Want to make sure your audit reports are digestible and effective at motivating stakeholder action? Elevate your next audit report with our reporting resources package, with proven tactics to boost clarity and business impact.
A great audit report is one that clearly communicates the objectives, scope, and findings of an audit engagement, and in doing so, motivates its readers to take internal audit’s recommended actions.
We’ve collected four of our top resources for writing effective audit reports from our Audit Management Playbook, including Tips for Writing an Effective Executive Summary, 10 Best Practices for Writing a Digestible Audit Report, and the Audit Reporting Checklist — and you can download the full Audit Management Playbook below.
Tips for Writing an Effective Executive Summary
The first step to writing a great audit report is ensuring its contributors understand the desired outcome of the report. For an audit report to make an impact on the business, it must motivate leadership to act upon internal audit’s recommendations.
The following tips will help you create an impactful executive summary.
1. Know Your Readers
Understand who will receive the report. The executive summary should give an overview of the detailed report that resonates with every executive officer who reads it, so it is important to understand your organization’s culture. Some organizations may be more cross-functionally collaborative, while others will be more compliance-oriented. Not every stakeholder will be a technical subject matter expert. For example, if your report is going to the CFO and you have IT audit findings, make sure that you don’t have to be an IT expert to understand what the issue is.
2. Cut the Fluff
The executive summary should be 1-2 pages. Aim for brevity as much as possible. Consider the best way to summarize each point, as there will be more takeaways in the detailed report. Wherever possible, use numbers and percentages to help drive points home. Eliminate any unnecessary descriptive adjectives and adverbs.
3. Explain It to the Company
Whether the audit report is presented to members from operations or IT, the executive summary should be written so that every individual can easily understand the terminology and sophistication level of the writing. A good rule of thumb is to try to explain every point in a way that all levels of experience and expertise at your company would understand.
4. Make It Digestible
For any key point, whether it is a big, scary finding or a positive one, bring the reader’s attention to the information as concisely as possible. Decide on your most important takeaways or messages, then leverage visual formatting to draw your audience’s eyes to each message.
Writing the Detailed Report
Depending on the audit, the expectations set during the opening meeting, and the findings, the contents of the detailed report may vary. If there were more findings and complexity in the audit than anticipated, you might need to include more detail.
The contents of the detailed report are as follows:
- Background or Overview of the Audit Area Reviewed
- Scope & Approach (what we looked at)
- Audit Period (what period was included)
- Findings Summary (positive findings & issues or problems)
- Detailed Observations (include the 5C’s: Criteria, Condition, Cause, Consequence, and Corrective Action Plans/Recommendations)
10 Best Practices for Writing a Digestible Audit Report
- Reference Everything. Avoid unverifiable claims and make sure to bridge any gaps of information by referencing where you obtained key facts and figures.
- Include a Reference Section. Use of indices, appendices, and tables in this section is very helpful.
- Use Figures, Visuals, and Text Stylization. If you can put a number behind a fact or use a percentage to describe it, do so. Circle or highlight the key points you want to convey, as well as bold, underline, italicize, or use color to draw attention to key facts and figures. Use tables or graphs to summarize and draw attention to key trends or important data, wherever possible.
- Note Key Statistics about the Entity Audited. Noting key statistics about the entity audited in the Background/ Overview, if applicable, puts things in perspective and gives context and relevance to your audit findings.
- Make a “Findings Sandwich.” Layer a positive finding, followed by an issue, followed by a positive, and so on. Try to end the Findings Summary on a slight positive, if possible.
- Ensure Every Issue Includes the 5 C’s of Observations. Criteria, Condition, Cause, Consequence, and Corrective Action Plans/Recommendations.
- Include Detailed Observations. Detailed Observations are also a good place to include any additional facts and figures
- Always Perform a Quality Assurance Check. Seek someone who does not have a direct connection to the audit so they can provide fresh eyes. If possible, ask someone from the department or function audited to review the report as well.
- Avoid Blame – State the Facts. Aim to preserve the relationship with audit clients by being as objective as possible and avoiding blame. Simply state issues and recommended actions.
- Be as Direct as Possible. Avoid soft statements when making recommendations (such as “Management should consider…”) and opt for solid recommendations and calls to action instead.
Audit Reporting Checklist
To elevate your next audit report, follow our checklist to ensure that it clearly communicates the objectives, scope, and findings of an audit engagement, and in doing so, motivates its readers to take internal audit’s recommended actions.
Looking for more resources to take your internal audit team to the next level? Download the full in-depth Audit Management Playbook below and get more best practices, checklists, and tools for each stage of the audit lifecycle — planning, fieldwork, reporting, issue management, and scaling audit practices.