Security in Healthcare

Healthcare organizations receive comprehensive support from NETBankAudit in maintaining compliance with healthcare regulations like HIPAA. They offer thorough risk assessments and IT audits to protect patient information and ensure secure operations.

Inquire Further
Ask Question

Our offerings include but are not limited to:

  • Internal and External Network Vulnerability and Penetration Testing
  • HIPAA Privacy and Security Rule compliance
  • Electronic health record (EHR) system audits
  • Risk assessments and data protection strategies
  • IT infrastructure audits
  • Incident response and breach management
  • Medical device security assessments
  • Patient data privacy audits
  • Staff training on data security
  • Compliance with state and federal healthcare regulations
  • Third-party vendor risk assessments
  • Continuous monitoring and compliance tracking

Protecting Guest Data and Ensuring Secure Transactions in Hospitality

In the hospitality sector, NETBankAudit helps secure guest data and payment systems. They provide tailored services to address unique security challenges, ensuring compliance and data protection.

Inquire Further
Ask Question

Our offerings include but are not limited to:

  • Internal and External Network Vulnerability and Penetration Testing
  • Data privacy and protection audits
  • Cybersecurity risk assessments
  • Internal controls and compliance audits
  • IT systems security evaluations
  • Guest data protection strategies
  • Network security assessments
  • Employee training on data privacy
  • Business continuity planning
  • Third-party service provider audits
  • Development of security policies and procedures

IT and Cybersecurity Services

NETBankAudit offers various companies of different types and sizes specialized services to help mitigate operational, data security, reputational, and legal risks.

Inquire Further
Ask Question
  • Internal and External Network Vulnerability and Penetration Testing
  • Wireless, VPN, Social Engineering Testing
  • Microsoft 365 and Active Directory Auditing
  • Business Continuity and Incident Response Assessments
  • Cyber/Information Security and Ransomware Assessments
Financial Services
Technology Service Providers
Insurance Companies
Legal Practices
Healthcare
Hospitality
Other Industries

THE GOLD STANDARD IN
Cybersecurity and Regulatory Compliance

In an era where cyber threats and regulatory complexities are at an all-time high, NETBankAudit stands as a beacon of expertise and reliability for financial institutions. With over 23 years of unparalleled service, we specialize in providing comprehensive IT and cybersecurity audits, BSA/AML/CFT compliance and MIS audits, and regulatory compliance audits tailored to the unique needs of banks, credit unions, technology service providers, and other financial entities.

View Services
About US
"NETBankAudit provides us with top notch Information Security Professionals to allow us to continually improve our organizations security posture. Springs Valley is able to utilize them to stay abreast of the changing regulatory and cybersecurity landscape. It is great to have a reliable resource like them as a valued partner."
Craig Buse, CLO, COO
Springs Valley Bank & Trust Company
$494M total assets, FDIC regulated
"We were very satisfied with the model validation of our Verafin System. The NETBankAudit team was great to work with, very professional and kept us in the loop throughout the engagement. We will definitely consider working with them again for the annual validation"
Ken Helmrich, CAMS, CFCS
Kearny Bank, Clifton, NJ
$7B  total assets, FDIC Regulated
"NETBankAudit's Auditor was very knowledgeable and explained clearly what was needed from our side to help complete the audit as well as providing clear recommendations on where we could improve our controls.  The audit was done very professionally. Everyone here at SECU that interacted with NETBankAudit here at SECU had the feeling of a partner."
Rodney Hill, VP
Schlumberger Employees Credit Union
$945M  total assets, NCUA regulated
"We've partnered with NETBankAudit for over 10 years. We know we'll always receive a thorough review, but the service is always above and beyond our expectations. NETBankAudit keeps us apprised of recent regulatory changes, potential exam issues, and other areas for focus. Engaging NETBankAudit is creating a partnership for the future."
Leslie Hambrick, CFSA, CRMA
Peoples Bank, Newton, NC
$1.5B  total assets, FDIC regulated
"NETBankAudit is more than just an audit firm. They take the time to truly understand your organization. By working as a partner they made recommendations that best fit our bank while helping us realize resources that were already at our disposal. The employees we work with are extremely knowledgeable and always available to assist"
Beth Worrell, EVP, CRO
Skyline National Bank
$855M total assets, OCC regulated
"We were very satisfied with our first NETBankAudit experience and impressed with the thorough report. Working with our assigned auditor was a pleasure - he possesses great field experience and regulatory experience that was very helpful to us. We were very satisfied with our first NETBankAudit experience and impressed with the thorough report.
Dan Hagedorn, Audit Liaison/Compliance
International Bank of Chicago
$845M total assets, FDIC regulated
"We have been doing business with NETBankAudit since 2018 and their team of professionals have been amazing to work with.  They are experienced, objective, and responsive in performing our audit. Plus, they have been readily available to assist us with any issues during regulatory exams."
Robin Harris, Vice President
Carolina Bank, Lamar, SC
$579M total assets, FDIC regulated
"We have been doing business with NETBankAudit since 2018 and their team of professionals have been amazing to work with.  They are experienced, objective, and responsive in performing our audit. Plus, they have been readily available to assist us with any issues during regulatory exams."
Teresa Welty, SVP Internal Audit and Risk Officer
Capital Bank, Rockville, MD
$1.8B total assets, OCC regulated
"We have been doing business with NETBankAudit since 2018 and their team of professionals have been amazing to work with.  They are experienced, objective, and responsive in performing our audit. Plus, they have been readily available to assist us with any issues during regulatory exams."
Leslie Nicely, Cybersecurity & BSA Officer
Highlands Community Bank
$172M total assets, FRB regulated
TESTIMONIALS
NEWS & RESOURCES
NETBankAudit Logo PNG
2024 NETBankAudit. All Rights Reserved.
Privacy PolicyTerms of Service
Ask a Question
Thank you! We will email you the answer to your question shortly!
Oops! Something went wrong while submitting the form.