Findings & Remediation

The Findings module manages the complete lifecycle of audit observations — from initial documentation through management response, remediation, follow-up testing, and closure.

What Is a Finding?

A finding represents a gap between what should happen (criteria) and what is happening (condition). AIIA uses the CCCER framework for structured finding documentation:

Component	Description	Example
Condition	What is happening	"15% of payments lack proper approval"
Criteria	What should happen	"Policy requires dual approval for all payments > SAR 50,000"
Cause	Why the gap exists	"System approval routing was misconfigured after ERP upgrade"
Effect	Risk/impact of the gap	"SAR 2.3M in payments processed without proper oversight"
Recommendation	How to fix it	"Reconfigure approval routing and perform retrospective review"

Key Capabilities

Capability	Description
CCCER Framework	Structured finding documentation
Severity Rating	Critical, High, Medium, Low classification
Management Response	Integrated response workflow
Action Plans	Remediation tracking with owners and due dates
Escalation	Automated escalation for overdue items
Follow-Up Testing	Validate that remediation is effective
Recurring Detection	AI identifies patterns across engagements
Version History	Full version control for finding revisions

Finding Lifecycle

Severity Classification

Severity	Description	Timeline
🔴 Critical	Significant risk to the organization; requires immediate action	30 days
🟠 High	Material weakness requiring prompt attention	60 days
🟡 Medium	Control gap that should be addressed	90 days
🟢 Low	Minor improvement opportunity	180 days

AI-Assisted Finding Documentation

Feature	Description
Draft Finding	AI drafts CCCER components based on test results
Severity Suggestion	AI recommends severity based on impact analysis
Recurring Detection	AI identifies similar findings from past engagements
Recommendation Generation	AI suggests remediation approaches
Language Review	AI checks for clarity, objectivity, and blame-free language

Getting Started

1. Document Findings → — Create your first finding
2. Action Plans → — Set up remediation tracking
3. Track Remediation → — Monitor progress
4. Escalation Rules → — Configure automatic escalation
5. Follow-Up Testing → — Validate remediation
6. Field Reference → — Complete field documentation

Related Documentation

• Fieldwork — where findings originate
• Reporting — findings are included in reports
• Dashboards — finding analytics and trends
• Compliance — compliance-related findings