Design a comprehensive security audit program for a financial institution that addresses regulatory compliance, risk assessment, and operational security.