Review past audit reports for general adequacy.

UCF ID: 01155
Control Type: Process or Activity
Status: Live

Supporting and supported controls

This control directly supports:

This control has the following supporting controls:

    Review past audit reports to ensure the specific program steps and calculations to support the reports' conclusions are stated. [UCF Control ID 01160]
    Review past audit reports to ensure weaknesses and risks are identified and consistently reported. [UCF Control ID 01161]
    Review past audit reports for constructiveness and timeliness. [UCF Control ID 01162]

Authority documents complied with:

The Sarbanes-Oxley Act of 2002, § 103(a)(2)(A)(ii); FFIEC IT Examination Handbook – Audit, August 2003, Exam Tier I Obj 7.2; FFIEC IT Examination Handbook – Information Security, Exam Tier II Obj B.1; ISO/IEC 27001 Information Security Management Systems - Requirements, 2005, § 6; Corporate Law Economic Reform Program (Audit Reform and Corporate Disclosure) Act 2004, Sched 1 ¶ 91

Sarbanes Oxley Guidance

The organization must provide a second review or an independent review and approval of the audit report. [§ 103(a)(2)(A)(ii), The Sarbanes-Oxley Act of 2002]

Banking and Finance Guidance

[Exam Tier I Obj 7.2, FFIEC IT Examination Handbook – Audit, August 2003]

[Exam Tier II Obj B.1, FFIEC IT Examination Handbook – Information Security]

ISO Guidance

The previous audit reports should be taken into consideration when planning the audit program for the organization. [§ 6, ISO/IEC 27001 Information Security Management Systems - Requirements, 2005]

Asia and Pacific Rim Guidance

The audit report must include the amount paid for non-audit services provided by the auditor and a statement by the directors of the organization that the non-audit services provided by the auditor did not compromise the auditor's independence, along with the reasons the directors believe the auditor's independence was not compromised. [Sched 1 ¶ 91, Corporate Law Economic Reform Program (Audit Reform and Corporate Disclosure) Act 2004]

Metrics

The metrics associated with this control are as follows:

    Report on the percentage of information security requirements from applicable laws and regulations that are included in the internal/external audit program and schedule. [UCF Control ID 02069]

Copyright 2005-2009 Unified Compliance Framework™. All rights reserved.


Site and content © Copyright 2003-2009 Network Frontiers, LLC. All rights reserved.