IT Examiner School, Providence, RI

Audit Findings Tracking and Resolution

A formal tracking system that assigns responsibility and target date for  resolution 

Timely and formal status reporting 

Tracking and reporting of changes in target dates or  proposed corrective actions to the Board or Audit  Committee 

Process to ensure findings are resolved

Independent validation to  assess the effectiveness of  corrective measures

• Issues and corrective actions from internal audits and  independent testing/assessments are formally tracked to ensure  procedures and control lapses are resolved in a timely manner.

Auditor Interview

Areas to focus on with auditor  interview: • Knowledge of the IT environment  and risks • Understanding of systems they are  reviewing • Understanding of the basic controls  (of these systems) • Verify training and/or certifications  (as necessary)‐ certifications require  specific training and number of  hours/year (usually 40) • Why auditor used a checklist or  FFIEC IT work‐program and audit  work didn’t fit entity’s activity