Back

Include resource requirements in the audit program.


CONTROL ID
15237
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain an audit program., CC ID: 00684

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • There are risks and opportunities related to the context of the auditee that can be associated with an audit programme and can affect the achievement of its objectives. The individual(s) managing the audit programme should identify and present to the audit client the risks and opportunities consider… (§ 5.3 ¶ 1, ISO 19011:2018, Guidelines for auditing management systems, Third edition)
  • the financial and time resources necessary to develop, implement, manage and improve audit activities; (§ 5.4.4 ¶ 1(a), ISO 19011:2018, Guidelines for auditing management systems, Third edition)
  • travel time and cost, accommodation and other auditing needs; (§ 5.4.4 ¶ 1(e), ISO 19011:2018, Guidelines for auditing management systems, Third edition)
  • the impact of different time zones; (§ 5.4.4 ¶ 1(f), ISO 19011:2018, Guidelines for auditing management systems, Third edition)
  • the availability of any tools, technology and equipment required (§ 5.4.4 ¶ 1(h), ISO 19011:2018, Guidelines for auditing management systems, Third edition)
  • the availability of information and communication technologies (e.g. technical resources required to set up a remote audit using technologies that support remote collaboration); (§ 5.4.4 ¶ 1(g), ISO 19011:2018, Guidelines for auditing management systems, Third edition)
  • Audit priority should be given to allocating resources and methods to matters in a management system with higher inherent risk and lower level of performance. (§ 5.1 ¶ 9, ISO 19011:2018, Guidelines for auditing management systems, Third edition)
  • Ascertain the nature, timing, and extent of resources necessary to perform the engagement, including the use of other service auditor's or service auditor's specialists. (¶ 2.97 i., SOC 2® Reporting on an Examination of Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy, October 15, 2022)
  • The adequacy of resources relative to the size of the entity (¶ 2.156 b., SOC 2® Reporting on an Examination of Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy, October 15, 2022)