When you review the observations made during the audit, confirm whether they are:
Ask the question, “What’s the possible risk to the business if nothing is done?”
Each finding or recommendation needs to have its cause identified, which is done by asking:
Note: Latent conditions within a system are genuine causes of system defects. They need to be investigated in order for the auditor to set realistic and effective corrective of preventive actions.
Once the cause of a finding or recommendation is established, you should assign an action that addressed this. These corrective actions should:
Conducting a closing meeting allows you to brief the auditee on the results of the audit, allow opportunity for correcting any factual mistakes, advise of any identified corrective actions and highlight any areas identified for improvement.
At the closing meeting:
You can allow the auditee the chance to review your findings and recommendations before you issue the final report, but this is only for the purpose of correcting any factual issues (rather than debating the significance of an issue for instance). Doing this promotes a fair audit, ensures that important findings aren’t dismissed due to a trivial factual error and provides confidence to the customer that they have a complete picture.