Establish, document, approve, communicate, apply, evaluate and maintain audit and assurance policies and procedures and standards. Review and update the policies and procedures at least annually.
Conduct independent audit and assurance assessments according to relevant standards at least annually.
Perform independent audit and assurance assessments according to risk-based plans and policies.
Verify compliance with all relevant standards, regulations, legal/contractual, and statutory requirements applicable to the audit.
Define and implement an Audit Management process to support audit planning, risk analysis, security control assessment, conclusion, remediation schedules, report generation, and review of past reports and supporting evidence.
Establish, document, approve, communicate, apply, evaluate and maintain a risk-based corrective action plan to remediate audit findings, review and report remediation status to relevant stakeholders.