培训课程
格式的内部审计和审查报告
1. key elements of reports
Audit reports need to be appropriately structured with a logical flow of information. The format of reports can vary significantly according to the organization and the approach of the department. Some internal audit or review teams have moved to a consultancy style approach, with presentations or landscape reports which are easy to read, punchy, with bullet points setting out key issues. For other departments, a more traditional style of reporting is appropriate. Sometimes the organization may have an approved way of working in terms of format, presentation and protocol(‘house style’) that should be followed. One approach is suggested below.
Cover of report
Subject
Distribution list
Date of issue
Any rating/evaluation.
Executive Summary – this could include
Overall summary of outcome from the review
Introduction
Overview of scope
Key risks
Opinion.
Key findings and recommendations
The major exposures identified during the review and their significance.
Detailed findings and agreed action
Findings
Risk exposure
Agreed action
Responsibility
Deadline/timescale.
2. Cover of the report
The cover of the report gives a first impression and should be clear and attractive. This will include the information illustrated, including the name of the review and the business area examined, a date, reference and name of the person to whom the report is addressed.
3. Executive summary
The executive summary is a very important part of the report. It is the key part that the Audit Committee and Senior Executives will read because they will frequently have limited time and will want to identify any concerns as quickly as possible.
This part of the report should be succinct and concise. Some audit departments specify that the executive summary is required to be no more than 1 to 2 pages long.
The purpose of the executive summary is to provide a high level summary of the effectiveness of the control environment and a concise summary of the audit findings.
The summary should give a balanced view and include any positive comment, especially about key controls.
Sometimes, the executive summary will include other information such as an introduction to the area and scope. Alternatively, this could appear as a separate section.
4. Findings and recommendations
Findings should be categorized as appropriate to the department. In particular, it is important to emphasise significant weaknesses, which can normally be done by assigning some form of rating. This could be done in a number of ways, including indicators to flag up high-risk findings or categories such as A, B and C to show the scale of any risks.
Findings should show the risk exposure arising, quantified where possible.
Audit reports need to be appropriately structured with a logical flow of information. The format of reports can vary significantly according to the organization and the approach of the department. Some internal audit or review teams have moved to a consultancy style approach, with presentations or landscape reports which are easy to read, punchy, with bullet points setting out key issues. For other departments, a more traditional style of reporting is appropriate. Sometimes the organization may have an approved way of working in terms of format, presentation and protocol(‘house style’) that should be followed. One approach is suggested below.
Cover of report
Subject
Distribution list
Date of issue
Any rating/evaluation.
Executive Summary – this could include
Overall summary of outcome from the review
Introduction
Overview of scope
Key risks
Opinion.
Key findings and recommendations
The major exposures identified during the review and their significance.
Detailed findings and agreed action
Findings
Risk exposure
Agreed action
Responsibility
Deadline/timescale.
2. Cover of the report
The cover of the report gives a first impression and should be clear and attractive. This will include the information illustrated, including the name of the review and the business area examined, a date, reference and name of the person to whom the report is addressed.
3. Executive summary
The executive summary is a very important part of the report. It is the key part that the Audit Committee and Senior Executives will read because they will frequently have limited time and will want to identify any concerns as quickly as possible.
This part of the report should be succinct and concise. Some audit departments specify that the executive summary is required to be no more than 1 to 2 pages long.
The purpose of the executive summary is to provide a high level summary of the effectiveness of the control environment and a concise summary of the audit findings.
The summary should give a balanced view and include any positive comment, especially about key controls.
Sometimes, the executive summary will include other information such as an introduction to the area and scope. Alternatively, this could appear as a separate section.
4. Findings and recommendations
Findings should be categorized as appropriate to the department. In particular, it is important to emphasise significant weaknesses, which can normally be done by assigning some form of rating. This could be done in a number of ways, including indicators to flag up high-risk findings or categories such as A, B and C to show the scale of any risks.
Findings should show the risk exposure arising, quantified where possible.
