Appendix A: Examination Procedures

EXAMINATION OBJECTIVES: Assess the quality and effectiveness of the institution's technology operations. These procedures will help disclose the adequacy of risk management of, and controls around, the institution's technology operations.
Examiners may choose to use only particular components of the workprogram based upon the size, complexity, and nature of the institution's business or upon a risk-focused examination plan.

The objectives and procedures are divided into Tier I and Tier II:

  • Tier I assesses an institution's process for identifying and managing risk.
  • Tier II provides additional verification where risk warrants it.

Tier I and Tier II are a tool set examiners will use when selecting examination procedures for their particular examination. Examiners should use these procedures as necessary to support examination objectives. Examiners should coordinate this coverage with other examiners to avoid duplication of effort while including the operations-related issues found in other workprograms.


Previous Section
Control Self-Assessments
Next Section
Tier I Objectives and Procedures