Consider the following statements regarding the New Guidelines on Information Technology (IT) Governance for Regulated Entities (REs) recently released by the Reserve Bank of India (RBI):
1. It mandates REs to establish an IT steering committee with representation at the senior management level from IT and business functions.
2. It provides that every IT application, which can access or affect critical or sensitive information, shall have necessary audit.
Which of the statements given above is/are correct?