Welcome » IT Booklets » Supervision of Technology Service Providers (TSP) » Risk-Based Supervision » Audit and Internal Controls
Well-planned, properly structured audit programs are essential
to strong risk management and effective internal control systems.
Effective internal and external audit programs are also a critical
defense against fraud and provide vital information to the board of
directors about the effectiveness of internal controls systems. The
Agencies encourage the use of well-supported risk-based auditing.
Through this process, the board, management, and auditors can focus
their resources on areas of greatest risk.
TSPs with effective risk-based auditing programs typically
require less examination work by the Agencies. Additional guidance
on what examiners review in information systems, audit, and
internal control functions can be found in the "Audit" and
"Management" booklets of the IT Handbook.