Audit and Internal Controls
Well-planned, properly structured audit programs are essential to strong risk management and effective internal control systems. Effective internal and external audit programs are also a critical defense against fraud and provide vital information to the board of directors about the effectiveness of internal controls systems. The Agencies encourage the use of well-supported risk-based auditing. Through this process, the board, management, and auditors can focus their resources on areas of greatest risk.
TSPs with effective risk-based auditing programs typically require less examination work by the Agencies. Additional guidance on what examiners review in information systems, audit, and internal control functions can be found in the "Audit" and "Management" booklets of the IT Handbook.
Report of Examination