Technology Audit
Used to determine scope coverage
What is the scope calculator?
When Jon is thirsty, this is his beverage of choice
What is coffee?
15222
What is the zip code for the Headquarters in Pennsylvania?
This person is on a billboard for Phil’s Inn in Port Clinton
Who is Molly Carte?
This is PNC's enterprise identity management system that automatically manages users' access privileges.
What is OIM.
This policy exists to set guidance and expectations around PNC's processes for managing the risks of significant disruptive events to business activities
What is the Enterprise Business Continuity Policy?
This is the name for the concept of having more than one person required within a process to complete a task in order to limit the likelihood of fraud and error
What is Segregation of duties / Separation of duties?
These individuals provide front line risk management function and report to the CIO of the LOB.
Who are the Performance Managers?
What does ISACA stand for?
What is Information Systems Audit and Control Association
Jon’s gardening skills are limited to production of this type of vegetable that makes a great condiment and can be used on almost all types of food
What are hot peppers?
40 states
What is the number of states employees are located in?
This person has traveled to 9 different countries
Who is Sam Conley?
This application houses the inherent risk assessment for applications.
What is the Archer Risk Assessment Module?
This term describes the level of risk intrinsic to the business before considering the effects of controls.
What is Inherent Risk?
This framework, created by ISACA for IT management and governance, is the de factor standard within the industry for knowledge on technology risks and controls.
What is COBIT (Control Objectives for Information and Related Technologies)?
This person is responsible for the technical aspect of the application such as databases, server, process IDs, etc.
Who is an ASM?
Number of Technology Audit Teams at PNC
What is 6?
Project
CAATS/DA
Application
Security/Infrastructure
Fraud/Physical
Issues
This is the technology that Jon worked on during his first job post-college and is considered to be his favorite.
What is the mainframe?
Name 3 of the 5 ILead Standards
What is:
Includes Intentionally
Develops the Best
Lives the Values
Enables Change
Achieves Results
These individuals have ran a marathon.
Who is Beth Kane and Jon Coughlin
Application that holds contractor information (e.g. “XX-“ IDs) and replaces the former CIDB (Contractor Information Database).
What is Beeline
This law requires financial institutions to explain how they share and protect their customers' private information and is the primarily driver of many of PNC's security control programs related to protection of Personally Identifiable Information.
What is the Gramm-Leach-Bliley Act (GLBA)?
This term describes the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes.
What is social engineering?
This person hails from Sri Lanka, joined PNC in 2017, and filled the role formerly held by Sherry Ducarme.
Who is Charaka Kithulegoda? Also accepted: Who is the Retail CIO?
This meeting is used to discuss scope and audit findings with the AGAs, SAMs and Technology Directors.
What is the Strategic Planning Meeting?
In December Jon added two of this type of pet to his family.
What are kittens? (Named – Boomerang and Keyser Soze)
380 billion
What is the number of assets?
I am a 2008 Dormont Community Day Hot Dog Eating Champion
Who is Jason Wiltfeuer?
This is source code repository and version management tool.
What is GIT?
This term describes the possibility that an auditor's conclusion based on a sample is different from that reached if the entire population were subject to audit procedure. This can be avoided by testing 100% of a population.
What is Sampling risk?
This is the security concept for limiting access rights for users to the bare minimum permissions they need to perform their work
What is the principal of least privilege?
This portion of the MIS organization is dedicated to ensuring the stability of the application and its supporting infrastructure by proactively managing technology resources and reactively responding to incidents by restoring technology capabilities to support business requirements.
What is Run the Bank?
This Audit Engagement focuses on the Sterling File Gateway System, MQSeries, NDM, Control Center System, Ster and EFX.
What is the Data Transmission Audit?
Jon's favorite punctuation - This punctuation, also commonly referred to as the serial comma, is used when connecting a series of three or more terms.
What is the oxford comma?
9000
What is the number of ATM's PNC has
This person has had an arrest warrant out on him/her for failing to appear for a court date’
Who is Tony Chin?
The intermediary application takes source code and builds it into lower level environments (e.g. test, QA). It also archives old build artifacts.
What is Jenkins?
This term describes an attitude that includes a questioning mind, being alert to conditions which may indicate possible misstatement due to error or fraud, and a critical assessment of audit evidence. This mindset is a core capability in the most effective auditors.
What is Professional Skeptisim?
A full backup occurs when a complete archive is made of every file. Alternatively, this term is used to describe the type of data backup procedure performed with only changes to files are captured within the backup process.
What are differential backups?
These are the 5 MIS CIOs reporting to Steve Van Wyk
Who is Monty Bedi, Christine Johns, Ganesh Krishnan, Matt White and Charaka Kithulegoda
Number of people on the Application Audit team with certifications.
Per Archer - What is 10 (Jason, Jon, Jordana, Akash, Kali, Michelle, Molly, Mark, Ben, Beth)