I know I am asking a lot of questions about auditing but I see that I need to do a technology audit, does this include things like Passwords, how we back-up our system, the website or do I have it all wrong, the lady before me just commented on what the security officer does each morning, that doesn't sound quite right to me. Maybe it sould be part of the report but not the sole audit.
Thanks!!!

Refer to your regulators exam manual. What is important is that you cover everything somewhere. You may break it up differently than your regulators or you may choose to follow exactly what they do. But there is a relationship between information systems and information security. That includes passwords, changing them, criteria for an acceptable password, screensaver delay time, passwords to enter a system from a screensaver, the ability to dial-in to your system from outside the system, etc. Access to Internet banking would be included. I wouldn't put Web site audits in that category as they relate to compliance, but I'd check it in another audit.

Thank you!!! You always have great solutions.