A&A: Audit & Assurance

Controls

A&A-04: Requirements Compliance

Verify compliance with all relevant standards, regulations, legal/contractual, and statutory requirements applicable to the audit.

A&A-05: Audit Management Process

Define and implement an Audit Management process to support audit planning, risk analysis, security control assessment, conclusion, remediation schedules, report generation, and review of past reports and supporting evidence.

A&A-06: Remediation

Establish, document, approve, communicate, apply, evaluate and maintain a risk-based corrective action plan to remediate audit findings, review and report remediation status to relevant stakeholders.