๐ผ 84 Under CPS 234, an APRA-regulated entityโs internal audit function must review the design and operating effectiveness of information security controls. In APRAโs view, an approach which achieves comprehensive assurance would involve an audit program which assesses all aspects of the information security control environment over time. The frequency at which areas to be audited are assessed would take into account the impact of an information security compromise and the ability to place reliance on other control testing undertaken. Additional assurance work may be triggered by changes to vulnerabilities and threats or material changes to IT assets.
- Contextual name: ๐ผ 84 Under CPS 234, an APRA-regulated entityโs internal audit function must review the design and operating effectiveness of information security controls. In APRAโs view, an approach which achieves comprehensive assurance would involve an audit program which assesses all aspects of the information security control environment over time. The frequency at which areas to be audited are assessed would take into account the impact of an information security compromise and the ability to place reliance on other control testing undertaken. Additional assurance work may be triggered by changes to vulnerabilities and threats or material changes to IT assets.
- ID:
/frameworks/apra-cpg-234/33/84 - Located in: ๐ผ 33 Internal audit - Assurance to the Board
Descriptionโ
Empty...
Similarโ
- Internal
- ID:
dec-c-fe31e6ed
- ID:
Sub Sectionsโ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|