Skip to content
BOL Conferences Top Gun 23
Thread Options
#131214 - 11/17/03 04:03 PM IT AUDIT
Anonymous
Unregistered

OUR INTERNAL AUDITOR NEEDS HELP STARTING AN IT AUDIT. WHERE COULD SHE GET SOME GOOD INFORMATION. WE ARE VERY SMALL WITH NO BRANCHES AND ONE ATM.

Return to Top
Audit
#131215 - 11/17/03 04:16 PM Re: IT AUDIT
Anonymous
Unregistered

Start with your regulator workpapers, FDIC or OCC.

Return to Top
#131216 - 11/17/03 04:18 PM Re: IT AUDIT
ChicagoGuy Offline
Diamond Poster
ChicagoGuy
Joined: Nov 2003
Posts: 1,575
Chicago, IL
Have you looked at your primary regulator's web site to see if there is any information there? Many times, exam paramaters are provided and this provides a good basis to construct a program on.

Return to Top
#131217 - 11/17/03 04:56 PM Re: IT AUDIT
incandescent Offline
100 Club
incandescent
Joined: Oct 2003
Posts: 125
This FFIEC IT Exmination Handbook page is an excellent starting point.

The FFIEC is in the process of revising guidance with the first booklets addressing significant IT changes since 1996, incorporating a risk-based approach to IT examiniations. Objectives are identified (data availability, integrity, confidentiality, accountability, and assurance), along with methods to achieve: risk assessment, strategy development, controls implementation, controls testing, and system monitoring and updating.

Return to Top
#131218 - 11/18/03 02:13 PM Re: IT AUDIT
KYAuditor Offline
100 Club
KYAuditor
Joined: Jan 2003
Posts: 138
Kentucky
In addition to checking your regulator's website, I would recommend investing in a good IT audit manual. I use "IT Auditing for Financial Institutions" from Alexinformation. It covers risk assessment and has internal control checklists and an audit program.
_________________________
Just my 2 cents worth--for what its worth!!

Return to Top
#131219 - 11/18/03 04:49 PM Re: IT AUDIT
MackenzieS Offline
Diamond Poster
MackenzieS
Joined: Jul 2002
Posts: 1,722
Oklahoma
auditnet.org has GREAT audit workprograms. You have many to select from and can tailor them to your program.

Return to Top
#131220 - 11/19/03 02:36 PM Re: IT AUDIT
Risk Officer Offline
100 Club
Joined: Apr 2001
Posts: 205
Dallas
www.theiia.org/itaudit has hundreds of informative articles on IT auditing, ranging in complexity from the new auditor to very technical issues.

Definitely check your regulators website and / or the FFIEC IT InfoBase mentioned by incandescent above. In addition to the IT booklets, there are probably a hundred or more IT related issuances (FILs, OCC Bulletins, etc.) from the various regulators.

IT is a deep and complex subject, even at a small bank. You might consider, at least for the first time around, bringing in an external IT auditor to help establish the audit program and transfer some knowledge to your auditor.
_________________________
My opinions are just that...my opinions.

Return to Top
#131221 - 03/04/04 03:13 PM Re: IT AUDIT
Anonymous
Unregistered

Quote:

In addition to checking your regulator's website, I would recommend investing in a good IT audit manual. I use "IT Auditing for Financial Institutions" from Alexinformation. It covers risk assessment and has internal control checklists and an audit program.




IT Auditing for Financial Institutions, by Guru Jimmy Sawyers, is available for sale through the BOL Banker Store.

FYI -- Normally I am skeptical of threads asking for product or vendor recommendations that start out with an anonymous post. Sometimes they are vendor plants who ask a question, then answer it themselves a few posts down. Judging from the IP addresses on this thread, I don't think that's the case, but the thread did make a few regular participants wonder. In the future, I would encourage those who post anonymously to come out of their anonymous shell.

Return to Top
#131222 - 03/04/04 03:46 PM Re: IT AUDIT
DogLover Offline
100 Club
DogLover
Joined: Aug 2003
Posts: 146
Sunny Florida
I agree with Incandescent ~ FFIEC IT Examination Handbook.

Return to Top

Moderator:  Andy_Z