Ensuring the Effective Management of Information Technology and related Risks
One of the basic building blocks of an effective Enterprise Risk Management Program is a functional IT Audit.
A bank or credit union's information technology systems house and protect the organization’s most vital asset: its product and customer/member information.
An effective IT Audit ensures that the bank's or credit union's information technology resources adequately record and protect information in all its print and electronic forms.
A Total Approach
Abound’s IT Audit is a comprehensive assessment of risk and validation of key controls throughout the bank or credit union's Information Technology function. Our approach complies with the FFIEC’s Interagency Guidance on the Internal Audit Function and its Outsourcing and the IT Examination Handbook.
Abound has developed a customized IT risk assessment and audit approach, based on COBIT 4.1.
The scope of the IT Audit includes:
- Technology planning and implementation processes
- Board and senior management controls
- Regulatory exams and management responses
- Information technology practices and procedures
- General and specific IT control environments
- Application controls
- Technology acquisition and implementation processes
- Business continuity planning
- Vendor management practices
In addition to reviewing policies, procedures, and practices related to each these areas, Abound will perform appropriate tests of key procedures and internal control attributes to ensure their operational effectiveness.
The report of our IT Audit will include maturity ratings of the major IT governance elements, as defined in COBIT, and an overall rating and audit opinion of the IT function.