Featured:
Allergies
Grilling Guide
eHow Now Blog

Guidelines to Internal Audit Reports

Guidelines to Internal Audit Reports thumbnail
Management review of audit reports ensures issues are accurate and action plans are realistic.

Audit reports issued by external auditors must follow standards established by various regulatory bodies, but internal audit departments have leeway in how they prepare and present their audit findings. Once testing is complete and all control issues are documented, writing the internal audit report should be a straightforward process. Each internal audit department will develop its own report format and writing style, but the types of information these reports contain are generally the same from business to business.

  1. Purpose

    • A written audit report prevents misunderstandings, ensures the communication reaches those responsible for the control environment, and facilitates the follow-up process. Well-written reports clearly describe controls not working as management intends and provide guidance on repairing the control environment in a reasonable time frame. Reports circulated to executive management ensure that weak controls receive adequate attention. Executives can help business managers by allocating additional staff, information technology resources and project funding to correct control weaknesses.

    Content

    • Audit reports should contain several key sections. The opening paragraphs establish the audit's purpose and areas or processes not included in the review. A rating provides a quick assessment of the audit's results. Most audit departments use a standardized rating system and include categories such as satisfactory, needs improvement and unsatisfactory. The findings section details control issues significant enough to warrant attention from management. Findings usually include recommendations on how to fix the controls and management's detailed corrective action plans.

    Completeness

    • Auditors maintain a log of control issues identified during the audit, and these are generally rated to indicate the severity of each issue. Review each issue to determine whether to include it in the audit report. Prepare a memo for management of the area audited detailing issues not significant enough to include in the report. Compare the log of control issues with the audit report and the memo to ensure all issues are communicated to management.

    Management Review

    • Ask management to review a draft of the audit report to ensure facts are correct and understood. This review also allows management to review its corrective action plans and dates for implementation to ensure both are realistic.

    Language

    • Write the audit report using clear, concise language and avoid using inflammatory terms or statements. Audit reports should not be written to blame management for control failings. Instead, they should convey only the results of tests and their impact on the control environment. Write in the active voice, limit or clearly define unique terms, and restrict sentences to 18 to 20 words to improve clarity.

Related Searches:

References

  • Photo Credit w conference image by Andrey Kiselev from Fotolia.com

Comments

You May Also Like

Related Ads

thumbnail
Featured