Back

Hold a closing meeting following an audit to present audit findings and conclusions.


CONTROL ID
15248
CONTROL TYPE
Communicate
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain an audit program., CC ID: 00684

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • For any recommendations submitted as a result of system auditing, verification of facts and adequate exchange of opinions should be performed between the system-auditing department and the auditees. Then, it is necessary to take corrective action properly for any problems identified. It is also nece… (A1.4., FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
  • A closing meeting should be held to present the audit findings and conclusions. (§ 6.4.10 ¶ 1, ISO 19011:2018, Guidelines for auditing management systems, Third edition)
  • the audit client; (§ 6.4.10 ¶ 2 Bullet 2, ISO 19011:2018, Guidelines for auditing management systems, Third edition)
  • The familiarity of the auditee with the audit process should also be taken into consideration during the closing meeting, to ensure the correct level of detail is provided to participants. (§ 6.4.10 ¶ 5, ISO 19011:2018, Guidelines for auditing management systems, Third edition)
  • the method of reporting; (§ 6.4.10 ¶ 7(b), ISO 19011:2018, Guidelines for auditing management systems, Third edition)
  • how the audit finding should be addressed based on the agreed process; (§ 6.4.10 ¶ 7(c)¶, ISO 19011:2018, Guidelines for auditing management systems, Third edition)
  • presentation of the audit findings and conclusions in such a manner that they are understood and acknowledged by the auditee's management; (§ 6.4.10 ¶ 7(e), ISO 19011:2018, Guidelines for auditing management systems, Third edition)
  • any related post-audit activities (e.g. implementation and review of corrective actions, addressing audit complaints, appeal process). (§ 6.4.10 ¶ 7(f), ISO 19011:2018, Guidelines for auditing management systems, Third edition)
  • advising that the audit evidence collected was based on a sample of the information available and is not necessarily fully representative of the overall effectiveness of the auditee's processes; (§ 6.4.10 ¶ 7(a), ISO 19011:2018, Guidelines for auditing management systems, Third edition)