Frequent QAR Findings In Internal Audit Departments

• Internal Audit Charter does not exist, is out of date, or not appropriate for the organization
• No on-going formal, consistent, self-assessments
• Limited input to the corporate governance and IT governance process and compliance assurance
• Hazy or improper reporting lines
• Too technically oriented IT audits, missing overall control framework contexts
• No effective continuing education opportunities and skills development
• Poor time tracking and remediation follow ups
• Lack of adequate formal audit planning and soliciting management's input on key risks
• Poor audit planning and approval documentation