About a year and a half ago, I embarked on this great adventure within the Risk Advisory Services team at YHB. I never thought I would get to work with such a great group of smart, driven, client-focused individuals. Nor did I expect to be working with a community bank in rural West Virginia one week and then a BPO in the Philippines a few weeks later. Possibly one of the biggest surprises is how my background in academia translated into a need with our clients. A subject many of my accounting students disliked or struggled with took me outside of the textbook and into the reality of practical application. Three words my co-workers probably wish I’d stop talking about: Data Flow Diagrams (DFDs).
The FFIEC Cybersecurity Assessment Tool requires financial institutions to develop DFDs in order to meet baseline in Domain 4: External Dependency Management. In my first year, I found some banks were struggling through this Domain and frantically trying to understand what a DFD is. Admittedly, there is not a lot of clear guidance online. Our team realized this and wrote a white paper to help in understanding the underlying details of a DFD.
After my second audit season, I can say many of my clients are well on their way to documenting the flow of data inside and outside of their network. Most are in the initial phases, having completed one or two diagrams. Others have created data classification documents, mapped several business processes, and have a clear project plan in place.
While I may be a fundamentalist, in the back of my mind I hoped my clients would interject their own culture into these diagrams. I have been pleased to see the progress so many companies have made in developing their own data flow diagrams. I would like to share with you a few key learnings I have gleaned from this audit period.
I have been somewhat surprised at the vast array of approaches undertaken. I appreciate everyone that has reached out to us for feedback or further guidance. Our team has a strong desire to make each company and contact better prepared for the unknown. Keep up the amazing work. YHB will always be here to assist you in this journey.
LEARN MORE ABOUT OUR RISK ADVISORY SERVICES
About the Author
Stephen has extensive experience in IT Audit and Advisory Services. His background includes internal and external IT Audit services for state and federal agencies and Fortune 500 companies in retail, manufacturing and financial lending. His expertise spans financial statement audits, SOX, project management, legal and compliance and data analytics. To further his commitment to IT Security, Stephen has also completed the ISACA®’s Cybersecurity Audit Certificate Program.
We are excited to join the festivities at the Shenandoah Apple Blossom Festival! Please note that YHB offices will be closed on May 3rd.