Audit programme maturity
Definition
The degree to which an organisation's audit activities are systematically planned, resourced, executed, measured, and improved. Maturity is usually described on a scale of three to five levels, from ad hoc at the low end to optimising or continuous improvement at the high end.
Related terms
- CMMC (Cybersecurity Maturity Model Certification)
- A United States Department of Defense framework that certifies defence contractors at one of five tiers of cybersecurity capability. Each tier requires...
- Enterprise risk management (ERM) integration
- The practice of aligning audit planning with the organisation's ERM risk register so that audit coverage tracks actual risk. When the risk...
- Lessons-learned review
- A structured post-cycle review that identifies what worked, what failed, and what should change in the next audit cycle. The output is...
- Mean time to close (MTTC)
- The average elapsed time between the date a finding is formally reported and the date remediation is verified as complete. MTTC is...
- Repeat finding rate
- The percentage of findings in the current audit cycle that were also identified in the prior cycle. A high repeat finding rate...
Explained in
- Continuous Improvement and Audit Programme MaturityThe degree to which an organisation's audit activities are systematically planned, resourced, executed, measured, and improved. Maturity is usually described o...