The IT Security Audit Report Template should provide a complete, accurate, clear, and concise record of the audit. ITSD107-1 IT SECURITY AUDIT REPORT should be prepared, approved, and distributed by the audit team. It should include or refer to the following:
Audit objectives and scope;
Where and when the audit was conducted;
Who took part in the audit;
The audit criteria; and
Audit findings and conclusions.
The Information Technology Security Manager should meet with Information Technology Managers to review the IT Security Audit Report Template and plan to take corrective actions, if required. If it has been decided to take corrective action, the Information Technology Security Manager should submit a corrective action plan, including objectives, actions, and deadlines, to the audit team leader. If it has been decided not to take corrective action, the Information Technology Security Manager should inform the audit team leader of this decision, with explanation.