Audit management process security should include:
a. Secure role-based access and authorization and secure communication and storage.
b. Controls to protect audit data confidentiality, integrity, and availability.
c. Periodic reporting, including issues and remediation plans per organizational requirements.
Define and implement an Audit Management process to support audit planning, risk analysis, security control assessment, conclusion, remediation schedules, report generation, and review of past reports and supporting evidence.