Issue management can be a tedious task for audit departments. Get up to speed on common issue management pain points, and download our free 7 Tips for a Well-Rounded Issue Management Program!
What Is Issue Management?
The audit is over, the closing meeting is done, the audit report is issued, and we move into the issue management phase of the audit cycle. For some audits, management resolves the issues quickly, but for others, it takes management month or even years to resolve the issues. The issue management process is often an exercise in project management all on its own. Issue management involves keeping an issues log with action items, due dates, and responsible team members. We send reminder emails to the team members until they complete the issue resolution they decided to take during the closing meeting.
What Are the Five Steps in the Issue Management Process?
The issue management process consists of five steps for identifying and resolving gaps in the control environment. Following these steps will help you identify and resolve the issue quickly, effectively, and in a predictable manner
1. Identify Potential Issues
During an audit, you are going to identify the issues. The issues should be fully supported and confirmed with management during fieldwork.
2. Set Priorities
At this point, it is important to document the issue completely according to The IIA’s guidance by defining the criteria, condition, cause, and effect to emphasize the risk-based priority.
3. Establish a Position on the Issues
Create a recommendation from audit’s perspective to provide guidance on how management should respond.
4. Develop the Response
Work with management to develop the action items management will take to correct the issue along with due dates and responsible team members.
5. Monitor the Issue
Monitor management’s progress in correcting the issue within the agreed upon timeframe by treating each issue as a project management task in your issue tracking system.
How to Track and Report on Issue Management?
One of the more important metrics internal audit should manage is tracking and reporting on issue remediation. How quickly issues are remediated is a sign of how effectively an organization is managing risk because of the time it takes to close out identified issues:
- indicates that issues identified by internal audit and other risk and compliance groups are relevant to the organization
- is an indicator of how efficiently the business is operating
- demonstrates the business’s receptiveness to change and risk tolerance
In organizations with independent audit, risk, and compliance functions, a common challenge is siloed issue management practices. Organizations seeking to improve their issue remediation metrics can benefit by addressing inconsistent methodologies and unifying enterprise-wide issue management under one common framework. Read on to learn common issue management pain points, and download our 7 Tips for a Well-Rounded Issue Management Program below!
Issue Management Challenges
In organizations with siloed issue management efforts, different business functions may be performing duplicate activities around issue tracking using inconsistent methodologies. Multiple issue logs (in varying formats) tracking similar outcomes pose inefficiencies to all stakeholders involved, including issue owners who are asked to provide consistent information to different groups at various times. Siloed issue management practices limit the organization’s ability to have a holistic view of issues. According to Protiviti, this can result in the following outcomes:
- Lack of issues prioritization
- Lack of clear accountability
- Poor data quality and root cause analysis
- Incomplete organizational impact analysis
- Undefined issues closure processes
- Culture of closing issues with quick fixes rather than sustainable solutions
How can organizations work toward breaking down these silos and move toward what Protiviti refers to as an agile state of issue management?Standardizing your issue management program can help reduce inefficiencies for internal audit and other stakeholders, strengthen the organization’s ERM program, and improve collaboration and relationships between internal audit and other business groups.
Get seven tips to help you address these common issue management pain points by downloading our free guide below, and start building out a stronger issue management program today!