UCF ID: 01155 |
Control Type: Process or Activity |
Status: Live |
Supporting and supported controls
This control directly supports:
- • Review audit reports and work papers. [UCF Control ID 01146]
This control has the following supporting controls:
- • Review past audit reports to ensure the specific program steps and calculations to support the reports' conclusions are stated. [UCF Control ID 01160]
• Review past audit reports to ensure weaknesses and risks are identified and consistently reported. [UCF Control ID 01161]
• Review past audit reports for constructiveness and timeliness. [UCF Control ID 01162]
Authority documents complied with:
The Sarbanes-Oxley Act of 2002, § 103(a)(2)(A)(ii); FFIEC IT Examination Handbook – Audit, August 2003, Exam Tier I Obj 7.2; FFIEC IT Examination Handbook – Information Security, Exam Tier II Obj B.1; ISO/IEC 27001 Information Security Management Systems - Requirements, 2005, § 6; Corporate Law Economic Reform Program (Audit Reform and Corporate Disclosure) Act 2004, Sched 1 ¶ 91
Sarbanes Oxley Guidance
The organization must provide a second review or an independent review and approval of the audit report. [§ 103(a)(2)(A)(ii), The Sarbanes-Oxley Act of 2002]
Banking and Finance Guidance
[Exam Tier I Obj 7.2, FFIEC IT Examination Handbook – Audit, August 2003]
[Exam Tier II Obj B.1, FFIEC IT Examination Handbook – Information Security]
ISO Guidance
The previous audit reports should be taken into consideration when planning the audit program for the organization. [§ 6, ISO/IEC 27001 Information Security Management Systems - Requirements, 2005]
Asia and Pacific Rim Guidance
The audit report must include the amount paid for non-audit services provided by the auditor and a statement by the directors of the organization that the non-audit services provided by the auditor did not compromise the auditor's independence, along with the reasons the directors believe the auditor's independence was not compromised. [Sched 1 ¶ 91, Corporate Law Economic Reform Program (Audit Reform and Corporate Disclosure) Act 2004]
Metrics
The metrics associated with this control are as follows:
- • Report on the percentage of information security requirements from applicable laws and regulations that are included in the internal/external audit program and schedule. [UCF Control ID 02069]
Copyright 2005-2009 Unified Compliance Framework™. All rights reserved.
