Going beyond the initial remedial action

Aug 26, 2019

Management action flowing from an internal audit finding often focuses on the specific sample or weakness that was identified. We call this "remedial action" - but is it really a remedy at all?

We must ask: Does the action minimise the risk? And, importantly, if a customer knew about it, would they be satisfied with the fix?


Better remediation needs to include, in addition to fixing the specific sample/weakness, a discussion about:

  1. The Past
    Has this happened before?  Has this happened with other similar processes?
    Look beyond the sample to determine whether the issue exists elsewhere such as in past transactions or similar processes.

  2. The Present
    Why and how is this happening now?
    Explore the circumstances and find and fix the root cause. This could be one or more of:
    - a technology defect;
    - a gap in a process or procedure;
    - a behavioural (i.e., people) issue.

  3. The Future
    How can we prevent this, or something like this, from happening again? How can we catch it if it starts?
    Implement controls to detect and prevent re-occurrence.

Let's look at two simple examples



Do your audits help minimise risk and meet customer expectations?


Subscribe to the blog mailing list