What are Issues and Findings?
Issues and findings, whether they pertain to your audit, regulatory compliance, IT or any other department, refer to any problems (or signs of potential problems) that could negatively impact your business. Similar to risks, the exact nature of an issue is largely unknown before it takes place. Depending on the nature of your organization, your issues and findings will vary; they may range from service interruptions, to failures in IT security controls, processes that violate compliance requirements or an employee injury.
Managing and tracking issues and findings, at a bare minimum, occurs when an unexpected issue arises. However, taking a risk-based approach means proactively evaluating your planned process for dealing with those issues and findings so that you are always prepared to do so in a way that minimizes impact.
Issues and findings are often seen only as a negative part of your organization when in reality, uncovering issues and findings should be viewed as an opportunity to improve your organization. At its core, identifying issues and findings is a way to identify gaps or weaknesses in your program which in turn, helps you to improve your processes and prevent future surprises.