Audit chain of custody
Definition
The documented record of when audit evidence was collected, by whom, from what source, and how it has been stored and accessed since collection. Less formal than forensic chain of custody but serves the same purpose: demonstrating that evidence is authentic and unaltered.
Related terms
- Control criterion
- The standard against which a control is evaluated. Criteria may come from an external standard (ISO 27001 Annex A, NIST CSF, PCI-DSS),...
- Design effectiveness
- The assessment of whether a control is designed in a way that would prevent or detect the risk it targets, if it...
- Evidence sufficiency
- The standard that evidence must meet to support an audit conclusion. Evidence must be relevant to the control being tested, reliable in...
- Fieldwork
- The active evidence-gathering phase of an audit, during which the auditor applies testing procedures to specific controls and collects the evidence that...
- Operating effectiveness
- The assessment of whether a control has consistently functioned as designed over the audit period. Requires evidence of actual operation, such as...
Explained in
- Fieldwork, Evidence Collection, and Control TestingThe documented record of when audit evidence was collected, by whom, from what source, and how it has been stored and accessed since collection. Less formal th...