Constructing an audit report

In this article we discuss how to construct an audit report.

Most organisations already have templates in place to assist the auditor to write their report with clear headings to guide the author and the reader.  A simple example is shown below.

Date of Audit:

Audit #:

Auditee/s (department / business unit)

Auditee/s

Auditor/s

Audit Objective:

Audit Scope:

Audit Criteria e.g. ISO standards, Codes of Practice, regulatory requirements etc.

Systems document e.g. internal policies, procedures, work instructions, standard operating procedures etc.

Summary of findings

Strengths/Compliance

Non-Conformance

Opportunities for Improvement/Observations

Conclusion

Sign-off by auditor and process owner

Other considerations when writing, reviewing and releasing an audit report are:

  • Who reviews the audit report
  • Who signs off the audit report
  • Who releases/circulates audit report
  • Who has access to audit report
  • Where are audit records kept (electronically and / or hardcopy)
  • Security of information.

Now you are ready to start writing your draft audit report, but there are still a number of things to assess:

  • Do you have enough evidence to confirm your findings, that is, is your sample size appropriate e.g. have you seen enough of the organisation to be able to advise management on the current state of their systems by reviewing documents, records, data, locations, and people as necessary?
  • Are your audit notes sufficient enough to be able to write a constructive report?
  • Do you need a page of audit definitions in the audit report so the reader understands your category of findings?

When you have completed this mental checklist you may find a couple of gaps, if this is the case, take the opportunity to:

  • Communicate to the auditee again
  • Review / gather further evidence until you feel confident to make a call on your organisations systems.

Remember when writing an audit report keep it simple and write in a language and level the end user will understand. The point of your report is to tell the reader what processes you checked, and against which criteria and what you found positive, the gaps and the areas for improvement.

Read more Audit Tips