Review of external auditor outsourcing contracts and engagement letters

Status: Live

If audits are outsourced, the organization will review the contracts to determine the scope, expectations and responsibilities under the contract for both parties. [UCF ID 01189]

Supporting and supported controls

This control directly supports:

External auditor outsourcing contracts and engagement letters [UCF Control ID 01188]

This control has the following supporting controls:

Review of external auditor outsourcing contracts for change protocols [UCF Control ID 01192]

Review of external auditor outsourcing contracts for problem resolution management [UCF Control ID 01196]

Review of confidential information [UCF Control ID 01194]

Review of report and workpaper records management practices [UCF Control ID 01195]

Review of line-of-communication protocols to be used [UCF Control ID 01201]

Review of scope of work when risk profile changes [UCF Control ID 01202]

Authority documents complied with:

The Sarbanes-Oxley Act of 2002, § 104(d)(1); FFIEC IT Examination Handbook – Audit, August 2003, Pg 7, Pg 22, Exam Tier I Obj 11.2, Exam Tier I Obj 13.3

Sarbanes Oxley Guidance

Engagement letters must be inspected and reviewed during inspections of public accounting firms. [§ 104(d)(1), The Sarbanes-Oxley Act of 2002]

Banking and Finance Guidance

The external auditor contract should include the scope, expectations, and responsibilities of both parties. [Pg 7, Pg 22, Exam Tier I Obj 11.2, Exam Tier I Obj 13.3, FFIEC IT Examination Handbook – Audit, August 2003]