Points to Remember
- Generally accepted audit practice requires reporting of finding even if corrective action is taken by auditee before issuance of report.
- Closure meeting ensures that there have been no misunderstandings or misinterpretation of facts.
- Closing meeting helps to enhance the understanding between the auditor and the auditee in terms of what was presented, discussed, and agreed upon.
- For communication of audit results, IS auditor is ultimately responsible to senior management and the audit committee of the board of directors.
- During assignment, if any control weakness is observed which is not in scope of audit, it should be reported to management. Same should not be ignored.
- ISACA’s IS Audit and Assurance Standard on reporting requires that the IS auditor have sufficient and appropriate audit evidence to support the reported results.
- It is advisable to conduct confirmatory audit after the timelines agreed by management for remediation action. As a generally accepted practice, auditor should not dictate the timelines for remediation action.
- PRIMARY purpose of conducting follow-up audits is to validate remediation action.