What are post-audit activities?
Post-audit activities are required for those SORs that have not demonstrated effective compliance to the audit protocol. In this situation, the SORs are required to complete corrective actions to be eligible for compliance to the CFSP protocol.
The post-audit activities may require a desk-top or in-person review to confirm that corrective actions have been implemented. Additional auditor charges may be incurred during post-audit activities.
If the auditor determines the gaps are satisfactorily addressed, the ARC will again vote to confirm the auditor’s recommendation and if applicable, the APM will issue the compliance letter.
All post-audit activities must be completed within 90 calendar days from the date of issuance of the non-compliance letter.