IT Governance, Risk, and Compliance

Mar 15 2010   4:40PM GMT

IT Audit Follow-up: Assessing Recommendation Resolution – Part II

Robert Davis Robert Davis Profile: Robert Davis

If management’s proposed actions to implement or otherwise address reported recommendations have been discussed with, or provided to, an IT auditor; designed remedial actions should be recorded as a management response in a final IT audit report. Whether an IT auditor is engaged in external or internal reporting; after formal audit results communication, follow-up is commonly the next IT audit process phase. Procedurally, after distributing the final audit report — with findings, recommendations and client responses — the IT auditor should request and evaluate relevant information to conclude whether appropriate actions have been taken by management in a timely manner for all documented findings included in the final audit report. However, IT audit follow-up activities can be an extension of an engagement or a separate engagement, and may only include agreed-upon procedures.

View Part I of the IT Audit Follow-up: Assessing Recommendation Resolution series here

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: