Review of external auditor performance

Status: Live

If audits are outsourced, the organization will review the performance and contractual criteria for the audit vendor and any internal evaluations of the audit vendor. [UCF ID 01198]

Supporting and supported controls

This control directly supports:

Review of external auditor outsourcing scope and work to be performed [UCF Control ID 01190]

There are no supporting controls.

Authority documents complied with:

FFIEC IT Examination Handbook – Audit, August 2003, Exam Tier I Obj 11.4; CobiT 4.1, ME2.6; The Dutch corporate governance code, Principles of good corporate governance and best practice provisions, 9 December 2003, ¶ III.5.9, ¶ V.2.3; Corporate Law Economic Reform Program (Audit Reform and Corporate Disclosure) Act 2004, Sched 1 ¶ 117

Banking and Finance Guidance

[Exam Tier I Obj 11.4, FFIEC IT Examination Handbook – Audit, August 2003]

General Guidance

The organization is called upon to assess the status of each external service provider’s internal controls. Confirm that external service providers comply with legal and regulatory requirements and contractual obligations. This can be provided by a third-party audit or obtained from a review by management’s internal audit function and the results of the audits. [ME2.6, CobiT 4.1]

Other European and African Guidance

The audit committee must meet with the external auditor at least once a year without the Management Board being present. The Supervisory Board and the audit committee must assess the external auditor's performance in all of his/her different capacities at least once every 4 years. The assessment conclusions must be reported at the annual meeting to assess the nomination of the external auditor. [¶ III.5.9, ¶ V.2.3, The Dutch corporate governance code, Principles of good corporate governance and best practice provisions, 9 December 2003]

Asia and Pacific Rim Guidance

If the auditor is at the annual meeting, the annual meeting chairman must allow voting shareholders to ask the auditor about the audit, the content of the audit report, his/her independence, and the accounting policies of the organization. [Sched 1 ¶ 117, Corporate Law Economic Reform Program (Audit Reform and Corporate Disclosure) Act 2004]