Audit Results Session @PAGE@
Audit initiated by
Follow up status
The Executive Summary provides an overview of the audit results. This section should normally present overall conclusions and recommendations as related to the audit objectives identified under the Purpose and Scope section. The executive summary may include:
- A brief description of what was audited, objectives, scope, time periods;
- Capsule statements of significant action plans;
- Overall statement that gives the proper perspective of the concerns and conclusions; and,
- Overall audit report rating.
This section provides information about the audit area. It should include any background information needed to understand the audit area and the significance of the audit. The amount of detail necessary will depend on the intended reader.
Purpose, Scope and Methodology
This section provides information about the audit. It should indicate why we did the audit, what was included and not included in the audit, the time period audited, and the audit objectives. It may include audit methodology, i.e. document review, interview, inspection, etc. Auditors should report the scope of their work on management controls and non-conformities found during the audit.
Audit Results and Recommendations
This section should include detail write-ups of individual audit comments and recommendations. Each individual comment should include all of the information described below under "Elements of A Comment".
Elements of a Comment The foundation of well-written audit reports are the comments (findings) and recommendations. Effective audit reports provide well written comments that include all of the basic elements including condition, criteria, cause, effect and follow-up.
Opening Statement The opening statement should be a brief summarized statement of the condition and effect. The goal or standard is usually implied but may on occasion also be stated.
Criteria Following the opening statement provide an explanation of management goals and the standards, or measures used to evaluate the program, function, or activity. Criteria are what the condition should be. This can be:
- Management goals
- Professional Standards
- Laws, Regulations, or Policies
- Common Sense
- CAcert internal
Condition The condition is how effectively management/execution is achieving goals or meeting standards. One of three possibilities:
- goals or standards are fully achieved
- partially achieved
- not achieved
Condition should be clearly stated followed by detail supporting evidence from audit work. This section should expand on the opening statement.
Cause Begin with a direct statement of reason things have gone well or poorly. Follow this with any necessary substantiating evidence. Possibilities include:
- Inadequate procedures
- Procedures not followed
- Poor supervision
- Unqualified employees
Two key points should be addressed:
- Is effected entity lead (board, Officer, Team Leader) aware?
Does entity lead agree & intend to action?
Effect Clearly state the results of the condition in quantifiable terms when possible.
- Increased risk or exposure
- Poor performance
- Failure to achieve CAcert's goals
Recommendations Recommendations are possible or suggested corrective actions to rectify negative conditions. They should be listed under a lead statement such as: (example) “We recommend that the affected officer: amends... establishes... implements..." Recommendations should be stand-alone statements that can be read out of context and still make sense. Example: “We recommend that the affected officer puts in place a mechanism for monitoring timeliness of cash collections.”
- Be positive
- Be specific
- Identify who should act
- Keep recommendations brief