Constructing an audit report
In this article we discuss how to construct an audit report.
Most organisations already have templates in place to assist the auditor to write their report, with clear headings to guide the author and the reader. A simple example is shown below.
Other considerations when writing, reviewing and releasing an audit report are:
- Who reviews the audit report
- Who signs off the audit report
- Who releases/circulates audit report
- Who has access to audit report
- Where are audit records kept (electronically and / or hardcopy)
- Security of information
Now you are ready to start writing your draft audit report, but there are still a number of things to assess:
- Do you have enough evidence to confirm your findings – i.e. is your sample size appropriate: have you seen enough of the organisation to be able to advise management on the current state of their systems by reviewing documents, records, data, locations, and people as necessary?
- Are your audit notes sufficient enough to be able to write a constructive report?
- Do you need a page of audit definitions in the audit report so the reader understands your category of findings?
- When you have completed this mental checklist you may find a couple of gaps - if this is the case, take the opportunity to communicate to the auditee again and review / gather further evidence until you feel confident to make a call on your organisations systems.
Remember, when writing an audit report, keep it simple and write in a language and level the end user will understand. The point of your report is to tell the reader what processes you checked, against which criteria, and what you found positive, the gaps and the areas for improvement.
Christine Brown is founder and managing director of Potential Unlocked, a market leader in the design of management systems that meet compliance and business requirements. She holds a Bachelor of Arts (double major in Political Science and Public Sector Management); RABQSA Lead Auditor, DiSC 5 Behaviours of a Cohesive Team accreditation; Everything DiSC accreditation, TAE 40110 Cert IV Training & Assessment & TAELLN 411.
Due to her extensive knowledge and experience, Christine is trusted by her clients for her patience, understanding and her ability to interpret compliance requirements in a straightforward, uncomplicated way. She regularly facilitates in-house and public workshops, sharing her knowledge of designing simple processes and systems, communicating effectively as an auditor, building and leading teams, and risk management.
Christine’s clients range from small business and start-ups to large organisations and government departments. Covering a broad range of industries, her clients include Boral, BAE Aerospace, Geobrugg, Tenix, West Australian Police, and the Victorian Ambulance Service.
Christine’s new initiative, The Business Performance Program, assists businesses with all major areas of business that are essential for success
For any further information on contracting in an internal auditor to conduct your audits or auditor training please refer to more Audit Tips.