An important component of monitoring is an appropriate independent audit function. Financial institutions offering e-banking products and services should expand their audit coverage commensurate with the increased complexity and risks inherent in e-banking activities. Financial institutions offering e-banking services should ensure the audit program expands to include:
- Scope and coverage, including the entire e-banking process as applicable (i.e., network configuration and security, interfaces to legacy systems, regulatory compliance, internal controls, and support activities performed by third-party providers);
- Personnel with sufficient technical expertise to evaluate security threats and controls in an open network (i.e., the Internet); and
- Independent individuals or companies conducting the audits without conflicting e-banking or network security roles.
Monitoring and Accountability
Managing Outsourcing Relationships