This sample audit report can be used by auditors for assessing and improving an organization’s business process risk.

Testing involved activities such as identifying and grouping key controls efficiently, identifying synergies where key controls may address multiple accounts, documenting and reviewing details/actions of incidents, utilizing system access request forms, establishing the governance committee and charter, restricting production access and providing temporary access, and implementing operating system changes in a test environment.

The following recommendations were made as a result of testing:

• Document specific IT processes and standards that will be followed.
• Ensure that the standards are reviewed/updated annually.
• Consider implementing workstation hard-drive encryption.
• Develop and finalize a compensation committee charter.