UCF ID: 01203 |
Control Type: Process or Activity |
Status: Live |
Supporting and supported controls
This control directly supports:
- • Ensure the Board of Directors and senior management are involved in the auditing process. [UCF Control ID 00679]
This control has the following supporting controls:
- • Review the external auditor's involvement in assessing IT controls. [UCF Control ID 01204]
Authority documents complied with:
FFIEC IT Examination Handbook – Audit, August 2003, Pg 20, Pg 23, Exam Tier I Obj 11.7; Securities Exchange Act of 1934, § 78j-1(m)(2); Technology Risk Management Guide for Bank Examiners – OCC Bulletin 98-3, ¶ 40
Banking and Finance Guidance
The Board of Directors should ensure the outsourced audit function operates effectively and complies with all regulations. [Pg 20, Pg 23, Exam Tier I Obj 11.7, FFIEC IT Examination Handbook – Audit, August 2003]
NASD NYSE Guidance
The audit committee is directly responsible for appointing, compensating, and overseeing the work of public accounting firms hired to audit the organization. [§ 78j-1(m)(2), Securities Exchange Act of 1934]
US Federal Security Guidance
¶ 40 Bank management should ensure necessary controls are in place to manage risks associated with outsourcing and external alliances. Management should ensure that vendors have the necessary expertise, experience, and financial strength to fulfill their obligations. They also should ensure that the expectations and obligations of each party are clearly defined, understood and otherwise enforceable. For example, management should make certain that the bank has audit rights for vendors so that the bank can monitor performance under the vendor contract. [¶ 40, Technology Risk Management Guide for Bank Examiners – OCC Bulletin 98-3]
Copyright 2005-2009 Unified Compliance Framework™. All rights reserved.