Security Audit Work Program

Organizations can use these audit work program samples to assess the quantity of risk and the effectiveness of the risk management processes related to security measures instituted to ensure confidentiality, integrity and availability of information and to instill accountability for actions taken on company systems.
The objectives and procedures in these work programs are divided into Tier I and Tier II. Tier I assesses an institution’s process for identifying and managing risks, while tier II provides additional verification where risk warrants it. Tier I and Tier II are intended to be a tool set examiners can use when selecting examination procedures for their particular examination.