G.8 Practice Review and Internal Audit Report Follow-up

  1. PRIA has implemented a process to ensure that management takes corrective or improvement actions on recommendations from Practice Review and Internal Audit (PRIA).

Key Principles

  1. Key principles for the process are:

    • Follow-up/monitoring work will be scheduled along with the other steps necessary to perform the practice reviews and internal audits.

    • The level of follow-up activity will depend on the results of the practice reviews and the internal audits, e.g., adequate, requires improvement, or requires immediate management attention.

Follow-Up/Monitoring Activities

  1. Follow-up activities are generally broken down into three areas:

Casual

This is the most basic form of follow‑up and may be satisfied by review of management’s procedures or an informal telephone conversation. Memo correspondence may also be used. This is usually applicable to the less critical findings.

Limited

Limited follow-up typically involves more management interaction. This may include actually verifying procedures or transactions and, in most cases, cannot be accomplished through memos or telephone conversations with management but requires onsite observation or testing.

Detailed

Detailed follow-up is usually more time-consuming and can include substantial management involvement. Verifying and testing procedures implemented as well as substantiating records are examples. The more critical audit findings usually require detailed follow-up.

Reporting

  1. In preparation for each Audit Committee meeting, if applicable, a summary follow-up report is prepared.

  2. This report is a high level summary highlighting the number of outstanding recommendations from current and prior periods and their status.

  3. The intent of this summary report is to track all recommendations so that they are appropriately resolved.

Process

  1. Following a summary report on practice reviews and/ or an internal audit report, which includes recommendation(s), management must complete PRIA’s template for the Action Plan. This document is to be saved in PROxI by the area under audit or Audit Services for a practice review summary report. The PROxI number is an automatic update at the bottom of the page and need not be revised. Once completed the service leader responsible for the area under audit is the owner of the document.

  2. The final PRIA report and the detailed action plan is to be presented at the Audit Committee meeting for approval. Management will be present.

  3. Each updated iteration of the action plan by management should be saved as a new version of the document, and forwarded to the Chief Audit Executive (CAE) for her consideration. PRIA needs read-only access to the document.

  4. PRIA will monitor the action plans on an ongoing basis based on target dates for completion of management actions.

  5. PRIA will prepare the summary follow-up report for each Audit Committee meeting.

  6. Management will be asked to be present at the Audit Committee meeting only for exception reporting, e.g. failure to implement a recommendation.

Example of a Summary Report

Audit Committee Summary Report on Monitoring

Practice Reviews and Internal Audit (PRIA) Recommendations

Title of the Internal Audit / Practice Review Report

Date of the Report

Person Responsible for the Area Under Audit

PROxI #

Action Plan

# of Recommendations

Status of Recommendations

#

Completed

#

on schedule

#

Facing Challenges

# Requiring Immediate Attention

Comments

Last modified:
2018-05-03