SlideShare uma empresa Scribd logo

Outsourcing the Internal Audit Function

Transferir como DOCX, PDF
H
hurt3303
1 de 3
Outsourcing the Internal Audit Function Although banking regulations allow for the outsourcing of the internal audit function, the decision to do so should be considered carefully. Most importantly, management and the Audit Committee of the Board of Directors must recognize that a trained person is needed within the financial institution to be responsible for the internal audit function. This person must coordinate the outsourced audits with management and the audit committee and be responsible for ensuring the quality and completeness of all audits. Because internal auditing is such a critical function within a financial institution, and in light of the need for an internal auditor to be responsible for all outsourced audits, this paper describes the process to follow to obtain and review proposals for outsourced audit services. Evaluating Proposals For Outsourced Internal Audit Services Typically, the most significant problem with outsourcing the internal audit function is the quality and experience level of the people performing the work. The staff members performing the audit work are often junior-level employees with little knowledge of banking and the institution’s operations. Consequently, the institution’s management staff spends a lot of time answering seemingly needless questions and training these people. Some questions that prospective audit firms might be asked during the interview process, after they have submitted a response to the RFP, include: 1. How does the firm assess risk throughout the institution? (e.g., Does it perform interviews with management and document operations, procedures, controls, etc., as part of its risk assessment and prior to crafting the audit scope and specific audit procedures?) Have the firm explain how and what it typically see as the areas of greatest risk in an institution similar to your own. 2. To what extent does the firm’s assessment of risk affect the scope of individual area audits and the specific audit procedures to be employed?
3. How do the results of their work affect the scope during an audit? For example, if they find problems, do they expand the scope? 4. To what degree do they test compliance with institution policies and banking laws and regulations? It is important that they explain the level of detail of their compliance testing. How do they determine and select the sample size (e.g., judgmental, random, statistical)? 5. To what degree do they provide cost savings or earnings improvement recommendations regarding operations, procedures, and practices of the institution? 6. Who will be assigned to the audit, and what is his or her background and prior financial institution audit experience? This is a crucial issue, because many firms bait-and-switch, with the partner or manager selling the engagement but actually spending relatively little time at the institution. Instead, junior employees with little experience perform the bulk of the work. Don’t accept recent college graduates working on their CPAs, no matter how experienced the management team is. 7. How do they coordinate their work at the institution, with whom, and how often? Do they utilize financial institution resources to complete audit work (e.g., prepare schedules)? To what extent is this done? How do they verify the quality of this work? 8. Based on the data processing arrangements at the institution (i.e., outsourced versus in- house), how will the firm approach auditing data processing? What types of testing of systems, applications, controls, and procedures will they perform? 9. How will they present their work or results? How often? To whom? 10. How often will they meet with the Board and/or Audit Committee? 11. Will their documentation be available for inspection by the financial institution? Not just the reports, but the audit programs, schedules, test work, memoranda, etc.? If not, why? Challenge the argument that “It’s our property.” How else will management and the directors be able to evaluate the completeness and effectiveness of the firm’s work if they cannot see the work? 12. Who owns the “product” (i.e., questionnaires, audit programs, permanent work paper files, etc.) and where the I/A files will be, including audit programs, audit work papers,
etc. The institution may want to bring the audit function in-house in the future, and this information will have value in that case.

Recomendados

Sunil Vethody - Sr. Operations Director
Sunil Vethody - Sr. Operations DirectorSunil Vethody - Sr. Operations Director
Sunil Vethody - Sr. Operations DirectorSunilVethody2
 
Clay Alvin Resume 4-15
Clay Alvin Resume 4-15Clay Alvin Resume 4-15
Clay Alvin Resume 4-15Alvin Clay
 
MM PsychoTools (Psychomotor assessments) Presentation
MM PsychoTools (Psychomotor assessments) PresentationMM PsychoTools (Psychomotor assessments) Presentation
MM PsychoTools (Psychomotor assessments) Presentationkenneth mashele
 
Sunil Vethody - Sr. Director of Technical Operations
Sunil Vethody - Sr. Director of Technical OperationsSunil Vethody - Sr. Director of Technical Operations
Sunil Vethody - Sr. Director of Technical OperationsSunilVethody2
 
Role of system analyst
Role of system analystRole of system analyst
Role of system analystDashiya Foundation
 
Resume Omar
Resume Omar Resume Omar
Resume Omar Omar Mohamed
 
Venkata Raghavan
Venkata RaghavanVenkata Raghavan
Venkata RaghavanVenkata Raghavan
 
Operations Management Presentation
Operations Management PresentationOperations Management Presentation
Operations Management Presentationlovebaby193
 

Recomendados

Sunil Vethody - Sr. Operations Director
Sunil Vethody - Sr. Operations DirectorSunil Vethody - Sr. Operations Director
Sunil Vethody - Sr. Operations DirectorSunilVethody2
 
Clay Alvin Resume 4-15
Clay Alvin Resume 4-15Clay Alvin Resume 4-15
Clay Alvin Resume 4-15Alvin Clay
 
MM PsychoTools (Psychomotor assessments) Presentation
MM PsychoTools (Psychomotor assessments) PresentationMM PsychoTools (Psychomotor assessments) Presentation
MM PsychoTools (Psychomotor assessments) Presentationkenneth mashele
 
Sunil Vethody - Sr. Director of Technical Operations
Sunil Vethody - Sr. Director of Technical OperationsSunil Vethody - Sr. Director of Technical Operations
Sunil Vethody - Sr. Director of Technical OperationsSunilVethody2
 
Role of system analyst
Role of system analystRole of system analyst
Role of system analystDashiya Foundation
 
Resume Omar
Resume Omar Resume Omar
Resume Omar Omar Mohamed
 
Venkata Raghavan
Venkata RaghavanVenkata Raghavan
Venkata RaghavanVenkata Raghavan
 
Operations Management Presentation
Operations Management PresentationOperations Management Presentation
Operations Management Presentationlovebaby193
 
William Hubbard - Capstone Final Paper - 12.8.15
William Hubbard - Capstone Final Paper - 12.8.15William Hubbard - Capstone Final Paper - 12.8.15
William Hubbard - Capstone Final Paper - 12.8.15William "Drew" Hubbard, M.P.S.
 
Introduction to Satellite Meeting on Overview and Use of Standards and Format...
Introduction to Satellite Meeting on Overview and Use of Standards and Format...Introduction to Satellite Meeting on Overview and Use of Standards and Format...
Introduction to Satellite Meeting on Overview and Use of Standards and Format...Mike Hucka
 
Informativo nº 2 3º basico a- 07 de marzo de 2014
Informativo nº 2 3º basico a- 07 de marzo de 2014Informativo nº 2 3º basico a- 07 de marzo de 2014
Informativo nº 2 3º basico a- 07 de marzo de 2014Colegio Camilo Henríquez
 
Add+ lookbook 160427
Add+ lookbook 160427Add+ lookbook 160427
Add+ lookbook 160427Addplus Design
 
Bab iii
Bab iiiBab iii
Bab iiiWirat Mojo
 
Online youtobe video download mp3
Online youtobe video download mp3Online youtobe video download mp3
Online youtobe video download mp3Mahesh Kumar
 
Armadfura
ArmadfuraArmadfura
Armadfurasila
 
คณิตศาสตร์
คณิตศาสตร์คณิตศาสตร์
คณิตศาสตร์porntipa Thupmongkol
 
Wix
WixWix
Wixjuan-camil1514
 
Git
GitGit
GitLong Nguyen
 
Diario emprendedor
Diario emprendedorDiario emprendedor
Diario emprendedorsila
 
RGP--NPI Case Study July 2016
RGP--NPI Case Study July 2016RGP--NPI Case Study July 2016
RGP--NPI Case Study July 2016Robert Galloway
 
Marine insurance
Marine insuranceMarine insurance
Marine insuranceRanvir Raj
 
Internal auditing for “one & all” (second edition)
Internal auditing for “one & all” (second edition)Internal auditing for “one & all” (second edition)
Internal auditing for “one & all” (second edition)Mohammad Wahid Abdullah Khan
 
Interview Question for Manager
Interview Question for ManagerInterview Question for Manager
Interview Question for ManagerMd. Abdul Momen (Jibon)
 
Operational Auditing
Operational AuditingOperational Auditing
Operational Auditingahmad bassiouny
 
Auditing.docx
Auditing.docxAuditing.docx
Auditing.docxJoelEdau1
 
Definition performance appraisal
Definition performance appraisalDefinition performance appraisal
Definition performance appraisaladrianlarson732
 
DEVA_WP_mc_final_2.0
DEVA_WP_mc_final_2.0DEVA_WP_mc_final_2.0
DEVA_WP_mc_final_2.0Gregory W. Fischer
 
Internal control and Control Self Assessment
Internal control and Control Self AssessmentInternal control and Control Self Assessment
Internal control and Control Self AssessmentManoj Agarwal
 
The hr audit process
The hr audit processThe hr audit process
The hr audit processprachinishu
 
06304021
0630402106304021
06304021Nafiur Rahman
 

Mais conteúdo relacionado

Destaque

Introduction to Satellite Meeting on Overview and Use of Standards and Format...
Introduction to Satellite Meeting on Overview and Use of Standards and Format...Introduction to Satellite Meeting on Overview and Use of Standards and Format...
Introduction to Satellite Meeting on Overview and Use of Standards and Format...Mike Hucka
 
Informativo nº 2 3º basico a- 07 de marzo de 2014
Informativo nº 2 3º basico a- 07 de marzo de 2014Informativo nº 2 3º basico a- 07 de marzo de 2014
Informativo nº 2 3º basico a- 07 de marzo de 2014Colegio Camilo Henríquez
 
Online youtobe video download mp3
Online youtobe video download mp3Online youtobe video download mp3
Online youtobe video download mp3Mahesh Kumar
 
Armadfura
ArmadfuraArmadfura
Armadfurasila
 
Diario emprendedor
Diario emprendedorDiario emprendedor
Diario emprendedorsila
 
RGP--NPI Case Study July 2016
RGP--NPI Case Study July 2016RGP--NPI Case Study July 2016
RGP--NPI Case Study July 2016Robert Galloway
 
Marine insurance
Marine insuranceMarine insurance
Marine insuranceRanvir Raj
 

Destaque (13)

William Hubbard - Capstone Final Paper - 12.8.15
William Hubbard - Capstone Final Paper - 12.8.15William Hubbard - Capstone Final Paper - 12.8.15
William Hubbard - Capstone Final Paper - 12.8.15
 
Introduction to Satellite Meeting on Overview and Use of Standards and Format...
Introduction to Satellite Meeting on Overview and Use of Standards and Format...Introduction to Satellite Meeting on Overview and Use of Standards and Format...
Introduction to Satellite Meeting on Overview and Use of Standards and Format...
 
Informativo nº 2 3º basico a- 07 de marzo de 2014
Informativo nº 2 3º basico a- 07 de marzo de 2014Informativo nº 2 3º basico a- 07 de marzo de 2014
Informativo nº 2 3º basico a- 07 de marzo de 2014
 
Add+ lookbook 160427
Add+ lookbook 160427Add+ lookbook 160427
Add+ lookbook 160427
 
Bab iii
Bab iiiBab iii
Bab iii
 
Online youtobe video download mp3
Online youtobe video download mp3Online youtobe video download mp3
Online youtobe video download mp3
 
Armadfura
ArmadfuraArmadfura
Armadfura
 
คณิตศาสตร์
คณิตศาสตร์คณิตศาสตร์
คณิตศาสตร์
 
Wix
WixWix
Wix
 
Git
GitGit
Git
 
Diario emprendedor
Diario emprendedorDiario emprendedor
Diario emprendedor
 
RGP--NPI Case Study July 2016
RGP--NPI Case Study July 2016RGP--NPI Case Study July 2016
RGP--NPI Case Study July 2016
 
Marine insurance
Marine insuranceMarine insurance
Marine insurance
 

Semelhante a Outsourcing the Internal Audit Function

Internal auditing for “one & all” (second edition)
Internal auditing for “one & all” (second edition)Internal auditing for “one & all” (second edition)
Internal auditing for “one & all” (second edition)Mohammad Wahid Abdullah Khan
 
Auditing.docx
Auditing.docxAuditing.docx
Auditing.docxJoelEdau1
 
Definition performance appraisal
Definition performance appraisalDefinition performance appraisal
Definition performance appraisaladrianlarson732
 
Internal control and Control Self Assessment
Internal control and Control Self AssessmentInternal control and Control Self Assessment
Internal control and Control Self AssessmentManoj Agarwal
 
The hr audit process
The hr audit processThe hr audit process
The hr audit processprachinishu
 
KSA Financial Control Analyst_Maggie Hsu
KSA Financial Control Analyst_Maggie HsuKSA Financial Control Analyst_Maggie Hsu
KSA Financial Control Analyst_Maggie HsuMaggie Hsu
 
2008 Pioneering The Employment Services Audit In The Ontario College Sector
2008 Pioneering The Employment Services Audit In The Ontario College Sector2008 Pioneering The Employment Services Audit In The Ontario College Sector
2008 Pioneering The Employment Services Audit In The Ontario College SectorNikhat Rasheed
 
Lecture 17 sas framework internal control - james a. hall book chapter 3
Lecture 17 sas framework internal control - james a. hall book chapter 3Lecture 17 sas framework internal control - james a. hall book chapter 3
Lecture 17 sas framework internal control - james a. hall book chapter 3Habib Ullah Qamar
 
Frequently asked questions on auditing in dubai
Frequently asked questions on auditing in dubaiFrequently asked questions on auditing in dubai
Frequently asked questions on auditing in dubaiManeesha35
 
For model i 4a - 11 - risk assessment in the internal audit department
For model i 4a - 11 - risk assessment in the internal audit departmentFor model i 4a - 11 - risk assessment in the internal audit department
For model i 4a - 11 - risk assessment in the internal audit departmentRajeswaran Muthu Venkatachalam
 
319155985-project-report-on-a-CA-firm (1).pdf
319155985-project-report-on-a-CA-firm (1).pdf319155985-project-report-on-a-CA-firm (1).pdf
319155985-project-report-on-a-CA-firm (1).pdfInfantRagulD
 
Process Level Auditing Presentation
Process Level Auditing PresentationProcess Level Auditing Presentation
Process Level Auditing PresentationVernon Benjamin
 
Audits and Regulatory Compliance
Audits and Regulatory ComplianceAudits and Regulatory Compliance
Audits and Regulatory Compliancesomeshwar mankar
 
Audit Planning - Considerations
Audit Planning - ConsiderationsAudit Planning - Considerations
Audit Planning - ConsiderationsRyan Vaz
 

Semelhante a Outsourcing the Internal Audit Function (20)

Internal auditing for “one & all” (second edition)
Internal auditing for “one & all” (second edition)Internal auditing for “one & all” (second edition)
Internal auditing for “one & all” (second edition)
 
Interview Question for Manager
Interview Question for ManagerInterview Question for Manager
Interview Question for Manager
 
Operational Auditing
Operational AuditingOperational Auditing
Operational Auditing
 
Auditing.docx
Auditing.docxAuditing.docx
Auditing.docx
 
Definition performance appraisal
Definition performance appraisalDefinition performance appraisal
Definition performance appraisal
 
DEVA_WP_mc_final_2.0
DEVA_WP_mc_final_2.0DEVA_WP_mc_final_2.0
DEVA_WP_mc_final_2.0
 
Internal control and Control Self Assessment
Internal control and Control Self AssessmentInternal control and Control Self Assessment
Internal control and Control Self Assessment
 
The hr audit process
The hr audit processThe hr audit process
The hr audit process
 
06304021
0630402106304021
06304021
 
KSA Financial Control Analyst_Maggie Hsu
KSA Financial Control Analyst_Maggie HsuKSA Financial Control Analyst_Maggie Hsu
KSA Financial Control Analyst_Maggie Hsu
 
Nextcard Case Essay
Nextcard Case EssayNextcard Case Essay
Nextcard Case Essay
 
2008 Pioneering The Employment Services Audit In The Ontario College Sector
2008 Pioneering The Employment Services Audit In The Ontario College Sector2008 Pioneering The Employment Services Audit In The Ontario College Sector
2008 Pioneering The Employment Services Audit In The Ontario College Sector
 
Lecture 17 sas framework internal control - james a. hall book chapter 3
Lecture 17 sas framework internal control - james a. hall book chapter 3Lecture 17 sas framework internal control - james a. hall book chapter 3
Lecture 17 sas framework internal control - james a. hall book chapter 3
 
Frequently asked questions on auditing in dubai
Frequently asked questions on auditing in dubaiFrequently asked questions on auditing in dubai
Frequently asked questions on auditing in dubai
 
For model i 4a - 11 - risk assessment in the internal audit department
For model i 4a - 11 - risk assessment in the internal audit departmentFor model i 4a - 11 - risk assessment in the internal audit department
For model i 4a - 11 - risk assessment in the internal audit department
 
319155985-project-report-on-a-CA-firm (1).pdf
319155985-project-report-on-a-CA-firm (1).pdf319155985-project-report-on-a-CA-firm (1).pdf
319155985-project-report-on-a-CA-firm (1).pdf
 
Process Level Auditing Presentation
Process Level Auditing PresentationProcess Level Auditing Presentation
Process Level Auditing Presentation
 
Audits and Regulatory Compliance
Audits and Regulatory ComplianceAudits and Regulatory Compliance
Audits and Regulatory Compliance
 
2019_SOU_Internal_Audit.pptx
2019_SOU_Internal_Audit.pptx2019_SOU_Internal_Audit.pptx
2019_SOU_Internal_Audit.pptx
 
Audit Planning - Considerations
Audit Planning - ConsiderationsAudit Planning - Considerations
Audit Planning - Considerations
 

Mais de hurt3303

Ethics plan.pptx v 2.0
Ethics plan.pptx v 2.0Ethics plan.pptx v 2.0
Ethics plan.pptx v 2.0hurt3303
 
countrywide job description
countrywide job descriptioncountrywide job description
countrywide job descriptionhurt3303
 
healthcare auditing and monitoring tools
healthcare auditing and monitoring toolshealthcare auditing and monitoring tools
healthcare auditing and monitoring toolshurt3303
 
ethics plan.pptx v 2.0
ethics plan.pptx v 2.0ethics plan.pptx v 2.0
ethics plan.pptx v 2.0hurt3303
 
sas-data-governance-framework-107325
sas-data-governance-framework-107325sas-data-governance-framework-107325
sas-data-governance-framework-107325hurt3303
 
the handbook of credit risk management
the handbook of credit risk managementthe handbook of credit risk management
the handbook of credit risk managementhurt3303
 
riskmgt_creditrisk
riskmgt_creditriskriskmgt_creditrisk
riskmgt_creditriskhurt3303
 
Indirect_Loans_Audit_Program
Indirect_Loans_Audit_ProgramIndirect_Loans_Audit_Program
Indirect_Loans_Audit_Programhurt3303
 
Currency Transaction Reporting
Currency Transaction ReportingCurrency Transaction Reporting
Currency Transaction Reportinghurt3303
 
bsa aml quantity of risk spreadsheet
bsa aml quantity of risk spreadsheetbsa aml quantity of risk spreadsheet
bsa aml quantity of risk spreadsheethurt3303
 
Risk Assessment Link to the BSA_AML Compliance Program
Risk Assessment Link to the BSA_AML Compliance ProgramRisk Assessment Link to the BSA_AML Compliance Program
Risk Assessment Link to the BSA_AML Compliance Programhurt3303
 
Project Management Plan
Project Management PlanProject Management Plan
Project Management Planhurt3303
 
Copy of seasadj.pdf4
Copy of seasadj.pdf4Copy of seasadj.pdf4
Copy of seasadj.pdf4hurt3303
 
Copy of seasadj.pdf3
Copy of seasadj.pdf3Copy of seasadj.pdf3
Copy of seasadj.pdf3hurt3303
 
Copy of seasadj.pdf2
Copy of seasadj.pdf2Copy of seasadj.pdf2
Copy of seasadj.pdf2hurt3303
 

Mais de hurt3303 (15)

Ethics plan.pptx v 2.0
Ethics plan.pptx v 2.0Ethics plan.pptx v 2.0
Ethics plan.pptx v 2.0
 
countrywide job description
countrywide job descriptioncountrywide job description
countrywide job description
 
healthcare auditing and monitoring tools
healthcare auditing and monitoring toolshealthcare auditing and monitoring tools
healthcare auditing and monitoring tools
 
ethics plan.pptx v 2.0
ethics plan.pptx v 2.0ethics plan.pptx v 2.0
ethics plan.pptx v 2.0
 
sas-data-governance-framework-107325
sas-data-governance-framework-107325sas-data-governance-framework-107325
sas-data-governance-framework-107325
 
the handbook of credit risk management
the handbook of credit risk managementthe handbook of credit risk management
the handbook of credit risk management
 
riskmgt_creditrisk
riskmgt_creditriskriskmgt_creditrisk
riskmgt_creditrisk
 
Indirect_Loans_Audit_Program
Indirect_Loans_Audit_ProgramIndirect_Loans_Audit_Program
Indirect_Loans_Audit_Program
 
Currency Transaction Reporting
Currency Transaction ReportingCurrency Transaction Reporting
Currency Transaction Reporting
 
bsa aml quantity of risk spreadsheet
bsa aml quantity of risk spreadsheetbsa aml quantity of risk spreadsheet
bsa aml quantity of risk spreadsheet
 
Risk Assessment Link to the BSA_AML Compliance Program
Risk Assessment Link to the BSA_AML Compliance ProgramRisk Assessment Link to the BSA_AML Compliance Program
Risk Assessment Link to the BSA_AML Compliance Program
 
Project Management Plan
Project Management PlanProject Management Plan
Project Management Plan
 
Copy of seasadj.pdf4
Copy of seasadj.pdf4Copy of seasadj.pdf4
Copy of seasadj.pdf4
 
Copy of seasadj.pdf3
Copy of seasadj.pdf3Copy of seasadj.pdf3
Copy of seasadj.pdf3
 
Copy of seasadj.pdf2
Copy of seasadj.pdf2Copy of seasadj.pdf2
Copy of seasadj.pdf2
 

Outsourcing the Internal Audit Function

  • 1. Outsourcing the Internal Audit Function Although banking regulations allow for the outsourcing of the internal audit function, the decision to do so should be considered carefully. Most importantly, management and the Audit Committee of the Board of Directors must recognize that a trained person is needed within the financial institution to be responsible for the internal audit function. This person must coordinate the outsourced audits with management and the audit committee and be responsible for ensuring the quality and completeness of all audits. Because internal auditing is such a critical function within a financial institution, and in light of the need for an internal auditor to be responsible for all outsourced audits, this paper describes the process to follow to obtain and review proposals for outsourced audit services. Evaluating Proposals For Outsourced Internal Audit Services Typically, the most significant problem with outsourcing the internal audit function is the quality and experience level of the people performing the work. The staff members performing the audit work are often junior-level employees with little knowledge of banking and the institution’s operations. Consequently, the institution’s management staff spends a lot of time answering seemingly needless questions and training these people. Some questions that prospective audit firms might be asked during the interview process, after they have submitted a response to the RFP, include: 1. How does the firm assess risk throughout the institution? (e.g., Does it perform interviews with management and document operations, procedures, controls, etc., as part of its risk assessment and prior to crafting the audit scope and specific audit procedures?) Have the firm explain how and what it typically see as the areas of greatest risk in an institution similar to your own. 2. To what extent does the firm’s assessment of risk affect the scope of individual area audits and the specific audit procedures to be employed?
  • 2. 3. How do the results of their work affect the scope during an audit? For example, if they find problems, do they expand the scope? 4. To what degree do they test compliance with institution policies and banking laws and regulations? It is important that they explain the level of detail of their compliance testing. How do they determine and select the sample size (e.g., judgmental, random, statistical)? 5. To what degree do they provide cost savings or earnings improvement recommendations regarding operations, procedures, and practices of the institution? 6. Who will be assigned to the audit, and what is his or her background and prior financial institution audit experience? This is a crucial issue, because many firms bait-and-switch, with the partner or manager selling the engagement but actually spending relatively little time at the institution. Instead, junior employees with little experience perform the bulk of the work. Don’t accept recent college graduates working on their CPAs, no matter how experienced the management team is. 7. How do they coordinate their work at the institution, with whom, and how often? Do they utilize financial institution resources to complete audit work (e.g., prepare schedules)? To what extent is this done? How do they verify the quality of this work? 8. Based on the data processing arrangements at the institution (i.e., outsourced versus in- house), how will the firm approach auditing data processing? What types of testing of systems, applications, controls, and procedures will they perform? 9. How will they present their work or results? How often? To whom? 10. How often will they meet with the Board and/or Audit Committee? 11. Will their documentation be available for inspection by the financial institution? Not just the reports, but the audit programs, schedules, test work, memoranda, etc.? If not, why? Challenge the argument that “It’s our property.” How else will management and the directors be able to evaluate the completeness and effectiveness of the firm’s work if they cannot see the work? 12. Who owns the “product” (i.e., questionnaires, audit programs, permanent work paper files, etc.) and where the I/A files will be, including audit programs, audit work papers,
  • 3. etc. The institution may want to bring the audit function in-house in the future, and this information will have value in that case.