IT Examiner School, Seaside, CA

Audit Findings Tracking and Resolution

• A formal tracking system that assigns responsibility and target date for resolution • Timely and formal status reporting • Tracking and reporting of changes in target dates or proposed corrective actions to the Board or Audit Committee • Process to ensure findings are resolved • Independent validation to assess the effectiveness of corrective measures

Issues and corrective actions from internal audits and independent testing/assessments are formally tracked to ensure procedures and control lapses are resolved in a timely manner.

Auditor Interview

Areas to focus on with auditor interview (if still not satisfied with workpapers):

• Knowledge of the IT environment and risks • Understanding of systems they are reviewing

• Understanding of the basic controls (of these systems) • Verify training and/or certifications (as necessary)- certifications require specific training and number of hours/year (usually 40) • Why auditor used a checklist or FFIEC IT work-program and audit work didn’t fit entity’s activity