EM-02—Audit Committee
>Control Description
Theme
Type
Policy/Standard
Information Systems Operations Policy>Implementation Guidance
1. Ensure documented information on the Audit Committee and Audit Committee Charter is created. 2. Ensure that the audit committee is independent and meets quarterly as defined within the charter. Document the most recent meeting in the form of an audit committee minutes. 3. Ensure that the audit committee includes outside directors (industry experts). 4. Ensure audit committee reviews financial statement quality, enterprise risk management, regulatory & legal compliance, internal and external audit function, and information security functions. 5. Follow up on any open items from previous audit committee meetings to ensure they are being worked on and closed out.
>Testing Procedure
1. Inspect the Charter of the Audit Committee of the Board of Directors and meeting minutes to determine whether the Audit Committee is independent from management, and is composed of outside directors. 2. Validate that the audit committee is independent and meets quarterly as defined within the charter. 3. Inspect the minutes of meeting audit committee. 4. Validate meeting minutes to ensure that financial statement quality, enterprise risk management, regulatory & legal compliance, internal and external audit function, and information security functions were reviewed.
>Audit Artifacts
>Framework Mappings
Cross-framework mappings provided by Adobe CCF Open Source under Creative Commons License.
Ask AI
Configure your API key to use AI features.