The Management Action Plan (MAP) is a written response that describes the actions to be carried out to address audit recommendations and mitigate risk. The written response should indicate any action already taken by management to correct the condition or the planned action to be taken in the future. The reply should estimate the date when corrective action will be completed, as well as the names of the Process Owner (PO) who will be accountable to complete action plans within the agreed-upon time period, as reflected in the Internal Audit Report responsible for implementing the recommendations.
Follow-Up Audit Issues in the Sharepoint Database
Once an audit has been completed, all outstanding issues are uploaded into the Sharepoint database for tracking and follow-up. The Sharepoint database sends out automated emails to clients as open issues approach target implementation dates. It also allows clients to reports update on progress related to outstanding issues including provide documentation to support implementation.
Process Owner and Principal Business Officer’s Responsibility
Principal Business Officer (PBO), who is tracking and monitoring progress towards completing the MAP, performs a self-assessment to ensure the MAP was in fact carried out once the PO completed the MAP, then reports to OHIA only those issues that they can assert are actually complete and provide OHIA with underlying supporting documentation (evidence/deliverables). Delays in completing the recommendations by the expected completion dates should be reported by the PO to the PBO, prior to becoming past due.
Office of Hopkins Internal Audits’ Responsibility
OHIA validates recommendations within 90 days of receiving notification by the PBO and receipt of evidence/deliverables to conclude on the effectiveness of management’s mitigation of risk. Any audit recommendations not effectively resolved is reported to the PO, PBO, and Business Unit Leadership, as well as Senior Management.