UCF ID: 01190 |
Control Type: Process or Activity |
Status: Live |
Supporting and supported controls
This control directly supports:
- • Maintain copies of external auditor outsourcing contracts and engagement letters. [UCF Control ID 01188]
This control has the following supporting controls:
- • Review external auditor outsourcing contracts to ensure they include work status reporting requirements. [UCF Control ID 01191]
• Review external auditor outsourcing contracts to ensure they include access to work papers. [UCF Control ID 01193]
• Review the audit vendor's outsourced internal audit program and determine the auditor's qualifications. [UCF Control ID 01197]
• Review the external auditor's performance. [UCF Control ID 01198]
• Review the adequacy of the external auditor's work papers and audit reports. [UCF Control ID 01199]
• Review the conclusions of the work papers and audit reports. [UCF Control ID 01200]
Authority documents complied with:
FFIEC IT Examination Handbook – Audit, August 2003, Pg 22, Exam Tier I Obj 11.2; FFIEC IT Examination Handbook – Supervision of Technology Service Providers, March 2003, Pg 11, Pg 16, Pg 17
Banking and Finance Guidance
The external auditor contract should include the scope, frequency, and cost of the auditing task. [Pg 22, Exam Tier I Obj 11.2, FFIEC IT Examination Handbook – Audit, August 2003]
The examiner-in-charge (EIC) should develop a scope document that identifies the risks found during the last examination and highlights the areas to be examined. It should include an exam schedule, outline the objectives of the examination, and state the assignments for the team members. [Pg 11, Pg 16, Pg 17, FFIEC IT Examination Handbook – Supervision of Technology Service Providers, March 2003]
Metrics
The metrics associated with this control are as follows:
- • Report on the percentage of required internal and external audits that have been completed and reviewed. [UCF Control ID 01677]
Copyright 2005-2009 Unified Compliance Framework™. All rights reserved.