IT Examiner School, Seaside, CA

IT Audit Risk Assessment and Scope

• Identifies the items/areas to be reviewed - consistent with risk assessment including risk level • Describes how the audit/review will be performed and tools to be used • Provides the timeframe for completing the audit/review

Firms may also provide an engagement letter specifying this information (including costs)

IT Audit Coverage

• IT General Controls • Information Security Program • Wire Transfers • ACH (controls and NACHA Compliance Audit) • Remote Deposit Capture

• Compliance with safeguarding customer information guidelines • Regulation GG/Unlawful Internet Gambling Enforcement Act * • Identity Theft Red Flags Program* • Penetration Testing and Vulnerability Assessment

*If applicable to the financial institution.