Posted by: Robert Davis
Assurance Service, Attestation, Audit Report, Evidence, Follow-up Procedures, IT Audit
Follow-up activities are essential to enabling continuous improvement in IT governance. IT audit must ensure follow-up activities are completed in a timely manner to reduce the cited risks to the entity’s operations. Nevertheless, management must take full responsibility for ensuring entity personnel pursue commitments to perform agreed corrective actions for gaps and/or weaknesses in the control system. Where corrective actions are not undertaken or completed within the expected timeframe, management should document the reason(s) for rescinding the obligation or why there was a delay in deployment.