Professional Documents
Culture Documents
Specimen Internal Audit Report: Appendix 15
Specimen Internal Audit Report: Appendix 15
Specimen internal
Overall rating and summary of findings Overview
Satisfactory The vast majority
Represents an assessment of a control environment of internal audits
that is satisfactory and supports meeting carried out during
audit report
management’s objectives. the period received
a ‘pass’ grade and
there were no ‘high
Adequate with opportunity for further development –
Medium priority for management to address Represents an priority’ observations.
However, there were
assessment of an adequate control environment that broadly
a small number of
supports management’s objectives but has further opportunities
‘medium priority’
for development. and ‘low priority’
observations which
are discussed in
more detail below.
Unsatisfactory – High priority for management to Overall, the control
address environment is in
A high number of control deficiencies or business issues where good order and
the potential financial, operational or reputation risk exposure to management are
XYZ is significant and management should address these issues working to resolve
immediately. the issues identified
during the audits.
Accepted PIOs 0
0 5 10 15 20 25 30
Governance,
Conduct and
Ethics
Finance and
Commercial
Etc.
Detailed findings
This section summarises in the form of performance improvement observations (PIOs) the
issues arising from this review that we believe require action. PIOs are rated using the
scale in the legend below:
HIGH: Issues referring to MEDIUM: Issues referring mainly LOW: Issues arising that
important matters that are to matters that have an important would, if corrected,
fundamental to XYZ’s system of effect on XYZ’s controls, but do improve XYZ’s internal
internal control. We believe that not require immediate action. A control in general,
the matters observed might cause a business but are not vital to the
business objective not to be met or objective may still be met in full or in overall system of
leave a risk unmitigated and need part or a risk adequately mitigated, internal control.
to be addressed as but the weakness represents a
a matter of urgency. significant deficiency in the system.
No Priority Issue Risk Performance Management Responsibility/
Improvement Response Date
Observation
1 LOW
2 HIGH
MEDIUM
Etc.
3
Appendix: Scope of work and audit approach