Who is responsible for an external QA when a majority of the internal audit work is outsourced to a service provider?

Modified on Wed, Sep 18 at 11:02 AM

In all cases, the organization maintains the responsibility for having an external QA in accordance with The IIA's Standards. If the organization has a CAE (partial outsourcing) it is clearly the CAE's responsibility to initiate the process and discussion with the audit committee. If the majority of the internal audit work is outsourced to a service provider, the person who negotiates the outsourcing of the internal audit services (e.g., CFO, corporate controller) would be responsible for initiating the external QA. The service providers' specific work on the assignment would be reviewed as part of the external QA and not the entire firm's policies and procedures (except the relevant section of the Policies & Procedures of the service provider as applied in the organization). Service providers must advise and brief their clients on the requirements of the Standards.

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article