Iowa Code § 535B.25
2. The board of directors, or a similar oversight committee approved under subsection 1, shall do all of the following:
f. Ensure the covered institution establishes and maintains a risk management program that identifies, measures, monitors, and controls risk commensurate with the covered institution’s size and complexity. The risk management program must include appropriate processes and models to measure, monitor, and mitigate financial risks and changes to the covered institution’s risk profile and assets being serviced. The risk management program shall address all of the following:
3. A covered institution shall undergo an annual external audit and shall make the external audit available to the administrator upon request. An external audit shall include, at a minimum, all of the following:
2024 Acts, ch 1038, §11
Referred to in §535B.22