Cyber & IT Supervisory Forum - November 2023

Internal Use Only

Key Risk Based Audit Planning Concepts Audit scope matching audit plan

Appropriate rotation

Aligned with non ‐ IT audit plans

21

21

Internal Use Only

Additional Risk Assessment Benefits

Focusing strategic plans on higher priority risk mitigation action plans

Supporting information security objectives

Integration with ERM, BCP, Vendor Management, etc.

22

22