IT Governance, Risk, and Compliance

Mar 11 2010   7:41PM GMT

IT Audit Follow-up: Assessing Recommendation Resolution – Part I

Robert Davis Robert Davis Profile: Robert Davis

While management is responsible for addressing assurance engagement findings and recommendations as well as tracking resolution status; audit is responsible for establishing policies, procedures, standards and rules for follow-up to determine whether previous findings and recommendations are adequately addressed as well as considered in planning future engagements. In this matter, IT auditors should comply with generally accepted audit follow-up procedures addressing the risks ordinarily associated with the audit area. Contextually, an appropriate amount of follow-up is necessary to assure the effectiveness of the corrective action process and to reestablish confidence in the item or service assessed. Therefore, the audit follow-up process normally includes carrying out sufficient, timely follow-up procedures to verify that management actions address weaknesses promptly.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: