Edit Online Assessment Findings

Does anyone know how to apply the appropriate permissions so that an Online Assessment Auditor can edit Online Assessment findings that they’ve created as part of a security review?

Are the permissions for this module setup so that the Auditor cannot edit findings after they have been submitted? If not, who can?

If the Auditor is a member of the Auditee field, would this prevent the Auditor from being able to edit finding?