>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

EM-06Internal Audit Function

>Control Description

Quarterly, the Chief Audit Executive meets with the Audit Committee to review key risk issues. The Audit Committee approves the annual Internal Audit Plan. Results of quarterly audits and subsequent issue tracking summaries are presented to the Audit Committee.

Theme

Process

Type

Corrective

Policy/Standard

Information Systems Operations Policy

>Implementation Guidance

1. Ensure key risk issues shall be reviewed at least quarterly by the audit committee and document the issues identified along with the plan of action for risk remediation. 2. Ensure the Internal audit plan is annually approved by the audit committee. 3. Ensure results of quarterly audits and issues identified as a part of audit are presented to the Audit Committee.

>Testing Procedure

1. Inspect Minutes of audit committee meeting and validate that it highlights the key risks identified, plan of action along with the timeline. 2. Check internal audit plan to ensure it was approved by the audit committee. 3. Inspect and validate whether results of quarterly audits are presented to the audit committee.

>Audit Artifacts

E-EM-11
E-EM-12
E-EM-13

>Framework Mappings

Cross-framework mappings provided by Adobe CCF Open Source under Creative Commons License.

ISO 27001
1

9.2

Ask AI

Configure your API key to use AI features.