DRAFT – CFPB Compliance Audit Standards

Last Completed

Risk Category

Control Point



Review written contingency plan to handle inventory in the event of a catastrophic occurrence. Review how often the contingency plan is reviewed and tested.

Disaster Recovery Plans

Review Disaster Recovery Plan.

Computer Data Security Badge Control Access

Ensure Certifications of Data Security Ensure appropriate access to the building and key areas. Ensure proper safeguards in place for IT systems.

Review system securities (SSAE-16, PCMI, etc.).

Onsite inspection to examine entries and badge access permitted. Review how many entries into building. Review badge access. Review the process for visitors. Review policy, visitor logs, badges issuance and access.

Review IT Room Checklist

Computer Room Inspection

Onsite inspection to examine access to the accounting area Review of written policies (safeguarding) Review how inventory is stored overnight Review types of security - physical security, locked fences, alarm systems, 24/7 surveillance etc. Review where keys and fobs stored. Review where titles secured. Who has access to these records? Are titles stored in fireproof cabinets or room? Review how many security cameras are being used. Review where the security cameras located. Review who has ability to view live feed. May the cameras be viewed remotely? If so, who has the ability? Review how long tapes are stored.

Physical & Data Security

Ensure access to accounting is limited to necessary personnel.

Access to Accounting and Inventory

Understand all software used by vendor with accounts Understand how Customer Data is backed up

Review list of software and hardware providers.

Software/Hardware utilization

How, when and where is inventory data backed up.

Data Back-up / Redundancy


Made with