IT Examiner School eBook

Note: This mapping is for informational purposes only. It shows what changed between the 2016 and 2023 versions of the InTREx work program.

1

Audit

Resources

• FFIEC IT Examination Handbook – Audit

• Interagency Policy Statement on the Internal Audit Function and its Outsourcing

• Interagency Policy Statement on External Auditing Program of Banks and Savings Associations

• Interagency Guidelines Establishing Standards for Safety and Soundness

• Interagency Guidelines Establishing Information Security Standards

• FDIC Risk Management Manual of Examination Policies - Section 4.2 Internal Routine and Controls

Preliminary Review

Review items relating to internal or external IT audit, such as:

• Examination reports and workpapers

• Pre-examination memoranda and file correspondence

• IT audit charter and policy

• IT audit schedule

• IT audit risk assessment

• Cybersecurity self-assessments

• Internal and external IT audit reports

• Board/Committee minutes related to IT audits

• Organization chart reflecting the audit reporting structure

• Actions taken by management to address IT audit and examination deficiencies

Decision Factors

1. The level of independence maintained by audit and the quality of the oversight and support provided by the Board of Directors and management.

2. The adequacy of IT coverage in the overall audit plan and the adequacy of the underlying risk analysis methodology used to formulate that plan.

InTREx Mapping

1

Tandem, LLC | Copyright © 2024

Confidential - Internal Use Only