Follow-up reviews. – The achilles' heel of the audit process

Most audit organizations dedicate a significant amount of time planning, scheduling and executing their projects. Traditionally, very little time is left for the reporting phase. Now, when it comes to the follow-up phase of the audit, we tend to hear a variety of challenges as to why the tail-end of the process cannot be properly conducted; There is no budgeted time left for this audit | Have to prepare for the next review | We will come back to this later, etc.

The fact of the matter is that in many cases, the follow-up phase is typically compromised or re-prioritize and eventually done as a check-the-box task. This is concerning because a poor follow-up could lead to reputational and operational risks not being mitigated. 

Reputational risks. Once management learns that the audit team is not coming back for a follow-up review/conversation/ retesting, the issue owners will most likely lower their guards and reduce efforts to complete remediation plans if do them at all. The audit team’s reputation might be put at risk if management realizes that all the work put into issuing the audit report with findings and recommendations, will have little impact since the audit team will not return for a proper follow-up visit.