Database Reference
In-Depth Information
Audit report
Once the auditor has completed the fieldwork and documented the preliminary
findings, the next step is to prepare the audit report and provide conclusive
opinion and recommendations with the evidence of supporting work papers.
The audit report is the final deliverable of the audit program that includes the
independent opinion of the auditor and provides recommendations for improving
the control environment. Before the audit report is finalized, a draft is presented
to the management in order to facilitate the discussions regarding internal
controls. The step provides the management with the opportunity to review and
acknowledge the audit findings.
InFission's approach to audit report
At InFission, the CAE is responsible for issuing the final audit report. The CAE
prepares a formal draft, taking into account any revisions resulting from the audit
assessment and discussions with management during the audit. The CAE reviews
all the audit findings including significant deficiencies or weaknesses as well as
the remediation plans that are reported by auditors based on the evaluation of the
overall effectiveness of InFission's control processes. The conclusion in the final audit
report includes all findings with an unacceptable level of risk
Each Audit Director provides assessment reports to the CAE that include internal
audit activity covering the audit director's overall evaluation of the effectiveness of
the organization's control processes based on the aggregation of all audit assessments
with the audit engagement. The assessment reports take into consideration internal
audit engagements, as well as reviews of management's self-assessments. The audit
directors deliver these reports to the CAE on a periodic basis, during the audit cycle
as the findings are shared with the appropriate levels of management. This is done so
that prompt action can be taken to correct or mitigate the consequences of discovered
control discrepancies or weaknesses.
The final audit report is issued after management input is received.
The final audit report is distributed to the audit committee, executive management,
and head of each business unit. This report is primarily for internal management
use. The approval of the CAE is required for release of the report outside of
the organization.
The existence of a significant deficiency or weakness does not necessarily lead to
the judgment that the risk is unacceptable and it must be remediated. The internal
auditor considers the nature and extent of risk exposure, as well as the level of
potential consequences in determining whether the deficiency or weakness of the
control increases the risk which is outside the acceptable threshold.
Search WWH ::
Custom Search