INTERNAL AUDIT REPORTS Parity Twinomujuni CIA Makerere University Internal Audit Department
Session Coverage Challenges with Internal audit reports Consumers of internal audit reports Report structure Guidance for efficient reporting
The Standard 2400 – Communicating Results Internal auditors must communicate the engagement results. This communication is usually in form of audit reports
What are the common challenges with our reports Scoping is often not formally communicated to Auditees Reports are too voluminous and complex and in some cases too short Time taken to publish reports – completion of fieldwork to reporting Reports that are not supported by evidence
Common challenges Drafting / sometimes English – too much jargon Over emphasis of issues Personalizing reports Negative language Poor flow – non critical issues emphasized and critical issues left out etc
Understanding the user needs Who reads our reports? Mgt, Audit Committee, Other stakeholders, What are their uses of the report? What kind of message do they seek? How can we ensure that our reports are actionable? How can we incorporate value addition in reporting?
Guidance on scoping 2201.C1- Internal auditors must establish an understanding with consulting engagement clients about objectives, scope, respective responsibilities, and other client expectations. For significant engagements, this understanding must be documented.
Common Report Structure Executive Summary Detailed Report – Audit Observations Appendices
Executive Summary Objectives Scope Opinion or Conclusions What about the Background
Executive Summary: Objectives What did the audit aim to accomplish? Why did you perform the audit?
Executive Summary: Scope What did the audit cover and, if necessary, what did it not cover and why? Period and Area
Executive Summary: Opinion or Conclusions What are the causes of the conditions and how severe are the effects? What is really wrong (or right) and how bad(or good) is it?
Internal audit reports Findings An internal audit report is a collection of findings that an auditor identifies during the engagement process.
Components of an Audit finding The five components of audit reporting are: Criteria Conditions Causes Effects Recommendations and/or Action Plans
Example Criteria Company policy requires that all payments above Ushs 1,000,000 should be approved by the CEO Condition In a sample of 100 payments above Ushs 1,000,000 paid during the month of June 2009, 30 were paid without CEO approval.
Example Continued Cause Thresholds for approval of payments were not being monitored and followed on a daily basis. Effect Payment procedures are not being adhered to. There is a likelihood that fraudulent payments can be made.
Example Continued Recommendations All payments that were made without CEO approval should be compiled for CEO ratification. Any payments that the CEO will find irregular should be investigated further by the investigation unit. All future payments should follow approved payment procedures
Action / Management response We agree with the finding. The Finance Manager shall compile all payments affected and have approvals ratified by December 31, 2009. The CFO has agreed not to sanction any future payments without proper approvals.
Writing-Quality Guidance 2420 – Quality of Communications Communications must be accurate, objective, clear, concise, constructive, complete, and timely.
Interpretation Accurate communications are free from errors and distortions and are faithful to the underlying facts. Objective communications are fair, impartial, and unbiased and are the result of a fair-minded and balanced assessment of all relevant facts and circumstances. Clear communications are easily understood and logical, avoiding unnecessary technical language and providing all significant and relevant information. Concise communications are to the point and avoid unnecessary elaboration, superfluous detail, redundancy, and wordiness.
Interpretation Constructive communications are helpful to the engagement client and the organization and lead to improvements where needed. Complete communications lack nothing that is essential to the target audience and include all significant and relevant information and observations to support recommendations and conclusions. Timely communications are opportune and expedient, depending on the significance of the issue, allowing management to take appropriate corrective action.
Writing-Quality Issues Coherence Handling of technical terminology Readability and conciseness Sentence clarity
Technical Terminology Strategies Replace unnecessary technical terms Define necessary technical terms Manage the number and definitions of acronyms and abbreviations Include a glossary Shorten the sentences
Readability Factors Text Factors Affecting Readability Sentence length Word difficulty Coherence Placement of the main messages Layout and graphic design
Human Factors Affecting Readability Reading skill Content knowledge Attitude Environment
Readability and Conciseness Strategies Break up long sentences Replace difficult, unfamiliar words Eliminate redundancy Eliminate wordiness
Mapped or table formats Paragraph formats Electronic-delivery formats Report Formats Mapped or table formats Paragraph formats Electronic-delivery formats
Mapped or Table Format Allows easy navigation for the reader “Builds in "the logic Eases the writing Encourages conciseness
Paragraph Format Enables more coherence May better meet expectations in some organizations
Electronic-Delivery Formats Allow easy navigation for the reader “Build in”the logic Ease the writing
Ratings Can be applied to the entire engagement and/or to each audit observation What is rated? Overall internal-control rating Risk
Overall Internal-Control Rating Two-point rating Unsatisfactory Satisfactory Three-point rating Needs improvement Four-point rating Needs significant improvement
Risk Rating High Medium Low
Conclusion We need to write actionable reports Understand who the consumers of our reports are Use Report structures that are agreeable and easy to read and navigate Include graphics into our reports Work on the tone, address critical areas and make our reports as friendly as possible.
End Parity Twinomujuni CIA ptwino@nhcc.co.ug, parityt@yahoo.com +256717771665