Porter Keadle Moore LLC

Verified Vendor
Vendor235 Peachtree St NE #1800
Atlanta, GA30303
Ownership: Private

Description

Porter Keadle Moore (PKM) has been focused on the needs of financial institutions since 1977 and provides service to more than 125 public and private community banks and credit unions nationwide. From traditional audit and tax services, to cybersecurity and regulatory compliance, we have the right team of experts to meet your needs. Through evaluating the effectiveness of risk management systems in a way that’s meaningful to management and shareholders, we help our clients demonstrate what makes them attractive business partners and ultimately help them to drive growth.

Products

Cybersecurity Risk Assessment

on

The Federal Financial Institution Examination Counsel’s (FFIEC) Cybersecurity Assessment Toolkit (CAT) is a great way for any company to identify their inherent cybersecurity risk, assess that risk and determine the maturity of their controls. The National Institution for Standards and Technology (NIST) also has a risk assessment framework. At PKM, we assist companies in determining the framework that makes the most sense for their institution and help them to complete the assessment. We then report on gaps identified during the process and provide formal, easy to understand recommendations for remediating those gaps.

Security Posture Assessment

on

A solid security posture can be indicative of a strong business model and often times will deter potential attackers from the outset. It all starts with a well thought out network design, configuration of controls and externally facing systems and extends to all internal systems. Solid security posture exhibits a layered security approach – which includes administrative and technical controls where if one control fails, multiple others are in place to back them up. On the other hand, a weak security posture can tempt attackers to investigate your institution further, especially if it appears to be a lucrative target, such as a community bank or a company with valuable "trade secrets." At PKM, our Security Posture Assessments start with the basic network design and an understanding of your key business flows. We align our testing procedures to the SANS/CIS Top 20 Critical Controls and the National Institute of Standards and Technology’s (NIST’s) Cybersecurity Framework and then customize the scope of the audit based upon the size and/or needs of your specific organization.

Network Vulnerability Assessment (NVA)

on

In today’s day and age, security breaches are commonplace and perpetrated not only by external hackers, but also individuals within your institution. That’s why a comprehensive Network Vulnerability Assessment (NVA) is vital to the protection of your business. At PKM, our network vulnerability assessments are designed to review your systems for vulnerabilities that could be exploited in an attempt to gain access to your network. Our testing can be performed remotely (external network vulnerability assessment) or onsite at your location (internal network vulnerability assessment). Unlike many network audits that only provide technical data derived solely from scans, PKM takes the time to interpret the results, weed out the unimportant or false positives and provide you with a concise report that is easy for you to understand. If the final report to Management reflects that your network security does not meet your standards, we will provide recommendations to you to help improve upon your systems and steadily lessen your risk of a security breach.

Penetration Testing (PenTest)

on

Periodic Penetration Test (PenTest) should be an integral part of your information security program as they play an essential role in mitigating risks associated with your network and systems vulnerabilities. The primary objective of a PenTest is to gain access to your computer host, network or application using an authorized and systematic process of identifying and exploiting known security vulnerabilities. Since penetration testing can impact a company’s operations, we work with management to determine whether the root-cause vulnerability should be fixed, or if they want us to attempt to penetrate the system. Because a PenTest follows the same tactics that an external hacker might use, it will not only enlighten you as to the systems and information that might be compromised, but will also offer you peace of mind that any existing weaknesses are uncovered and addressed long before they can be exploited.

Cybersecurity Awareness Training

on

Arguably, the most important control to fighting cybercrime is to have as well-trained staff that is knowledgeable on cybersecurity and the types of attacks hackers are trying to use against them. This is an ongoing battle to ensure that your employees aren’t allowing hackers in and that they are disposing of sensitive information appropriately. At PKM, we offer our clients year-round training on IT and cybersecurity issues that are applicable at their institutions. We have offered customer training sessions to our clients through in-person seminar as well as webinar formats, walking them though real world examples with each session tailored to meet the more specific needs of their organizations.

Vendor Management Review

on

If you are relying on vendors for the outsourcing of key services, then you should have a well-designed process for managing those vendors. And, while you can outsource specific activities and functions, it’s important to remember that you can’t outsource the responsibility of the risks associated with those actives or functions. Your customers rely on you to protect their critical data, such as account numbers, medical records and credit card information. At the same time, your employees rely on you to protect their non-public customer information, such as social security numbers and bank account information used for payroll purposes. It’s possible you might also be relying on vendors for data backup, data center services, managed network/security services, or other key services that support your business. At PKM, our vendor management review is designed to take a holistic approach to auditing your vendor management process. Our deliverable is in the form of a formal report, which will include any findings and related recommendations identified during the audit. The result of a strong vendor management program helps a company to reduce their risk and liability and to help ensure a smooth continuation of your business activities.

Social Engineering

on

The purpose of our social engineering procedures is to gain unauthorized access to systems and information using “non-technical” hacking techniques that exploit our natural human tendency to trust. From the hacker’s perspective, the use of social engineering techniques often provide confidential information needed to access the target network at a fraction of the cost of “technical” hacking techniques. No matter how many resources an organization invests on protecting its network, it will always be subjected to this type vulnerability as the “human” factor is widely recognized as the weakest link in the security chain. PKM’s approach to social engineering includes email spear phishing attacks, telephone persuasion, dumpster diving, desk area audits and war driving (looking for wireless access points from outside of a company’s offices/facilities to attempt to gain access to your network.

Service Organization Control (SOC) Reporting

on

To put it simply, a Service Organization Control (SOC) Report is basically a report card that service organizations can provide their end users to show its safe to do business with them as an outsourced provider. A SOC report not only demonstrates that an organization processes transactions in a secure environment, but also that their data is reliable, complete and accurate. A request for a SOC report is often the first step in the due diligence process when selecting a new service provider. And for industries that are highly regulated and under pressure to demonstrate compliance with the most stringent of IT frameworks, such as Financial Institutions and Technology Companies, you need a firm that knows the elements of good risk management.

Whether your company is new to the SOC audit process and in need of significant guidance, or has been audited many times, PKM has the right mix of experience and expertise you need. Every day, we work with companies that are under substantial scrutiny from their users. As a result, we offer SOC Reports that provide confidence to the scrutinizing parties, ultimately helping our clients to win more customers and drive growth.

We have provided third-party audits and related services for more than 20 years including:

SOC Report Readiness Assessments
SOC 1 (SSAE 16 Report) – types I and II
SOC 2 (AT 101 Report) – types I and II
SOC 3 (AT 101 Report) – types I and I

Our team serves organizations nationwide that count their own clients as some of the largest financial service companies in the country. Our goal is to add value to your business by reducing your risk and increasing long term value – it’s something we do every day.

Outsourced Internal Audit

on

The call for greater corporate governance and financial transparency has moved the role of the internal auditor into a very bright spotlight—one that is accompanied by immense pressure and responsibility.

By outsourcing your internal audit function, you gain a greater sense of objectivity and independence to the performance of procedures and the reporting of results. This approach ultimately leads to a more comprehensive, and unbiased, way of looking at your business model.

PKM’s internal audit services are customized to address your unique business challenges, not just your accounting issues. In addition to a detailed report that is easy to interpret and understand, our internal audit methodology offers:

An objective, independent review and evaluation of control activities, internal controls and management information systems (MIS).
An approach that focuses on financial, operational and compliance risks.
Ongoing communication with your management team.
Suggested quality assurance programs that evaluate audit operations.

Risk Assessment

on

The Risk Assessment is designed to focus on an institution’s profile, strategic objectives, business changes, and the specific risk concerns of the Audit Committee and Senior Management. At PKM, our risk assessment approach is composed of three distinct phases, the foundation of which is planning. During our planning phase, we not only review current process and documentation, but also confirm business and operational objectives, address areas of inherent risks that are relevant to these objectives and schedule information gathering sessions with management and key process owners. The end result will serve as the basis for prioritizing and allocating resources, specifically to those areas posing a greater degree of risk to the organization.

Risk Assessment

on

The Risk Assessment is designed to focus on an institution’s profile, strategic objectives, business changes, and the specific risk concerns of the Audit Committee and Senior Management. At PKM, our risk assessment approach is composed of three distinct phases, the foundation of which is planning. During our planning phase, we not only review current process and documentation, but also confirm business and operational objectives, address areas of inherent risks that are relevant to these objectives and schedule information gathering sessions with management and key process owners. The end result will serve as the basis for prioritizing and allocating resources, specifically to those areas posing a greater degree of risk to the organization.

Asset Liability Management

on

PKM’s professionals are very familiar with the asset liability management functions of our financial institution clients.
Our procedures are designed to evaluate the Bank’s asset liability management policies for appropriateness as well as test actual practices for compliance, including:

Review the appropriateness of the Bank’s IRR models and measurement system given the nature, scope and complexity of the Bank’s activities

Verify the accuracy and completeness of the data inputs into the Bank’s IRR measurement system

Review the reasonableness and validity of assumptions and chosen scenarios used in the IRR measurement system

Review the appropriateness of the Bank’s ALCO/IRR policies and procedures in the current environment and make
any needed recommendations to strengthen risk management

Interview and confirm the adequacy of personnel and their related skill sets to measure and manage the Bank’s IRR programs

Review your vendor prepared back testing calculations submitted to you for the IRR package and supplement with additional back testing

Allowance for Loan and Lease Losses (ALLL)

on

At PKM, we know that regulators place a good deal of emphasis on the allowance for loan and lease losses (ALLL), especially since the economic downturn. We also know the penalties of a bank’s ALLL being underfunded can be steep. To confirm that your bank’s ALLL is in good shape, we not only review your methodology and ensure that you have documented qualitative factors, but also analyze your current loan portfolio with the intent of identifying any unforeseen risks.

Our ALLL review process includes:

Review and test procedures relating to the calculation of the ALLL,

Agree amounts presented in the calculation to support,

Review and test identification process for impaired loans,

Review and test impaired loans for propriety,

Review and test pool factors documented in the Bank’s ALLL Calculation, and

Review and test collateral valuation process for collateral dependent loans.

Sarbanes-Oxley 404 (SOX 404) Compliance

on

At PKM, our professionals stay at the forefront of SEC regulations so that we can anticipate your questions even before you have a chance to ask.

SOX 404 Internal Controls Documentation & Testing

Section 404 of the Sarbanes-Oxley Act, the Management Report on Internal Controls, requires management of public companies to extensively document and report on internal control processes and procedures. PKM is well-prepared to assist with SOX 404 projects and has been assisting accelerated filers and non-accelerated filers with SOX 404 documentation and testing compliance procedures since the regulations went into effect. We also work to keep small reporting companies informed of their requirements for compliance.

SOX 404 IT Controls

While you may already have a well-established internal audit department to undertake the lion’s share of your SOX 404 requirements, without the right resources it is often harder to handle the documentation and testing of your technology infrastructures. At PKM, we work together with your established internal audit team or outsourced internal audit provider in an integrated fashion to take on only those technology controls and processes which are critical to your specific organization.

Because our approach is centered on a risk-based testing plan, you can rest assured that the work is not only tightly integrated with your overall business strategy but also maximizing the efficiency of the resources you already have in place.

FDICIA Compliance

on

As a bank required to comply with the provisions of FDICIA, you clearly understand the value of having a partner who is up to date and knowledgeable of the various requirements. PKM is registered with the PCAOB, is a member of the Center for Public Company Audit Firms of the American Institute of Certified Public Accountants, and is actively involved in organizations such as Allinial Global and the Banking CPAs. Our affiliation with these organizations provides our personnel with up-to-date information and training on issues that affect companies subject to public-company regulations, as well as FDICIA.

The knowledgeable and responsive professionals at PKM stay well-versed on these regulatory fronts so that we can anticipate your questions even before you have a chance to ask. By taking on a helpful, consultative role versus an adversarial approach, we work with you toward a common goal to help ensure that you remain FDICIA compliant and position your institution for success.

Regulatory Compliance

on

We know that every industry has different regulatory risks and challenges, but in today’s economy, the regulatory pressure and responsibilities for financial institutions is higher than ever before.

While you may already have a well-established compliance team in-house, often times you are asked to meet requirements before you have been given time to adequately prepare. Without the right compliment of resources in place, it can be a challenge to not only remain compliant, but more importantly to understand the implications that these regulations will have on your business.

Because lack of compliance can often lead to strict fines, penalties or operating restrictions, it is important to make sure you are meeting all of the required regulations in a timely and efficient manner. Our Risk Advisory professionals bring a depth of knowledge and experience to the table that are centered on delivering meaningful value to our client organizations. Our team is comprised of personnel with a wide range of relevant certifications that are among the highest accorded in the financial services industry, including:

Certified Regulatory Compliance Manager (CRCM),
Certified Anti-Money Laundering Specialist (CAMS),
Certified Information Systems Auditor (CISA),
Certified Internal Auditor (CIA),
Certified Third Party Risk Professional (CTPRP), and
Certified Information Systems Security Professional (CISSP).

These individuals have vast experience in working with financial institutions and many have even served as former regulators.

Regulatory Compliance

on

We know that every industry has different regulatory risks and challenges, but in today’s economy, the regulatory pressure and responsibilities for financial institutions is higher than ever before.

While you may already have a well-established compliance team in-house, often times you are asked to meet requirements before you have been given time to adequately prepare. Without the right compliment of resources in place, it can be a challenge to not only remain compliant, but more importantly to understand the implications that these regulations will have on your business.

Because lack of compliance can often lead to strict fines, penalties or operating restrictions, it is important to make sure you are meeting all of the required regulations in a timely and efficient manner. Our Risk Advisory professionals bring a depth of knowledge and experience to the table that are centered on delivering meaningful value to our client organizations. Our team is comprised of personnel with a wide range of relevant certifications that are among the highest accorded in the financial services industry, including:

Certified Regulatory Compliance Manager (CRCM),
Certified Anti-Money Laundering Specialist (CAMS),
Certified Information Systems Auditor (CISA),
Certified Internal Auditor (CIA),
Certified Third Party Risk Professional (CTPRP), and
Certified Information Systems Security Professional (CISSP).

These individuals have vast experience in working with financial institutions and many have even served as former regulators.

Bank Secrecy Act (BSA)/Anti-Money Laundering (AML) Audit

on

Over the course of our 40 year history, PKM professionals have helped bank clients with everything from compliance to consulting. With respect to BSA/AML audits, PKM’s professionals have the tools, processes and manpower to review your programs, policies, training and procedures. The audit results will either give you confidence that your programs are adequate to withstand the scrutiny of the regulators or uncover holes that need corrective action before fines are imposed.

We work with you to examine your suspicious activity and currency transaction reports for accuracy and help you identify situations in which reports should have been filed with the appropriate regulatory agency. Our BSA/AML review also includes an evaluation of your risk assessment. We will also validate your software parameters to ensure you are using the software to its capacity and help you identify weaknesses in your software parameters. Finally, PKM’s BSA/AML review can help you evaluate and update your BSA, Patriot Act and Anti-Money Laundering compliance procedures.

Fair Lending Review

on

Probably the most objective area of the regulatory world is Fair Lending. The rules in this area are not the most clearly defined and can be subject to broad interpretation, meaning that you could get significantly different examination results depending upon the perceptions of your examiner. So how do you know that the efforts you’re taking to comply with Fair Lending requirements will stand up to objective examiner review?

PKM’s Fair Lending procedures are built on this very premise. The essence of our Fair Lending regulatory approach is to ensure all segments of the community have a fair opportunity at receiving similar loan products and terms. We all work for supporting strong communities and Fair Lending is the forum for proving that support. Our approach minimizes the objectivity surrounding your Fair Lending process and helps you produce lending activity that can stand up to regulatory scrutiny in the long-term.

Home Mortgage Disclosure Act (HMDA) Data Quality Review

on

If your institution is subject to the requirements of HMDA and you have a fair amount of relevant lending activity, you know the amount of resources and effort it takes to ensure your HMDA Loan Activity Register (HMDA/LAR) is as close to error free as possible when filed.

The number of data elements and the touch points involved in your mortgage lending and HMDA data collection processes present the opportunity for simple, easy-to-overlook errors, which could lead to regulatory penalties and/or the expenditure of additional resources to correct such errors.

At PKM, we offer what’s known in the industry as “HMDA Scrubs,” where we conduct appropriately-sized samples of your HMDA/LAR entries to test for data-entry errors. Our process helps you identify and correct errors prior to the March 1st filing deadline, lessening the likelihood you’ll need to potentially amend your HMDA/LAR at additional costs.

Credit Review

on

For financial institutions in today’s environment, your loan portfolio is under more scrutiny than ever before. As competition within the industry continues to climb, proper risk management activities, including independent credit reviews, are essential to staying competitive. Because effective loan portfolio management is vital to controlling credit risk, it is important to have annual reviews to help ensure that your portfolio, processes and procedures are reliable.

PKM’s approach to credit review is to assess the credit risk of your current loan portfolio while taking into consideration your bank’s unique lending philosophy, needs and goals, while ensuring it remains compliant with your institution’s Board-approved lending policies and regulatory compliance. Through identifying classified assets and potential pitfalls in your risk rating processes, an outsourced credit review can improve your profitability by mitigating exposure to potential losses.

This service will provide you with tailored recommendations for enhancing your risk management programs. And, because we are not employees of your financial institution, we can offer a truly independent, unbiased perspective of your credit review policies and procedures.

An outsourced loan review can assist your financial institution through:

Proactive Asset Quality Monitoring
Detection of Law and Regulation Violation
Validation of Internal Risk Rating
Mergers and Acquisition Portfolio Due Diligence
Regulatory Examination Readiness Review
Portfolio and Credit Risk Management Assessment
Documentation and Policy Exceptions Review