Status: Live
The organization will cross check through review of past audit reports and work papers whether the auditors accurately identify and consistently report weaknesses and risks. [UCF ID 01161]
Supporting and supported controls
This control directly supports:
- • Review past audit reports for general adequacy [UCF Control ID 01155]
There are no supporting controls.
Authority documents complied with:
FFIEC IT Examination Handbook – Audit, August 2003, Exam Tier I Obj 9.5; FFIEC IT Examination Handbook – Outsourcing Technology Services, June 2004, Exam Tier I Obj 4.3; FFIEC IT Examination Handbook – Supervision of Technology Service Providers, March 2003, Pg 18; Corporate Governance in listed Companies – Clause 49 of the Listing Agreement, § II(E)(3), § II(E)(4); Archer Control Table, ATCS-507
Banking and Finance Guidance
[Exam Tier I Obj 9.5, FFIEC IT Examination Handbook – Audit, August 2003]
[Exam Tier I Obj 4.3, FFIEC IT Examination Handbook – Outsourcing Technology Services, June 2004]
The final examination report should contain assessments of the major risks, recommendations for reducing or managing risks, and management's response to the findings and recommendations. [Pg 18, FFIEC IT Examination Handbook – Supervision of Technology Service Providers, March 2003]
Asia and Pacific Rim Guidance
The audit committee must review the internal control weaknesses identified in internal audit reports and management letters. [§ II(E)(3), § II(E)(4), Corporate Governance in listed Companies – Clause 49 of the Listing Agreement]
Copyright 2005-2009 Unified Compliance Framework™. All rights reserved.