Please enable JavaScript.
Coggle requires JavaScript to display documents.
Audit Reporting (I. PHASE ONE—PREPARING TO WRITE (Objectives of Audit…
Audit Reporting
I. PHASE ONE—PREPARING TO WRITE
Objectives of Audit Reporting
The six objectives of audit reporting are:
Formally present the audit results to the auditee.
Serve as formal closure of the audit engagement.
Provide statements of assurance and, if needed, identification of areas requiring corrective action and
related recommendations.
Serve as a valued reference for any party researching the audit entity or audit topic.
Serve as the basis for a follow-up audit if audit findings were presented.
Promote audit credibility when well developed and well written.
IS AUDIT REPORT
Reporting is an important phase of the audit process. The value of the audit is communicated to the readers
of the report.
REPORT VALUE
The value of the IS audit report lies in its ability to communicate the scope, objectives, results and recommendations
of the audit. The value also lies in the report’s ability to provide information to persuade and assist management in
reducing risk, achieving organisational objectives and taking corrective action
Types of IS Audit Reports
1.type of audit engagement—whether it is a review, an audit (examination)
or an agreed-upon procedures engagement
2.The organisation and specific content of the report
The format and protocols
for audit report presentation can also depend on any requirements and expectations set forth between the audit
organisation and the auditee.
Types of Audit Engagements:
1.Examination
2.Agreed-upon Procedures Engagement
IS Audit Engagements
• General control examination or facility audit
• Application audit
• System development audit
• Technical or special topic audit
Identifying and Understanding the Users of the Report
1.Users
2.Distribution
Compliance With Auditing Standards
Auditors who are holders of the Certified Information Systems Auditor® (CISA®) designation or members of ISACA,
must comply with ISACA IS Audit and Assurance Standards and IS Audit and Assurance Guidelines when preparing
and issuing IS audit reports. The auditor is responsible for ensuring that audit work, including audit reporting,
complies with relevant auditing standards
II. PHASE TWO—WRITING THE REPORT
Communication Factors
Key Success Factors
1.Informative
2.Logical sequence
Persuasive
4.Sufficient Information.
Length and Content of an IS Audit Reportdepend on the following:
• Predefined requirements that are mandated by auditing standards
• Additional requirements that are dictated by the needs of various readers
• Complexity of the material
• Reporting protocols that are established by the audit organisation
IS Audit Reports
Most IS audit reports include the following main sections
Title Page
Signatory and Transmittal Page
Table of Contents
Introduction
Executive Summary (optional depending on the length and complexity of the report
Audit Scope
Audit Objective(s)
Audit Methodology
Audit Results (mandatory depending on the results of the audit
Audit Conclusion or Opinion
Recommendation (mandatory depending on the results of the audit
Management Response (mandatory depending on the results of the audit
Auditor Reply
Appendix
Audit Report Template
Using the IS Audit Report Template
Constructing Well-written IS Audit Reports
Report Drafting Process
1.Guideposts for Writing Effective IS Audit Reports
2.Formal Draft Report
3.Cover Letter or Memo
III. PHASE THREE—FINALISING THE REPORT
Including Additional Information
Final Editing, Review and Approval
Subsequent Events
Disclosures
IV. OTHER CONSIDERATIONS FOR REPORT DISTRIBUTION
Compliance With Legal Requirements
1.Information to Include in the Final Report
2.IS Audits
3.Identify Legally Mandated Reporting Requirements
Communicating Possibility of Illegal or Fraudulent Activity
When and to Whom to Report Possible Fraud
What Is Fraud?
must involve intentional deception or misrepresentation known to be such by the
perpetrator
Reporting Possible Fraud in the Final Report
Issuing Separate Confidential Reports
Meeting Future Reporting Expectations
1.Enhanced Information
Objective of Integrated Reporting
3.Important Issues
4.Use of Technology in Reporting.