IT audit will report to the board as an independent process

Status: Live

The IT audit will be independent in fact and in appearance in what is reported to the board or audit committee. [UCF ID 01184]

Supporting and supported controls

This control directly supports:

There are no supporting controls.

Authority documents complied with:

FFIEC IT Examination Handbook – Audit, August 2003, Pg 8, Exam Tier I Obj 5.1; FFIEC IT Examination Handbook – Management, Pg 10; FFIEC IT Examination Handbook – Retail Payment Systems, March 2004, Exam Tier II Obj 8.15; EU 8th Directive (European SOX), Art 41.4; German Corporate Governance Code ("The Code"), June 6, 2008, ¶ 7.2.3; Corporate Law Economic Reform Program (Audit Reform and Corporate Disclosure) Act 2004, Sched 1 ¶ 124; The King Committee on Corporate Governance, Executive Summary of the King Report 2002, March 2002, ¶ 4.1.7

Banking and Finance Guidance

The Board of Directors should ensure the audit department functions independently. The audit department should not develop organizational procedures, prepare records or reports, or perform other duties that they review during the audit process. [Pg 8, Exam Tier I Obj 5.1, FFIEC IT Examination Handbook – Audit, August 2003]

The audit function should report directly to the Board of Directors or a designated committee. [Pg 10, FFIEC IT Examination Handbook – Management]

[Exam Tier II Obj 8.15, FFIEC IT Examination Handbook – Retail Payment Systems, March 2004]

EU Guidance

The auditor or audit firm must report to the audit committee any material weaknesses in internal control and any other key matters discovered during the audit. [Art 41.4, EU 8th Directive (European SOX)]

Other European and African Guidance

The auditor must report to the Supervisory Board any important facts or events that are discovered during the audit. [¶ 7.2.3, German Corporate Governance Code ("The Code"), June 6, 2008]

If the organization uses the same accounting firm for both the internal and external audit functions, the audit committee should ensure the accounting firm provides adequate separation to ensure each function remains independent. [¶ 4.1.7, The King Committee on Corporate Governance, Executive Summary of the King Report 2002, March 2002]

Asia and Pacific Rim Guidance

An auditor is required to report to the audit committee any attempts by any person to influence, coerce, manipulate, mislead, or interfere with the audit. [Sched 1 ¶ 124, Corporate Law Economic Reform Program (Audit Reform and Corporate Disclosure) Act 2004]


Copyright 2005-2009 Unified Compliance Framework™. All rights reserved.


Site and content © Copyright 2003-2009 Network Frontiers, LLC. All rights reserved.