Chapter 7
The Audit Report
A.
General Comments
The audit report is intended to communicate the results of the audit to management
officials who have the responsibility for correcting any noted deficiencies, to elected
officials or senior executives who have the responsibility for governance and oversight of
the organization, to members of the public, press or other interested parties, and to
facilitate follow up on audit recommendation. In order to ensure clear and concise
communications with report readers the report writer must have a clearly defined
message to be presented in the report. Please remember that a poorly written audit report
is of no use to anyone no matter how good the actual audit work was.
The audit report will generally have five sections: Background; Objectives; Scope and
Methodology; Conclusion; and Findings and Recommendations (if any). Audit reports
may also have observations and one or more appendices when warranted. The audit
report is developed from the audit planning memo (for background and objectives), the
audit program (for scope and methodology), and audit point sheets (for conclusions,
findings and recommendations).
The audit report moves through various stages during its development. The first stage is
the discussion draft which is prepared by the audit team following approval of the audit
point sheets at the conclusion of field work. The second stage is the final draft which is
prepared by audit management following the exit conference. The third stage is the final
report which is prepared by audit management following the auditee’s written response to
the final draft report and which becomes the document submitted to the Audit Committee
for approval. The final stage of the audit report is the approved report which is prepared
by audit management following approval by the Audit Committee.
There is a report macro located on the computer “G drive” which is to be used when
preparing all audit reports. The report macro allows the auditor to create title pages,
establish the necessary formatting and apply the appropriate headers and footers to the
documents. Paper copies of each version of the audit report will be filed in the audit
work paper files. Electronic copies of each version of the discussion draft audit report
will be filed on the G drive in the audit engagement folder. Electronic copies of the final
draft audit report will be filed on the G drive in the “audit reports – final draft” folder.
Electronic copies of the final audit report will be filed on the G drive in the “audit reports
– final” folder. Electronic copies of the approved audit report will be filed on the G drive
in the “audit reports – approved” folder.
B.
Background
Chapter 7 - Page 1 of 5
The background is intended to give the report reader a framework for understanding the
audit objectives, scope, methodology, conclusions, findings and recommendations. The
background gives the reader an understanding of:
• how the audited activity relates to the department as a whole
• the legal, operational and organizational environment for the activity
• the size and magnitude of operations of the activity
• any significant grants or contracts affecting the activity
• any other information useful in understanding the audited entity.
The background should normally be three to four paragraphs and generally less than one
page.
C.
Objectives
The objectives identify what the audit was conducted to determine. An audit may have a
single objective or multiple objectives. The objective will generally be stated in a
manner that suggests a yes or no response, i.e. as a question. For example, “Did the
department do such and such?” The answer to the question raised by the audit objective
is presented in the conclusion section.
Within the Objectives section we will have a standard statement drawn from Appendix 1
of the 2007 Yellow Book section A1.08.d as follows:
“Management is responsible for establishing and maintaining effective internal
control to help ensure that appropriate goals and objectives are met; resources are
used effectively, efficiently and economically; resources are safeguarded; laws
and regulations are followed; and ensuring that management and financial
information is reliable, and properly reported and retained. We are responsible
for using professional judgment in establishing the scope and methodology of our
work, determining the tests and procedures to be performed, conducting the work,
and reporting the results.”
D.
Scope and Methodology
The scope section identifies what was included in the audit in terms of time periods
covered, types of records, personnel, processes or procedures, organizational units and
locations. This section would identify any limitations placed on the scope of work by any
individual or organization, and address any affects on the audit conclusions or findings
resulting from those limitations.
The methodology section addresses work done in the planning portion of the engagement
and work done to address the specific audit objectives. Generally there will be one or
two paragraphs describing the work done during the planning phase including activities
conducted such as client interviews, preparation of risk analyses and discussions with
audit management to establish audit objectives. There will also be a paragraph
specifically relating a particular methodology (or methodologies) to a specific audit
objective for each audit objective. The concept is to provide the general reader an
Chapter 7 - Page 2 of 5
understanding of what work we did to develop our understanding of the programs,
objectives and risks relevant to the audit client, and to gather the evidence we used to
reach our conclusions, findings and recommendations. At the same time we must also
provide enough information for the more experienced reader to judge the appropriateness
of the methods we used for the stated objectives.
The scope and methodology section will end with the following statement from
paragraph 8.30 of the July 2007 revision to Government Auditing Standards:
“We conducted this performance audit in accordance with generally accepted
government auditing standards. Those standards require that we plan and perform
the audit to obtain sufficient, appropriate evidence to provide a reasonable basis
for our findings and conclusions based on our audit objectives. We believe that
the evidence obtained provides a reasonable basis for our findings and
conclusions based on our audit objectives.”
D. Conclusion
The conclusion is a statement of the auditor’s judgment regarding the stated audit
objectives based on an evaluation of the evidence gathered. The conclusion addresses
each audit objective individually. Since audit objectives are generally stated as questions
with yes or no answers, the conclusion either states that the auditee did or did not meet
the audit objective or that the auditee did meet the audit objective but with some
exceptions. Each audit conclusion will be either:
• “Clean” meaning the answer to the audit objective question is an unqualified yes;
• “Except for” meaning the answer to the audit objective question is generally yes
but that there are some exceptions; or
• “Adverse” meaning that the answer to the audit objective question is no.
An audit may have multiple objectives and we may have different types of conclusions
for the different audit objectives.
“Adverse” and “except for” audit conclusions will always have one or more findings
associated with the conclusion. The reader must be able to readily see the relationship
between our conclusion and the evidence we present in the findings section. When we
have adverse or except for conclusions we should provide a brief example of a condition
following the conclusion. Following is an example of an adverse conclusion followed by
a brief example of the condition: “CSD did not ensure that funding provided to FAA’s in
FY 2006 was within the maximum allowable limit set forth in Palm Beach County
Administrative Code 305.07. Our audit showed that four of the 46 funded FAA’s
received more than the maximum 25% allowable and no waivers were granted.”
E.
Findings and Recommendations
Findings present the evidence we gathered during the audit that support our identification
of a condition that is at variance from the audit criteria of sufficient significance to
warrant a formal report. GAS refers to the basic elements of a finding as being criteria,
Chapter 7 - Page 3 of 5
condition, cause and effect (as discussed in Chapter 6 – E Prepare Audit Point Sheets as
Necessary). Every finding will have a criterion and a condition. Cause and effect are
necessary only to the extent that a complete answer to the audit objective requires them.
Each finding is to be numbered consecutively within the report beginning with #1.
The information needed to write the finding should come from the finding point sheet(s).
Each finding should begin with a statement of the criteria. (See Chapter 6 for an
example.) Following the criteria should be the presentation of the audit evidence
describing the condition and how it varies from that called for in the criteria. The auditor
must be careful to avoid presenting conclusions in the place of audit evidence. The
significance of the deviation of the condition from the requirements of the criteria should
be explained. This significance can also be described as the effect of the condition. The
cause (if one has been identified) is also presented along with evidence supporting the
identified cause as the most likely reason contributing to the reported condition. A well
developed cause leads to a meaningful recommendation.
The recommendation represents our evaluation of the remedial action needed to correct
the condition. The recommendation must flow logically from the evidence presented in
the finding and directly address the condition, as well as the cause, if one has been
identified.
Each recommendation within the audit report is to be numbered consecutively beginning
with #1.
D.
Revise discussion draft as necessary to reflect auditee comments
Following the exit conference the discussion draft will be revised by audit management
to reflect auditee comments. The revised discussion draft will be reviewed with the audit
team prior to being sent to the auditee for written response. The revised audit report at
this point is known as the “Final Draft Report.” The final draft report is sent to the
auditee by audit management along with a cover memo stating the number of
recommendations included in the audit report and requesting a written response within
the two week period allowed by County PPM CW-L-029.
The final draft report adds a new section to the document following each finding or
recommendation as appropriate called “Management Comments and Our Evaluation.”
This section summarizes management’s comments on the discussion draft, some of which
may have been incorporated into the final draft report, and states whether management
agrees with the audit recommendations or proposed alternate corrective actions. The
section will begin with “At the exit conference held on (date) management …”
F.
Prepare Audit Committee document including written response from client
Once the written response from the auditee is received, audit management will prepare
the “Final Report” for the Audit Committee. The written response will be summarized
and incorporated into the final report in the “Management Comments and Our
Chapter 7 - Page 4 of 5
Evaluation.” The section will begin with “In responding to a draft of this report
management…” The actual written response from the auditee will be included in the
Audit Committee document.
Chapter 7 - Page 5 of 5