AUDIT REPORT WRITINGIIA Standard 2400: Internal Auditors must

communicate the results of engagements

MORE IIA STANDARDS

▪ 2410: Communications must include the engagement’s

objectives and scope as well as applicable conclusions,

recommendations and action plans

▪ 2420: Communications must be accurate, objective, clear,

concise, constructive, and timely

WHY WRITE AUDIT REPORTS?

▪ Communicate results

▪ Provide assurance

▪ Identify risks

▪ Provide action plans

BEFORE YOU BEGIN-KNOW YOUR

AUDIENCE

▪ Know your organization- formal vs. informal

▪ Identify who the message is for

▪ Evaluate the level of understanding

▪ Determine what is important

▪ Put yourself in the reader’s place…

▪ What will capture their interest?

▪ What do they need to know?

WHERE TO START

Reimagine:

▪ Refresh? New logo, new font?

▪ Or start over? New Format?

Rework:

▪ Develop your own brand within the brand

Review:

▪ Get other opinions

▪ Did you accomplish your vision?

WSECU’S AUDIT REPORT PROCESS

▪ Engagement Summary

▪ Audit Report Development

▪ Audit Report Review

▪ Audit Draft Report

▪ Audit Final Report

▪ Follow-up

ENGAGEMENT SUMMARY

Pre-Report Stage: Engagement Summary

▪ Audit Driver

▪ Business Priority

▪ Objectives

▪ Scope

▪ Stakeholders

▪ Key Dates

▪ Auditor

AUDIT REPORT DEVELOPMENT

Report Stage:

▪ Executive Overview (summary)

▪ Audit Results/Additional Information (additional background,

observations, testing)

▪ Attachments (appendices)

▪ Appendix A: Conclusions

▪ Appendix B, etc.: Important supporting information

EXECUTIVE SUMMARY

▪ Objectives

▪ Purpose of the audit

▪ Consider business line objectives-how can you help them achieve their goals?

▪ Scope

▪ Residual Risk

▪ Results

▪ Opinion

▪ Rating

▪ Don’t forget the positives!

HOW TO WRITE THE REPORT EXECUTIVE

SUMMARY

This part of a report is usually no more than one page in length, and

includes:

▪ The purpose of the report (objective, scope)

▪ The background of the report (high level)

▪ Sources of information

▪ Main findings (residual risk, results)

▪ Conclusions (opinion, critical issues)

Note: Whose voice? Third person creates the independent voice

AUDIT DETAILS/ADDITIONAL

INFORMATION

▪ What was discovered

▪ Background (more detailed)

▪ Guiding principles

▪ Observations

▪ Discussions

▪ Results of the assessment

▪ Graphs, heat maps

HOW TO WRITE THE REPORT BODY

The body of the formal report includes the facts and materialsessential for understanding the process being audited

▪ Maintain focus

▪ Avoid too much information

▪ Pick your battles (critical, moderate)

▪ Materials and methods:

▪ Describe the materials used (reports, observations, policies, procedures)

▪ Report on how you completed your task (testing, interviewing)

▪ Results:

▪ Summarizes your efforts

▪ Give information about what you discovered

CONCLUSIONS

• Priority (Rating): Critical, Moderate, Minor

• Finding

• Recommendation

• Response (from Management)

• Action plan and target date

CONCLUSION SAMPLE

HOW TO WRITE THE REPORT

RECOMMENDATIONS

▪ Explain the finding

▪ Give suggestions as to how the problem can be solved

▪ List them clearly and in order of criticality

▪ Rely on the materials used and explained in your report

OTHER THINGS TO CONSIDER

The Good:

▪ Common Sense…know your objective

▪ Tell the story…does it flow?

▪ Readable content…easily understood

▪ Graphs, charts, heat maps

▪ Identify the positive

▪ Thank those that assisted in the audit

OTHER THINGS TO CONSIDER

The Bad:

▪ Wordy sentences

▪ Trigger words…do they evoke unwanted emotion?

▪ Poor grammar

▪ Too many details…do they contribute to the story?

▪ Acronyms…spell them out

▪ Unnecessarily inflated words

TRIGGER WORDS

▪ Failure/Failed

▪ Negligent

▪ Worthless

▪ Always/Never

▪ Must

▪ Strongly recommend

▪ Restricted

▪ Ineffective

▪ Horrible

▪ Opinion

▪ Underestimated

▪ Adequate/Inadequate

▪ Confusing

▪ Disorganized

▪ Unreliable

▪ Severe

▪ Impertinent

▪ Minimized/Maximized

▪ Unstable

▪ Weak

INFLATED WORDS

Inflated: cognizant of

Simple: aware of, knows

Inflated: facilitate

Simple: help

Inflated: impact on

Simple: affect

Inflated: implement

Simple: start, create, carry out, begin

Inflated: subsequent to

Simple: after

Inflated: utilize

Simple: use

ACTIVE VS. PASSIVE VOICE

Passive Voice: Good reasons to use:

▪ To emphasize the action rather than the actor

▪ To keep the subject and focus consistent throughout

▪ To be tactful by not naming the actor

▪ To describe a condition in which the actor is unknown or unimportant

▪ To create an authoritative tone

Active Voice:

Generally, try to use the active voice whenever possible. The subject of sentence performs the action.

Active: The dog bit the man.

Passive: The man was bitten by the dog.

OTHER THINGS TO CONSIDER

The Ugly:

▪ Errors

▪ No purpose

▪ Lost message

▪ Unprofessional

STILL IN DRAFT STAGE

Always have a second person review the report

▪ Provides a different perspective

▪ Validates the story is clear

▪ Identifies mistakes

▪ Confirms tone is consistent

DRAFT TO FINAL

Send the draft report to business line management/others involved

▪ Identifies misunderstandings or errors

▪ Keeps communication open

Have Management prepare a response

▪ Action plan

▪ Target Date

GOOD TO GO AS A FINAL

One Last Check:

▪ Review again

▪ Verify who the report will be provided to

▪ Determine if additional clarification needs to be provided when

sending the report (ex: prefaced with an email message)

▪ Send!

▪ Track!!

DISCUSSION