Cobit regulation compliance, guidance, and guidelines
Cobit compliance audit is a comprehensive review of an organization's adherence to regulatory guidelines.Audit reports evaluate the strength and thoroughness of compliance preparations, security policies, user access controls, and risk management procedures over the course of a compliance audit.
In most cases, an audit consists of several steps or phases that are designed to ensure the most accurate, objective and reliable results. The process for the Cobit audit will depend on what set of standards govern the auditor’s work.
The cobit audit involves these preliminary stages:
Planning Process
Notification is sent to the organization, the auditor then plans the audit before meeting with the organizational leadership in order to craft the appropriate strategy for the field audit that follows.Auditor identifies the key areas of inquiry, compliance concerns and specific data it wishes to examine in order to analyze those areas. This process makes companies gather needed documentation.
Initial Meeting
It's a meeting that scheduled between corporate senior management and the auditor. Administrative staff may also be invited. The meeting purpose is to give the auditors an opportunity to explain the process to the staff and directors and give the organization the chance to express any practical, strategic or scheduled concerns they may have.Field audit
Field audit is the first active auditing stage. A detailed schedule is created so that the auditor’s presence will not be disruptive to business. Interviews with key employees and management staff may take place to investigate business procedures and practices. The auditor may perform a sample document checks, to make sure the company’s document creation and retention practices are done from time to time. The field audit depending on the size and scope may be conducted by a few auditors.The auditing team keeps a regular connection with the corporate auditor for clarifying procedures and ensure proper access to needed documents.
Audit Draft
When completing the field audit document review, the auditing team prepares a draft audit report. The document details the purpose of the audit, the procedures the auditors used, the documents reviewed and the audit’s findings. It will also likely include a preliminary list of unresolved issues. The draft report is circulated among the team for review and suggested revisions.
Management Response
After the audit report draft was given to corporate management for its review and response. The auditor usually asks management to respond to each of the audit’s findings and conclusions by stating whether it agrees or disagrees with the problems cited, the plan to correct any observed problems or deficiencies and the expected date by which all issues will have been addressed.
Compliance meeting
Following the management response, a formal compliance meeting may be scheduled to close any existing loose ends, the auditor discusses the management response and address the scope of the audit.
Final audit report document distribution
following the compliance meeting, the auditor will finalize the audit report. The final audit report is distributed to all necessary interest holders.
