Risk Insights Logo

Going beyond the initial remedial action

August 26, 2019

Management action often focuses on the sample or weakness that audit identified.

We call this "remedial action" - but is it really a remedy at all?

We must ask: Does the action minimise the risk? And, importantly, if a customer knew about it, would they be satisfied with the fix?


Better remediation needs to include, in addition to fixing the specific sample/weakness, a focus on the present, the past and the future.


The Past

Has this happened before?

Has this happened with other similar processes?

Look beyond the sample to determine whether the issue exists elsewhere such as in past transactions or similar processes.


The Present

Why and how is this happening now?

Explore the circumstances and find and fix the root cause.

This could be one or more of:
- a technology defect;
- a gap in a process or procedure;
- a behavioural (i.e., people) issue.

The Future

How can we prevent this, or something like this, from happening again?

How can we catch it if it starts?

Implement controls to detect and prevent re-occurrence.

Here are two simple illustrative examples

Do your audits help minimise risk and meet customer expectations?

Share this article

Get more insights like this

Blog Post
The Assurance Blog
March 3, 2022

Data in Audit Guide

Read article
Blog Post
The Assurance Blog
December 16, 2021

The Data-Confident Internal Auditor: Software

Read article

Subscribe to our mailing list

Get notified by email about new blog posts and podcast episodes by the Risk Insights Team.