Altum Ari

Audit Reporting with Impact
August 2014
Governance, Risk
Management & Compliance
Our Vision
To be the lead advocate,

trainer and practitioner in
internal auditing in Africa by
providing superior internal
audit solutions to the private
and public sectors
Governance, Risk
Our Mission
To engage internal audit
leaders and their customers;
government officials, business
leaders, corporate executives
and management in a constant
dialogue on the position, role
and value of the internal audit
activity.
Governance, Risk
Course Title
• Audit Reporting with Impact
Governance, Risk
Course Objectives
• Appreciate the need for professionalism in
audit reporting;
• Understand the principles governing audit
reporting;
• Appreciate the importance of the executive
summary and know how to write one;
• Develop issues into full blown findings; and
• Optimize audit reports through the audit
review process
Governance, Risk
Course Overview
• Day One
– Internal Audit Communications
– Audit Reporting Principles
– Constructing the Report
– From Issues to Findings
• Day Two
– Feedback and Action Plans
– The Executive Summary
– Reviewing and Optimizing Audit Reports
– Some Final Tips on Audit Reporting
Governance, Risk
Facilitator Profile
Frederick ALTUM POKOO-AIKINS
• B.Com., Dip. Ed., CIA, CISA, MCIM, ACFE
• Coopers & Lybrand
• Ernst & Young
• CRS, USAID, DANIDA, IAA
• ProCredit, Opportunity
• 17 years to date
Governance, Risk
Internal Auditing is the
cornerstone for sustainable
organisational success
The Institute of Internal Auditors
Governance, Risk
Module One
Internal Audit
Communications
Governance, Risk
Internal Audit Communications
• Why write internal audit reports?
• The Truth about Audit Reports
• Professional Standards
Governance, Risk
Why write internal audit reports?
• Required by Standards.
• Inform- (Tell what auditors found)
• Persuade – (Convince management
of worth and validity of findings)
• Get Results – (Move management
towards change and improvement.)
Governance, Risk
The Truth about Audit Reporting
• Demonstrates:
– Effectiveness of the IA unit
– Competence of the IA unit
• Common ground where internal
auditor meets management
– Medium that establishes the auditor’s
authority or otherwise
Governance, Risk
Unethical uses of the Audit Report
• Tool for achieving
management’s/auditor’s biased
agenda
– Settle scores/personal vendetta
– Weapon of mass destruction
• Win favour with management
Governance, Risk
Just before we go on!!!
• At what stage during the audit
process must we start writing
the audit report?
– Class Discussion
Governance, Risk
Professional Standards
• IIA Standards
– 2020 – Communication and Approval
– 2060 – Reporting to Senior
Management and the Board
– 2400 – Communicating Results
– 2500 – Monitoring Progress
– 2600 – Communicating the Acceptance
of Risks
– IPPF 2013 English.pdf
Governance, Risk
2020 – Communication and Approval
• The chief audit executive must

communicate the internal audit activity’s
plans and resource requirements,
including significant interim changes, to
senior management and the board for
review and approval.
• The chief audit executive must also
communicate the impact of resource
limitations.
Governance, Risk
2060 – Reporting to Senior Management
and the Board
• The chief audit executive must report
periodically to senior management and
the board on the internal audit activity’s
purpose, authority, responsibility, and
performance relative to its plan.
• Reporting must also include significant
risk exposures and control issues,
including fraud risks, governance issues,
and other matters needed or requested
by senior management and the board.
Governance, Risk
2400 – Communicating Results
• 2410 – Criteria for Communicating
• 2420 – Quality of Communications
• 2430 – Use of IIA Conformance
Statement
• 2440 – Disseminating Results
• 2450 – Overall Opinions
Governance, Risk
2400 – Communicating Results
• Internal auditors must
communicate the results of
engagements
– Not only at the end of the audit engagement

but throughout: from planning to follow-up
Governance, Risk
2410 – Criteria for Communicating
• Communications must include the

engagement’s objectives and scope
as well as applicable conclusions,
recommendations, and action plans
Governance, Risk
• 2410.A1 –
• Final communication of
engagement results must,
where appropriate, contain the
internal auditors’ opinion and/or
conclusions.
Governance, Risk
• 2410.A1 – cont.
• When issued, an opinion or
conclusion must take account of the
expectations of senior management,
the board, and other stakeholders
and must be supported by sufficient,
reliable, relevant, and useful
information.
Governance, Risk
• 2410.A2 – Internal auditors are

encouraged to acknowledge satisfactory
performance in engagement
communications.
• 2410.A3 – When releasing engagement
results to parties outside the
organization, the communication must
include limitations on distribution and
use of the results.
Governance, Risk
2420 – Quality of Communications
• Communications must be
accurate, objective, clear,
concise, constructive, complete,
and timely.
Governance, Risk
2430 – IIA Conformance Statement
• Use of “Conducted in Conformance

with the International Standards for
the Professional Practice of Internal
Auditing”
– only if the results of the quality assurance
and improvement program support the
statement.
Governance, Risk
2440 – Disseminating Results
communicate results to the
appropriate parties.
Governance, Risk
2450 – Overall Opinions
• When an overall opinion is
issued, it must take into account
the expectations of senior
management, the board, and
other stakeholders and must be
supported by sufficient, reliable,
relevant, and useful information
Governance, Risk
The communication will identify:
1. The scope, including the time period to
which the opinion pertains;
2. Scope limitations;
3. Consideration of all related projects
including the reliance on other assurance
providers;
4. The risk or control framework or other
criteria used as a basis for the overall
opinion; and;
5. The overall opinion, judgment, or conclusion
reached.
Governance, Risk
2500 – Monitoring Progress
establish and maintain a system
to monitor the disposition of
results communicated to
management.
Governance, Risk
2600 –
Communicating Acceptance of Risks
• When the chief audit executive
concludes that management has
accepted a level of risk that may be
unacceptable to the organization, the
chief audit executive must discuss the
matter with senior management.
• If the chief audit executive determines
that the matter has not been resolved,
the chief audit executive must
communicate the matter to the board.
Governance, Risk
Module Two
Audit Reporting Principles
Governance, Risk
Audit Reporting Principles
• The Process of Audit Reporting
• Knowledge of subject matter
• Knowledge of Grammar!!!!
• The 5 Cs of Audit reports
• Other Reports from the IA Units
Governance, Risk
The Audit Reporting Process
Prepare Review Finalize

• Planning • Report Level • Discuss with
• Drafting • Paragraph Management
• Editing level • Update with
• Formatting • Sentence Management
level comments
Governance, Risk
Report Planning
• Focus | Generate and Organize
– 3 basic questions
• Information | objective | audience
– Analyze your audience
• Who | How much knowledge
• Interest | Use | Reaction
– Best foot forward!!!
• the most important ideas (findings) come
first and they must be arranged logically
Governance, Risk
Report Drafting
• Do one thing at a time.
• Avoid unnecessary interruptions.
• Work during your best hours.
• Create a conducive environment.
• Leave room for notes.
• Be flexible--don’t get too attached to
what you have written.
• Separate drafting from editing
• Note missing information
Governance, Risk
Report Editing
1. Edit for organization.
1. Objective | Logic | Complete | Support
2. Edit for readability.

1. Understanding | Jargon | Voice
3. Edit for errors (proofreading)

1. Grammar mistakes | Incorrect amounts |
Misspelled words | Misused words
Governance, Risk
The 2 keys to better reports
• Knowledge of Grammar
• Knowledge of Subject matter
Governance, Risk
Grammar!!!!
• Grammar is the structural
foundation of our ability to
express ourselves in speech and
in writing.
Governance, Risk
1. Readability
• If your work is peppered with
grammatical mistakes and typos, your
readers are going to have a hard time
reading through it. Nothing is more
distracting than being yanked out of a
good story because a word is misspelled
or a punctuation mark is misplaced.
Governance, Risk
2. Respect & Authority
• As a first-rate writer who has mastered
good grammar, you will gain respect and
authority among your peers. People will
take you seriously and regard you as a
person who is committed to the craft of
writing, not just some hack trying to
string words together in a haphazard
manner.
Governance, Risk
How much do you remember?
•Let’s do some revision

!!!!
Governance, Risk
Subject-Verb Agreement
• The committee, made up of
several women, are deciding on
the school budget next week.
Governance, Risk
Subject-Verb Agreement
• We enjoyed the brilliant
sunshine of the beach so much
that day that when we left there
was only one couple and one
lifeguard still there.
Governance, Risk
Subject-Pronoun Agreement
• A smart tennis player such as
Samantha is someone who
knows how to move around the
court, can hit winners at the net,
and controls their emotions.
Governance, Risk
Proper Verb Tense
• The three coaches decided not
to pick the team right after
practice that day, but they do
talk on the phone and made the
final decisions that night.
Governance, Risk
Incorrect Comparisons
• Sam felt extremely confident
going into the final round of
interviews, because his list of
credentials was far more
impressive than his competitor.
Governance, Risk
Proper Number Agreement
• The travel tour through Italy is
intended for families with a
young child.
Governance, Risk
Unclear Pronouns
• Sarah and Karen were enjoying
the hike up the mountain until
she felt ill and they had to turn
back for home.
Governance, Risk
Exercise1
• After reviewing the research and in light
of the relevant information found within
the context of the conclusions, we feel
there is definite need for some additional
research to more specifically pinpoint our
advertising and marketing strategies.
Governance, Risk
It could be this way (:
• We need additional research to
pinpoint our advertising and
marketing strategies.
Governance, Risk
Exercise 2 - Proofreading
• Identify the 10 errors in the
following passage.
Governance, Risk
Passage
• The principle reason for the follow up
meeting is to talk about how we will handle
inquiries from the press. We are already
receiving a large amount of calls from the
media, and we want to insure that our
statements compliment our print strategy.
As a HIV-AIDS advocacy organization, we
must discretely manage information and the
affects of any publicity. If you receive
inquiries you cannot handle, just foreword
them to Britta or myself.
Governance, Risk
Corrected Passage 
• The principal reason for the follow-up
meeting is to talk about how we will handle
inquiries from the press. We are already
receiving a large number of calls from the
media, and we want to ensure that our
statements complement our print strategy.
As an HIV-AIDS advocacy organization, we
must discreetly manage information and
the effects of any publicity. If you receive
inquiries you cannot handle, just forward
them to Britta or me.
Governance, Risk
Jargons
• Technical terms within a specific field or
overly complex terms used to describe
something simple.
• Avoid jargon unless
–a) you know the reader will
understand it, or
–b) there are no simpler terms to
describe something.
Governance, Risk
Dealing with jargon
• You can deal with jargon by
either
a) substituting simpler terms, or
b) defining it first.
Governance, Risk
Jargon – example 1 
• The agency’s weak controls
governing fiscal matters led to a
deficit in the school lunch
program that caused some
children to forgo the nutritional
sustenance they require.
•
Governance, Risk
Jargon – example 1 could be 
• Because the agency did not
monitor its budget, there was
not enough money to fully fund
the school lunch program and
some children did not receive
meals.
Governance, Risk
Jargon – example 2 
• Because there is a material
weakness in the company's
controls over cash, the State’s
assets are at risk.
Governance, Risk
• Inadequate monitoring of
company cash could lead to loss
of money
Governance, Risk
Jargon – example 3
• The bank’s property inventory
controls do not encompass an
annual inventory. As a
consequence, the agency cannot
account for 32 computers.
Governance, Risk
• The bank cannot account for 32
computers because it did not
conduct an annual stock taking
exercise.
Governance, Risk
• NAVISION (the agency’s internal
accounting system) and ACCPAC
do not reconcile.
Governance, Risk
• There are differences in the
figures produced by the two
computerized accounting
packages
Governance, Risk
• Inadequate remuneration has
negatively affected the
company’s employee retention
rate.
Governance, Risk
• Low staff salaries have increased
the rate at which staff are
leaving.
Governance, Risk
Knowledge of subject matter
• You need to understand the business
–Business Acumen
• Study the system in place and apply
the ORC relationship
Governance, Risk
The IIA Global Internal Audit Competency
Framework - 2013
Governance, Risk
The ORC Relationship
• At the heart of the audit work
– Illustrate with
• GRC
Governance, Risk
The 5 Cs of Audit reports
• Criterion
• Condition
• Cause
• Consequence
• Corrective Action
Governance, Risk
Some Internal Audit Reports
1. Status of implementation of annual
internal audit plan
2. Report on adequacy of audit resources
3. Recommendation Implementation
Status Summary (follow up report)
4. Summary of high risk findings and
recommendations with action plans
5. Routine discussed audit reports
6. Ad-hoc Investigation reports
Governance, Risk
Module Three
Constructing the Report
Governance, Risk
Constructing the Report
• Cover page
• Monitoring data
• Executive summary
• Main body of report
– Audit Report formats
Governance, Risk
Cover/Title page
• Branding
• Logos/layout – visual impact
• Title
• Draft Report-ALTUM Bank.doc
Governance, Risk
Monitoring data
• Key information, report rating,
location category, report
distribution, audit team, date of
last audit.
• Draft Report-ALTUM Bank.doc
Governance, Risk
Audit Reporting Formats
• Format One
– illustrate
• Format Two
– illustrate
Governance, Risk
Module Four
The Executive Summary
Governance, Risk
• The most important piece of an
audit report
• It is called an Executive Summary
for a reason; executives will
focus on this page – it has got to
be good and catch the reader
Governance, Risk
• Keep it Short and Sweet – not all
sections outlined need to be in
the Executive Summary;
• Focus on the highlights
Governance, Risk
• Introduction
• General Objective/Scope
• High Risk Findings and
Recommendations
• Audit Opinions and Ratings
• IIA Conformance Statement
Governance, Risk
The Exec Summary - Organisation
• Executive summaries are usually
organized according to the
sequence of information
presented in the full report, so
follow the order of your report
as you discuss the reasons for
your conclusions.
Governance, Risk
The Exec Summary - Length
• The executive summary is usually
no longer than 10% of the
original document. It can be
anywhere from 1-10 pages long,
depending on the report's
length.
Governance, Risk
When do you write it?
• Write the executive summary
after you have completed the
report and decided on your
recommendations.
Governance, Risk
Introduction
• General information pertaining
to the audit
– Reference to the audit plan
– Timing
– Summary objective(s)
– Scope(?)
Governance, Risk
Background
• People (Management and Staff) –
– change in leadership/management
• Key Staff transfers, resignations,
promotions, dismissals, prolonged
vacancies, persons in acting positions
who have overstayed
• Processes/
– Updated or new, previous/ repeated
instances of non compliance
Governance, Risk
Background
• Product/Services –
– Redesigned, scrapped, new
– Performance among the product/service
line or portfolio
• Performance (operational and financial)
– Revenue contribution comparison
(increase or decrease), significant
previous leakages
– Expenditure increases/decreases
– Fraud allegations and investigations
Governance, Risk
Group Exercise
Governance, Risk
Exercise 3a
• Write the Introduction and
Background sections from the
following sentences provided.
Governance, Risk
Exercise 3b
• Write the background based on
the following
Governance, Risk
Defining Audit Objectives
• Define audit objectives in a way
that saves your time and helps
senior executives get right to the
point of your report
• Let’s make life easy SAPG1001.DOC
Governance, Risk
Exercise 4
• Write the Audit Objectives based
on the following
Governance, Risk
Defining the Scope
• Scope is always about 3 things
– Subject matter
– Period under review
– Geographical location
• These determine the boundaries

of the engagement
Governance, Risk
Exercise 5
• Write out the scope based on
the following
Governance, Risk
Opinion
• IPPF 2410.A1
– Final Communication of engagement
results must, where appropriate,
contain the internal auditors’ overall
opinion and/or conclusions
Governance, Risk
Macro vs. Micro Level Opinions
• Macro – assurance/opinion at a
broad level for the organization
as a whole.
• Micro – report on individual
components of the
organization’s operations
Governance, Risk
Positive vs. Negative Assurance
• Positive – highest level of
assurance
– Sufficient evidence was gathered to be
reasonably certain that evidence to
the contrary, if it exists, would have
been identified.
– Definite position
Governance, Risk
Positive vs. Negative Assurance
• Negative – nothing identified
through the scope of the audit or
on a specific objective
– Limited
Governance, Risk
Executive Summary – Opinion
• Not every report needs an
opinion
– Be mindful of the tone you adopt and
the language you use
– Opinion makes an impact and is a
direct reflection of the auditor and the
audit department
Governance, Risk
Overall Report Rating
• Problems arise from too much
focus on rating and less focus on
actual report content
– Satisfactory, Needs Improvement,
Needs Significant Improvement,
Unsatisfactory
Governance, Risk
Standards Conformance Statement
• IPPF 2430 – Use of conducted in
conformance with the International
Standards for the Professional
Practice of Internal Auditing
– only if the results of the quality assurance
and improvement program support the
statement
Governance, Risk
Module Five
From Issues to Findings
Governance, Risk
From Issues to Findings
• Establishing Criteria
• Stating the Condition
– Issues v Observations
– The role of evidence
• Determining the Cause
• Assessing the Consequence
• Determining the Corrective Action
Governance, Risk
Criterion
• An audit criterion is a specific
statement of what should be
happening.
–They include the goals and objectives
that management intends to
accomplish, in accordance with the
policies, procedures, and standards
that management has created, to
govern the operation effectively,
efficiently, and economically
Governance, Risk
Criterion
• It is what we are measuring
against.
Governance, Risk
Criteria
• In our environment these might
also include laws, regulations,
authority policies and
procedures, industry or
other ministry standards.
Governance, Risk
Where there is no Criterion?
• You need to develop one in a
manner that will make your
readers understand the need for
condition to be addressed.
– For example….
Governance, Risk
For the “condition” below
• Bank reconciliation statements
were not prepared for the six
month period ended 31
December 2012.
Governance, Risk
Suggested criterion 
• In order to ensure appropriate
control over organisational cash
resources and transactions, it is
necessary to reconcile the cash
book and bank balances on a
regular basis preferably at pre-
determined intervals.
Governance, Risk
Group Exercise
Governance, Risk
Exercise 6
• Write the criteria for the
conditions provided.
• In all instances, there were no
management approved policies
or procedures.
Governance, Risk
Condition
• A condition is a situation that exists
as at the time of the audit work. It
has been determined and
documented during the audit.
– The information gathered should be
sufficient, competent, and relevant,
and it should be able to withstand
challenge.
Governance, Risk
Condition
• It must be representative of the
total population or system under
review or, if an isolated instance,
be a significant defect.
Governance, Risk
Group Exercise
Governance, Risk
Exercise 7
• Critique and restate the
following conditions
Governance, Risk
Cause
• Cause explains why standards were
deviated from, why goals were not
met, and why objectives were not
attained.
• Recommendations are most
effective when they address an
identified condition and cause.
Governance, Risk
Cause
• The auditor may not be able to
easily or always identify the
cause, and might consult
management for their opinion as
to what has caused the observed
condition.
Governance, Risk
Consequence/Effect/Impact
• Answers the "so what?"
question: assuming that all the
facts are as represented, what is
the result and significance of
this?
Governance, Risk
Consequence/Effect/Impact
• It is the element needed to convince
clients and Senior management that
the undesirable condition, if
permitted to continue, will cause
harm and would cost more than the
action needed to correct the
problem.
Governance, Risk
Group Exercise
Governance, Risk
Exercise 8
• Read the revised conditions in
Exercise 7 and state the
consequence/impact/effects of
all the revised conditions.
• Good Luck 
Governance, Risk
Corrective Action/Recommendation
• This describes the course of

action management should take
to correct the audit-identified
condition
Governance, Risk
Corrective Action/Recommendation
• This is the real substance of the

audit report; where auditors can
really add value
Governance, Risk
Group Exercise
Governance, Risk
Exercise 9
• Make recommendations to
address the conditions in
exercise 7.
Governance, Risk
In a nutshell
• Criterion • What should be?
• Condition • What is?
• Cause • Why the deviation from
the “what should be”
occurred?
• Consequence • What happened or could
happen because the
“what is” differed from
the “what should be”?
• Corrective • What is needed to
Action correct the condition and
Governance, Risk
improve operations?
Module Six
Feedback and Action Plans
Governance, Risk
• Management response
• Management action plans
• Audit follow-up
Governance, Risk
• Practice Advisory 2410-1: 12
– PAs.pdf
Governance, Risk
Management response
• These are the responses to the
audit recommendations.
• They reflect the commitment of
management to address audit
findings.
Governance, Risk
Management Action Plans
• All action plans must have 3
components
– Real action item owner
• Ability and authority to make the action
item happen
– It must address the root cause
– Realistic target date – focused and
deliverable within 90 days for any high
risk.
Governance, Risk
Obtaining Feedback
• Practical challenges
– Discussion
– Sample Policy on Resolution of Internal

Audit Recommendations.pdf
Governance, Risk
Module Seven
Reviewing and Optimizing

Reports
Governance, Risk
Reviewing and Optimizing Reports
• The 3 levels of Review
• Optimizing for quality
• The 7 Deadly Sins of Wordiness
– Putting it all together
Governance, Risk
The 3 levels of Review
1. Report
2. Paragraph
3. Sentence
Governance, Risk
Report Level
• Is the report’s central message clear?
• Is it the appropriate length (i.e., too
short or too long)?
• Does it have a summary of the report
message up front?
• Does it have sufficient, clear headings?
• Does it have suitable graphics (e.g.,
pictures, tables, graphs)?
Governance, Risk
Paragraph Level
• Does the paragraph contain a topic
sentence that accurately conveys the
paragraph’s central idea?
• Does the paragraph contain enough
information to support the idea
expressed in the topic sentence?
• Do the ideas presented in the
sentences following the topic sentence
flow logically (i.e., are they in the
Governance, Risk
correct order)?
Simple Logic Diagram
• I have a vegetable garden in my
backyard. My backyard is a good place
to grow vegetables. Having rich soil, it
enables vegetables to obtain valuable
nutrients from the earth. Gardens
need at least 6 hours of direct sunlight
to grow most vegetables. The lack of
trees in my backyard provides full sun
for 8 hours a day.
Governance, Risk
Simple Logic Diagram
• My backyard is a good place to grow
vegetables.
• Having rich soil, it enables vegetables
to obtain valuable nutrients from the
earth.
• Gardens need at least 6 hours of direct
sunlight to grow most vegetables.
• The lack of trees in my backyard
provides full sun for 8 hours a day.
Governance, Risk
Logic Diagram –Audit Example
• The Agency has not devoted adequate time
or resources to property management.
Periodic inventories of accountable property
were not conducted and departing
employees did not always return all property
that had been issued to them. Further,
although the agency did document the
disposal of laptop computers, it did not
adequately document that all sensitive or
classified information had been sanitized
prior to their disposal.
Governance, Risk
Sentence Level
• Are all the words in my sentences
necessary?
• Are my sentences easy to
understand?
• Do the sentences contain action
verbs and actors (active vs. passive
construction)?
• How about tone?
Governance, Risk
From the Standards
• Avoid biased language!
– IIA Practice Advisory 2420-1 states,
“Objective communications are fair,
impartial, and unbiased and are the
result of a fair-minded and balanced
assessment of all relevant facts and
circumstances.”
Governance, Risk
Tone
• “Proper control can not be
achieved unless reconciliations
are performed”.
• “If reconciliations are performed,
proper control can be achieved.”
Governance, Risk
The Seven sins of Wordiness
• Filler Phrases
• Redundant modifiers
• Drawn out verbs
• Overstated Language
• Empty Words
• Passive voice
• Reptition
Governance, Risk
Filler Phrases
• Filler phrases take up space but
add no meaning. You can delete
them without changing the
meaning of the sentence.
Governance, Risk
Filler Phrases
Governance, Risk
Redundant Modifiers
• Redundant modifiers use
unnecessary adjectives or
adverbs or turn a simple
adjective into a long phrase.
Governance, Risk
Redundant Modifiers
Governance, Risk
Drawn-Out Verbs
• Drawn-out verbs turn simple
action verbs into a noun phrase.
Drawn out verbs often contain a
noun with the “tion” ending, and
they always require a preposition
Governance, Risk
Put Action in Verbs instead of Nouns
• When writing we sometimes

change verbs into nouns. This
practice weakens sentences.
• It can also hide the fact that the
writer has omitted important
information.
Governance, Risk
Drawn-Out Verbs
Governance, Risk
For example
1. We will put the proposal under
consideration.
–We will consider the proposal.
2. Our team made a
recommendation to management.
–Our team recommended that
management…………..
Governance, Risk
Now your turn ()
• Achieve improvements
• Come to conclusions
• Conduct an evaluation
• Give proof of
• Is applicable
• Begin the implementation
• Make a decision to
• Make an examination of
• Take action
Governance, Risk • Obtain an increase
Another set ()----
• Make revisions
• Are found to be in agreement
• Conduct a study
• Give an indication of
• Have a preference for
• Make an adjustment to
• Make use of
• Perform an analysis
• Have a discussion
Governance, Risk
Overstated Language
• Overstated language uses longer,
more complicated words where
simpler, shorter words would
suffice.
Governance, Risk
Overstated Language
Governance, Risk
Empty Words
• Empty words offer
generalizations and do not stand
alone.
Governance, Risk
Empty Words
Governance, Risk
Passive Voice
• Passive voice uses a form of “to
be” followed by the past
participle and, usually, a
prepositional phrase.
Governance, Risk
Passive Voice
Governance, Risk
Repetition
• Repetition results from using the
same word within the sentence
or repeating it from one
sentence to the next.
Governance, Risk
Repetition
Governance, Risk
Group Exercise
Governance, Risk
Exercise
• Apply the principles to the
following audit report. – 20 mins.
Governance, Risk
Module Eight
Some Tips on Audit Reporting
Governance, Risk
Some Tips on Audit Reporting
• 10 ways to ruin the audit report
• 5 strategies for timely reporting
Governance, Risk
10 Ways to RUIN an Audit Report
1. Drift from the audit objective.
2. Treat your writing as separate from
your auditing.
3. Start writing your report after
finishing your field work.
4. Write as though you had no
deadline.
5. Dwell on superficial and overlook
substance.
Governance, Risk
10 Ways to RUIN an Audit Report
6. Use more detail than necessary to
make your points.
7. Generalize with insufficient supporting
facts.
8. Reflect your emotions in your writing.
9. Cram at the end to meet your
deadline.
10. Submit your drafts without review and
revision.
Richard Chambers
Governance, Risk
Five Proven Strategies for More Timely
Audit Reports –
1. Share internal audit results with
client “as you go”
2. Eliminate or reduce levels of review
3. Use team writing or report
conferencing
4. Use automated working papers’
report-writing features
5. Streamline the report format
Richard Chambers
Governance, Risk
• Thank you for your
participation
• We hope to see you
again
Governance, Risk
• Frederick Pokoo-Aikins
• 020 813 3218
• fpaikins@altumtc.com
Governance, Risk

Altum Ari

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Altum Ari

Uploaded by

Copyright:

Available Formats

Audit Reporting with Impact

To be the lead advocate,

• Audit Reporting with Impact

• The chief audit executive must

– Not only at the end of the audit engagement

• Communications must include the

• 2410.A2 – Internal auditors are

• Use of “Conducted in Conformance

Audit Reporting Principles

Prepare Review Finalize

2. Edit for readability.

3. Edit for errors (proofreading)

•Let’s do some revision

Constructing the Report

The Executive Summary

• These determine the boundaries

From Issues to Findings

• This describes the course of

• This is the real substance of the

Feedback and Action Plans

– Sample Policy on Resolution of Internal

Reviewing and Optimizing

• When writing we sometimes

Some Tips on Audit Reporting

You might also like