Example Analytics and Testing (with Arbutus)
Designed to support testing and monitoring activities commonly associated with NCUA and FFIEC
supervisory and examination expectations.
» User access population testing to identify orphaned, dormant, excessive, or incompatible privileges across core banking systems, Active Directory, ancillary applications, databases, and infrastructure platforms
» HR-to-system access reconciliation to validate timely provisioning, modification, and removal of access following employee onboarding, role changes, or terminations
» Segregation-of-duties (SoD) testing within and across applications supporting financial, operational,
and administrative processes
» Change management analytics to identify unauthorized, emergency, or undocumented system changes and deviations from approved change workflows
» Privileged access and administrator activity monitoring to detect anomalous behavior, elevated risk actions, or policy violations
» Log and event data analysis to identify unusual patterns, control failures, or indicators of potential cyber threats
» Third-party and vendor access testing to validate appropriate access levels, usage patterns, and monitoring of vendor activityn
» IT asset inventory testing to validate the completeness, accuracy, ownership, and security classification of hardware, software, and infrastructure assets supporting critical operations
» Data integrity testing to identify unauthorized changes, corruption, or inconsistencies affecting critical systems and regulatory reporting
» Cross-system consistency testing to validate alignment between identity platforms, security tools, and source systems
» Repeatable, scheduled analytics to support continuous monitoring rather than point-in-time reviews
» Preservation of audit logic, parameters, and evidence to support examiner review, independent re-performance, and longitudinal analysis