- Internal Audit Charter does not exist, is out of date, or not appropriate for the organization
- No on-going formal, consistent, self-assessments
- Limited input to the corporate governance and IT governance process and compliance assurance
- Hazy or improper reporting lines
- Too technically oriented IT audits, missing overall control framework contexts
- No effective continuing education opportunities and skills development
- Poor time tracking and remediation follow ups
- Lack of adequate formal audit planning and soliciting management's input on key risks
- Poor audit planning and approval documentation
Wednesday, August 26, 2009
Frequent QAR Findings In Internal Audit Departments
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment