The Graduate

The synopsis deals with the governance and process of supervisory audits using DORA as an example. The content is based on a multidimensional study of the ToX-3LoD system of IT equipment, the cooperation of the lines of defence in test stages, audit procedures and evidence flows, the mode of operation of the ToX-3LoD system in the financial entity-service provider relationship, the connection between the cooperation modes of the three lines of defence and the degrees of certainty in audits, and the iconographic link between ToX, 3LoD and PDCA.

In this context, the internal control procedure according to MaRisk is examined and corrected for a logical inaccuracy by BaFin, and the draft of IDW audit standard 528 on DORA is improved in the incorrect parts.

We supplement BaFin's qualitative model for determining levels of assurance with an equally weighted quantitative component and conclude by showing how a regulatory project can strengthen the business with the help of stringent programme control.