diff --git a/Library/Homebrew/cask/audit.rb b/Library/Homebrew/cask/audit.rb
index 28d7352da1..3d84afe543 100644
--- a/Library/Homebrew/cask/audit.rb
+++ b/Library/Homebrew/cask/audit.rb
@@ -510,12 +510,17 @@ module Cask
           when Artifact::Pkg
             system_command("spctl", args: ["--assess", "--type", "install", path], print_stderr: false)
           when Artifact::App
-            system_command("spctl", args: ["--assess", "--type", "execute", path], print_stderr: false)
+            if which("syspolicy_check")
+              system_command("syspolicy_check", args: ["distribution", path], print_stderr: false)
+            else
+              system_command("spctl", args: ["--assess", "--type", "execute", path], print_stderr: false)
+            end
           when Artifact::Binary
             # Shell scripts cannot be signed, so we skip them
             next if path.text_executable?
 
-            system_command("codesign",  args: ["--verify", path], print_stderr: false)
+            system_command("codesign",  args:         ["--verify", "-R=notarized", "--check-notarization", path],
+                                        print_stderr: false)
           else
             add_error "Unknown artifact type: #{artifact.class}", location: url.location
           end