Ensure the security of your HCL environment by applying the Zero Trust princi...
Internal Audit Report Writing Best Practice
1. Internal Audit Best Practice –
Audit Report Writing
APRIL 2016 – DEAN JONES CONSULTING
2. Presenter Experience
A results driven, detailed orientated, customer-focused risk and
control management professional with extensive experience in
planning, supervising and completing internal audits. Experience in
insurance, banking, investment management, retail and with local
authorities in the United Kingdom, Switzerland, Canada and the
United States.
An understanding of, and experience with, accounting practice and
principles, GAAP, GAAS, SOX and IT knowledge and practice. In
addition to exceptional written and verbal communication skills, the
presenter has demonstrated effective leadership and development
of Internal Audit personnel.
Having recently launched a new business, Dean Jones Consulting,
provides training solutions to businesses and individuals.
3. Agenda
This presentation will focus on the art of writing a best
practice Internal Audit report. We will cover the
following:
Purpose of the report
Recap of the fieldwork
Closing meeting(s)
Format of the report
Spelling and Grammar
Review and delivery
Readership of the final report
4. Purpose of the Report
The purpose of the Internal Audit report is to
communicate to those on the approved distribution
list, the:
Scope of the audit
Summary of the area reviewed
Timing of the audit
Conclusions and results of the Audit
Actions recommended/agreed
Action owners
5. Recap of the Fieldwork
The successful completion of the fieldwork is key to
the production of a quality report. Actions taken at the
end of the fieldwork include:
Draft summary of each finding
Communicate the test results
Hold closing meeting(s)
Document result of the closing meeting(s)
6. Closing Meeting(s)
For a successful closing meeting the following should
be included:
Clearly defined agenda
Direct and to the point
Respectful of business management time
Document the outcome of the meeting
Send minutes to attendees
7. Format of the Report
While there are differences in the specific layout of
reports used by different Audit functions across the
profession, based on the presenter’s past experience
the recommended layout is as follows:
Executive Summary
Findings/actions
Appendix
8. Executive Summary
The Executive Summary includes:
To/From/Title
Background and scope
Conclusion
Distribution list (regular and specific to the audit)
9. Findings/Actions
The following are included in the findings section of
the Audit report:
Recommendations/Actions
Reference number
Impact Levels
Findings
Recommendation/Actions
Due Dates
Responsible Persons
10. Appendix
It is suggested that an appendix of the report could
include two specific documents:
The first would explain how the overall conclusion ratings
are reached.
The second would explain how the individual ratings
applied to each action are reached.
Both of these would be used to ensure consistency
with all the Audit reports issued.
11. Spelling and Grammar
Important issues to consider when writing the report
include:
Ensure that all spelling/grammar is correct
Consider overseas readers
Have another auditor proofread the report
Don’t over complicate the language
Don’t use jargon
Learn from experience
Language should be concise
12. Grammar
The following are areas where mistakes could be
made:
Wrong tense/inconsistency
Incorrect punctuation
Misuse of capitalization
Incorrect sentence structure
Incorrect application of spelling out numbers
Colloquial language
Acronyms not spelled out
Unnecessary technical language
13. Review of the Draft Report
There are two review stages. The first by Audit Management and the
second by the relevant business management.
The first review should be completed within the pre-determined
timescales to ensure that the draft report is issued in a timely manner.
The second reviews also have accompanying timescales communicated
to the individuals in the business reviewing the report.
The timescales for review are in place to ensure that the draft report
remains valid and/or high impact actions are addressed and commitment
to address them is captured in the final Audit report.
These timescales are initially communicated when sending the audit
announcement.
For performance purposes copies of the reviewed report with comments
should be retained from both reviews.
14. Delivery of the Draft Report
Upon completion of the review of the draft report by
Audit management, it must be:
Delivered on time to the applicable individuals to remain
relevant.
Sent in the required format which could be either MS Word
or PDF.
Delivered to a subset of those on the distribution list, i.e.
most appropriate to respond to the recommended actions.
Sent to those on the distribution list by regular or specific to
the audit completed.
Stored in a secure area which can only be accessed by
Internal Audit staff.
15. Delivery of the Final Report
Comments on delivery to consider:
Consider how the report is to be delivered. With email
you can prevent direct redistribution, although anyone
receiving the report could send it using a separate email.
Whereas using the internal post is less secure with no
confirmation of delivery as with email.
The format of the report when sending by email can be
set to MS Word or PDF. By sending as PDF, this can
prevent any changes to the report.
16. Readership of the Final Report
The following are those expected to read/receive the
final report:
Audit Committee(s)/Audit Management
C-Suite
Operational/Financial/IT Management
Regulatory Compliance function
Corporate Law function
Enterprise Risk Management
External Auditors
17. Agreed Actions
The agreed actions (those agreed
recommendations/actions) should be stored in a
secure area on the Audit drive.
High and medium impact actions should be followed
up on a monthly basis until they are closed.
There may be instances in which testing is completed
to verify that the high and medium impact actions
have been completed by their implementation date.
18. Review Process/Feedback
Feedback should be sought from the management of
the area(s) audited. This feedback should be
acknowledged and captured to allow improvements to
be made, where possible to the reporting process.
Examples include:
Accuracy and readability of the report
Timeliness of the draft and final reports
Usefulness of the final report
Ability to implement the agreed actions
19. Thanks and Feedback
Thank you for your interest. To ensure that the presentation is
as beneficial as possible could you let me have any comments
you have on the following:
Topic was relevant
Organized and easy to follow
Experience helpful
Objectives met
Trainer knowledgeable in topic
Please complete the short survey using the following link.
https://www.surveymonkey.com/r/2H2XDGR
Your input is appreciated.
20. Contact Details
The following are the presenter’s contact details:
Dean Jones Consulting, 2406 Colony Park Drive,
Birmingham, AL 35243
Email: deanjones1368@aol.com
Website: www.deanjonesconsulting.com
Telephone: 224 725 9953