![]() For example, the recommendation might read: “Supervisors should inform HR and IT simultaneously of any changes in their organizations to ensure appropriate user profiles are maintained. As this is a more complex situation, the auditor can provide guidance in the recommendation, but probably not a detailed plan of action. Generic: There are instances where more than one business group is involved in the resolution of an issue and it will take joint efforts to define the actions to address it. If this training occurred during fieldwork, the issue can be categorized as “addressed.” Still, it is up to management to decide the means and timing to achieve this goal. ![]() In certain cases, those can be implemented during fieldwork and this situation can be pointed out in the report as “addressed.” For example: “The AP clerk should be trained on how to process certain payment types to ensure the right coding is used.” In this case the recommendation is very specific. Straight actions: When there is an accurately identified root cause, the auditor can advise specific actions that are achievable. Here, I have tried to establish some categories: For example: “Management could / should / or must take the following actions…”ĭepending on the relevance and complexity of the noted issues, the level of the corresponding recommendations may vary. Also, the relevance and seriousness of the finding will influence the tone of the report. Auditors must find a balance between being too simplistic and providing overly detailed procedures that attempt to do management’s job. Depending on the company culture, and the issue impact, recommendations can be more or less detailed. When implemented, process risks should be mitigated, and performance should be enhanced. MJE approval oversight may cause _.” 3) Make the RecommendationĪudit recommendations consist of guidance that highlights actions to be taken by management. For example: “From a sample of xx MJE’s, representing x% of the population and y% of the value, it was noted that yy MJE’s did not have an associated formal approval due to _. The internal auditor must stay objective at all times in evaluating the situation and the impact on the process performance, taking into consideration the business objectives and risk appetite.īased on the information gathered and the identified facts, the auditor can write down the issue. Once an internal auditor encounters a control weakness, the focus must be on the facts, without judging the situation or its circumstances. Once noted, these need to be discussed with management to ensure alignment. ![]() Per conversations with auditees, and per process walkthroughs, the auditor has a privileged position to identify the factors triggering issues and get to the root cause.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |