Internal audit report content
A well-written internal audit report is an effective tool for management, the audit committee and the process owners affected by the report to bring about positive change and to improve controls, accuracy of information and the underlying process reviewed. The report should consider the following questions:
Objective and background: Why was the area selected for audit? Was it due to inherent or perceived high risk, known problems, history of past issues, a management change, materiality of the area or other factors? What are the key aspects, risks and objectives of the area reviewed? Was it part of the original plan arising from the risk- assessment process? Scope:– What was the scope of the work and when was it performed? What time period and business units did it cover, and which facets of operations were included? What key risks did the work try to address? Findings : What were the overall findings? How severe were they? Are there only minor issues to be addressed, or are there significant deficiencies in internal controls or the process being reviewed? Recommendations: What actions must management take to adequately address the audit findings?Management action plans – Is there a clear plan to correct the deficiencies noted? Who will take responsibility for the corrective action? When will the issues be corrected? Follow-up and tracking : How is internal audit monitoring management’s progress in addressing noted deficiencies? Quarterly and annual internal audit reporting to the audit committee should include tracking and confirmed resolution of management action plans resulting from audit findings. One measure of an internal audit function’s effectiveness is the ability to foster positive and agreed-upon changes in the organization that produce an improvement and enhanced awareness of the management internal control structure.
Any audit report for a business unit or covering whole business should exhibit professinal sceptism and independence of the auditors who carried out the audit.
|