Audit Findings
Objective
Document identified gaps and weaknesses during audit simulation exercises.
Finding Structure
Each finding includes:
- Finding ID
- Related Risk ID
- Related Control ID
- Description of Issue
- Severity Level
- Recommended Action
Example
Finding ID: F-01 Related Risk: R-01 Related Control: AC-01 Issue: Control implemented but no alert configured Severity: Medium
Recommendation: Define alert threshold and validate behavior.
Classification Levels
- Low: Documentation inconsistency
- Medium: Partial control weakness
- High: Control ineffective or absent