Should financial institutions hire outside auditors or consultants to verify their testing processes?
A.5. Financial institution management may use qualified independent internal parties or external parties to verify the testing process. If the financial institution lacks internal expertise, management should use other qualified professionals, such as management consultants or CPA firms, to provide an independent review. Verification of the testing process should involve the project manager, the owner or user of the system tested, and an objective independent party such as an auditor, consultant, or a qualified individual independent of the process under review. This objective verification should ensure that the testing process is effective, that key dates are checked, and that the changes made resulted in reliable information processing. If a financial institution is relying on proxy testing, management should ensure that an independent verification of the testing process, similar to the type described above, has occurred. Q.6. May financial institutions use operating systems that are
