OM-4.8.9
The internal audit function of a
(a) The adequacy of business process identification;
(b) Threat scenario development;
(c) Business impact analysis and risk assessments;
(d) The written plan;
(e) Testing scenarios and schedules; and
(f) Communication of test results and recommendations to the Board.
January 2014