Status: Live
If audits are outsourced, the organization will review the contracts to determine the scope, expectations and responsibilities under the contract for both parties. [UCF ID 01189]
Supporting and supported controls
This control directly supports:
- • External auditor outsourcing contracts and engagement letters [UCF Control ID 01188]
This control has the following supporting controls:
- • Review of external auditor outsourcing contracts for change protocols [UCF Control ID 01192]
• Review of external auditor outsourcing contracts for problem resolution management [UCF Control ID 01196]
• Review of confidential information [UCF Control ID 01194]
• Review of report and workpaper records management practices [UCF Control ID 01195]
• Review of line-of-communication protocols to be used [UCF Control ID 01201]
• Review of scope of work when risk profile changes [UCF Control ID 01202]
Authority documents complied with:
The Sarbanes-Oxley Act of 2002, § 104(d)(1); FFIEC IT Examination Handbook – Audit, August 2003, Pg 7, Pg 22, Exam Tier I Obj 11.2, Exam Tier I Obj 13.3
Sarbanes Oxley Guidance
Engagement letters must be inspected and reviewed during inspections of public accounting firms. [§ 104(d)(1), The Sarbanes-Oxley Act of 2002]
Banking and Finance Guidance
The external auditor contract should include the scope, expectations, and responsibilities of both parties. [Pg 7, Pg 22, Exam Tier I Obj 11.2, Exam Tier I Obj 13.3, FFIEC IT Examination Handbook – Audit, August 2003]
Copyright 2005-2009 Unified Compliance Framework™. All rights reserved.
