I liked your audit plan, I think it very much covered the basics while being concise. The flow of your audit plan was pretty much consistent and easy to understand. I think what stood out in you plan for me was how you guys went further to create a grading rubric to rate/grade the audit findings/results. I thought it was a good means to communicate the state of the remote access policy to board members of the company.
I like the format of “controls to examine” which use question to help auditors find out the problems. According to these question, auditors may find out their own answer and find out other solutions for the same question. Then, “Evidence to collect” is good, which auditors can follow them step by step to find out the problems. These solutions are specially focus on their own areas which is highly operational.
I like your audit plan a lot! The audit process helps me to understand the purpose of this audit. As the audit scope and controls covered part, I like how you guys list out the areas that you are going to review, you even included anti-virus program there. It is very detailed and useful for a remote access policy audit. Every controls that you listed there are necessary to audit and review.
I liked your audit plan, I think it very much covered the basics while being concise. The flow of your audit plan was pretty much consistent and easy to understand. I think what stood out in you plan for me was how you guys went further to create a grading rubric to rate/grade the audit findings/results. I thought it was a good means to communicate the state of the remote access policy to board members of the company.
Overall, you audit plan is good. Nice work guys!
I like the format of “controls to examine” which use question to help auditors find out the problems. According to these question, auditors may find out their own answer and find out other solutions for the same question. Then, “Evidence to collect” is good, which auditors can follow them step by step to find out the problems. These solutions are specially focus on their own areas which is highly operational.
I like your audit plan a lot! The audit process helps me to understand the purpose of this audit. As the audit scope and controls covered part, I like how you guys list out the areas that you are going to review, you even included anti-virus program there. It is very detailed and useful for a remote access policy audit. Every controls that you listed there are necessary to audit and review.