##master-page:AuditResultTemplate
##master-date:2014-06-24
##acl @ME@:read,write,delete,revert,admin
#format wiki
#language en

= Audit Results Session @PAGE@ =
## select in each field one
## Review of Internal controls, Compliance Review, Operational or Management Audit, Financial Audit, Special Investigation
|| Audit Type         || ||
## Draft, Formal Draft, Final Report
|| Report Status      || ||
## Audit plan, Directive of Board, Request of ''XX'' 
|| Audit initiated by || ||
|| Audit Subject      || ||
## Comments received, comments integrated, agreed, needs rework
|| Follow up status   || ||

<<TableOfContents()>>
== Executive Summary ==
The Executive Summary provides an overview of the audit results. This section should normally present overall conclusions and recommendations as related to the audit objectives identified under the Purpose and Scope section. The executive summary may include:
 * A brief description of what was audited, objectives, scope, time periods;
 * Capsule statements of significant action plans;
 * Overall statement that gives the proper perspective of the concerns and conclusions; and,
 * Overall audit report rating.

== Introduction ==
This section provides information about the audit area. It should include any background information needed to understand the audit area and the significance of the audit. The amount of detail necessary will depend on the intended reader.

== Purpose, Scope and Methodology ==
This section provides information about the audit. It should indicate why we did the audit, what was included and not included in the audit, the time period audited, and the audit objectives. It may include audit methodology, i.e. document review, interview, inspection, etc. Auditors should report the scope of their work on management controls and non-conformities found during the audit.

== Audit Results and Recommendations ==
This section should include detail write-ups of individual audit comments and recommendations. Each individual comment should include all of the information described below under "Elements of A Comment".

=== Non-Conformities ===
'''Elements of a Comment''' The foundation of well-written audit reports are the comments (findings) and recommendations. Effective audit reports provide well
written comments that include all of the basic elements including condition, criteria, cause, effect and follow-up. 

'''Opening Statement''' The opening statement should be a brief summarized statement of the condition and effect. The goal or standard is usually implied but may on occasion also be stated.

'''Criteria''' Following the opening statement provide an explanation of management goals and the standards, or measures used to evaluate the program, function, or activity. Criteria are what the condition should be. This can be:
 * Management goals
 * Professional Standards
 * Laws, Regulations, or Policies
 * Common Sense 
 * CAcert internal

'''Condition''' The condition is how effectively management/execution is achieving goals or meeting standards. One of three possibilities:
 * goals or standards are fully achieved
 * partially achieved
 * not achieved

Condition should be clearly stated followed by detail supporting evidence from audit work. This section should expand on the opening statement.

'''Cause''' Begin with a direct statement of reason things have gone well or poorly. Follow this with any necessary substantiating evidence. Possibilities include:
 * Inadequate procedures
 * Procedures not followed
 * Poor supervision
 * Unqualified employees

Two key points should be addressed:
 * Is effected entity lead (board, Officer, Team Leader) aware?
 * Does entity lead agree & intend to action?

'''Effect''' Clearly state the results of the condition in quantifiable terms when possible.
 * Increased risk or exposure
 * cost
 * Poor performance
 * Failure to achieve CAcert's goals

=== Recommendations ===
'''Recommendations''' Recommendations are possible or suggested corrective actions to rectify negative conditions. They should be listed under a lead statement such as: (example) “We recommend that the affected officer: amends... establishes... implements..." 
Recommendations should be stand-alone statements that can be read out of context and still make sense. Example: “We recommend that the affected officer puts in place a mechanism for monitoring timeliness of cash collections.”
 * Be positive
 * Be specific
 * Identify who should act
 * Keep recommendations brief

== Auditor ==
@SIG@ 

----
 . CategoryAudit