In this phase, a summary of audit findings and recommendations is prepared and presented to management for discussion. Once the findings/recommendations are finalised, the final report is issued.
It is very important you are comfortable with any recommended actions assigned to you, and the agreed timeframes for implementation, as these will be followed-up on this basis after the audit.
If you are unsure whether funding will be available for the action(s) for which you are accountable you should propose an alternative action which you would take should the funding for the preferred action not become available and agree this with the audit sponsor, as well as working on a plan to reduce risk in the meantime. For ‘high’ or ‘critical’ rated actions these plans will need to be agreed with Audit and Scrutiny Committee.
If you are not the person who will be delivering the action you should check with the audit team whether you are the correct action owner. If, for reasons of seniority, you are still the most appropriate action owner you should check with those who will be supporting you to deliver the action that it is appropriate and achievable within the agreed timeframe. If the action will require input across multiple units (e.g. different departments / divisions) you will need to obtain sign off from the relevant Heads of Division / Department before committing to the action.