Powerful Internal Audit

Report Writing
Sana Baqai
Vice-President - IIA India, Delhi Branch

9th August IIA India

 Objectives

01 Understand the importance of clear and

concise communication
02 Learn about the 5 C's of internal audit
report writing
03 Identify the different sections of an
internal audit report

04 Understand tips for writing effective

internal audit reports

05
Best Practices, do’s and don’t for
writing the powerful internal audit
reports
Food for Thought

01 02
Were all your findings Do your reports
or recommendations focus on the
different from last time future rather
this area was than the past?
reviewed?

03 04
Have more than 90% of Did the findings,
Ask yourself
your audit conclusions, and
recommendations during recommendations these questions
the last year been fully really represent the key
and successfully issues?
implemented?

05 06
Was the audit opinion a Were all your
true reflection of the recommendations
overall conclusions? 100% practical?
Clear and Concise Communication

To effectively
communicate, we must
realise that we are all
different in the way we
perceive the world and use
this understanding as a
guide to our
communication with
others.

- Tony Robbins
Who are the Stakeholders

HOD

Process CFO/
Owner CEO/ MD

Stake
holders

Regulator Audit
/ Investor Committee

Statutory
Auditor
What Are The Stakeholders Expectations
Process Owner HOD / CFO / CEO / COO / MD
▪ Process understanding ▪ Overall risk assessment
▪ Genuine observations ▪ Categorization based on risk
▪ Listen to their point of view ▪ Summarized findings
▪ Practical suggestions / recommendations ▪ Root cause analysis
▪ Cost-effective solution ▪ Recommendations
▪ Process owner’s acceptance, agreed action plan, first-
person
▪ responsible for implementation and target date
▪ Value addition
Audit Committee Statutory Auditor
▪ Overall coverage and risk assessment ▪ Overall coverage
▪ Statutory non-compliances ▪ Issues which affects the true and fair view of the
▪ The Summarized finding of key issues accounts/ financial reporting
▪ Preventive controls / automated controls ▪ Statutory non-compliances
▪ Management comments, agreed action plan, first- ▪ Assurance which they can rely on
person responsible for implementation and target date ▪ Comfort which would help them make a proper
▪ Providing assurance / comment on improvement assessment and save their time
▪ Value addition
 Different Form Of Communication

CFO/
Process • The internal audit report CEO/
Owner • Discussion on MD/ • Detailed audit report
observations at exit
meeting and prima facie
ACM with annexures
providing instances
reply
• Discussion of • Executive summary
queries during audit • Dashboard
• The draft internal presentation
audit report Statutory
• Detailed annexures HOD • Final Internal audit
report Auditor
What The Stakeholders Likes To See
Value-Adding
Processes Fraud Risks Compliances
• Revenue / Costs / Savings • Fraud scenarios • Comprehensive compliance
• Efficiency improvement • Late adjustments tracking and monitoring
(Rework, Complaints, • Related parties • Self-assessments
Rejections, Returns, • Independent reviews
Inspections, Discounts, etc.) • Exceptions
• Compliance history and
• 27
Supply /04chain / procurement • Journal entries27 /04
assessments
• Benchmarking
Image placeholder • New transactions / regions / Image placeholder

products • Board certifications

• Analytics / Dashboard
A wonderful serenity has taken possession of my entire soul, like these sweet mornings of spring which
A wonderful serenity has taken possession of my entire soul, like these sweet mornings of spring which
I enjoy with my whole heart. I am alone.
reporting • WhistleblowingI enjoy events
with my whole heart. I am alone.

• Delays
• Continuing control
deficiencies
 Have you thought?

What readers do and How you can make it easy

don’t value in your for readers to understand
written reports? and accept your key points?

Why recipients don’t always How word choice can

grasp the significance of affect the readers’
issues you present? response to your report?
 Remember the Five C’s

Criteria Condition Cause Consequence Corrective

Action
1 2 3 4 5

What it Should be The Current State The Reason for Effect Plans/ Recommendations
the Difference

What is the standard What is the Why did the What is the What should
that was not met? The particular problem problem occur? risk/negative outcome management do about
standard may be a identified? (or opportunity the finding? What have
company policy or foregone) because of they agreed to do and
other benchmark. the finding? by when?
Different Sections of Audit Report

01 Executive Summary

02 Introduction

03 Finding

04 Conclusions

05 Recommendations
 Audit Report Structure
Contents of Internal Audit Report could include:
The report content and structure is tailored to meet client requirements and intended audience, as long as these
requirements do not violate local risk management or professional practice requirements.
Cover Page Purpose, Scope and Methodology Audit Observations
• Type of audit • Information about the audit • Background
• Name of the Organisation • Why audit was done: • Description of the issue noted
• Period Covered o Per Long Range Audit Plan • Cause
• Date of Submission o Requested by the department • Effect / Implication
• Author of report o Required by law • Recommendation
o Other • Department comment
Table of Contents • How it was done:
• Identify Topics and Page numbers o Audit objectives
• Report Sections Appendices/ Annexure
o Audit methodology
• Annexures / Attachments Details supporting the
o Audit scope
observations
Executive Summary
Brief summary of key observations in a
concise and easily readable format:
• Overall conclusion
• Overall recommendation
• Relate to Purpose and Scope
 Tips for Writing
Effective Internal
Audit Reports
Use Plain Language
Use of appropriate and plain
language avoids ambiguity.
Be Specific
Don't just state that there is a
problem. Explain the problem in
detail, including the criteria,
condition, cause, consequence, and
corrective action.
Tailor the report to the
specific audience
Consider the needs and interests
of your audience when writing
your report. What information do
they need to know? What level of
detail is appropriate?
Avoid Jargons
Technical terms may be
used wherever necessary.
Use visuals to
improve readability
Tables, charts, and graphs
can help to break up text
and make your report more
visually appealing
Get feedback from
stakeholders
Once you have drafted
your report, get feedback
from stakeholders to make
sure that it is clear, concise,
and effective.
Eliminate These Five Words From
Your Reports

Failed Inadequate Found Ineffective Appears

Best Practices- For Presentation
1. State the Critical Issue First
Clients, senior executives, and audit committee members want a succinct
description of the issue, its level of risk, and the recommended mitigating
or corrective actions.

2. Illustrate the Risk

Audit reports need to communicate the severity of risk in a way that clients
can easily grasp. If the stated issue could lead to decreased revenues, for
example, the report should quantify the potential loss in a rupee.

3. Emphasize Potential for Improvement

Internal audit is not just about finding problems, but also about finding
potential for improvement.

4. Graphical Representation
• Identify the best way to represent your data –bar charts, pie charts, scatter
diagrams.
• Follow robust statistical procedures to back up your audit conclusions.

5. Tabular Representation
Identify the best way to group and distribute your data logically into a tabular
format to improve the comprehension of complex data with several fields.
Best Practices
1. Positive Assurance
Do not report by exception only. Give a
balance view by including in report what is
working properly.

2. Follow the 5Cs

Follow 5Cs it will help you in defending
your observations.

3. Corrective Action
Work with process owners to include
corrective and preventive actions.

4. Short Reports
Keep it short and focused on areas that
matters.
100%
5. Faster Reports
Time is the essence. Issue the report
speedily for quick actions.
Do’s & Don’t of Report Writing
✓ Factual accuracy
✓ Check language - Check your grammar,
spelling, punctuation and style.
✓ Consider the importance of the report: who it
is for, why they want it, how will they use it?
✓ Observe the following principle –Brevity /
Clarity / Readability / Consistency.
✓ Importance: Decide what information is
important and what is irrelevant.
✓ Visual Presentation: Decide where you might
need illustrations or diagrams.
✓ Use bullet points to make your points clearer.
✓ Use the K.I.S.S principle: Keep It Short and
Simple
✓ Conciseness: Omit any information, phrases
and words that are not absolutely necessary
✓ Clarity and Consistency: Check your style and
opinion (for, against or neutral) is the same
throughout.
✓ Simplicity
✓ Clear, unambiguous writing
✓ Good logical flow
✓ Helpful headings: Include sub-heading
wherever required.
✓ Correct formatting: Justify the content for
uniform look throughout
✓ Lack of repetition and unnecessary words
✓ Review your report
Do’s & Don’t of Report Writing
× Gender, sexual preferences, etc. - Using ‘he/ she’ ×
× First reference to individuals: Jaya informed us
that… (designation preferred)
× Superlatives (best possible solution would be…)
× Unsupported words / findings
× Using colloquial language: For e.g., use
“performs” instead of “does”, “requires” instead
of “needs” etc.
× Jargon: Not everyone understands jargon. So
translate their technical language for non-
auditors
Unconventional words: Use simple, commonly
used words
× Overstuffing sentences: Keep sentences short &
discrete, so don’t put too many ideas into one
sentence
× Negative language: Negative language stands to
dissuade rather than convince clients
× Judgmental sentences: The essence of
observation is lost by including personal opinions
/ judgment
Thank You
Sana Baqai
[email protected]
+91-9971938000