UCF ID: 01677 |
Control Type: Actionable Reports or measurements |
Status: Live |
Metric guidance
Calculation: The calculation for this metric is # of required internal and external audits completed and reviewed / # of required internal and external audits.
Calculation source: No authority document source of information exists. The following formula was used: number of audits that have been completed and reviewed by the appropriate personnel divided by the number of required internal and external audits as documented in policies.
The Common Control IDs associated with this metric are as follows:
- • Review the external auditor's involvement in assessing IT controls. [UCF Control ID 01204]
• Define the roles and responsibilities of the external auditors. [UCF Control ID 00683]
• Review external auditor outsourcing contracts to ensure they include the scope and work to be performed. [UCF Control ID 01190]
• Verify that an internal audit program policy exists. [UCF Control ID 00684]
• Review audit reports and work papers. [UCF Control ID 01146]
Supporting and supported controls
This control directly supports:
- • Establish and maintain an internal and external audit metrics standard. [UCF Control ID 01664]
There are no supporting controls.
Authority documents complied with:
CISWG Information Security Program Elements, January 10,2005, ISPE6.1; IIA Global Technology Audit Guide (GTAG): Information Technology Controls, § 18.1
US Federal Security Guidance
The organization must measure and report on the percentage of required internal and external audits completed and reviewed by the Board. [ISPE6.1, CISWG Information Security Program Elements, January 10,2005]
General Guidance
The purpose of this measurement is to measure the percentage of required internal and external audits completed and reviewed by the board. [§ 18.1, IIA Global Technology Audit Guide (GTAG): Information Technology Controls]
Copyright 2005-2009 Unified Compliance Framework™. All rights reserved.