CISA-Domain 1-Closure Meeting & Post Audit Follow up

Points to Remember

  • Generally accepted audit practice requires reporting of finding even if corrective action is taken by auditee before issuance of report.
  • Closure meeting ensures that there have been no misunderstandings or misinterpretation of facts.
  • Closing meeting helps to enhance the understanding between the auditor and the auditee in terms of what was presented, discussed, and agreed upon.
  • For communication of audit results, IS auditor is ultimately responsible to senior management and the audit committee of the board of directors.
  • During assignment, if any control weakness is observed which is not in scope of audit, it should be reported to management. Same should not be ignored.
  • ISACA’s IS Audit and Assurance Standard on reporting requires that the IS auditor have sufficient and appropriate audit evidence to support the reported results.
  • It is advisable to conduct confirmatory audit after the timelines agreed by management for remediation action. As a generally accepted practice, auditor should not dictate the timelines for remediation action.
  • PRIMARY purpose of conducting follow-up audits is to validate remediation action.

Mock Test