Review external auditor outsourcing contracts and engagement letters.

UCF ID: 01189

Control Type: Process or Activity

Status: Live

Supporting and supported controls

This control directly supports:

Maintain copies of external auditor outsourcing contracts and engagement letters. [UCF Control ID 01188]

This control has the following supporting controls:

Review external auditor outsourcing contracts to ensure they include protocols for changing the contracts. [UCF Control ID 01192]

Review external auditor outsourcing contracts to ensure they include procedures for resolving problems. [UCF Control ID 01196]

Review external auditor outsourcing contracts to ensure organizational information is maintained in an access restricted manner. [UCF Control ID 01194]

Review external auditor outsourcing contracts to ensure they include report and workpaper records management practices. [UCF Control ID 01195]

Review external auditor outsourcing contracts to ensure they include communication protocols. [UCF Control ID 01201]

Review the scope of outsourced audits when the risk profile changes. [UCF Control ID 01202]

Authority documents complied with:

The Sarbanes-Oxley Act of 2002, § 104(d)(1); FFIEC IT Examination Handbook – Audit, August 2003, Pg 7, Pg 22, Exam Tier I Obj 11.2, Exam Tier I Obj 13.3

Sarbanes Oxley Guidance

Engagement letters must be inspected and reviewed during inspections of public accounting firms. [§ 104(d)(1), The Sarbanes-Oxley Act of 2002]

Banking and Finance Guidance

The external auditor contract should include the scope, expectations, and responsibilities of both parties. [Pg 7, Pg 22, Exam Tier I Obj 11.2, Exam Tier I Obj 13.3, FFIEC IT Examination Handbook – Audit, August 2003]