Status: Live
If audits are outsourced, the organization will review engagement letters and discuss with senior management the external auditor’s involvement in assessing IT controls. [UCF ID 01204]
Supporting and supported controls
This control directly supports:
- • The board or directors will ensure outsourced audits are effectively managed [UCF Control ID 01203]
There are no supporting controls.
Authority documents complied with:
FFIEC IT Examination Handbook – Audit, August 2003, Exam Tier I Obj 12.1; CobiT 4.1, ME4.7; The Dutch corporate governance code, Principles of good corporate governance and best practice provisions, 9 December 2003, ¶ V.2.2
Banking and Finance Guidance
[Exam Tier I Obj 12.1, FFIEC IT Examination Handbook – Audit, August 2003]
General Guidance
The organization is called upon to ensure that the organization establishes and maintains a function that is competent and adequately staffed and/or seeks external assurance services to provide the board—this will occur most likely through an audit committee—with timely independent assurance about the compliance of IT with its policies, standards and procedures, as well as with generally accepted practices. [ME4.7, CobiT 4.1]
Other European and African Guidance
The audit committee and Management Board must report all dealings with the external auditor to the Supervisory Board annually. [¶ V.2.2, The Dutch corporate governance code, Principles of good corporate governance and best practice provisions, 9 December 2003]
Metrics
The metrics associated with this control are as follows:
- • Report on the percentage of required internal and external audits completed and reviewed [UCF Control ID 01677]
Copyright 2005-2009 Unified Compliance Framework™. All rights reserved.