[Risk Type/Internal Audit Subject Area]
Recommendation X – Developing policies and procedures
It is recommended that the department
develops and documents policies and
procedures for all significant business
processes.
Original Management Response and Agreed Action Plan:
We agree with the recommendation, and the following action will be undertaken:

Each Team Leader will document policies and procedures for their respective
business processes. The Department Manager will consolidate these
documents into one User Manual that will be available to all staff members via
the Intranet. Review and revisions will be approved by the General Manager,
and staff will be advised of all revisions.
Status:
[Complete / Partially Complete / Not yet commenced]
Proposed further
action:
[If ‘Partially Complete’ or ‘Not yet commenced’ then include
specific actions to be undertaken to address the
recommendation in full]
(if applicable)
Original action
due date:
[Day Month Year]
[If Partially Complete / Not yet commenced then include the
revised action due date proposed by management to
complete the action (or alternative action if this satisfies in full
the intended outcomes of the recommendation)]
Revised action
due date:
(if applicable)
Note: An explanation from management is required if an
extended due date is included and it should be clearly stated
that management has accepted the risk due to the extended
timeframe for completing the action/s.
Refer below for an example management explanation:
The action due date has been extended from 30 September
201X to a revised due date of 31 December 201X. The
extension of time is due to [reason for extension] and
management has accepted the risk associated with not
completing the action by the original due date.
Action Owner:
John Smith
Department Manager