Follow-Up Testing
Follow-up testing validates that action plans have been effectively implemented. The auditor re-executes test procedures against the original finding criteria to confirm the control gap has been closed.
Creating a Follow-Up Test
- Open the finding from Findings module
- Navigate to the Follow-Up Tests tab
- Click + New Follow-Up Test
- The form pre-fills with context from the original finding
Follow-Up Test Fields
| Field | Description | Source |
|---|---|---|
| Finding Reference | The finding being re-tested | Auto-linked |
| Test Description | What procedures will be performed | Auditor |
| Result Summary | Outcome of the re-test | Auditor |
| Evidence | Supporting files proving the result | Uploaded |
| Conclusion | Pass / Fail / Partial | Auditor |
Testing Process
Step-by-Step
- Review the original finding — understand the CCCER components
- Review remediation evidence — examine what the action owner submitted
- Design follow-up test — determine what to re-test
- Execute the test — perform the verification procedure
- Document results — record what was found
- Upload evidence — attach screenshots, reports, or exports
- Set conclusion — Pass, Fail, or Partial
Evidence for Follow-Up Tests
Follow-up test evidence follows the same chain-of-custody rules as engagement evidence:
- Files are virus-scanned on upload
- SHA-256 hash computed and stored
- Uploader ID and timestamp recorded
- Files linked via
follow_up_test_idon the Evidence model - Evidence is immutable after upload
Automated Reminders
When a follow-up test is due:
- The auditor receives a notification
- The finding appears in the "Pending Follow-Up" filter
- Dashboard metrics include follow-up testing completion rates
Permissions
| Action | Permission |
|---|---|
| Create follow-up tests | finding:update (Auditor, Manager, CAE) |
| Execute and record results | finding:update (Auditor, Manager, CAE) |
| Upload follow-up evidence | evidence:upload (Auditor, Manager) |
| Close finding after verification | finding:close (Manager, CAE) |