Communicating Internal

Audit Results
Standards with Practical
Cases

Facilitated By: Kokeb Ashame (MSc, CIA)

February 13, 2016

1
Learning Objectives
Familiarize with the Standards of
Communicating Audit Results
Understand the purpose of engagement
communication
Learn the features of best practice in
audit communication
Be aware of the issues and risks in report
writing
Familiarize with effective strategy in
developing audit reports
Familiarize with the ideal structures of
Internal Audit Report

2
Definition of Internal Auditing

Internal auditing is an independent,

objective assurance and consulting
activity designed to add value and
improve an organization's operations.
It helps an organization accomplish its
objectives by bringing a systematic,
disciplined approach to evaluate and
improve the effectiveness of risk
management, control, and governance
processes.

3
I. INTERNATIONAL STANDARDS FOR THE
PROFESSIONAL PRACTICE OF INTERNAL
AUDITING(STANDARDS)
2400 Communicating Results
Internal auditors must communicate the
results of engagement
2410 Criteria for Communicating
Communications must include the
engagements objectives and scope as
well as applicable conclusions,
recommendations, and action plans

4
Standards

2410.A1 - Final communication of

engagement results must, where
appropriate, contain the internal auditors
opinion and/or conclusions. When issued, an
opinion or conclusion must take account of
the expectations of senior management, the
board, and other stakeholders and must be
supported by sufficient, reliable, relevant,
and useful information.

5
Standards (Cntd)
2420 Quality of Communications
Communications must be accurate, objective,
clear, concise, constructive, complete, and timely.

Accurate communications are free from errors

and distortions and are faithful to the
underlying facts.

Objective communications are fair, impartial,

and unbiased and are the result of a fair-
minded and balanced assessment of all relevant
facts and circumstances.
6
Standards (Cntd)

Clearcommunications are easily understood

and logical, avoiding unnecessary technical
language and providing all significant and
relevant information.

Concise communications are to the point

and avoid unnecessary elaboration,
superfluous detail, redundancy, and
wordiness.

7
Standards (Cntd)
Constructive communications are helpful to
the engagement client and the organization
and lead to improvements where needed.
Complete communications lack nothing that
is essential to the target audience and include
all significant and relevant information and
observations to support recommendations
and conclusions.
Timely communications are opportune and
expedient, depending on the significance of
the issue, allowing management to take
appropriate corrective action.

8
Standards (Cntd)

2421 Errors and Omissions

If a final communication contains a
significant error or omission, the chief audit
executive must communicate corrected
information to all parties who received the
original communication.

9
Standards (Cntd)

2430 Use of Conducted in

Conformance with the International
Standards for the Professional Practice of
Internal Auditing
Internal auditors may report that their
engagements are conducted in
conformance with the International
Standards for the Professional Practice of
Internal Auditing, only if the results of the
quality assurance and improvement program
support the statement.
10
Standards (Cntd)
2431 Engagement Disclosure of
Nonconformance
When nonconformance with the Definition of
Internal Auditing, the Code of Ethics or the
Standards impacts a specific engagement,
communication of the results must disclose the:
Principle or rule of conduct of the Code of
Ethics or Standard(s) with which full
conformance was not achieved;
Reason(s) for nonconformance; and
Impact of nonconformance on the
engagement and the communicated
engagement results.

11
Standards (Cntd)

2440 Disseminating Results

The chief audit executive must
communicate results to the appropriate
parties.
The chief audit executive is responsible for
reviewing and approving the final
engagement communication before issuance
and for deciding to whom and how it will be
disseminated. When the chief audit
executive delegates these duties, he or she
retains overall responsibility.
12
Standards (Cntd)
The communication will identify:
The scope, including the time period to which the
opinion pertains;
Scope limitations;
Consideration of all related projects including the
reliance on other assurance providers;
The risk or control framework or other criteria
used as a basis for the overall opinion; and
The overall opinion, judgment, or conclusion
reached.
The reasons for an unfavorable overall opinion
must be stated.
13
Standards (Cntd)

2600 Communicating the Acceptance of

Risks
When the chief audit executive concludes
that management has accepted a level of
risk that may be unacceptable to the
organization, the chief audit executive must
discuss the matter with senior management.
If the chief audit executive determines that
the matter has not been resolved, the chief
audit executive must communicate the
matter to the board.
14
Standards (Cntd)

The identification of risk accepted by

management may be observed through an
assurance or consulting engagement,
monitoring progress on actions taken by
management as a result of prior
engagements, or other means. It is not the
responsibility of the chief audit executive to
resolve the risk.

15
II. What it is and what it does ?
What it is?
Reports are Internal Auditors
opportunity to get managements
complete attention.
A perfect occasion to show how Auditors
can help Mgt by informing important
events they would otherwise not know
about.
However, most of the time auditors do
not take this golden opportunity. Rather
they feel satisfied just for finishing the
report writing.
Unfortunately, auditors do not sell their
Audit reports as a vendor sells his goods.

16
What it is and what it does ? (Contd)
What it does?
Alert management to matters needing
correction or improvement by:

Communicating create awareness

Explaining obtain acceptance
Persuading implementation

If the report fails to deliver this purposes,

whatever skillful, constructive and value
adding our report is, fails to get the
attention and buy-in of the management.
Hence, can not be implemented.
17
What it is and what it does ? (Contd)

Whom it serves?

The auditors themselves

Operating management / higher

management / board

External Auditors

Government regulators and courts.

18
What it is and what it does ? (Contd)

For the Internal Auditors

Facilitates audit follow-up.

Evidencefor auditor performance

evaluation.

Means to teach and train audit staff.

Summarizes results of the audit work.

19
What it is and what it does ? (Contd)

Forthe Operating/ Higher Management &

Board

Facilitates corrective
action / improvement.
Means to gain support of higher
management for issues that require their
attention.
Serves as window in to operation for busy
managers.
Means to evaluate operating performance.
Source of objective information about
controls and operations.
Promotes disciplined operations.

20
Report Writing Frictions

Which one do we auditors really like?

Auditing or Reporting?

Most of the time brilliant analysis and

findings seem to be forgotten during the
trauma of report writing. The reasons
are:

21
Report Writing Frictions (Contd)
Supervisory rewriting - leaves the
auditor unpleased. How does it feel ?

Reporting under pressure the pressure

to rush the draft is constant source of
irritation. Auditors give more emphasis
to answer previous criticism. Hence,
auditors always write reports with the
anticipation of their supervisors
correction. And even sometimes issues
are left unreported.

22
Report Writing Frictions (Contd)
Toomuch time spent on reports: CAEs
usually set a high standard of reporting
and review procedures which take
considerable time
Poor Drafts Auditors most of the time
are concerned with auditing than writing.
Poor writing skills many Auditors are
not skillful writers.
Disagreement between Auditors and
Supervisors the disagreement ranges
from grammar and spelling to logic,
interpretation of observed conditions and
rework.

23
Report Writing Frictions (Contd
Writing report far from the site of the
audit- Many reports are written in the
office. As a result, some important
information might be missing or issue is
totally disregarded. Besides, time tends
to dull memories of the Auditor.

Lack of Auditee Interest When reports

are difficult to understand, worst of all,
where clients have no obligation to
respond to them, hard working Auditors
find noting but frustration.

24
Report Writing Frictions (Contd)

As a result, most of the time auditors do

not enjoy Report Writing

Audit clients do not enjoy our reports

either

25
Report evaluation
Do your reports clearly explain the areas
and risks that each individual review has
covered?
Do your reports include a clear executive
summary including scope of work, risks
covered and key issues arising?
Are your reports on average five pages or
less?
Are your reports finalized within two
weeks of completion of the fieldwork?
Do your reports contain a clear action
plan including action, planned date of
completion and who is responsible for
implementing the action?

26
Report evaluation-Contd

Do your reports focus on the future

rather than the past?
Do your reports contain only the vital
few recommendations with the minor
issues being dealt with elsewhere?
Do you adopt a consistent report format
across the whole department?
Is the report balanced and does
commend significant accomplishments?

27
Report evaluation-Contd
Do management really buy-in to the
actions contained in the audit report?

Are at least 90% of the agreed actions

actually implemented by management by
the agreed deadline?

Any No answer is not acceptable for the

above questions

28
III. What is the remedy?

Unfortunately there are no easy

solutions. Courses in report writing
concentrate in word choice, sentence
length, paragraph structure etc. they do
not teach us judgment, empathy, analytical
ability .

So Where is the problem?

The source of audit report problems can

often be found in the audit process itself.
The process can be improved by taking
the following steps.

29
What is the remedy? -Contd

Develop a report style manual for the

audit activity. This avoids disagreements
regarding grammar, spelling
capitalization, and the like

For larger internal audit activities an

editor to review reports before
submitting to the Supervisor should be
considered.

30
What is the remedy? (contd)

Conduct training in attributes of good

report writing and processing of audit
reports. Including the standards for
reporting, if possible, by auditors
themselves.

31
What is the remedy? (contd)

The use of formats to ensure the presence

of all elements of a finding (Condition,
Criteria, Cause, Impact and
Recommendation).
This format should be completed in the
field and makes report writing a process
than a task.
Use of finding write-up sheet. Many
auditors wait until after field work to
write the findings due to time constraint.
This is a big mistake. Proper
development of findings starts in the
field.
32
Practical Cases
Case- The following sample finding is taken from an internal
audit report on a given unit of an organization
Condition The following long outstanding receivables are
observed in the unit
1. ETB25,000.00
2. ETB125,360.00
Criteria-The operation manual of the unit
Impact- Violation of Internal Control
Recommendation- As per the operation manual of the unit
the o/s receivables shall be collected
Audittees response- Follow-up of the case is ongoing
Auditees action plan- The o/s receivables will be settled in
a week

33
Practical Cases (Contd) Case- 1

Major shortcomings of the above finding

report
1. Condition:- The word outstanding shall
be specific. At least how long was it o/s?
2. Criteria:- The Criteria element shall also
be specific. It shall provide the
requirement of the operation manual on
that specific finding or the Auditors
expectation.

34
Practical Cases (Contd) Case- 1
3. Cause:-The standard requires all elements of
findings however, the findings reported above is
missing the element of Cause.
The internal audit recommendations
basically depend on the Cause element of
audit finding.
Therefore, the auditor shall carefully
analyze the cause element of a finding and
shall state it on the findings write-up sheet.
The cause element of a finding requires the
auditors careful judgment

35
Practical Cases (Contd) Case- 1

4. Impact:- The Impact element shall

also state the effect of a finding if
not rectified as per the
recommendation
5. Recommendation:- This element
shall provide an auditors opinion to
be implemented by the auditee.
The auditors opinion given here
depends on the cause element.

36
Practical Cases (Contd) Case- 1
6. Auditees response:- This part shall clearly
indicate the Auditees acceptance or non-
acceptance of the finding. If it is accepted by
the auditee, justifiable reason for non-
performance shall be given and the
corresponding action plan shall also be
provided. If not accepted :- here also
justifiable reason with supporting
document/evidence shall be provided for the
higher management consumption.
7. The auditees action plan shall state the
completion time frame as well as the
responsible body for all accepted findings and
shall be reported as annex to internal audit
report instead of as element of findings.
37
Practical Cases (Contd) Case- 1
The standard requires all elements of findings.
Accordingly, my suggestion would be:-
Condition The following outstanding receivables
are kept in the books of the unit for more than a year
Date Amount Description
1.------------- -------------- -----------------------------
2. ------------- -------------- -----------------------------
Criteria- The operation manual of the unit requires
to collect such type of receivables in a maximum
period of one year otherwise shall be forwarded to
the write-off committee

38
Practical Cases (Contd) Case- 1

Cause:- Oversight/ workload/ lack of

professional staff/ unawareness of the
criteria/instructed by supervisors,
etc. as the case may be
Impact- The organization may incur
loss if proper follow-up not conducted
and collected on time/The possibility
of collecting these long outstanding
receivables is very low, therefore the
b/s of the unit is showing inflated
amount of assets.
39
Practical Cases (Contd) Case- 1
Recommendation- As per the
operation manual of the unit o/s
receivables shall timely be collected by
the unit or shall be written-off.
Therefore, timely follow-up shall be
conducted by supervisors/ adequate
number of manpower shall be assigned
to the job/qualified staff shall be
assigned to the job/procedures shall be
made known to performers of the job/
supervisors shall comply with the units
procedures, etc..As the case maybe

40
Practical Cases (Contd) Case- 1
Audittees response- Accepted/Agreed-
Even though several reminders were
sent to the client , the receivables are
still outstanding and it seems un-
collectible. Therefore, the o/s
receivables will be forwarded to the
write-off committee and will be taken
action accordingly. The unit will assign
professional staff to the job. The action
plan is attached.
Auditees action plan- Shall be
attached as Annex to the report.

41
IV. Important issues to be considered
in good report writing
1. Discussion with auditee
2. Factual Reports
3. Precision
4. Clarity
5. Proper Background, scope and
objective.
6. Conciseness

42
Important issues .Contd

7. Constructive tone
8. Perspective
9. Audit Conclusion / Opinion
10. Audit recommendation
11. Auditee Accomplishment
12. Interim reports / Preliminary report
13. Summary reports

43
Important issues . Contd

14. Auditee Position

15. Timeliness
16. Report Distribution
17. Legal considerations
18. Proper editorials
19 Restricted Information

44
1. Discussion with Auditee
Confirm facts as you go through /
communicate.
It is also important to discuss cause,
effect and recommendation before the
report is released. Since clients know
better about the operation than the
auditors.
Differences with client other than the
fact could be stated in the final
engagement communication.
Early rectification is facilitated.
Avoids surprises.
Improved comm. b/n auditor & Auditee
improves report quality.

45
2. Factual Reports
Audit reports must always be completely
factual.
Report items should be based on a well
documented facts and inescapable logic.
Everything should be what we have
observed or validated to be factual.
Otherwise source should be disclosed.

46
3. Precision

Reports seek to communicate. If it fails to

so, it is worthless.
Use precise words. Imprecise words leave
a reader confused (e.g.. Words like
sometimes, many, a few, several etc..).
Imprecise reports hardly get
comprehended and hence, not
implemented.

47
4. Clarity

Transferring to the mind of the readers

what was in the mind of the auditor.
It is a precondition to be persuasive.
Avoid jargons, use simple words.
Have a clear understanding of the issue
before writing it. Mental creation
precedes physical creation.
Good writing comes from good thinking
& good thinking requires including all
elements of a finding.
Use active sentences than passive
sentences.
Properly structuring of reports and
coherence of the flow from beginning to
end.Avoid report drift.

48
4. Clarity Contd
The main rule in writing is to know the
reader & their needs.
Avoid emotions and feelings.
Do not obscure the major finding amidst
trivial issues.
Use powerful descriptions, e.g., instead of
reporting Goods Receiving Notes are
not reconciled with invoices, use there
is no assurance that the company
receives what it is paying for.
Use charts, graphs, tabulations and
pictures, if found necessary.
For emphasis, use bullets, boldface, italics,
etc.
Use titles / headings that easily lead the
reader to the subject matter.

49
5. Proper Background, scope and objective.

Sets the stage for the reporting

Makes the reader more receptive and
understanding
How audit was initiated
What it strives to achieve
Coverage / non-coverage

50
6. Conciseness

Means cutting out what is unworthy.

Cutting out what is irrelevant &
immaterial.
Brevity that does not inform, however, is
not a virtue.
The report should have integrated flow of
ideas.
As much as possible avoid long sentences.

51
What is the ideal size of an audit
report?
In as much as possible the main audit
report should not be more than five
pages.

52
7. Constructive tone

Do not emphasize the mistake of

individuals.
Proper criticism may be necessary but
emphasize on needed improvements.
Audit reports with a constructive tone
are more likely to get the buy-in of
clients.

53
8. Perspective

It relates to objectivity

Requires refraining from puffing up that

which is not material or relevant

54
9. Audit Conclusion / Opinion
Auditors overall opinion in relation to
the audit objective is very important.
(e.g. there is adequate control over., such
and such task is being performed efficiently
and effectively, or vise versa)
Auditors opinion is a must in many
progressive audit shops.
The main thing is keeping the main thing
the main thing.
If the Auditee deserves to be
complemented for its exceptional
accomplishment, the auditor should do
so. This results in a significant reward.
55
10. Audit recommendation
Auditors recommendation should only
be considered as options to operating
management.
Should not come out as a surprise at last.
Should be well discussed with in due
course of the audit.
Always operating staff /mgt. are more
knowledgeable about operations than the
auditor.
Lets not take the credit for the
recommendation.
Have regard for the cost of implementing
a recommendation except for
compliance and regulatory issues.

56
11. Auditee Accomplishment

Most audit reports are negative in tone.

Objectivity will be in question if
everything in the report is negative
(unbalanced).
If reports are not balanced, auditees
perception towards the audit report will
also be negative and defensive.
We should admit that complementing
exceptional accomplishment, if any, is
value adding.

57
12. Interim Reports / Preliminary
Report
Useful when early information to
management and timely corrective
action is necessary.
Should not be considered as a substitute
for a final report.
If the issue raised is adequately
addressed, it may be excluded from the
final report or may be disclosed
accordingly.

58
13. Summary Reports
The objective of Internal Auditing is to
get sr. Mgt. Interested and read the audit
report and take corrective action.
However, executives do not have time to
go through the detailed audit reports.
Hence, auditors significant findings could
be summarized in one page or a
maximum of two.
Internal Auditors should be careful
enough to put themselves in the shoe of
busy managers and raise issues which are
of concern to management.

59
13. Summary Reports- Contd

The major content of summary report

should be
What was audited
Conclusion
Capsule statement of truly significant
findings
Action taken by operating
management.
Overall evaluation statement. (Refer
sample)
60
14. Auditee Position
As the standard dictates, no
disagreement should arise between
auditor and auditee regarding facts.
(Condition and Criteria).
However, disagreement in relation to
Conclusion and Interpretation, auditees
view should be given adequate coverage
in the report. This will help management
take a balanced and informed decision.
Once agreement is reached, auditees
action plan could even be attached as an
appendix.

61
15. Timeliness

Reports are useless if they are not timely.

If not timely, minimizes the impact of the
reported finding.
There should be balance between
thoughtfulness and promptness. One way
to address this is by issuing preliminary
reports.

62
16. Report Distribution
To operating management taking
corrective action.
Sr. management who can enforce
corrective action.
In case there is important information to
be disclosed or error is found out, the
CAE should ensure that a new report is
issued clearly highlighting the
amendments.

63
17. Legal considerations

For matters involving legal issues auditors

should always seek for a legal advice.

64
18. Proper editorials
Review each report at least 3 times.
Get clear understanding of what is being
said.
Ensure each sentence is needed and says
what it intends to say.
Judge the style, syntax, and capitalization.
Avoid shaky grammar and faulty
punctuation (use grammar and
spellchecker).

65
18. Proper editorials Contd
Poorly proofread reports can cruelly
blemish and downgrade a well written,
soundly documented audit reports.
Simple mistake diverts attention and the
reader starts to think about the writer
than what is written.
Compare the final with the draft report
preferably by another auditor
Check references (references, indexes,
figures, etc) might have been wrongly
changed in due course of review.

66
19 Restricted Information

Certain information may be appropriate

to be issued separately to a concerned
party only in a confidential
communication. This facilitates smooth
rectification and course of action to be
taken.

67
V. Effective strategies for report
writing
Full wording of acronyms when first used.
Recommendations should be precise and
resolve the problems.
Recommendations should cure the cause
not the symptom.
Recommend to those who have the
authority to implement them.
Include client responses in the report.

68
Effective strategies contd
Make report outline before starting to
write
Keep your writing short.
Group similar findings together.
Place the most important findings at the
beginning of the report.
Use an executive summary of the findings
and recommendations.

69
Effective strategies contd
Good audit report is like a bridge
between the auditor and audit client. Any
gap / defect in the report will not let your
findings to cross over to the audit clients
for their implementation & hence, no
value.

70
VI. Internal Audit Report

Main Parts of the Ideal Internal Audit

Report are:-
A. Executive Summary
B. Complete Audit Report

71
A. Executive Summary
Provides a high level overview of the audit
and provides a summary of the audit activity
Included are the Introduction, the Objective
and Scope, Observations and
Recommendations, Summary, and
Conclusion
The Executive Summary is submitted to the
Audit Committee and the Senior
Management.
The entire report (which includes the
executive summary) is provided to the
individual auditees.

72
Executive Summary (Contd)

Introduction
The Introduction of the Executive
Summary will provide
a brief description of how the audit
relates to the annual audit plan
inherent risks identified
other pertinent information to ensure
the purpose of the audit
any other background information

73
Executive Summary (Contd)

Objective and Scope of the Audit

The objective of the audit for the

Executive Summary will provide an
overview with respect to why the audit
was conducted

The scope involves what information was

examined for the audit

74
Executive Summary (Contd)

Observations and Recommendations

This section provides an explanation as to
how the audit report is to assist rather
than find fault with areas reviewed

75
Executive Summary (Contd)

Summary
This section provides a summary of the
observations and recommendations
made
The goal of this section is to provide an
overview of the audit work
If specifics are required then the full audit
report can be referenced

76
Executive Summary (Contd)

Conclusion
This section provides the conclusion
reached by the auditors
A opinion will be expressed with respect
to the observations.

77
B.The Complete Internal Audit
Report
Background
Inherent Risks
Objective of Audit
Nature and Scope of the Audit
Methodology
Attributes Tested
Conclusion
Appendixes

78
 The Complete Internal Audit Report
(Contd)
Background
A very brief explanation as to the rationale for
the audit is provided in this section

Inherent Risks
This section addresses the inherent risks
involved in the area being audited

Objective of Audit
The objective of the audit should answer the
question Why was this department/area
audited?

79
The Complete Internal Audit Report
(Contd)
Nature and Scope of the Audit
This section should answer the question
What was audited?

Methodology
This section describes the audit program
that was developed to conduct the
fieldwork

80
The Complete Internal Audit Report
(Contd)
Attributes Tested
This section of the audit report will
discuss the individual issues or areas that
we decided to test.
A particular issue is analyzed and
captured the information in a set format
which includes observations and
recommendations as required

81
The Complete Internal Audit Report
(Contd)
Name of the Attribute Tested
For each attribute tested an analysis that
covers the objective, criteria, risks,
observations, conclusion, causes,
recommendations, and managements
response shall be provided
Objective
Criteria
Risks
Observations
Conclusion
Causes
Recommendations
Management response

82
 The Complete Internal Audit Report
(Contd)
Conclusion

The final section of the audit report is the

conclusion where the audit opinion is
expressed.

83
 The Complete Internal Audit Report
(Contd)
Appendixes
Planned Management Actions
This section is a compilation of all the
recommendations made in the audit
report, and includes all of the
management responses, who the
responsible person is for implementing
each recommendation and the time
frame

84
The End!
Thank you very much!

85
Sources of the Materials
Used/References
IPPF-IIA
Sawyers - The Practice of Modern Internal
Auditing by L. Sawyer
Internal Auditing: Assurance and Consulting
Services By F. Kurt (IIA Research Foundation)
Others

86