IT Examiner School, Providence, RI

Conclusion

Learned basics for IT Audits

Minimum scope in risk focused examination  process‐ must review the entity’s audit program

If audit program is deficient or lacking • Don’t need to dig deeper • Describe the deficiencies and record them in your WP • Notify the Safety & Soundness EIC

If audit program is satisfactory • Can risk focus areas recently audited

Audit Case Study