As a state government GRC team, we support 20 separate agencies which is similar to working with 20 individual businesses, each with their own structure, approach to external auditor findings, or to the related research. Then they respond back to our central organization that compiles the status and remediation plan into the auditors required response formats. We currently have a state audit in play with audit recommendations separated into IT domains acting as parent issues and the findings as child issues. Some of the child issues require input from multiple areas of the organization. We use Remediation Tasks for the subcomponents that are sent to an SME allowing the Issue owner to maintain full control of the issue. Are there other government enterprises with a similar structure that have established a different approach or GRC best practice for managing state or federal audits and working across a highly cross-functional organization, sometimes navigating a fragmented organization?
