Back

Rotate auditors, as necessary.


CONTROL ID
15589
CONTROL TYPE
Audits and Risk Management
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Define the roles and responsibilities for personnel assigned to tasks in the Audit function., CC ID: 00678

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • Where external auditors are appointed, there should be a rotation of audit firms or auditors and careful consideration and transparency of the non-audit services they provide, to ensure continued independent assurance. (§ 6.4.3.3 ¶ 3, ISO 37000:2021, Governance of organizations — Guidance, First Edition)
  • Examination of companies in the Multi-Regional Data Processing Servicers (MDPS) program is administered by the Agencies. The Agencies determine which TSPs are subject to examination under the MDPS program. Generally, Agency-In-Charge (AIC) responsibilities for an MDPS company are rotated among the A… (E ¶ 2, FFIEC IT Examination Handbook - Supervision of Technology Service Providers, October 2012)
  • Where controlling ownership is equally distributed, the primary examination responsibilities are rotated as agreed by the interested Agencies. (D ¶ 1 Bullet 3, FFIEC IT Examination Handbook - Supervision of Technology Service Providers, October 2012)
  • Responsibility for the examination of independent TSPs is based on the class of insured financial institution being serviced. If more than one class of insured institution is serviced, the examination is conducted jointly, and on a rotated basis, as agreed to among the federal financial institution … (E ¶ 1, FFIEC IT Examination Handbook - Supervision of Technology Service Providers, October 2012)