Nine lifecycle stages from Governance & Board Oversight through Incident Response. Each stage provides audit objectives, process steps, key risks with ratings, key controls, specific test procedures, evidence requirements, OCC Cybersecurity Supervision Work Program cross-references, and control stack layer alignment. Designed for use by internal audit, external audit, and regulatory examiners.