Please enable JavaScript.
Coggle requires JavaScript to display documents.
6.2.1 (USING THE SERVICES OF OTHER AUDITORS AND EXPERTS (When a part or…
6.2.1
USING THE SERVICES OF OTHER AUDITORS AND EXPERTS
When a part or all of IS audit services are proposed to be outsourced to another audit or external service provider, the following should be considered with regard to using the services of other auditors and experts:
•
Restrictions
on outsourcing of audit/security services provided
by laws and regulations
• Audit charter or contractual stipulations
• Impact on
overall and specific IS audit objectives
• Impact on
IS audit risk and professional liability
•
Independence and objectivity of other auditors and experts
• Professional competence, qualifications and experience
•
Scope of work proposed
to be outsourced and approach
• Supervisory and audit management controls
• Method and modalities of communication of results of audit work
• Compliance with legal and regulatory stipulations
• Compliance with applicable professional standards
Based on the nature of assignment, the following may also require special consideration:
•
Testimonials/references and background checks
• Access to
systems, premises and records
•
Confidentiality restrictions to protect customer-related information
•
Use of computer-assisted auditing techniques (CAATs)
and other tools to be used by the external audit service provider
•
Standards and methodologies for performance of work and documentation
• Nondisclosure agreements
IS auditor or entity outsourcing the auditing services should monitor the relationship to ensure the
OBJECTIVITY AND INDEPENDENCE
throughout the duration of the arrangement.
responsibility of the IS auditor or entity employing the services of external service providers to do the following:
Clearly communicate the audit objectives, scope and methodology through a formal engagement letter
Establish a monitoring process for regular review of the work of the external service provider with regard to planning, supervision, review and documentation
the work papers of other IS auditors or experts should be reviewed
to confirm the work was appropriately
planned,
supervised,
documented
and reviewed
and to consider the appropriateness and sufficiency of the audit evidence provided
the reports of other IS auditors or experts should be reviewed to confirm
the scope specified in the audit charter,
terms of reference or letter of engagement has been met,
that any significant assumptions used by other IS auditors or experts have been identified,
and the findings and conclusions reported have been agreed on by management.
Assess the usefulness and appropriateness of reports of such external providers and assess the impact of significant findings on the overall audit objectives.